TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_os / 8287cbcf8aef57bab94b81821008c8f7d48a5d34 / . / lib / libmbedtls / mbedtls / library / pkparse.c
blob: 9318462a0aa32a389af3b682c7d93ec8fc0849a9 [file] [log] [blame]
Edison Aic6672fd2018-02-28 15:01:47 +0800[diff] [blame]1// SPDX-License-Identifier: Apache-2.0
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2/*
3 * Public Key layer for parsing key files and structures
4 *
5 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21
22#if !defined(MBEDTLS_CONFIG_FILE)
23#include "mbedtls/config.h"
24#else
25#include MBEDTLS_CONFIG_FILE
26#endif
27
28#if defined(MBEDTLS_PK_PARSE_C)
29
30#include "mbedtls/pk.h"
31#include "mbedtls/asn1.h"
32#include "mbedtls/oid.h"
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]33#include "mbedtls/platform_util.h"
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]34
35#include <string.h>
36
37#if defined(MBEDTLS_RSA_C)
38#include "mbedtls/rsa.h"
39#endif
40#if defined(MBEDTLS_ECP_C)
41#include "mbedtls/ecp.h"
42#endif
43#if defined(MBEDTLS_ECDSA_C)
44#include "mbedtls/ecdsa.h"
45#endif
46#if defined(MBEDTLS_PEM_PARSE_C)
47#include "mbedtls/pem.h"
48#endif
49#if defined(MBEDTLS_PKCS5_C)
50#include "mbedtls/pkcs5.h"
51#endif
52#if defined(MBEDTLS_PKCS12_C)
53#include "mbedtls/pkcs12.h"
54#endif
55
56#if defined(MBEDTLS_PLATFORM_C)
57#include "mbedtls/platform.h"
58#else
59#include <stdlib.h>
60#define mbedtls_calloc calloc
61#define mbedtls_free free
62#endif
63
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]64/* Parameter validation macros based on platform_util.h */
65#define PK_VALIDATE_RET( cond ) \
66 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
67#define PK_VALIDATE( cond ) \
68 MBEDTLS_INTERNAL_VALIDATE( cond )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]69
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]70#if defined(MBEDTLS_FS_IO)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]71/*
72 * Load all data from a file into a given buffer.
73 *
74 * The file is expected to contain either PEM or DER encoded data.
75 * A terminating null byte is always appended. It is included in the announced
76 * length only if the data looks like it is PEM encoded.
77 */
78int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
79{
80 FILE *f;
81 long size;
82
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]83 PK_VALIDATE_RET( path != NULL );
84 PK_VALIDATE_RET( buf != NULL );
85 PK_VALIDATE_RET( n != NULL );
86
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]87 if( ( f = fopen( path, "rb" ) ) == NULL )
88 return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
89
90 fseek( f, 0, SEEK_END );
91 if( ( size = ftell( f ) ) == -1 )
92 {
93 fclose( f );
94 return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
95 }
96 fseek( f, 0, SEEK_SET );
97
98 *n = (size_t) size;
99
100 if( *n + 1 == 0 ||
101 ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
102 {
103 fclose( f );
104 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
105 }
106
107 if( fread( *buf, 1, *n, f ) != *n )
108 {
109 fclose( f );
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]110
111 mbedtls_platform_zeroize( *buf, *n );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]112 mbedtls_free( *buf );
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]113
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]114 return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
115 }
116
117 fclose( f );
118
119 (*buf)[*n] = '\0';
120
121 if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL )
122 ++*n;
123
124 return( 0 );
125}
126
127/*
128 * Load and parse a private key
129 */
130int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
131 const char *path, const char *pwd )
132{
133 int ret;
134 size_t n;
135 unsigned char *buf;
136
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]137 PK_VALIDATE_RET( ctx != NULL );
138 PK_VALIDATE_RET( path != NULL );
139
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]140 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
141 return( ret );
142
143 if( pwd == NULL )
144 ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 );
145 else
146 ret = mbedtls_pk_parse_key( ctx, buf, n,
147 (const unsigned char *) pwd, strlen( pwd ) );
148
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]149 mbedtls_platform_zeroize( buf, n );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]150 mbedtls_free( buf );
151
152 return( ret );
153}
154
155/*
156 * Load and parse a public key
157 */
158int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
159{
160 int ret;
161 size_t n;
162 unsigned char *buf;
163
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]164 PK_VALIDATE_RET( ctx != NULL );
165 PK_VALIDATE_RET( path != NULL );
166
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]167 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
168 return( ret );
169
170 ret = mbedtls_pk_parse_public_key( ctx, buf, n );
171
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]172 mbedtls_platform_zeroize( buf, n );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]173 mbedtls_free( buf );
174
175 return( ret );
176}
177#endif /* MBEDTLS_FS_IO */
178
179#if defined(MBEDTLS_ECP_C)
180/* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf
181 *
182 * ECParameters ::= CHOICE {
183 * namedCurve OBJECT IDENTIFIER
184 * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
185 * -- implicitCurve NULL
186 * }
187 */
188static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
189 mbedtls_asn1_buf *params )
190{
191 int ret;
192
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]193 if ( end - *p < 1 )
194 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
195 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
196
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]197 /* Tag may be either OID or SEQUENCE */
198 params->tag = **p;
199 if( params->tag != MBEDTLS_ASN1_OID
200#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
201 && params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE )
202#endif
203 )
204 {
205 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
206 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
207 }
208
209 if( ( ret = mbedtls_asn1_get_tag( p, end, &params->len, params->tag ) ) != 0 )
210 {
211 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
212 }
213
214 params->p = *p;
215 *p += params->len;
216
217 if( *p != end )
218 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
219 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
220
221 return( 0 );
222}
223
224#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
225/*
226 * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it.
227 * WARNING: the resulting group should only be used with
228 * pk_group_id_from_specified(), since its base point may not be set correctly
229 * if it was encoded compressed.
230 *
231 * SpecifiedECDomain ::= SEQUENCE {
232 * version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...),
233 * fieldID FieldID {{FieldTypes}},
234 * curve Curve,
235 * base ECPoint,
236 * order INTEGER,
237 * cofactor INTEGER OPTIONAL,
238 * hash HashAlgorithm OPTIONAL,
239 * ...
240 * }
241 *
242 * We only support prime-field as field type, and ignore hash and cofactor.
243 */
244static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
245{
246 int ret;
247 unsigned char *p = params->p;
248 const unsigned char * const end = params->p + params->len;
249 const unsigned char *end_field, *end_curve;
250 size_t len;
251 int ver;
252
253 /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */
254 if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 )
255 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
256
257 if( ver < 1 || ver > 3 )
258 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
259
260 /*
261 * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field
262 * fieldType FIELD-ID.&id({IOSet}),
263 * parameters FIELD-ID.&Type({IOSet}{@fieldType})
264 * }
265 */
266 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
267 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
268 return( ret );
269
270 end_field = p + len;
271
272 /*
273 * FIELD-ID ::= TYPE-IDENTIFIER
274 * FieldTypes FIELD-ID ::= {
275 * { Prime-p IDENTIFIED BY prime-field } |
276 * { Characteristic-two IDENTIFIED BY characteristic-two-field }
277 * }
278 * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
279 */
280 if( ( ret = mbedtls_asn1_get_tag( &p, end_field, &len, MBEDTLS_ASN1_OID ) ) != 0 )
281 return( ret );
282
283 if( len != MBEDTLS_OID_SIZE( MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD ) ||
284 memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 )
285 {
286 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
287 }
288
289 p += len;
290
291 /* Prime-p ::= INTEGER -- Field of size p. */
292 if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 )
293 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
294
295 grp->pbits = mbedtls_mpi_bitlen( &grp->P );
296
297 if( p != end_field )
298 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
299 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
300
301 /*
302 * Curve ::= SEQUENCE {
303 * a FieldElement,
304 * b FieldElement,
305 * seed BIT STRING OPTIONAL
306 * -- Shall be present if used in SpecifiedECDomain
307 * -- with version equal to ecdpVer2 or ecdpVer3
308 * }
309 */
310 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
311 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
312 return( ret );
313
314 end_curve = p + len;
315
316 /*
317 * FieldElement ::= OCTET STRING
318 * containing an integer in the case of a prime field
319 */
320 if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
321 ( ret = mbedtls_mpi_read_binary( &grp->A, p, len ) ) != 0 )
322 {
323 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
324 }
325
326 p += len;
327
328 if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
329 ( ret = mbedtls_mpi_read_binary( &grp->B, p, len ) ) != 0 )
330 {
331 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
332 }
333
334 p += len;
335
336 /* Ignore seed BIT STRING OPTIONAL */
337 if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING ) ) == 0 )
338 p += len;
339
340 if( p != end_curve )
341 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
342 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
343
344 /*
345 * ECPoint ::= OCTET STRING
346 */
347 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
348 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
349
350 if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G,
351 ( const unsigned char *) p, len ) ) != 0 )
352 {
353 /*
354 * If we can't read the point because it's compressed, cheat by
355 * reading only the X coordinate and the parity bit of Y.
356 */
357 if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ||
358 ( p[0] != 0x02 && p[0] != 0x03 ) ||
359 len != mbedtls_mpi_size( &grp->P ) + 1 ||
360 mbedtls_mpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 ||
361 mbedtls_mpi_lset( &grp->G.Y, p[0] - 2 ) != 0 ||
362 mbedtls_mpi_lset( &grp->G.Z, 1 ) != 0 )
363 {
364 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
365 }
366 }
367
368 p += len;
369
370 /*
371 * order INTEGER
372 */
373 if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N ) ) != 0 )
374 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
375
376 grp->nbits = mbedtls_mpi_bitlen( &grp->N );
377
378 /*
379 * Allow optional elements by purposefully not enforcing p == end here.
380 */
381
382 return( 0 );
383}
384
385/*
386 * Find the group id associated with an (almost filled) group as generated by
387 * pk_group_from_specified(), or return an error if unknown.
388 */
389static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id )
390{
391 int ret = 0;
392 mbedtls_ecp_group ref;
393 const mbedtls_ecp_group_id *id;
394
395 mbedtls_ecp_group_init( &ref );
396
397 for( id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++ )
398 {
399 /* Load the group associated to that id */
400 mbedtls_ecp_group_free( &ref );
401 MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ref, *id ) );
402
403 /* Compare to the group we were given, starting with easy tests */
404 if( grp->pbits == ref.pbits && grp->nbits == ref.nbits &&
405 mbedtls_mpi_cmp_mpi( &grp->P, &ref.P ) == 0 &&
406 mbedtls_mpi_cmp_mpi( &grp->A, &ref.A ) == 0 &&
407 mbedtls_mpi_cmp_mpi( &grp->B, &ref.B ) == 0 &&
408 mbedtls_mpi_cmp_mpi( &grp->N, &ref.N ) == 0 &&
409 mbedtls_mpi_cmp_mpi( &grp->G.X, &ref.G.X ) == 0 &&
410 mbedtls_mpi_cmp_mpi( &grp->G.Z, &ref.G.Z ) == 0 &&
411 /* For Y we may only know the parity bit, so compare only that */
412 mbedtls_mpi_get_bit( &grp->G.Y, 0 ) == mbedtls_mpi_get_bit( &ref.G.Y, 0 ) )
413 {
414 break;
415 }
416
417 }
418
419cleanup:
420 mbedtls_ecp_group_free( &ref );
421
422 *grp_id = *id;
423
424 if( ret == 0 && *id == MBEDTLS_ECP_DP_NONE )
425 ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
426
427 return( ret );
428}
429
430/*
431 * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID
432 */
433static int pk_group_id_from_specified( const mbedtls_asn1_buf *params,
434 mbedtls_ecp_group_id *grp_id )
435{
436 int ret;
437 mbedtls_ecp_group grp;
438
439 mbedtls_ecp_group_init( &grp );
440
441 if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 )
442 goto cleanup;
443
444 ret = pk_group_id_from_group( &grp, grp_id );
445
446cleanup:
447 mbedtls_ecp_group_free( &grp );
448
449 return( ret );
450}
451#endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
452
453/*
454 * Use EC parameters to initialise an EC group
455 *
456 * ECParameters ::= CHOICE {
457 * namedCurve OBJECT IDENTIFIER
458 * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
459 * -- implicitCurve NULL
460 */
461static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
462{
463 int ret;
464 mbedtls_ecp_group_id grp_id;
465
466 if( params->tag == MBEDTLS_ASN1_OID )
467 {
468 if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 )
469 return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE );
470 }
471 else
472 {
473#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
474 if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 )
475 return( ret );
476#else
477 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
478#endif
479 }
480
481 /*
482 * grp may already be initilialized; if so, make sure IDs match
483 */
484 if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id )
485 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
486
487 if( ( ret = mbedtls_ecp_group_load( grp, grp_id ) ) != 0 )
488 return( ret );
489
490 return( 0 );
491}
492
493/*
494 * EC public key is an EC point
495 *
496 * The caller is responsible for clearing the structure upon failure if
497 * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE
498 * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state.
499 */
500static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
501 mbedtls_ecp_keypair *key )
502{
503 int ret;
504
505 if( ( ret = mbedtls_ecp_point_read_binary( &key->grp, &key->Q,
506 (const unsigned char *) *p, end - *p ) ) == 0 )
507 {
508 ret = mbedtls_ecp_check_pubkey( &key->grp, &key->Q );
509 }
510
511 /*
512 * We know mbedtls_ecp_point_read_binary consumed all bytes or failed
513 */
514 *p = (unsigned char *) end;
515
516 return( ret );
517}
518#endif /* MBEDTLS_ECP_C */
519
520#if defined(MBEDTLS_RSA_C)
521/*
522 * RSAPublicKey ::= SEQUENCE {
523 * modulus INTEGER, -- n
524 * publicExponent INTEGER -- e
525 * }
526 */
527static int pk_get_rsapubkey( unsigned char **p,
528 const unsigned char *end,
529 mbedtls_rsa_context *rsa )
530{
531 int ret;
532 size_t len;
533
534 if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
535 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
536 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
537
538 if( *p + len != end )
539 return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
540 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
541
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]542 /* Import N */
543 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]544 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
545
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]546 if( ( ret = mbedtls_rsa_import_raw( rsa, *p, len, NULL, 0, NULL, 0,
547 NULL, 0, NULL, 0 ) ) != 0 )
548 return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
549
550 *p += len;
551
552 /* Import E */
553 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
554 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
555
556 if( ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
557 NULL, 0, *p, len ) ) != 0 )
558 return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
559
560 *p += len;
561
562 if( mbedtls_rsa_complete( rsa ) != 0 ||
563 mbedtls_rsa_check_pubkey( rsa ) != 0 )
564 {
565 return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
566 }
567
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]568 if( *p != end )
569 return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
570 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
571
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]572 return( 0 );
573}
574#endif /* MBEDTLS_RSA_C */
575
576/* Get a PK algorithm identifier
577 *
578 * AlgorithmIdentifier ::= SEQUENCE {
579 * algorithm OBJECT IDENTIFIER,
580 * parameters ANY DEFINED BY algorithm OPTIONAL }
581 */
582static int pk_get_pk_alg( unsigned char **p,
583 const unsigned char *end,
584 mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params )
585{
586 int ret;
587 mbedtls_asn1_buf alg_oid;
588
589 memset( params, 0, sizeof(mbedtls_asn1_buf) );
590
591 if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
592 return( MBEDTLS_ERR_PK_INVALID_ALG + ret );
593
594 if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 )
595 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
596
597 /*
598 * No parameters with RSA (only for EC)
599 */
600 if( *pk_alg == MBEDTLS_PK_RSA &&
601 ( ( params->tag != MBEDTLS_ASN1_NULL && params->tag != 0 ) ||
602 params->len != 0 ) )
603 {
604 return( MBEDTLS_ERR_PK_INVALID_ALG );
605 }
606
607 return( 0 );
608}
609
610/*
611 * SubjectPublicKeyInfo ::= SEQUENCE {
612 * algorithm AlgorithmIdentifier,
613 * subjectPublicKey BIT STRING }
614 */
615int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
616 mbedtls_pk_context *pk )
617{
618 int ret;
619 size_t len;
620 mbedtls_asn1_buf alg_params;
621 mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
622 const mbedtls_pk_info_t *pk_info;
623
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]624 PK_VALIDATE_RET( p != NULL );
625 PK_VALIDATE_RET( *p != NULL );
626 PK_VALIDATE_RET( end != NULL );
627 PK_VALIDATE_RET( pk != NULL );
628
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]629 if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
630 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
631 {
632 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
633 }
634
635 end = *p + len;
636
637 if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
638 return( ret );
639
640 if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
641 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
642
643 if( *p + len != end )
644 return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
645 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
646
647 if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
648 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
649
650 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
651 return( ret );
652
653#if defined(MBEDTLS_RSA_C)
654 if( pk_alg == MBEDTLS_PK_RSA )
655 {
656 ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) );
657 } else
658#endif /* MBEDTLS_RSA_C */
659#if defined(MBEDTLS_ECP_C)
660 if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY )
661 {
662 ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp );
663 if( ret == 0 )
664 ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) );
665 } else
666#endif /* MBEDTLS_ECP_C */
667 ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
668
669 if( ret == 0 && *p != end )
670 ret = MBEDTLS_ERR_PK_INVALID_PUBKEY
671 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
672
673 if( ret != 0 )
674 mbedtls_pk_free( pk );
675
676 return( ret );
677}
678
679#if defined(MBEDTLS_RSA_C)
680/*
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]681 * Wrapper around mbedtls_asn1_get_mpi() that rejects zero.
682 *
683 * The value zero is:
684 * - never a valid value for an RSA parameter
685 * - interpreted as "omitted, please reconstruct" by mbedtls_rsa_complete().
686 *
687 * Since values can't be omitted in PKCS#1, passing a zero value to
688 * rsa_complete() would be incorrect, so reject zero values early.
689 */
690static int asn1_get_nonzero_mpi( unsigned char **p,
691 const unsigned char *end,
692 mbedtls_mpi *X )
693{
694 int ret;
695
696 ret = mbedtls_asn1_get_mpi( p, end, X );
697 if( ret != 0 )
698 return( ret );
699
700 if( mbedtls_mpi_cmp_int( X, 0 ) == 0 )
701 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
702
703 return( 0 );
704}
705
706/*
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]707 * Parse a PKCS#1 encoded private RSA key
708 */
709static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
710 const unsigned char *key,
711 size_t keylen )
712{
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]713 int ret, version;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]714 size_t len;
715 unsigned char *p, *end;
716
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]717 mbedtls_mpi T;
718 mbedtls_mpi_init( &T );
719
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]720 p = (unsigned char *) key;
721 end = p + keylen;
722
723 /*
724 * This function parses the RSAPrivateKey (PKCS#1)
725 *
726 * RSAPrivateKey ::= SEQUENCE {
727 * version Version,
728 * modulus INTEGER, -- n
729 * publicExponent INTEGER, -- e
730 * privateExponent INTEGER, -- d
731 * prime1 INTEGER, -- p
732 * prime2 INTEGER, -- q
733 * exponent1 INTEGER, -- d mod (p-1)
734 * exponent2 INTEGER, -- d mod (q-1)
735 * coefficient INTEGER, -- (inverse of q) mod p
736 * otherPrimeInfos OtherPrimeInfos OPTIONAL
737 * }
738 */
739 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
740 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
741 {
742 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
743 }
744
745 end = p + len;
746
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]747 if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]748 {
749 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
750 }
751
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]752 if( version != 0 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]753 {
754 return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
755 }
756
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]757 /* Import N */
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]758 if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
759 ( ret = mbedtls_rsa_import( rsa, &T, NULL, NULL,
760 NULL, NULL ) ) != 0 )
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]761 goto cleanup;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]762
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]763 /* Import E */
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]764 if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
765 ( ret = mbedtls_rsa_import( rsa, NULL, NULL, NULL,
766 NULL, &T ) ) != 0 )
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]767 goto cleanup;
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]768
769 /* Import D */
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]770 if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
771 ( ret = mbedtls_rsa_import( rsa, NULL, NULL, NULL,
772 &T, NULL ) ) != 0 )
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]773 goto cleanup;
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]774
775 /* Import P */
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]776 if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
777 ( ret = mbedtls_rsa_import( rsa, NULL, &T, NULL,
778 NULL, NULL ) ) != 0 )
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]779 goto cleanup;
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]780
781 /* Import Q */
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]782 if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
783 ( ret = mbedtls_rsa_import( rsa, NULL, NULL, &T,
784 NULL, NULL ) ) != 0 )
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]785 goto cleanup;
786
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]787#if !defined(MBEDTLS_RSA_NO_CRT) && !defined(MBEDTLS_RSA_ALT)
788 /*
789 * The RSA CRT parameters DP, DQ and QP are nominally redundant, in
790 * that they can be easily recomputed from D, P and Q. However by
791 * parsing them from the PKCS1 structure it is possible to avoid
792 * recalculating them which both reduces the overhead of loading
793 * RSA private keys into memory and also avoids side channels which
794 * can arise when computing those values, since all of D, P, and Q
795 * are secret. See https://eprint.iacr.org/2020/055 for a
796 * description of one such attack.
797 */
798
799 /* Import DP */
800 if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
801 ( ret = mbedtls_mpi_copy( &rsa->DP, &T ) ) != 0 )
802 goto cleanup;
803
804 /* Import DQ */
805 if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
806 ( ret = mbedtls_mpi_copy( &rsa->DQ, &T ) ) != 0 )
807 goto cleanup;
808
809 /* Import QP */
810 if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
811 ( ret = mbedtls_mpi_copy( &rsa->QP, &T ) ) != 0 )
812 goto cleanup;
813
814#else
815 /* Verify existance of the CRT params */
816 if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
817 ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
818 ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 )
819 goto cleanup;
820#endif
821
822 /* rsa_complete() doesn't complete anything with the default
823 * implementation but is still called:
824 * - for the benefit of alternative implementation that may want to
825 * pre-compute stuff beyond what's provided (eg Montgomery factors)
826 * - as is also sanity-checks the key
827 *
828 * Furthermore, we also check the public part for consistency with
829 * mbedtls_pk_parse_pubkey(), as it includes size minima for example.
830 */
831 if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 ||
832 ( ret = mbedtls_rsa_check_pubkey( rsa ) ) != 0 )
833 {
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]834 goto cleanup;
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]835 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]836
837 if( p != end )
838 {
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]839 ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
840 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]841 }
842
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]843cleanup:
844
845 mbedtls_mpi_free( &T );
846
847 if( ret != 0 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]848 {
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]849 /* Wrap error code if it's coming from a lower level */
850 if( ( ret & 0xff80 ) == 0 )
851 ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret;
852 else
853 ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
854
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]855 mbedtls_rsa_free( rsa );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]856 }
857
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]858 return( ret );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]859}
860#endif /* MBEDTLS_RSA_C */
861
862#if defined(MBEDTLS_ECP_C)
863/*
864 * Parse a SEC1 encoded private EC key
865 */
866static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
867 const unsigned char *key,
868 size_t keylen )
869{
870 int ret;
871 int version, pubkey_done;
872 size_t len;
873 mbedtls_asn1_buf params;
874 unsigned char *p = (unsigned char *) key;
875 unsigned char *end = p + keylen;
876 unsigned char *end2;
877
878 /*
879 * RFC 5915, or SEC1 Appendix C.4
880 *
881 * ECPrivateKey ::= SEQUENCE {
882 * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
883 * privateKey OCTET STRING,
884 * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
885 * publicKey [1] BIT STRING OPTIONAL
886 * }
887 */
888 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
889 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
890 {
891 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
892 }
893
894 end = p + len;
895
896 if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
897 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
898
899 if( version != 1 )
900 return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
901
902 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
903 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
904
905 if( ( ret = mbedtls_mpi_read_binary( &eck->d, p, len ) ) != 0 )
906 {
907 mbedtls_ecp_keypair_free( eck );
908 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
909 }
910
911 p += len;
912
913 pubkey_done = 0;
914 if( p != end )
915 {
916 /*
917 * Is 'parameters' present?
918 */
919 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
920 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
921 {
922 if( ( ret = pk_get_ecparams( &p, p + len, &params) ) != 0 ||
923 ( ret = pk_use_ecparams( &params, &eck->grp ) ) != 0 )
924 {
925 mbedtls_ecp_keypair_free( eck );
926 return( ret );
927 }
928 }
929 else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
930 {
931 mbedtls_ecp_keypair_free( eck );
932 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
933 }
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]934 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]935
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]936 if( p != end )
937 {
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]938 /*
939 * Is 'publickey' present? If not, or if we can't read it (eg because it
940 * is compressed), create it from the private key.
941 */
942 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
943 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
944 {
945 end2 = p + len;
946
947 if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
948 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
949
950 if( p + len != end2 )
951 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
952 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
953
954 if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
955 pubkey_done = 1;
956 else
957 {
958 /*
959 * The only acceptable failure mode of pk_get_ecpubkey() above
960 * is if the point format is not recognized.
961 */
962 if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE )
963 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
964 }
965 }
966 else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
967 {
968 mbedtls_ecp_keypair_free( eck );
969 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
970 }
971 }
972
973 if( ! pubkey_done &&
974 ( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
975 NULL, NULL ) ) != 0 )
976 {
977 mbedtls_ecp_keypair_free( eck );
978 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
979 }
980
981 if( ( ret = mbedtls_ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 )
982 {
983 mbedtls_ecp_keypair_free( eck );
984 return( ret );
985 }
986
987 return( 0 );
988}
989#endif /* MBEDTLS_ECP_C */
990
991/*
992 * Parse an unencrypted PKCS#8 encoded private key
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]993 *
994 * Notes:
995 *
996 * - This function does not own the key buffer. It is the
997 * responsibility of the caller to take care of zeroizing
998 * and freeing it after use.
999 *
1000 * - The function is responsible for freeing the provided
1001 * PK context on failure.
1002 *
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1003 */
1004static int pk_parse_key_pkcs8_unencrypted_der(
1005 mbedtls_pk_context *pk,
1006 const unsigned char* key,
1007 size_t keylen )
1008{
1009 int ret, version;
1010 size_t len;
1011 mbedtls_asn1_buf params;
1012 unsigned char *p = (unsigned char *) key;
1013 unsigned char *end = p + keylen;
1014 mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
1015 const mbedtls_pk_info_t *pk_info;
1016
1017 /*
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1018 * This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1019 *
1020 * PrivateKeyInfo ::= SEQUENCE {
1021 * version Version,
1022 * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
1023 * privateKey PrivateKey,
1024 * attributes [0] IMPLICIT Attributes OPTIONAL }
1025 *
1026 * Version ::= INTEGER
1027 * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
1028 * PrivateKey ::= OCTET STRING
1029 *
1030 * The PrivateKey OCTET STRING is a SEC1 ECPrivateKey
1031 */
1032
1033 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
1034 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
1035 {
1036 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
1037 }
1038
1039 end = p + len;
1040
1041 if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
1042 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
1043
1044 if( version != 0 )
1045 return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret );
1046
1047 if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, &params ) ) != 0 )
1048 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
1049
1050 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
1051 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
1052
1053 if( len < 1 )
1054 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
1055 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
1056
1057 if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
1058 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
1059
1060 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
1061 return( ret );
1062
1063#if defined(MBEDTLS_RSA_C)
1064 if( pk_alg == MBEDTLS_PK_RSA )
1065 {
1066 if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 )
1067 {
1068 mbedtls_pk_free( pk );
1069 return( ret );
1070 }
1071 } else
1072#endif /* MBEDTLS_RSA_C */
1073#if defined(MBEDTLS_ECP_C)
1074 if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH )
1075 {
1076 if( ( ret = pk_use_ecparams( &params, &mbedtls_pk_ec( *pk )->grp ) ) != 0 ||
1077 ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len ) ) != 0 )
1078 {
1079 mbedtls_pk_free( pk );
1080 return( ret );
1081 }
1082 } else
1083#endif /* MBEDTLS_ECP_C */
1084 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
1085
1086 return( 0 );
1087}
1088
1089/*
1090 * Parse an encrypted PKCS#8 encoded private key
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1091 *
1092 * To save space, the decryption happens in-place on the given key buffer.
1093 * Also, while this function may modify the keybuffer, it doesn't own it,
1094 * and instead it is the responsibility of the caller to zeroize and properly
1095 * free it after use.
1096 *
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1097 */
1098#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
1099static int pk_parse_key_pkcs8_encrypted_der(
1100 mbedtls_pk_context *pk,
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1101 unsigned char *key, size_t keylen,
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1102 const unsigned char *pwd, size_t pwdlen )
1103{
1104 int ret, decrypted = 0;
1105 size_t len;
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1106 unsigned char *buf;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1107 unsigned char *p, *end;
1108 mbedtls_asn1_buf pbe_alg_oid, pbe_params;
1109#if defined(MBEDTLS_PKCS12_C)
1110 mbedtls_cipher_type_t cipher_alg;
1111 mbedtls_md_type_t md_alg;
1112#endif
1113
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1114 p = key;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1115 end = p + keylen;
1116
1117 if( pwdlen == 0 )
1118 return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
1119
1120 /*
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1121 * This function parses the EncryptedPrivateKeyInfo object (PKCS#8)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1122 *
1123 * EncryptedPrivateKeyInfo ::= SEQUENCE {
1124 * encryptionAlgorithm EncryptionAlgorithmIdentifier,
1125 * encryptedData EncryptedData
1126 * }
1127 *
1128 * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
1129 *
1130 * EncryptedData ::= OCTET STRING
1131 *
1132 * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1133 *
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1134 */
1135 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
1136 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
1137 {
1138 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
1139 }
1140
1141 end = p + len;
1142
1143 if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
1144 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
1145
1146 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
1147 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
1148
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1149 buf = p;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1150
1151 /*
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1152 * Decrypt EncryptedData with appropriate PBE
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1153 */
1154#if defined(MBEDTLS_PKCS12_C)
1155 if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
1156 {
1157 if( ( ret = mbedtls_pkcs12_pbe( &pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
1158 cipher_alg, md_alg,
1159 pwd, pwdlen, p, len, buf ) ) != 0 )
1160 {
1161 if( ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH )
1162 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
1163
1164 return( ret );
1165 }
1166
1167 decrypted = 1;
1168 }
1169 else if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) == 0 )
1170 {
1171 if( ( ret = mbedtls_pkcs12_pbe_sha1_rc4_128( &pbe_params,
1172 MBEDTLS_PKCS12_PBE_DECRYPT,
1173 pwd, pwdlen,
1174 p, len, buf ) ) != 0 )
1175 {
1176 return( ret );
1177 }
1178
1179 // Best guess for password mismatch when using RC4. If first tag is
1180 // not MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE
1181 //
1182 if( *buf != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
1183 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
1184
1185 decrypted = 1;
1186 }
1187 else
1188#endif /* MBEDTLS_PKCS12_C */
1189#if defined(MBEDTLS_PKCS5_C)
1190 if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid ) == 0 )
1191 {
1192 if( ( ret = mbedtls_pkcs5_pbes2( &pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen,
1193 p, len, buf ) ) != 0 )
1194 {
1195 if( ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH )
1196 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
1197
1198 return( ret );
1199 }
1200
1201 decrypted = 1;
1202 }
1203 else
1204#endif /* MBEDTLS_PKCS5_C */
1205 {
1206 ((void) pwd);
1207 }
1208
1209 if( decrypted == 0 )
1210 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
1211
1212 return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
1213}
1214#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
1215
1216/*
1217 * Parse a private key
1218 */
1219int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
1220 const unsigned char *key, size_t keylen,
1221 const unsigned char *pwd, size_t pwdlen )
1222{
1223 int ret;
1224 const mbedtls_pk_info_t *pk_info;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1225#if defined(MBEDTLS_PEM_PARSE_C)
1226 size_t len;
1227 mbedtls_pem_context pem;
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1228#endif
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1229
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1230 PK_VALIDATE_RET( pk != NULL );
1231 if( keylen == 0 )
1232 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
1233 PK_VALIDATE_RET( key != NULL );
1234
1235#if defined(MBEDTLS_PEM_PARSE_C)
1236 mbedtls_pem_init( &pem );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1237
1238#if defined(MBEDTLS_RSA_C)
1239 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1240 if( key[keylen - 1] != '\0' )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1241 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1242 else
1243 ret = mbedtls_pem_read_buffer( &pem,
1244 "-----BEGIN RSA PRIVATE KEY-----",
1245 "-----END RSA PRIVATE KEY-----",
1246 key, pwd, pwdlen, &len );
1247
1248 if( ret == 0 )
1249 {
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1250 pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
1251 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1252 ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
1253 pem.buf, pem.buflen ) ) != 0 )
1254 {
1255 mbedtls_pk_free( pk );
1256 }
1257
1258 mbedtls_pem_free( &pem );
1259 return( ret );
1260 }
1261 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
1262 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
1263 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
1264 return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
1265 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1266 return( ret );
1267#endif /* MBEDTLS_RSA_C */
1268
1269#if defined(MBEDTLS_ECP_C)
1270 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1271 if( key[keylen - 1] != '\0' )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1272 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1273 else
1274 ret = mbedtls_pem_read_buffer( &pem,
1275 "-----BEGIN EC PRIVATE KEY-----",
1276 "-----END EC PRIVATE KEY-----",
1277 key, pwd, pwdlen, &len );
1278 if( ret == 0 )
1279 {
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1280 pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1281
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1282 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1283 ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
1284 pem.buf, pem.buflen ) ) != 0 )
1285 {
1286 mbedtls_pk_free( pk );
1287 }
1288
1289 mbedtls_pem_free( &pem );
1290 return( ret );
1291 }
1292 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
1293 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
1294 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
1295 return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
1296 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1297 return( ret );
1298#endif /* MBEDTLS_ECP_C */
1299
1300 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1301 if( key[keylen - 1] != '\0' )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1302 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1303 else
1304 ret = mbedtls_pem_read_buffer( &pem,
1305 "-----BEGIN PRIVATE KEY-----",
1306 "-----END PRIVATE KEY-----",
1307 key, NULL, 0, &len );
1308 if( ret == 0 )
1309 {
1310 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
1311 pem.buf, pem.buflen ) ) != 0 )
1312 {
1313 mbedtls_pk_free( pk );
1314 }
1315
1316 mbedtls_pem_free( &pem );
1317 return( ret );
1318 }
1319 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1320 return( ret );
1321
1322#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
1323 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1324 if( key[keylen - 1] != '\0' )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1325 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1326 else
1327 ret = mbedtls_pem_read_buffer( &pem,
1328 "-----BEGIN ENCRYPTED PRIVATE KEY-----",
1329 "-----END ENCRYPTED PRIVATE KEY-----",
1330 key, NULL, 0, &len );
1331 if( ret == 0 )
1332 {
1333 if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
1334 pem.buf, pem.buflen,
1335 pwd, pwdlen ) ) != 0 )
1336 {
1337 mbedtls_pk_free( pk );
1338 }
1339
1340 mbedtls_pem_free( &pem );
1341 return( ret );
1342 }
1343 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1344 return( ret );
1345#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
1346#else
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1347 ((void) pwd);
1348 ((void) pwdlen);
1349#endif /* MBEDTLS_PEM_PARSE_C */
1350
1351 /*
1352 * At this point we only know it's not a PEM formatted key. Could be any
1353 * of the known DER encoded private key formats
1354 *
1355 * We try the different DER format parsers to see if one passes without
1356 * error
1357 */
1358#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1359 {
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1360 unsigned char *key_copy;
1361
1362 if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )
1363 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
1364
1365 memcpy( key_copy, key, keylen );
1366
1367 ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,
1368 pwd, pwdlen );
1369
1370 mbedtls_platform_zeroize( key_copy, keylen );
1371 mbedtls_free( key_copy );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1372 }
1373
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1374 if( ret == 0 )
1375 return( 0 );
1376
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1377 mbedtls_pk_free( pk );
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1378 mbedtls_pk_init( pk );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1379
1380 if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH )
1381 {
1382 return( ret );
1383 }
1384#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
1385
1386 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )
1387 return( 0 );
1388
1389 mbedtls_pk_free( pk );
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1390 mbedtls_pk_init( pk );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1391
1392#if defined(MBEDTLS_RSA_C)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1393
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1394 pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
1395 if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
1396 pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) == 0 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1397 {
1398 return( 0 );
1399 }
1400
1401 mbedtls_pk_free( pk );
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1402 mbedtls_pk_init( pk );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1403#endif /* MBEDTLS_RSA_C */
1404
1405#if defined(MBEDTLS_ECP_C)
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1406 pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
1407 if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
1408 pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
1409 key, keylen ) == 0 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1410 {
1411 return( 0 );
1412 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1413 mbedtls_pk_free( pk );
1414#endif /* MBEDTLS_ECP_C */
1415
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1416 /* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_C isn't,
1417 * it is ok to leave the PK context initialized but not
1418 * freed: It is the caller's responsibility to call pk_init()
1419 * before calling this function, and to call pk_free()
1420 * when it fails. If MBEDTLS_ECP_C is defined but MBEDTLS_RSA_C
1421 * isn't, this leads to mbedtls_pk_free() being called
1422 * twice, once here and once by the caller, but this is
1423 * also ok and in line with the mbedtls_pk_free() calls
1424 * on failed PEM parsing attempts. */
1425
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1426 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
1427}
1428
1429/*
1430 * Parse a public key
1431 */
1432int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
1433 const unsigned char *key, size_t keylen )
1434{
1435 int ret;
1436 unsigned char *p;
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1437#if defined(MBEDTLS_RSA_C)
1438 const mbedtls_pk_info_t *pk_info;
1439#endif
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1440#if defined(MBEDTLS_PEM_PARSE_C)
1441 size_t len;
1442 mbedtls_pem_context pem;
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1443#endif
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1444
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1445 PK_VALIDATE_RET( ctx != NULL );
1446 if( keylen == 0 )
1447 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
1448 PK_VALIDATE_RET( key != NULL || keylen == 0 );
1449
1450#if defined(MBEDTLS_PEM_PARSE_C)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1451 mbedtls_pem_init( &pem );
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1452#if defined(MBEDTLS_RSA_C)
1453 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
1454 if( key[keylen - 1] != '\0' )
1455 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1456 else
1457 ret = mbedtls_pem_read_buffer( &pem,
1458 "-----BEGIN RSA PUBLIC KEY-----",
1459 "-----END RSA PUBLIC KEY-----",
1460 key, NULL, 0, &len );
1461
1462 if( ret == 0 )
1463 {
1464 p = pem.buf;
1465 if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
1466 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
1467
1468 if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
1469 return( ret );
1470
1471 if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen, mbedtls_pk_rsa( *ctx ) ) ) != 0 )
1472 mbedtls_pk_free( ctx );
1473
1474 mbedtls_pem_free( &pem );
1475 return( ret );
1476 }
1477 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1478 {
1479 mbedtls_pem_free( &pem );
1480 return( ret );
1481 }
1482#endif /* MBEDTLS_RSA_C */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1483
1484 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1485 if( key[keylen - 1] != '\0' )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1486 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1487 else
1488 ret = mbedtls_pem_read_buffer( &pem,
1489 "-----BEGIN PUBLIC KEY-----",
1490 "-----END PUBLIC KEY-----",
1491 key, NULL, 0, &len );
1492
1493 if( ret == 0 )
1494 {
1495 /*
1496 * Was PEM encoded
1497 */
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1498 p = pem.buf;
1499
1500 ret = mbedtls_pk_parse_subpubkey( &p, p + pem.buflen, ctx );
1501 mbedtls_pem_free( &pem );
1502 return( ret );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1503 }
1504 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1505 {
1506 mbedtls_pem_free( &pem );
1507 return( ret );
1508 }
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1509 mbedtls_pem_free( &pem );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1510#endif /* MBEDTLS_PEM_PARSE_C */
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1511
1512#if defined(MBEDTLS_RSA_C)
1513 if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
1514 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
1515
1516 if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
1517 return( ret );
1518
1519 p = (unsigned char *)key;
1520 ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) );
1521 if( ret == 0 )
1522 {
1523 return( ret );
1524 }
1525 mbedtls_pk_free( ctx );
1526 if( ret != ( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
1527 {
1528 return( ret );
1529 }
1530#endif /* MBEDTLS_RSA_C */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1531 p = (unsigned char *) key;
1532
1533 ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx );
1534
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1535 return( ret );
1536}
1537
1538#endif /* MBEDTLS_PK_PARSE_C */