Add EC support to x509write_key
diff --git a/library/x509write.c b/library/x509write.c
index 937b899..d55e241 100644
--- a/library/x509write.c
+++ b/library/x509write.c
@@ -542,26 +542,86 @@
return( len );
}
-int x509write_key_der( rsa_context *rsa, unsigned char *buf, size_t size )
+int x509write_key_der( pk_context *key, unsigned char *buf, size_t size )
{
int ret;
- unsigned char *c;
+ unsigned char *c = buf + size;
size_t len = 0;
- c = buf + size;
+#if defined(POLARSSL_RSA_C)
+ if( pk_get_type( key ) == POLARSSL_PK_RSA )
+ {
+ rsa_context *rsa = pk_rsa( *key );
- ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->QP ) );
- ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->DQ ) );
- ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->DP ) );
- ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->Q ) );
- ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->P ) );
- ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->D ) );
- ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->E ) );
- ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->N ) );
- ASN1_CHK_ADD( len, asn1_write_int( &c, buf, 0 ) );
+ ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->QP ) );
+ ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->DQ ) );
+ ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->DP ) );
+ ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->Q ) );
+ ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->P ) );
+ ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->D ) );
+ ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->E ) );
+ ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->N ) );
+ ASN1_CHK_ADD( len, asn1_write_int( &c, buf, 0 ) );
- ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
- ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+ ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+ }
+ else
+#endif
+#if defined(POLARSSL_ECP_C)
+ if( pk_get_type( key ) == POLARSSL_PK_ECKEY )
+ {
+ ecp_keypair *ec = pk_ec( *key );
+ size_t pub_len = 0, par_len = 0;
+
+ /*
+ * RFC 5915, or SEC1 Appendix C.4
+ *
+ * ECPrivateKey ::= SEQUENCE {
+ * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+ * privateKey OCTET STRING,
+ * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
+ * publicKey [1] BIT STRING OPTIONAL
+ * }
+ */
+
+ /* publicKey */
+ ASN1_CHK_ADD( pub_len, x509_write_ec_pubkey( &c, buf, ec ) );
+
+ if( c - buf < 1 )
+ return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+ *--c = 0;
+ pub_len += 1;
+
+ ASN1_CHK_ADD( pub_len, asn1_write_len( &c, buf, pub_len ) );
+ ASN1_CHK_ADD( pub_len, asn1_write_tag( &c, buf, ASN1_BIT_STRING ) );
+
+ ASN1_CHK_ADD( pub_len, asn1_write_len( &c, buf, pub_len ) );
+ ASN1_CHK_ADD( pub_len, asn1_write_tag( &c, buf,
+ ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) );
+ len += pub_len;
+
+ /* parameters */
+ ASN1_CHK_ADD( par_len, x509_write_ec_param( &c, buf, ec ) );
+
+ ASN1_CHK_ADD( par_len, asn1_write_len( &c, buf, par_len ) );
+ ASN1_CHK_ADD( par_len, asn1_write_tag( &c, buf,
+ ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) );
+ len += par_len;
+
+ /* privateKey: write as MPI then fix tag */
+ ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &ec->d ) );
+ *c = ASN1_OCTET_STRING;
+
+ /* version */
+ ASN1_CHK_ADD( len, asn1_write_int( &c, buf, 1 ) );
+
+ ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
+ ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+ }
+ else
+#endif
+ return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
return( len );
}
@@ -957,8 +1017,10 @@
#define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----\n"
#define PEM_END_PUBLIC_KEY "-----END PUBLIC KEY-----\n"
-#define PEM_BEGIN_PRIVATE_KEY "-----BEGIN RSA PRIVATE KEY-----\n"
-#define PEM_END_PRIVATE_KEY "-----END RSA PRIVATE KEY-----\n"
+#define PEM_BEGIN_PRIVATE_KEY_RSA "-----BEGIN RSA PRIVATE KEY-----\n"
+#define PEM_END_PRIVATE_KEY_RSA "-----END RSA PRIVATE KEY-----\n"
+#define PEM_BEGIN_PRIVATE_KEY_EC "-----BEGIN EC PRIVATE KEY-----\n"
+#define PEM_END_PRIVATE_KEY_EC "-----END EC PRIVATE KEY-----\n"
#if defined(POLARSSL_BASE64_C)
static int x509write_pemify( const char *begin_str, const char *end_str,
@@ -1042,18 +1104,37 @@
return( 0 );
}
-int x509write_key_pem( rsa_context *rsa, unsigned char *buf, size_t size )
+int x509write_key_pem( pk_context *key, unsigned char *buf, size_t size )
{
int ret;
unsigned char output_buf[4096];
+ char *begin, *end;
- if( ( ret = x509write_key_der( rsa, output_buf,
+ if( ( ret = x509write_key_der( key, output_buf,
sizeof(output_buf) ) ) < 0 )
{
return( ret );
}
- if( ( ret = x509write_pemify( PEM_BEGIN_PRIVATE_KEY, PEM_END_PRIVATE_KEY,
+#if defined(POLARSSL_RSA_C)
+ if( pk_get_type( key ) == POLARSSL_PK_RSA )
+ {
+ begin = PEM_BEGIN_PRIVATE_KEY_RSA;
+ end = PEM_END_PRIVATE_KEY_RSA;
+ }
+ else
+#endif
+#if defined(POLARSSL_ECP_C)
+ if( pk_get_type( key ) == POLARSSL_PK_ECKEY )
+ {
+ begin = PEM_BEGIN_PRIVATE_KEY_EC;
+ end = PEM_END_PRIVATE_KEY_EC;
+ }
+ else
+#endif
+ return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
+
+ if( ( ret = x509write_pemify( begin, end,
output_buf + sizeof(output_buf) - ret,
ret, buf, size ) ) != 0 )
{