TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 1f30fa162bb5e7577621cd5fd0b478072c6272b0 / . / library / pkparse.c
blob: acca2af83b0ce21404e8a9f8e4468df48cb5092d [file] [log] [blame]
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1/*
2 * Public Key layer for parsing key files and structures
3 *
Manuel Pégourié-Gonnarda658a402015-01-23 09:45:19 +0000[diff] [blame]4 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]5 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +0000[diff] [blame]6 * This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]7 *
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]23#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]24#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]25#else
26#include POLARSSL_CONFIG_FILE
27#endif
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]28
Paul Bakker4606c732013-09-15 17:04:23 +0200[diff] [blame]29#if defined(POLARSSL_PK_PARSE_C)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]30
31#include "polarssl/pk.h"
32#include "polarssl/asn1.h"
33#include "polarssl/oid.h"
34
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]35#include <string.h>
36
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]37#if defined(POLARSSL_RSA_C)
38#include "polarssl/rsa.h"
39#endif
40#if defined(POLARSSL_ECP_C)
41#include "polarssl/ecp.h"
42#endif
43#if defined(POLARSSL_ECDSA_C)
44#include "polarssl/ecdsa.h"
45#endif
Paul Bakkercff68422013-09-15 20:43:33 +0200[diff] [blame]46#if defined(POLARSSL_PEM_PARSE_C)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]47#include "polarssl/pem.h"
48#endif
49#if defined(POLARSSL_PKCS5_C)
50#include "polarssl/pkcs5.h"
51#endif
52#if defined(POLARSSL_PKCS12_C)
53#include "polarssl/pkcs12.h"
54#endif
55
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]56#if defined(POLARSSL_PLATFORM_C)
57#include "polarssl/platform.h"
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]58#else
59#include <stdlib.h>
60#define polarssl_malloc malloc
61#define polarssl_free free
62#endif
63
Manuel Pégourié-Gonnard66e20c62014-06-24 17:47:40 +0200[diff] [blame]64#if defined(POLARSSL_FS_IO)
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]65/* Implementation that should never be optimized out by the compiler */
66static void polarssl_zeroize( void *v, size_t n ) {
67 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
68}
69
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]70/*
71 * Load all data from a file into a given buffer.
72 */
Manuel Pégourié-Gonnard9439f932014-11-21 09:49:43 +0100[diff] [blame]73int pk_load_file( const char *path, unsigned char **buf, size_t *n )
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]74{
75 FILE *f;
76 long size;
77
78 if( ( f = fopen( path, "rb" ) ) == NULL )
79 return( POLARSSL_ERR_PK_FILE_IO_ERROR );
80
81 fseek( f, 0, SEEK_END );
82 if( ( size = ftell( f ) ) == -1 )
83 {
84 fclose( f );
85 return( POLARSSL_ERR_PK_FILE_IO_ERROR );
86 }
87 fseek( f, 0, SEEK_SET );
88
89 *n = (size_t) size;
90
91 if( *n + 1 == 0 ||
Mansour Moufidc531b4a2015-02-15 17:35:38 -0500[diff] [blame]92 ( *buf = polarssl_malloc( *n + 1 ) ) == NULL )
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]93 {
94 fclose( f );
95 return( POLARSSL_ERR_PK_MALLOC_FAILED );
96 }
97
98 if( fread( *buf, 1, *n, f ) != *n )
99 {
100 fclose( f );
101 polarssl_free( *buf );
102 return( POLARSSL_ERR_PK_FILE_IO_ERROR );
103 }
104
105 fclose( f );
106
107 (*buf)[*n] = '\0';
108
109 return( 0 );
110}
111
112/*
113 * Load and parse a private key
114 */
115int pk_parse_keyfile( pk_context *ctx,
116 const char *path, const char *pwd )
117{
118 int ret;
119 size_t n;
120 unsigned char *buf;
121
Manuel Pégourié-Gonnard9439f932014-11-21 09:49:43 +0100[diff] [blame]122 if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 )
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]123 return( ret );
124
125 if( pwd == NULL )
126 ret = pk_parse_key( ctx, buf, n, NULL, 0 );
127 else
128 ret = pk_parse_key( ctx, buf, n,
129 (const unsigned char *) pwd, strlen( pwd ) );
130
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]131 polarssl_zeroize( buf, n + 1 );
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]132 polarssl_free( buf );
133
134 return( ret );
135}
136
137/*
138 * Load and parse a public key
139 */
140int pk_parse_public_keyfile( pk_context *ctx, const char *path )
141{
142 int ret;
143 size_t n;
144 unsigned char *buf;
145
Manuel Pégourié-Gonnard9439f932014-11-21 09:49:43 +0100[diff] [blame]146 if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 )
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]147 return( ret );
148
149 ret = pk_parse_public_key( ctx, buf, n );
150
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]151 polarssl_zeroize( buf, n + 1 );
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]152 polarssl_free( buf );
153
154 return( ret );
155}
156#endif /* POLARSSL_FS_IO */
157
158#if defined(POLARSSL_ECP_C)
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]159/* Minimally parse an ECParameters buffer to and asn1_buf
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]160 *
161 * ECParameters ::= CHOICE {
162 * namedCurve OBJECT IDENTIFIER
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]163 * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]164 * -- implicitCurve NULL
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]165 * }
166 */
167static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
168 asn1_buf *params )
169{
170 int ret;
171
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]172 /* Tag may be either OID or SEQUENCE */
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]173 params->tag = **p;
Manuel Pégourié-Gonnard6fac3512014-03-19 16:39:52 +0100[diff] [blame]174 if( params->tag != ASN1_OID
175#if defined(POLARSSL_PK_PARSE_EC_EXTENDED)
176 && params->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE )
177#endif
178 )
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]179 {
180 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
181 POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
182 }
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]183
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]184 if( ( ret = asn1_get_tag( p, end, &params->len, params->tag ) ) != 0 )
185 {
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]186 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]187 }
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]188
189 params->p = *p;
190 *p += params->len;
191
192 if( *p != end )
193 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
194 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
195
196 return( 0 );
197}
198
Manuel Pégourié-Gonnard6fac3512014-03-19 16:39:52 +0100[diff] [blame]199#if defined(POLARSSL_PK_PARSE_EC_EXTENDED)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]200/*
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]201 * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it.
202 * WARNING: the resulting group should only be used with
203 * pk_group_id_from_specified(), since its base point may not be set correctly
204 * if it was encoded compressed.
205 *
206 * SpecifiedECDomain ::= SEQUENCE {
207 * version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...),
208 * fieldID FieldID {{FieldTypes}},
209 * curve Curve,
210 * base ECPoint,
211 * order INTEGER,
212 * cofactor INTEGER OPTIONAL,
213 * hash HashAlgorithm OPTIONAL,
214 * ...
215 * }
216 *
217 * We only support prime-field as field type, and ignore hash and cofactor.
218 */
219static int pk_group_from_specified( const asn1_buf *params, ecp_group *grp )
220{
221 int ret;
222 unsigned char *p = params->p;
223 const unsigned char * const end = params->p + params->len;
224 const unsigned char *end_field, *end_curve;
225 size_t len;
226 int ver;
227
228 /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */
229 if( ( ret = asn1_get_int( &p, end, &ver ) ) != 0 )
230 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
231
232 if( ver < 1 || ver > 3 )
233 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
234
235 /*
236 * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field
237 * fieldType FIELD-ID.&id({IOSet}),
238 * parameters FIELD-ID.&Type({IOSet}{@fieldType})
239 * }
240 */
241 if( ( ret = asn1_get_tag( &p, end, &len,
242 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
243 return( ret );
244
245 end_field = p + len;
246
247 /*
248 * FIELD-ID ::= TYPE-IDENTIFIER
249 * FieldTypes FIELD-ID ::= {
250 * { Prime-p IDENTIFIED BY prime-field } |
251 * { Characteristic-two IDENTIFIED BY characteristic-two-field }
252 * }
253 * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
254 */
255 if( ( ret = asn1_get_tag( &p, end_field, &len, ASN1_OID ) ) != 0 )
256 return( ret );
257
258 if( len != OID_SIZE( OID_ANSI_X9_62_PRIME_FIELD ) ||
259 memcmp( p, OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 )
260 {
261 return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE );
262 }
263
264 p += len;
265
266 /* Prime-p ::= INTEGER -- Field of size p. */
267 if( ( ret = asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 )
268 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
269
270 grp->pbits = mpi_msb( &grp->P );
271
272 if( p != end_field )
273 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
274 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
275
276 /*
277 * Curve ::= SEQUENCE {
278 * a FieldElement,
279 * b FieldElement,
280 * seed BIT STRING OPTIONAL
281 * -- Shall be present if used in SpecifiedECDomain
282 * -- with version equal to ecdpVer2 or ecdpVer3
283 * }
284 */
285 if( ( ret = asn1_get_tag( &p, end, &len,
286 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
287 return( ret );
288
289 end_curve = p + len;
290
291 /*
292 * FieldElement ::= OCTET STRING
293 * containing an integer in the case of a prime field
294 */
295 if( ( ret = asn1_get_tag( &p, end_curve, &len, ASN1_OCTET_STRING ) ) != 0 ||
296 ( ret = mpi_read_binary( &grp->A, p, len ) ) != 0 )
297 {
298 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
299 }
300
301 p += len;
302
303 if( ( ret = asn1_get_tag( &p, end_curve, &len, ASN1_OCTET_STRING ) ) != 0 ||
304 ( ret = mpi_read_binary( &grp->B, p, len ) ) != 0 )
305 {
306 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
307 }
308
309 p += len;
310
311 /* Ignore seed BIT STRING OPTIONAL */
312 if( ( ret = asn1_get_tag( &p, end_curve, &len, ASN1_BIT_STRING ) ) == 0 )
313 p += len;
314
315 if( p != end_curve )
316 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
317 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
318
319 /*
320 * ECPoint ::= OCTET STRING
321 */
Manuel Pégourié-Gonnard5246ee52014-03-19 16:18:38 +0100[diff] [blame]322 if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]323 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
324
Manuel Pégourié-Gonnard5246ee52014-03-19 16:18:38 +0100[diff] [blame]325 if( ( ret = ecp_point_read_binary( grp, &grp->G,
326 ( const unsigned char *) p, len ) ) != 0 )
327 {
328 /*
329 * If we can't read the point because it's compressed, cheat by
330 * reading only the X coordinate and the parity bit of Y.
331 */
332 if( ret != POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE ||
333 ( p[0] != 0x02 && p[0] != 0x03 ) ||
334 len != mpi_size( &grp->P ) + 1 ||
335 mpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 ||
336 mpi_lset( &grp->G.Y, p[0] - 2 ) != 0 ||
337 mpi_lset( &grp->G.Z, 1 ) != 0 )
338 {
339 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
340 }
341 }
342
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]343 p += len;
344
345 /*
346 * order INTEGER
347 */
Manuel Pégourié-Gonnard7f849052015-02-10 17:12:44 +0100[diff] [blame]348 if( ( ret = asn1_get_mpi( &p, end, &grp->N ) ) != 0 )
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]349 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
350
351 grp->nbits = mpi_msb( &grp->N );
352
353 /*
354 * Allow optional elements by purposefully not enforcing p == end here.
355 */
356
357 return( 0 );
358}
359
360/*
361 * Find the group id associated with an (almost filled) group as generated by
362 * pk_group_from_specified(), or return an error if unknown.
363 */
364static int pk_group_id_from_group( const ecp_group *grp, ecp_group_id *grp_id )
365{
Manuel Pégourié-Gonnard5b8c4092014-03-27 14:59:42 +0100[diff] [blame]366 int ret = 0;
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]367 ecp_group ref;
368 const ecp_group_id *id;
369
370 ecp_group_init( &ref );
371
372 for( id = ecp_grp_id_list(); *id != POLARSSL_ECP_DP_NONE; id++ )
373 {
374 /* Load the group associated to that id */
375 ecp_group_free( &ref );
376 MPI_CHK( ecp_use_known_dp( &ref, *id ) );
377
378 /* Compare to the group we were given, starting with easy tests */
379 if( grp->pbits == ref.pbits && grp->nbits == ref.nbits &&
380 mpi_cmp_mpi( &grp->P, &ref.P ) == 0 &&
381 mpi_cmp_mpi( &grp->A, &ref.A ) == 0 &&
382 mpi_cmp_mpi( &grp->B, &ref.B ) == 0 &&
383 mpi_cmp_mpi( &grp->N, &ref.N ) == 0 &&
384 mpi_cmp_mpi( &grp->G.X, &ref.G.X ) == 0 &&
385 mpi_cmp_mpi( &grp->G.Z, &ref.G.Z ) == 0 &&
386 /* For Y we may only know the parity bit, so compare only that */
387 mpi_get_bit( &grp->G.Y, 0 ) == mpi_get_bit( &ref.G.Y, 0 ) )
388 {
389 break;
390 }
391
392 }
393
394cleanup:
395 ecp_group_free( &ref );
396
397 *grp_id = *id;
398
399 if( ret == 0 && *id == POLARSSL_ECP_DP_NONE )
400 ret = POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE;
401
402 return( ret );
403}
404
405/*
406 * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID
407 */
408static int pk_group_id_from_specified( const asn1_buf *params,
409 ecp_group_id *grp_id )
410{
411 int ret;
412 ecp_group grp;
413
414 ecp_group_init( &grp );
415
416 if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 )
417 goto cleanup;
418
419 ret = pk_group_id_from_group( &grp, grp_id );
420
421cleanup:
422 ecp_group_free( &grp );
423
424 return( ret );
425}
Manuel Pégourié-Gonnard6fac3512014-03-19 16:39:52 +0100[diff] [blame]426#endif /* POLARSSL_PK_PARSE_EC_EXTENDED */
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]427
428/*
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]429 * Use EC parameters to initialise an EC group
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]430 *
431 * ECParameters ::= CHOICE {
432 * namedCurve OBJECT IDENTIFIER
433 * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
434 * -- implicitCurve NULL
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]435 */
436static int pk_use_ecparams( const asn1_buf *params, ecp_group *grp )
437{
438 int ret;
439 ecp_group_id grp_id;
440
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]441 if( params->tag == ASN1_OID )
442 {
443 if( oid_get_ec_grp( params, &grp_id ) != 0 )
444 return( POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE );
445 }
446 else
447 {
Manuel Pégourié-Gonnard6fac3512014-03-19 16:39:52 +0100[diff] [blame]448#if defined(POLARSSL_PK_PARSE_EC_EXTENDED)
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]449 if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 )
450 return( ret );
Manuel Pégourié-Gonnard6fac3512014-03-19 16:39:52 +0100[diff] [blame]451#else
452 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
453#endif
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]454 }
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]455
456 /*
457 * grp may already be initilialized; if so, make sure IDs match
458 */
459 if( grp->id != POLARSSL_ECP_DP_NONE && grp->id != grp_id )
460 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
461
462 if( ( ret = ecp_use_known_dp( grp, grp_id ) ) != 0 )
463 return( ret );
464
465 return( 0 );
466}
467
468/*
469 * EC public key is an EC point
Manuel Pégourié-Gonnard5246ee52014-03-19 16:18:38 +0100[diff] [blame]470 *
471 * The caller is responsible for clearing the structure upon failure if
472 * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE
473 * return code of ecp_point_read_binary() and leave p in a usable state.
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]474 */
475static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
476 ecp_keypair *key )
477{
478 int ret;
479
480 if( ( ret = ecp_point_read_binary( &key->grp, &key->Q,
Manuel Pégourié-Gonnard5246ee52014-03-19 16:18:38 +0100[diff] [blame]481 (const unsigned char *) *p, end - *p ) ) == 0 )
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]482 {
Manuel Pégourié-Gonnard5246ee52014-03-19 16:18:38 +0100[diff] [blame]483 ret = ecp_check_pubkey( &key->grp, &key->Q );
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]484 }
485
486 /*
Manuel Pégourié-Gonnard5246ee52014-03-19 16:18:38 +0100[diff] [blame]487 * We know ecp_point_read_binary consumed all bytes or failed
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]488 */
489 *p = (unsigned char *) end;
490
Manuel Pégourié-Gonnard5246ee52014-03-19 16:18:38 +0100[diff] [blame]491 return( ret );
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]492}
493#endif /* POLARSSL_ECP_C */
494
495#if defined(POLARSSL_RSA_C)
496/*
497 * RSAPublicKey ::= SEQUENCE {
498 * modulus INTEGER, -- n
499 * publicExponent INTEGER -- e
500 * }
501 */
502static int pk_get_rsapubkey( unsigned char **p,
503 const unsigned char *end,
504 rsa_context *rsa )
505{
506 int ret;
507 size_t len;
508
509 if( ( ret = asn1_get_tag( p, end, &len,
510 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
511 return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret );
512
513 if( *p + len != end )
514 return( POLARSSL_ERR_PK_INVALID_PUBKEY +
515 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
516
517 if( ( ret = asn1_get_mpi( p, end, &rsa->N ) ) != 0 ||
518 ( ret = asn1_get_mpi( p, end, &rsa->E ) ) != 0 )
519 return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret );
520
521 if( *p != end )
522 return( POLARSSL_ERR_PK_INVALID_PUBKEY +
523 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
524
525 if( ( ret = rsa_check_pubkey( rsa ) ) != 0 )
Manuel Pégourié-Gonnard387a2112013-09-18 18:54:01 +0200[diff] [blame]526 return( POLARSSL_ERR_PK_INVALID_PUBKEY );
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]527
528 rsa->len = mpi_size( &rsa->N );
529
530 return( 0 );
531}
532#endif /* POLARSSL_RSA_C */
533
534/* Get a PK algorithm identifier
535 *
536 * AlgorithmIdentifier ::= SEQUENCE {
537 * algorithm OBJECT IDENTIFIER,
538 * parameters ANY DEFINED BY algorithm OPTIONAL }
539 */
540static int pk_get_pk_alg( unsigned char **p,
541 const unsigned char *end,
542 pk_type_t *pk_alg, asn1_buf *params )
543{
544 int ret;
545 asn1_buf alg_oid;
546
547 memset( params, 0, sizeof(asn1_buf) );
548
549 if( ( ret = asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
550 return( POLARSSL_ERR_PK_INVALID_ALG + ret );
551
552 if( oid_get_pk_alg( &alg_oid, pk_alg ) != 0 )
553 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
554
555 /*
556 * No parameters with RSA (only for EC)
557 */
558 if( *pk_alg == POLARSSL_PK_RSA &&
559 ( ( params->tag != ASN1_NULL && params->tag != 0 ) ||
560 params->len != 0 ) )
561 {
562 return( POLARSSL_ERR_PK_INVALID_ALG );
563 }
564
565 return( 0 );
566}
567
568/*
569 * SubjectPublicKeyInfo ::= SEQUENCE {
570 * algorithm AlgorithmIdentifier,
571 * subjectPublicKey BIT STRING }
572 */
Paul Bakkerda771152013-09-16 22:45:03 +0200[diff] [blame]573int pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
574 pk_context *pk )
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]575{
576 int ret;
577 size_t len;
578 asn1_buf alg_params;
579 pk_type_t pk_alg = POLARSSL_PK_NONE;
580 const pk_info_t *pk_info;
581
582 if( ( ret = asn1_get_tag( p, end, &len,
583 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
584 {
585 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
586 }
587
588 end = *p + len;
589
590 if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
591 return( ret );
592
593 if( ( ret = asn1_get_bitstring_null( p, end, &len ) ) != 0 )
594 return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret );
595
596 if( *p + len != end )
597 return( POLARSSL_ERR_PK_INVALID_PUBKEY +
598 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
599
600 if( ( pk_info = pk_info_from_type( pk_alg ) ) == NULL )
601 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
602
603 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 )
604 return( ret );
605
606#if defined(POLARSSL_RSA_C)
607 if( pk_alg == POLARSSL_PK_RSA )
608 {
609 ret = pk_get_rsapubkey( p, end, pk_rsa( *pk ) );
610 } else
611#endif /* POLARSSL_RSA_C */
612#if defined(POLARSSL_ECP_C)
613 if( pk_alg == POLARSSL_PK_ECKEY_DH || pk_alg == POLARSSL_PK_ECKEY )
614 {
615 ret = pk_use_ecparams( &alg_params, &pk_ec( *pk )->grp );
616 if( ret == 0 )
617 ret = pk_get_ecpubkey( p, end, pk_ec( *pk ) );
618 } else
619#endif /* POLARSSL_ECP_C */
620 ret = POLARSSL_ERR_PK_UNKNOWN_PK_ALG;
621
622 if( ret == 0 && *p != end )
623 ret = POLARSSL_ERR_PK_INVALID_PUBKEY
624 POLARSSL_ERR_ASN1_LENGTH_MISMATCH;
625
626 if( ret != 0 )
627 pk_free( pk );
628
629 return( ret );
630}
631
632#if defined(POLARSSL_RSA_C)
633/*
634 * Parse a PKCS#1 encoded private RSA key
635 */
636static int pk_parse_key_pkcs1_der( rsa_context *rsa,
637 const unsigned char *key,
638 size_t keylen )
639{
640 int ret;
641 size_t len;
642 unsigned char *p, *end;
643
644 p = (unsigned char *) key;
645 end = p + keylen;
646
647 /*
648 * This function parses the RSAPrivateKey (PKCS#1)
649 *
650 * RSAPrivateKey ::= SEQUENCE {
651 * version Version,
652 * modulus INTEGER, -- n
653 * publicExponent INTEGER, -- e
654 * privateExponent INTEGER, -- d
655 * prime1 INTEGER, -- p
656 * prime2 INTEGER, -- q
657 * exponent1 INTEGER, -- d mod (p-1)
658 * exponent2 INTEGER, -- d mod (q-1)
659 * coefficient INTEGER, -- (inverse of q) mod p
660 * otherPrimeInfos OtherPrimeInfos OPTIONAL
661 * }
662 */
663 if( ( ret = asn1_get_tag( &p, end, &len,
664 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
665 {
666 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
667 }
668
669 end = p + len;
670
671 if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
672 {
673 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
674 }
675
676 if( rsa->ver != 0 )
677 {
678 return( POLARSSL_ERR_PK_KEY_INVALID_VERSION );
679 }
680
681 if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
682 ( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||
683 ( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||
684 ( ret = asn1_get_mpi( &p, end, &rsa->P ) ) != 0 ||
685 ( ret = asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 ||
686 ( ret = asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||
687 ( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
688 ( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
689 {
690 rsa_free( rsa );
691 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
692 }
693
694 rsa->len = mpi_size( &rsa->N );
695
696 if( p != end )
697 {
698 rsa_free( rsa );
699 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
700 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
701 }
702
703 if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
704 {
705 rsa_free( rsa );
706 return( ret );
707 }
708
709 return( 0 );
710}
711#endif /* POLARSSL_RSA_C */
712
713#if defined(POLARSSL_ECP_C)
714/*
715 * Parse a SEC1 encoded private EC key
716 */
717static int pk_parse_key_sec1_der( ecp_keypair *eck,
718 const unsigned char *key,
719 size_t keylen )
720{
721 int ret;
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]722 int version, pubkey_done;
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]723 size_t len;
724 asn1_buf params;
725 unsigned char *p = (unsigned char *) key;
726 unsigned char *end = p + keylen;
727 unsigned char *end2;
728
729 /*
730 * RFC 5915, or SEC1 Appendix C.4
731 *
732 * ECPrivateKey ::= SEQUENCE {
733 * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
734 * privateKey OCTET STRING,
735 * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
736 * publicKey [1] BIT STRING OPTIONAL
737 * }
738 */
739 if( ( ret = asn1_get_tag( &p, end, &len,
740 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
741 {
742 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
743 }
744
745 end = p + len;
746
747 if( ( ret = asn1_get_int( &p, end, &version ) ) != 0 )
748 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
749
750 if( version != 1 )
751 return( POLARSSL_ERR_PK_KEY_INVALID_VERSION );
752
753 if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
754 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
755
756 if( ( ret = mpi_read_binary( &eck->d, p, len ) ) != 0 )
757 {
758 ecp_keypair_free( eck );
759 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
760 }
761
762 p += len;
763
Manuel Pégourié-Gonnarde6c83662015-04-14 11:18:04 +0200[diff] [blame]764 pubkey_done = 0;
765 if( p != end )
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]766 {
Manuel Pégourié-Gonnarde6c83662015-04-14 11:18:04 +0200[diff] [blame]767 /*
768 * Is 'parameters' present?
769 */
770 if( ( ret = asn1_get_tag( &p, end, &len,
771 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) == 0 )
772 {
773 if( ( ret = pk_get_ecparams( &p, p + len, &params) ) != 0 ||
774 ( ret = pk_use_ecparams( &params, &eck->grp ) ) != 0 )
775 {
776 ecp_keypair_free( eck );
777 return( ret );
778 }
779 }
780 else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]781 {
782 ecp_keypair_free( eck );
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]783 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
Manuel Pégourié-Gonnard5246ee52014-03-19 16:18:38 +0100[diff] [blame]784 }
Manuel Pégourié-Gonnarde6c83662015-04-14 11:18:04 +0200[diff] [blame]785
786 /*
787 * Is 'publickey' present? If not, or if we can't read it (eg because it
788 * is compressed), create it from the private key.
789 */
790 if( ( ret = asn1_get_tag( &p, end, &len,
791 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) ) == 0 )
792 {
793 end2 = p + len;
794
795 if( ( ret = asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
796 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
797
798 if( p + len != end2 )
799 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
800 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
801
802 if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
803 pubkey_done = 1;
804 else
805 {
806 /*
807 * The only acceptable failure mode of pk_get_ecpubkey() above
808 * is if the point format is not recognized.
809 */
810 if( ret != POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE )
811 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
812 }
813 }
814 else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
815 {
816 ecp_keypair_free( eck );
817 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
818 }
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]819 }
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]820
821 if( ! pubkey_done &&
822 ( ret = ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
823 NULL, NULL ) ) != 0 )
Manuel Pégourié-Gonnardff29f9c2013-09-18 16:13:02 +0200[diff] [blame]824 {
825 ecp_keypair_free( eck );
826 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
827 }
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]828
829 if( ( ret = ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 )
830 {
831 ecp_keypair_free( eck );
832 return( ret );
833 }
834
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]835 return( 0 );
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]836}
837#endif /* POLARSSL_ECP_C */
838
839/*
840 * Parse an unencrypted PKCS#8 encoded private key
841 */
842static int pk_parse_key_pkcs8_unencrypted_der(
843 pk_context *pk,
844 const unsigned char* key,
845 size_t keylen )
846{
847 int ret, version;
848 size_t len;
849 asn1_buf params;
850 unsigned char *p = (unsigned char *) key;
851 unsigned char *end = p + keylen;
852 pk_type_t pk_alg = POLARSSL_PK_NONE;
853 const pk_info_t *pk_info;
854
855 /*
856 * This function parses the PrivatKeyInfo object (PKCS#8 v1.2 = RFC 5208)
857 *
858 * PrivateKeyInfo ::= SEQUENCE {
859 * version Version,
860 * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
861 * privateKey PrivateKey,
862 * attributes [0] IMPLICIT Attributes OPTIONAL }
863 *
864 * Version ::= INTEGER
865 * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
866 * PrivateKey ::= OCTET STRING
867 *
868 * The PrivateKey OCTET STRING is a SEC1 ECPrivateKey
869 */
870
871 if( ( ret = asn1_get_tag( &p, end, &len,
872 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
873 {
874 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
875 }
876
877 end = p + len;
878
879 if( ( ret = asn1_get_int( &p, end, &version ) ) != 0 )
880 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
881
882 if( version != 0 )
883 return( POLARSSL_ERR_PK_KEY_INVALID_VERSION + ret );
884
885 if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, &params ) ) != 0 )
886 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
887
888 if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
889 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
890
891 if( len < 1 )
892 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
893 POLARSSL_ERR_ASN1_OUT_OF_DATA );
894
895 if( ( pk_info = pk_info_from_type( pk_alg ) ) == NULL )
896 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
897
898 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 )
899 return( ret );
900
901#if defined(POLARSSL_RSA_C)
902 if( pk_alg == POLARSSL_PK_RSA )
903 {
904 if( ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ), p, len ) ) != 0 )
905 {
906 pk_free( pk );
907 return( ret );
908 }
909 } else
910#endif /* POLARSSL_RSA_C */
911#if defined(POLARSSL_ECP_C)
912 if( pk_alg == POLARSSL_PK_ECKEY || pk_alg == POLARSSL_PK_ECKEY_DH )
913 {
914 if( ( ret = pk_use_ecparams( &params, &pk_ec( *pk )->grp ) ) != 0 ||
915 ( ret = pk_parse_key_sec1_der( pk_ec( *pk ), p, len ) ) != 0 )
916 {
917 pk_free( pk );
918 return( ret );
919 }
920 } else
921#endif /* POLARSSL_ECP_C */
922 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
923
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]924 return( 0 );
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]925}
926
927/*
928 * Parse an encrypted PKCS#8 encoded private key
929 */
Manuel Pégourié-Gonnarda2424a02014-12-01 18:04:58 +0100[diff] [blame]930#if defined(POLARSSL_PKCS12_C) || defined(POLARSSL_PKCS5_C)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]931static int pk_parse_key_pkcs8_encrypted_der(
932 pk_context *pk,
Hanno Becker713c9e12017-09-28 16:46:24 +0100[diff] [blame]933 unsigned char *key, size_t keylen,
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]934 const unsigned char *pwd, size_t pwdlen )
935{
Paul Bakkerf4cf80b2014-04-17 17:19:56 +0200[diff] [blame]936 int ret, decrypted = 0;
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]937 size_t len;
Hanno Becker713c9e12017-09-28 16:46:24 +0100[diff] [blame]938 unsigned char *buf;
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]939 unsigned char *p, *end;
940 asn1_buf pbe_alg_oid, pbe_params;
941#if defined(POLARSSL_PKCS12_C)
942 cipher_type_t cipher_alg;
943 md_type_t md_alg;
944#endif
945
Hanno Becker1f30fa12017-09-28 16:48:26 +0100[diff] [blame^]946 p = key;
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]947 end = p + keylen;
948
949 if( pwdlen == 0 )
950 return( POLARSSL_ERR_PK_PASSWORD_REQUIRED );
951
952 /*
953 * This function parses the EncryptedPrivatKeyInfo object (PKCS#8)
954 *
955 * EncryptedPrivateKeyInfo ::= SEQUENCE {
956 * encryptionAlgorithm EncryptionAlgorithmIdentifier,
957 * encryptedData EncryptedData
958 * }
959 *
960 * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
961 *
962 * EncryptedData ::= OCTET STRING
963 *
964 * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
965 */
966 if( ( ret = asn1_get_tag( &p, end, &len,
967 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
968 {
969 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
970 }
971
972 end = p + len;
973
974 if( ( ret = asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
975 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
976
977 if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
978 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
979
Hanno Becker713c9e12017-09-28 16:46:24 +0100[diff] [blame]980 buf = p;
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]981
982 /*
983 * Decrypt EncryptedData with appropriate PDE
984 */
985#if defined(POLARSSL_PKCS12_C)
986 if( oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
987 {
988 if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT,
989 cipher_alg, md_alg,
990 pwd, pwdlen, p, len, buf ) ) != 0 )
991 {
992 if( ret == POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH )
993 return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
994
995 return( ret );
996 }
Paul Bakkerf4cf80b2014-04-17 17:19:56 +0200[diff] [blame]997
998 decrypted = 1;
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]999 }
1000 else if( OID_CMP( OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) )
1001 {
1002 if( ( ret = pkcs12_pbe_sha1_rc4_128( &pbe_params,
1003 PKCS12_PBE_DECRYPT,
1004 pwd, pwdlen,
1005 p, len, buf ) ) != 0 )
1006 {
1007 return( ret );
1008 }
1009
1010 // Best guess for password mismatch when using RC4. If first tag is
1011 // not ASN1_CONSTRUCTED | ASN1_SEQUENCE
1012 //
1013 if( *buf != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
1014 return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
Paul Bakkerf4cf80b2014-04-17 17:19:56 +0200[diff] [blame]1015
1016 decrypted = 1;
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1017 }
1018 else
1019#endif /* POLARSSL_PKCS12_C */
1020#if defined(POLARSSL_PKCS5_C)
1021 if( OID_CMP( OID_PKCS5_PBES2, &pbe_alg_oid ) )
1022 {
1023 if( ( ret = pkcs5_pbes2( &pbe_params, PKCS5_DECRYPT, pwd, pwdlen,
1024 p, len, buf ) ) != 0 )
1025 {
1026 if( ret == POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH )
1027 return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
1028
1029 return( ret );
1030 }
Paul Bakkerf4cf80b2014-04-17 17:19:56 +0200[diff] [blame]1031
1032 decrypted = 1;
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1033 }
1034 else
1035#endif /* POLARSSL_PKCS5_C */
Manuel Pégourié-Gonnard1032c1d2013-09-18 17:18:34 +0200[diff] [blame]1036 {
1037 ((void) pwd);
Manuel Pégourié-Gonnard1032c1d2013-09-18 17:18:34 +0200[diff] [blame]1038 }
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1039
Paul Bakkerf4cf80b2014-04-17 17:19:56 +0200[diff] [blame]1040 if( decrypted == 0 )
1041 return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE );
1042
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1043 return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
1044}
Manuel Pégourié-Gonnarda2424a02014-12-01 18:04:58 +0100[diff] [blame]1045#endif /* POLARSSL_PKCS12_C || POLARSSL_PKCS5_C */
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1046
1047/*
1048 * Parse a private key
1049 */
1050int pk_parse_key( pk_context *pk,
1051 const unsigned char *key, size_t keylen,
1052 const unsigned char *pwd, size_t pwdlen )
1053{
1054 int ret;
1055 const pk_info_t *pk_info;
1056
Paul Bakkercff68422013-09-15 20:43:33 +0200[diff] [blame]1057#if defined(POLARSSL_PEM_PARSE_C)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1058 size_t len;
1059 pem_context pem;
1060
1061 pem_init( &pem );
1062
1063#if defined(POLARSSL_RSA_C)
1064 ret = pem_read_buffer( &pem,
1065 "-----BEGIN RSA PRIVATE KEY-----",
1066 "-----END RSA PRIVATE KEY-----",
1067 key, pwd, pwdlen, &len );
1068 if( ret == 0 )
1069 {
1070 if( ( pk_info = pk_info_from_type( POLARSSL_PK_RSA ) ) == NULL )
Hanno Beckerb299a372017-09-28 16:48:04 +0100[diff] [blame]1071 {
1072 pem_free( &pem );
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1073 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
Hanno Beckerb299a372017-09-28 16:48:04 +0100[diff] [blame]1074 }
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1075
Hanno Becker713c9e12017-09-28 16:46:24 +0100[diff] [blame]1076 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1077 ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ),
1078 pem.buf, pem.buflen ) ) != 0 )
1079 {
1080 pk_free( pk );
1081 }
1082
1083 pem_free( &pem );
1084 return( ret );
1085 }
1086 else if( ret == POLARSSL_ERR_PEM_PASSWORD_MISMATCH )
1087 return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
1088 else if( ret == POLARSSL_ERR_PEM_PASSWORD_REQUIRED )
1089 return( POLARSSL_ERR_PK_PASSWORD_REQUIRED );
1090 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1091 return( ret );
1092#endif /* POLARSSL_RSA_C */
1093
1094#if defined(POLARSSL_ECP_C)
1095 ret = pem_read_buffer( &pem,
1096 "-----BEGIN EC PRIVATE KEY-----",
1097 "-----END EC PRIVATE KEY-----",
1098 key, pwd, pwdlen, &len );
1099 if( ret == 0 )
1100 {
1101 if( ( pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ) ) == NULL )
Hanno Beckerb299a372017-09-28 16:48:04 +0100[diff] [blame]1102 {
1103 pem_free( &pem );
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1104 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
Hanno Beckerb299a372017-09-28 16:48:04 +0100[diff] [blame]1105 }
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1106
Hanno Becker713c9e12017-09-28 16:46:24 +0100[diff] [blame]1107 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1108 ( ret = pk_parse_key_sec1_der( pk_ec( *pk ),
1109 pem.buf, pem.buflen ) ) != 0 )
1110 {
1111 pk_free( pk );
1112 }
1113
1114 pem_free( &pem );
1115 return( ret );
1116 }
1117 else if( ret == POLARSSL_ERR_PEM_PASSWORD_MISMATCH )
1118 return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
1119 else if( ret == POLARSSL_ERR_PEM_PASSWORD_REQUIRED )
1120 return( POLARSSL_ERR_PK_PASSWORD_REQUIRED );
1121 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1122 return( ret );
1123#endif /* POLARSSL_ECP_C */
1124
1125 ret = pem_read_buffer( &pem,
1126 "-----BEGIN PRIVATE KEY-----",
1127 "-----END PRIVATE KEY-----",
1128 key, NULL, 0, &len );
1129 if( ret == 0 )
1130 {
1131 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
1132 pem.buf, pem.buflen ) ) != 0 )
1133 {
1134 pk_free( pk );
1135 }
1136
1137 pem_free( &pem );
1138 return( ret );
1139 }
1140 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1141 return( ret );
1142
Manuel Pégourié-Gonnarda2424a02014-12-01 18:04:58 +0100[diff] [blame]1143#if defined(POLARSSL_PKCS12_C) || defined(POLARSSL_PKCS5_C)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1144 ret = pem_read_buffer( &pem,
1145 "-----BEGIN ENCRYPTED PRIVATE KEY-----",
1146 "-----END ENCRYPTED PRIVATE KEY-----",
1147 key, NULL, 0, &len );
1148 if( ret == 0 )
1149 {
1150 if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
1151 pem.buf, pem.buflen,
1152 pwd, pwdlen ) ) != 0 )
1153 {
1154 pk_free( pk );
1155 }
1156
1157 pem_free( &pem );
1158 return( ret );
1159 }
1160 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1161 return( ret );
Manuel Pégourié-Gonnarda2424a02014-12-01 18:04:58 +0100[diff] [blame]1162#endif /* POLARSSL_PKCS12_C || POLARSSL_PKCS5_C */
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1163#else
1164 ((void) pwd);
1165 ((void) pwdlen);
Paul Bakkercff68422013-09-15 20:43:33 +0200[diff] [blame]1166#endif /* POLARSSL_PEM_PARSE_C */
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1167
1168 /*
1169 * At this point we only know it's not a PEM formatted key. Could be any
1170 * of the known DER encoded private key formats
1171 *
1172 * We try the different DER format parsers to see if one passes without
1173 * error
1174 */
Manuel Pégourié-Gonnarda2424a02014-12-01 18:04:58 +0100[diff] [blame]1175#if defined(POLARSSL_PKCS12_C) || defined(POLARSSL_PKCS5_C)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1176 {
Hanno Becker713c9e12017-09-28 16:46:24 +0100[diff] [blame]1177 unsigned char *key_copy;
1178
1179 if( ( key_copy = polarssl_malloc( keylen ) ) == NULL )
1180 return( POLARSSL_ERR_PK_MALLOC_FAILED );
1181
1182 memcpy( key_copy, key, keylen );
1183
1184 ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,
1185 pwd, pwdlen );
1186
1187 polarssl_zeroize( key_copy, keylen );
1188 polarssl_free( key_copy );
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1189 }
1190
Hanno Becker713c9e12017-09-28 16:46:24 +0100[diff] [blame]1191 if( ret == 0 )
1192 return( 0 );
1193
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1194 pk_free( pk );
1195
1196 if( ret == POLARSSL_ERR_PK_PASSWORD_MISMATCH )
1197 {
1198 return( ret );
1199 }
Manuel Pégourié-Gonnarda2424a02014-12-01 18:04:58 +0100[diff] [blame]1200#endif /* POLARSSL_PKCS12_C || POLARSSL_PKCS5_C */
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1201
1202 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )
1203 return( 0 );
1204
1205 pk_free( pk );
1206
1207#if defined(POLARSSL_RSA_C)
1208 if( ( pk_info = pk_info_from_type( POLARSSL_PK_RSA ) ) == NULL )
1209 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
1210
Hanno Becker713c9e12017-09-28 16:46:24 +0100[diff] [blame]1211 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1212 ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ), key, keylen ) ) == 0 )
1213 {
1214 return( 0 );
1215 }
1216
1217 pk_free( pk );
1218#endif /* POLARSSL_RSA_C */
1219
1220#if defined(POLARSSL_ECP_C)
1221 if( ( pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ) ) == NULL )
1222 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
1223
Hanno Becker713c9e12017-09-28 16:46:24 +0100[diff] [blame]1224 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1225 ( ret = pk_parse_key_sec1_der( pk_ec( *pk ), key, keylen ) ) == 0 )
1226 {
1227 return( 0 );
1228 }
1229
1230 pk_free( pk );
1231#endif /* POLARSSL_ECP_C */
1232
1233 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
1234}
1235
1236/*
1237 * Parse a public key
1238 */
1239int pk_parse_public_key( pk_context *ctx,
1240 const unsigned char *key, size_t keylen )
1241{
1242 int ret;
1243 unsigned char *p;
Paul Bakkercff68422013-09-15 20:43:33 +0200[diff] [blame]1244#if defined(POLARSSL_PEM_PARSE_C)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1245 size_t len;
1246 pem_context pem;
1247
1248 pem_init( &pem );
1249 ret = pem_read_buffer( &pem,
1250 "-----BEGIN PUBLIC KEY-----",
1251 "-----END PUBLIC KEY-----",
1252 key, NULL, 0, &len );
1253
1254 if( ret == 0 )
1255 {
1256 /*
1257 * Was PEM encoded
1258 */
1259 key = pem.buf;
1260 keylen = pem.buflen;
1261 }
1262 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1263 {
1264 pem_free( &pem );
1265 return( ret );
1266 }
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]1267#endif /* POLARSSL_PEM_PARSE_C */
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1268 p = (unsigned char *) key;
1269
Paul Bakkerda771152013-09-16 22:45:03 +0200[diff] [blame]1270 ret = pk_parse_subpubkey( &p, p + keylen, ctx );
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1271
Paul Bakkercff68422013-09-15 20:43:33 +0200[diff] [blame]1272#if defined(POLARSSL_PEM_PARSE_C)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1273 pem_free( &pem );
1274#endif
1275
1276 return( ret );
1277}
1278
Paul Bakker4606c732013-09-15 17:04:23 +0200[diff] [blame]1279#endif /* POLARSSL_PK_PARSE_C */