cvs.zerfleddert.de Git - proxmark3-svn/blob - common/mbedtls/pkparse.c

   1 /*
   2  *  Public Key layer for parsing key files and structures
   3  *
   4  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
   5  *  SPDX-License-Identifier: GPL-2.0
   6  *
   7  *  This program is free software; you can redistribute it and/or modify
   8  *  it under the terms of the GNU General Public License as published by
   9  *  the Free Software Foundation; either version 2 of the License, or
  10  *  (at your option) any later version.
  11  *
  12  *  This program is distributed in the hope that it will be useful,
  13  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  *  GNU General Public License for more details.
  16  *
  17  *  You should have received a copy of the GNU General Public License along
  18  *  with this program; if not, write to the Free Software Foundation, Inc.,
  19  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  *  This file is part of mbed TLS (https://tls.mbed.org)
  22  */
  23
  24 #if !defined(MBEDTLS_CONFIG_FILE)
  25 #include "mbedtls/config.h"
  26 #else
  27 #include MBEDTLS_CONFIG_FILE
  28 #endif
  29
  30 #if defined(MBEDTLS_PK_PARSE_C)
  31
  32 #include "mbedtls/pk.h"
  33 #include "mbedtls/asn1.h"
  34 #include "mbedtls/oid.h"
  35 #include "mbedtls/platform_util.h"
  36
  37 #include <string.h>
  38
  39 #if defined(MBEDTLS_RSA_C)
  40 #include "mbedtls/rsa.h"
  41 #endif
  42 #if defined(MBEDTLS_ECP_C)
  43 #include "mbedtls/ecp.h"
  44 #endif
  45 #if defined(MBEDTLS_ECDSA_C)
  46 #include "mbedtls/ecdsa.h"
  47 #endif
  48 #if defined(MBEDTLS_PEM_PARSE_C)
  49 #include "mbedtls/pem.h"
  50 #endif
  51 #if defined(MBEDTLS_PKCS5_C)
  52 #include "mbedtls/pkcs5.h"
  53 #endif
  54 #if defined(MBEDTLS_PKCS12_C)
  55 #include "mbedtls/pkcs12.h"
  56 #endif
  57
  58 #if defined(MBEDTLS_PLATFORM_C)
  59 #include "mbedtls/platform.h"
  60 #else
  61 #include <stdlib.h>
  62 #define mbedtls_calloc    calloc
  63 #define mbedtls_free       free
  64 #endif
  65
  66 #if defined(MBEDTLS_FS_IO)
  67 /*
  68  * Load all data from a file into a given buffer.
  69  *
  70  * The file is expected to contain either PEM or DER encoded data.
  71  * A terminating null byte is always appended. It is included in the announced
  72  * length only if the data looks like it is PEM encoded.
  73  */
  74 int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
  75 {
  76     FILE *f;
  77     long size;
  78
  79     if( ( f = fopen( path, "rb" ) ) == NULL )
  80         return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
  81
  82     fseek( f, 0, SEEK_END );
  83     if( ( size = ftell( f ) ) == -1 )
  84     {
  85         fclose( f );
  86         return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
  87     }
  88     fseek( f, 0, SEEK_SET );
  89
  90     *n = (size_t) size;
  91
  92     if( *n + 1 == 0 ||
  93         ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
  94     {
  95         fclose( f );
  96         return( MBEDTLS_ERR_PK_ALLOC_FAILED );
  97     }
  98
  99     if( fread( *buf, 1, *n, f ) != *n )
 100     {
 101         fclose( f );
 102
 103         mbedtls_platform_zeroize( *buf, *n );
 104         mbedtls_free( *buf );
 105
 106         return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
 107     }
 108
 109     fclose( f );
 110
 111     (*buf)[*n] = '\0';
 112
 113     if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL )
 114         ++*n;
 115
 116     return( 0 );
 117 }
 118
 119 /*
 120  * Load and parse a private key
 121  */
 122 int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
 123                       const char *path, const char *pwd )
 124 {
 125     int ret;
 126     size_t n;
 127     unsigned char *buf;
 128
 129     if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
 130         return( ret );
 131
 132     if( pwd == NULL )
 133         ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 );
 134     else
 135         ret = mbedtls_pk_parse_key( ctx, buf, n,
 136                 (const unsigned char *) pwd, strlen( pwd ) );
 137
 138     mbedtls_platform_zeroize( buf, n );
 139     mbedtls_free( buf );
 140
 141     return( ret );
 142 }
 143
 144 /*
 145  * Load and parse a public key
 146  */
 147 int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
 148 {
 149     int ret;
 150     size_t n;
 151     unsigned char *buf;
 152
 153     if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
 154         return( ret );
 155
 156     ret = mbedtls_pk_parse_public_key( ctx, buf, n );
 157
 158     mbedtls_platform_zeroize( buf, n );
 159     mbedtls_free( buf );
 160
 161     return( ret );
 162 }
 163 #endif /* MBEDTLS_FS_IO */
 164
 165 #if defined(MBEDTLS_ECP_C)
 166 /* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf
 167  *
 168  * ECParameters ::= CHOICE {
 169  *   namedCurve         OBJECT IDENTIFIER
 170  *   specifiedCurve     SpecifiedECDomain -- = SEQUENCE { ... }
 171  *   -- implicitCurve   NULL
 172  * }
 173  */
 174 static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
 175                             mbedtls_asn1_buf *params )
 176 {
 177     int ret;
 178
 179     if ( end - *p < 1 )
 180         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
 181                 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
 182
 183     /* Tag may be either OID or SEQUENCE */
 184     params->tag = **p;
 185     if( params->tag != MBEDTLS_ASN1_OID
 186 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
 187             && params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE )
 188 #endif
 189             )
 190     {
 191         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
 192                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
 193     }
 194
 195     if( ( ret = mbedtls_asn1_get_tag( p, end, &params->len, params->tag ) ) != 0 )
 196     {
 197         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
 198     }
 199
 200     params->p = *p;
 201     *p += params->len;
 202
 203     if( *p != end )
 204         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
 205                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
 206
 207     return( 0 );
 208 }
 209
 210 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
 211 /*
 212  * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it.
 213  * WARNING: the resulting group should only be used with
 214  * pk_group_id_from_specified(), since its base point may not be set correctly
 215  * if it was encoded compressed.
 216  *
 217  *  SpecifiedECDomain ::= SEQUENCE {
 218  *      version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...),
 219  *      fieldID FieldID {{FieldTypes}},
 220  *      curve Curve,
 221  *      base ECPoint,
 222  *      order INTEGER,
 223  *      cofactor INTEGER OPTIONAL,
 224  *      hash HashAlgorithm OPTIONAL,
 225  *      ...
 226  *  }
 227  *
 228  * We only support prime-field as field type, and ignore hash and cofactor.
 229  */
 230 static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
 231 {
 232     int ret;
 233     unsigned char *p = params->p;
 234     const unsigned char * const end = params->p + params->len;
 235     const unsigned char *end_field, *end_curve;
 236     size_t len;
 237     int ver;
 238
 239     /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */
 240     if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 )
 241         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
 242
 243     if( ver < 1 || ver > 3 )
 244         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
 245
 246     /*
 247      * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field
 248      *       fieldType FIELD-ID.&id({IOSet}),
 249      *       parameters FIELD-ID.&Type({IOSet}{@fieldType})
 250      * }
 251      */
 252     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
 253             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
 254         return( ret );
 255
 256     end_field = p + len;
 257
 258     /*
 259      * FIELD-ID ::= TYPE-IDENTIFIER
 260      * FieldTypes FIELD-ID ::= {
 261      *       { Prime-p IDENTIFIED BY prime-field } |
 262      *       { Characteristic-two IDENTIFIED BY characteristic-two-field }
 263      * }
 264      * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
 265      */
 266     if( ( ret = mbedtls_asn1_get_tag( &p, end_field, &len, MBEDTLS_ASN1_OID ) ) != 0 )
 267         return( ret );
 268
 269     if( len != MBEDTLS_OID_SIZE( MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD ) ||
 270         memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 )
 271     {
 272         return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
 273     }
 274
 275     p += len;
 276
 277     /* Prime-p ::= INTEGER -- Field of size p. */
 278     if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 )
 279         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
 280
 281     grp->pbits = mbedtls_mpi_bitlen( &grp->P );
 282
 283     if( p != end_field )
 284         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
 285                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
 286
 287     /*
 288      * Curve ::= SEQUENCE {
 289      *       a FieldElement,
 290      *       b FieldElement,
 291      *       seed BIT STRING OPTIONAL
 292      *       -- Shall be present if used in SpecifiedECDomain
 293      *       -- with version equal to ecdpVer2 or ecdpVer3
 294      * }
 295      */
 296     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
 297             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
 298         return( ret );
 299
 300     end_curve = p + len;
 301
 302     /*
 303      * FieldElement ::= OCTET STRING
 304      * containing an integer in the case of a prime field
 305      */
 306     if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
 307         ( ret = mbedtls_mpi_read_binary( &grp->A, p, len ) ) != 0 )
 308     {
 309         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
 310     }
 311
 312     p += len;
 313
 314     if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
 315         ( ret = mbedtls_mpi_read_binary( &grp->B, p, len ) ) != 0 )
 316     {
 317         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
 318     }
 319
 320     p += len;
 321
 322     /* Ignore seed BIT STRING OPTIONAL */
 323     if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING ) ) == 0 )
 324         p += len;
 325
 326     if( p != end_curve )
 327         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
 328                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
 329
 330     /*
 331      * ECPoint ::= OCTET STRING
 332      */
 333     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
 334         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
 335
 336     if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G,
 337                                       ( const unsigned char *) p, len ) ) != 0 )
 338     {
 339         /*
 340          * If we can't read the point because it's compressed, cheat by
 341          * reading only the X coordinate and the parity bit of Y.
 342          */
 343         if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ||
 344             ( p[0] != 0x02 && p[0] != 0x03 ) ||
 345             len != mbedtls_mpi_size( &grp->P ) + 1 ||
 346             mbedtls_mpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 ||
 347             mbedtls_mpi_lset( &grp->G.Y, p[0] - 2 ) != 0 ||
 348             mbedtls_mpi_lset( &grp->G.Z, 1 ) != 0 )
 349         {
 350             return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
 351         }
 352     }
 353
 354     p += len;
 355
 356     /*
 357      * order INTEGER
 358      */
 359     if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N ) ) != 0 )
 360         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
 361
 362     grp->nbits = mbedtls_mpi_bitlen( &grp->N );
 363
 364     /*
 365      * Allow optional elements by purposefully not enforcing p == end here.
 366      */
 367
 368     return( 0 );
 369 }
 370
 371 /*
 372  * Find the group id associated with an (almost filled) group as generated by
 373  * pk_group_from_specified(), or return an error if unknown.
 374  */
 375 static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id )
 376 {
 377     int ret = 0;
 378     mbedtls_ecp_group ref;
 379     const mbedtls_ecp_group_id *id;
 380
 381     mbedtls_ecp_group_init( &ref );
 382
 383     for( id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++ )
 384     {
 385         /* Load the group associated to that id */
 386         mbedtls_ecp_group_free( &ref );
 387         MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ref, *id ) );
 388
 389         /* Compare to the group we were given, starting with easy tests */
 390         if( grp->pbits == ref.pbits && grp->nbits == ref.nbits &&
 391             mbedtls_mpi_cmp_mpi( &grp->P, &ref.P ) == 0 &&
 392             mbedtls_mpi_cmp_mpi( &grp->A, &ref.A ) == 0 &&
 393             mbedtls_mpi_cmp_mpi( &grp->B, &ref.B ) == 0 &&
 394             mbedtls_mpi_cmp_mpi( &grp->N, &ref.N ) == 0 &&
 395             mbedtls_mpi_cmp_mpi( &grp->G.X, &ref.G.X ) == 0 &&
 396             mbedtls_mpi_cmp_mpi( &grp->G.Z, &ref.G.Z ) == 0 &&
 397             /* For Y we may only know the parity bit, so compare only that */
 398             mbedtls_mpi_get_bit( &grp->G.Y, 0 ) == mbedtls_mpi_get_bit( &ref.G.Y, 0 ) )
 399         {
 400             break;
 401         }
 402
 403     }
 404
 405 cleanup:
 406     mbedtls_ecp_group_free( &ref );
 407
 408     *grp_id = *id;
 409
 410     if( ret == 0 && *id == MBEDTLS_ECP_DP_NONE )
 411         ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
 412
 413     return( ret );
 414 }
 415
 416 /*
 417  * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID
 418  */
 419 static int pk_group_id_from_specified( const mbedtls_asn1_buf *params,
 420                                        mbedtls_ecp_group_id *grp_id )
 421 {
 422     int ret;
 423     mbedtls_ecp_group grp;
 424
 425     mbedtls_ecp_group_init( &grp );
 426
 427     if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 )
 428         goto cleanup;
 429
 430     ret = pk_group_id_from_group( &grp, grp_id );
 431
 432 cleanup:
 433     mbedtls_ecp_group_free( &grp );
 434
 435     return( ret );
 436 }
 437 #endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
 438
 439 /*
 440  * Use EC parameters to initialise an EC group
 441  *
 442  * ECParameters ::= CHOICE {
 443  *   namedCurve         OBJECT IDENTIFIER
 444  *   specifiedCurve     SpecifiedECDomain -- = SEQUENCE { ... }
 445  *   -- implicitCurve   NULL
 446  */
 447 static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
 448 {
 449     int ret;
 450     mbedtls_ecp_group_id grp_id;
 451
 452     if( params->tag == MBEDTLS_ASN1_OID )
 453     {
 454         if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 )
 455             return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE );
 456     }
 457     else
 458     {
 459 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
 460         if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 )
 461             return( ret );
 462 #else
 463         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
 464 #endif
 465     }
 466
 467     /*
 468      * grp may already be initilialized; if so, make sure IDs match
 469      */
 470     if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id )
 471         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
 472
 473     if( ( ret = mbedtls_ecp_group_load( grp, grp_id ) ) != 0 )
 474         return( ret );
 475
 476     return( 0 );
 477 }
 478
 479 /*
 480  * EC public key is an EC point
 481  *
 482  * The caller is responsible for clearing the structure upon failure if
 483  * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE
 484  * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state.
 485  */
 486 static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
 487                             mbedtls_ecp_keypair *key )
 488 {
 489     int ret;
 490
 491     if( ( ret = mbedtls_ecp_point_read_binary( &key->grp, &key->Q,
 492                     (const unsigned char *) *p, end - *p ) ) == 0 )
 493     {
 494         ret = mbedtls_ecp_check_pubkey( &key->grp, &key->Q );
 495     }
 496
 497     /*
 498      * We know mbedtls_ecp_point_read_binary consumed all bytes or failed
 499      */
 500     *p = (unsigned char *) end;
 501
 502     return( ret );
 503 }
 504 #endif /* MBEDTLS_ECP_C */
 505
 506 #if defined(MBEDTLS_RSA_C)
 507 /*
 508  *  RSAPublicKey ::= SEQUENCE {
 509  *      modulus           INTEGER,  -- n
 510  *      publicExponent    INTEGER   -- e
 511  *  }
 512  */
 513 static int pk_get_rsapubkey( unsigned char **p,
 514                              const unsigned char *end,
 515                              mbedtls_rsa_context *rsa )
 516 {
 517     int ret;
 518     size_t len;
 519
 520     if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
 521             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
 522         return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
 523
 524     if( *p + len != end )
 525         return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
 526                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
 527
 528     /* Import N */
 529     if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
 530         return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
 531
 532     if( ( ret = mbedtls_rsa_import_raw( rsa, *p, len, NULL, 0, NULL, 0,
 533                                         NULL, 0, NULL, 0 ) ) != 0 )
 534         return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
 535
 536     *p += len;
 537
 538     /* Import E */
 539     if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
 540         return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
 541
 542     if( ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
 543                                         NULL, 0, *p, len ) ) != 0 )
 544         return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
 545
 546     *p += len;
 547
 548     if( mbedtls_rsa_complete( rsa ) != 0 ||
 549         mbedtls_rsa_check_pubkey( rsa ) != 0 )
 550     {
 551         return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
 552     }
 553
 554     if( *p != end )
 555         return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
 556                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
 557
 558     return( 0 );
 559 }
 560 #endif /* MBEDTLS_RSA_C */
 561
 562 /* Get a PK algorithm identifier
 563  *
 564  *  AlgorithmIdentifier  ::=  SEQUENCE  {
 565  *       algorithm               OBJECT IDENTIFIER,
 566  *       parameters              ANY DEFINED BY algorithm OPTIONAL  }
 567  */
 568 static int pk_get_pk_alg( unsigned char **p,
 569                           const unsigned char *end,
 570                           mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params )
 571 {
 572     int ret;
 573     mbedtls_asn1_buf alg_oid;
 574
 575     memset( params, 0, sizeof(mbedtls_asn1_buf) );
 576
 577     if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
 578         return( MBEDTLS_ERR_PK_INVALID_ALG + ret );
 579
 580     if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 )
 581         return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
 582
 583     /*
 584      * No parameters with RSA (only for EC)
 585      */
 586     if( *pk_alg == MBEDTLS_PK_RSA &&
 587             ( ( params->tag != MBEDTLS_ASN1_NULL && params->tag != 0 ) ||
 588                 params->len != 0 ) )
 589     {
 590         return( MBEDTLS_ERR_PK_INVALID_ALG );
 591     }
 592
 593     return( 0 );
 594 }
 595
 596 /*
 597  *  SubjectPublicKeyInfo  ::=  SEQUENCE  {
 598  *       algorithm            AlgorithmIdentifier,
 599  *       subjectPublicKey     BIT STRING }
 600  */
 601 int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
 602                         mbedtls_pk_context *pk )
 603 {
 604     int ret;
 605     size_t len;
 606     mbedtls_asn1_buf alg_params;
 607     mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
 608     const mbedtls_pk_info_t *pk_info;
 609
 610     if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
 611                     MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
 612     {
 613         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
 614     }
 615
 616     end = *p + len;
 617
 618     if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
 619         return( ret );
 620
 621     if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
 622         return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
 623
 624     if( *p + len != end )
 625         return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
 626                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
 627
 628     if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
 629         return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
 630
 631     if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
 632         return( ret );
 633
 634 #if defined(MBEDTLS_RSA_C)
 635     if( pk_alg == MBEDTLS_PK_RSA )
 636     {
 637         ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) );
 638     } else
 639 #endif /* MBEDTLS_RSA_C */
 640 #if defined(MBEDTLS_ECP_C)
 641     if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY )
 642     {
 643         ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp );
 644         if( ret == 0 )
 645             ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) );
 646     } else
 647 #endif /* MBEDTLS_ECP_C */
 648         ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
 649
 650     if( ret == 0 && *p != end )
 651         ret = MBEDTLS_ERR_PK_INVALID_PUBKEY
 652               MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
 653
 654     if( ret != 0 )
 655         mbedtls_pk_free( pk );
 656
 657     return( ret );
 658 }
 659
 660 #if defined(MBEDTLS_RSA_C)
 661 /*
 662  * Parse a PKCS#1 encoded private RSA key
 663  */
 664 static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
 665                                    const unsigned char *key,
 666                                    size_t keylen )
 667 {
 668     int ret, version;
 669     size_t len;
 670     unsigned char *p, *end;
 671
 672     mbedtls_mpi T;
 673     mbedtls_mpi_init( &T );
 674
 675     p = (unsigned char *) key;
 676     end = p + keylen;
 677
 678     /*
 679      * This function parses the RSAPrivateKey (PKCS#1)
 680      *
 681      *  RSAPrivateKey ::= SEQUENCE {
 682      *      version           Version,
 683      *      modulus           INTEGER,  -- n
 684      *      publicExponent    INTEGER,  -- e
 685      *      privateExponent   INTEGER,  -- d
 686      *      prime1            INTEGER,  -- p
 687      *      prime2            INTEGER,  -- q
 688      *      exponent1         INTEGER,  -- d mod (p-1)
 689      *      exponent2         INTEGER,  -- d mod (q-1)
 690      *      coefficient       INTEGER,  -- (inverse of q) mod p
 691      *      otherPrimeInfos   OtherPrimeInfos OPTIONAL
 692      *  }
 693      */
 694     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
 695             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
 696     {
 697         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
 698     }
 699
 700     end = p + len;
 701
 702     if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
 703     {
 704         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
 705     }
 706
 707     if( version != 0 )
 708     {
 709         return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
 710     }
 711
 712     /* Import N */
 713     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
 714                                       MBEDTLS_ASN1_INTEGER ) ) != 0 ||
 715         ( ret = mbedtls_rsa_import_raw( rsa, p, len, NULL, 0, NULL, 0,
 716                                         NULL, 0, NULL, 0 ) ) != 0 )
 717         goto cleanup;
 718     p += len;
 719
 720     /* Import E */
 721     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
 722                                       MBEDTLS_ASN1_INTEGER ) ) != 0 ||
 723         ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
 724                                         NULL, 0, p, len ) ) != 0 )
 725         goto cleanup;
 726     p += len;
 727
 728     /* Import D */
 729     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
 730                                       MBEDTLS_ASN1_INTEGER ) ) != 0 ||
 731         ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
 732                                         p, len, NULL, 0 ) ) != 0 )
 733         goto cleanup;
 734     p += len;
 735
 736     /* Import P */
 737     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
 738                                       MBEDTLS_ASN1_INTEGER ) ) != 0 ||
 739         ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, p, len, NULL, 0,
 740                                         NULL, 0, NULL, 0 ) ) != 0 )
 741         goto cleanup;
 742     p += len;
 743
 744     /* Import Q */
 745     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
 746                                       MBEDTLS_ASN1_INTEGER ) ) != 0 ||
 747         ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, p, len,
 748                                         NULL, 0, NULL, 0 ) ) != 0 )
 749         goto cleanup;
 750     p += len;
 751
 752     /* Complete the RSA private key */
 753     if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 )
 754         goto cleanup;
 755
 756     /* Check optional parameters */
 757     if( ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
 758         ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
 759         ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 )
 760         goto cleanup;
 761
 762     if( p != end )
 763     {
 764         ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
 765               MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ;
 766     }
 767
 768 cleanup:
 769
 770     mbedtls_mpi_free( &T );
 771
 772     if( ret != 0 )
 773     {
 774         /* Wrap error code if it's coming from a lower level */
 775         if( ( ret & 0xff80 ) == 0 )
 776             ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret;
 777         else
 778             ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
 779
 780         mbedtls_rsa_free( rsa );
 781     }
 782
 783     return( ret );
 784 }
 785 #endif /* MBEDTLS_RSA_C */
 786
 787 #if defined(MBEDTLS_ECP_C)
 788 /*
 789  * Parse a SEC1 encoded private EC key
 790  */
 791 static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
 792                                   const unsigned char *key,
 793                                   size_t keylen )
 794 {
 795     int ret;
 796     int version, pubkey_done;
 797     size_t len;
 798     mbedtls_asn1_buf params;
 799     unsigned char *p = (unsigned char *) key;
 800     unsigned char *end = p + keylen;
 801     unsigned char *end2;
 802
 803     /*
 804      * RFC 5915, or SEC1 Appendix C.4
 805      *
 806      * ECPrivateKey ::= SEQUENCE {
 807      *      version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
 808      *      privateKey     OCTET STRING,
 809      *      parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
 810      *      publicKey  [1] BIT STRING OPTIONAL
 811      *    }
 812      */
 813     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
 814             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
 815     {
 816         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
 817     }
 818
 819     end = p + len;
 820
 821     if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
 822         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
 823
 824     if( version != 1 )
 825         return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
 826
 827     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
 828         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
 829
 830     if( ( ret = mbedtls_mpi_read_binary( &eck->d, p, len ) ) != 0 )
 831     {
 832         mbedtls_ecp_keypair_free( eck );
 833         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
 834     }
 835
 836     p += len;
 837
 838     pubkey_done = 0;
 839     if( p != end )
 840     {
 841         /*
 842          * Is 'parameters' present?
 843          */
 844         if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
 845                         MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
 846         {
 847             if( ( ret = pk_get_ecparams( &p, p + len, &params) ) != 0 ||
 848                 ( ret = pk_use_ecparams( &params, &eck->grp )  ) != 0 )
 849             {
 850                 mbedtls_ecp_keypair_free( eck );
 851                 return( ret );
 852             }
 853         }
 854         else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
 855         {
 856             mbedtls_ecp_keypair_free( eck );
 857             return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
 858         }
 859     }
 860
 861     if( p != end )
 862     {
 863         /*
 864          * Is 'publickey' present? If not, or if we can't read it (eg because it
 865          * is compressed), create it from the private key.
 866          */
 867         if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
 868                         MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
 869         {
 870             end2 = p + len;
 871
 872             if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
 873                 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
 874
 875             if( p + len != end2 )
 876                 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
 877                         MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
 878
 879             if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
 880                 pubkey_done = 1;
 881             else
 882             {
 883                 /*
 884                  * The only acceptable failure mode of pk_get_ecpubkey() above
 885                  * is if the point format is not recognized.
 886                  */
 887                 if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE )
 888                     return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
 889             }
 890         }
 891         else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
 892         {
 893             mbedtls_ecp_keypair_free( eck );
 894             return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
 895         }
 896     }
 897
 898     if( ! pubkey_done &&
 899         ( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
 900                                                       NULL, NULL ) ) != 0 )
 901     {
 902         mbedtls_ecp_keypair_free( eck );
 903         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
 904     }
 905
 906     if( ( ret = mbedtls_ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 )
 907     {
 908         mbedtls_ecp_keypair_free( eck );
 909         return( ret );
 910     }
 911
 912     return( 0 );
 913 }
 914 #endif /* MBEDTLS_ECP_C */
 915
 916 /*
 917  * Parse an unencrypted PKCS#8 encoded private key
 918  *
 919  * Notes:
 920  *
 921  * - This function does not own the key buffer. It is the
 922  *   responsibility of the caller to take care of zeroizing
 923  *   and freeing it after use.
 924  *
 925  * - The function is responsible for freeing the provided
 926  *   PK context on failure.
 927  *
 928  */
 929 static int pk_parse_key_pkcs8_unencrypted_der(
 930                                     mbedtls_pk_context *pk,
 931                                     const unsigned char* key,
 932                                     size_t keylen )
 933 {
 934     int ret, version;
 935     size_t len;
 936     mbedtls_asn1_buf params;
 937     unsigned char *p = (unsigned char *) key;
 938     unsigned char *end = p + keylen;
 939     mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
 940     const mbedtls_pk_info_t *pk_info;
 941
 942     /*
 943      * This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208)
 944      *
 945      *    PrivateKeyInfo ::= SEQUENCE {
 946      *      version                   Version,
 947      *      privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
 948      *      privateKey                PrivateKey,
 949      *      attributes           [0]  IMPLICIT Attributes OPTIONAL }
 950      *
 951      *    Version ::= INTEGER
 952      *    PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
 953      *    PrivateKey ::= OCTET STRING
 954      *
 955      *  The PrivateKey OCTET STRING is a SEC1 ECPrivateKey
 956      */
 957
 958     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
 959             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
 960     {
 961         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
 962     }
 963
 964     end = p + len;
 965
 966     if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
 967         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
 968
 969     if( version != 0 )
 970         return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret );
 971
 972     if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, &params ) ) != 0 )
 973         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
 974
 975     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
 976         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
 977
 978     if( len < 1 )
 979         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
 980                 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
 981
 982     if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
 983         return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
 984
 985     if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
 986         return( ret );
 987
 988 #if defined(MBEDTLS_RSA_C)
 989     if( pk_alg == MBEDTLS_PK_RSA )
 990     {
 991         if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 )
 992         {
 993             mbedtls_pk_free( pk );
 994             return( ret );
 995         }
 996     } else
 997 #endif /* MBEDTLS_RSA_C */
 998 #if defined(MBEDTLS_ECP_C)
 999     if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH )
1000     {
1001         if( ( ret = pk_use_ecparams( &params, &mbedtls_pk_ec( *pk )->grp ) ) != 0 ||
1002             ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len )  ) != 0 )
1003         {
1004             mbedtls_pk_free( pk );
1005             return( ret );
1006         }
1007     } else
1008 #endif /* MBEDTLS_ECP_C */
1009         return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
1010
1011     return( 0 );
1012 }
1013
1014 /*
1015  * Parse an encrypted PKCS#8 encoded private key
1016  *
1017  * To save space, the decryption happens in-place on the given key buffer.
1018  * Also, while this function may modify the keybuffer, it doesn't own it,
1019  * and instead it is the responsibility of the caller to zeroize and properly
1020  * free it after use.
1021  *
1022  */
1023 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
1024 static int pk_parse_key_pkcs8_encrypted_der(
1025                                     mbedtls_pk_context *pk,
1026                                     unsigned char *key, size_t keylen,
1027                                     const unsigned char *pwd, size_t pwdlen )
1028 {
1029     int ret, decrypted = 0;
1030     size_t len;
1031     unsigned char *buf;
1032     unsigned char *p, *end;
1033     mbedtls_asn1_buf pbe_alg_oid, pbe_params;
1034 #if defined(MBEDTLS_PKCS12_C)
1035     mbedtls_cipher_type_t cipher_alg;
1036     mbedtls_md_type_t md_alg;
1037 #endif
1038
1039     p = key;
1040     end = p + keylen;
1041
1042     if( pwdlen == 0 )
1043         return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
1044
1045     /*
1046      * This function parses the EncryptedPrivateKeyInfo object (PKCS#8)
1047      *
1048      *  EncryptedPrivateKeyInfo ::= SEQUENCE {
1049      *    encryptionAlgorithm  EncryptionAlgorithmIdentifier,
1050      *    encryptedData        EncryptedData
1051      *  }
1052      *
1053      *  EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
1054      *
1055      *  EncryptedData ::= OCTET STRING
1056      *
1057      *  The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
1058      *
1059      */
1060     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
1061             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
1062     {
1063         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
1064     }
1065
1066     end = p + len;
1067
1068     if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
1069         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
1070
1071     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
1072         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
1073
1074     buf = p;
1075
1076     /*
1077      * Decrypt EncryptedData with appropriate PBE
1078      */
1079 #if defined(MBEDTLS_PKCS12_C)
1080     if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
1081     {
1082         if( ( ret = mbedtls_pkcs12_pbe( &pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
1083                                 cipher_alg, md_alg,
1084                                 pwd, pwdlen, p, len, buf ) ) != 0 )
1085         {
1086             if( ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH )
1087                 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
1088
1089             return( ret );
1090         }
1091
1092         decrypted = 1;
1093     }
1094     else if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) == 0 )
1095     {
1096         if( ( ret = mbedtls_pkcs12_pbe_sha1_rc4_128( &pbe_params,
1097                                              MBEDTLS_PKCS12_PBE_DECRYPT,
1098                                              pwd, pwdlen,
1099                                              p, len, buf ) ) != 0 )
1100         {
1101             return( ret );
1102         }
1103
1104         // Best guess for password mismatch when using RC4. If first tag is
1105         // not MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE
1106         //
1107         if( *buf != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
1108             return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
1109
1110         decrypted = 1;
1111     }
1112     else
1113 #endif /* MBEDTLS_PKCS12_C */
1114 #if defined(MBEDTLS_PKCS5_C)
1115     if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid ) == 0 )
1116     {
1117         if( ( ret = mbedtls_pkcs5_pbes2( &pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen,
1118                                   p, len, buf ) ) != 0 )
1119         {
1120             if( ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH )
1121                 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
1122
1123             return( ret );
1124         }
1125
1126         decrypted = 1;
1127     }
1128     else
1129 #endif /* MBEDTLS_PKCS5_C */
1130     {
1131         ((void) pwd);
1132     }
1133
1134     if( decrypted == 0 )
1135         return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
1136
1137     return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
1138 }
1139 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
1140
1141 /*
1142  * Parse a private key
1143  */
1144 int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
1145                   const unsigned char *key, size_t keylen,
1146                   const unsigned char *pwd, size_t pwdlen )
1147 {
1148     int ret;
1149     const mbedtls_pk_info_t *pk_info;
1150
1151 #if defined(MBEDTLS_PEM_PARSE_C)
1152     size_t len;
1153     mbedtls_pem_context pem;
1154
1155     mbedtls_pem_init( &pem );
1156
1157 #if defined(MBEDTLS_RSA_C)
1158     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
1159     if( keylen == 0 || key[keylen - 1] != '\0' )
1160         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1161     else
1162         ret = mbedtls_pem_read_buffer( &pem,
1163                                "-----BEGIN RSA PRIVATE KEY-----",
1164                                "-----END RSA PRIVATE KEY-----",
1165                                key, pwd, pwdlen, &len );
1166
1167     if( ret == 0 )
1168     {
1169         pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
1170         if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
1171             ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
1172                                             pem.buf, pem.buflen ) ) != 0 )
1173         {
1174             mbedtls_pk_free( pk );
1175         }
1176
1177         mbedtls_pem_free( &pem );
1178         return( ret );
1179     }
1180     else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
1181         return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
1182     else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
1183         return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
1184     else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1185         return( ret );
1186 #endif /* MBEDTLS_RSA_C */
1187
1188 #if defined(MBEDTLS_ECP_C)
1189     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
1190     if( keylen == 0 || key[keylen - 1] != '\0' )
1191         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1192     else
1193         ret = mbedtls_pem_read_buffer( &pem,
1194                                "-----BEGIN EC PRIVATE KEY-----",
1195                                "-----END EC PRIVATE KEY-----",
1196                                key, pwd, pwdlen, &len );
1197     if( ret == 0 )
1198     {
1199         pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
1200
1201         if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
1202             ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
1203                                            pem.buf, pem.buflen ) ) != 0 )
1204         {
1205             mbedtls_pk_free( pk );
1206         }
1207
1208         mbedtls_pem_free( &pem );
1209         return( ret );
1210     }
1211     else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
1212         return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
1213     else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
1214         return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
1215     else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1216         return( ret );
1217 #endif /* MBEDTLS_ECP_C */
1218
1219     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
1220     if( keylen == 0 || key[keylen - 1] != '\0' )
1221         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1222     else
1223         ret = mbedtls_pem_read_buffer( &pem,
1224                                "-----BEGIN PRIVATE KEY-----",
1225                                "-----END PRIVATE KEY-----",
1226                                key, NULL, 0, &len );
1227     if( ret == 0 )
1228     {
1229         if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
1230                                                 pem.buf, pem.buflen ) ) != 0 )
1231         {
1232             mbedtls_pk_free( pk );
1233         }
1234
1235         mbedtls_pem_free( &pem );
1236         return( ret );
1237     }
1238     else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1239         return( ret );
1240
1241 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
1242     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
1243     if( keylen == 0 || key[keylen - 1] != '\0' )
1244         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1245     else
1246         ret = mbedtls_pem_read_buffer( &pem,
1247                                "-----BEGIN ENCRYPTED PRIVATE KEY-----",
1248                                "-----END ENCRYPTED PRIVATE KEY-----",
1249                                key, NULL, 0, &len );
1250     if( ret == 0 )
1251     {
1252         if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
1253                                                       pem.buf, pem.buflen,
1254                                                       pwd, pwdlen ) ) != 0 )
1255         {
1256             mbedtls_pk_free( pk );
1257         }
1258
1259         mbedtls_pem_free( &pem );
1260         return( ret );
1261     }
1262     else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1263         return( ret );
1264 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
1265 #else
1266     ((void) pwd);
1267     ((void) pwdlen);
1268 #endif /* MBEDTLS_PEM_PARSE_C */
1269
1270     /*
1271      * At this point we only know it's not a PEM formatted key. Could be any
1272      * of the known DER encoded private key formats
1273      *
1274      * We try the different DER format parsers to see if one passes without
1275      * error
1276      */
1277 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
1278     {
1279         unsigned char *key_copy;
1280
1281         if( keylen == 0 )
1282             return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
1283
1284         if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )
1285             return( MBEDTLS_ERR_PK_ALLOC_FAILED );
1286
1287         memcpy( key_copy, key, keylen );
1288
1289         ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,
1290                                                 pwd, pwdlen );
1291
1292         mbedtls_platform_zeroize( key_copy, keylen );
1293         mbedtls_free( key_copy );
1294     }
1295
1296     if( ret == 0 )
1297         return( 0 );
1298
1299     mbedtls_pk_free( pk );
1300
1301     if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH )
1302     {
1303         return( ret );
1304     }
1305 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
1306
1307     if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )
1308         return( 0 );
1309
1310     mbedtls_pk_free( pk );
1311
1312 #if defined(MBEDTLS_RSA_C)
1313
1314     pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
1315     if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
1316         ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
1317                                         key, keylen ) ) != 0 )
1318     {
1319         mbedtls_pk_free( pk );
1320     }
1321     else
1322     {
1323         return( 0 );
1324     }
1325
1326 #endif /* MBEDTLS_RSA_C */
1327
1328 #if defined(MBEDTLS_ECP_C)
1329
1330     pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
1331     if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
1332         ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
1333                                        key, keylen ) ) != 0 )
1334     {
1335         mbedtls_pk_free( pk );
1336     }
1337     else
1338     {
1339         return( 0 );
1340     }
1341
1342 #endif /* MBEDTLS_ECP_C */
1343
1344     return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
1345 }
1346
1347 /*
1348  * Parse a public key
1349  */
1350 int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
1351                          const unsigned char *key, size_t keylen )
1352 {
1353     int ret;
1354     unsigned char *p;
1355 #if defined(MBEDTLS_RSA_C)
1356     const mbedtls_pk_info_t *pk_info;
1357 #endif
1358 #if defined(MBEDTLS_PEM_PARSE_C)
1359     size_t len;
1360     mbedtls_pem_context pem;
1361
1362     mbedtls_pem_init( &pem );
1363 #if defined(MBEDTLS_RSA_C)
1364     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
1365     if( keylen == 0 || key[keylen - 1] != '\0' )
1366         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1367     else
1368         ret = mbedtls_pem_read_buffer( &pem,
1369                                "-----BEGIN RSA PUBLIC KEY-----",
1370                                "-----END RSA PUBLIC KEY-----",
1371                                key, NULL, 0, &len );
1372
1373     if( ret == 0 )
1374     {
1375         p = pem.buf;
1376         if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
1377             return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
1378
1379         if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
1380             return( ret );
1381
1382         if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen, mbedtls_pk_rsa( *ctx ) ) ) != 0 )
1383             mbedtls_pk_free( ctx );
1384
1385         mbedtls_pem_free( &pem );
1386         return( ret );
1387     }
1388     else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1389     {
1390         mbedtls_pem_free( &pem );
1391         return( ret );
1392     }
1393 #endif /* MBEDTLS_RSA_C */
1394
1395     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
1396     if( keylen == 0 || key[keylen - 1] != '\0' )
1397         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1398     else
1399         ret = mbedtls_pem_read_buffer( &pem,
1400                 "-----BEGIN PUBLIC KEY-----",
1401                 "-----END PUBLIC KEY-----",
1402                 key, NULL, 0, &len );
1403
1404     if( ret == 0 )
1405     {
1406         /*
1407          * Was PEM encoded
1408          */
1409         p = pem.buf;
1410
1411         ret = mbedtls_pk_parse_subpubkey( &p,  p + pem.buflen, ctx );
1412         mbedtls_pem_free( &pem );
1413         return( ret );
1414     }
1415     else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1416     {
1417         mbedtls_pem_free( &pem );
1418         return( ret );
1419     }
1420     mbedtls_pem_free( &pem );
1421 #endif /* MBEDTLS_PEM_PARSE_C */
1422
1423 #if defined(MBEDTLS_RSA_C)
1424     if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
1425         return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
1426
1427     if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
1428         return( ret );
1429
1430     p = (unsigned char *)key;
1431     ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) );
1432     if( ret == 0 )
1433     {
1434         return( ret );
1435     }
1436     mbedtls_pk_free( ctx );
1437     if( ret != ( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
1438     {
1439         return( ret );
1440     }
1441 #endif /* MBEDTLS_RSA_C */
1442     p = (unsigned char *) key;
1443
1444     ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx );
1445
1446     return( ret );
1447 }
1448
1449 #endif /* MBEDTLS_PK_PARSE_C */