]> cvs.zerfleddert.de Git - proxmark3-svn/blob - common/mbedtls/pkwrite.c
fix 'lf pcf7931 bruteforce' (bug reported in http://www.proxmark.org/forum/viewtopic...
[proxmark3-svn] / common / mbedtls / pkwrite.c
1 /*
2 * Public Key layer for writing key files and structures
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: GPL-2.0
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * This file is part of mbed TLS (https://tls.mbed.org)
22 */
23
24 #if !defined(MBEDTLS_CONFIG_FILE)
25 #include "mbedtls/config.h"
26 #else
27 #include MBEDTLS_CONFIG_FILE
28 #endif
29
30 #if defined(MBEDTLS_PK_WRITE_C)
31
32 #include "mbedtls/pk.h"
33 #include "mbedtls/asn1write.h"
34 #include "mbedtls/oid.h"
35
36 #include <string.h>
37
38 #if defined(MBEDTLS_RSA_C)
39 #include "mbedtls/rsa.h"
40 #endif
41 #if defined(MBEDTLS_ECP_C)
42 #include "mbedtls/ecp.h"
43 #endif
44 #if defined(MBEDTLS_ECDSA_C)
45 #include "mbedtls/ecdsa.h"
46 #endif
47 #if defined(MBEDTLS_PEM_WRITE_C)
48 #include "mbedtls/pem.h"
49 #endif
50
51 #if defined(MBEDTLS_PLATFORM_C)
52 #include "mbedtls/platform.h"
53 #else
54 #include <stdlib.h>
55 #define mbedtls_calloc calloc
56 #define mbedtls_free free
57 #endif
58
59 #if defined(MBEDTLS_RSA_C)
60 /*
61 * RSAPublicKey ::= SEQUENCE {
62 * modulus INTEGER, -- n
63 * publicExponent INTEGER -- e
64 * }
65 */
66 static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start,
67 mbedtls_rsa_context *rsa )
68 {
69 int ret;
70 size_t len = 0;
71 mbedtls_mpi T;
72
73 mbedtls_mpi_init( &T );
74
75 /* Export E */
76 if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &T ) ) != 0 ||
77 ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 )
78 goto end_of_export;
79 len += ret;
80
81 /* Export N */
82 if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, NULL, NULL, NULL ) ) != 0 ||
83 ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 )
84 goto end_of_export;
85 len += ret;
86
87 end_of_export:
88
89 mbedtls_mpi_free( &T );
90 if( ret < 0 )
91 return( ret );
92
93 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
94 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
95 MBEDTLS_ASN1_SEQUENCE ) );
96
97 return( (int) len );
98 }
99 #endif /* MBEDTLS_RSA_C */
100
101 #if defined(MBEDTLS_ECP_C)
102 /*
103 * EC public key is an EC point
104 */
105 static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
106 mbedtls_ecp_keypair *ec )
107 {
108 int ret;
109 size_t len = 0;
110 unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];
111
112 if( ( ret = mbedtls_ecp_point_write_binary( &ec->grp, &ec->Q,
113 MBEDTLS_ECP_PF_UNCOMPRESSED,
114 &len, buf, sizeof( buf ) ) ) != 0 )
115 {
116 return( ret );
117 }
118
119 if( *p < start || (size_t)( *p - start ) < len )
120 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
121
122 *p -= len;
123 memcpy( *p, buf, len );
124
125 return( (int) len );
126 }
127
128 /*
129 * ECParameters ::= CHOICE {
130 * namedCurve OBJECT IDENTIFIER
131 * }
132 */
133 static int pk_write_ec_param( unsigned char **p, unsigned char *start,
134 mbedtls_ecp_keypair *ec )
135 {
136 int ret;
137 size_t len = 0;
138 const char *oid;
139 size_t oid_len;
140
141 if( ( ret = mbedtls_oid_get_oid_by_ec_grp( ec->grp.id, &oid, &oid_len ) ) != 0 )
142 return( ret );
143
144 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );
145
146 return( (int) len );
147 }
148 #endif /* MBEDTLS_ECP_C */
149
150 int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
151 const mbedtls_pk_context *key )
152 {
153 int ret;
154 size_t len = 0;
155
156 #if defined(MBEDTLS_RSA_C)
157 if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
158 MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) );
159 else
160 #endif
161 #if defined(MBEDTLS_ECP_C)
162 if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
163 MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_pubkey( p, start, mbedtls_pk_ec( *key ) ) );
164 else
165 #endif
166 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
167
168 return( (int) len );
169 }
170
171 int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, size_t size )
172 {
173 int ret;
174 unsigned char *c;
175 size_t len = 0, par_len = 0, oid_len;
176 const char *oid;
177
178 c = buf + size;
179
180 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, key ) );
181
182 if( c - buf < 1 )
183 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
184
185 /*
186 * SubjectPublicKeyInfo ::= SEQUENCE {
187 * algorithm AlgorithmIdentifier,
188 * subjectPublicKey BIT STRING }
189 */
190 *--c = 0;
191 len += 1;
192
193 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
194 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) );
195
196 if( ( ret = mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_get_type( key ),
197 &oid, &oid_len ) ) != 0 )
198 {
199 return( ret );
200 }
201
202 #if defined(MBEDTLS_ECP_C)
203 if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
204 {
205 MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, mbedtls_pk_ec( *key ) ) );
206 }
207 #endif
208
209 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, buf, oid, oid_len,
210 par_len ) );
211
212 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
213 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
214 MBEDTLS_ASN1_SEQUENCE ) );
215
216 return( (int) len );
217 }
218
219 int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_t size )
220 {
221 int ret;
222 unsigned char *c = buf + size;
223 size_t len = 0;
224
225 #if defined(MBEDTLS_RSA_C)
226 if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
227 {
228 mbedtls_mpi T; /* Temporary holding the exported parameters */
229 mbedtls_rsa_context *rsa = mbedtls_pk_rsa( *key );
230
231 /*
232 * Export the parameters one after another to avoid simultaneous copies.
233 */
234
235 mbedtls_mpi_init( &T );
236
237 /* Export QP */
238 if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, NULL, &T ) ) != 0 ||
239 ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
240 goto end_of_export;
241 len += ret;
242
243 /* Export DQ */
244 if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, &T, NULL ) ) != 0 ||
245 ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
246 goto end_of_export;
247 len += ret;
248
249 /* Export DP */
250 if( ( ret = mbedtls_rsa_export_crt( rsa, &T, NULL, NULL ) ) != 0 ||
251 ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
252 goto end_of_export;
253 len += ret;
254
255 /* Export Q */
256 if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
257 &T, NULL, NULL ) ) != 0 ||
258 ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
259 goto end_of_export;
260 len += ret;
261
262 /* Export P */
263 if ( ( ret = mbedtls_rsa_export( rsa, NULL, &T,
264 NULL, NULL, NULL ) ) != 0 ||
265 ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
266 goto end_of_export;
267 len += ret;
268
269 /* Export D */
270 if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
271 NULL, &T, NULL ) ) != 0 ||
272 ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
273 goto end_of_export;
274 len += ret;
275
276 /* Export E */
277 if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
278 NULL, NULL, &T ) ) != 0 ||
279 ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
280 goto end_of_export;
281 len += ret;
282
283 /* Export N */
284 if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL,
285 NULL, NULL, NULL ) ) != 0 ||
286 ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
287 goto end_of_export;
288 len += ret;
289
290 end_of_export:
291
292 mbedtls_mpi_free( &T );
293 if( ret < 0 )
294 return( ret );
295
296 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) );
297 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
298 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c,
299 buf, MBEDTLS_ASN1_CONSTRUCTED |
300 MBEDTLS_ASN1_SEQUENCE ) );
301 }
302 else
303 #endif /* MBEDTLS_RSA_C */
304 #if defined(MBEDTLS_ECP_C)
305 if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
306 {
307 mbedtls_ecp_keypair *ec = mbedtls_pk_ec( *key );
308 size_t pub_len = 0, par_len = 0;
309
310 /*
311 * RFC 5915, or SEC1 Appendix C.4
312 *
313 * ECPrivateKey ::= SEQUENCE {
314 * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
315 * privateKey OCTET STRING,
316 * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
317 * publicKey [1] BIT STRING OPTIONAL
318 * }
319 */
320
321 /* publicKey */
322 MBEDTLS_ASN1_CHK_ADD( pub_len, pk_write_ec_pubkey( &c, buf, ec ) );
323
324 if( c - buf < 1 )
325 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
326 *--c = 0;
327 pub_len += 1;
328
329 MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) );
330 MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) );
331
332 MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) );
333 MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf,
334 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) );
335 len += pub_len;
336
337 /* parameters */
338 MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, ec ) );
339
340 MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_len( &c, buf, par_len ) );
341 MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_tag( &c, buf,
342 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
343 len += par_len;
344
345 /* privateKey: write as MPI then fix tag */
346 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &ec->d ) );
347 *c = MBEDTLS_ASN1_OCTET_STRING;
348
349 /* version */
350 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 1 ) );
351
352 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
353 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
354 MBEDTLS_ASN1_SEQUENCE ) );
355 }
356 else
357 #endif /* MBEDTLS_ECP_C */
358 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
359
360 return( (int) len );
361 }
362
363 #if defined(MBEDTLS_PEM_WRITE_C)
364
365 #define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----\n"
366 #define PEM_END_PUBLIC_KEY "-----END PUBLIC KEY-----\n"
367
368 #define PEM_BEGIN_PRIVATE_KEY_RSA "-----BEGIN RSA PRIVATE KEY-----\n"
369 #define PEM_END_PRIVATE_KEY_RSA "-----END RSA PRIVATE KEY-----\n"
370 #define PEM_BEGIN_PRIVATE_KEY_EC "-----BEGIN EC PRIVATE KEY-----\n"
371 #define PEM_END_PRIVATE_KEY_EC "-----END EC PRIVATE KEY-----\n"
372
373 /*
374 * Max sizes of key per types. Shown as tag + len (+ content).
375 */
376
377 #if defined(MBEDTLS_RSA_C)
378 /*
379 * RSA public keys:
380 * SubjectPublicKeyInfo ::= SEQUENCE { 1 + 3
381 * algorithm AlgorithmIdentifier, 1 + 1 (sequence)
382 * + 1 + 1 + 9 (rsa oid)
383 * + 1 + 1 (params null)
384 * subjectPublicKey BIT STRING } 1 + 3 + (1 + below)
385 * RSAPublicKey ::= SEQUENCE { 1 + 3
386 * modulus INTEGER, -- n 1 + 3 + MPI_MAX + 1
387 * publicExponent INTEGER -- e 1 + 3 + MPI_MAX + 1
388 * }
389 */
390 #define RSA_PUB_DER_MAX_BYTES 38 + 2 * MBEDTLS_MPI_MAX_SIZE
391
392 /*
393 * RSA private keys:
394 * RSAPrivateKey ::= SEQUENCE { 1 + 3
395 * version Version, 1 + 1 + 1
396 * modulus INTEGER, 1 + 3 + MPI_MAX + 1
397 * publicExponent INTEGER, 1 + 3 + MPI_MAX + 1
398 * privateExponent INTEGER, 1 + 3 + MPI_MAX + 1
399 * prime1 INTEGER, 1 + 3 + MPI_MAX / 2 + 1
400 * prime2 INTEGER, 1 + 3 + MPI_MAX / 2 + 1
401 * exponent1 INTEGER, 1 + 3 + MPI_MAX / 2 + 1
402 * exponent2 INTEGER, 1 + 3 + MPI_MAX / 2 + 1
403 * coefficient INTEGER, 1 + 3 + MPI_MAX / 2 + 1
404 * otherPrimeInfos OtherPrimeInfos OPTIONAL 0 (not supported)
405 * }
406 */
407 #define MPI_MAX_SIZE_2 MBEDTLS_MPI_MAX_SIZE / 2 + \
408 MBEDTLS_MPI_MAX_SIZE % 2
409 #define RSA_PRV_DER_MAX_BYTES 47 + 3 * MBEDTLS_MPI_MAX_SIZE \
410 + 5 * MPI_MAX_SIZE_2
411
412 #else /* MBEDTLS_RSA_C */
413
414 #define RSA_PUB_DER_MAX_BYTES 0
415 #define RSA_PRV_DER_MAX_BYTES 0
416
417 #endif /* MBEDTLS_RSA_C */
418
419 #if defined(MBEDTLS_ECP_C)
420 /*
421 * EC public keys:
422 * SubjectPublicKeyInfo ::= SEQUENCE { 1 + 2
423 * algorithm AlgorithmIdentifier, 1 + 1 (sequence)
424 * + 1 + 1 + 7 (ec oid)
425 * + 1 + 1 + 9 (namedCurve oid)
426 * subjectPublicKey BIT STRING 1 + 2 + 1 [1]
427 * + 1 (point format) [1]
428 * + 2 * ECP_MAX (coords) [1]
429 * }
430 */
431 #define ECP_PUB_DER_MAX_BYTES 30 + 2 * MBEDTLS_ECP_MAX_BYTES
432
433 /*
434 * EC private keys:
435 * ECPrivateKey ::= SEQUENCE { 1 + 2
436 * version INTEGER , 1 + 1 + 1
437 * privateKey OCTET STRING, 1 + 1 + ECP_MAX
438 * parameters [0] ECParameters OPTIONAL, 1 + 1 + (1 + 1 + 9)
439 * publicKey [1] BIT STRING OPTIONAL 1 + 2 + [1] above
440 * }
441 */
442 #define ECP_PRV_DER_MAX_BYTES 29 + 3 * MBEDTLS_ECP_MAX_BYTES
443
444 #else /* MBEDTLS_ECP_C */
445
446 #define ECP_PUB_DER_MAX_BYTES 0
447 #define ECP_PRV_DER_MAX_BYTES 0
448
449 #endif /* MBEDTLS_ECP_C */
450
451 #define PUB_DER_MAX_BYTES RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \
452 RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES
453 #define PRV_DER_MAX_BYTES RSA_PRV_DER_MAX_BYTES > ECP_PRV_DER_MAX_BYTES ? \
454 RSA_PRV_DER_MAX_BYTES : ECP_PRV_DER_MAX_BYTES
455
456 int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size )
457 {
458 int ret;
459 unsigned char output_buf[PUB_DER_MAX_BYTES];
460 size_t olen = 0;
461
462 if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf,
463 sizeof(output_buf) ) ) < 0 )
464 {
465 return( ret );
466 }
467
468 if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY,
469 output_buf + sizeof(output_buf) - ret,
470 ret, buf, size, &olen ) ) != 0 )
471 {
472 return( ret );
473 }
474
475 return( 0 );
476 }
477
478 int mbedtls_pk_write_key_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size )
479 {
480 int ret;
481 unsigned char output_buf[PRV_DER_MAX_BYTES];
482 const char *begin, *end;
483 size_t olen = 0;
484
485 if( ( ret = mbedtls_pk_write_key_der( key, output_buf, sizeof(output_buf) ) ) < 0 )
486 return( ret );
487
488 #if defined(MBEDTLS_RSA_C)
489 if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
490 {
491 begin = PEM_BEGIN_PRIVATE_KEY_RSA;
492 end = PEM_END_PRIVATE_KEY_RSA;
493 }
494 else
495 #endif
496 #if defined(MBEDTLS_ECP_C)
497 if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
498 {
499 begin = PEM_BEGIN_PRIVATE_KEY_EC;
500 end = PEM_END_PRIVATE_KEY_EC;
501 }
502 else
503 #endif
504 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
505
506 if( ( ret = mbedtls_pem_write_buffer( begin, end,
507 output_buf + sizeof(output_buf) - ret,
508 ret, buf, size, &olen ) ) != 0 )
509 {
510 return( ret );
511 }
512
513 return( 0 );
514 }
515 #endif /* MBEDTLS_PEM_WRITE_C */
516
517 #endif /* MBEDTLS_PK_WRITE_C */
Impressum, Datenschutz