00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026 #include "polarssl/config.h"
00027
00028 #if defined(POLARSSL_PK_PARSE_C)
00029
00030 #include "polarssl/pk.h"
00031 #include "polarssl/asn1.h"
00032 #include "polarssl/oid.h"
00033
00034 #if defined(POLARSSL_RSA_C)
00035 #include "polarssl/rsa.h"
00036 #endif
00037 #if defined(POLARSSL_ECP_C)
00038 #include "polarssl/ecp.h"
00039 #endif
00040 #if defined(POLARSSL_ECDSA_C)
00041 #include "polarssl/ecdsa.h"
00042 #endif
00043 #if defined(POLARSSL_PEM_PARSE_C)
00044 #include "polarssl/pem.h"
00045 #endif
00046 #if defined(POLARSSL_PKCS5_C)
00047 #include "polarssl/pkcs5.h"
00048 #endif
00049 #if defined(POLARSSL_PKCS12_C)
00050 #include "polarssl/pkcs12.h"
00051 #endif
00052
00053 #if defined(POLARSSL_MEMORY_C)
00054 #include "polarssl/memory.h"
00055 #else
00056 #include <stdlib.h>
00057 #define polarssl_malloc malloc
00058 #define polarssl_free free
00059 #endif
00060
00061 #if defined(POLARSSL_FS_IO)
00062
00063
00064
00065 static int load_file( const char *path, unsigned char **buf, size_t *n )
00066 {
00067 FILE *f;
00068 long size;
00069
00070 if( ( f = fopen( path, "rb" ) ) == NULL )
00071 return( POLARSSL_ERR_PK_FILE_IO_ERROR );
00072
00073 fseek( f, 0, SEEK_END );
00074 if( ( size = ftell( f ) ) == -1 )
00075 {
00076 fclose( f );
00077 return( POLARSSL_ERR_PK_FILE_IO_ERROR );
00078 }
00079 fseek( f, 0, SEEK_SET );
00080
00081 *n = (size_t) size;
00082
00083 if( *n + 1 == 0 ||
00084 ( *buf = (unsigned char *) polarssl_malloc( *n + 1 ) ) == NULL )
00085 {
00086 fclose( f );
00087 return( POLARSSL_ERR_PK_MALLOC_FAILED );
00088 }
00089
00090 if( fread( *buf, 1, *n, f ) != *n )
00091 {
00092 fclose( f );
00093 polarssl_free( *buf );
00094 return( POLARSSL_ERR_PK_FILE_IO_ERROR );
00095 }
00096
00097 fclose( f );
00098
00099 (*buf)[*n] = '\0';
00100
00101 return( 0 );
00102 }
00103
00104
00105
00106
00107 int pk_parse_keyfile( pk_context *ctx,
00108 const char *path, const char *pwd )
00109 {
00110 int ret;
00111 size_t n;
00112 unsigned char *buf;
00113
00114 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
00115 return( ret );
00116
00117 if( pwd == NULL )
00118 ret = pk_parse_key( ctx, buf, n, NULL, 0 );
00119 else
00120 ret = pk_parse_key( ctx, buf, n,
00121 (const unsigned char *) pwd, strlen( pwd ) );
00122
00123 memset( buf, 0, n + 1 );
00124 polarssl_free( buf );
00125
00126 return( ret );
00127 }
00128
00129
00130
00131
00132 int pk_parse_public_keyfile( pk_context *ctx, const char *path )
00133 {
00134 int ret;
00135 size_t n;
00136 unsigned char *buf;
00137
00138 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
00139 return( ret );
00140
00141 ret = pk_parse_public_key( ctx, buf, n );
00142
00143 memset( buf, 0, n + 1 );
00144 polarssl_free( buf );
00145
00146 return( ret );
00147 }
00148 #endif
00149
00150 #if defined(POLARSSL_ECP_C)
00151
00152
00153
00154
00155
00156
00157
00158
00159 static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
00160 asn1_buf *params )
00161 {
00162 int ret;
00163
00164 params->tag = **p;
00165
00166 if( ( ret = asn1_get_tag( p, end, ¶ms->len, ASN1_OID ) ) != 0 )
00167 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
00168
00169 params->p = *p;
00170 *p += params->len;
00171
00172 if( *p != end )
00173 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
00174 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
00175
00176 return( 0 );
00177 }
00178
00179
00180
00181
00182 static int pk_use_ecparams( const asn1_buf *params, ecp_group *grp )
00183 {
00184 int ret;
00185 ecp_group_id grp_id;
00186
00187 if( oid_get_ec_grp( params, &grp_id ) != 0 )
00188 return( POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE );
00189
00190
00191
00192
00193 if( grp->id != POLARSSL_ECP_DP_NONE && grp->id != grp_id )
00194 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
00195
00196 if( ( ret = ecp_use_known_dp( grp, grp_id ) ) != 0 )
00197 return( ret );
00198
00199 return( 0 );
00200 }
00201
00202
00203
00204
00205 static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
00206 ecp_keypair *key )
00207 {
00208 int ret;
00209
00210 if( ( ret = ecp_point_read_binary( &key->grp, &key->Q,
00211 (const unsigned char *) *p, end - *p ) ) != 0 ||
00212 ( ret = ecp_check_pubkey( &key->grp, &key->Q ) ) != 0 )
00213 {
00214 ecp_keypair_free( key );
00215 return( POLARSSL_ERR_PK_INVALID_PUBKEY );
00216 }
00217
00218
00219
00220
00221 *p = (unsigned char *) end;
00222
00223 return( 0 );
00224 }
00225 #endif
00226
00227 #if defined(POLARSSL_RSA_C)
00228
00229
00230
00231
00232
00233
00234 static int pk_get_rsapubkey( unsigned char **p,
00235 const unsigned char *end,
00236 rsa_context *rsa )
00237 {
00238 int ret;
00239 size_t len;
00240
00241 if( ( ret = asn1_get_tag( p, end, &len,
00242 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
00243 return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret );
00244
00245 if( *p + len != end )
00246 return( POLARSSL_ERR_PK_INVALID_PUBKEY +
00247 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
00248
00249 if( ( ret = asn1_get_mpi( p, end, &rsa->N ) ) != 0 ||
00250 ( ret = asn1_get_mpi( p, end, &rsa->E ) ) != 0 )
00251 return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret );
00252
00253 if( *p != end )
00254 return( POLARSSL_ERR_PK_INVALID_PUBKEY +
00255 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
00256
00257 if( ( ret = rsa_check_pubkey( rsa ) ) != 0 )
00258 return( POLARSSL_ERR_PK_INVALID_PUBKEY );
00259
00260 rsa->len = mpi_size( &rsa->N );
00261
00262 return( 0 );
00263 }
00264 #endif
00265
00266
00267
00268
00269
00270
00271
00272 static int pk_get_pk_alg( unsigned char **p,
00273 const unsigned char *end,
00274 pk_type_t *pk_alg, asn1_buf *params )
00275 {
00276 int ret;
00277 asn1_buf alg_oid;
00278
00279 memset( params, 0, sizeof(asn1_buf) );
00280
00281 if( ( ret = asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
00282 return( POLARSSL_ERR_PK_INVALID_ALG + ret );
00283
00284 if( oid_get_pk_alg( &alg_oid, pk_alg ) != 0 )
00285 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
00286
00287
00288
00289
00290 if( *pk_alg == POLARSSL_PK_RSA &&
00291 ( ( params->tag != ASN1_NULL && params->tag != 0 ) ||
00292 params->len != 0 ) )
00293 {
00294 return( POLARSSL_ERR_PK_INVALID_ALG );
00295 }
00296
00297 return( 0 );
00298 }
00299
00300
00301
00302
00303
00304
00305 int pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
00306 pk_context *pk )
00307 {
00308 int ret;
00309 size_t len;
00310 asn1_buf alg_params;
00311 pk_type_t pk_alg = POLARSSL_PK_NONE;
00312 const pk_info_t *pk_info;
00313
00314 if( ( ret = asn1_get_tag( p, end, &len,
00315 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
00316 {
00317 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
00318 }
00319
00320 end = *p + len;
00321
00322 if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
00323 return( ret );
00324
00325 if( ( ret = asn1_get_bitstring_null( p, end, &len ) ) != 0 )
00326 return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret );
00327
00328 if( *p + len != end )
00329 return( POLARSSL_ERR_PK_INVALID_PUBKEY +
00330 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
00331
00332 if( ( pk_info = pk_info_from_type( pk_alg ) ) == NULL )
00333 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
00334
00335 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 )
00336 return( ret );
00337
00338 #if defined(POLARSSL_RSA_C)
00339 if( pk_alg == POLARSSL_PK_RSA )
00340 {
00341 ret = pk_get_rsapubkey( p, end, pk_rsa( *pk ) );
00342 } else
00343 #endif
00344 #if defined(POLARSSL_ECP_C)
00345 if( pk_alg == POLARSSL_PK_ECKEY_DH || pk_alg == POLARSSL_PK_ECKEY )
00346 {
00347 ret = pk_use_ecparams( &alg_params, &pk_ec( *pk )->grp );
00348 if( ret == 0 )
00349 ret = pk_get_ecpubkey( p, end, pk_ec( *pk ) );
00350 } else
00351 #endif
00352 ret = POLARSSL_ERR_PK_UNKNOWN_PK_ALG;
00353
00354 if( ret == 0 && *p != end )
00355 ret = POLARSSL_ERR_PK_INVALID_PUBKEY
00356 POLARSSL_ERR_ASN1_LENGTH_MISMATCH;
00357
00358 if( ret != 0 )
00359 pk_free( pk );
00360
00361 return( ret );
00362 }
00363
00364 #if defined(POLARSSL_RSA_C)
00365
00366
00367
00368 static int pk_parse_key_pkcs1_der( rsa_context *rsa,
00369 const unsigned char *key,
00370 size_t keylen )
00371 {
00372 int ret;
00373 size_t len;
00374 unsigned char *p, *end;
00375
00376 p = (unsigned char *) key;
00377 end = p + keylen;
00378
00379
00380
00381
00382
00383
00384
00385
00386
00387
00388
00389
00390
00391
00392
00393
00394
00395 if( ( ret = asn1_get_tag( &p, end, &len,
00396 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
00397 {
00398 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
00399 }
00400
00401 end = p + len;
00402
00403 if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
00404 {
00405 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
00406 }
00407
00408 if( rsa->ver != 0 )
00409 {
00410 return( POLARSSL_ERR_PK_KEY_INVALID_VERSION );
00411 }
00412
00413 if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
00414 ( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||
00415 ( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||
00416 ( ret = asn1_get_mpi( &p, end, &rsa->P ) ) != 0 ||
00417 ( ret = asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 ||
00418 ( ret = asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||
00419 ( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
00420 ( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
00421 {
00422 rsa_free( rsa );
00423 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
00424 }
00425
00426 rsa->len = mpi_size( &rsa->N );
00427
00428 if( p != end )
00429 {
00430 rsa_free( rsa );
00431 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
00432 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
00433 }
00434
00435 if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
00436 {
00437 rsa_free( rsa );
00438 return( ret );
00439 }
00440
00441 return( 0 );
00442 }
00443 #endif
00444
00445 #if defined(POLARSSL_ECP_C)
00446
00447
00448
00449 static int pk_parse_key_sec1_der( ecp_keypair *eck,
00450 const unsigned char *key,
00451 size_t keylen )
00452 {
00453 int ret;
00454 int version;
00455 size_t len;
00456 asn1_buf params;
00457 unsigned char *p = (unsigned char *) key;
00458 unsigned char *end = p + keylen;
00459 unsigned char *end2;
00460
00461
00462
00463
00464
00465
00466
00467
00468
00469
00470
00471 if( ( ret = asn1_get_tag( &p, end, &len,
00472 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
00473 {
00474 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
00475 }
00476
00477 end = p + len;
00478
00479 if( ( ret = asn1_get_int( &p, end, &version ) ) != 0 )
00480 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
00481
00482 if( version != 1 )
00483 return( POLARSSL_ERR_PK_KEY_INVALID_VERSION );
00484
00485 if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
00486 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
00487
00488 if( ( ret = mpi_read_binary( &eck->d, p, len ) ) != 0 )
00489 {
00490 ecp_keypair_free( eck );
00491 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
00492 }
00493
00494 p += len;
00495
00496
00497
00498
00499 if( ( ret = asn1_get_tag( &p, end, &len,
00500 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) == 0 )
00501 {
00502 if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 ||
00503 ( ret = pk_use_ecparams( ¶ms, &eck->grp ) ) != 0 )
00504 {
00505 ecp_keypair_free( eck );
00506 return( ret );
00507 }
00508 }
00509 else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
00510 {
00511 ecp_keypair_free( eck );
00512 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
00513 }
00514
00515
00516
00517
00518 if( ( ret = asn1_get_tag( &p, end, &len,
00519 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) ) == 0 )
00520 {
00521 end2 = p + len;
00522
00523 if( ( ret = asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
00524 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
00525
00526 if( p + len != end2 )
00527 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
00528 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
00529
00530 if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) != 0 )
00531 return( ret );
00532 }
00533 else if ( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
00534 {
00535 ecp_keypair_free( eck );
00536 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
00537 }
00538 else if( ( ret = ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
00539 NULL, NULL ) ) != 0 )
00540 {
00541 ecp_keypair_free( eck );
00542 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
00543 }
00544
00545 if( ( ret = ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 )
00546 {
00547 ecp_keypair_free( eck );
00548 return( ret );
00549 }
00550
00551 return 0;
00552 }
00553 #endif
00554
00555
00556
00557
00558 static int pk_parse_key_pkcs8_unencrypted_der(
00559 pk_context *pk,
00560 const unsigned char* key,
00561 size_t keylen )
00562 {
00563 int ret, version;
00564 size_t len;
00565 asn1_buf params;
00566 unsigned char *p = (unsigned char *) key;
00567 unsigned char *end = p + keylen;
00568 pk_type_t pk_alg = POLARSSL_PK_NONE;
00569 const pk_info_t *pk_info;
00570
00571
00572
00573
00574
00575
00576
00577
00578
00579
00580
00581
00582
00583
00584
00585
00586
00587 if( ( ret = asn1_get_tag( &p, end, &len,
00588 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
00589 {
00590 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
00591 }
00592
00593 end = p + len;
00594
00595 if( ( ret = asn1_get_int( &p, end, &version ) ) != 0 )
00596 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
00597
00598 if( version != 0 )
00599 return( POLARSSL_ERR_PK_KEY_INVALID_VERSION + ret );
00600
00601 if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 )
00602 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
00603
00604 if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
00605 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
00606
00607 if( len < 1 )
00608 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
00609 POLARSSL_ERR_ASN1_OUT_OF_DATA );
00610
00611 if( ( pk_info = pk_info_from_type( pk_alg ) ) == NULL )
00612 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
00613
00614 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 )
00615 return( ret );
00616
00617 #if defined(POLARSSL_RSA_C)
00618 if( pk_alg == POLARSSL_PK_RSA )
00619 {
00620 if( ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ), p, len ) ) != 0 )
00621 {
00622 pk_free( pk );
00623 return( ret );
00624 }
00625 } else
00626 #endif
00627 #if defined(POLARSSL_ECP_C)
00628 if( pk_alg == POLARSSL_PK_ECKEY || pk_alg == POLARSSL_PK_ECKEY_DH )
00629 {
00630 if( ( ret = pk_use_ecparams( ¶ms, &pk_ec( *pk )->grp ) ) != 0 ||
00631 ( ret = pk_parse_key_sec1_der( pk_ec( *pk ), p, len ) ) != 0 )
00632 {
00633 pk_free( pk );
00634 return( ret );
00635 }
00636 } else
00637 #endif
00638 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
00639
00640 return 0;
00641 }
00642
00643
00644
00645
00646 static int pk_parse_key_pkcs8_encrypted_der(
00647 pk_context *pk,
00648 const unsigned char *key, size_t keylen,
00649 const unsigned char *pwd, size_t pwdlen )
00650 {
00651 int ret;
00652 size_t len;
00653 unsigned char buf[2048];
00654 unsigned char *p, *end;
00655 asn1_buf pbe_alg_oid, pbe_params;
00656 #if defined(POLARSSL_PKCS12_C)
00657 cipher_type_t cipher_alg;
00658 md_type_t md_alg;
00659 #endif
00660
00661 memset( buf, 0, sizeof( buf ) );
00662
00663 p = (unsigned char *) key;
00664 end = p + keylen;
00665
00666 if( pwdlen == 0 )
00667 return( POLARSSL_ERR_PK_PASSWORD_REQUIRED );
00668
00669
00670
00671
00672
00673
00674
00675
00676
00677
00678
00679
00680
00681
00682
00683 if( ( ret = asn1_get_tag( &p, end, &len,
00684 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
00685 {
00686 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
00687 }
00688
00689 end = p + len;
00690
00691 if( ( ret = asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
00692 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
00693
00694 if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
00695 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
00696
00697 if( len > sizeof( buf ) )
00698 return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
00699
00700
00701
00702
00703 #if defined(POLARSSL_PKCS12_C)
00704 if( oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
00705 {
00706 if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT,
00707 cipher_alg, md_alg,
00708 pwd, pwdlen, p, len, buf ) ) != 0 )
00709 {
00710 if( ret == POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH )
00711 return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
00712
00713 return( ret );
00714 }
00715 }
00716 else if( OID_CMP( OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) )
00717 {
00718 if( ( ret = pkcs12_pbe_sha1_rc4_128( &pbe_params,
00719 PKCS12_PBE_DECRYPT,
00720 pwd, pwdlen,
00721 p, len, buf ) ) != 0 )
00722 {
00723 return( ret );
00724 }
00725
00726
00727
00728
00729 if( *buf != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
00730 return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
00731 }
00732 else
00733 #endif
00734 #if defined(POLARSSL_PKCS5_C)
00735 if( OID_CMP( OID_PKCS5_PBES2, &pbe_alg_oid ) )
00736 {
00737 if( ( ret = pkcs5_pbes2( &pbe_params, PKCS5_DECRYPT, pwd, pwdlen,
00738 p, len, buf ) ) != 0 )
00739 {
00740 if( ret == POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH )
00741 return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
00742
00743 return( ret );
00744 }
00745 }
00746 else
00747 #endif
00748 {
00749 ((void) pwd);
00750 return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE );
00751 }
00752
00753 return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
00754 }
00755
00756
00757
00758
00759 int pk_parse_key( pk_context *pk,
00760 const unsigned char *key, size_t keylen,
00761 const unsigned char *pwd, size_t pwdlen )
00762 {
00763 int ret;
00764 const pk_info_t *pk_info;
00765
00766 #if defined(POLARSSL_PEM_PARSE_C)
00767 size_t len;
00768 pem_context pem;
00769
00770 pem_init( &pem );
00771
00772 #if defined(POLARSSL_RSA_C)
00773 ret = pem_read_buffer( &pem,
00774 "-----BEGIN RSA PRIVATE KEY-----",
00775 "-----END RSA PRIVATE KEY-----",
00776 key, pwd, pwdlen, &len );
00777 if( ret == 0 )
00778 {
00779 if( ( pk_info = pk_info_from_type( POLARSSL_PK_RSA ) ) == NULL )
00780 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
00781
00782 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
00783 ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ),
00784 pem.buf, pem.buflen ) ) != 0 )
00785 {
00786 pk_free( pk );
00787 }
00788
00789 pem_free( &pem );
00790 return( ret );
00791 }
00792 else if( ret == POLARSSL_ERR_PEM_PASSWORD_MISMATCH )
00793 return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
00794 else if( ret == POLARSSL_ERR_PEM_PASSWORD_REQUIRED )
00795 return( POLARSSL_ERR_PK_PASSWORD_REQUIRED );
00796 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
00797 return( ret );
00798 #endif
00799
00800 #if defined(POLARSSL_ECP_C)
00801 ret = pem_read_buffer( &pem,
00802 "-----BEGIN EC PRIVATE KEY-----",
00803 "-----END EC PRIVATE KEY-----",
00804 key, pwd, pwdlen, &len );
00805 if( ret == 0 )
00806 {
00807 if( ( pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ) ) == NULL )
00808 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
00809
00810 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
00811 ( ret = pk_parse_key_sec1_der( pk_ec( *pk ),
00812 pem.buf, pem.buflen ) ) != 0 )
00813 {
00814 pk_free( pk );
00815 }
00816
00817 pem_free( &pem );
00818 return( ret );
00819 }
00820 else if( ret == POLARSSL_ERR_PEM_PASSWORD_MISMATCH )
00821 return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
00822 else if( ret == POLARSSL_ERR_PEM_PASSWORD_REQUIRED )
00823 return( POLARSSL_ERR_PK_PASSWORD_REQUIRED );
00824 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
00825 return( ret );
00826 #endif
00827
00828 ret = pem_read_buffer( &pem,
00829 "-----BEGIN PRIVATE KEY-----",
00830 "-----END PRIVATE KEY-----",
00831 key, NULL, 0, &len );
00832 if( ret == 0 )
00833 {
00834 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
00835 pem.buf, pem.buflen ) ) != 0 )
00836 {
00837 pk_free( pk );
00838 }
00839
00840 pem_free( &pem );
00841 return( ret );
00842 }
00843 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
00844 return( ret );
00845
00846 ret = pem_read_buffer( &pem,
00847 "-----BEGIN ENCRYPTED PRIVATE KEY-----",
00848 "-----END ENCRYPTED PRIVATE KEY-----",
00849 key, NULL, 0, &len );
00850 if( ret == 0 )
00851 {
00852 if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
00853 pem.buf, pem.buflen,
00854 pwd, pwdlen ) ) != 0 )
00855 {
00856 pk_free( pk );
00857 }
00858
00859 pem_free( &pem );
00860 return( ret );
00861 }
00862 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
00863 return( ret );
00864 #else
00865 ((void) pwd);
00866 ((void) pwdlen);
00867 #endif
00868
00869
00870
00871
00872
00873
00874
00875
00876 if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen,
00877 pwd, pwdlen ) ) == 0 )
00878 {
00879 return( 0 );
00880 }
00881
00882 pk_free( pk );
00883
00884 if( ret == POLARSSL_ERR_PK_PASSWORD_MISMATCH )
00885 {
00886 return( ret );
00887 }
00888
00889 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )
00890 return( 0 );
00891
00892 pk_free( pk );
00893
00894 #if defined(POLARSSL_RSA_C)
00895 if( ( pk_info = pk_info_from_type( POLARSSL_PK_RSA ) ) == NULL )
00896 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
00897
00898 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
00899 ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ), key, keylen ) ) == 0 )
00900 {
00901 return( 0 );
00902 }
00903
00904 pk_free( pk );
00905 #endif
00906
00907 #if defined(POLARSSL_ECP_C)
00908 if( ( pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ) ) == NULL )
00909 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
00910
00911 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
00912 ( ret = pk_parse_key_sec1_der( pk_ec( *pk ), key, keylen ) ) == 0 )
00913 {
00914 return( 0 );
00915 }
00916
00917 pk_free( pk );
00918 #endif
00919
00920 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
00921 }
00922
00923
00924
00925
00926 int pk_parse_public_key( pk_context *ctx,
00927 const unsigned char *key, size_t keylen )
00928 {
00929 int ret;
00930 unsigned char *p;
00931 #if defined(POLARSSL_PEM_PARSE_C)
00932 size_t len;
00933 pem_context pem;
00934
00935 pem_init( &pem );
00936 ret = pem_read_buffer( &pem,
00937 "-----BEGIN PUBLIC KEY-----",
00938 "-----END PUBLIC KEY-----",
00939 key, NULL, 0, &len );
00940
00941 if( ret == 0 )
00942 {
00943
00944
00945
00946 key = pem.buf;
00947 keylen = pem.buflen;
00948 }
00949 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
00950 {
00951 pem_free( &pem );
00952 return( ret );
00953 }
00954 #endif
00955 p = (unsigned char *) key;
00956
00957 ret = pk_parse_subpubkey( &p, p + keylen, ctx );
00958
00959 #if defined(POLARSSL_PEM_PARSE_C)
00960 pem_free( &pem );
00961 #endif
00962
00963 return( ret );
00964 }
00965
00966 #endif