26 #if !defined(POLARSSL_CONFIG_FILE)
29 #include POLARSSL_CONFIG_FILE
32 #if defined(POLARSSL_PK_PARSE_C)
38 #if defined(POLARSSL_RSA_C)
41 #if defined(POLARSSL_ECP_C)
44 #if defined(POLARSSL_ECDSA_C)
47 #if defined(POLARSSL_PEM_PARSE_C)
50 #if defined(POLARSSL_PKCS5_C)
53 #if defined(POLARSSL_PKCS12_C)
57 #if defined(POLARSSL_PLATFORM_C)
61 #define polarssl_malloc malloc
62 #define polarssl_free free
65 #if defined(POLARSSL_FS_IO)
69 static int load_file(
const char *path,
unsigned char **buf,
size_t *n )
74 if( ( f = fopen( path,
"rb" ) ) == NULL )
77 fseek( f, 0, SEEK_END );
78 if( ( size = ftell( f ) ) == -1 )
83 fseek( f, 0, SEEK_SET );
94 if( fread( *buf, 1, *n, f ) != *n )
112 const char *path,
const char *pwd )
118 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
125 (
const unsigned char *) pwd, strlen( pwd ) );
127 memset( buf, 0, n + 1 );
142 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
147 memset( buf, 0, n + 1 );
154 #if defined(POLARSSL_ECP_C)
163 static int pk_get_ecparams(
unsigned char **p,
const unsigned char *end,
195 #if defined(POLARSSL_PK_PARSE_EC_EXTENDED)
218 unsigned char *p = params->
p;
219 const unsigned char *
const end = params->
p + params->
len;
220 const unsigned char *end_field, *end_curve;
228 if( ver < 1 || ver > 3 )
322 (
const unsigned char *) p, len ) ) != 0 )
329 ( p[0] != 0x02 && p[0] != 0x03 ) ||
404 static int pk_group_id_from_specified(
const asn1_buf *params,
412 if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 )
415 ret = pk_group_id_from_group( &grp, grp_id );
444 #if defined(POLARSSL_PK_PARSE_EC_EXTENDED)
445 if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 )
471 static int pk_get_ecpubkey(
unsigned char **p,
const unsigned char *end,
477 (
const unsigned char *) *p, end - *p ) ) == 0 )
485 *p = (
unsigned char *) end;
491 #if defined(POLARSSL_RSA_C)
498 static int pk_get_rsapubkey(
unsigned char **p,
499 const unsigned char *end,
509 if( *p + len != end )
536 static int pk_get_pk_alg(
unsigned char **p,
537 const unsigned char *end,
543 memset( params, 0,
sizeof(
asn1_buf) );
545 if( ( ret =
asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
586 if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
592 if( *p + len != end )
602 #if defined(POLARSSL_RSA_C)
605 ret = pk_get_rsapubkey( p, end,
pk_rsa( *pk ) );
608 #if defined(POLARSSL_ECP_C)
611 ret = pk_use_ecparams( &alg_params, &
pk_ec( *pk )->grp );
613 ret = pk_get_ecpubkey( p, end,
pk_ec( *pk ) );
618 if( ret == 0 && *p != end )
628 #if defined(POLARSSL_RSA_C)
632 static int pk_parse_key_pkcs1_der(
rsa_context *rsa,
633 const unsigned char *key,
638 unsigned char *p, *end;
640 p = (
unsigned char *) key;
696 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
709 #if defined(POLARSSL_ECP_C)
713 static int pk_parse_key_sec1_der(
ecp_keypair *eck,
714 const unsigned char *key,
718 int version, pubkey_done;
721 unsigned char *p = (
unsigned char *) key;
722 unsigned char *end = p + keylen;
766 if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 ||
767 ( ret = pk_use_ecparams( ¶ms, &eck->
grp ) ) != 0 )
792 if( p + len != end2 )
794 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
796 if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
816 NULL, NULL ) ) != 0 )
835 static int pk_parse_key_pkcs8_unencrypted_der(
837 const unsigned char* key,
843 unsigned char *p = (
unsigned char *) key;
844 unsigned char *end = p + keylen;
878 if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 )
894 #if defined(POLARSSL_RSA_C)
897 if( ( ret = pk_parse_key_pkcs1_der(
pk_rsa( *pk ), p, len ) ) != 0 )
904 #if defined(POLARSSL_ECP_C)
907 if( ( ret = pk_use_ecparams( ¶ms, &
pk_ec( *pk )->grp ) ) != 0 ||
908 ( ret = pk_parse_key_sec1_der(
pk_ec( *pk ), p, len ) ) != 0 )
923 static int pk_parse_key_pkcs8_encrypted_der(
925 const unsigned char *key,
size_t keylen,
926 const unsigned char *pwd,
size_t pwdlen )
928 int ret, decrypted = 0;
930 unsigned char buf[2048];
931 unsigned char *p, *end;
933 #if defined(POLARSSL_PKCS12_C)
938 memset( buf, 0,
sizeof( buf ) );
940 p = (
unsigned char *) key;
968 if( ( ret =
asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
974 if( len >
sizeof( buf ) )
980 #if defined(POLARSSL_PKCS12_C)
985 pwd, pwdlen, p, len, buf ) ) != 0 )
1000 p, len, buf ) ) != 0 )
1015 #if defined(POLARSSL_PKCS5_C)
1019 p, len, buf ) ) != 0 )
1035 if( decrypted == 0 )
1038 return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
1045 const unsigned char *key,
size_t keylen,
1046 const unsigned char *pwd,
size_t pwdlen )
1051 #if defined(POLARSSL_PEM_PARSE_C)
1057 #if defined(POLARSSL_RSA_C)
1058 ret = pem_read_buffer( &pem,
1059 "-----BEGIN RSA PRIVATE KEY-----",
1060 "-----END RSA PRIVATE KEY-----",
1061 key, pwd, pwdlen, &len );
1068 ( ret = pk_parse_key_pkcs1_der(
pk_rsa( *pk ),
1069 pem.buf, pem.buflen ) ) != 0 )
1085 #if defined(POLARSSL_ECP_C)
1086 ret = pem_read_buffer( &pem,
1087 "-----BEGIN EC PRIVATE KEY-----",
1088 "-----END EC PRIVATE KEY-----",
1089 key, pwd, pwdlen, &len );
1096 ( ret = pk_parse_key_sec1_der(
pk_ec( *pk ),
1097 pem.buf, pem.buflen ) ) != 0 )
1113 ret = pem_read_buffer( &pem,
1114 "-----BEGIN PRIVATE KEY-----",
1115 "-----END PRIVATE KEY-----",
1116 key, NULL, 0, &len );
1119 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
1120 pem.buf, pem.buflen ) ) != 0 )
1131 ret = pem_read_buffer( &pem,
1132 "-----BEGIN ENCRYPTED PRIVATE KEY-----",
1133 "-----END ENCRYPTED PRIVATE KEY-----",
1134 key, NULL, 0, &len );
1137 if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
1138 pem.buf, pem.buflen,
1139 pwd, pwdlen ) ) != 0 )
1161 if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen,
1162 pwd, pwdlen ) ) == 0 )
1174 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )
1179 #if defined(POLARSSL_RSA_C)
1184 ( ret = pk_parse_key_pkcs1_der(
pk_rsa( *pk ), key, keylen ) ) == 0 )
1192 #if defined(POLARSSL_ECP_C)
1197 ( ret = pk_parse_key_sec1_der(
pk_ec( *pk ), key, keylen ) ) == 0 )
1212 const unsigned char *key,
size_t keylen )
1216 #if defined(POLARSSL_PEM_PARSE_C)
1221 ret = pem_read_buffer( &pem,
1222 "-----BEGIN PUBLIC KEY-----",
1223 "-----END PUBLIC KEY-----",
1224 key, NULL, 0, &len );
1232 keylen = pem.buflen;
1240 p = (
unsigned char *) key;
1244 #if defined(POLARSSL_PEM_PARSE_C)
#define POLARSSL_ERR_PK_INVALID_ALG
The algorithm tag or value is invalid.
#define POLARSSL_ERR_PK_KEY_INVALID_FORMAT
Invalid key tag or value.
int ecp_check_privkey(const ecp_group *grp, const mpi *d)
Check that an mpi is a valid private key for this curve.
const pk_info_t * pk_info_from_type(pk_type_t pk_type)
Return information associated with the given PK type.
#define POLARSSL_ERR_PK_FILE_IO_ERROR
Read/write of file failed.
int rsa_check_privkey(const rsa_context *ctx)
Check a private RSA key.
#define OID_PKCS5_PBES2
id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH
Actual length differs from expected length.
int pkcs12_pbe(asn1_buf *pbe_params, int mode, cipher_type_t cipher_type, md_type_t md_type, const unsigned char *pwd, size_t pwdlen, const unsigned char *input, size_t len, unsigned char *output)
PKCS12 Password Based function (encryption / decryption) for cipher-based and md-based PBE's...
Elliptic curves over GF(p)
int asn1_get_int(unsigned char **p, const unsigned char *end, int *val)
Retrieve an integer ASN.1 tag and its value.
#define OID_PKCS12_PBE_SHA1_RC4_128
pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1}
int oid_get_pk_alg(const asn1_buf *oid, pk_type_t *pk_alg)
Translate PublicKeyAlgorithm OID into pk_type.
#define POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
Configuration options (set of defines)
#define OID_CMP(oid_str, oid_buf)
Compares two asn1_buf structures for the same OID.
int rsa_check_pubkey(const rsa_context *ctx)
Check a public RSA key.
int mpi_lset(mpi *X, t_sint z)
Set value from integer.
#define pk_ec(pk)
Quick access to an EC context inside a PK context.
int ecp_mul(ecp_group *grp, ecp_point *R, const mpi *m, const ecp_point *P, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Multiplication by an integer: R = m * P (Not thread-safe to use same group in multiple threads) ...
int ecp_point_read_binary(const ecp_group *grp, ecp_point *P, const unsigned char *buf, size_t ilen)
Import a point from unsigned binary data.
#define POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE
Requested curve not available.
int mpi_cmp_mpi(const mpi *X, const mpi *Y)
Compare signed values.
Object Identifier (OID) database.
Public Key abstraction layer.
#define OID_SIZE(x)
Returns the size of the binary string, without the trailing \0.
#define POLARSSL_ERR_PK_BAD_INPUT_DATA
Bad input parameters to function.
#define POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE
Elliptic curve is unsupported (only NIST curves are supported).
#define POLARSSL_ERR_PK_FEATURE_UNAVAILABLE
Unavailable feature, e.g.
#define POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED
Private key password can't be empty.
void rsa_free(rsa_context *ctx)
Free the components of an RSA key.
Privacy Enhanced Mail (PEM) decoding.
int pkcs5_pbes2(asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t datalen, unsigned char *output)
PKCS#5 PBES2 function.
int asn1_get_alg(unsigned char **p, const unsigned char *end, asn1_buf *alg, asn1_buf *params)
Retrieve an AlgorithmIdentifier ASN.1 sequence.
#define POLARSSL_ERR_PK_PASSWORD_REQUIRED
Private key password can't be empty.
#define POLARSSL_ERR_PK_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
unsigned char * p
ASN1 data, e.g.
Public key information and operations.
void ecp_group_free(ecp_group *grp)
Free the components of an ECP group.
#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
#define POLARSSL_ERR_PK_MALLOC_FAILED
Memory alloation failed.
pk_type_t
Public key types.
int pk_parse_public_keyfile(pk_context *ctx, const char *path)
Load and parse a public key.
#define POLARSSL_ERR_ASN1_OUT_OF_DATA
Out of data when parsing an ASN1 data structure.
int oid_get_pkcs12_pbe_alg(const asn1_buf *oid, md_type_t *md_alg, cipher_type_t *cipher_alg)
Translate PKCS#12 PBE algorithm OID into md_type and cipher_type.
int pk_parse_subpubkey(unsigned char **p, const unsigned char *end, pk_context *pk)
Parse a SubjectPublicKeyInfo DER structure.
#define ASN1_CONTEXT_SPECIFIC
int pk_init_ctx(pk_context *ctx, const pk_info_t *info)
Initialize a PK context with the information given and allocates the type-specific PK subcontext...
size_t mpi_msb(const mpi *X)
Return the number of bits up to and including the most significant '1' bit'.
int ecp_use_known_dp(ecp_group *grp, ecp_group_id index)
Set a group using well-known domain parameters.
int mpi_read_binary(mpi *X, const unsigned char *buf, size_t buflen)
Import X from unsigned binary data, big endian.
Type-length-value structure that allows for ASN1 using DER.
The RSA public-key cryptosystem.
int pkcs12_pbe_sha1_rc4_128(asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *input, size_t len, unsigned char *output)
PKCS12 Password Based function (encryption / decryption) for pbeWithSHAAnd128BitRC4.
int asn1_get_bitstring_null(unsigned char **p, const unsigned char *end, size_t *len)
Retrieve a bitstring ASN.1 tag without unused bits and its value.
int oid_get_ec_grp(const asn1_buf *oid, ecp_group_id *grp_id)
Translate NamedCurve OID into an EC group identifier.
size_t len
ASN1 length, e.g.
ecp_group_id
Domain parameters (curve, subgroup and generator) identifiers.
#define OID_ANSI_X9_62_PRIME_FIELD
#define pk_rsa(pk)
Quick access to an RSA context inside a PK context.
#define POLARSSL_PK_PARSE_EC_EXTENDED
Enhance support for reading EC keys using variants of SEC1 not allowed by RFC 5915 and RFC 5480...
void ecp_group_init(ecp_group *grp)
Initialize a group (to something meaningless)
void pk_free(pk_context *ctx)
Free a pk_context.
int pk_parse_public_key(pk_context *ctx, const unsigned char *key, size_t keylen)
Parse a public key.
size_t mpi_size(const mpi *X)
Return the total size in bytes.
int asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag)
Get the tag and length of the tag.
int mpi_get_bit(const mpi *X, size_t pos)
Get a specific bit from X.
int pk_parse_key(pk_context *ctx, const unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen)
Parse a private key.
#define ASN1_OCTET_STRING
int ecp_check_pubkey(const ecp_group *grp, const ecp_point *pt)
Check that a point is a valid public key on this curve.
#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT
No PEM header or footer found.
int pk_parse_keyfile(pk_context *ctx, const char *path, const char *password)
Load and parse a private key.
int asn1_get_mpi(unsigned char **p, const unsigned char *end, mpi *X)
Retrieve a MPI value from an integer ASN.1 tag.
#define POLARSSL_ERR_PK_KEY_INVALID_VERSION
Unsupported key version.
#define PKCS12_PBE_DECRYPT
#define POLARSSL_ERR_PK_INVALID_PUBKEY
The pubkey tag or value is invalid (only RSA and EC are supported).
#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG
ASN1 tag was of an unexpected value.
#define POLARSSL_ERR_PK_UNKNOWN_PK_ALG
Key algorithm is unsupported (only RSA and EC are supported).
PKCS#12 Personal Information Exchange Syntax.
void ecp_keypair_free(ecp_keypair *key)
Free the components of a key pair.
const ecp_group_id * ecp_grp_id_list(void)
Get the list of supported curves in order of preferrence (grp_id only)