PolarSSL v1.3.7
pkparse.c
Go to the documentation of this file.
1 /*
2  * Public Key layer for parsing key files and structures
3  *
4  * Copyright (C) 2006-2014, Brainspark B.V.
5  *
6  * This file is part of PolarSSL (http://www.polarssl.org)
7  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8  *
9  * All rights reserved.
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 
26 #if !defined(POLARSSL_CONFIG_FILE)
27 #include "polarssl/config.h"
28 #else
29 #include POLARSSL_CONFIG_FILE
30 #endif
31 
32 #if defined(POLARSSL_PK_PARSE_C)
33 
34 #include "polarssl/pk.h"
35 #include "polarssl/asn1.h"
36 #include "polarssl/oid.h"
37 
38 #if defined(POLARSSL_RSA_C)
39 #include "polarssl/rsa.h"
40 #endif
41 #if defined(POLARSSL_ECP_C)
42 #include "polarssl/ecp.h"
43 #endif
44 #if defined(POLARSSL_ECDSA_C)
45 #include "polarssl/ecdsa.h"
46 #endif
47 #if defined(POLARSSL_PEM_PARSE_C)
48 #include "polarssl/pem.h"
49 #endif
50 #if defined(POLARSSL_PKCS5_C)
51 #include "polarssl/pkcs5.h"
52 #endif
53 #if defined(POLARSSL_PKCS12_C)
54 #include "polarssl/pkcs12.h"
55 #endif
56 
57 #if defined(POLARSSL_PLATFORM_C)
58 #include "polarssl/platform.h"
59 #else
60 #include <stdlib.h>
61 #define polarssl_malloc malloc
62 #define polarssl_free free
63 #endif
64 
65 #if defined(POLARSSL_FS_IO)
66 /*
67  * Load all data from a file into a given buffer.
68  */
69 static int load_file( const char *path, unsigned char **buf, size_t *n )
70 {
71  FILE *f;
72  long size;
73 
74  if( ( f = fopen( path, "rb" ) ) == NULL )
76 
77  fseek( f, 0, SEEK_END );
78  if( ( size = ftell( f ) ) == -1 )
79  {
80  fclose( f );
82  }
83  fseek( f, 0, SEEK_SET );
84 
85  *n = (size_t) size;
86 
87  if( *n + 1 == 0 ||
88  ( *buf = (unsigned char *) polarssl_malloc( *n + 1 ) ) == NULL )
89  {
90  fclose( f );
92  }
93 
94  if( fread( *buf, 1, *n, f ) != *n )
95  {
96  fclose( f );
97  polarssl_free( *buf );
99  }
100 
101  fclose( f );
102 
103  (*buf)[*n] = '\0';
104 
105  return( 0 );
106 }
107 
108 /*
109  * Load and parse a private key
110  */
111 int pk_parse_keyfile( pk_context *ctx,
112  const char *path, const char *pwd )
113 {
114  int ret;
115  size_t n;
116  unsigned char *buf;
117 
118  if ( (ret = load_file( path, &buf, &n ) ) != 0 )
119  return( ret );
120 
121  if( pwd == NULL )
122  ret = pk_parse_key( ctx, buf, n, NULL, 0 );
123  else
124  ret = pk_parse_key( ctx, buf, n,
125  (const unsigned char *) pwd, strlen( pwd ) );
126 
127  memset( buf, 0, n + 1 );
128  polarssl_free( buf );
129 
130  return( ret );
131 }
132 
133 /*
134  * Load and parse a public key
135  */
136 int pk_parse_public_keyfile( pk_context *ctx, const char *path )
137 {
138  int ret;
139  size_t n;
140  unsigned char *buf;
141 
142  if ( (ret = load_file( path, &buf, &n ) ) != 0 )
143  return( ret );
144 
145  ret = pk_parse_public_key( ctx, buf, n );
146 
147  memset( buf, 0, n + 1 );
148  polarssl_free( buf );
149 
150  return( ret );
151 }
152 #endif /* POLARSSL_FS_IO */
153 
154 #if defined(POLARSSL_ECP_C)
155 /* Minimally parse an ECParameters buffer to and asn1_buf
156  *
157  * ECParameters ::= CHOICE {
158  * namedCurve OBJECT IDENTIFIER
159  * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
160  * -- implicitCurve NULL
161  * }
162  */
163 static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
164  asn1_buf *params )
165 {
166  int ret;
167 
168  /* Tag may be either OID or SEQUENCE */
169  params->tag = **p;
170  if( params->tag != ASN1_OID
172  && params->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE )
173 #endif
174  )
175  {
178  }
179 
180  if( ( ret = asn1_get_tag( p, end, &params->len, params->tag ) ) != 0 )
181  {
182  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
183  }
184 
185  params->p = *p;
186  *p += params->len;
187 
188  if( *p != end )
191 
192  return( 0 );
193 }
194 
195 #if defined(POLARSSL_PK_PARSE_EC_EXTENDED)
196 /*
197  * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it.
198  * WARNING: the resulting group should only be used with
199  * pk_group_id_from_specified(), since its base point may not be set correctly
200  * if it was encoded compressed.
201  *
202  * SpecifiedECDomain ::= SEQUENCE {
203  * version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...),
204  * fieldID FieldID {{FieldTypes}},
205  * curve Curve,
206  * base ECPoint,
207  * order INTEGER,
208  * cofactor INTEGER OPTIONAL,
209  * hash HashAlgorithm OPTIONAL,
210  * ...
211  * }
212  *
213  * We only support prime-field as field type, and ignore hash and cofactor.
214  */
215 static int pk_group_from_specified( const asn1_buf *params, ecp_group *grp )
216 {
217  int ret;
218  unsigned char *p = params->p;
219  const unsigned char * const end = params->p + params->len;
220  const unsigned char *end_field, *end_curve;
221  size_t len;
222  int ver;
223 
224  /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */
225  if( ( ret = asn1_get_int( &p, end, &ver ) ) != 0 )
226  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
227 
228  if( ver < 1 || ver > 3 )
230 
231  /*
232  * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field
233  * fieldType FIELD-ID.&id({IOSet}),
234  * parameters FIELD-ID.&Type({IOSet}{@fieldType})
235  * }
236  */
237  if( ( ret = asn1_get_tag( &p, end, &len,
238  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
239  return( ret );
240 
241  end_field = p + len;
242 
243  /*
244  * FIELD-ID ::= TYPE-IDENTIFIER
245  * FieldTypes FIELD-ID ::= {
246  * { Prime-p IDENTIFIED BY prime-field } |
247  * { Characteristic-two IDENTIFIED BY characteristic-two-field }
248  * }
249  * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
250  */
251  if( ( ret = asn1_get_tag( &p, end_field, &len, ASN1_OID ) ) != 0 )
252  return( ret );
253 
254  if( len != OID_SIZE( OID_ANSI_X9_62_PRIME_FIELD ) ||
255  memcmp( p, OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 )
256  {
258  }
259 
260  p += len;
261 
262  /* Prime-p ::= INTEGER -- Field of size p. */
263  if( ( ret = asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 )
264  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
265 
266  grp->pbits = mpi_msb( &grp->P );
267 
268  if( p != end_field )
271 
272  /*
273  * Curve ::= SEQUENCE {
274  * a FieldElement,
275  * b FieldElement,
276  * seed BIT STRING OPTIONAL
277  * -- Shall be present if used in SpecifiedECDomain
278  * -- with version equal to ecdpVer2 or ecdpVer3
279  * }
280  */
281  if( ( ret = asn1_get_tag( &p, end, &len,
282  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
283  return( ret );
284 
285  end_curve = p + len;
286 
287  /*
288  * FieldElement ::= OCTET STRING
289  * containing an integer in the case of a prime field
290  */
291  if( ( ret = asn1_get_tag( &p, end_curve, &len, ASN1_OCTET_STRING ) ) != 0 ||
292  ( ret = mpi_read_binary( &grp->A, p, len ) ) != 0 )
293  {
294  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
295  }
296 
297  p += len;
298 
299  if( ( ret = asn1_get_tag( &p, end_curve, &len, ASN1_OCTET_STRING ) ) != 0 ||
300  ( ret = mpi_read_binary( &grp->B, p, len ) ) != 0 )
301  {
302  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
303  }
304 
305  p += len;
306 
307  /* Ignore seed BIT STRING OPTIONAL */
308  if( ( ret = asn1_get_tag( &p, end_curve, &len, ASN1_BIT_STRING ) ) == 0 )
309  p += len;
310 
311  if( p != end_curve )
314 
315  /*
316  * ECPoint ::= OCTET STRING
317  */
318  if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
319  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
320 
321  if( ( ret = ecp_point_read_binary( grp, &grp->G,
322  ( const unsigned char *) p, len ) ) != 0 )
323  {
324  /*
325  * If we can't read the point because it's compressed, cheat by
326  * reading only the X coordinate and the parity bit of Y.
327  */
329  ( p[0] != 0x02 && p[0] != 0x03 ) ||
330  len != mpi_size( &grp->P ) + 1 ||
331  mpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 ||
332  mpi_lset( &grp->G.Y, p[0] - 2 ) != 0 ||
333  mpi_lset( &grp->G.Z, 1 ) != 0 )
334  {
336  }
337  }
338 
339  p += len;
340 
341  /*
342  * order INTEGER
343  */
344  if( ( ret = asn1_get_mpi( &p, end, &grp->N ) ) )
345  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
346 
347  grp->nbits = mpi_msb( &grp->N );
348 
349  /*
350  * Allow optional elements by purposefully not enforcing p == end here.
351  */
352 
353  return( 0 );
354 }
355 
356 /*
357  * Find the group id associated with an (almost filled) group as generated by
358  * pk_group_from_specified(), or return an error if unknown.
359  */
360 static int pk_group_id_from_group( const ecp_group *grp, ecp_group_id *grp_id )
361 {
362  int ret = 0;
363  ecp_group ref;
364  const ecp_group_id *id;
365 
366  ecp_group_init( &ref );
367 
368  for( id = ecp_grp_id_list(); *id != POLARSSL_ECP_DP_NONE; id++ )
369  {
370  /* Load the group associated to that id */
371  ecp_group_free( &ref );
372  MPI_CHK( ecp_use_known_dp( &ref, *id ) );
373 
374  /* Compare to the group we were given, starting with easy tests */
375  if( grp->pbits == ref.pbits && grp->nbits == ref.nbits &&
376  mpi_cmp_mpi( &grp->P, &ref.P ) == 0 &&
377  mpi_cmp_mpi( &grp->A, &ref.A ) == 0 &&
378  mpi_cmp_mpi( &grp->B, &ref.B ) == 0 &&
379  mpi_cmp_mpi( &grp->N, &ref.N ) == 0 &&
380  mpi_cmp_mpi( &grp->G.X, &ref.G.X ) == 0 &&
381  mpi_cmp_mpi( &grp->G.Z, &ref.G.Z ) == 0 &&
382  /* For Y we may only know the parity bit, so compare only that */
383  mpi_get_bit( &grp->G.Y, 0 ) == mpi_get_bit( &ref.G.Y, 0 ) )
384  {
385  break;
386  }
387 
388  }
389 
390 cleanup:
391  ecp_group_free( &ref );
392 
393  *grp_id = *id;
394 
395  if( ret == 0 && *id == POLARSSL_ECP_DP_NONE )
397 
398  return( ret );
399 }
400 
401 /*
402  * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID
403  */
404 static int pk_group_id_from_specified( const asn1_buf *params,
405  ecp_group_id *grp_id )
406 {
407  int ret;
408  ecp_group grp;
409 
410  ecp_group_init( &grp );
411 
412  if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 )
413  goto cleanup;
414 
415  ret = pk_group_id_from_group( &grp, grp_id );
416 
417 cleanup:
418  ecp_group_free( &grp );
419 
420  return( ret );
421 }
422 #endif /* POLARSSL_PK_PARSE_EC_EXTENDED */
423 
424 /*
425  * Use EC parameters to initialise an EC group
426  *
427  * ECParameters ::= CHOICE {
428  * namedCurve OBJECT IDENTIFIER
429  * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
430  * -- implicitCurve NULL
431  */
432 static int pk_use_ecparams( const asn1_buf *params, ecp_group *grp )
433 {
434  int ret;
435  ecp_group_id grp_id;
436 
437  if( params->tag == ASN1_OID )
438  {
439  if( oid_get_ec_grp( params, &grp_id ) != 0 )
441  }
442  else
443  {
444 #if defined(POLARSSL_PK_PARSE_EC_EXTENDED)
445  if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 )
446  return( ret );
447 #else
449 #endif
450  }
451 
452  /*
453  * grp may already be initilialized; if so, make sure IDs match
454  */
455  if( grp->id != POLARSSL_ECP_DP_NONE && grp->id != grp_id )
457 
458  if( ( ret = ecp_use_known_dp( grp, grp_id ) ) != 0 )
459  return( ret );
460 
461  return( 0 );
462 }
463 
464 /*
465  * EC public key is an EC point
466  *
467  * The caller is responsible for clearing the structure upon failure if
468  * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE
469  * return code of ecp_point_read_binary() and leave p in a usable state.
470  */
471 static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
472  ecp_keypair *key )
473 {
474  int ret;
475 
476  if( ( ret = ecp_point_read_binary( &key->grp, &key->Q,
477  (const unsigned char *) *p, end - *p ) ) == 0 )
478  {
479  ret = ecp_check_pubkey( &key->grp, &key->Q );
480  }
481 
482  /*
483  * We know ecp_point_read_binary consumed all bytes or failed
484  */
485  *p = (unsigned char *) end;
486 
487  return( ret );
488 }
489 #endif /* POLARSSL_ECP_C */
490 
491 #if defined(POLARSSL_RSA_C)
492 /*
493  * RSAPublicKey ::= SEQUENCE {
494  * modulus INTEGER, -- n
495  * publicExponent INTEGER -- e
496  * }
497  */
498 static int pk_get_rsapubkey( unsigned char **p,
499  const unsigned char *end,
500  rsa_context *rsa )
501 {
502  int ret;
503  size_t len;
504 
505  if( ( ret = asn1_get_tag( p, end, &len,
506  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
507  return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret );
508 
509  if( *p + len != end )
512 
513  if( ( ret = asn1_get_mpi( p, end, &rsa->N ) ) != 0 ||
514  ( ret = asn1_get_mpi( p, end, &rsa->E ) ) != 0 )
515  return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret );
516 
517  if( *p != end )
520 
521  if( ( ret = rsa_check_pubkey( rsa ) ) != 0 )
523 
524  rsa->len = mpi_size( &rsa->N );
525 
526  return( 0 );
527 }
528 #endif /* POLARSSL_RSA_C */
529 
530 /* Get a PK algorithm identifier
531  *
532  * AlgorithmIdentifier ::= SEQUENCE {
533  * algorithm OBJECT IDENTIFIER,
534  * parameters ANY DEFINED BY algorithm OPTIONAL }
535  */
536 static int pk_get_pk_alg( unsigned char **p,
537  const unsigned char *end,
538  pk_type_t *pk_alg, asn1_buf *params )
539 {
540  int ret;
541  asn1_buf alg_oid;
542 
543  memset( params, 0, sizeof(asn1_buf) );
544 
545  if( ( ret = asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
546  return( POLARSSL_ERR_PK_INVALID_ALG + ret );
547 
548  if( oid_get_pk_alg( &alg_oid, pk_alg ) != 0 )
550 
551  /*
552  * No parameters with RSA (only for EC)
553  */
554  if( *pk_alg == POLARSSL_PK_RSA &&
555  ( ( params->tag != ASN1_NULL && params->tag != 0 ) ||
556  params->len != 0 ) )
557  {
558  return( POLARSSL_ERR_PK_INVALID_ALG );
559  }
560 
561  return( 0 );
562 }
563 
564 /*
565  * SubjectPublicKeyInfo ::= SEQUENCE {
566  * algorithm AlgorithmIdentifier,
567  * subjectPublicKey BIT STRING }
568  */
569 int pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
570  pk_context *pk )
571 {
572  int ret;
573  size_t len;
574  asn1_buf alg_params;
575  pk_type_t pk_alg = POLARSSL_PK_NONE;
576  const pk_info_t *pk_info;
577 
578  if( ( ret = asn1_get_tag( p, end, &len,
579  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
580  {
581  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
582  }
583 
584  end = *p + len;
585 
586  if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
587  return( ret );
588 
589  if( ( ret = asn1_get_bitstring_null( p, end, &len ) ) != 0 )
590  return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret );
591 
592  if( *p + len != end )
595 
596  if( ( pk_info = pk_info_from_type( pk_alg ) ) == NULL )
598 
599  if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 )
600  return( ret );
601 
602 #if defined(POLARSSL_RSA_C)
603  if( pk_alg == POLARSSL_PK_RSA )
604  {
605  ret = pk_get_rsapubkey( p, end, pk_rsa( *pk ) );
606  } else
607 #endif /* POLARSSL_RSA_C */
608 #if defined(POLARSSL_ECP_C)
609  if( pk_alg == POLARSSL_PK_ECKEY_DH || pk_alg == POLARSSL_PK_ECKEY )
610  {
611  ret = pk_use_ecparams( &alg_params, &pk_ec( *pk )->grp );
612  if( ret == 0 )
613  ret = pk_get_ecpubkey( p, end, pk_ec( *pk ) );
614  } else
615 #endif /* POLARSSL_ECP_C */
617 
618  if( ret == 0 && *p != end )
621 
622  if( ret != 0 )
623  pk_free( pk );
624 
625  return( ret );
626 }
627 
628 #if defined(POLARSSL_RSA_C)
629 /*
630  * Parse a PKCS#1 encoded private RSA key
631  */
632 static int pk_parse_key_pkcs1_der( rsa_context *rsa,
633  const unsigned char *key,
634  size_t keylen )
635 {
636  int ret;
637  size_t len;
638  unsigned char *p, *end;
639 
640  p = (unsigned char *) key;
641  end = p + keylen;
642 
643  /*
644  * This function parses the RSAPrivateKey (PKCS#1)
645  *
646  * RSAPrivateKey ::= SEQUENCE {
647  * version Version,
648  * modulus INTEGER, -- n
649  * publicExponent INTEGER, -- e
650  * privateExponent INTEGER, -- d
651  * prime1 INTEGER, -- p
652  * prime2 INTEGER, -- q
653  * exponent1 INTEGER, -- d mod (p-1)
654  * exponent2 INTEGER, -- d mod (q-1)
655  * coefficient INTEGER, -- (inverse of q) mod p
656  * otherPrimeInfos OtherPrimeInfos OPTIONAL
657  * }
658  */
659  if( ( ret = asn1_get_tag( &p, end, &len,
660  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
661  {
662  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
663  }
664 
665  end = p + len;
666 
667  if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
668  {
669  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
670  }
671 
672  if( rsa->ver != 0 )
673  {
675  }
676 
677  if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
678  ( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||
679  ( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||
680  ( ret = asn1_get_mpi( &p, end, &rsa->P ) ) != 0 ||
681  ( ret = asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 ||
682  ( ret = asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||
683  ( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
684  ( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
685  {
686  rsa_free( rsa );
687  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
688  }
689 
690  rsa->len = mpi_size( &rsa->N );
691 
692  if( p != end )
693  {
694  rsa_free( rsa );
696  POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
697  }
698 
699  if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
700  {
701  rsa_free( rsa );
702  return( ret );
703  }
704 
705  return( 0 );
706 }
707 #endif /* POLARSSL_RSA_C */
708 
709 #if defined(POLARSSL_ECP_C)
710 /*
711  * Parse a SEC1 encoded private EC key
712  */
713 static int pk_parse_key_sec1_der( ecp_keypair *eck,
714  const unsigned char *key,
715  size_t keylen )
716 {
717  int ret;
718  int version, pubkey_done;
719  size_t len;
720  asn1_buf params;
721  unsigned char *p = (unsigned char *) key;
722  unsigned char *end = p + keylen;
723  unsigned char *end2;
724 
725  /*
726  * RFC 5915, or SEC1 Appendix C.4
727  *
728  * ECPrivateKey ::= SEQUENCE {
729  * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
730  * privateKey OCTET STRING,
731  * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
732  * publicKey [1] BIT STRING OPTIONAL
733  * }
734  */
735  if( ( ret = asn1_get_tag( &p, end, &len,
736  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
737  {
738  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
739  }
740 
741  end = p + len;
742 
743  if( ( ret = asn1_get_int( &p, end, &version ) ) != 0 )
744  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
745 
746  if( version != 1 )
748 
749  if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
750  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
751 
752  if( ( ret = mpi_read_binary( &eck->d, p, len ) ) != 0 )
753  {
754  ecp_keypair_free( eck );
755  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
756  }
757 
758  p += len;
759 
760  /*
761  * Is 'parameters' present?
762  */
763  if( ( ret = asn1_get_tag( &p, end, &len,
764  ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) == 0 )
765  {
766  if( ( ret = pk_get_ecparams( &p, p + len, &params) ) != 0 ||
767  ( ret = pk_use_ecparams( &params, &eck->grp ) ) != 0 )
768  {
769  ecp_keypair_free( eck );
770  return( ret );
771  }
772  }
773  else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
774  {
775  ecp_keypair_free( eck );
776  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
777  }
778 
779  /*
780  * Is 'publickey' present? If not, or if we can't read it (eg because it
781  * is compressed), create it from the private key.
782  */
783  pubkey_done = 0;
784  if( ( ret = asn1_get_tag( &p, end, &len,
785  ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) ) == 0 )
786  {
787  end2 = p + len;
788 
789  if( ( ret = asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
790  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
791 
792  if( p + len != end2 )
794  POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
795 
796  if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
797  pubkey_done = 1;
798  else
799  {
800  /*
801  * The only acceptable failure mode of pk_get_ecpubkey() above
802  * is if the point format is not recognized.
803  */
806  }
807  }
808  else if ( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
809  {
810  ecp_keypair_free( eck );
811  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
812  }
813 
814  if( ! pubkey_done &&
815  ( ret = ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
816  NULL, NULL ) ) != 0 )
817  {
818  ecp_keypair_free( eck );
819  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
820  }
821 
822  if( ( ret = ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 )
823  {
824  ecp_keypair_free( eck );
825  return( ret );
826  }
827 
828  return 0;
829 }
830 #endif /* POLARSSL_ECP_C */
831 
832 /*
833  * Parse an unencrypted PKCS#8 encoded private key
834  */
835 static int pk_parse_key_pkcs8_unencrypted_der(
836  pk_context *pk,
837  const unsigned char* key,
838  size_t keylen )
839 {
840  int ret, version;
841  size_t len;
842  asn1_buf params;
843  unsigned char *p = (unsigned char *) key;
844  unsigned char *end = p + keylen;
845  pk_type_t pk_alg = POLARSSL_PK_NONE;
846  const pk_info_t *pk_info;
847 
848  /*
849  * This function parses the PrivatKeyInfo object (PKCS#8 v1.2 = RFC 5208)
850  *
851  * PrivateKeyInfo ::= SEQUENCE {
852  * version Version,
853  * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
854  * privateKey PrivateKey,
855  * attributes [0] IMPLICIT Attributes OPTIONAL }
856  *
857  * Version ::= INTEGER
858  * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
859  * PrivateKey ::= OCTET STRING
860  *
861  * The PrivateKey OCTET STRING is a SEC1 ECPrivateKey
862  */
863 
864  if( ( ret = asn1_get_tag( &p, end, &len,
865  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
866  {
867  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
868  }
869 
870  end = p + len;
871 
872  if( ( ret = asn1_get_int( &p, end, &version ) ) != 0 )
873  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
874 
875  if( version != 0 )
876  return( POLARSSL_ERR_PK_KEY_INVALID_VERSION + ret );
877 
878  if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, &params ) ) != 0 )
879  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
880 
881  if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
882  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
883 
884  if( len < 1 )
887 
888  if( ( pk_info = pk_info_from_type( pk_alg ) ) == NULL )
890 
891  if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 )
892  return( ret );
893 
894 #if defined(POLARSSL_RSA_C)
895  if( pk_alg == POLARSSL_PK_RSA )
896  {
897  if( ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ), p, len ) ) != 0 )
898  {
899  pk_free( pk );
900  return( ret );
901  }
902  } else
903 #endif /* POLARSSL_RSA_C */
904 #if defined(POLARSSL_ECP_C)
905  if( pk_alg == POLARSSL_PK_ECKEY || pk_alg == POLARSSL_PK_ECKEY_DH )
906  {
907  if( ( ret = pk_use_ecparams( &params, &pk_ec( *pk )->grp ) ) != 0 ||
908  ( ret = pk_parse_key_sec1_der( pk_ec( *pk ), p, len ) ) != 0 )
909  {
910  pk_free( pk );
911  return( ret );
912  }
913  } else
914 #endif /* POLARSSL_ECP_C */
916 
917  return 0;
918 }
919 
920 /*
921  * Parse an encrypted PKCS#8 encoded private key
922  */
923 static int pk_parse_key_pkcs8_encrypted_der(
924  pk_context *pk,
925  const unsigned char *key, size_t keylen,
926  const unsigned char *pwd, size_t pwdlen )
927 {
928  int ret, decrypted = 0;
929  size_t len;
930  unsigned char buf[2048];
931  unsigned char *p, *end;
932  asn1_buf pbe_alg_oid, pbe_params;
933 #if defined(POLARSSL_PKCS12_C)
934  cipher_type_t cipher_alg;
935  md_type_t md_alg;
936 #endif
937 
938  memset( buf, 0, sizeof( buf ) );
939 
940  p = (unsigned char *) key;
941  end = p + keylen;
942 
943  if( pwdlen == 0 )
945 
946  /*
947  * This function parses the EncryptedPrivatKeyInfo object (PKCS#8)
948  *
949  * EncryptedPrivateKeyInfo ::= SEQUENCE {
950  * encryptionAlgorithm EncryptionAlgorithmIdentifier,
951  * encryptedData EncryptedData
952  * }
953  *
954  * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
955  *
956  * EncryptedData ::= OCTET STRING
957  *
958  * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
959  */
960  if( ( ret = asn1_get_tag( &p, end, &len,
961  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
962  {
963  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
964  }
965 
966  end = p + len;
967 
968  if( ( ret = asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
969  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
970 
971  if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
972  return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
973 
974  if( len > sizeof( buf ) )
976 
977  /*
978  * Decrypt EncryptedData with appropriate PDE
979  */
980 #if defined(POLARSSL_PKCS12_C)
981  if( oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
982  {
983  if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT,
984  cipher_alg, md_alg,
985  pwd, pwdlen, p, len, buf ) ) != 0 )
986  {
989 
990  return( ret );
991  }
992 
993  decrypted = 1;
994  }
995  else if( OID_CMP( OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) )
996  {
997  if( ( ret = pkcs12_pbe_sha1_rc4_128( &pbe_params,
999  pwd, pwdlen,
1000  p, len, buf ) ) != 0 )
1001  {
1002  return( ret );
1003  }
1004 
1005  // Best guess for password mismatch when using RC4. If first tag is
1006  // not ASN1_CONSTRUCTED | ASN1_SEQUENCE
1007  //
1008  if( *buf != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
1010 
1011  decrypted = 1;
1012  }
1013  else
1014 #endif /* POLARSSL_PKCS12_C */
1015 #if defined(POLARSSL_PKCS5_C)
1016  if( OID_CMP( OID_PKCS5_PBES2, &pbe_alg_oid ) )
1017  {
1018  if( ( ret = pkcs5_pbes2( &pbe_params, PKCS5_DECRYPT, pwd, pwdlen,
1019  p, len, buf ) ) != 0 )
1020  {
1023 
1024  return( ret );
1025  }
1026 
1027  decrypted = 1;
1028  }
1029  else
1030 #endif /* POLARSSL_PKCS5_C */
1031  {
1032  ((void) pwd);
1033  }
1034 
1035  if( decrypted == 0 )
1037 
1038  return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
1039 }
1040 
1041 /*
1042  * Parse a private key
1043  */
1044 int pk_parse_key( pk_context *pk,
1045  const unsigned char *key, size_t keylen,
1046  const unsigned char *pwd, size_t pwdlen )
1047 {
1048  int ret;
1049  const pk_info_t *pk_info;
1050 
1051 #if defined(POLARSSL_PEM_PARSE_C)
1052  size_t len;
1053  pem_context pem;
1054 
1055  pem_init( &pem );
1056 
1057 #if defined(POLARSSL_RSA_C)
1058  ret = pem_read_buffer( &pem,
1059  "-----BEGIN RSA PRIVATE KEY-----",
1060  "-----END RSA PRIVATE KEY-----",
1061  key, pwd, pwdlen, &len );
1062  if( ret == 0 )
1063  {
1064  if( ( pk_info = pk_info_from_type( POLARSSL_PK_RSA ) ) == NULL )
1066 
1067  if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
1068  ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ),
1069  pem.buf, pem.buflen ) ) != 0 )
1070  {
1071  pk_free( pk );
1072  }
1073 
1074  pem_free( &pem );
1075  return( ret );
1076  }
1077  else if( ret == POLARSSL_ERR_PEM_PASSWORD_MISMATCH )
1079  else if( ret == POLARSSL_ERR_PEM_PASSWORD_REQUIRED )
1082  return( ret );
1083 #endif /* POLARSSL_RSA_C */
1084 
1085 #if defined(POLARSSL_ECP_C)
1086  ret = pem_read_buffer( &pem,
1087  "-----BEGIN EC PRIVATE KEY-----",
1088  "-----END EC PRIVATE KEY-----",
1089  key, pwd, pwdlen, &len );
1090  if( ret == 0 )
1091  {
1092  if( ( pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ) ) == NULL )
1094 
1095  if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
1096  ( ret = pk_parse_key_sec1_der( pk_ec( *pk ),
1097  pem.buf, pem.buflen ) ) != 0 )
1098  {
1099  pk_free( pk );
1100  }
1101 
1102  pem_free( &pem );
1103  return( ret );
1104  }
1105  else if( ret == POLARSSL_ERR_PEM_PASSWORD_MISMATCH )
1107  else if( ret == POLARSSL_ERR_PEM_PASSWORD_REQUIRED )
1110  return( ret );
1111 #endif /* POLARSSL_ECP_C */
1112 
1113  ret = pem_read_buffer( &pem,
1114  "-----BEGIN PRIVATE KEY-----",
1115  "-----END PRIVATE KEY-----",
1116  key, NULL, 0, &len );
1117  if( ret == 0 )
1118  {
1119  if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
1120  pem.buf, pem.buflen ) ) != 0 )
1121  {
1122  pk_free( pk );
1123  }
1124 
1125  pem_free( &pem );
1126  return( ret );
1127  }
1129  return( ret );
1130 
1131  ret = pem_read_buffer( &pem,
1132  "-----BEGIN ENCRYPTED PRIVATE KEY-----",
1133  "-----END ENCRYPTED PRIVATE KEY-----",
1134  key, NULL, 0, &len );
1135  if( ret == 0 )
1136  {
1137  if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
1138  pem.buf, pem.buflen,
1139  pwd, pwdlen ) ) != 0 )
1140  {
1141  pk_free( pk );
1142  }
1143 
1144  pem_free( &pem );
1145  return( ret );
1146  }
1148  return( ret );
1149 #else
1150  ((void) pwd);
1151  ((void) pwdlen);
1152 #endif /* POLARSSL_PEM_PARSE_C */
1153 
1154  /*
1155  * At this point we only know it's not a PEM formatted key. Could be any
1156  * of the known DER encoded private key formats
1157  *
1158  * We try the different DER format parsers to see if one passes without
1159  * error
1160  */
1161  if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen,
1162  pwd, pwdlen ) ) == 0 )
1163  {
1164  return( 0 );
1165  }
1166 
1167  pk_free( pk );
1168 
1170  {
1171  return( ret );
1172  }
1173 
1174  if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )
1175  return( 0 );
1176 
1177  pk_free( pk );
1178 
1179 #if defined(POLARSSL_RSA_C)
1180  if( ( pk_info = pk_info_from_type( POLARSSL_PK_RSA ) ) == NULL )
1182 
1183  if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
1184  ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ), key, keylen ) ) == 0 )
1185  {
1186  return( 0 );
1187  }
1188 
1189  pk_free( pk );
1190 #endif /* POLARSSL_RSA_C */
1191 
1192 #if defined(POLARSSL_ECP_C)
1193  if( ( pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ) ) == NULL )
1195 
1196  if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
1197  ( ret = pk_parse_key_sec1_der( pk_ec( *pk ), key, keylen ) ) == 0 )
1198  {
1199  return( 0 );
1200  }
1201 
1202  pk_free( pk );
1203 #endif /* POLARSSL_ECP_C */
1204 
1206 }
1207 
1208 /*
1209  * Parse a public key
1210  */
1212  const unsigned char *key, size_t keylen )
1213 {
1214  int ret;
1215  unsigned char *p;
1216 #if defined(POLARSSL_PEM_PARSE_C)
1217  size_t len;
1218  pem_context pem;
1219 
1220  pem_init( &pem );
1221  ret = pem_read_buffer( &pem,
1222  "-----BEGIN PUBLIC KEY-----",
1223  "-----END PUBLIC KEY-----",
1224  key, NULL, 0, &len );
1225 
1226  if( ret == 0 )
1227  {
1228  /*
1229  * Was PEM encoded
1230  */
1231  key = pem.buf;
1232  keylen = pem.buflen;
1233  }
1235  {
1236  pem_free( &pem );
1237  return( ret );
1238  }
1239 #endif /* POLARSSL_PEM_PARSE_C */
1240  p = (unsigned char *) key;
1241 
1242  ret = pk_parse_subpubkey( &p, p + keylen, ctx );
1243 
1244 #if defined(POLARSSL_PEM_PARSE_C)
1245  pem_free( &pem );
1246 #endif
1247 
1248  return( ret );
1249 }
1250 
1251 #endif /* POLARSSL_PK_PARSE_C */
#define POLARSSL_ERR_PK_INVALID_ALG
The algorithm tag or value is invalid.
Definition: pk.h:61
size_t pbits
Definition: ecp.h:144
#define ASN1_NULL
Definition: asn1.h:79
#define POLARSSL_ERR_PK_KEY_INVALID_FORMAT
Invalid key tag or value.
Definition: pk.h:56
int ecp_check_privkey(const ecp_group *grp, const mpi *d)
Check that an mpi is a valid private key for this curve.
const pk_info_t * pk_info_from_type(pk_type_t pk_type)
Return information associated with the given PK type.
#define ASN1_OID
Definition: asn1.h:80
#define POLARSSL_ERR_PK_FILE_IO_ERROR
Read/write of file failed.
Definition: pk.h:54
PKCS#5 functions.
int rsa_check_privkey(const rsa_context *ctx)
Check a private RSA key.
#define OID_PKCS5_PBES2
id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
Definition: oid.h:236
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH
Actual length differs from expected length.
Definition: asn1.h:57
int pkcs12_pbe(asn1_buf *pbe_params, int mode, cipher_type_t cipher_type, md_type_t md_type, const unsigned char *pwd, size_t pwdlen, const unsigned char *input, size_t len, unsigned char *output)
PKCS12 Password Based function (encryption / decryption) for cipher-based and md-based PBE&#39;s...
Elliptic curves over GF(p)
Elliptic curve DSA.
mpi P
Definition: ecp.h:139
ecp_group grp
Definition: ecp.h:165
int asn1_get_int(unsigned char **p, const unsigned char *end, int *val)
Retrieve an integer ASN.1 tag and its value.
#define OID_PKCS12_PBE_SHA1_RC4_128
pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1}
Definition: oid.h:259
int oid_get_pk_alg(const asn1_buf *oid, pk_type_t *pk_alg)
Translate PublicKeyAlgorithm OID into pk_type.
#define polarssl_free
Definition: platform.h:91
#define POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
Definition: pkcs12.h:39
#define ASN1_SEQUENCE
Definition: asn1.h:82
mpi DQ
Definition: rsa.h:93
ECP group structure.
Definition: ecp.h:136
Configuration options (set of defines)
#define OID_CMP(oid_str, oid_buf)
Compares two asn1_buf structures for the same OID.
Definition: asn1.h:104
int rsa_check_pubkey(const rsa_context *ctx)
Check a public RSA key.
#define ASN1_CONSTRUCTED
Definition: asn1.h:92
ECP key pair structure.
Definition: ecp.h:163
mpi d
Definition: ecp.h:166
int mpi_lset(mpi *X, t_sint z)
Set value from integer.
PolarSSL Platform abstraction layer.
#define pk_ec(pk)
Quick access to an EC context inside a PK context.
Definition: pk.h:84
int ecp_mul(ecp_group *grp, ecp_point *R, const mpi *m, const ecp_point *P, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Multiplication by an integer: R = m * P (Not thread-safe to use same group in multiple threads) ...
int ecp_point_read_binary(const ecp_group *grp, ecp_point *P, const unsigned char *buf, size_t ilen)
Import a point from unsigned binary data.
#define POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE
Requested curve not available.
Definition: ecp.h:37
mpi X
Definition: ecp.h:106
int mpi_cmp_mpi(const mpi *X, const mpi *Y)
Compare signed values.
Object Identifier (OID) database.
Public Key abstraction layer.
#define OID_SIZE(x)
Returns the size of the binary string, without the trailing \0.
Definition: asn1.h:98
#define POLARSSL_ERR_PK_BAD_INPUT_DATA
Bad input parameters to function.
Definition: pk.h:53
size_t len
Definition: rsa.h:84
md_type_t
Definition: md.h:51
mpi P
Definition: rsa.h:90
#define POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE
Elliptic curve is unsupported (only NIST curves are supported).
Definition: pk.h:62
mpi Q
Definition: rsa.h:91
#define POLARSSL_ERR_PK_FEATURE_UNAVAILABLE
Unavailable feature, e.g.
Definition: pk.h:63
#define POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
Definition: pkcs5.h:47
#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED
Private key password can&#39;t be empty.
Definition: pem.h:43
void rsa_free(rsa_context *ctx)
Free the components of an RSA key.
RSA context structure.
Definition: rsa.h:81
ecp_point G
Definition: ecp.h:142
Generic ASN.1 parsing.
mpi D
Definition: rsa.h:89
ecp_group_id id
Definition: ecp.h:138
mpi QP
Definition: rsa.h:94
Privacy Enhanced Mail (PEM) decoding.
cipher_type_t
Definition: cipher.h:79
mpi N
Definition: rsa.h:86
int pkcs5_pbes2(asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t datalen, unsigned char *output)
PKCS#5 PBES2 function.
int asn1_get_alg(unsigned char **p, const unsigned char *end, asn1_buf *alg, asn1_buf *params)
Retrieve an AlgorithmIdentifier ASN.1 sequence.
#define POLARSSL_ERR_PK_PASSWORD_REQUIRED
Private key password can&#39;t be empty.
Definition: pk.h:58
#define POLARSSL_ERR_PK_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
Definition: pk.h:59
mpi B
Definition: ecp.h:141
mpi N
Definition: ecp.h:143
unsigned char * p
ASN1 data, e.g.
Definition: asn1.h:124
Public key information and operations.
Definition: pk.h:130
void ecp_group_free(ecp_group *grp)
Free the components of an ECP group.
#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
Definition: pem.h:44
#define POLARSSL_ERR_PK_MALLOC_FAILED
Memory alloation failed.
Definition: pk.h:51
pk_type_t
Public key types.
Definition: pk.h:95
mpi E
Definition: rsa.h:87
int tag
ASN1 type, e.g.
Definition: asn1.h:122
mpi DP
Definition: rsa.h:92
int pk_parse_public_keyfile(pk_context *ctx, const char *path)
Load and parse a public key.
#define POLARSSL_ERR_ASN1_OUT_OF_DATA
Out of data when parsing an ASN1 data structure.
Definition: asn1.h:54
int oid_get_pkcs12_pbe_alg(const asn1_buf *oid, md_type_t *md_alg, cipher_type_t *cipher_alg)
Translate PKCS#12 PBE algorithm OID into md_type and cipher_type.
int pk_parse_subpubkey(unsigned char **p, const unsigned char *end, pk_context *pk)
Parse a SubjectPublicKeyInfo DER structure.
#define ASN1_BIT_STRING
Definition: asn1.h:77
#define ASN1_CONTEXT_SPECIFIC
Definition: asn1.h:93
int pk_init_ctx(pk_context *ctx, const pk_info_t *info)
Initialize a PK context with the information given and allocates the type-specific PK subcontext...
size_t mpi_msb(const mpi *X)
Return the number of bits up to and including the most significant &#39;1&#39; bit&#39;.
int ecp_use_known_dp(ecp_group *grp, ecp_group_id index)
Set a group using well-known domain parameters.
int mpi_read_binary(mpi *X, const unsigned char *buf, size_t buflen)
Import X from unsigned binary data, big endian.
Type-length-value structure that allows for ASN1 using DER.
Definition: asn1.h:120
The RSA public-key cryptosystem.
mpi A
Definition: ecp.h:140
int pkcs12_pbe_sha1_rc4_128(asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *input, size_t len, unsigned char *output)
PKCS12 Password Based function (encryption / decryption) for pbeWithSHAAnd128BitRC4.
int asn1_get_bitstring_null(unsigned char **p, const unsigned char *end, size_t *len)
Retrieve a bitstring ASN.1 tag without unused bits and its value.
int oid_get_ec_grp(const asn1_buf *oid, ecp_group_id *grp_id)
Translate NamedCurve OID into an EC group identifier.
size_t len
ASN1 length, e.g.
Definition: asn1.h:123
ecp_group_id
Domain parameters (curve, subgroup and generator) identifiers.
Definition: ecp.h:57
#define OID_ANSI_X9_62_PRIME_FIELD
Definition: oid.h:339
#define pk_rsa(pk)
Quick access to an RSA context inside a PK context.
Definition: pk.h:74
#define POLARSSL_PK_PARSE_EC_EXTENDED
Enhance support for reading EC keys using variants of SEC1 not allowed by RFC 5915 and RFC 5480...
Definition: config.h:620
void ecp_group_init(ecp_group *grp)
Initialize a group (to something meaningless)
size_t nbits
Definition: ecp.h:145
void pk_free(pk_context *ctx)
Free a pk_context.
int pk_parse_public_key(pk_context *ctx, const unsigned char *key, size_t keylen)
Parse a public key.
size_t mpi_size(const mpi *X)
Return the total size in bytes.
mpi Y
Definition: ecp.h:107
#define PKCS5_DECRYPT
Definition: pkcs5.h:49
int asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag)
Get the tag and length of the tag.
int mpi_get_bit(const mpi *X, size_t pos)
Get a specific bit from X.
int pk_parse_key(pk_context *ctx, const unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen)
Parse a private key.
ecp_point Q
Definition: ecp.h:167
#define ASN1_OCTET_STRING
Definition: asn1.h:78
mpi Z
Definition: ecp.h:108
int ecp_check_pubkey(const ecp_group *grp, const ecp_point *pt)
Check that a point is a valid public key on this curve.
#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT
No PEM header or footer found.
Definition: pem.h:38
#define polarssl_malloc
Definition: platform.h:90
int pk_parse_keyfile(pk_context *ctx, const char *path, const char *password)
Load and parse a private key.
int asn1_get_mpi(unsigned char **p, const unsigned char *end, mpi *X)
Retrieve a MPI value from an integer ASN.1 tag.
#define POLARSSL_ERR_PK_KEY_INVALID_VERSION
Unsupported key version.
Definition: pk.h:55
#define PKCS12_PBE_DECRYPT
Definition: pkcs12.h:45
int ver
Definition: rsa.h:83
#define POLARSSL_ERR_PK_INVALID_PUBKEY
The pubkey tag or value is invalid (only RSA and EC are supported).
Definition: pk.h:60
#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG
ASN1 tag was of an unexpected value.
Definition: asn1.h:55
#define POLARSSL_ERR_PK_UNKNOWN_PK_ALG
Key algorithm is unsupported (only RSA and EC are supported).
Definition: pk.h:57
PKCS#12 Personal Information Exchange Syntax.
Public key container.
Definition: pk.h:182
void ecp_keypair_free(ecp_keypair *key)
Free the components of a key pair.
const ecp_group_id * ecp_grp_id_list(void)
Get the list of supported curves in order of preferrence (grp_id only)
#define MPI_CHK(f)
Definition: bignum.h:65