Accueil Explorer Aide
Connexion
rotek
/
bt-67xx_universal_hw
2
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: c511c6096c
Branches Tags
bt-67xx_univers...
/
thirdparty
/
mbedTLS
/
library
/
pkparse.c

pkparse.c 38 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293 
  1. /*
    2. 

  2.  *  Public Key layer for parsing key files and structures
    3. 

  3.  *
    4. 

  4.  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
    5. 

  5.  *  SPDX-License-Identifier: Apache-2.0
    6. 

  6.  *
    7. 

  7.  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
    8. 

  8.  *  not use this file except in compliance with the License.
    9. 

  9.  *  You may obtain a copy of the License at
    10. 

  10.  *
    11. 

  11.  *  http://www.apache.org/licenses/LICENSE-2.0
    12. 

  12.  *
    13. 

  13.  *  Unless required by applicable law or agreed to in writing, software
    14. 

  14.  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
    15. 

  15.  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    16. 

  16.  *  See the License for the specific language governing permissions and
    17. 

  17.  *  limitations under the License.
    18. 

  18.  *
    19. 

  19.  *  This file is part of mbed TLS (https://tls.mbed.org)
    20. 

  20.  */
    21. 

  21. 

  22. #if !defined(MBEDTLS_CONFIG_FILE)
    23. 

  23. #include "mbedtls/config.h"
    24. 

  24. #else
    25. 

  25. #include MBEDTLS_CONFIG_FILE
    26. 

  26. #endif
    27. 

  27. 

  28. #if defined(MBEDTLS_PK_PARSE_C)
    29. 

  29. 

  30. #include "mbedtls/pk.h"
    31. 

  31. #include "mbedtls/asn1.h"
    32. 

  32. #include "mbedtls/oid.h"
    33. 

  33. 

  34. #include <string.h>
    35. 

  35. 

  36. #if defined(MBEDTLS_RSA_C)
    37. 

  37. #include "mbedtls/rsa.h"
    38. 

  38. #endif
    39. 

  39. #if defined(MBEDTLS_ECP_C)
    40. 

  40. #include "mbedtls/ecp.h"
    41. 

  41. #endif
    42. 

  42. #if defined(MBEDTLS_ECDSA_C)
    43. 

  43. #include "mbedtls/ecdsa.h"
    44. 

  44. #endif
    45. 

  45. #if defined(MBEDTLS_PEM_PARSE_C)
    46. 

  46. #include "mbedtls/pem.h"
    47. 

  47. #endif
    48. 

  48. #if defined(MBEDTLS_PKCS5_C)
    49. 

  49. #include "mbedtls/pkcs5.h"
    50. 

  50. #endif
    51. 

  51. #if defined(MBEDTLS_PKCS12_C)
    52. 

  52. #include "mbedtls/pkcs12.h"
    53. 

  53. #endif
    54. 

  54. 

  55. #if defined(MBEDTLS_PLATFORM_C)
    56. 

  56. #include "mbedtls/platform.h"
    57. 

  57. #else
    58. 

  58. #include <stdlib.h>
    59. 

  59. #define mbedtls_calloc    calloc
    60. 

  60. #define mbedtls_free       free
    61. 

  61. #endif
    62. 

  62. 

  63. #if defined(MBEDTLS_FS_IO)
    64. 

  64. /* Implementation that should never be optimized out by the compiler */
    65. 

  65. static void mbedtls_zeroize( void *v, size_t n ) {
    66. 

  66.     volatile unsigned char *p = v; while( n-- ) *p++ = 0;
    67. 

  67. }
    68. 

  68. 

  69. /*
    70. 

  70.  * Load all data from a file into a given buffer.
    71. 

  71.  *
    72. 

  72.  * The file is expected to contain either PEM or DER encoded data.
    73. 

  73.  * A terminating null byte is always appended. It is included in the announced
    74. 

  74.  * length only if the data looks like it is PEM encoded.
    75. 

  75.  */
    76. 

  76. int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
    77. 

  77. {
    78. 

  78.     FILE *f;
    79. 

  79.     long size;
    80. 

  80. 

  81.     if( ( f = fopen( path, "rb" ) ) == NULL )
    82. 

  82.         return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
    83. 

  83. 

  84.     fseek( f, 0, SEEK_END );
    85. 

  85.     if( ( size = ftell( f ) ) == -1 )
    86. 

  86.     {
    87. 

  87.         fclose( f );
    88. 

  88.         return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
    89. 

  89.     }
    90. 

  90.     fseek( f, 0, SEEK_SET );
    91. 

  91. 

  92.     *n = (size_t) size;
    93. 

  93. 

  94.     if( *n + 1 == 0 ||
    95. 

  95.         ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
    96. 

  96.     {
    97. 

  97.         fclose( f );
    98. 

  98.         return( MBEDTLS_ERR_PK_ALLOC_FAILED );
    99. 

  99.     }
    100. 

  100. 

  101.     if( fread( *buf, 1, *n, f ) != *n )
    102. 

  102.     {
    103. 

  103.         fclose( f );
    104. 

  104.         mbedtls_free( *buf );
    105. 

  105.         return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
    106. 

  106.     }
    107. 

  107. 

  108.     fclose( f );
    109. 

  109. 

  110.     (*buf)[*n] = '\0';
    111. 

  111. 

  112.     if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL )
    113. 

  113.         ++*n;
    114. 

  114. 

  115.     return( 0 );
    116. 

  116. }
    117. 

  117. 

  118. /*
    119. 

  119.  * Load and parse a private key
    120. 

  120.  */
    121. 

  121. int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
    122. 

  122.                       const char *path, const char *pwd )
    123. 

  123. {
    124. 

  124.     int ret;
    125. 

  125.     size_t n;
    126. 

  126.     unsigned char *buf;
    127. 

  127. 

  128.     if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
    129. 

  129.         return( ret );
    130. 

  130. 

  131.     if( pwd == NULL )
    132. 

  132.         ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 );
    133. 

  133.     else
    134. 

  134.         ret = mbedtls_pk_parse_key( ctx, buf, n,
    135. 

  135.                 (const unsigned char *) pwd, strlen( pwd ) );
    136. 

  136. 

  137.     mbedtls_zeroize( buf, n );
    138. 

  138.     mbedtls_free( buf );
    139. 

  139. 

  140.     return( ret );
    141. 

  141. }
    142. 

  142. 

  143. /*
    144. 

  144.  * Load and parse a public key
    145. 

  145.  */
    146. 

  146. int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
    147. 

  147. {
    148. 

  148.     int ret;
    149. 

  149.     size_t n;
    150. 

  150.     unsigned char *buf;
    151. 

  151. 

  152.     if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
    153. 

  153.         return( ret );
    154. 

  154. 

  155.     ret = mbedtls_pk_parse_public_key( ctx, buf, n );
    156. 

  156. 

  157.     mbedtls_zeroize( buf, n );
    158. 

  158.     mbedtls_free( buf );
    159. 

  159. 

  160.     return( ret );
    161. 

  161. }
    162. 

  162. #endif /* MBEDTLS_FS_IO */
    163. 

  163. 

  164. #if defined(MBEDTLS_ECP_C)
    165. 

  165. /* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf
    166. 

  166.  *
    167. 

  167.  * ECParameters ::= CHOICE {
    168. 

  168.  *   namedCurve         OBJECT IDENTIFIER
    169. 

  169.  *   specifiedCurve     SpecifiedECDomain -- = SEQUENCE { ... }
    170. 

  170.  *   -- implicitCurve   NULL
    171. 

  171.  * }
    172. 

  172.  */
    173. 

  173. static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
    174. 

  174.                             mbedtls_asn1_buf *params )
    175. 

  175. {
    176. 

  176.     int ret;
    177. 

  177. 

  178.     /* Tag may be either OID or SEQUENCE */
    179. 

  179.     params->tag = **p;
    180. 

  180.     if( params->tag != MBEDTLS_ASN1_OID
    181. 

  181. #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
    182. 

  182.             && params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE )
    183. 

  183. #endif
    184. 

  184.             )
    185. 

  185.     {
    186. 

  186.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
    187. 

  187.                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
    188. 

  188.     }
    189. 

  189. 

  190.     if( ( ret = mbedtls_asn1_get_tag( p, end, &params->len, params->tag ) ) != 0 )
    191. 

  191.     {
    192. 

  192.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    193. 

  193.     }
    194. 

  194. 

  195.     params->p = *p;
    196. 

  196.     *p += params->len;
    197. 

  197. 

  198.     if( *p != end )
    199. 

  199.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
    200. 

  200.                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
    201. 

  201. 

  202.     return( 0 );
    203. 

  203. }
    204. 

  204. 

  205. #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
    206. 

  206. /*
    207. 

  207.  * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it.
    208. 

  208.  * WARNING: the resulting group should only be used with
    209. 

  209.  * pk_group_id_from_specified(), since its base point may not be set correctly
    210. 

  210.  * if it was encoded compressed.
    211. 

  211.  *
    212. 

  212.  *  SpecifiedECDomain ::= SEQUENCE {
    213. 

  213.  *      version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...),
    214. 

  214.  *      fieldID FieldID {{FieldTypes}},
    215. 

  215.  *      curve Curve,
    216. 

  216.  *      base ECPoint,
    217. 

  217.  *      order INTEGER,
    218. 

  218.  *      cofactor INTEGER OPTIONAL,
    219. 

  219.  *      hash HashAlgorithm OPTIONAL,
    220. 

  220.  *      ...
    221. 

  221.  *  }
    222. 

  222.  *
    223. 

  223.  * We only support prime-field as field type, and ignore hash and cofactor.
    224. 

  224.  */
    225. 

  225. static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
    226. 

  226. {
    227. 

  227.     int ret;
    228. 

  228.     unsigned char *p = params->p;
    229. 

  229.     const unsigned char * const end = params->p + params->len;
    230. 

  230.     const unsigned char *end_field, *end_curve;
    231. 

  231.     size_t len;
    232. 

  232.     int ver;
    233. 

  233. 

  234.     /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */
    235. 

  235.     if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 )
    236. 

  236.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    237. 

  237. 

  238.     if( ver < 1 || ver > 3 )
    239. 

  239.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
    240. 

  240. 

  241.     /*
    242. 

  242.      * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field
    243. 

  243.      *       fieldType FIELD-ID.&id({IOSet}),
    244. 

  244.      *       parameters FIELD-ID.&Type({IOSet}{@fieldType})
    245. 

  245.      * }
    246. 

  246.      */
    247. 

  247.     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
    248. 

  248.             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
    249. 

  249.         return( ret );
    250. 

  250. 

  251.     end_field = p + len;
    252. 

  252. 

  253.     /*
    254. 

  254.      * FIELD-ID ::= TYPE-IDENTIFIER
    255. 

  255.      * FieldTypes FIELD-ID ::= {
    256. 

  256.      *       { Prime-p IDENTIFIED BY prime-field } |
    257. 

  257.      *       { Characteristic-two IDENTIFIED BY characteristic-two-field }
    258. 

  258.      * }
    259. 

  259.      * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
    260. 

  260.      */
    261. 

  261.     if( ( ret = mbedtls_asn1_get_tag( &p, end_field, &len, MBEDTLS_ASN1_OID ) ) != 0 )
    262. 

  262.         return( ret );
    263. 

  263. 

  264.     if( len != MBEDTLS_OID_SIZE( MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD ) ||
    265. 

  265.         memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 )
    266. 

  266.     {
    267. 

  267.         return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
    268. 

  268.     }
    269. 

  269. 

  270.     p += len;
    271. 

  271. 

  272.     /* Prime-p ::= INTEGER -- Field of size p. */
    273. 

  273.     if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 )
    274. 

  274.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    275. 

  275. 

  276.     grp->pbits = mbedtls_mpi_bitlen( &grp->P );
    277. 

  277. 

  278.     if( p != end_field )
    279. 

  279.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
    280. 

  280.                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
    281. 

  281. 

  282.     /*
    283. 

  283.      * Curve ::= SEQUENCE {
    284. 

  284.      *       a FieldElement,
    285. 

  285.      *       b FieldElement,
    286. 

  286.      *       seed BIT STRING OPTIONAL
    287. 

  287.      *       -- Shall be present if used in SpecifiedECDomain
    288. 

  288.      *       -- with version equal to ecdpVer2 or ecdpVer3
    289. 

  289.      * }
    290. 

  290.      */
    291. 

  291.     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
    292. 

  292.             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
    293. 

  293.         return( ret );
    294. 

  294. 

  295.     end_curve = p + len;
    296. 

  296. 

  297.     /*
    298. 

  298.      * FieldElement ::= OCTET STRING
    299. 

  299.      * containing an integer in the case of a prime field
    300. 

  300.      */
    301. 

  301.     if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
    302. 

  302.         ( ret = mbedtls_mpi_read_binary( &grp->A, p, len ) ) != 0 )
    303. 

  303.     {
    304. 

  304.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    305. 

  305.     }
    306. 

  306. 

  307.     p += len;
    308. 

  308. 

  309.     if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
    310. 

  310.         ( ret = mbedtls_mpi_read_binary( &grp->B, p, len ) ) != 0 )
    311. 

  311.     {
    312. 

  312.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    313. 

  313.     }
    314. 

  314. 

  315.     p += len;
    316. 

  316. 

  317.     /* Ignore seed BIT STRING OPTIONAL */
    318. 

  318.     if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING ) ) == 0 )
    319. 

  319.         p += len;
    320. 

  320. 

  321.     if( p != end_curve )
    322. 

  322.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
    323. 

  323.                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
    324. 

  324. 

  325.     /*
    326. 

  326.      * ECPoint ::= OCTET STRING
    327. 

  327.      */
    328. 

  328.     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
    329. 

  329.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    330. 

  330. 

  331.     if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G,
    332. 

  332.                                       ( const unsigned char *) p, len ) ) != 0 )
    333. 

  333.     {
    334. 

  334.         /*
    335. 

  335.          * If we can't read the point because it's compressed, cheat by
    336. 

  336.          * reading only the X coordinate and the parity bit of Y.
    337. 

  337.          */
    338. 

  338.         if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ||
    339. 

  339.             ( p[0] != 0x02 && p[0] != 0x03 ) ||
    340. 

  340.             len != mbedtls_mpi_size( &grp->P ) + 1 ||
    341. 

  341.             mbedtls_mpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 ||
    342. 

  342.             mbedtls_mpi_lset( &grp->G.Y, p[0] - 2 ) != 0 ||
    343. 

  343.             mbedtls_mpi_lset( &grp->G.Z, 1 ) != 0 )
    344. 

  344.         {
    345. 

  345.             return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
    346. 

  346.         }
    347. 

  347.     }
    348. 

  348. 

  349.     p += len;
    350. 

  350. 

  351.     /*
    352. 

  352.      * order INTEGER
    353. 

  353.      */
    354. 

  354.     if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N ) ) != 0 )
    355. 

  355.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    356. 

  356. 

  357.     grp->nbits = mbedtls_mpi_bitlen( &grp->N );
    358. 

  358. 

  359.     /*
    360. 

  360.      * Allow optional elements by purposefully not enforcing p == end here.
    361. 

  361.      */
    362. 

  362. 

  363.     return( 0 );
    364. 

  364. }
    365. 

  365. 

  366. /*
    367. 

  367.  * Find the group id associated with an (almost filled) group as generated by
    368. 

  368.  * pk_group_from_specified(), or return an error if unknown.
    369. 

  369.  */
    370. 

  370. static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id )
    371. 

  371. {
    372. 

  372.     int ret = 0;
    373. 

  373.     mbedtls_ecp_group ref;
    374. 

  374.     const mbedtls_ecp_group_id *id;
    375. 

  375. 

  376.     mbedtls_ecp_group_init( &ref );
    377. 

  377. 

  378.     for( id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++ )
    379. 

  379.     {
    380. 

  380.         /* Load the group associated to that id */
    381. 

  381.         mbedtls_ecp_group_free( &ref );
    382. 

  382.         MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ref, *id ) );
    383. 

  383. 

  384.         /* Compare to the group we were given, starting with easy tests */
    385. 

  385.         if( grp->pbits == ref.pbits && grp->nbits == ref.nbits &&
    386. 

  386.             mbedtls_mpi_cmp_mpi( &grp->P, &ref.P ) == 0 &&
    387. 

  387.             mbedtls_mpi_cmp_mpi( &grp->A, &ref.A ) == 0 &&
    388. 

  388.             mbedtls_mpi_cmp_mpi( &grp->B, &ref.B ) == 0 &&
    389. 

  389.             mbedtls_mpi_cmp_mpi( &grp->N, &ref.N ) == 0 &&
    390. 

  390.             mbedtls_mpi_cmp_mpi( &grp->G.X, &ref.G.X ) == 0 &&
    391. 

  391.             mbedtls_mpi_cmp_mpi( &grp->G.Z, &ref.G.Z ) == 0 &&
    392. 

  392.             /* For Y we may only know the parity bit, so compare only that */
    393. 

  393.             mbedtls_mpi_get_bit( &grp->G.Y, 0 ) == mbedtls_mpi_get_bit( &ref.G.Y, 0 ) )
    394. 

  394.         {
    395. 

  395.             break;
    396. 

  396.         }
    397. 

  397. 

  398.     }
    399. 

  399. 

  400. cleanup:
    401. 

  401.     mbedtls_ecp_group_free( &ref );
    402. 

  402. 

  403.     *grp_id = *id;
    404. 

  404. 

  405.     if( ret == 0 && *id == MBEDTLS_ECP_DP_NONE )
    406. 

  406.         ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
    407. 

  407. 

  408.     return( ret );
    409. 

  409. }
    410. 

  410. 

  411. /*
    412. 

  412.  * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID
    413. 

  413.  */
    414. 

  414. static int pk_group_id_from_specified( const mbedtls_asn1_buf *params,
    415. 

  415.                                        mbedtls_ecp_group_id *grp_id )
    416. 

  416. {
    417. 

  417.     int ret;
    418. 

  418.     mbedtls_ecp_group grp;
    419. 

  419. 

  420.     mbedtls_ecp_group_init( &grp );
    421. 

  421. 

  422.     if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 )
    423. 

  423.         goto cleanup;
    424. 

  424. 

  425.     ret = pk_group_id_from_group( &grp, grp_id );
    426. 

  426. 

  427. cleanup:
    428. 

  428.     mbedtls_ecp_group_free( &grp );
    429. 

  429. 

  430.     return( ret );
    431. 

  431. }
    432. 

  432. #endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
    433. 

  433. 

  434. /*
    435. 

  435.  * Use EC parameters to initialise an EC group
    436. 

  436.  *
    437. 

  437.  * ECParameters ::= CHOICE {
    438. 

  438.  *   namedCurve         OBJECT IDENTIFIER
    439. 

  439.  *   specifiedCurve     SpecifiedECDomain -- = SEQUENCE { ... }
    440. 

  440.  *   -- implicitCurve   NULL
    441. 

  441.  */
    442. 

  442. static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
    443. 

  443. {
    444. 

  444.     int ret;
    445. 

  445.     mbedtls_ecp_group_id grp_id;
    446. 

  446. 

  447.     if( params->tag == MBEDTLS_ASN1_OID )
    448. 

  448.     {
    449. 

  449.         if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 )
    450. 

  450.             return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE );
    451. 

  451.     }
    452. 

  452.     else
    453. 

  453.     {
    454. 

  454. #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
    455. 

  455.         if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 )
    456. 

  456.             return( ret );
    457. 

  457. #else
    458. 

  458.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
    459. 

  459. #endif
    460. 

  460.     }
    461. 

  461. 

  462.     /*
    463. 

  463.      * grp may already be initilialized; if so, make sure IDs match
    464. 

  464.      */
    465. 

  465.     if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id )
    466. 

  466.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
    467. 

  467. 

  468.     if( ( ret = mbedtls_ecp_group_load( grp, grp_id ) ) != 0 )
    469. 

  469.         return( ret );
    470. 

  470. 

  471.     return( 0 );
    472. 

  472. }
    473. 

  473. 

  474. /*
    475. 

  475.  * EC public key is an EC point
    476. 

  476.  *
    477. 

  477.  * The caller is responsible for clearing the structure upon failure if
    478. 

  478.  * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE
    479. 

  479.  * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state.
    480. 

  480.  */
    481. 

  481. static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
    482. 

  482.                             mbedtls_ecp_keypair *key )
    483. 

  483. {
    484. 

  484.     int ret;
    485. 

  485. 

  486.     if( ( ret = mbedtls_ecp_point_read_binary( &key->grp, &key->Q,
    487. 

  487.                     (const unsigned char *) *p, end - *p ) ) == 0 )
    488. 

  488.     {
    489. 

  489.         ret = mbedtls_ecp_check_pubkey( &key->grp, &key->Q );
    490. 

  490.     }
    491. 

  491. 

  492.     /*
    493. 

  493.      * We know mbedtls_ecp_point_read_binary consumed all bytes or failed
    494. 

  494.      */
    495. 

  495.     *p = (unsigned char *) end;
    496. 

  496. 

  497.     return( ret );
    498. 

  498. }
    499. 

  499. #endif /* MBEDTLS_ECP_C */
    500. 

  500. 

  501. #if defined(MBEDTLS_RSA_C)
    502. 

  502. /*
    503. 

  503.  *  RSAPublicKey ::= SEQUENCE {
    504. 

  504.  *      modulus           INTEGER,  -- n
    505. 

  505.  *      publicExponent    INTEGER   -- e
    506. 

  506.  *  }
    507. 

  507.  */
    508. 

  508. static int pk_get_rsapubkey( unsigned char **p,
    509. 

  509.                              const unsigned char *end,
    510. 

  510.                              mbedtls_rsa_context *rsa )
    511. 

  511. {
    512. 

  512.     int ret;
    513. 

  513.     size_t len;
    514. 

  514. 

  515.     if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
    516. 

  516.             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
    517. 

  517.         return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
    518. 

  518. 

  519.     if( *p + len != end )
    520. 

  520.         return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
    521. 

  521.                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
    522. 

  522. 

  523.     if( ( ret = mbedtls_asn1_get_mpi( p, end, &rsa->N ) ) != 0 ||
    524. 

  524.         ( ret = mbedtls_asn1_get_mpi( p, end, &rsa->E ) ) != 0 )
    525. 

  525.         return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
    526. 

  526. 

  527.     if( *p != end )
    528. 

  528.         return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
    529. 

  529.                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
    530. 

  530. 

  531.     if( ( ret = mbedtls_rsa_check_pubkey( rsa ) ) != 0 )
    532. 

  532.         return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
    533. 

  533. 

  534.     rsa->len = mbedtls_mpi_size( &rsa->N );
    535. 

  535. 

  536.     return( 0 );
    537. 

  537. }
    538. 

  538. #endif /* MBEDTLS_RSA_C */
    539. 

  539. 

  540. /* Get a PK algorithm identifier
    541. 

  541.  *
    542. 

  542.  *  AlgorithmIdentifier  ::=  SEQUENCE  {
    543. 

  543.  *       algorithm               OBJECT IDENTIFIER,
    544. 

  544.  *       parameters              ANY DEFINED BY algorithm OPTIONAL  }
    545. 

  545.  */
    546. 

  546. static int pk_get_pk_alg( unsigned char **p,
    547. 

  547.                           const unsigned char *end,
    548. 

  548.                           mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params )
    549. 

  549. {
    550. 

  550.     int ret;
    551. 

  551.     mbedtls_asn1_buf alg_oid;
    552. 

  552. 

  553.     memset( params, 0, sizeof(mbedtls_asn1_buf) );
    554. 

  554. 

  555.     if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
    556. 

  556.         return( MBEDTLS_ERR_PK_INVALID_ALG + ret );
    557. 

  557. 

  558.     if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 )
    559. 

  559.         return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
    560. 

  560. 

  561.     /*
    562. 

  562.      * No parameters with RSA (only for EC)
    563. 

  563.      */
    564. 

  564.     if( *pk_alg == MBEDTLS_PK_RSA &&
    565. 

  565.             ( ( params->tag != MBEDTLS_ASN1_NULL && params->tag != 0 ) ||
    566. 

  566.                 params->len != 0 ) )
    567. 

  567.     {
    568. 

  568.         return( MBEDTLS_ERR_PK_INVALID_ALG );
    569. 

  569.     }
    570. 

  570. 

  571.     return( 0 );
    572. 

  572. }
    573. 

  573. 

  574. /*
    575. 

  575.  *  SubjectPublicKeyInfo  ::=  SEQUENCE  {
    576. 

  576.  *       algorithm            AlgorithmIdentifier,
    577. 

  577.  *       subjectPublicKey     BIT STRING }
    578. 

  578.  */
    579. 

  579. int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
    580. 

  580.                         mbedtls_pk_context *pk )
    581. 

  581. {
    582. 

  582.     int ret;
    583. 

  583.     size_t len;
    584. 

  584.     mbedtls_asn1_buf alg_params;
    585. 

  585.     mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
    586. 

  586.     const mbedtls_pk_info_t *pk_info;
    587. 

  587. 

  588.     if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
    589. 

  589.                     MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
    590. 

  590.     {
    591. 

  591.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    592. 

  592.     }
    593. 

  593. 

  594.     end = *p + len;
    595. 

  595. 

  596.     if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
    597. 

  597.         return( ret );
    598. 

  598. 

  599.     if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
    600. 

  600.         return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
    601. 

  601. 

  602.     if( *p + len != end )
    603. 

  603.         return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
    604. 

  604.                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
    605. 

  605. 

  606.     if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
    607. 

  607.         return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
    608. 

  608. 

  609.     if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
    610. 

  610.         return( ret );
    611. 

  611. 

  612. #if defined(MBEDTLS_RSA_C)
    613. 

  613.     if( pk_alg == MBEDTLS_PK_RSA )
    614. 

  614.     {
    615. 

  615.         ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) );
    616. 

  616.     } else
    617. 

  617. #endif /* MBEDTLS_RSA_C */
    618. 

  618. #if defined(MBEDTLS_ECP_C)
    619. 

  619.     if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY )
    620. 

  620.     {
    621. 

  621.         ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp );
    622. 

  622.         if( ret == 0 )
    623. 

  623.             ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) );
    624. 

  624.     } else
    625. 

  625. #endif /* MBEDTLS_ECP_C */
    626. 

  626.         ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
    627. 

  627. 

  628.     if( ret == 0 && *p != end )
    629. 

  629.         ret = MBEDTLS_ERR_PK_INVALID_PUBKEY
    630. 

  630.               MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
    631. 

  631. 

  632.     if( ret != 0 )
    633. 

  633.         mbedtls_pk_free( pk );
    634. 

  634. 

  635.     return( ret );
    636. 

  636. }
    637. 

  637. 

  638. #if defined(MBEDTLS_RSA_C)
    639. 

  639. /*
    640. 

  640.  * Parse a PKCS#1 encoded private RSA key
    641. 

  641.  */
    642. 

  642. static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
    643. 

  643.                                    const unsigned char *key,
    644. 

  644.                                    size_t keylen )
    645. 

  645. {
    646. 

  646.     int ret;
    647. 

  647.     size_t len;
    648. 

  648.     unsigned char *p, *end;
    649. 

  649. 

  650.     p = (unsigned char *) key;
    651. 

  651.     end = p + keylen;
    652. 

  652. 

  653.     /*
    654. 

  654.      * This function parses the RSAPrivateKey (PKCS#1)
    655. 

  655.      *
    656. 

  656.      *  RSAPrivateKey ::= SEQUENCE {
    657. 

  657.      *      version           Version,
    658. 

  658.      *      modulus           INTEGER,  -- n
    659. 

  659.      *      publicExponent    INTEGER,  -- e
    660. 

  660.      *      privateExponent   INTEGER,  -- d
    661. 

  661.      *      prime1            INTEGER,  -- p
    662. 

  662.      *      prime2            INTEGER,  -- q
    663. 

  663.      *      exponent1         INTEGER,  -- d mod (p-1)
    664. 

  664.      *      exponent2         INTEGER,  -- d mod (q-1)
    665. 

  665.      *      coefficient       INTEGER,  -- (inverse of q) mod p
    666. 

  666.      *      otherPrimeInfos   OtherPrimeInfos OPTIONAL
    667. 

  667.      *  }
    668. 

  668.      */
    669. 

  669.     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
    670. 

  670.             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
    671. 

  671.     {
    672. 

  672.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    673. 

  673.     }
    674. 

  674. 

  675.     end = p + len;
    676. 

  676. 

  677.     if( ( ret = mbedtls_asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
    678. 

  678.     {
    679. 

  679.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    680. 

  680.     }
    681. 

  681. 

  682.     if( rsa->ver != 0 )
    683. 

  683.     {
    684. 

  684.         return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
    685. 

  685.     }
    686. 

  686. 

  687.     if( ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->N  ) ) != 0 ||
    688. 

  688.         ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->E  ) ) != 0 ||
    689. 

  689.         ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->D  ) ) != 0 ||
    690. 

  690.         ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->P  ) ) != 0 ||
    691. 

  691.         ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->Q  ) ) != 0 ||
    692. 

  692.         ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||
    693. 

  693.         ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
    694. 

  694.         ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
    695. 

  695.     {
    696. 

  696.         mbedtls_rsa_free( rsa );
    697. 

  697.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    698. 

  698.     }
    699. 

  699. 

  700.     rsa->len = mbedtls_mpi_size( &rsa->N );
    701. 

  701. 

  702.     if( p != end )
    703. 

  703.     {
    704. 

  704.         mbedtls_rsa_free( rsa );
    705. 

  705.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
    706. 

  706.                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
    707. 

  707.     }
    708. 

  708. 

  709.     if( ( ret = mbedtls_rsa_check_privkey( rsa ) ) != 0 )
    710. 

  710.     {
    711. 

  711.         mbedtls_rsa_free( rsa );
    712. 

  712.         return( ret );
    713. 

  713.     }
    714. 

  714. 

  715.     return( 0 );
    716. 

  716. }
    717. 

  717. #endif /* MBEDTLS_RSA_C */
    718. 

  718. 

  719. #if defined(MBEDTLS_ECP_C)
    720. 

  720. /*
    721. 

  721.  * Parse a SEC1 encoded private EC key
    722. 

  722.  */
    723. 

  723. static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
    724. 

  724.                                   const unsigned char *key,
    725. 

  725.                                   size_t keylen )
    726. 

  726. {
    727. 

  727.     int ret;
    728. 

  728.     int version, pubkey_done;
    729. 

  729.     size_t len;
    730. 

  730.     mbedtls_asn1_buf params;
    731. 

  731.     unsigned char *p = (unsigned char *) key;
    732. 

  732.     unsigned char *end = p + keylen;
    733. 

  733.     unsigned char *end2;
    734. 

  734. 

  735.     /*
    736. 

  736.      * RFC 5915, or SEC1 Appendix C.4
    737. 

  737.      *
    738. 

  738.      * ECPrivateKey ::= SEQUENCE {
    739. 

  739.      *      version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
    740. 

  740.      *      privateKey     OCTET STRING,
    741. 

  741.      *      parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
    742. 

  742.      *      publicKey  [1] BIT STRING OPTIONAL
    743. 

  743.      *    }
    744. 

  744.      */
    745. 

  745.     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
    746. 

  746.             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
    747. 

  747.     {
    748. 

  748.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    749. 

  749.     }
    750. 

  750. 

  751.     end = p + len;
    752. 

  752. 

  753.     if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
    754. 

  754.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    755. 

  755. 

  756.     if( version != 1 )
    757. 

  757.         return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
    758. 

  758. 

  759.     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
    760. 

  760.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    761. 

  761. 

  762.     if( ( ret = mbedtls_mpi_read_binary( &eck->d, p, len ) ) != 0 )
    763. 

  763.     {
    764. 

  764.         mbedtls_ecp_keypair_free( eck );
    765. 

  765.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    766. 

  766.     }
    767. 

  767. 

  768.     p += len;
    769. 

  769. 

  770.     pubkey_done = 0;
    771. 

  771.     if( p != end )
    772. 

  772.     {
    773. 

  773.         /*
    774. 

  774.          * Is 'parameters' present?
    775. 

  775.          */
    776. 

  776.         if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
    777. 

  777.                         MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
    778. 

  778.         {
    779. 

  779.             if( ( ret = pk_get_ecparams( &p, p + len, &params) ) != 0 ||
    780. 

  780.                 ( ret = pk_use_ecparams( &params, &eck->grp )  ) != 0 )
    781. 

  781.             {
    782. 

  782.                 mbedtls_ecp_keypair_free( eck );
    783. 

  783.                 return( ret );
    784. 

  784.             }
    785. 

  785.         }
    786. 

  786.         else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
    787. 

  787.         {
    788. 

  788.             mbedtls_ecp_keypair_free( eck );
    789. 

  789.             return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    790. 

  790.         }
    791. 

  791. 

  792.         /*
    793. 

  793.          * Is 'publickey' present? If not, or if we can't read it (eg because it
    794. 

  794.          * is compressed), create it from the private key.
    795. 

  795.          */
    796. 

  796.         if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
    797. 

  797.                         MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
    798. 

  798.         {
    799. 

  799.             end2 = p + len;
    800. 

  800. 

  801.             if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
    802. 

  802.                 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    803. 

  803. 

  804.             if( p + len != end2 )
    805. 

  805.                 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
    806. 

  806.                         MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
    807. 

  807. 

  808.             if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
    809. 

  809.                 pubkey_done = 1;
    810. 

  810.             else
    811. 

  811.             {
    812. 

  812.                 /*
    813. 

  813.                  * The only acceptable failure mode of pk_get_ecpubkey() above
    814. 

  814.                  * is if the point format is not recognized.
    815. 

  815.                  */
    816. 

  816.                 if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE )
    817. 

  817.                     return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
    818. 

  818.             }
    819. 

  819.         }
    820. 

  820.         else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
    821. 

  821.         {
    822. 

  822.             mbedtls_ecp_keypair_free( eck );
    823. 

  823.             return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    824. 

  824.         }
    825. 

  825.     }
    826. 

  826. 

  827.     if( ! pubkey_done &&
    828. 

  828.         ( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
    829. 

  829.                                                       NULL, NULL ) ) != 0 )
    830. 

  830.     {
    831. 

  831.         mbedtls_ecp_keypair_free( eck );
    832. 

  832.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    833. 

  833.     }
    834. 

  834. 

  835.     if( ( ret = mbedtls_ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 )
    836. 

  836.     {
    837. 

  837.         mbedtls_ecp_keypair_free( eck );
    838. 

  838.         return( ret );
    839. 

  839.     }
    840. 

  840. 

  841.     return( 0 );
    842. 

  842. }
    843. 

  843. #endif /* MBEDTLS_ECP_C */
    844. 

  844. 

  845. /*
    846. 

  846.  * Parse an unencrypted PKCS#8 encoded private key
    847. 

  847.  */
    848. 

  848. static int pk_parse_key_pkcs8_unencrypted_der(
    849. 

  849.                                     mbedtls_pk_context *pk,
    850. 

  850.                                     const unsigned char* key,
    851. 

  851.                                     size_t keylen )
    852. 

  852. {
    853. 

  853.     int ret, version;
    854. 

  854.     size_t len;
    855. 

  855.     mbedtls_asn1_buf params;
    856. 

  856.     unsigned char *p = (unsigned char *) key;
    857. 

  857.     unsigned char *end = p + keylen;
    858. 

  858.     mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
    859. 

  859.     const mbedtls_pk_info_t *pk_info;
    860. 

  860. 

  861.     /*
    862. 

  862.      * This function parses the PrivatKeyInfo object (PKCS#8 v1.2 = RFC 5208)
    863. 

  863.      *
    864. 

  864.      *    PrivateKeyInfo ::= SEQUENCE {
    865. 

  865.      *      version                   Version,
    866. 

  866.      *      privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
    867. 

  867.      *      privateKey                PrivateKey,
    868. 

  868.      *      attributes           [0]  IMPLICIT Attributes OPTIONAL }
    869. 

  869.      *
    870. 

  870.      *    Version ::= INTEGER
    871. 

  871.      *    PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
    872. 

  872.      *    PrivateKey ::= OCTET STRING
    873. 

  873.      *
    874. 

  874.      *  The PrivateKey OCTET STRING is a SEC1 ECPrivateKey
    875. 

  875.      */
    876. 

  876. 

  877.     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
    878. 

  878.             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
    879. 

  879.     {
    880. 

  880.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    881. 

  881.     }
    882. 

  882. 

  883.     end = p + len;
    884. 

  884. 

  885.     if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
    886. 

  886.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    887. 

  887. 

  888.     if( version != 0 )
    889. 

  889.         return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret );
    890. 

  890. 

  891.     if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, &params ) ) != 0 )
    892. 

  892.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    893. 

  893. 

  894.     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
    895. 

  895.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    896. 

  896. 

  897.     if( len < 1 )
    898. 

  898.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
    899. 

  899.                 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
    900. 

  900. 

  901.     if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
    902. 

  902.         return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
    903. 

  903. 

  904.     if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
    905. 

  905.         return( ret );
    906. 

  906. 

  907. #if defined(MBEDTLS_RSA_C)
    908. 

  908.     if( pk_alg == MBEDTLS_PK_RSA )
    909. 

  909.     {
    910. 

  910.         if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 )
    911. 

  911.         {
    912. 

  912.             mbedtls_pk_free( pk );
    913. 

  913.             return( ret );
    914. 

  914.         }
    915. 

  915.     } else
    916. 

  916. #endif /* MBEDTLS_RSA_C */
    917. 

  917. #if defined(MBEDTLS_ECP_C)
    918. 

  918.     if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH )
    919. 

  919.     {
    920. 

  920.         if( ( ret = pk_use_ecparams( &params, &mbedtls_pk_ec( *pk )->grp ) ) != 0 ||
    921. 

  921.             ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len )  ) != 0 )
    922. 

  922.         {
    923. 

  923.             mbedtls_pk_free( pk );
    924. 

  924.             return( ret );
    925. 

  925.         }
    926. 

  926.     } else
    927. 

  927. #endif /* MBEDTLS_ECP_C */
    928. 

  928.         return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
    929. 

  929. 

  930.     return( 0 );
    931. 

  931. }
    932. 

  932. 

  933. /*
    934. 

  934.  * Parse an encrypted PKCS#8 encoded private key
    935. 

  935.  */
    936. 

  936. #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
    937. 

  937. static int pk_parse_key_pkcs8_encrypted_der(
    938. 

  938.                                     mbedtls_pk_context *pk,
    939. 

  939.                                     const unsigned char *key, size_t keylen,
    940. 

  940.                                     const unsigned char *pwd, size_t pwdlen )
    941. 

  941. {
    942. 

  942.     int ret, decrypted = 0;
    943. 

  943.     size_t len;
    944. 

  944.     unsigned char buf[2048];
    945. 

  945.     unsigned char *p, *end;
    946. 

  946.     mbedtls_asn1_buf pbe_alg_oid, pbe_params;
    947. 

  947. #if defined(MBEDTLS_PKCS12_C)
    948. 

  948.     mbedtls_cipher_type_t cipher_alg;
    949. 

  949.     mbedtls_md_type_t md_alg;
    950. 

  950. #endif
    951. 

  951. 

  952.     memset( buf, 0, sizeof( buf ) );
    953. 

  953. 

  954.     p = (unsigned char *) key;
    955. 

  955.     end = p + keylen;
    956. 

  956. 

  957.     if( pwdlen == 0 )
    958. 

  958.         return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
    959. 

  959. 

  960.     /*
    961. 

  961.      * This function parses the EncryptedPrivatKeyInfo object (PKCS#8)
    962. 

  962.      *
    963. 

  963.      *  EncryptedPrivateKeyInfo ::= SEQUENCE {
    964. 

  964.      *    encryptionAlgorithm  EncryptionAlgorithmIdentifier,
    965. 

  965.      *    encryptedData        EncryptedData
    966. 

  966.      *  }
    967. 

  967.      *
    968. 

  968.      *  EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
    969. 

  969.      *
    970. 

  970.      *  EncryptedData ::= OCTET STRING
    971. 

  971.      *
    972. 

  972.      *  The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
    973. 

  973.      */
    974. 

  974.     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
    975. 

  975.             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
    976. 

  976.     {
    977. 

  977.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    978. 

  978.     }
    979. 

  979. 

  980.     end = p + len;
    981. 

  981. 

  982.     if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
    983. 

  983.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    984. 

  984. 

  985.     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
    986. 

  986.         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    987. 

  987. 

  988.     if( len > sizeof( buf ) )
    989. 

  989.         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
    990. 

  990. 

  991.     /*
    992. 

  992.      * Decrypt EncryptedData with appropriate PDE
    993. 

  993.      */
    994. 

  994. #if defined(MBEDTLS_PKCS12_C)
    995. 

  995.     if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
    996. 

  996.     {
    997. 

  997.         if( ( ret = mbedtls_pkcs12_pbe( &pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
    998. 

  998.                                 cipher_alg, md_alg,
    999. 

  999.                                 pwd, pwdlen, p, len, buf ) ) != 0 )
    1000. 

  1000.         {
    1001. 

  1001.             if( ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH )
    1002. 

  1002.                 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
    1003. 

  1003. 

  1004.             return( ret );
    1005. 

  1005.         }
    1006. 

  1006. 

  1007.         decrypted = 1;
    1008. 

  1008.     }
    1009. 

  1009.     else if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) == 0 )
    1010. 

  1010.     {
    1011. 

  1011.         if( ( ret = mbedtls_pkcs12_pbe_sha1_rc4_128( &pbe_params,
    1012. 

  1012.                                              MBEDTLS_PKCS12_PBE_DECRYPT,
    1013. 

  1013.                                              pwd, pwdlen,
    1014. 

  1014.                                              p, len, buf ) ) != 0 )
    1015. 

  1015.         {
    1016. 

  1016.             return( ret );
    1017. 

  1017.         }
    1018. 

  1018. 

  1019.         // Best guess for password mismatch when using RC4. If first tag is
    1020. 

  1020.         // not MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE
    1021. 

  1021.         //
    1022. 

  1022.         if( *buf != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
    1023. 

  1023.             return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
    1024. 

  1024. 

  1025.         decrypted = 1;
    1026. 

  1026.     }
    1027. 

  1027.     else
    1028. 

  1028. #endif /* MBEDTLS_PKCS12_C */
    1029. 

  1029. #if defined(MBEDTLS_PKCS5_C)
    1030. 

  1030.     if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid ) == 0 )
    1031. 

  1031.     {
    1032. 

  1032.         if( ( ret = mbedtls_pkcs5_pbes2( &pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen,
    1033. 

  1033.                                   p, len, buf ) ) != 0 )
    1034. 

  1034.         {
    1035. 

  1035.             if( ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH )
    1036. 

  1036.                 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
    1037. 

  1037. 

  1038.             return( ret );
    1039. 

  1039.         }
    1040. 

  1040. 

  1041.         decrypted = 1;
    1042. 

  1042.     }
    1043. 

  1043.     else
    1044. 

  1044. #endif /* MBEDTLS_PKCS5_C */
    1045. 

  1045.     {
    1046. 

  1046.         ((void) pwd);
    1047. 

  1047.     }
    1048. 

  1048. 

  1049.     if( decrypted == 0 )
    1050. 

  1050.         return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
    1051. 

  1051. 

  1052.     return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
    1053. 

  1053. }
    1054. 

  1054. #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
    1055. 

  1055. 

  1056. /*
    1057. 

  1057.  * Parse a private key
    1058. 

  1058.  */
    1059. 

  1059. int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
    1060. 

  1060.                   const unsigned char *key, size_t keylen,
    1061. 

  1061.                   const unsigned char *pwd, size_t pwdlen )
    1062. 

  1062. {
    1063. 

  1063.     int ret;
    1064. 

  1064.     const mbedtls_pk_info_t *pk_info;
    1065. 

  1065. 

  1066. #if defined(MBEDTLS_PEM_PARSE_C)
    1067. 

  1067.     size_t len;
    1068. 

  1068.     mbedtls_pem_context pem;
    1069. 

  1069. 

  1070.     mbedtls_pem_init( &pem );
    1071. 

  1071. 

  1072. #if defined(MBEDTLS_RSA_C)
    1073. 

  1073.     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
    1074. 

  1074.     if( keylen == 0 || key[keylen - 1] != '\0' )
    1075. 

  1075.         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
    1076. 

  1076.     else
    1077. 

  1077.         ret = mbedtls_pem_read_buffer( &pem,
    1078. 

  1078.                                "-----BEGIN RSA PRIVATE KEY-----",
    1079. 

  1079.                                "-----END RSA PRIVATE KEY-----",
    1080. 

  1080.                                key, pwd, pwdlen, &len );
    1081. 

  1081. 

  1082.     if( ret == 0 )
    1083. 

  1083.     {
    1084. 

  1084.         if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
    1085. 

  1085.             return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
    1086. 

  1086. 

  1087.         if( ( ret = mbedtls_pk_setup( pk, pk_info                    ) ) != 0 ||
    1088. 

  1088.             ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
    1089. 

  1089.                                             pem.buf, pem.buflen ) ) != 0 )
    1090. 

  1090.         {
    1091. 

  1091.             mbedtls_pk_free( pk );
    1092. 

  1092.         }
    1093. 

  1093. 

  1094.         mbedtls_pem_free( &pem );
    1095. 

  1095.         return( ret );
    1096. 

  1096.     }
    1097. 

  1097.     else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
    1098. 

  1098.         return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
    1099. 

  1099.     else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
    1100. 

  1100.         return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
    1101. 

  1101.     else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
    1102. 

  1102.         return( ret );
    1103. 

  1103. #endif /* MBEDTLS_RSA_C */
    1104. 

  1104. 

  1105. #if defined(MBEDTLS_ECP_C)
    1106. 

  1106.     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
    1107. 

  1107.     if( keylen == 0 || key[keylen - 1] != '\0' )
    1108. 

  1108.         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
    1109. 

  1109.     else
    1110. 

  1110.         ret = mbedtls_pem_read_buffer( &pem,
    1111. 

  1111.                                "-----BEGIN EC PRIVATE KEY-----",
    1112. 

  1112.                                "-----END EC PRIVATE KEY-----",
    1113. 

  1113.                                key, pwd, pwdlen, &len );
    1114. 

  1114.     if( ret == 0 )
    1115. 

  1115.     {
    1116. 

  1116.         if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL )
    1117. 

  1117.             return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
    1118. 

  1118. 

  1119.         if( ( ret = mbedtls_pk_setup( pk, pk_info                   ) ) != 0 ||
    1120. 

  1120.             ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
    1121. 

  1121.                                            pem.buf, pem.buflen ) ) != 0 )
    1122. 

  1122.         {
    1123. 

  1123.             mbedtls_pk_free( pk );
    1124. 

  1124.         }
    1125. 

  1125. 

  1126.         mbedtls_pem_free( &pem );
    1127. 

  1127.         return( ret );
    1128. 

  1128.     }
    1129. 

  1129.     else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
    1130. 

  1130.         return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
    1131. 

  1131.     else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
    1132. 

  1132.         return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
    1133. 

  1133.     else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
    1134. 

  1134.         return( ret );
    1135. 

  1135. #endif /* MBEDTLS_ECP_C */
    1136. 

  1136. 

  1137.     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
    1138. 

  1138.     if( keylen == 0 || key[keylen - 1] != '\0' )
    1139. 

  1139.         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
    1140. 

  1140.     else
    1141. 

  1141.         ret = mbedtls_pem_read_buffer( &pem,
    1142. 

  1142.                                "-----BEGIN PRIVATE KEY-----",
    1143. 

  1143.                                "-----END PRIVATE KEY-----",
    1144. 

  1144.                                key, NULL, 0, &len );
    1145. 

  1145.     if( ret == 0 )
    1146. 

  1146.     {
    1147. 

  1147.         if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
    1148. 

  1148.                                                 pem.buf, pem.buflen ) ) != 0 )
    1149. 

  1149.         {
    1150. 

  1150.             mbedtls_pk_free( pk );
    1151. 

  1151.         }
    1152. 

  1152. 

  1153.         mbedtls_pem_free( &pem );
    1154. 

  1154.         return( ret );
    1155. 

  1155.     }
    1156. 

  1156.     else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
    1157. 

  1157.         return( ret );
    1158. 

  1158. 

  1159. #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
    1160. 

  1160.     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
    1161. 

  1161.     if( keylen == 0 || key[keylen - 1] != '\0' )
    1162. 

  1162.         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
    1163. 

  1163.     else
    1164. 

  1164.         ret = mbedtls_pem_read_buffer( &pem,
    1165. 

  1165.                                "-----BEGIN ENCRYPTED PRIVATE KEY-----",
    1166. 

  1166.                                "-----END ENCRYPTED PRIVATE KEY-----",
    1167. 

  1167.                                key, NULL, 0, &len );
    1168. 

  1168.     if( ret == 0 )
    1169. 

  1169.     {
    1170. 

  1170.         if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
    1171. 

  1171.                                                       pem.buf, pem.buflen,
    1172. 

  1172.                                                       pwd, pwdlen ) ) != 0 )
    1173. 

  1173.         {
    1174. 

  1174.             mbedtls_pk_free( pk );
    1175. 

  1175.         }
    1176. 

  1176. 

  1177.         mbedtls_pem_free( &pem );
    1178. 

  1178.         return( ret );
    1179. 

  1179.     }
    1180. 

  1180.     else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
    1181. 

  1181.         return( ret );
    1182. 

  1182. #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
    1183. 

  1183. #else
    1184. 

  1184.     ((void) ret);
    1185. 

  1185.     ((void) pwd);
    1186. 

  1186.     ((void) pwdlen);
    1187. 

  1187. #endif /* MBEDTLS_PEM_PARSE_C */
    1188. 

  1188. 

  1189.     /*
    1190. 

  1190.      * At this point we only know it's not a PEM formatted key. Could be any
    1191. 

  1191.      * of the known DER encoded private key formats
    1192. 

  1192.      *
    1193. 

  1193.      * We try the different DER format parsers to see if one passes without
    1194. 

  1194.      * error
    1195. 

  1195.      */
    1196. 

  1196. #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
    1197. 

  1197.     if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen,
    1198. 

  1198.                                                   pwd, pwdlen ) ) == 0 )
    1199. 

  1199.     {
    1200. 

  1200.         return( 0 );
    1201. 

  1201.     }
    1202. 

  1202. 

  1203.     mbedtls_pk_free( pk );
    1204. 

  1204. 

  1205.     if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH )
    1206. 

  1206.     {
    1207. 

  1207.         return( ret );
    1208. 

  1208.     }
    1209. 

  1209. #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
    1210. 

  1210. 

  1211.     if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )
    1212. 

  1212.         return( 0 );
    1213. 

  1213. 

  1214.     mbedtls_pk_free( pk );
    1215. 

  1215. 

  1216. #if defined(MBEDTLS_RSA_C)
    1217. 

  1217.     if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
    1218. 

  1218.         return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
    1219. 

  1219. 

  1220.     if( ( ret = mbedtls_pk_setup( pk, pk_info                           ) ) != 0 ||
    1221. 

  1221.         ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) ) == 0 )
    1222. 

  1222.     {
    1223. 

  1223.         return( 0 );
    1224. 

  1224.     }
    1225. 

  1225. 

  1226.     mbedtls_pk_free( pk );
    1227. 

  1227. #endif /* MBEDTLS_RSA_C */
    1228. 

  1228. 

  1229. #if defined(MBEDTLS_ECP_C)
    1230. 

  1230.     if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL )
    1231. 

  1231.         return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
    1232. 

  1232. 

  1233.     if( ( ret = mbedtls_pk_setup( pk, pk_info                         ) ) != 0 ||
    1234. 

  1234.         ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), key, keylen ) ) == 0 )
    1235. 

  1235.     {
    1236. 

  1236.         return( 0 );
    1237. 

  1237.     }
    1238. 

  1238. 

  1239.     mbedtls_pk_free( pk );
    1240. 

  1240. #endif /* MBEDTLS_ECP_C */
    1241. 

  1241. 

  1242.     return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
    1243. 

  1243. }
    1244. 

  1244. 

  1245. /*
    1246. 

  1246.  * Parse a public key
    1247. 

  1247.  */
    1248. 

  1248. int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
    1249. 

  1249.                          const unsigned char *key, size_t keylen )
    1250. 

  1250. {
    1251. 

  1251.     int ret;
    1252. 

  1252.     unsigned char *p;
    1253. 

  1253. #if defined(MBEDTLS_PEM_PARSE_C)
    1254. 

  1254.     size_t len;
    1255. 

  1255.     mbedtls_pem_context pem;
    1256. 

  1256. 

  1257.     mbedtls_pem_init( &pem );
    1258. 

  1258. 

  1259.     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
    1260. 

  1260.     if( keylen == 0 || key[keylen - 1] != '\0' )
    1261. 

  1261.         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
    1262. 

  1262.     else
    1263. 

  1263.         ret = mbedtls_pem_read_buffer( &pem,
    1264. 

  1264.                 "-----BEGIN PUBLIC KEY-----",
    1265. 

  1265.                 "-----END PUBLIC KEY-----",
    1266. 

  1266.                 key, NULL, 0, &len );
    1267. 

  1267. 

  1268.     if( ret == 0 )
    1269. 

  1269.     {
    1270. 

  1270.         /*
    1271. 

  1271.          * Was PEM encoded
    1272. 

  1272.          */
    1273. 

  1273.         key = pem.buf;
    1274. 

  1274.         keylen = pem.buflen;
    1275. 

  1275.     }
    1276. 

  1276.     else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
    1277. 

  1277.     {
    1278. 

  1278.         mbedtls_pem_free( &pem );
    1279. 

  1279.         return( ret );
    1280. 

  1280.     }
    1281. 

  1281. #endif /* MBEDTLS_PEM_PARSE_C */
    1282. 

  1282.     p = (unsigned char *) key;
    1283. 

  1283. 

  1284.     ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx );
    1285. 

  1285. 

  1286. #if defined(MBEDTLS_PEM_PARSE_C)
    1287. 

  1287.     mbedtls_pem_free( &pem );
    1288. 

  1288. #endif
    1289. 

  1289. 

  1290.     return( ret );
    1291. 

  1291. }
    1292. 

  1292. 

  1293. #endif /* MBEDTLS_PK_PARSE_C */
    1294.