28 #if defined(POLARSSL_PK_PARSE_C)
34 #if defined(POLARSSL_RSA_C)
37 #if defined(POLARSSL_ECP_C)
40 #if defined(POLARSSL_ECDSA_C)
43 #if defined(POLARSSL_PEM_PARSE_C)
46 #if defined(POLARSSL_PKCS5_C)
49 #if defined(POLARSSL_PKCS12_C)
53 #if defined(POLARSSL_MEMORY_C)
57 #define polarssl_malloc malloc
58 #define polarssl_free free
61 #if defined(POLARSSL_FS_IO)
65 static int load_file(
const char *path,
unsigned char **buf,
size_t *n )
70 if( ( f = fopen( path,
"rb" ) ) == NULL )
73 fseek( f, 0, SEEK_END );
74 if( ( size = ftell( f ) ) == -1 )
79 fseek( f, 0, SEEK_SET );
90 if( fread( *buf, 1, *n, f ) != *n )
108 const char *path,
const char *pwd )
114 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
121 (
const unsigned char *) pwd, strlen( pwd ) );
123 memset( buf, 0, n + 1 );
138 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
143 memset( buf, 0, n + 1 );
150 #if defined(POLARSSL_ECP_C)
159 static int pk_get_ecparams(
unsigned char **p,
const unsigned char *end,
205 static int pk_get_ecpubkey(
unsigned char **p,
const unsigned char *end,
211 (
const unsigned char *) *p, end - *p ) ) != 0 ||
221 *p = (
unsigned char *) end;
227 #if defined(POLARSSL_RSA_C)
234 static int pk_get_rsapubkey(
unsigned char **p,
235 const unsigned char *end,
245 if( *p + len != end )
272 static int pk_get_pk_alg(
unsigned char **p,
273 const unsigned char *end,
279 memset( params, 0,
sizeof(
asn1_buf) );
281 if( ( ret =
asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
322 if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
328 if( *p + len != end )
338 #if defined(POLARSSL_RSA_C)
341 ret = pk_get_rsapubkey( p, end,
pk_rsa( *pk ) );
344 #if defined(POLARSSL_ECP_C)
347 ret = pk_use_ecparams( &alg_params, &
pk_ec( *pk )->grp );
349 ret = pk_get_ecpubkey( p, end,
pk_ec( *pk ) );
354 if( ret == 0 && *p != end )
364 #if defined(POLARSSL_RSA_C)
368 static int pk_parse_key_pkcs1_der(
rsa_context *rsa,
369 const unsigned char *key,
374 unsigned char *p, *end;
376 p = (
unsigned char *) key;
432 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
445 #if defined(POLARSSL_ECP_C)
449 static int pk_parse_key_sec1_der(
ecp_keypair *eck,
450 const unsigned char *key,
457 unsigned char *p = (
unsigned char *) key;
458 unsigned char *end = p + keylen;
502 if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 ||
503 ( ret = pk_use_ecparams( ¶ms, &eck->
grp ) ) != 0 )
526 if( p + len != end2 )
528 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
530 if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) != 0 )
539 NULL, NULL ) ) != 0 )
558 static int pk_parse_key_pkcs8_unencrypted_der(
560 const unsigned char* key,
566 unsigned char *p = (
unsigned char *) key;
567 unsigned char *end = p + keylen;
601 if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 )
617 #if defined(POLARSSL_RSA_C)
620 if( ( ret = pk_parse_key_pkcs1_der(
pk_rsa( *pk ), p, len ) ) != 0 )
627 #if defined(POLARSSL_ECP_C)
630 if( ( ret = pk_use_ecparams( ¶ms, &
pk_ec( *pk )->grp ) ) != 0 ||
631 ( ret = pk_parse_key_sec1_der(
pk_ec( *pk ), p, len ) ) != 0 )
646 static int pk_parse_key_pkcs8_encrypted_der(
648 const unsigned char *key,
size_t keylen,
649 const unsigned char *pwd,
size_t pwdlen )
653 unsigned char buf[2048];
654 unsigned char *p, *end;
656 #if defined(POLARSSL_PKCS12_C)
661 memset( buf, 0,
sizeof( buf ) );
663 p = (
unsigned char *) key;
691 if( ( ret =
asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
697 if( len >
sizeof( buf ) )
703 #if defined(POLARSSL_PKCS12_C)
708 pwd, pwdlen, p, len, buf ) ) != 0 )
721 p, len, buf ) ) != 0 )
734 #if defined(POLARSSL_PKCS5_C)
738 p, len, buf ) ) != 0 )
753 return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
760 const unsigned char *key,
size_t keylen,
761 const unsigned char *pwd,
size_t pwdlen )
766 #if defined(POLARSSL_PEM_PARSE_C)
772 #if defined(POLARSSL_RSA_C)
773 ret = pem_read_buffer( &pem,
774 "-----BEGIN RSA PRIVATE KEY-----",
775 "-----END RSA PRIVATE KEY-----",
776 key, pwd, pwdlen, &len );
783 ( ret = pk_parse_key_pkcs1_der(
pk_rsa( *pk ),
784 pem.buf, pem.buflen ) ) != 0 )
800 #if defined(POLARSSL_ECP_C)
801 ret = pem_read_buffer( &pem,
802 "-----BEGIN EC PRIVATE KEY-----",
803 "-----END EC PRIVATE KEY-----",
804 key, pwd, pwdlen, &len );
811 ( ret = pk_parse_key_sec1_der(
pk_ec( *pk ),
812 pem.buf, pem.buflen ) ) != 0 )
828 ret = pem_read_buffer( &pem,
829 "-----BEGIN PRIVATE KEY-----",
830 "-----END PRIVATE KEY-----",
831 key, NULL, 0, &len );
834 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
835 pem.buf, pem.buflen ) ) != 0 )
846 ret = pem_read_buffer( &pem,
847 "-----BEGIN ENCRYPTED PRIVATE KEY-----",
848 "-----END ENCRYPTED PRIVATE KEY-----",
849 key, NULL, 0, &len );
852 if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
854 pwd, pwdlen ) ) != 0 )
876 if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen,
877 pwd, pwdlen ) ) == 0 )
889 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )
894 #if defined(POLARSSL_RSA_C)
899 ( ret = pk_parse_key_pkcs1_der(
pk_rsa( *pk ), key, keylen ) ) == 0 )
907 #if defined(POLARSSL_ECP_C)
912 ( ret = pk_parse_key_sec1_der(
pk_ec( *pk ), key, keylen ) ) == 0 )
927 const unsigned char *key,
size_t keylen )
931 #if defined(POLARSSL_PEM_PARSE_C)
936 ret = pem_read_buffer( &pem,
937 "-----BEGIN PUBLIC KEY-----",
938 "-----END PUBLIC KEY-----",
939 key, NULL, 0, &len );
955 p = (
unsigned char *) key;
959 #if defined(POLARSSL_PEM_PARSE_C)
#define POLARSSL_ERR_PK_INVALID_ALG
The algorithm tag or value is invalid.
#define POLARSSL_ERR_PK_KEY_INVALID_FORMAT
Invalid key tag or value.
int ecp_check_privkey(const ecp_group *grp, const mpi *d)
Check that an mpi is a valid private key for this curve.
const pk_info_t * pk_info_from_type(pk_type_t pk_type)
Return information associated with the given PK type.
#define POLARSSL_ERR_PK_FILE_IO_ERROR
Read/write of file failed.
void *(* polarssl_malloc)(size_t len)
int rsa_check_privkey(const rsa_context *ctx)
Check a private RSA key.
#define OID_PKCS5_PBES2
id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH
Actual length differs from expected length.
int pkcs12_pbe(asn1_buf *pbe_params, int mode, cipher_type_t cipher_type, md_type_t md_type, const unsigned char *pwd, size_t pwdlen, const unsigned char *input, size_t len, unsigned char *output)
PKCS12 Password Based function (encryption / decryption) for cipher-based and md-based PBE's...
Elliptic curves over GF(p)
int asn1_get_int(unsigned char **p, const unsigned char *end, int *val)
Retrieve an integer ASN.1 tag and its value.
#define OID_PKCS12_PBE_SHA1_RC4_128
pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1}
int oid_get_pk_alg(const asn1_buf *oid, pk_type_t *pk_alg)
Translate PublicKeyAlgorithm OID into pk_type.
#define POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
Configuration options (set of defines)
#define OID_CMP(oid_str, oid_buf)
Compares two asn1_buf structures for the same OID.
int rsa_check_pubkey(const rsa_context *ctx)
Check a public RSA key.
#define pk_ec(pk)
Quick access to an EC context inside a PK context.
int ecp_mul(ecp_group *grp, ecp_point *R, const mpi *m, const ecp_point *P, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Multiplication by an integer: R = m * P (Not thread-safe to use same group in multiple threads) ...
int ecp_point_read_binary(const ecp_group *grp, ecp_point *P, const unsigned char *buf, size_t ilen)
Import a point from unsigned binary data.
Object Identifier (OID) database.
Public Key abstraction layer.
#define POLARSSL_ERR_PK_BAD_INPUT_DATA
Bad input parameters to function.
#define POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE
Elliptic curve is unsupported (only NIST curves are supported).
#define POLARSSL_ERR_PK_FEATURE_UNAVAILABLE
Unavailable feature, e.g.
#define POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED
Private key password can't be empty.
void rsa_free(rsa_context *ctx)
Free the components of an RSA key.
Privacy Enhanced Mail (PEM) decoding.
int pkcs5_pbes2(asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t datalen, unsigned char *output)
PKCS#5 PBES2 function.
int asn1_get_alg(unsigned char **p, const unsigned char *end, asn1_buf *alg, asn1_buf *params)
Retrieve an AlgorithmIdentifier ASN.1 sequence.
#define POLARSSL_ERR_PK_PASSWORD_REQUIRED
Private key password can't be empty.
#define POLARSSL_ERR_PK_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
void(* polarssl_free)(void *ptr)
unsigned char * p
ASN1 data, e.g.
Public key information and operations.
#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
#define POLARSSL_ERR_PK_MALLOC_FAILED
Memory alloation failed.
pk_type_t
Public key types.
int pk_parse_public_keyfile(pk_context *ctx, const char *path)
Load and parse a public key.
#define POLARSSL_ERR_ASN1_OUT_OF_DATA
Out of data when parsing an ASN1 data structure.
int oid_get_pkcs12_pbe_alg(const asn1_buf *oid, md_type_t *md_alg, cipher_type_t *cipher_alg)
Translate PKCS#12 PBE algorithm OID into md_type and cipher_type.
int pk_parse_subpubkey(unsigned char **p, const unsigned char *end, pk_context *pk)
Parse a SubjectPublicKeyInfo DER structure.
#define ASN1_CONTEXT_SPECIFIC
int pk_init_ctx(pk_context *ctx, const pk_info_t *info)
Initialize a PK context with the information given and allocates the type-specific PK subcontext...
int ecp_use_known_dp(ecp_group *grp, ecp_group_id index)
Set a group using well-known domain parameters.
int mpi_read_binary(mpi *X, const unsigned char *buf, size_t buflen)
Import X from unsigned binary data, big endian.
Type-length-value structure that allows for ASN1 using DER.
The RSA public-key cryptosystem.
int pkcs12_pbe_sha1_rc4_128(asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *input, size_t len, unsigned char *output)
PKCS12 Password Based function (encryption / decryption) for pbeWithSHAAnd128BitRC4.
int asn1_get_bitstring_null(unsigned char **p, const unsigned char *end, size_t *len)
Retrieve a bitstring ASN.1 tag without unused bits and its value.
int oid_get_ec_grp(const asn1_buf *oid, ecp_group_id *grp_id)
Translate NamedCurve OID into an EC group identifier.
size_t len
ASN1 length, e.g.
ecp_group_id
Domain parameters (curve, subgroup and generator) identifiers.
#define pk_rsa(pk)
Quick access to an RSA context inside a PK context.
void pk_free(pk_context *ctx)
Free a pk_context.
int pk_parse_public_key(pk_context *ctx, const unsigned char *key, size_t keylen)
Parse a public key.
size_t mpi_size(const mpi *X)
Return the total size in bytes.
int asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag)
Get the tag and length of the tag.
int pk_parse_key(pk_context *ctx, const unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen)
Parse a private key.
#define ASN1_OCTET_STRING
int ecp_check_pubkey(const ecp_group *grp, const ecp_point *pt)
Check that a point is a valid public key on this curve.
#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT
No PEM header or footer found.
int pk_parse_keyfile(pk_context *ctx, const char *path, const char *password)
Load and parse a private key.
int asn1_get_mpi(unsigned char **p, const unsigned char *end, mpi *X)
Retrieve a MPI value from an integer ASN.1 tag.
#define POLARSSL_ERR_PK_KEY_INVALID_VERSION
Unsupported key version.
#define PKCS12_PBE_DECRYPT
#define POLARSSL_ERR_PK_INVALID_PUBKEY
The pubkey tag or value is invalid (only RSA and EC are supported).
#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG
ASN1 tag was of an unexpected value.
#define POLARSSL_ERR_PK_UNKNOWN_PK_ALG
Key algorithm is unsupported (only RSA and EC are supported).
PKCS#12 Personal Information Exchange Syntax.
void ecp_keypair_free(ecp_keypair *key)
Free the components of a key pair.