26 #if !defined(POLARSSL_CONFIG_FILE)
29 #include POLARSSL_CONFIG_FILE
32 #if defined(POLARSSL_PK_PARSE_C)
38 #if defined(POLARSSL_RSA_C)
41 #if defined(POLARSSL_ECP_C)
44 #if defined(POLARSSL_ECDSA_C)
47 #if defined(POLARSSL_PEM_PARSE_C)
50 #if defined(POLARSSL_PKCS5_C)
53 #if defined(POLARSSL_PKCS12_C)
57 #if defined(POLARSSL_PLATFORM_C)
61 #define polarssl_malloc malloc
62 #define polarssl_free free
65 #if defined(POLARSSL_FS_IO)
67 static void polarssl_zeroize(
void *v,
size_t n ) {
68 volatile unsigned char *p = v;
while( n-- ) *p++ = 0;
74 static int load_file(
const char *path,
unsigned char **buf,
size_t *n )
79 if( ( f = fopen( path,
"rb" ) ) == NULL )
82 fseek( f, 0, SEEK_END );
83 if( ( size = ftell( f ) ) == -1 )
88 fseek( f, 0, SEEK_SET );
99 if( fread( *buf, 1, *n, f ) != *n )
117 const char *path,
const char *pwd )
123 if( ( ret = load_file( path, &buf, &n ) ) != 0 )
130 (
const unsigned char *) pwd, strlen( pwd ) );
132 polarssl_zeroize( buf, n + 1 );
147 if( ( ret = load_file( path, &buf, &n ) ) != 0 )
152 polarssl_zeroize( buf, n + 1 );
159 #if defined(POLARSSL_ECP_C)
168 static int pk_get_ecparams(
unsigned char **p,
const unsigned char *end,
200 #if defined(POLARSSL_PK_PARSE_EC_EXTENDED)
223 unsigned char *p = params->
p;
224 const unsigned char *
const end = params->
p + params->
len;
225 const unsigned char *end_field, *end_curve;
233 if( ver < 1 || ver > 3 )
327 (
const unsigned char *) p, len ) ) != 0 )
334 ( p[0] != 0x02 && p[0] != 0x03 ) ||
409 static int pk_group_id_from_specified(
const asn1_buf *params,
417 if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 )
420 ret = pk_group_id_from_group( &grp, grp_id );
449 #if defined(POLARSSL_PK_PARSE_EC_EXTENDED)
450 if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 )
476 static int pk_get_ecpubkey(
unsigned char **p,
const unsigned char *end,
482 (
const unsigned char *) *p, end - *p ) ) == 0 )
490 *p = (
unsigned char *) end;
496 #if defined(POLARSSL_RSA_C)
503 static int pk_get_rsapubkey(
unsigned char **p,
504 const unsigned char *end,
514 if( *p + len != end )
541 static int pk_get_pk_alg(
unsigned char **p,
542 const unsigned char *end,
548 memset( params, 0,
sizeof(
asn1_buf) );
550 if( ( ret =
asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
591 if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
597 if( *p + len != end )
607 #if defined(POLARSSL_RSA_C)
610 ret = pk_get_rsapubkey( p, end,
pk_rsa( *pk ) );
613 #if defined(POLARSSL_ECP_C)
616 ret = pk_use_ecparams( &alg_params, &
pk_ec( *pk )->grp );
618 ret = pk_get_ecpubkey( p, end,
pk_ec( *pk ) );
623 if( ret == 0 && *p != end )
633 #if defined(POLARSSL_RSA_C)
637 static int pk_parse_key_pkcs1_der(
rsa_context *rsa,
638 const unsigned char *key,
643 unsigned char *p, *end;
645 p = (
unsigned char *) key;
701 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
714 #if defined(POLARSSL_ECP_C)
718 static int pk_parse_key_sec1_der(
ecp_keypair *eck,
719 const unsigned char *key,
723 int version, pubkey_done;
726 unsigned char *p = (
unsigned char *) key;
727 unsigned char *end = p + keylen;
771 if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 ||
772 ( ret = pk_use_ecparams( ¶ms, &eck->
grp ) ) != 0 )
797 if( p + len != end2 )
799 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
801 if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
821 NULL, NULL ) ) != 0 )
840 static int pk_parse_key_pkcs8_unencrypted_der(
842 const unsigned char* key,
848 unsigned char *p = (
unsigned char *) key;
849 unsigned char *end = p + keylen;
883 if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 )
899 #if defined(POLARSSL_RSA_C)
902 if( ( ret = pk_parse_key_pkcs1_der(
pk_rsa( *pk ), p, len ) ) != 0 )
909 #if defined(POLARSSL_ECP_C)
912 if( ( ret = pk_use_ecparams( ¶ms, &
pk_ec( *pk )->grp ) ) != 0 ||
913 ( ret = pk_parse_key_sec1_der(
pk_ec( *pk ), p, len ) ) != 0 )
928 static int pk_parse_key_pkcs8_encrypted_der(
930 const unsigned char *key,
size_t keylen,
931 const unsigned char *pwd,
size_t pwdlen )
933 int ret, decrypted = 0;
935 unsigned char buf[2048];
936 unsigned char *p, *end;
938 #if defined(POLARSSL_PKCS12_C)
943 memset( buf, 0,
sizeof( buf ) );
945 p = (
unsigned char *) key;
973 if( ( ret =
asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
979 if( len >
sizeof( buf ) )
985 #if defined(POLARSSL_PKCS12_C)
990 pwd, pwdlen, p, len, buf ) ) != 0 )
1005 p, len, buf ) ) != 0 )
1020 #if defined(POLARSSL_PKCS5_C)
1024 p, len, buf ) ) != 0 )
1040 if( decrypted == 0 )
1043 return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
1050 const unsigned char *key,
size_t keylen,
1051 const unsigned char *pwd,
size_t pwdlen )
1056 #if defined(POLARSSL_PEM_PARSE_C)
1062 #if defined(POLARSSL_RSA_C)
1063 ret = pem_read_buffer( &pem,
1064 "-----BEGIN RSA PRIVATE KEY-----",
1065 "-----END RSA PRIVATE KEY-----",
1066 key, pwd, pwdlen, &len );
1073 ( ret = pk_parse_key_pkcs1_der(
pk_rsa( *pk ),
1074 pem.buf, pem.buflen ) ) != 0 )
1090 #if defined(POLARSSL_ECP_C)
1091 ret = pem_read_buffer( &pem,
1092 "-----BEGIN EC PRIVATE KEY-----",
1093 "-----END EC PRIVATE KEY-----",
1094 key, pwd, pwdlen, &len );
1101 ( ret = pk_parse_key_sec1_der(
pk_ec( *pk ),
1102 pem.buf, pem.buflen ) ) != 0 )
1118 ret = pem_read_buffer( &pem,
1119 "-----BEGIN PRIVATE KEY-----",
1120 "-----END PRIVATE KEY-----",
1121 key, NULL, 0, &len );
1124 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
1125 pem.buf, pem.buflen ) ) != 0 )
1136 ret = pem_read_buffer( &pem,
1137 "-----BEGIN ENCRYPTED PRIVATE KEY-----",
1138 "-----END ENCRYPTED PRIVATE KEY-----",
1139 key, NULL, 0, &len );
1142 if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
1143 pem.buf, pem.buflen,
1144 pwd, pwdlen ) ) != 0 )
1166 if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen,
1167 pwd, pwdlen ) ) == 0 )
1179 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )
1184 #if defined(POLARSSL_RSA_C)
1189 ( ret = pk_parse_key_pkcs1_der(
pk_rsa( *pk ), key, keylen ) ) == 0 )
1197 #if defined(POLARSSL_ECP_C)
1202 ( ret = pk_parse_key_sec1_der(
pk_ec( *pk ), key, keylen ) ) == 0 )
1217 const unsigned char *key,
size_t keylen )
1221 #if defined(POLARSSL_PEM_PARSE_C)
1226 ret = pem_read_buffer( &pem,
1227 "-----BEGIN PUBLIC KEY-----",
1228 "-----END PUBLIC KEY-----",
1229 key, NULL, 0, &len );
1237 keylen = pem.buflen;
1245 p = (
unsigned char *) key;
1249 #if defined(POLARSSL_PEM_PARSE_C)
#define POLARSSL_PK_PARSE_EC_EXTENDED
#define POLARSSL_ERR_PK_INVALID_ALG
The algorithm tag or value is invalid.
#define POLARSSL_ERR_PK_KEY_INVALID_FORMAT
Invalid key tag or value.
int ecp_check_privkey(const ecp_group *grp, const mpi *d)
Check that an mpi is a valid private key for this curve.
const pk_info_t * pk_info_from_type(pk_type_t pk_type)
Return information associated with the given PK type.
#define POLARSSL_ERR_PK_FILE_IO_ERROR
Read/write of file failed.
int rsa_check_privkey(const rsa_context *ctx)
Check a private RSA key.
#define OID_PKCS5_PBES2
id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH
Actual length differs from expected length.
int pkcs12_pbe(asn1_buf *pbe_params, int mode, cipher_type_t cipher_type, md_type_t md_type, const unsigned char *pwd, size_t pwdlen, const unsigned char *input, size_t len, unsigned char *output)
PKCS12 Password Based function (encryption / decryption) for cipher-based and md-based PBE's...
Elliptic curves over GF(p)
int asn1_get_int(unsigned char **p, const unsigned char *end, int *val)
Retrieve an integer ASN.1 tag and its value.
#define OID_PKCS12_PBE_SHA1_RC4_128
pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1}
int oid_get_pk_alg(const asn1_buf *oid, pk_type_t *pk_alg)
Translate PublicKeyAlgorithm OID into pk_type.
#define POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
Configuration options (set of defines)
#define OID_CMP(oid_str, oid_buf)
Compares an asn1_buf structure to a reference OID.
int rsa_check_pubkey(const rsa_context *ctx)
Check a public RSA key.
int mpi_lset(mpi *X, t_sint z)
Set value from integer.
#define pk_ec(pk)
Quick access to an EC context inside a PK context.
int ecp_mul(ecp_group *grp, ecp_point *R, const mpi *m, const ecp_point *P, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Multiplication by an integer: R = m * P (Not thread-safe to use same group in multiple threads) ...
int ecp_point_read_binary(const ecp_group *grp, ecp_point *P, const unsigned char *buf, size_t ilen)
Import a point from unsigned binary data.
#define POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE
Requested curve not available.
int mpi_cmp_mpi(const mpi *X, const mpi *Y)
Compare signed values.
Object Identifier (OID) database.
Public Key abstraction layer.
#define OID_SIZE(x)
Returns the size of the binary string, without the trailing \0.
#define POLARSSL_ERR_PK_BAD_INPUT_DATA
Bad input parameters to function.
#define POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE
Elliptic curve is unsupported (only NIST curves are supported).
#define POLARSSL_ERR_PK_FEATURE_UNAVAILABLE
Unavailable feature, e.g.
#define POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED
Private key password can't be empty.
void rsa_free(rsa_context *ctx)
Free the components of an RSA key.
Privacy Enhanced Mail (PEM) decoding.
int pkcs5_pbes2(asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t datalen, unsigned char *output)
PKCS#5 PBES2 function.
int asn1_get_alg(unsigned char **p, const unsigned char *end, asn1_buf *alg, asn1_buf *params)
Retrieve an AlgorithmIdentifier ASN.1 sequence.
#define POLARSSL_ERR_PK_PASSWORD_REQUIRED
Private key password can't be empty.
#define POLARSSL_ERR_PK_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
unsigned char * p
ASN1 data, e.g.
Public key information and operations.
void ecp_group_free(ecp_group *grp)
Free the components of an ECP group.
#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
#define POLARSSL_ERR_PK_MALLOC_FAILED
Memory alloation failed.
pk_type_t
Public key types.
int pk_parse_public_keyfile(pk_context *ctx, const char *path)
Load and parse a public key.
#define POLARSSL_ERR_ASN1_OUT_OF_DATA
Out of data when parsing an ASN1 data structure.
int oid_get_pkcs12_pbe_alg(const asn1_buf *oid, md_type_t *md_alg, cipher_type_t *cipher_alg)
Translate PKCS#12 PBE algorithm OID into md_type and cipher_type.
int pk_parse_subpubkey(unsigned char **p, const unsigned char *end, pk_context *pk)
Parse a SubjectPublicKeyInfo DER structure.
#define ASN1_CONTEXT_SPECIFIC
int pk_init_ctx(pk_context *ctx, const pk_info_t *info)
Initialize a PK context with the information given and allocates the type-specific PK subcontext...
size_t mpi_msb(const mpi *X)
Return the number of bits up to and including the most significant '1' bit'.
int ecp_use_known_dp(ecp_group *grp, ecp_group_id index)
Set a group using well-known domain parameters.
int mpi_read_binary(mpi *X, const unsigned char *buf, size_t buflen)
Import X from unsigned binary data, big endian.
Type-length-value structure that allows for ASN1 using DER.
The RSA public-key cryptosystem.
int pkcs12_pbe_sha1_rc4_128(asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *input, size_t len, unsigned char *output)
PKCS12 Password Based function (encryption / decryption) for pbeWithSHAAnd128BitRC4.
int asn1_get_bitstring_null(unsigned char **p, const unsigned char *end, size_t *len)
Retrieve a bitstring ASN.1 tag without unused bits and its value.
int oid_get_ec_grp(const asn1_buf *oid, ecp_group_id *grp_id)
Translate NamedCurve OID into an EC group identifier.
size_t len
ASN1 length, e.g.
ecp_group_id
Domain parameters (curve, subgroup and generator) identifiers.
#define OID_ANSI_X9_62_PRIME_FIELD
#define pk_rsa(pk)
Quick access to an RSA context inside a PK context.
void ecp_group_init(ecp_group *grp)
Initialize a group (to something meaningless)
void pk_free(pk_context *ctx)
Free a pk_context.
int pk_parse_public_key(pk_context *ctx, const unsigned char *key, size_t keylen)
Parse a public key.
size_t mpi_size(const mpi *X)
Return the total size in bytes.
int asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag)
Get the tag and length of the tag.
int mpi_get_bit(const mpi *X, size_t pos)
Get a specific bit from X.
int pk_parse_key(pk_context *ctx, const unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen)
Parse a private key.
#define ASN1_OCTET_STRING
int ecp_check_pubkey(const ecp_group *grp, const ecp_point *pt)
Check that a point is a valid public key on this curve.
#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT
No PEM header or footer found.
int pk_parse_keyfile(pk_context *ctx, const char *path, const char *password)
Load and parse a private key.
int asn1_get_mpi(unsigned char **p, const unsigned char *end, mpi *X)
Retrieve a MPI value from an integer ASN.1 tag.
#define POLARSSL_ERR_PK_KEY_INVALID_VERSION
Unsupported key version.
#define PKCS12_PBE_DECRYPT
#define POLARSSL_ERR_PK_INVALID_PUBKEY
The pubkey tag or value is invalid (only RSA and EC are supported).
#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG
ASN1 tag was of an unexpected value.
#define POLARSSL_ERR_PK_UNKNOWN_PK_ALG
Key algorithm is unsupported (only RSA and EC are supported).
PKCS#12 Personal Information Exchange Syntax.
void ecp_keypair_free(ecp_keypair *key)
Free the components of a key pair.
const ecp_group_id * ecp_grp_id_list(void)
Get the list of supported curves in order of preferrence (grp_id only)