2 * Public Key layer for parsing key files and structures
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
19 * This file is part of mbed TLS (https://tls.mbed.org)
22 #if !defined(MBEDTLS_CONFIG_FILE)
23 #include "mbedtls/config.h"
25 #include MBEDTLS_CONFIG_FILE
28 #if defined(MBEDTLS_PK_PARSE_C)
30 #include "mbedtls/pk.h"
31 #include "mbedtls/asn1.h"
32 #include "mbedtls/oid.h"
33 #include "mbedtls/platform_util.h"
37 #if defined(MBEDTLS_RSA_C)
38 #include "mbedtls/rsa.h"
40 #if defined(MBEDTLS_ECP_C)
41 #include "mbedtls/ecp.h"
43 #if defined(MBEDTLS_ECDSA_C)
44 #include "mbedtls/ecdsa.h"
46 #if defined(MBEDTLS_PEM_PARSE_C)
47 #include "mbedtls/pem.h"
49 #if defined(MBEDTLS_PKCS5_C)
50 #include "mbedtls/pkcs5.h"
52 #if defined(MBEDTLS_PKCS12_C)
53 #include "mbedtls/pkcs12.h"
56 #if defined(MBEDTLS_PLATFORM_C)
57 #include "mbedtls/platform.h"
60 #define mbedtls_calloc calloc
61 #define mbedtls_free free
64 /* Parameter validation macros based on platform_util.h */
65 #define PK_VALIDATE_RET( cond ) \
66 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
67 #define PK_VALIDATE( cond ) \
68 MBEDTLS_INTERNAL_VALIDATE( cond )
70 #if defined(MBEDTLS_FS_IO)
72 * Load all data from a file into a given buffer.
74 * The file is expected to contain either PEM or DER encoded data.
75 * A terminating null byte is always appended. It is included in the announced
76 * length only if the data looks like it is PEM encoded.
78 int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
83 PK_VALIDATE_RET( path != NULL );
84 PK_VALIDATE_RET( buf != NULL );
85 PK_VALIDATE_RET( n != NULL );
87 if( ( f = fopen( path, "rb" ) ) == NULL )
88 return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
90 fseek( f, 0, SEEK_END );
91 if( ( size = ftell( f ) ) == -1 )
94 return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
96 fseek( f, 0, SEEK_SET );
101 ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
104 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
107 if( fread( *buf, 1, *n, f ) != *n )
111 mbedtls_platform_zeroize( *buf, *n );
112 mbedtls_free( *buf );
114 return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
121 if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL )
128 * Load and parse a private key
130 int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
131 const char *path, const char *pwd )
137 PK_VALIDATE_RET( ctx != NULL );
138 PK_VALIDATE_RET( path != NULL );
140 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
144 ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 );
146 ret = mbedtls_pk_parse_key( ctx, buf, n,
147 (const unsigned char *) pwd, strlen( pwd ) );
149 mbedtls_platform_zeroize( buf, n );
156 * Load and parse a public key
158 int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
164 PK_VALIDATE_RET( ctx != NULL );
165 PK_VALIDATE_RET( path != NULL );
167 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
170 ret = mbedtls_pk_parse_public_key( ctx, buf, n );
172 mbedtls_platform_zeroize( buf, n );
177 #endif /* MBEDTLS_FS_IO */
179 #if defined(MBEDTLS_ECP_C)
180 /* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf
182 * ECParameters ::= CHOICE {
183 * namedCurve OBJECT IDENTIFIER
184 * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
185 * -- implicitCurve NULL
188 static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
189 mbedtls_asn1_buf *params )
194 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
195 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
197 /* Tag may be either OID or SEQUENCE */
199 if( params->tag != MBEDTLS_ASN1_OID
200 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
201 && params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE )
205 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
206 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
209 if( ( ret = mbedtls_asn1_get_tag( p, end, ¶ms->len, params->tag ) ) != 0 )
211 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
218 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
219 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
224 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
226 * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it.
227 * WARNING: the resulting group should only be used with
228 * pk_group_id_from_specified(), since its base point may not be set correctly
229 * if it was encoded compressed.
231 * SpecifiedECDomain ::= SEQUENCE {
232 * version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...),
233 * fieldID FieldID {{FieldTypes}},
237 * cofactor INTEGER OPTIONAL,
238 * hash HashAlgorithm OPTIONAL,
242 * We only support prime-field as field type, and ignore hash and cofactor.
244 static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
247 unsigned char *p = params->p;
248 const unsigned char * const end = params->p + params->len;
249 const unsigned char *end_field, *end_curve;
253 /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */
254 if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 )
255 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
257 if( ver < 1 || ver > 3 )
258 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
261 * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field
262 * fieldType FIELD-ID.&id({IOSet}),
263 * parameters FIELD-ID.&Type({IOSet}{@fieldType})
266 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
267 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
273 * FIELD-ID ::= TYPE-IDENTIFIER
274 * FieldTypes FIELD-ID ::= {
275 * { Prime-p IDENTIFIED BY prime-field } |
276 * { Characteristic-two IDENTIFIED BY characteristic-two-field }
278 * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
280 if( ( ret = mbedtls_asn1_get_tag( &p, end_field, &len, MBEDTLS_ASN1_OID ) ) != 0 )
283 if( len != MBEDTLS_OID_SIZE( MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD ) ||
284 memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 )
286 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
291 /* Prime-p ::= INTEGER -- Field of size p. */
292 if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 )
293 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
295 grp->pbits = mbedtls_mpi_bitlen( &grp->P );
298 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
299 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
302 * Curve ::= SEQUENCE {
305 * seed BIT STRING OPTIONAL
306 * -- Shall be present if used in SpecifiedECDomain
307 * -- with version equal to ecdpVer2 or ecdpVer3
310 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
311 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
317 * FieldElement ::= OCTET STRING
318 * containing an integer in the case of a prime field
320 if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
321 ( ret = mbedtls_mpi_read_binary( &grp->A, p, len ) ) != 0 )
323 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
328 if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
329 ( ret = mbedtls_mpi_read_binary( &grp->B, p, len ) ) != 0 )
331 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
336 /* Ignore seed BIT STRING OPTIONAL */
337 if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING ) ) == 0 )
341 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
342 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
345 * ECPoint ::= OCTET STRING
347 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
348 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
350 if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G,
351 ( const unsigned char *) p, len ) ) != 0 )
354 * If we can't read the point because it's compressed, cheat by
355 * reading only the X coordinate and the parity bit of Y.
357 if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ||
358 ( p[0] != 0x02 && p[0] != 0x03 ) ||
359 len != mbedtls_mpi_size( &grp->P ) + 1 ||
360 mbedtls_mpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 ||
361 mbedtls_mpi_lset( &grp->G.Y, p[0] - 2 ) != 0 ||
362 mbedtls_mpi_lset( &grp->G.Z, 1 ) != 0 )
364 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
373 if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N ) ) != 0 )
374 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
376 grp->nbits = mbedtls_mpi_bitlen( &grp->N );
379 * Allow optional elements by purposefully not enforcing p == end here.
386 * Find the group id associated with an (almost filled) group as generated by
387 * pk_group_from_specified(), or return an error if unknown.
389 static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id )
392 mbedtls_ecp_group ref;
393 const mbedtls_ecp_group_id *id;
395 mbedtls_ecp_group_init( &ref );
397 for( id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++ )
399 /* Load the group associated to that id */
400 mbedtls_ecp_group_free( &ref );
401 MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ref, *id ) );
403 /* Compare to the group we were given, starting with easy tests */
404 if( grp->pbits == ref.pbits && grp->nbits == ref.nbits &&
405 mbedtls_mpi_cmp_mpi( &grp->P, &ref.P ) == 0 &&
406 mbedtls_mpi_cmp_mpi( &grp->A, &ref.A ) == 0 &&
407 mbedtls_mpi_cmp_mpi( &grp->B, &ref.B ) == 0 &&
408 mbedtls_mpi_cmp_mpi( &grp->N, &ref.N ) == 0 &&
409 mbedtls_mpi_cmp_mpi( &grp->G.X, &ref.G.X ) == 0 &&
410 mbedtls_mpi_cmp_mpi( &grp->G.Z, &ref.G.Z ) == 0 &&
411 /* For Y we may only know the parity bit, so compare only that */
412 mbedtls_mpi_get_bit( &grp->G.Y, 0 ) == mbedtls_mpi_get_bit( &ref.G.Y, 0 ) )
420 mbedtls_ecp_group_free( &ref );
424 if( ret == 0 && *id == MBEDTLS_ECP_DP_NONE )
425 ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
431 * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID
433 static int pk_group_id_from_specified( const mbedtls_asn1_buf *params,
434 mbedtls_ecp_group_id *grp_id )
437 mbedtls_ecp_group grp;
439 mbedtls_ecp_group_init( &grp );
441 if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 )
444 ret = pk_group_id_from_group( &grp, grp_id );
447 mbedtls_ecp_group_free( &grp );
451 #endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
454 * Use EC parameters to initialise an EC group
456 * ECParameters ::= CHOICE {
457 * namedCurve OBJECT IDENTIFIER
458 * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
459 * -- implicitCurve NULL
461 static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
464 mbedtls_ecp_group_id grp_id;
466 if( params->tag == MBEDTLS_ASN1_OID )
468 if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 )
469 return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE );
473 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
474 if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 )
477 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
482 * grp may already be initilialized; if so, make sure IDs match
484 if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id )
485 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
487 if( ( ret = mbedtls_ecp_group_load( grp, grp_id ) ) != 0 )
494 * EC public key is an EC point
496 * The caller is responsible for clearing the structure upon failure if
497 * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE
498 * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state.
500 static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
501 mbedtls_ecp_keypair *key )
505 if( ( ret = mbedtls_ecp_point_read_binary( &key->grp, &key->Q,
506 (const unsigned char *) *p, end - *p ) ) == 0 )
508 ret = mbedtls_ecp_check_pubkey( &key->grp, &key->Q );
512 * We know mbedtls_ecp_point_read_binary consumed all bytes or failed
514 *p = (unsigned char *) end;
518 #endif /* MBEDTLS_ECP_C */
520 #if defined(MBEDTLS_RSA_C)
522 * RSAPublicKey ::= SEQUENCE {
523 * modulus INTEGER, -- n
524 * publicExponent INTEGER -- e
527 static int pk_get_rsapubkey( unsigned char **p,
528 const unsigned char *end,
529 mbedtls_rsa_context *rsa )
534 if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
535 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
536 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
538 if( *p + len != end )
539 return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
540 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
543 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
544 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
546 if( ( ret = mbedtls_rsa_import_raw( rsa, *p, len, NULL, 0, NULL, 0,
547 NULL, 0, NULL, 0 ) ) != 0 )
548 return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
553 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
554 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
556 if( ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
557 NULL, 0, *p, len ) ) != 0 )
558 return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
562 if( mbedtls_rsa_complete( rsa ) != 0 ||
563 mbedtls_rsa_check_pubkey( rsa ) != 0 )
565 return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
569 return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
570 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
574 #endif /* MBEDTLS_RSA_C */
576 /* Get a PK algorithm identifier
578 * AlgorithmIdentifier ::= SEQUENCE {
579 * algorithm OBJECT IDENTIFIER,
580 * parameters ANY DEFINED BY algorithm OPTIONAL }
582 static int pk_get_pk_alg( unsigned char **p,
583 const unsigned char *end,
584 mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params )
587 mbedtls_asn1_buf alg_oid;
589 memset( params, 0, sizeof(mbedtls_asn1_buf) );
591 if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
592 return( MBEDTLS_ERR_PK_INVALID_ALG + ret );
594 if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 )
595 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
598 * No parameters with RSA (only for EC)
600 if( *pk_alg == MBEDTLS_PK_RSA &&
601 ( ( params->tag != MBEDTLS_ASN1_NULL && params->tag != 0 ) ||
604 return( MBEDTLS_ERR_PK_INVALID_ALG );
611 * SubjectPublicKeyInfo ::= SEQUENCE {
612 * algorithm AlgorithmIdentifier,
613 * subjectPublicKey BIT STRING }
615 int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
616 mbedtls_pk_context *pk )
620 mbedtls_asn1_buf alg_params;
621 mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
622 const mbedtls_pk_info_t *pk_info;
624 PK_VALIDATE_RET( p != NULL );
625 PK_VALIDATE_RET( *p != NULL );
626 PK_VALIDATE_RET( end != NULL );
627 PK_VALIDATE_RET( pk != NULL );
629 if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
630 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
632 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
637 if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
640 if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
641 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
643 if( *p + len != end )
644 return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
645 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
647 if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
648 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
650 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
653 #if defined(MBEDTLS_RSA_C)
654 if( pk_alg == MBEDTLS_PK_RSA )
656 ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) );
658 #endif /* MBEDTLS_RSA_C */
659 #if defined(MBEDTLS_ECP_C)
660 if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY )
662 ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp );
664 ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) );
666 #endif /* MBEDTLS_ECP_C */
667 ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
669 if( ret == 0 && *p != end )
670 ret = MBEDTLS_ERR_PK_INVALID_PUBKEY
671 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
674 mbedtls_pk_free( pk );
679 #if defined(MBEDTLS_RSA_C)
681 * Parse a PKCS#1 encoded private RSA key
683 static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
684 const unsigned char *key,
689 unsigned char *p, *end;
692 mbedtls_mpi_init( &T );
694 p = (unsigned char *) key;
698 * This function parses the RSAPrivateKey (PKCS#1)
700 * RSAPrivateKey ::= SEQUENCE {
702 * modulus INTEGER, -- n
703 * publicExponent INTEGER, -- e
704 * privateExponent INTEGER, -- d
705 * prime1 INTEGER, -- p
706 * prime2 INTEGER, -- q
707 * exponent1 INTEGER, -- d mod (p-1)
708 * exponent2 INTEGER, -- d mod (q-1)
709 * coefficient INTEGER, -- (inverse of q) mod p
710 * otherPrimeInfos OtherPrimeInfos OPTIONAL
713 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
714 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
716 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
721 if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
723 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
728 return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
732 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
733 MBEDTLS_ASN1_INTEGER ) ) != 0 ||
734 ( ret = mbedtls_rsa_import_raw( rsa, p, len, NULL, 0, NULL, 0,
735 NULL, 0, NULL, 0 ) ) != 0 )
740 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
741 MBEDTLS_ASN1_INTEGER ) ) != 0 ||
742 ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
743 NULL, 0, p, len ) ) != 0 )
748 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
749 MBEDTLS_ASN1_INTEGER ) ) != 0 ||
750 ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
751 p, len, NULL, 0 ) ) != 0 )
756 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
757 MBEDTLS_ASN1_INTEGER ) ) != 0 ||
758 ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, p, len, NULL, 0,
759 NULL, 0, NULL, 0 ) ) != 0 )
764 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
765 MBEDTLS_ASN1_INTEGER ) ) != 0 ||
766 ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, p, len,
767 NULL, 0, NULL, 0 ) ) != 0 )
771 /* Complete the RSA private key */
772 if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 )
775 /* Check optional parameters */
776 if( ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
777 ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
778 ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 )
783 ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
784 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ;
789 mbedtls_mpi_free( &T );
793 /* Wrap error code if it's coming from a lower level */
794 if( ( ret & 0xff80 ) == 0 )
795 ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret;
797 ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
799 mbedtls_rsa_free( rsa );
804 #endif /* MBEDTLS_RSA_C */
806 #if defined(MBEDTLS_ECP_C)
808 * Parse a SEC1 encoded private EC key
810 static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
811 const unsigned char *key,
815 int version, pubkey_done;
817 mbedtls_asn1_buf params;
818 unsigned char *p = (unsigned char *) key;
819 unsigned char *end = p + keylen;
823 * RFC 5915, or SEC1 Appendix C.4
825 * ECPrivateKey ::= SEQUENCE {
826 * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
827 * privateKey OCTET STRING,
828 * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
829 * publicKey [1] BIT STRING OPTIONAL
832 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
833 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
835 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
840 if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
841 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
844 return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
846 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
847 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
849 if( ( ret = mbedtls_mpi_read_binary( &eck->d, p, len ) ) != 0 )
851 mbedtls_ecp_keypair_free( eck );
852 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
861 * Is 'parameters' present?
863 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
864 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
866 if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 ||
867 ( ret = pk_use_ecparams( ¶ms, &eck->grp ) ) != 0 )
869 mbedtls_ecp_keypair_free( eck );
873 else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
875 mbedtls_ecp_keypair_free( eck );
876 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
883 * Is 'publickey' present? If not, or if we can't read it (eg because it
884 * is compressed), create it from the private key.
886 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
887 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
891 if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
892 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
894 if( p + len != end2 )
895 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
896 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
898 if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
903 * The only acceptable failure mode of pk_get_ecpubkey() above
904 * is if the point format is not recognized.
906 if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE )
907 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
910 else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
912 mbedtls_ecp_keypair_free( eck );
913 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
918 ( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
919 NULL, NULL ) ) != 0 )
921 mbedtls_ecp_keypair_free( eck );
922 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
925 if( ( ret = mbedtls_ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 )
927 mbedtls_ecp_keypair_free( eck );
933 #endif /* MBEDTLS_ECP_C */
936 * Parse an unencrypted PKCS#8 encoded private key
940 * - This function does not own the key buffer. It is the
941 * responsibility of the caller to take care of zeroizing
942 * and freeing it after use.
944 * - The function is responsible for freeing the provided
945 * PK context on failure.
948 static int pk_parse_key_pkcs8_unencrypted_der(
949 mbedtls_pk_context *pk,
950 const unsigned char* key,
955 mbedtls_asn1_buf params;
956 unsigned char *p = (unsigned char *) key;
957 unsigned char *end = p + keylen;
958 mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
959 const mbedtls_pk_info_t *pk_info;
962 * This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208)
964 * PrivateKeyInfo ::= SEQUENCE {
966 * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
967 * privateKey PrivateKey,
968 * attributes [0] IMPLICIT Attributes OPTIONAL }
970 * Version ::= INTEGER
971 * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
972 * PrivateKey ::= OCTET STRING
974 * The PrivateKey OCTET STRING is a SEC1 ECPrivateKey
977 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
978 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
980 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
985 if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
986 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
989 return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret );
991 if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 )
992 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
994 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
995 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
998 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
999 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
1001 if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
1002 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
1004 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
1007 #if defined(MBEDTLS_RSA_C)
1008 if( pk_alg == MBEDTLS_PK_RSA )
1010 if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 )
1012 mbedtls_pk_free( pk );
1016 #endif /* MBEDTLS_RSA_C */
1017 #if defined(MBEDTLS_ECP_C)
1018 if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH )
1020 if( ( ret = pk_use_ecparams( ¶ms, &mbedtls_pk_ec( *pk )->grp ) ) != 0 ||
1021 ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len ) ) != 0 )
1023 mbedtls_pk_free( pk );
1027 #endif /* MBEDTLS_ECP_C */
1028 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
1034 * Parse an encrypted PKCS#8 encoded private key
1036 * To save space, the decryption happens in-place on the given key buffer.
1037 * Also, while this function may modify the keybuffer, it doesn't own it,
1038 * and instead it is the responsibility of the caller to zeroize and properly
1039 * free it after use.
1042 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
1043 static int pk_parse_key_pkcs8_encrypted_der(
1044 mbedtls_pk_context *pk,
1045 unsigned char *key, size_t keylen,
1046 const unsigned char *pwd, size_t pwdlen )
1048 int ret, decrypted = 0;
1051 unsigned char *p, *end;
1052 mbedtls_asn1_buf pbe_alg_oid, pbe_params;
1053 #if defined(MBEDTLS_PKCS12_C)
1054 mbedtls_cipher_type_t cipher_alg;
1055 mbedtls_md_type_t md_alg;
1062 return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
1065 * This function parses the EncryptedPrivateKeyInfo object (PKCS#8)
1067 * EncryptedPrivateKeyInfo ::= SEQUENCE {
1068 * encryptionAlgorithm EncryptionAlgorithmIdentifier,
1069 * encryptedData EncryptedData
1072 * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
1074 * EncryptedData ::= OCTET STRING
1076 * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
1079 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
1080 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
1082 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
1087 if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
1088 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
1090 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
1091 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
1096 * Decrypt EncryptedData with appropriate PBE
1098 #if defined(MBEDTLS_PKCS12_C)
1099 if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
1101 if( ( ret = mbedtls_pkcs12_pbe( &pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
1103 pwd, pwdlen, p, len, buf ) ) != 0 )
1105 if( ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH )
1106 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
1113 else if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) == 0 )
1115 if( ( ret = mbedtls_pkcs12_pbe_sha1_rc4_128( &pbe_params,
1116 MBEDTLS_PKCS12_PBE_DECRYPT,
1118 p, len, buf ) ) != 0 )
1123 // Best guess for password mismatch when using RC4. If first tag is
1124 // not MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE
1126 if( *buf != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
1127 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
1132 #endif /* MBEDTLS_PKCS12_C */
1133 #if defined(MBEDTLS_PKCS5_C)
1134 if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid ) == 0 )
1136 if( ( ret = mbedtls_pkcs5_pbes2( &pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen,
1137 p, len, buf ) ) != 0 )
1139 if( ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH )
1140 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
1148 #endif /* MBEDTLS_PKCS5_C */
1153 if( decrypted == 0 )
1154 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
1156 return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
1158 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
1161 * Parse a private key
1163 int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
1164 const unsigned char *key, size_t keylen,
1165 const unsigned char *pwd, size_t pwdlen )
1168 const mbedtls_pk_info_t *pk_info;
1169 #if defined(MBEDTLS_PEM_PARSE_C)
1171 mbedtls_pem_context pem;
1174 PK_VALIDATE_RET( pk != NULL );
1176 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
1177 PK_VALIDATE_RET( key != NULL );
1179 #if defined(MBEDTLS_PEM_PARSE_C)
1180 mbedtls_pem_init( &pem );
1182 #if defined(MBEDTLS_RSA_C)
1183 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
1184 if( key[keylen - 1] != '\0' )
1185 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1187 ret = mbedtls_pem_read_buffer( &pem,
1188 "-----BEGIN RSA PRIVATE KEY-----",
1189 "-----END RSA PRIVATE KEY-----",
1190 key, pwd, pwdlen, &len );
1194 pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
1195 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
1196 ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
1197 pem.buf, pem.buflen ) ) != 0 )
1199 mbedtls_pk_free( pk );
1202 mbedtls_pem_free( &pem );
1205 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
1206 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
1207 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
1208 return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
1209 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1211 #endif /* MBEDTLS_RSA_C */
1213 #if defined(MBEDTLS_ECP_C)
1214 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
1215 if( key[keylen - 1] != '\0' )
1216 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1218 ret = mbedtls_pem_read_buffer( &pem,
1219 "-----BEGIN EC PRIVATE KEY-----",
1220 "-----END EC PRIVATE KEY-----",
1221 key, pwd, pwdlen, &len );
1224 pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
1226 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
1227 ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
1228 pem.buf, pem.buflen ) ) != 0 )
1230 mbedtls_pk_free( pk );
1233 mbedtls_pem_free( &pem );
1236 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
1237 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
1238 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
1239 return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
1240 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1242 #endif /* MBEDTLS_ECP_C */
1244 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
1245 if( key[keylen - 1] != '\0' )
1246 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1248 ret = mbedtls_pem_read_buffer( &pem,
1249 "-----BEGIN PRIVATE KEY-----",
1250 "-----END PRIVATE KEY-----",
1251 key, NULL, 0, &len );
1254 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
1255 pem.buf, pem.buflen ) ) != 0 )
1257 mbedtls_pk_free( pk );
1260 mbedtls_pem_free( &pem );
1263 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1266 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
1267 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
1268 if( key[keylen - 1] != '\0' )
1269 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1271 ret = mbedtls_pem_read_buffer( &pem,
1272 "-----BEGIN ENCRYPTED PRIVATE KEY-----",
1273 "-----END ENCRYPTED PRIVATE KEY-----",
1274 key, NULL, 0, &len );
1277 if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
1278 pem.buf, pem.buflen,
1279 pwd, pwdlen ) ) != 0 )
1281 mbedtls_pk_free( pk );
1284 mbedtls_pem_free( &pem );
1287 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1289 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
1293 #endif /* MBEDTLS_PEM_PARSE_C */
1296 * At this point we only know it's not a PEM formatted key. Could be any
1297 * of the known DER encoded private key formats
1299 * We try the different DER format parsers to see if one passes without
1302 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
1304 unsigned char *key_copy;
1306 if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )
1307 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
1309 memcpy( key_copy, key, keylen );
1311 ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,
1314 mbedtls_platform_zeroize( key_copy, keylen );
1315 mbedtls_free( key_copy );
1321 mbedtls_pk_free( pk );
1322 mbedtls_pk_init( pk );
1324 if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH )
1328 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
1330 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )
1333 mbedtls_pk_free( pk );
1334 mbedtls_pk_init( pk );
1336 #if defined(MBEDTLS_RSA_C)
1338 pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
1339 if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
1340 pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) == 0 )
1345 mbedtls_pk_free( pk );
1346 mbedtls_pk_init( pk );
1347 #endif /* MBEDTLS_RSA_C */
1349 #if defined(MBEDTLS_ECP_C)
1350 pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
1351 if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
1352 pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
1353 key, keylen ) == 0 )
1357 mbedtls_pk_free( pk );
1358 #endif /* MBEDTLS_ECP_C */
1360 /* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_C isn't,
1361 * it is ok to leave the PK context initialized but not
1362 * freed: It is the caller's responsibility to call pk_init()
1363 * before calling this function, and to call pk_free()
1364 * when it fails. If MBEDTLS_ECP_C is defined but MBEDTLS_RSA_C
1365 * isn't, this leads to mbedtls_pk_free() being called
1366 * twice, once here and once by the caller, but this is
1367 * also ok and in line with the mbedtls_pk_free() calls
1368 * on failed PEM parsing attempts. */
1370 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
1374 * Parse a public key
1376 int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
1377 const unsigned char *key, size_t keylen )
1381 #if defined(MBEDTLS_RSA_C)
1382 const mbedtls_pk_info_t *pk_info;
1384 #if defined(MBEDTLS_PEM_PARSE_C)
1386 mbedtls_pem_context pem;
1389 PK_VALIDATE_RET( ctx != NULL );
1391 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
1392 PK_VALIDATE_RET( key != NULL || keylen == 0 );
1394 #if defined(MBEDTLS_PEM_PARSE_C)
1395 mbedtls_pem_init( &pem );
1396 #if defined(MBEDTLS_RSA_C)
1397 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
1398 if( key[keylen - 1] != '\0' )
1399 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1401 ret = mbedtls_pem_read_buffer( &pem,
1402 "-----BEGIN RSA PUBLIC KEY-----",
1403 "-----END RSA PUBLIC KEY-----",
1404 key, NULL, 0, &len );
1409 if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
1410 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
1412 if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
1415 if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen, mbedtls_pk_rsa( *ctx ) ) ) != 0 )
1416 mbedtls_pk_free( ctx );
1418 mbedtls_pem_free( &pem );
1421 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1423 mbedtls_pem_free( &pem );
1426 #endif /* MBEDTLS_RSA_C */
1428 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
1429 if( key[keylen - 1] != '\0' )
1430 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1432 ret = mbedtls_pem_read_buffer( &pem,
1433 "-----BEGIN PUBLIC KEY-----",
1434 "-----END PUBLIC KEY-----",
1435 key, NULL, 0, &len );
1444 ret = mbedtls_pk_parse_subpubkey( &p, p + pem.buflen, ctx );
1445 mbedtls_pem_free( &pem );
1448 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1450 mbedtls_pem_free( &pem );
1453 mbedtls_pem_free( &pem );
1454 #endif /* MBEDTLS_PEM_PARSE_C */
1456 #if defined(MBEDTLS_RSA_C)
1457 if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
1458 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
1460 if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
1463 p = (unsigned char *)key;
1464 ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) );
1469 mbedtls_pk_free( ctx );
1470 if( ret != ( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
1474 #endif /* MBEDTLS_RSA_C */
1475 p = (unsigned char *) key;
1477 ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx );
1482 #endif /* MBEDTLS_PK_PARSE_C */