/src/openthread/third_party/mbedtls/repo/library/pkwrite.c

Source
/*
 *  Public Key layer for writing key files and structures
 *
 *  Copyright The Mbed TLS Contributors
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 */

#include "common.h"

#if defined(MBEDTLS_PK_WRITE_C)

#include "mbedtls/pk.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include "pk_internal.h"

#include <string.h>

#if defined(MBEDTLS_ECP_C)
#include "mbedtls/bignum.h"
#include "mbedtls/ecp.h"
#include "mbedtls/platform_util.h"
#endif
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#include "pk_internal.h"
#endif
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#include "pkwrite.h"
#endif
#if defined(MBEDTLS_PEM_WRITE_C)
#include "mbedtls/pem.h"
#endif
#if defined(MBEDTLS_RSA_C)
#include "rsa_internal.h"
#endif

#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "psa_util_internal.h"
#endif
#include "mbedtls/platform.h"

/* Helpers for properly sizing buffers aimed at holding public keys or
 * key-pairs based on build symbols. */
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
#define PK_MAX_EC_PUBLIC_KEY_SIZE       PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
#define PK_MAX_EC_KEY_PAIR_SIZE         MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH
#elif defined(MBEDTLS_USE_PSA_CRYPTO)
#define PK_MAX_EC_PUBLIC_KEY_SIZE       PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
#define PK_MAX_EC_KEY_PAIR_SIZE         MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH
#else
#define PK_MAX_EC_PUBLIC_KEY_SIZE       MBEDTLS_ECP_MAX_PT_LEN
#define PK_MAX_EC_KEY_PAIR_SIZE         MBEDTLS_ECP_MAX_BYTES
#endif

/******************************************************************************
 * Internal functions for RSA keys.
 ******************************************************************************/
#if defined(MBEDTLS_RSA_C)
static int pk_write_rsa_der(unsigned char **p, unsigned char *buf,
                            const mbedtls_pk_context *pk)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
    if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
        uint8_t tmp[PSA_EXPORT_KEY_PAIR_MAX_SIZE];
        size_t len = 0, tmp_len = 0;

        if (psa_export_key(pk->priv_id, tmp, sizeof(tmp), &tmp_len) != PSA_SUCCESS) {
            return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
        }
        *p -= tmp_len;
        memcpy(*p, tmp, tmp_len);
        len += tmp_len;
        mbedtls_platform_zeroize(tmp, sizeof(tmp));

        return (int) len;
    }
#endif /* MBEDTLS_USE_PSA_CRYPTO */
    return mbedtls_rsa_write_key(mbedtls_pk_rsa(*pk), buf, p);
}
#endif /* MBEDTLS_RSA_C */

/******************************************************************************
 * Internal functions for EC keys.
 ******************************************************************************/
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start,
                              const mbedtls_pk_context *pk)
{
    size_t len = 0;
    uint8_t buf[PK_MAX_EC_PUBLIC_KEY_SIZE];

    if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
        if (psa_export_public_key(pk->priv_id, buf, sizeof(buf), &len) != PSA_SUCCESS) {
            return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
        }
    } else {
        len = pk->pub_raw_len;
        memcpy(buf, pk->pub_raw, len);
    }

    if (*p < start || (size_t) (*p - start) < len) {
        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
    }

    *p -= len;
    memcpy(*p, buf, len);

    return (int) len;
}
#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start,
                              const mbedtls_pk_context *pk)
{
    size_t len = 0;
    unsigned char buf[PK_MAX_EC_PUBLIC_KEY_SIZE];
    mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*pk);
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;

#if defined(MBEDTLS_USE_PSA_CRYPTO)
    if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
        if (psa_export_public_key(pk->priv_id, buf, sizeof(buf), &len) != PSA_SUCCESS) {
            return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
        }
        *p -= len;
        memcpy(*p, buf, len);
        return (int) len;
    } else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
    {
        if ((ret = mbedtls_ecp_point_write_binary(&ec->grp, &ec->Q,
                                                  MBEDTLS_ECP_PF_UNCOMPRESSED,
                                                  &len, buf, sizeof(buf))) != 0) {
            return ret;
        }
    }

    if (*p < start || (size_t) (*p - start) < len) {
        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
    }

    *p -= len;
    memcpy(*p, buf, len);

    return (int) len;
}
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */

/*
 * privateKey  OCTET STRING -- always of length ceil(log2(n)/8)
 */
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
static int pk_write_ec_private(unsigned char **p, unsigned char *start,
                               const mbedtls_pk_context *pk)
{
    size_t byte_length;
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    unsigned char tmp[PK_MAX_EC_KEY_PAIR_SIZE];
    psa_status_t status;

    if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
        status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length);
        if (status != PSA_SUCCESS) {
            ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
            return ret;
        }
    } else {
        status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length);
        if (status != PSA_SUCCESS) {
            ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
            goto exit;
        }
    }

    ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length);
exit:
    mbedtls_platform_zeroize(tmp, sizeof(tmp));
    return ret;
}
#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
static int pk_write_ec_private(unsigned char **p, unsigned char *start,
                               const mbedtls_pk_context *pk)
{
    size_t byte_length;
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    unsigned char tmp[PK_MAX_EC_KEY_PAIR_SIZE];

#if defined(MBEDTLS_USE_PSA_CRYPTO)
    psa_status_t status;
    if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
        status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length);
        if (status != PSA_SUCCESS) {
            ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
            return ret;
        }
    } else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
    {
        mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk);
        byte_length = (ec->grp.pbits + 7) / 8;

        ret = mbedtls_ecp_write_key_ext(ec, &byte_length, tmp, sizeof(tmp));
        if (ret != 0) {
            goto exit;
        }
    }
    ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length);
exit:
    mbedtls_platform_zeroize(tmp, sizeof(tmp));
    return ret;
}
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */

/*
 * ECParameters ::= CHOICE {
 *   namedCurve         OBJECT IDENTIFIER
 * }
 */
static int pk_write_ec_param(unsigned char **p, unsigned char *start,
                             mbedtls_ecp_group_id grp_id)
{
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    size_t len = 0;
    const char *oid;
    size_t oid_len;

    if ((ret = mbedtls_oid_get_oid_by_ec_grp(grp_id, &oid, &oid_len)) != 0) {
        return ret;
    }

    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len));

    return (int) len;
}

#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
/*
 * RFC8410 section 7
 *
 * OneAsymmetricKey ::= SEQUENCE {
 *    version Version,
 *    privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
 *    privateKey PrivateKey,
 *    attributes [0] IMPLICIT Attributes OPTIONAL,
 *    ...,
 *    [[2: publicKey [1] IMPLICIT PublicKey OPTIONAL ]],
 *    ...
 * }
 * ...
 * CurvePrivateKey ::= OCTET STRING
 */
static int pk_write_ec_rfc8410_der(unsigned char **p, unsigned char *buf,
                                   const mbedtls_pk_context *pk)
{
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    size_t len = 0;
    size_t oid_len = 0;
    const char *oid;
    mbedtls_ecp_group_id grp_id;

    /* privateKey */
    MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk));
    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len));
    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_OCTET_STRING));

    grp_id = mbedtls_pk_get_ec_group_id(pk);
    /* privateKeyAlgorithm */
    if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(grp_id, &oid, &oid_len)) != 0) {
        return ret;
    }
    MBEDTLS_ASN1_CHK_ADD(len,
                         mbedtls_asn1_write_algorithm_identifier_ext(p, buf, oid, oid_len, 0, 0));

    /* version */
    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 0));

    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len));
    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONSTRUCTED |
                                                     MBEDTLS_ASN1_SEQUENCE));

    return (int) len;
}
#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */

/*
 * RFC 5915, or SEC1 Appendix C.4
 *
 * ECPrivateKey ::= SEQUENCE {
 *      version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
 *      privateKey     OCTET STRING,
 *      parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
 *      publicKey  [1] BIT STRING OPTIONAL
 *    }
 */
static int pk_write_ec_der(unsigned char **p, unsigned char *buf,
                           const mbedtls_pk_context *pk)
{
    size_t len = 0;
    int ret;
    size_t pub_len = 0, par_len = 0;
    mbedtls_ecp_group_id grp_id;

    /* publicKey */
    MBEDTLS_ASN1_CHK_ADD(pub_len, pk_write_ec_pubkey(p, buf, pk));

    if (*p - buf < 1) {
        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
    }
    (*p)--;
    **p = 0;
    pub_len += 1;

    MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(p, buf, pub_len));
    MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_BIT_STRING));

    MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(p, buf, pub_len));
    MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(p, buf,
                                                         MBEDTLS_ASN1_CONTEXT_SPECIFIC |
                                                         MBEDTLS_ASN1_CONSTRUCTED | 1));
    len += pub_len;

    /* parameters */
    grp_id = mbedtls_pk_get_ec_group_id(pk);
    MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(p, buf, grp_id));
    MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_len(p, buf, par_len));
    MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_tag(p, buf,
                                                         MBEDTLS_ASN1_CONTEXT_SPECIFIC |
                                                         MBEDTLS_ASN1_CONSTRUCTED | 0));
    len += par_len;

    /* privateKey */
    MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk));

    /* version */
    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 1));

    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len));
    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONSTRUCTED |
                                                     MBEDTLS_ASN1_SEQUENCE));

    return (int) len;
}
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */

/******************************************************************************
 * Internal functions for Opaque keys.
 ******************************************************************************/
#if defined(MBEDTLS_USE_PSA_CRYPTO)
static int pk_write_opaque_pubkey(unsigned char **p, unsigned char *start,
                                  const mbedtls_pk_context *pk)
{
    size_t buffer_size;
    size_t len = 0;

    if (*p < start) {
        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
    }

    buffer_size = (size_t) (*p - start);
    if (psa_export_public_key(pk->priv_id, start, buffer_size,
                              &len) != PSA_SUCCESS) {
        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
    }

    *p -= len;
    memmove(*p, start, len);

    return (int) len;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */

/******************************************************************************
 * Generic helpers
 ******************************************************************************/

/* Extend the public mbedtls_pk_get_type() by getting key type also in case of
 * opaque keys. */
static mbedtls_pk_type_t pk_get_type_ext(const mbedtls_pk_context *pk)
{
    mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(pk);

#if defined(MBEDTLS_USE_PSA_CRYPTO)
    if (pk_type == MBEDTLS_PK_OPAQUE) {
        psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT;
        psa_key_type_t opaque_key_type;

        if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) {
            return MBEDTLS_PK_NONE;
        }
        opaque_key_type = psa_get_key_type(&opaque_attrs);
        psa_reset_key_attributes(&opaque_attrs);

        if (PSA_KEY_TYPE_IS_ECC(opaque_key_type)) {
            return MBEDTLS_PK_ECKEY;
        } else if (PSA_KEY_TYPE_IS_RSA(opaque_key_type)) {
            return MBEDTLS_PK_RSA;
        } else {
            return MBEDTLS_PK_NONE;
        }
    } else
#endif
    return pk_type;
}

/******************************************************************************
 * Public functions for writing private/public DER keys.
 ******************************************************************************/
int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start,
                            const mbedtls_pk_context *key)
{
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    size_t len = 0;

#if defined(MBEDTLS_RSA_C)
    if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) {
        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(*key), start, p));
    } else
#endif
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
    if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
        MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, key));
    } else
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
    if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) {
        MBEDTLS_ASN1_CHK_ADD(len, pk_write_opaque_pubkey(p, start, key));
    } else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
    return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;

    return (int) len;
}

int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *buf, size_t size)
{
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    unsigned char *c;
    int has_par = 1;
    size_t len = 0, par_len = 0, oid_len = 0;
    mbedtls_pk_type_t pk_type;
    const char *oid = NULL;

    if (size == 0) {
        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
    }

    c = buf + size;

    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_pk_write_pubkey(&c, buf, key));

    if (c - buf < 1) {
        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
    }

    /*
     *  SubjectPublicKeyInfo  ::=  SEQUENCE  {
     *       algorithm            AlgorithmIdentifier,
     *       subjectPublicKey     BIT STRING }
     */
    *--c = 0;
    len += 1;

    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING));

    pk_type = pk_get_type_ext(key);

#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
    if (pk_get_type_ext(key) == MBEDTLS_PK_ECKEY) {
        mbedtls_ecp_group_id ec_grp_id = mbedtls_pk_get_ec_group_id(key);
        if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) {
            ret = mbedtls_oid_get_oid_by_ec_grp_algid(ec_grp_id, &oid, &oid_len);
            if (ret != 0) {
                return ret;
            }
            has_par = 0;
        } else {
            MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, ec_grp_id));
        }
    }
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */

    /* At this point oid_len is not null only for EC Montgomery keys. */
    if (oid_len == 0) {
        ret = mbedtls_oid_get_oid_by_pk_alg(pk_type, &oid, &oid_len);
        if (ret != 0) {
            return ret;
        }
    }

    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier_ext(&c, buf, oid, oid_len,
                                                                          par_len, has_par));

    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED |
                                                     MBEDTLS_ASN1_SEQUENCE));

    return (int) len;
}

int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, size_t size)
{
    unsigned char *c;

    if (size == 0) {
        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
    }

    c = buf + size;

#if defined(MBEDTLS_RSA_C)
    if (pk_get_type_ext(key) == MBEDTLS_PK_RSA) {
        return pk_write_rsa_der(&c, buf, key);
    } else
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
    if (pk_get_type_ext(key) == MBEDTLS_PK_ECKEY) {
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
        if (mbedtls_pk_is_rfc8410(key)) {
            return pk_write_ec_rfc8410_der(&c, buf, key);
        }
#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
        return pk_write_ec_der(&c, buf, key);
    } else
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
    return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
}

/******************************************************************************
 * Public functions for wrinting private/public PEM keys.
 ******************************************************************************/
#if defined(MBEDTLS_PEM_WRITE_C)

#define PUB_DER_MAX_BYTES                                                   \
    (MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES > MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES ? \
     MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES : MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES)
#define PRV_DER_MAX_BYTES                                                   \
    (MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES > MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES ? \
     MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES : MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES)

int mbedtls_pk_write_pubkey_pem(const mbedtls_pk_context *key, unsigned char *buf, size_t size)
{
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    unsigned char *output_buf = NULL;
    output_buf = mbedtls_calloc(1, PUB_DER_MAX_BYTES);
    if (output_buf == NULL) {
        return MBEDTLS_ERR_PK_ALLOC_FAILED;
    }
    size_t olen = 0;

    if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf,
                                           PUB_DER_MAX_BYTES)) < 0) {
        goto cleanup;
    }

    if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_PUBLIC_KEY "\n", PEM_END_PUBLIC_KEY "\n",
                                        output_buf + PUB_DER_MAX_BYTES - ret,
                                        ret, buf, size, &olen)) != 0) {
        goto cleanup;
    }

    ret = 0;
cleanup:
    mbedtls_free(output_buf);
    return ret;
}

int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, size_t size)
{
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    unsigned char *output_buf = NULL;
    output_buf = mbedtls_calloc(1, PRV_DER_MAX_BYTES);
    if (output_buf == NULL) {
        return MBEDTLS_ERR_PK_ALLOC_FAILED;
    }
    const char *begin, *end;
    size_t olen = 0;

    if ((ret = mbedtls_pk_write_key_der(key, output_buf, PRV_DER_MAX_BYTES)) < 0) {
        goto cleanup;
    }

#if defined(MBEDTLS_RSA_C)
    if (pk_get_type_ext(key) == MBEDTLS_PK_RSA) {
        begin = PEM_BEGIN_PRIVATE_KEY_RSA "\n";
        end = PEM_END_PRIVATE_KEY_RSA "\n";
    } else
#endif
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
    if (pk_get_type_ext(key) == MBEDTLS_PK_ECKEY) {
        if (mbedtls_pk_is_rfc8410(key)) {
            begin = PEM_BEGIN_PRIVATE_KEY_PKCS8 "\n";
            end = PEM_END_PRIVATE_KEY_PKCS8 "\n";
        } else {
            begin = PEM_BEGIN_PRIVATE_KEY_EC "\n";
            end = PEM_END_PRIVATE_KEY_EC "\n";
        }
    } else
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
    {
        ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
        goto cleanup;
    }

    if ((ret = mbedtls_pem_write_buffer(begin, end,
                                        output_buf + PRV_DER_MAX_BYTES - ret,
                                        ret, buf, size, &olen)) != 0) {
        goto cleanup;
    }

    ret = 0;
cleanup:
    mbedtls_zeroize_and_free(output_buf, PRV_DER_MAX_BYTES);
    return ret;
}
#endif /* MBEDTLS_PEM_WRITE_C */

#endif /* MBEDTLS_PK_WRITE_C */

Coverage Report

Created: 2025-11-12 06:58

Line	Count	Source
1		/*
2		* Public Key layer for writing key files and structures
3		*
4		* Copyright The Mbed TLS Contributors
5		* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6		*/
7
8		#include "common.h"
9
10		#if defined(MBEDTLS_PK_WRITE_C)
11
12		#include "mbedtls/pk.h"
13		#include "mbedtls/asn1write.h"
14		#include "mbedtls/oid.h"
15		#include "mbedtls/platform_util.h"
16		#include "mbedtls/error.h"
17		#include "pk_internal.h"
18
19		#include <string.h>
20
21		#if defined(MBEDTLS_ECP_C)
22		#include "mbedtls/bignum.h"
23		#include "mbedtls/ecp.h"
24		#include "mbedtls/platform_util.h"
25		#endif
26		#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
27		#include "pk_internal.h"
28		#endif
29		#if defined(MBEDTLS_RSA_C) \|\| defined(MBEDTLS_PK_HAVE_ECC_KEYS)
30		#include "pkwrite.h"
31		#endif
32		#if defined(MBEDTLS_PEM_WRITE_C)
33		#include "mbedtls/pem.h"
34		#endif
35		#if defined(MBEDTLS_RSA_C)
36		#include "rsa_internal.h"
37		#endif
38
39		#if defined(MBEDTLS_USE_PSA_CRYPTO)
40		#include "psa/crypto.h"
41		#include "psa_util_internal.h"
42		#endif
43		#include "mbedtls/platform.h"
44
45		/* Helpers for properly sizing buffers aimed at holding public keys or
46		* key-pairs based on build symbols. */
47		#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
48		#define PK_MAX_EC_PUBLIC_KEY_SIZE PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
49		#define PK_MAX_EC_KEY_PAIR_SIZE MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH
50		#elif defined(MBEDTLS_USE_PSA_CRYPTO)
51		#define PK_MAX_EC_PUBLIC_KEY_SIZE PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
52		#define PK_MAX_EC_KEY_PAIR_SIZE MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH
53		#else
54		#define PK_MAX_EC_PUBLIC_KEY_SIZE MBEDTLS_ECP_MAX_PT_LEN
55		#define PK_MAX_EC_KEY_PAIR_SIZE MBEDTLS_ECP_MAX_BYTES
56		#endif
57
58		/******************************************************************************
59		* Internal functions for RSA keys.
60		******************************************************************************/
61		#if defined(MBEDTLS_RSA_C)
62		static int pk_write_rsa_der(unsigned char *p, unsigned char buf,
63		const mbedtls_pk_context *pk)
64		{
65		#if defined(MBEDTLS_USE_PSA_CRYPTO)
66		if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
67		uint8_t tmp[PSA_EXPORT_KEY_PAIR_MAX_SIZE];
68		size_t len = 0, tmp_len = 0;
69
70		if (psa_export_key(pk->priv_id, tmp, sizeof(tmp), &tmp_len) != PSA_SUCCESS) {
71		return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
72		}
73		*p -= tmp_len;
74		memcpy(*p, tmp, tmp_len);
75		len += tmp_len;
76		mbedtls_platform_zeroize(tmp, sizeof(tmp));
77
78		return (int) len;
79		}
80		#endif /* MBEDTLS_USE_PSA_CRYPTO */
81		return mbedtls_rsa_write_key(mbedtls_pk_rsa(*pk), buf, p);
82		}
83		#endif /* MBEDTLS_RSA_C */
84
85		/******************************************************************************
86		* Internal functions for EC keys.
87		******************************************************************************/
88		#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
89		#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
90		static int pk_write_ec_pubkey(unsigned char *p, unsigned char start,
91		const mbedtls_pk_context *pk)
92		{
93		size_t len = 0;
94		uint8_t buf[PK_MAX_EC_PUBLIC_KEY_SIZE];
95
96		if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
97		if (psa_export_public_key(pk->priv_id, buf, sizeof(buf), &len) != PSA_SUCCESS) {
98		return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
99		}
100		} else {
101		len = pk->pub_raw_len;
102		memcpy(buf, pk->pub_raw, len);
103		}
104
105		if (p < start \|\| (size_t) (p - start) < len) {
106		return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
107		}
108
109		*p -= len;
110		memcpy(*p, buf, len);
111
112		return (int) len;
113		}
114		#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
115		static int pk_write_ec_pubkey(unsigned char *p, unsigned char start,
116		const mbedtls_pk_context *pk)
117	0	{
118	0	size_t len = 0;
119	0	unsigned char buf[PK_MAX_EC_PUBLIC_KEY_SIZE];
120	0	mbedtls_ecp_keypair ec = mbedtls_pk_ec(pk);
121	0	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
122
123		#if defined(MBEDTLS_USE_PSA_CRYPTO)
124		if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
125		if (psa_export_public_key(pk->priv_id, buf, sizeof(buf), &len) != PSA_SUCCESS) {
126		return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
127		}
128		*p -= len;
129		memcpy(*p, buf, len);
130		return (int) len;
131		} else
132		#endif /* MBEDTLS_USE_PSA_CRYPTO */
133	0	{
134	0	if ((ret = mbedtls_ecp_point_write_binary(&ec->grp, &ec->Q,
135	0	MBEDTLS_ECP_PF_UNCOMPRESSED,
136	0	&len, buf, sizeof(buf))) != 0) {
137	0	return ret;
138	0	}
139	0	}
140
141	0	if (p < start \|\| (size_t) (p - start) < len) {
142	0	return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
143	0	}
144
145	0	*p -= len;
146	0	memcpy(*p, buf, len);
147
148	0	return (int) len;
149	0	}
150		#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
151
152		/*
153		* privateKey OCTET STRING -- always of length ceil(log2(n)/8)
154		*/
155		#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
156		static int pk_write_ec_private(unsigned char *p, unsigned char start,
157		const mbedtls_pk_context *pk)
158		{
159		size_t byte_length;
160		int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
161		unsigned char tmp[PK_MAX_EC_KEY_PAIR_SIZE];
162		psa_status_t status;
163
164		if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
165		status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length);
166		if (status != PSA_SUCCESS) {
167		ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
168		return ret;
169		}
170		} else {
171		status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length);
172		if (status != PSA_SUCCESS) {
173		ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
174		goto exit;
175		}
176		}
177
178		ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length);
179		exit:
180		mbedtls_platform_zeroize(tmp, sizeof(tmp));
181		return ret;
182		}
183		#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
184		static int pk_write_ec_private(unsigned char *p, unsigned char start,
185		const mbedtls_pk_context *pk)
186	0	{
187	0	size_t byte_length;
188	0	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
189	0	unsigned char tmp[PK_MAX_EC_KEY_PAIR_SIZE];
190
191		#if defined(MBEDTLS_USE_PSA_CRYPTO)
192		psa_status_t status;
193		if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
194		status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length);
195		if (status != PSA_SUCCESS) {
196		ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
197		return ret;
198		}
199		} else
200		#endif /* MBEDTLS_USE_PSA_CRYPTO */
201	0	{
202	0	mbedtls_ecp_keypair ec = mbedtls_pk_ec_rw(pk);
203	0	byte_length = (ec->grp.pbits + 7) / 8;
204
205	0	ret = mbedtls_ecp_write_key_ext(ec, &byte_length, tmp, sizeof(tmp));
206	0	if (ret != 0) {
207	0	goto exit;
208	0	}
209	0	}
210	0	ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length);
211	0	exit:
212	0	mbedtls_platform_zeroize(tmp, sizeof(tmp));
213	0	return ret;
214	0	}
215		#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
216
217		/*
218		* ECParameters ::= CHOICE {
219		* namedCurve OBJECT IDENTIFIER
220		* }
221		*/
222		static int pk_write_ec_param(unsigned char *p, unsigned char start,
223		mbedtls_ecp_group_id grp_id)
224	0	{
225	0	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
226	0	size_t len = 0;
227	0	const char *oid;
228	0	size_t oid_len;
229
230	0	if ((ret = mbedtls_oid_get_oid_by_ec_grp(grp_id, &oid, &oid_len)) != 0) {
231	0	return ret;
232	0	}
233
234	0	MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len));
235
236	0	return (int) len;
237	0	}
238
239		#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
240		/*
241		* RFC8410 section 7
242		*
243		* OneAsymmetricKey ::= SEQUENCE {
244		* version Version,
245		* privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
246		* privateKey PrivateKey,
247		* attributes [0] IMPLICIT Attributes OPTIONAL,
248		* ...,
249		* [[2: publicKey [1] IMPLICIT PublicKey OPTIONAL ]],
250		* ...
251		* }
252		* ...
253		* CurvePrivateKey ::= OCTET STRING
254		*/
255		static int pk_write_ec_rfc8410_der(unsigned char *p, unsigned char buf,
256		const mbedtls_pk_context *pk)
257		{
258		int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
259		size_t len = 0;
260		size_t oid_len = 0;
261		const char *oid;
262		mbedtls_ecp_group_id grp_id;
263
264		/* privateKey */
265		MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk));
266		MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len));
267		MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_OCTET_STRING));
268
269		grp_id = mbedtls_pk_get_ec_group_id(pk);
270		/* privateKeyAlgorithm */
271		if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(grp_id, &oid, &oid_len)) != 0) {
272		return ret;
273		}
274		MBEDTLS_ASN1_CHK_ADD(len,
275		mbedtls_asn1_write_algorithm_identifier_ext(p, buf, oid, oid_len, 0, 0));
276
277		/* version */
278		MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 0));
279
280		MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len));
281		MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONSTRUCTED \|
282		MBEDTLS_ASN1_SEQUENCE));
283
284		return (int) len;
285		}
286		#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
287
288		/*
289		* RFC 5915, or SEC1 Appendix C.4
290		*
291		* ECPrivateKey ::= SEQUENCE {
292		* version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
293		* privateKey OCTET STRING,
294		* parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
295		* publicKey [1] BIT STRING OPTIONAL
296		* }
297		*/
298		static int pk_write_ec_der(unsigned char *p, unsigned char buf,
299		const mbedtls_pk_context *pk)
300	0	{
301	0	size_t len = 0;
302	0	int ret;
303	0	size_t pub_len = 0, par_len = 0;
304	0	mbedtls_ecp_group_id grp_id;
305
306		/* publicKey */
307	0	MBEDTLS_ASN1_CHK_ADD(pub_len, pk_write_ec_pubkey(p, buf, pk));
308
309	0	if (*p - buf < 1) {
310	0	return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
311	0	}
312	0	(*p)--;
313	0	**p = 0;
314	0	pub_len += 1;
315
316	0	MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(p, buf, pub_len));
317	0	MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_BIT_STRING));
318
319	0	MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(p, buf, pub_len));
320	0	MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(p, buf,
321	0	MBEDTLS_ASN1_CONTEXT_SPECIFIC \|
322	0	MBEDTLS_ASN1_CONSTRUCTED \| 1));
323	0	len += pub_len;
324
325		/* parameters */
326	0	grp_id = mbedtls_pk_get_ec_group_id(pk);
327	0	MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(p, buf, grp_id));
328	0	MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_len(p, buf, par_len));
329	0	MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_tag(p, buf,
330	0	MBEDTLS_ASN1_CONTEXT_SPECIFIC \|
331	0	MBEDTLS_ASN1_CONSTRUCTED \| 0));
332	0	len += par_len;
333
334		/* privateKey */
335	0	MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk));
336
337		/* version */
338	0	MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 1));
339
340	0	MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len));
341	0	MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONSTRUCTED \|
342	0	MBEDTLS_ASN1_SEQUENCE));
343
344	0	return (int) len;
345	0	}
346		#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
347
348		/******************************************************************************
349		* Internal functions for Opaque keys.
350		******************************************************************************/
351		#if defined(MBEDTLS_USE_PSA_CRYPTO)
352		static int pk_write_opaque_pubkey(unsigned char *p, unsigned char start,
353		const mbedtls_pk_context *pk)
354		{
355		size_t buffer_size;
356		size_t len = 0;
357
358		if (*p < start) {
359		return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
360		}
361
362		buffer_size = (size_t) (*p - start);
363		if (psa_export_public_key(pk->priv_id, start, buffer_size,
364		&len) != PSA_SUCCESS) {
365		return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
366		}
367
368		*p -= len;
369		memmove(*p, start, len);
370
371		return (int) len;
372		}
373		#endif /* MBEDTLS_USE_PSA_CRYPTO */
374
375		/******************************************************************************
376		* Generic helpers
377		******************************************************************************/
378
379		/* Extend the public mbedtls_pk_get_type() by getting key type also in case of
380		* opaque keys. */
381		static mbedtls_pk_type_t pk_get_type_ext(const mbedtls_pk_context *pk)
382	0	{
383	0	mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(pk);
384
385		#if defined(MBEDTLS_USE_PSA_CRYPTO)
386		if (pk_type == MBEDTLS_PK_OPAQUE) {
387		psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT;
388		psa_key_type_t opaque_key_type;
389
390		if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) {
391		return MBEDTLS_PK_NONE;
392		}
393		opaque_key_type = psa_get_key_type(&opaque_attrs);
394		psa_reset_key_attributes(&opaque_attrs);
395
396		if (PSA_KEY_TYPE_IS_ECC(opaque_key_type)) {
397		return MBEDTLS_PK_ECKEY;
398		} else if (PSA_KEY_TYPE_IS_RSA(opaque_key_type)) {
399		return MBEDTLS_PK_RSA;
400		} else {
401		return MBEDTLS_PK_NONE;
402		}
403		} else
404		#endif
405	0	return pk_type;
406	0	}
407
408		/******************************************************************************
409		* Public functions for writing private/public DER keys.
410		******************************************************************************/
411		int mbedtls_pk_write_pubkey(unsigned char *p, unsigned char start,
412		const mbedtls_pk_context *key)
413	0	{
414	0	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
415	0	size_t len = 0;
416
417		#if defined(MBEDTLS_RSA_C)
418		if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) {
419		MBEDTLS_ASN1_CHK_ADD(len, mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(*key), start, p));
420		} else
421		#endif
422	0	#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
423	0	if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
424	0	MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, key));
425	0	} else
426	0	#endif
427		#if defined(MBEDTLS_USE_PSA_CRYPTO)
428		if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) {
429		MBEDTLS_ASN1_CHK_ADD(len, pk_write_opaque_pubkey(p, start, key));
430		} else
431		#endif /* MBEDTLS_USE_PSA_CRYPTO */
432	0	return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
433
434	0	return (int) len;
435	0	}
436
437		int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context key, unsigned char buf, size_t size)
438	0	{
439	0	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
440	0	unsigned char *c;
441	0	int has_par = 1;
442	0	size_t len = 0, par_len = 0, oid_len = 0;
443	0	mbedtls_pk_type_t pk_type;
444	0	const char *oid = NULL;
445
446	0	if (size == 0) {
447	0	return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
448	0	}
449
450	0	c = buf + size;
451
452	0	MBEDTLS_ASN1_CHK_ADD(len, mbedtls_pk_write_pubkey(&c, buf, key));
453
454	0	if (c - buf < 1) {
455	0	return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
456	0	}
457
458		/*
459		* SubjectPublicKeyInfo ::= SEQUENCE {
460		* algorithm AlgorithmIdentifier,
461		* subjectPublicKey BIT STRING }
462		*/
463	0	*--c = 0;
464	0	len += 1;
465
466	0	MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
467	0	MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING));
468
469	0	pk_type = pk_get_type_ext(key);
470
471	0	#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
472	0	if (pk_get_type_ext(key) == MBEDTLS_PK_ECKEY) {
473	0	mbedtls_ecp_group_id ec_grp_id = mbedtls_pk_get_ec_group_id(key);
474	0	if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) {
475	0	ret = mbedtls_oid_get_oid_by_ec_grp_algid(ec_grp_id, &oid, &oid_len);
476	0	if (ret != 0) {
477	0	return ret;
478	0	}
479	0	has_par = 0;
480	0	} else {
481	0	MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, ec_grp_id));
482	0	}
483	0	}
484	0	#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
485
486		/* At this point oid_len is not null only for EC Montgomery keys. */
487	0	if (oid_len == 0) {
488	0	ret = mbedtls_oid_get_oid_by_pk_alg(pk_type, &oid, &oid_len);
489	0	if (ret != 0) {
490	0	return ret;
491	0	}
492	0	}
493
494	0	MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier_ext(&c, buf, oid, oid_len,
495	0	par_len, has_par));
496
497	0	MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
498	0	MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED \|
499	0	MBEDTLS_ASN1_SEQUENCE));
500
501	0	return (int) len;
502	0	}
503
504		int mbedtls_pk_write_key_der(const mbedtls_pk_context key, unsigned char buf, size_t size)
505	0	{
506	0	unsigned char *c;
507
508	0	if (size == 0) {
509	0	return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
510	0	}
511
512	0	c = buf + size;
513
514		#if defined(MBEDTLS_RSA_C)
515		if (pk_get_type_ext(key) == MBEDTLS_PK_RSA) {
516		return pk_write_rsa_der(&c, buf, key);
517		} else
518		#endif /* MBEDTLS_RSA_C */
519	0	#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
520	0	if (pk_get_type_ext(key) == MBEDTLS_PK_ECKEY) {
521		#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
522		if (mbedtls_pk_is_rfc8410(key)) {
523		return pk_write_ec_rfc8410_der(&c, buf, key);
524		}
525		#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
526	0	return pk_write_ec_der(&c, buf, key);
527	0	} else
528	0	#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
529	0	return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
530	0	}
531
532		/******************************************************************************
533		* Public functions for wrinting private/public PEM keys.
534		******************************************************************************/
535		#if defined(MBEDTLS_PEM_WRITE_C)
536
537		#define PUB_DER_MAX_BYTES \
538		(MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES > MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES ? \
539		MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES : MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES)
540		#define PRV_DER_MAX_BYTES \
541		(MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES > MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES ? \
542		MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES : MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES)
543
544		int mbedtls_pk_write_pubkey_pem(const mbedtls_pk_context key, unsigned char buf, size_t size)
545		{
546		int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
547		unsigned char *output_buf = NULL;
548		output_buf = mbedtls_calloc(1, PUB_DER_MAX_BYTES);
549		if (output_buf == NULL) {
550		return MBEDTLS_ERR_PK_ALLOC_FAILED;
551		}
552		size_t olen = 0;
553
554		if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf,
555		PUB_DER_MAX_BYTES)) < 0) {
556		goto cleanup;
557		}
558
559		if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_PUBLIC_KEY "\n", PEM_END_PUBLIC_KEY "\n",
560		output_buf + PUB_DER_MAX_BYTES - ret,
561		ret, buf, size, &olen)) != 0) {
562		goto cleanup;
563		}
564
565		ret = 0;
566		cleanup:
567		mbedtls_free(output_buf);
568		return ret;
569		}
570
571		int mbedtls_pk_write_key_pem(const mbedtls_pk_context key, unsigned char buf, size_t size)
572		{
573		int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
574		unsigned char *output_buf = NULL;
575		output_buf = mbedtls_calloc(1, PRV_DER_MAX_BYTES);
576		if (output_buf == NULL) {
577		return MBEDTLS_ERR_PK_ALLOC_FAILED;
578		}
579		const char begin, end;
580		size_t olen = 0;
581
582		if ((ret = mbedtls_pk_write_key_der(key, output_buf, PRV_DER_MAX_BYTES)) < 0) {
583		goto cleanup;
584		}
585
586		#if defined(MBEDTLS_RSA_C)
587		if (pk_get_type_ext(key) == MBEDTLS_PK_RSA) {
588		begin = PEM_BEGIN_PRIVATE_KEY_RSA "\n";
589		end = PEM_END_PRIVATE_KEY_RSA "\n";
590		} else
591		#endif
592		#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
593		if (pk_get_type_ext(key) == MBEDTLS_PK_ECKEY) {
594		if (mbedtls_pk_is_rfc8410(key)) {
595		begin = PEM_BEGIN_PRIVATE_KEY_PKCS8 "\n";
596		end = PEM_END_PRIVATE_KEY_PKCS8 "\n";
597		} else {
598		begin = PEM_BEGIN_PRIVATE_KEY_EC "\n";
599		end = PEM_END_PRIVATE_KEY_EC "\n";
600		}
601		} else
602		#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
603		{
604		ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
605		goto cleanup;
606		}
607
608		if ((ret = mbedtls_pem_write_buffer(begin, end,
609		output_buf + PRV_DER_MAX_BYTES - ret,
610		ret, buf, size, &olen)) != 0) {
611		goto cleanup;
612		}
613
614		ret = 0;
615		cleanup:
616		mbedtls_zeroize_and_free(output_buf, PRV_DER_MAX_BYTES);
617		return ret;
618		}
619		#endif /* MBEDTLS_PEM_WRITE_C */
620
621		#endif /* MBEDTLS_PK_WRITE_C */