/src/openthread/third_party/mbedtls/repo/library/pkwrite.c
Line | Count | Source |
1 | | /* |
2 | | * Public Key layer for writing key files and structures |
3 | | * |
4 | | * Copyright The Mbed TLS Contributors |
5 | | * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later |
6 | | */ |
7 | | |
8 | | #include "common.h" |
9 | | |
10 | | #if defined(MBEDTLS_PK_WRITE_C) |
11 | | |
12 | | #include "mbedtls/pk.h" |
13 | | #include "mbedtls/asn1write.h" |
14 | | #include "mbedtls/oid.h" |
15 | | #include "mbedtls/platform_util.h" |
16 | | #include "mbedtls/error.h" |
17 | | #include "pk_internal.h" |
18 | | |
19 | | #include <string.h> |
20 | | |
21 | | #if defined(MBEDTLS_ECP_C) |
22 | | #include "mbedtls/bignum.h" |
23 | | #include "mbedtls/ecp.h" |
24 | | #include "mbedtls/platform_util.h" |
25 | | #endif |
26 | | #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) |
27 | | #include "pk_internal.h" |
28 | | #endif |
29 | | #if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_HAVE_ECC_KEYS) |
30 | | #include "pkwrite.h" |
31 | | #endif |
32 | | #if defined(MBEDTLS_PEM_WRITE_C) |
33 | | #include "mbedtls/pem.h" |
34 | | #endif |
35 | | #if defined(MBEDTLS_RSA_C) |
36 | | #include "rsa_internal.h" |
37 | | #endif |
38 | | |
39 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
40 | | #include "psa/crypto.h" |
41 | | #include "psa_util_internal.h" |
42 | | #endif |
43 | | #include "mbedtls/platform.h" |
44 | | |
45 | | /* Helpers for properly sizing buffers aimed at holding public keys or |
46 | | * key-pairs based on build symbols. */ |
47 | | #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) |
48 | | #define PK_MAX_EC_PUBLIC_KEY_SIZE PSA_EXPORT_PUBLIC_KEY_MAX_SIZE |
49 | | #define PK_MAX_EC_KEY_PAIR_SIZE MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH |
50 | | #elif defined(MBEDTLS_USE_PSA_CRYPTO) |
51 | | #define PK_MAX_EC_PUBLIC_KEY_SIZE PSA_EXPORT_PUBLIC_KEY_MAX_SIZE |
52 | | #define PK_MAX_EC_KEY_PAIR_SIZE MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH |
53 | | #else |
54 | | #define PK_MAX_EC_PUBLIC_KEY_SIZE MBEDTLS_ECP_MAX_PT_LEN |
55 | | #define PK_MAX_EC_KEY_PAIR_SIZE MBEDTLS_ECP_MAX_BYTES |
56 | | #endif |
57 | | |
58 | | /****************************************************************************** |
59 | | * Internal functions for RSA keys. |
60 | | ******************************************************************************/ |
61 | | #if defined(MBEDTLS_RSA_C) |
62 | | static int pk_write_rsa_der(unsigned char **p, unsigned char *buf, |
63 | | const mbedtls_pk_context *pk) |
64 | | { |
65 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
66 | | if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { |
67 | | uint8_t tmp[PSA_EXPORT_KEY_PAIR_MAX_SIZE]; |
68 | | size_t tmp_len = 0; |
69 | | |
70 | | if (psa_export_key(pk->priv_id, tmp, sizeof(tmp), &tmp_len) != PSA_SUCCESS) { |
71 | | return MBEDTLS_ERR_PK_BAD_INPUT_DATA; |
72 | | } |
73 | | /* Ensure there's enough space in the provided buffer before copying data into it. */ |
74 | | if (tmp_len > (size_t) (*p - buf)) { |
75 | | mbedtls_platform_zeroize(tmp, sizeof(tmp)); |
76 | | return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; |
77 | | } |
78 | | *p -= tmp_len; |
79 | | memcpy(*p, tmp, tmp_len); |
80 | | mbedtls_platform_zeroize(tmp, sizeof(tmp)); |
81 | | |
82 | | return (int) tmp_len; |
83 | | } |
84 | | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
85 | | return mbedtls_rsa_write_key(mbedtls_pk_rsa(*pk), buf, p); |
86 | | } |
87 | | #endif /* MBEDTLS_RSA_C */ |
88 | | |
89 | | /****************************************************************************** |
90 | | * Internal functions for EC keys. |
91 | | ******************************************************************************/ |
92 | | #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) |
93 | | #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) |
94 | | static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, |
95 | | const mbedtls_pk_context *pk) |
96 | | { |
97 | | size_t len = 0; |
98 | | uint8_t buf[PK_MAX_EC_PUBLIC_KEY_SIZE]; |
99 | | |
100 | | if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { |
101 | | if (psa_export_public_key(pk->priv_id, buf, sizeof(buf), &len) != PSA_SUCCESS) { |
102 | | return MBEDTLS_ERR_PK_BAD_INPUT_DATA; |
103 | | } |
104 | | } else { |
105 | | len = pk->pub_raw_len; |
106 | | memcpy(buf, pk->pub_raw, len); |
107 | | } |
108 | | |
109 | | if (*p < start || (size_t) (*p - start) < len) { |
110 | | return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; |
111 | | } |
112 | | |
113 | | *p -= len; |
114 | | memcpy(*p, buf, len); |
115 | | |
116 | | return (int) len; |
117 | | } |
118 | | #else /* MBEDTLS_PK_USE_PSA_EC_DATA */ |
119 | | static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, |
120 | | const mbedtls_pk_context *pk) |
121 | 0 | { |
122 | 0 | size_t len = 0; |
123 | 0 | unsigned char buf[PK_MAX_EC_PUBLIC_KEY_SIZE]; |
124 | 0 | mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*pk); |
125 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
126 | |
|
127 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
128 | | if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { |
129 | | if (psa_export_public_key(pk->priv_id, buf, sizeof(buf), &len) != PSA_SUCCESS) { |
130 | | return MBEDTLS_ERR_PK_BAD_INPUT_DATA; |
131 | | } |
132 | | /* Ensure there's enough space in the provided buffer before copying data into it. */ |
133 | | if (len > (size_t) (*p - start)) { |
134 | | return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; |
135 | | } |
136 | | *p -= len; |
137 | | memcpy(*p, buf, len); |
138 | | return (int) len; |
139 | | } else |
140 | | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
141 | 0 | { |
142 | 0 | if ((ret = mbedtls_ecp_point_write_binary(&ec->grp, &ec->Q, |
143 | 0 | MBEDTLS_ECP_PF_UNCOMPRESSED, |
144 | 0 | &len, buf, sizeof(buf))) != 0) { |
145 | 0 | return ret; |
146 | 0 | } |
147 | 0 | } |
148 | | |
149 | 0 | if (*p < start || (size_t) (*p - start) < len) { |
150 | 0 | return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; |
151 | 0 | } |
152 | | |
153 | 0 | *p -= len; |
154 | 0 | memcpy(*p, buf, len); |
155 | |
|
156 | 0 | return (int) len; |
157 | 0 | } |
158 | | #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ |
159 | | |
160 | | /* |
161 | | * privateKey OCTET STRING -- always of length ceil(log2(n)/8) |
162 | | */ |
163 | | #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) |
164 | | static int pk_write_ec_private(unsigned char **p, unsigned char *start, |
165 | | const mbedtls_pk_context *pk) |
166 | | { |
167 | | size_t byte_length; |
168 | | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
169 | | unsigned char tmp[PK_MAX_EC_KEY_PAIR_SIZE]; |
170 | | psa_status_t status; |
171 | | |
172 | | if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { |
173 | | status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length); |
174 | | if (status != PSA_SUCCESS) { |
175 | | ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status); |
176 | | return ret; |
177 | | } |
178 | | } else { |
179 | | status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length); |
180 | | if (status != PSA_SUCCESS) { |
181 | | ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status); |
182 | | goto exit; |
183 | | } |
184 | | } |
185 | | |
186 | | ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length); |
187 | | exit: |
188 | | mbedtls_platform_zeroize(tmp, sizeof(tmp)); |
189 | | return ret; |
190 | | } |
191 | | #else /* MBEDTLS_PK_USE_PSA_EC_DATA */ |
192 | | static int pk_write_ec_private(unsigned char **p, unsigned char *start, |
193 | | const mbedtls_pk_context *pk) |
194 | 0 | { |
195 | 0 | size_t byte_length; |
196 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
197 | 0 | unsigned char tmp[PK_MAX_EC_KEY_PAIR_SIZE]; |
198 | |
|
199 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
200 | | psa_status_t status; |
201 | | if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { |
202 | | status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length); |
203 | | if (status != PSA_SUCCESS) { |
204 | | ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status); |
205 | | return ret; |
206 | | } |
207 | | } else |
208 | | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
209 | 0 | { |
210 | 0 | mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); |
211 | 0 | byte_length = (ec->grp.pbits + 7) / 8; |
212 | |
|
213 | 0 | ret = mbedtls_ecp_write_key_ext(ec, &byte_length, tmp, sizeof(tmp)); |
214 | 0 | if (ret != 0) { |
215 | 0 | goto exit; |
216 | 0 | } |
217 | 0 | } |
218 | 0 | ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length); |
219 | 0 | exit: |
220 | 0 | mbedtls_platform_zeroize(tmp, sizeof(tmp)); |
221 | 0 | return ret; |
222 | 0 | } |
223 | | #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ |
224 | | |
225 | | /* |
226 | | * ECParameters ::= CHOICE { |
227 | | * namedCurve OBJECT IDENTIFIER |
228 | | * } |
229 | | */ |
230 | | static int pk_write_ec_param(unsigned char **p, unsigned char *start, |
231 | | mbedtls_ecp_group_id grp_id) |
232 | 0 | { |
233 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
234 | 0 | size_t len = 0; |
235 | 0 | const char *oid; |
236 | 0 | size_t oid_len; |
237 | |
|
238 | 0 | if ((ret = mbedtls_oid_get_oid_by_ec_grp(grp_id, &oid, &oid_len)) != 0) { |
239 | 0 | return ret; |
240 | 0 | } |
241 | | |
242 | 0 | MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len)); |
243 | | |
244 | 0 | return (int) len; |
245 | 0 | } |
246 | | |
247 | | #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) |
248 | | /* |
249 | | * RFC8410 section 7 |
250 | | * |
251 | | * OneAsymmetricKey ::= SEQUENCE { |
252 | | * version Version, |
253 | | * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, |
254 | | * privateKey PrivateKey, |
255 | | * attributes [0] IMPLICIT Attributes OPTIONAL, |
256 | | * ..., |
257 | | * [[2: publicKey [1] IMPLICIT PublicKey OPTIONAL ]], |
258 | | * ... |
259 | | * } |
260 | | * ... |
261 | | * CurvePrivateKey ::= OCTET STRING |
262 | | */ |
263 | | static int pk_write_ec_rfc8410_der(unsigned char **p, unsigned char *buf, |
264 | | const mbedtls_pk_context *pk) |
265 | | { |
266 | | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
267 | | size_t len = 0; |
268 | | size_t oid_len = 0; |
269 | | const char *oid; |
270 | | mbedtls_ecp_group_id grp_id; |
271 | | |
272 | | /* privateKey */ |
273 | | MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk)); |
274 | | MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len)); |
275 | | MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_OCTET_STRING)); |
276 | | |
277 | | grp_id = mbedtls_pk_get_ec_group_id(pk); |
278 | | /* privateKeyAlgorithm */ |
279 | | if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(grp_id, &oid, &oid_len)) != 0) { |
280 | | return ret; |
281 | | } |
282 | | MBEDTLS_ASN1_CHK_ADD(len, |
283 | | mbedtls_asn1_write_algorithm_identifier_ext(p, buf, oid, oid_len, 0, 0)); |
284 | | |
285 | | /* version */ |
286 | | MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 0)); |
287 | | |
288 | | MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len)); |
289 | | MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONSTRUCTED | |
290 | | MBEDTLS_ASN1_SEQUENCE)); |
291 | | |
292 | | return (int) len; |
293 | | } |
294 | | #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ |
295 | | |
296 | | /* |
297 | | * RFC 5915, or SEC1 Appendix C.4 |
298 | | * |
299 | | * ECPrivateKey ::= SEQUENCE { |
300 | | * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), |
301 | | * privateKey OCTET STRING, |
302 | | * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, |
303 | | * publicKey [1] BIT STRING OPTIONAL |
304 | | * } |
305 | | */ |
306 | | static int pk_write_ec_der(unsigned char **p, unsigned char *buf, |
307 | | const mbedtls_pk_context *pk) |
308 | 0 | { |
309 | 0 | size_t len = 0; |
310 | 0 | int ret; |
311 | 0 | size_t pub_len = 0, par_len = 0; |
312 | 0 | mbedtls_ecp_group_id grp_id; |
313 | | |
314 | | /* publicKey */ |
315 | 0 | MBEDTLS_ASN1_CHK_ADD(pub_len, pk_write_ec_pubkey(p, buf, pk)); |
316 | | |
317 | 0 | if (*p - buf < 1) { |
318 | 0 | return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; |
319 | 0 | } |
320 | 0 | (*p)--; |
321 | 0 | **p = 0; |
322 | 0 | pub_len += 1; |
323 | |
|
324 | 0 | MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(p, buf, pub_len)); |
325 | 0 | MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_BIT_STRING)); |
326 | | |
327 | 0 | MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(p, buf, pub_len)); |
328 | 0 | MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(p, buf, |
329 | 0 | MBEDTLS_ASN1_CONTEXT_SPECIFIC | |
330 | 0 | MBEDTLS_ASN1_CONSTRUCTED | 1)); |
331 | 0 | len += pub_len; |
332 | | |
333 | | /* parameters */ |
334 | 0 | grp_id = mbedtls_pk_get_ec_group_id(pk); |
335 | 0 | MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(p, buf, grp_id)); |
336 | 0 | MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_len(p, buf, par_len)); |
337 | 0 | MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_tag(p, buf, |
338 | 0 | MBEDTLS_ASN1_CONTEXT_SPECIFIC | |
339 | 0 | MBEDTLS_ASN1_CONSTRUCTED | 0)); |
340 | 0 | len += par_len; |
341 | | |
342 | | /* privateKey */ |
343 | 0 | MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk)); |
344 | | |
345 | | /* version */ |
346 | 0 | MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 1)); |
347 | | |
348 | 0 | MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len)); |
349 | 0 | MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONSTRUCTED | |
350 | 0 | MBEDTLS_ASN1_SEQUENCE)); |
351 | | |
352 | 0 | return (int) len; |
353 | 0 | } |
354 | | #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ |
355 | | |
356 | | /****************************************************************************** |
357 | | * Internal functions for Opaque keys. |
358 | | ******************************************************************************/ |
359 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
360 | | static int pk_write_opaque_pubkey(unsigned char **p, unsigned char *start, |
361 | | const mbedtls_pk_context *pk) |
362 | | { |
363 | | size_t buffer_size; |
364 | | size_t len = 0; |
365 | | |
366 | | if (*p < start) { |
367 | | return MBEDTLS_ERR_PK_BAD_INPUT_DATA; |
368 | | } |
369 | | |
370 | | buffer_size = (size_t) (*p - start); |
371 | | if (psa_export_public_key(pk->priv_id, start, buffer_size, |
372 | | &len) != PSA_SUCCESS) { |
373 | | return MBEDTLS_ERR_PK_BAD_INPUT_DATA; |
374 | | } |
375 | | |
376 | | *p -= len; |
377 | | memmove(*p, start, len); |
378 | | |
379 | | return (int) len; |
380 | | } |
381 | | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
382 | | |
383 | | /****************************************************************************** |
384 | | * Generic helpers |
385 | | ******************************************************************************/ |
386 | | |
387 | | /* Extend the public mbedtls_pk_get_type() by getting key type also in case of |
388 | | * opaque keys. */ |
389 | | static mbedtls_pk_type_t pk_get_type_ext(const mbedtls_pk_context *pk) |
390 | 0 | { |
391 | 0 | mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(pk); |
392 | |
|
393 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
394 | | if (pk_type == MBEDTLS_PK_OPAQUE) { |
395 | | psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT; |
396 | | psa_key_type_t opaque_key_type; |
397 | | |
398 | | if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) { |
399 | | return MBEDTLS_PK_NONE; |
400 | | } |
401 | | opaque_key_type = psa_get_key_type(&opaque_attrs); |
402 | | psa_reset_key_attributes(&opaque_attrs); |
403 | | |
404 | | if (PSA_KEY_TYPE_IS_ECC(opaque_key_type)) { |
405 | | return MBEDTLS_PK_ECKEY; |
406 | | } else if (PSA_KEY_TYPE_IS_RSA(opaque_key_type)) { |
407 | | return MBEDTLS_PK_RSA; |
408 | | } else { |
409 | | return MBEDTLS_PK_NONE; |
410 | | } |
411 | | } else |
412 | | #endif |
413 | 0 | return pk_type; |
414 | 0 | } |
415 | | |
416 | | /****************************************************************************** |
417 | | * Public functions for writing private/public DER keys. |
418 | | ******************************************************************************/ |
419 | | int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, |
420 | | const mbedtls_pk_context *key) |
421 | 0 | { |
422 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
423 | 0 | size_t len = 0; |
424 | |
|
425 | | #if defined(MBEDTLS_RSA_C) |
426 | | if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) { |
427 | | MBEDTLS_ASN1_CHK_ADD(len, mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(*key), start, p)); |
428 | | } else |
429 | | #endif |
430 | 0 | #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) |
431 | 0 | if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { |
432 | 0 | MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, key)); |
433 | 0 | } else |
434 | 0 | #endif |
435 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
436 | | if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) { |
437 | | MBEDTLS_ASN1_CHK_ADD(len, pk_write_opaque_pubkey(p, start, key)); |
438 | | } else |
439 | | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
440 | 0 | return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; |
441 | | |
442 | 0 | return (int) len; |
443 | 0 | } |
444 | | |
445 | | int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *buf, size_t size) |
446 | 0 | { |
447 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
448 | 0 | unsigned char *c; |
449 | 0 | int has_par = 1; |
450 | 0 | size_t len = 0, par_len = 0, oid_len = 0; |
451 | 0 | mbedtls_pk_type_t pk_type; |
452 | 0 | const char *oid = NULL; |
453 | |
|
454 | 0 | if (size == 0) { |
455 | 0 | return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; |
456 | 0 | } |
457 | | |
458 | 0 | c = buf + size; |
459 | |
|
460 | 0 | MBEDTLS_ASN1_CHK_ADD(len, mbedtls_pk_write_pubkey(&c, buf, key)); |
461 | | |
462 | 0 | if (c - buf < 1) { |
463 | 0 | return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; |
464 | 0 | } |
465 | | |
466 | | /* |
467 | | * SubjectPublicKeyInfo ::= SEQUENCE { |
468 | | * algorithm AlgorithmIdentifier, |
469 | | * subjectPublicKey BIT STRING } |
470 | | */ |
471 | 0 | *--c = 0; |
472 | 0 | len += 1; |
473 | |
|
474 | 0 | MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); |
475 | 0 | MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING)); |
476 | | |
477 | 0 | pk_type = pk_get_type_ext(key); |
478 | |
|
479 | 0 | #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) |
480 | 0 | if (pk_get_type_ext(key) == MBEDTLS_PK_ECKEY) { |
481 | 0 | mbedtls_ecp_group_id ec_grp_id = mbedtls_pk_get_ec_group_id(key); |
482 | 0 | if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) { |
483 | 0 | ret = mbedtls_oid_get_oid_by_ec_grp_algid(ec_grp_id, &oid, &oid_len); |
484 | 0 | if (ret != 0) { |
485 | 0 | return ret; |
486 | 0 | } |
487 | 0 | has_par = 0; |
488 | 0 | } else { |
489 | 0 | MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, ec_grp_id)); |
490 | 0 | } |
491 | 0 | } |
492 | 0 | #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ |
493 | | |
494 | | /* At this point oid_len is not null only for EC Montgomery keys. */ |
495 | 0 | if (oid_len == 0) { |
496 | 0 | ret = mbedtls_oid_get_oid_by_pk_alg(pk_type, &oid, &oid_len); |
497 | 0 | if (ret != 0) { |
498 | 0 | return ret; |
499 | 0 | } |
500 | 0 | } |
501 | | |
502 | 0 | MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier_ext(&c, buf, oid, oid_len, |
503 | 0 | par_len, has_par)); |
504 | | |
505 | 0 | MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); |
506 | 0 | MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED | |
507 | 0 | MBEDTLS_ASN1_SEQUENCE)); |
508 | | |
509 | 0 | return (int) len; |
510 | 0 | } |
511 | | |
512 | | int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, size_t size) |
513 | 0 | { |
514 | 0 | unsigned char *c; |
515 | |
|
516 | 0 | if (size == 0) { |
517 | 0 | return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; |
518 | 0 | } |
519 | | |
520 | 0 | c = buf + size; |
521 | |
|
522 | | #if defined(MBEDTLS_RSA_C) |
523 | | if (pk_get_type_ext(key) == MBEDTLS_PK_RSA) { |
524 | | return pk_write_rsa_der(&c, buf, key); |
525 | | } else |
526 | | #endif /* MBEDTLS_RSA_C */ |
527 | 0 | #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) |
528 | 0 | if (pk_get_type_ext(key) == MBEDTLS_PK_ECKEY) { |
529 | | #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) |
530 | | if (mbedtls_pk_is_rfc8410(key)) { |
531 | | return pk_write_ec_rfc8410_der(&c, buf, key); |
532 | | } |
533 | | #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ |
534 | 0 | return pk_write_ec_der(&c, buf, key); |
535 | 0 | } else |
536 | 0 | #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ |
537 | 0 | return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; |
538 | 0 | } |
539 | | |
540 | | /****************************************************************************** |
541 | | * Public functions for wrinting private/public PEM keys. |
542 | | ******************************************************************************/ |
543 | | #if defined(MBEDTLS_PEM_WRITE_C) |
544 | | |
545 | | #define PUB_DER_MAX_BYTES \ |
546 | | (MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES > MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES ? \ |
547 | | MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES : MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES) |
548 | | #define PRV_DER_MAX_BYTES \ |
549 | | (MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES > MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES ? \ |
550 | | MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES : MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES) |
551 | | |
552 | | int mbedtls_pk_write_pubkey_pem(const mbedtls_pk_context *key, unsigned char *buf, size_t size) |
553 | | { |
554 | | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
555 | | unsigned char *output_buf = NULL; |
556 | | output_buf = mbedtls_calloc(1, PUB_DER_MAX_BYTES); |
557 | | if (output_buf == NULL) { |
558 | | return MBEDTLS_ERR_PK_ALLOC_FAILED; |
559 | | } |
560 | | size_t olen = 0; |
561 | | |
562 | | if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf, |
563 | | PUB_DER_MAX_BYTES)) < 0) { |
564 | | goto cleanup; |
565 | | } |
566 | | |
567 | | if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_PUBLIC_KEY "\n", PEM_END_PUBLIC_KEY "\n", |
568 | | output_buf + PUB_DER_MAX_BYTES - ret, |
569 | | ret, buf, size, &olen)) != 0) { |
570 | | goto cleanup; |
571 | | } |
572 | | |
573 | | ret = 0; |
574 | | cleanup: |
575 | | mbedtls_free(output_buf); |
576 | | return ret; |
577 | | } |
578 | | |
579 | | int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, size_t size) |
580 | | { |
581 | | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
582 | | unsigned char *output_buf = NULL; |
583 | | output_buf = mbedtls_calloc(1, PRV_DER_MAX_BYTES); |
584 | | if (output_buf == NULL) { |
585 | | return MBEDTLS_ERR_PK_ALLOC_FAILED; |
586 | | } |
587 | | const char *begin, *end; |
588 | | size_t olen = 0; |
589 | | |
590 | | if ((ret = mbedtls_pk_write_key_der(key, output_buf, PRV_DER_MAX_BYTES)) < 0) { |
591 | | goto cleanup; |
592 | | } |
593 | | |
594 | | #if defined(MBEDTLS_RSA_C) |
595 | | if (pk_get_type_ext(key) == MBEDTLS_PK_RSA) { |
596 | | begin = PEM_BEGIN_PRIVATE_KEY_RSA "\n"; |
597 | | end = PEM_END_PRIVATE_KEY_RSA "\n"; |
598 | | } else |
599 | | #endif |
600 | | #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) |
601 | | if (pk_get_type_ext(key) == MBEDTLS_PK_ECKEY) { |
602 | | if (mbedtls_pk_is_rfc8410(key)) { |
603 | | begin = PEM_BEGIN_PRIVATE_KEY_PKCS8 "\n"; |
604 | | end = PEM_END_PRIVATE_KEY_PKCS8 "\n"; |
605 | | } else { |
606 | | begin = PEM_BEGIN_PRIVATE_KEY_EC "\n"; |
607 | | end = PEM_END_PRIVATE_KEY_EC "\n"; |
608 | | } |
609 | | } else |
610 | | #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ |
611 | | { |
612 | | ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; |
613 | | goto cleanup; |
614 | | } |
615 | | |
616 | | if ((ret = mbedtls_pem_write_buffer(begin, end, |
617 | | output_buf + PRV_DER_MAX_BYTES - ret, |
618 | | ret, buf, size, &olen)) != 0) { |
619 | | goto cleanup; |
620 | | } |
621 | | |
622 | | ret = 0; |
623 | | cleanup: |
624 | | mbedtls_zeroize_and_free(output_buf, PRV_DER_MAX_BYTES); |
625 | | return ret; |
626 | | } |
627 | | #endif /* MBEDTLS_PEM_WRITE_C */ |
628 | | |
629 | | #endif /* MBEDTLS_PK_WRITE_C */ |