2013-09-15 12:54:56 +00:00
|
|
|
/*
|
|
|
|
* Public Key layer for writing key files and structures
|
|
|
|
*
|
2020-08-07 11:07:28 +00:00
|
|
|
* Copyright The Mbed TLS Contributors
|
2015-09-04 12:21:07 +00:00
|
|
|
* SPDX-License-Identifier: Apache-2.0
|
2013-09-15 12:54:56 +00:00
|
|
|
*
|
2015-09-04 12:21:07 +00:00
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
|
|
* not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
2013-09-15 12:54:56 +00:00
|
|
|
*
|
2015-09-04 12:21:07 +00:00
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
2013-09-15 12:54:56 +00:00
|
|
|
*
|
2015-09-04 12:21:07 +00:00
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
2013-09-15 12:54:56 +00:00
|
|
|
*/
|
|
|
|
|
2020-06-02 23:43:33 +00:00
|
|
|
#include "common.h"
|
2013-09-15 12:54:56 +00:00
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
#if defined(MBEDTLS_PK_WRITE_C)
|
2013-09-15 12:54:56 +00:00
|
|
|
|
2015-03-09 17:05:11 +00:00
|
|
|
#include "mbedtls/pk.h"
|
|
|
|
#include "mbedtls/asn1write.h"
|
|
|
|
#include "mbedtls/oid.h"
|
2019-01-31 13:20:20 +00:00
|
|
|
#include "mbedtls/platform_util.h"
|
2019-11-22 13:21:35 +00:00
|
|
|
#include "mbedtls/error.h"
|
2013-09-15 12:54:56 +00:00
|
|
|
|
2015-02-06 13:43:58 +00:00
|
|
|
#include <string.h>
|
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
#if defined(MBEDTLS_RSA_C)
|
2015-03-09 17:05:11 +00:00
|
|
|
#include "mbedtls/rsa.h"
|
2013-09-15 12:54:56 +00:00
|
|
|
#endif
|
2015-04-08 10:49:31 +00:00
|
|
|
#if defined(MBEDTLS_ECP_C)
|
2018-08-10 22:48:44 +00:00
|
|
|
#include "mbedtls/bignum.h"
|
2015-03-09 17:05:11 +00:00
|
|
|
#include "mbedtls/ecp.h"
|
2018-08-10 22:48:44 +00:00
|
|
|
#include "mbedtls/platform_util.h"
|
2013-09-15 12:54:56 +00:00
|
|
|
#endif
|
2015-04-08 10:49:31 +00:00
|
|
|
#if defined(MBEDTLS_ECDSA_C)
|
2015-03-09 17:05:11 +00:00
|
|
|
#include "mbedtls/ecdsa.h"
|
2013-09-15 12:54:56 +00:00
|
|
|
#endif
|
2015-04-08 10:49:31 +00:00
|
|
|
#if defined(MBEDTLS_PEM_WRITE_C)
|
2015-03-09 17:05:11 +00:00
|
|
|
#include "mbedtls/pem.h"
|
2013-09-15 12:54:56 +00:00
|
|
|
#endif
|
|
|
|
|
2018-11-19 15:07:36 +00:00
|
|
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
|
|
#include "psa/crypto.h"
|
2019-02-01 11:55:03 +00:00
|
|
|
#include "mbedtls/psa_util.h"
|
2018-11-19 15:07:36 +00:00
|
|
|
#endif
|
2015-04-08 10:49:31 +00:00
|
|
|
#if defined(MBEDTLS_PLATFORM_C)
|
2015-03-09 17:05:11 +00:00
|
|
|
#include "mbedtls/platform.h"
|
2013-09-15 12:54:56 +00:00
|
|
|
#else
|
|
|
|
#include <stdlib.h>
|
2015-05-26 14:04:06 +00:00
|
|
|
#define mbedtls_calloc calloc
|
2015-04-08 10:49:31 +00:00
|
|
|
#define mbedtls_free free
|
2013-09-15 12:54:56 +00:00
|
|
|
#endif
|
|
|
|
|
2019-01-31 13:20:20 +00:00
|
|
|
/* Parameter validation macros based on platform_util.h */
|
|
|
|
#define PK_VALIDATE_RET( cond ) \
|
|
|
|
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
|
|
|
|
#define PK_VALIDATE( cond ) \
|
|
|
|
MBEDTLS_INTERNAL_VALIDATE( cond )
|
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
#if defined(MBEDTLS_RSA_C)
|
2013-09-15 12:54:56 +00:00
|
|
|
/*
|
|
|
|
* RSAPublicKey ::= SEQUENCE {
|
|
|
|
* modulus INTEGER, -- n
|
|
|
|
* publicExponent INTEGER -- e
|
|
|
|
* }
|
|
|
|
*/
|
|
|
|
static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start,
|
2017-08-23 13:07:48 +00:00
|
|
|
mbedtls_rsa_context *rsa )
|
2013-09-15 12:54:56 +00:00
|
|
|
{
|
2019-11-22 13:21:35 +00:00
|
|
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
2013-09-15 12:54:56 +00:00
|
|
|
size_t len = 0;
|
2017-08-23 11:38:27 +00:00
|
|
|
mbedtls_mpi T;
|
2013-09-15 12:54:56 +00:00
|
|
|
|
2017-08-23 11:38:27 +00:00
|
|
|
mbedtls_mpi_init( &T );
|
|
|
|
|
|
|
|
/* Export E */
|
|
|
|
if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &T ) ) != 0 ||
|
|
|
|
( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 )
|
|
|
|
goto end_of_export;
|
|
|
|
len += ret;
|
|
|
|
|
|
|
|
/* Export N */
|
|
|
|
if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, NULL, NULL, NULL ) ) != 0 ||
|
|
|
|
( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 )
|
|
|
|
goto end_of_export;
|
|
|
|
len += ret;
|
|
|
|
|
|
|
|
end_of_export:
|
|
|
|
|
|
|
|
mbedtls_mpi_free( &T );
|
|
|
|
if( ret < 0 )
|
|
|
|
return( ret );
|
2013-09-15 12:54:56 +00:00
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
|
|
|
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
|
|
|
|
MBEDTLS_ASN1_SEQUENCE ) );
|
2013-09-15 12:54:56 +00:00
|
|
|
|
2013-10-11 16:58:55 +00:00
|
|
|
return( (int) len );
|
2013-09-15 12:54:56 +00:00
|
|
|
}
|
2015-04-08 10:49:31 +00:00
|
|
|
#endif /* MBEDTLS_RSA_C */
|
2013-09-15 12:54:56 +00:00
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
#if defined(MBEDTLS_ECP_C)
|
2013-09-15 12:54:56 +00:00
|
|
|
/*
|
|
|
|
* EC public key is an EC point
|
|
|
|
*/
|
|
|
|
static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
|
2017-08-23 13:07:48 +00:00
|
|
|
mbedtls_ecp_keypair *ec )
|
2013-09-15 12:54:56 +00:00
|
|
|
{
|
2019-11-22 13:21:35 +00:00
|
|
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
2013-09-15 12:54:56 +00:00
|
|
|
size_t len = 0;
|
2015-04-08 10:49:31 +00:00
|
|
|
unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];
|
2013-09-15 12:54:56 +00:00
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
if( ( ret = mbedtls_ecp_point_write_binary( &ec->grp, &ec->Q,
|
|
|
|
MBEDTLS_ECP_PF_UNCOMPRESSED,
|
2013-09-15 12:54:56 +00:00
|
|
|
&len, buf, sizeof( buf ) ) ) != 0 )
|
|
|
|
{
|
|
|
|
return( ret );
|
|
|
|
}
|
|
|
|
|
2015-10-21 10:23:09 +00:00
|
|
|
if( *p < start || (size_t)( *p - start ) < len )
|
2015-04-08 10:49:31 +00:00
|
|
|
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
2013-09-15 12:54:56 +00:00
|
|
|
|
|
|
|
*p -= len;
|
|
|
|
memcpy( *p, buf, len );
|
|
|
|
|
2013-10-11 16:58:55 +00:00
|
|
|
return( (int) len );
|
2013-09-15 12:54:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* ECParameters ::= CHOICE {
|
|
|
|
* namedCurve OBJECT IDENTIFIER
|
|
|
|
* }
|
|
|
|
*/
|
|
|
|
static int pk_write_ec_param( unsigned char **p, unsigned char *start,
|
2017-08-23 13:07:48 +00:00
|
|
|
mbedtls_ecp_keypair *ec )
|
2013-09-15 12:54:56 +00:00
|
|
|
{
|
2019-11-22 13:21:35 +00:00
|
|
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
2013-09-15 12:54:56 +00:00
|
|
|
size_t len = 0;
|
|
|
|
const char *oid;
|
|
|
|
size_t oid_len;
|
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
if( ( ret = mbedtls_oid_get_oid_by_ec_grp( ec->grp.id, &oid, &oid_len ) ) != 0 )
|
2013-09-15 12:54:56 +00:00
|
|
|
return( ret );
|
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );
|
2013-09-15 12:54:56 +00:00
|
|
|
|
2013-10-11 16:58:55 +00:00
|
|
|
return( (int) len );
|
2013-09-15 12:54:56 +00:00
|
|
|
}
|
2018-08-10 22:48:44 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* privateKey OCTET STRING -- always of length ceil(log2(n)/8)
|
|
|
|
*/
|
|
|
|
static int pk_write_ec_private( unsigned char **p, unsigned char *start,
|
|
|
|
mbedtls_ecp_keypair *ec )
|
|
|
|
{
|
2019-11-22 13:21:35 +00:00
|
|
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
2018-08-10 22:48:44 +00:00
|
|
|
size_t byte_length = ( ec->grp.pbits + 7 ) / 8;
|
|
|
|
unsigned char tmp[MBEDTLS_ECP_MAX_BYTES];
|
|
|
|
|
2020-07-13 08:59:40 +00:00
|
|
|
ret = mbedtls_ecp_write_key( ec, tmp, byte_length );
|
2018-08-10 22:48:44 +00:00
|
|
|
if( ret != 0 )
|
|
|
|
goto exit;
|
|
|
|
ret = mbedtls_asn1_write_octet_string( p, start, tmp, byte_length );
|
|
|
|
|
|
|
|
exit:
|
|
|
|
mbedtls_platform_zeroize( tmp, byte_length );
|
|
|
|
return( ret );
|
|
|
|
}
|
2015-04-08 10:49:31 +00:00
|
|
|
#endif /* MBEDTLS_ECP_C */
|
2013-09-15 12:54:56 +00:00
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
|
2017-08-23 13:07:48 +00:00
|
|
|
const mbedtls_pk_context *key )
|
2013-09-15 12:54:56 +00:00
|
|
|
{
|
2019-11-22 13:21:35 +00:00
|
|
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
2013-09-15 12:54:56 +00:00
|
|
|
size_t len = 0;
|
|
|
|
|
2019-01-31 13:20:20 +00:00
|
|
|
PK_VALIDATE_RET( p != NULL );
|
|
|
|
PK_VALIDATE_RET( *p != NULL );
|
|
|
|
PK_VALIDATE_RET( start != NULL );
|
|
|
|
PK_VALIDATE_RET( key != NULL );
|
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
#if defined(MBEDTLS_RSA_C)
|
|
|
|
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
|
|
|
|
MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) );
|
2013-09-15 12:54:56 +00:00
|
|
|
else
|
|
|
|
#endif
|
2015-04-08 10:49:31 +00:00
|
|
|
#if defined(MBEDTLS_ECP_C)
|
|
|
|
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
|
|
|
|
MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_pubkey( p, start, mbedtls_pk_ec( *key ) ) );
|
2013-09-15 12:54:56 +00:00
|
|
|
else
|
|
|
|
#endif
|
2018-11-19 15:07:36 +00:00
|
|
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
|
|
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_OPAQUE )
|
|
|
|
{
|
2018-11-19 23:09:59 +00:00
|
|
|
size_t buffer_size;
|
2022-01-03 11:53:24 +00:00
|
|
|
mbedtls_svc_key_id_t* key_id = (mbedtls_svc_key_id_t*) key->pk_ctx;
|
2018-11-19 23:09:59 +00:00
|
|
|
|
|
|
|
if ( *p < start )
|
|
|
|
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
|
|
|
|
2018-11-20 08:03:28 +00:00
|
|
|
buffer_size = (size_t)( *p - start );
|
2020-08-04 07:51:30 +00:00
|
|
|
if ( psa_export_public_key( *key_id, start, buffer_size, &len )
|
2018-11-19 15:07:36 +00:00
|
|
|
!= PSA_SUCCESS )
|
|
|
|
{
|
2018-11-19 23:04:01 +00:00
|
|
|
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
2018-11-19 15:07:36 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2019-02-01 09:57:20 +00:00
|
|
|
*p -= len;
|
|
|
|
memmove( *p, start, len );
|
2018-11-19 15:07:36 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
2015-04-08 10:49:31 +00:00
|
|
|
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
2013-09-15 12:54:56 +00:00
|
|
|
|
2013-10-11 16:58:55 +00:00
|
|
|
return( (int) len );
|
2013-09-15 12:54:56 +00:00
|
|
|
}
|
|
|
|
|
2021-02-02 14:22:19 +00:00
|
|
|
int mbedtls_pk_write_pubkey_der( const mbedtls_pk_context *key, unsigned char *buf, size_t size )
|
2013-09-15 12:54:56 +00:00
|
|
|
{
|
2019-11-22 13:21:35 +00:00
|
|
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
2013-09-15 12:54:56 +00:00
|
|
|
unsigned char *c;
|
|
|
|
size_t len = 0, par_len = 0, oid_len;
|
Adapt mbedtls_pk_write_pubkey_der() to the new PSA public key format
Context: There are two public key writing functions in Mbed TLS. First,
mbedtls_pk_write_pubkey(), which exports a public key in the form of a
SubjectPublicKey structure containing the raw keying material
(for example, EC point coordinates for an EC public key, without
reference to the underlying curve). Secondly, mbedtls_pk_write_pubkey_der(),
which exports a public key in the form of a SubjectPublicKeyInfo structure,
wrapping the SubjectPublicKey structure by additional information
identifying the type of public key (and for ECC, e.g., it'd also contain
the ECC group identifier). The implementation of mbedtls_pk_write_pubkey_der()
calls mbedtls_pk_write_pubkey() first and then adds the corresponding
algorithm identifier wrapper.
Both of these functions need to be provided for PSA-based opaque PK contexts,
based on PSA's public key export function.
Previously, PSA used the SubjectPublicKeyInfo structure as its export format,
so mbedtls_pk_write_pubkey_der() could be easily implemented, while
mbedtls_pk_write_pubkey() would need to trim the output of the PSA export.
The previous implementation of mbedtls_pk_write_pubkey() is not quite right
because it calls PSA export doesn't do any trimming, hence exporting the large
SubjectPublicKeyInfo structure instead of the small SubjectPublicKey.
mbedtls_pk_write_pubkey_der(), in turn, immediately returns after calling
mbedtls_pk_write_pubkey(), hence also returning the SubjectPublicKeyInfo
structure, which is correct.
By now, the PSA public key export format has changed to the smaller
SubjectPublicKey structure. This means that, now, mbedtls_pk_write_pubkey()
can be implemented by just calling the PSA export, and that
mbedtls_pk_write_pubkey_der() needs to add the algorithm information around
it, just as in the other types of PK contexts. While not correct for the
old format, the existing code for mbedtls_pk_write_pubkey() is therefore
correct for the new PSA public key format, and needs no change apart from
the missing pointer shift in the last commit.
The implementation of mbedtls_pk_write_pubkey_der() needs a special code
path for PSA-based opaque PK contexts, as the PK context only contains
the PSA key handle, and the PSA API needs to be used to extract the
underlying EC curve to be able to write the AlgorithmParameter structure
that's part of the SubjectPublicKeyInfo structure.
That's what this commit does, (hopefully) making both
mbedtls_pk_write_pubkey() and mbedtls_pk_write_pubkey_der() export
the correctly formatted public key based on the new PSA public key format.
2019-02-01 10:07:07 +00:00
|
|
|
mbedtls_pk_type_t pk_type;
|
2013-09-15 12:54:56 +00:00
|
|
|
const char *oid;
|
|
|
|
|
2019-01-31 13:20:20 +00:00
|
|
|
PK_VALIDATE_RET( key != NULL );
|
|
|
|
if( size == 0 )
|
|
|
|
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
|
|
|
PK_VALIDATE_RET( buf != NULL );
|
|
|
|
|
2013-09-15 12:54:56 +00:00
|
|
|
c = buf + size;
|
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, key ) );
|
2013-09-15 12:54:56 +00:00
|
|
|
|
|
|
|
if( c - buf < 1 )
|
2015-04-08 10:49:31 +00:00
|
|
|
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
2013-09-15 12:54:56 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* SubjectPublicKeyInfo ::= SEQUENCE {
|
|
|
|
* algorithm AlgorithmIdentifier,
|
|
|
|
* subjectPublicKey BIT STRING }
|
|
|
|
*/
|
|
|
|
*--c = 0;
|
|
|
|
len += 1;
|
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
|
|
|
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) );
|
2013-09-15 12:54:56 +00:00
|
|
|
|
Adapt mbedtls_pk_write_pubkey_der() to the new PSA public key format
Context: There are two public key writing functions in Mbed TLS. First,
mbedtls_pk_write_pubkey(), which exports a public key in the form of a
SubjectPublicKey structure containing the raw keying material
(for example, EC point coordinates for an EC public key, without
reference to the underlying curve). Secondly, mbedtls_pk_write_pubkey_der(),
which exports a public key in the form of a SubjectPublicKeyInfo structure,
wrapping the SubjectPublicKey structure by additional information
identifying the type of public key (and for ECC, e.g., it'd also contain
the ECC group identifier). The implementation of mbedtls_pk_write_pubkey_der()
calls mbedtls_pk_write_pubkey() first and then adds the corresponding
algorithm identifier wrapper.
Both of these functions need to be provided for PSA-based opaque PK contexts,
based on PSA's public key export function.
Previously, PSA used the SubjectPublicKeyInfo structure as its export format,
so mbedtls_pk_write_pubkey_der() could be easily implemented, while
mbedtls_pk_write_pubkey() would need to trim the output of the PSA export.
The previous implementation of mbedtls_pk_write_pubkey() is not quite right
because it calls PSA export doesn't do any trimming, hence exporting the large
SubjectPublicKeyInfo structure instead of the small SubjectPublicKey.
mbedtls_pk_write_pubkey_der(), in turn, immediately returns after calling
mbedtls_pk_write_pubkey(), hence also returning the SubjectPublicKeyInfo
structure, which is correct.
By now, the PSA public key export format has changed to the smaller
SubjectPublicKey structure. This means that, now, mbedtls_pk_write_pubkey()
can be implemented by just calling the PSA export, and that
mbedtls_pk_write_pubkey_der() needs to add the algorithm information around
it, just as in the other types of PK contexts. While not correct for the
old format, the existing code for mbedtls_pk_write_pubkey() is therefore
correct for the new PSA public key format, and needs no change apart from
the missing pointer shift in the last commit.
The implementation of mbedtls_pk_write_pubkey_der() needs a special code
path for PSA-based opaque PK contexts, as the PK context only contains
the PSA key handle, and the PSA API needs to be used to extract the
underlying EC curve to be able to write the AlgorithmParameter structure
that's part of the SubjectPublicKeyInfo structure.
That's what this commit does, (hopefully) making both
mbedtls_pk_write_pubkey() and mbedtls_pk_write_pubkey_der() export
the correctly formatted public key based on the new PSA public key format.
2019-02-01 10:07:07 +00:00
|
|
|
pk_type = mbedtls_pk_get_type( key );
|
2015-04-08 10:49:31 +00:00
|
|
|
#if defined(MBEDTLS_ECP_C)
|
Adapt mbedtls_pk_write_pubkey_der() to the new PSA public key format
Context: There are two public key writing functions in Mbed TLS. First,
mbedtls_pk_write_pubkey(), which exports a public key in the form of a
SubjectPublicKey structure containing the raw keying material
(for example, EC point coordinates for an EC public key, without
reference to the underlying curve). Secondly, mbedtls_pk_write_pubkey_der(),
which exports a public key in the form of a SubjectPublicKeyInfo structure,
wrapping the SubjectPublicKey structure by additional information
identifying the type of public key (and for ECC, e.g., it'd also contain
the ECC group identifier). The implementation of mbedtls_pk_write_pubkey_der()
calls mbedtls_pk_write_pubkey() first and then adds the corresponding
algorithm identifier wrapper.
Both of these functions need to be provided for PSA-based opaque PK contexts,
based on PSA's public key export function.
Previously, PSA used the SubjectPublicKeyInfo structure as its export format,
so mbedtls_pk_write_pubkey_der() could be easily implemented, while
mbedtls_pk_write_pubkey() would need to trim the output of the PSA export.
The previous implementation of mbedtls_pk_write_pubkey() is not quite right
because it calls PSA export doesn't do any trimming, hence exporting the large
SubjectPublicKeyInfo structure instead of the small SubjectPublicKey.
mbedtls_pk_write_pubkey_der(), in turn, immediately returns after calling
mbedtls_pk_write_pubkey(), hence also returning the SubjectPublicKeyInfo
structure, which is correct.
By now, the PSA public key export format has changed to the smaller
SubjectPublicKey structure. This means that, now, mbedtls_pk_write_pubkey()
can be implemented by just calling the PSA export, and that
mbedtls_pk_write_pubkey_der() needs to add the algorithm information around
it, just as in the other types of PK contexts. While not correct for the
old format, the existing code for mbedtls_pk_write_pubkey() is therefore
correct for the new PSA public key format, and needs no change apart from
the missing pointer shift in the last commit.
The implementation of mbedtls_pk_write_pubkey_der() needs a special code
path for PSA-based opaque PK contexts, as the PK context only contains
the PSA key handle, and the PSA API needs to be used to extract the
underlying EC curve to be able to write the AlgorithmParameter structure
that's part of the SubjectPublicKeyInfo structure.
That's what this commit does, (hopefully) making both
mbedtls_pk_write_pubkey() and mbedtls_pk_write_pubkey_der() export
the correctly formatted public key based on the new PSA public key format.
2019-02-01 10:07:07 +00:00
|
|
|
if( pk_type == MBEDTLS_PK_ECKEY )
|
2013-09-15 12:54:56 +00:00
|
|
|
{
|
2015-04-08 10:49:31 +00:00
|
|
|
MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, mbedtls_pk_ec( *key ) ) );
|
2013-09-15 12:54:56 +00:00
|
|
|
}
|
|
|
|
#endif
|
Adapt mbedtls_pk_write_pubkey_der() to the new PSA public key format
Context: There are two public key writing functions in Mbed TLS. First,
mbedtls_pk_write_pubkey(), which exports a public key in the form of a
SubjectPublicKey structure containing the raw keying material
(for example, EC point coordinates for an EC public key, without
reference to the underlying curve). Secondly, mbedtls_pk_write_pubkey_der(),
which exports a public key in the form of a SubjectPublicKeyInfo structure,
wrapping the SubjectPublicKey structure by additional information
identifying the type of public key (and for ECC, e.g., it'd also contain
the ECC group identifier). The implementation of mbedtls_pk_write_pubkey_der()
calls mbedtls_pk_write_pubkey() first and then adds the corresponding
algorithm identifier wrapper.
Both of these functions need to be provided for PSA-based opaque PK contexts,
based on PSA's public key export function.
Previously, PSA used the SubjectPublicKeyInfo structure as its export format,
so mbedtls_pk_write_pubkey_der() could be easily implemented, while
mbedtls_pk_write_pubkey() would need to trim the output of the PSA export.
The previous implementation of mbedtls_pk_write_pubkey() is not quite right
because it calls PSA export doesn't do any trimming, hence exporting the large
SubjectPublicKeyInfo structure instead of the small SubjectPublicKey.
mbedtls_pk_write_pubkey_der(), in turn, immediately returns after calling
mbedtls_pk_write_pubkey(), hence also returning the SubjectPublicKeyInfo
structure, which is correct.
By now, the PSA public key export format has changed to the smaller
SubjectPublicKey structure. This means that, now, mbedtls_pk_write_pubkey()
can be implemented by just calling the PSA export, and that
mbedtls_pk_write_pubkey_der() needs to add the algorithm information around
it, just as in the other types of PK contexts. While not correct for the
old format, the existing code for mbedtls_pk_write_pubkey() is therefore
correct for the new PSA public key format, and needs no change apart from
the missing pointer shift in the last commit.
The implementation of mbedtls_pk_write_pubkey_der() needs a special code
path for PSA-based opaque PK contexts, as the PK context only contains
the PSA key handle, and the PSA API needs to be used to extract the
underlying EC curve to be able to write the AlgorithmParameter structure
that's part of the SubjectPublicKeyInfo structure.
That's what this commit does, (hopefully) making both
mbedtls_pk_write_pubkey() and mbedtls_pk_write_pubkey_der() export
the correctly formatted public key based on the new PSA public key format.
2019-02-01 10:07:07 +00:00
|
|
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
|
|
if( pk_type == MBEDTLS_PK_OPAQUE )
|
|
|
|
{
|
2019-05-27 12:53:13 +00:00
|
|
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
Adapt mbedtls_pk_write_pubkey_der() to the new PSA public key format
Context: There are two public key writing functions in Mbed TLS. First,
mbedtls_pk_write_pubkey(), which exports a public key in the form of a
SubjectPublicKey structure containing the raw keying material
(for example, EC point coordinates for an EC public key, without
reference to the underlying curve). Secondly, mbedtls_pk_write_pubkey_der(),
which exports a public key in the form of a SubjectPublicKeyInfo structure,
wrapping the SubjectPublicKey structure by additional information
identifying the type of public key (and for ECC, e.g., it'd also contain
the ECC group identifier). The implementation of mbedtls_pk_write_pubkey_der()
calls mbedtls_pk_write_pubkey() first and then adds the corresponding
algorithm identifier wrapper.
Both of these functions need to be provided for PSA-based opaque PK contexts,
based on PSA's public key export function.
Previously, PSA used the SubjectPublicKeyInfo structure as its export format,
so mbedtls_pk_write_pubkey_der() could be easily implemented, while
mbedtls_pk_write_pubkey() would need to trim the output of the PSA export.
The previous implementation of mbedtls_pk_write_pubkey() is not quite right
because it calls PSA export doesn't do any trimming, hence exporting the large
SubjectPublicKeyInfo structure instead of the small SubjectPublicKey.
mbedtls_pk_write_pubkey_der(), in turn, immediately returns after calling
mbedtls_pk_write_pubkey(), hence also returning the SubjectPublicKeyInfo
structure, which is correct.
By now, the PSA public key export format has changed to the smaller
SubjectPublicKey structure. This means that, now, mbedtls_pk_write_pubkey()
can be implemented by just calling the PSA export, and that
mbedtls_pk_write_pubkey_der() needs to add the algorithm information around
it, just as in the other types of PK contexts. While not correct for the
old format, the existing code for mbedtls_pk_write_pubkey() is therefore
correct for the new PSA public key format, and needs no change apart from
the missing pointer shift in the last commit.
The implementation of mbedtls_pk_write_pubkey_der() needs a special code
path for PSA-based opaque PK contexts, as the PK context only contains
the PSA key handle, and the PSA API needs to be used to extract the
underlying EC curve to be able to write the AlgorithmParameter structure
that's part of the SubjectPublicKeyInfo structure.
That's what this commit does, (hopefully) making both
mbedtls_pk_write_pubkey() and mbedtls_pk_write_pubkey_der() export
the correctly formatted public key based on the new PSA public key format.
2019-02-01 10:07:07 +00:00
|
|
|
psa_key_type_t key_type;
|
2022-01-03 11:53:24 +00:00
|
|
|
mbedtls_svc_key_id_t key_id;
|
2020-06-02 16:19:28 +00:00
|
|
|
psa_ecc_family_t curve;
|
2019-12-03 20:19:09 +00:00
|
|
|
size_t bits;
|
Adapt mbedtls_pk_write_pubkey_der() to the new PSA public key format
Context: There are two public key writing functions in Mbed TLS. First,
mbedtls_pk_write_pubkey(), which exports a public key in the form of a
SubjectPublicKey structure containing the raw keying material
(for example, EC point coordinates for an EC public key, without
reference to the underlying curve). Secondly, mbedtls_pk_write_pubkey_der(),
which exports a public key in the form of a SubjectPublicKeyInfo structure,
wrapping the SubjectPublicKey structure by additional information
identifying the type of public key (and for ECC, e.g., it'd also contain
the ECC group identifier). The implementation of mbedtls_pk_write_pubkey_der()
calls mbedtls_pk_write_pubkey() first and then adds the corresponding
algorithm identifier wrapper.
Both of these functions need to be provided for PSA-based opaque PK contexts,
based on PSA's public key export function.
Previously, PSA used the SubjectPublicKeyInfo structure as its export format,
so mbedtls_pk_write_pubkey_der() could be easily implemented, while
mbedtls_pk_write_pubkey() would need to trim the output of the PSA export.
The previous implementation of mbedtls_pk_write_pubkey() is not quite right
because it calls PSA export doesn't do any trimming, hence exporting the large
SubjectPublicKeyInfo structure instead of the small SubjectPublicKey.
mbedtls_pk_write_pubkey_der(), in turn, immediately returns after calling
mbedtls_pk_write_pubkey(), hence also returning the SubjectPublicKeyInfo
structure, which is correct.
By now, the PSA public key export format has changed to the smaller
SubjectPublicKey structure. This means that, now, mbedtls_pk_write_pubkey()
can be implemented by just calling the PSA export, and that
mbedtls_pk_write_pubkey_der() needs to add the algorithm information around
it, just as in the other types of PK contexts. While not correct for the
old format, the existing code for mbedtls_pk_write_pubkey() is therefore
correct for the new PSA public key format, and needs no change apart from
the missing pointer shift in the last commit.
The implementation of mbedtls_pk_write_pubkey_der() needs a special code
path for PSA-based opaque PK contexts, as the PK context only contains
the PSA key handle, and the PSA API needs to be used to extract the
underlying EC curve to be able to write the AlgorithmParameter structure
that's part of the SubjectPublicKeyInfo structure.
That's what this commit does, (hopefully) making both
mbedtls_pk_write_pubkey() and mbedtls_pk_write_pubkey_der() export
the correctly formatted public key based on the new PSA public key format.
2019-02-01 10:07:07 +00:00
|
|
|
|
2022-01-03 11:53:24 +00:00
|
|
|
key_id = *((mbedtls_svc_key_id_t*) key->pk_ctx );
|
2020-08-04 07:51:30 +00:00
|
|
|
if( PSA_SUCCESS != psa_get_key_attributes( key_id, &attributes ) )
|
2021-04-13 12:28:28 +00:00
|
|
|
return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
|
2019-05-27 12:53:13 +00:00
|
|
|
key_type = psa_get_key_type( &attributes );
|
2019-12-03 20:19:09 +00:00
|
|
|
bits = psa_get_key_bits( &attributes );
|
2019-05-27 12:53:13 +00:00
|
|
|
psa_reset_key_attributes( &attributes );
|
Adapt mbedtls_pk_write_pubkey_der() to the new PSA public key format
Context: There are two public key writing functions in Mbed TLS. First,
mbedtls_pk_write_pubkey(), which exports a public key in the form of a
SubjectPublicKey structure containing the raw keying material
(for example, EC point coordinates for an EC public key, without
reference to the underlying curve). Secondly, mbedtls_pk_write_pubkey_der(),
which exports a public key in the form of a SubjectPublicKeyInfo structure,
wrapping the SubjectPublicKey structure by additional information
identifying the type of public key (and for ECC, e.g., it'd also contain
the ECC group identifier). The implementation of mbedtls_pk_write_pubkey_der()
calls mbedtls_pk_write_pubkey() first and then adds the corresponding
algorithm identifier wrapper.
Both of these functions need to be provided for PSA-based opaque PK contexts,
based on PSA's public key export function.
Previously, PSA used the SubjectPublicKeyInfo structure as its export format,
so mbedtls_pk_write_pubkey_der() could be easily implemented, while
mbedtls_pk_write_pubkey() would need to trim the output of the PSA export.
The previous implementation of mbedtls_pk_write_pubkey() is not quite right
because it calls PSA export doesn't do any trimming, hence exporting the large
SubjectPublicKeyInfo structure instead of the small SubjectPublicKey.
mbedtls_pk_write_pubkey_der(), in turn, immediately returns after calling
mbedtls_pk_write_pubkey(), hence also returning the SubjectPublicKeyInfo
structure, which is correct.
By now, the PSA public key export format has changed to the smaller
SubjectPublicKey structure. This means that, now, mbedtls_pk_write_pubkey()
can be implemented by just calling the PSA export, and that
mbedtls_pk_write_pubkey_der() needs to add the algorithm information around
it, just as in the other types of PK contexts. While not correct for the
old format, the existing code for mbedtls_pk_write_pubkey() is therefore
correct for the new PSA public key format, and needs no change apart from
the missing pointer shift in the last commit.
The implementation of mbedtls_pk_write_pubkey_der() needs a special code
path for PSA-based opaque PK contexts, as the PK context only contains
the PSA key handle, and the PSA API needs to be used to extract the
underlying EC curve to be able to write the AlgorithmParameter structure
that's part of the SubjectPublicKeyInfo structure.
That's what this commit does, (hopefully) making both
mbedtls_pk_write_pubkey() and mbedtls_pk_write_pubkey_der() export
the correctly formatted public key based on the new PSA public key format.
2019-02-01 10:07:07 +00:00
|
|
|
|
2020-06-02 16:19:28 +00:00
|
|
|
curve = PSA_KEY_TYPE_ECC_GET_FAMILY( key_type );
|
Adapt mbedtls_pk_write_pubkey_der() to the new PSA public key format
Context: There are two public key writing functions in Mbed TLS. First,
mbedtls_pk_write_pubkey(), which exports a public key in the form of a
SubjectPublicKey structure containing the raw keying material
(for example, EC point coordinates for an EC public key, without
reference to the underlying curve). Secondly, mbedtls_pk_write_pubkey_der(),
which exports a public key in the form of a SubjectPublicKeyInfo structure,
wrapping the SubjectPublicKey structure by additional information
identifying the type of public key (and for ECC, e.g., it'd also contain
the ECC group identifier). The implementation of mbedtls_pk_write_pubkey_der()
calls mbedtls_pk_write_pubkey() first and then adds the corresponding
algorithm identifier wrapper.
Both of these functions need to be provided for PSA-based opaque PK contexts,
based on PSA's public key export function.
Previously, PSA used the SubjectPublicKeyInfo structure as its export format,
so mbedtls_pk_write_pubkey_der() could be easily implemented, while
mbedtls_pk_write_pubkey() would need to trim the output of the PSA export.
The previous implementation of mbedtls_pk_write_pubkey() is not quite right
because it calls PSA export doesn't do any trimming, hence exporting the large
SubjectPublicKeyInfo structure instead of the small SubjectPublicKey.
mbedtls_pk_write_pubkey_der(), in turn, immediately returns after calling
mbedtls_pk_write_pubkey(), hence also returning the SubjectPublicKeyInfo
structure, which is correct.
By now, the PSA public key export format has changed to the smaller
SubjectPublicKey structure. This means that, now, mbedtls_pk_write_pubkey()
can be implemented by just calling the PSA export, and that
mbedtls_pk_write_pubkey_der() needs to add the algorithm information around
it, just as in the other types of PK contexts. While not correct for the
old format, the existing code for mbedtls_pk_write_pubkey() is therefore
correct for the new PSA public key format, and needs no change apart from
the missing pointer shift in the last commit.
The implementation of mbedtls_pk_write_pubkey_der() needs a special code
path for PSA-based opaque PK contexts, as the PK context only contains
the PSA key handle, and the PSA API needs to be used to extract the
underlying EC curve to be able to write the AlgorithmParameter structure
that's part of the SubjectPublicKeyInfo structure.
That's what this commit does, (hopefully) making both
mbedtls_pk_write_pubkey() and mbedtls_pk_write_pubkey_der() export
the correctly formatted public key based on the new PSA public key format.
2019-02-01 10:07:07 +00:00
|
|
|
if( curve == 0 )
|
|
|
|
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
|
|
|
|
2019-12-03 20:19:09 +00:00
|
|
|
ret = mbedtls_psa_get_ecc_oid_from_id( curve, bits, &oid, &oid_len );
|
Adapt mbedtls_pk_write_pubkey_der() to the new PSA public key format
Context: There are two public key writing functions in Mbed TLS. First,
mbedtls_pk_write_pubkey(), which exports a public key in the form of a
SubjectPublicKey structure containing the raw keying material
(for example, EC point coordinates for an EC public key, without
reference to the underlying curve). Secondly, mbedtls_pk_write_pubkey_der(),
which exports a public key in the form of a SubjectPublicKeyInfo structure,
wrapping the SubjectPublicKey structure by additional information
identifying the type of public key (and for ECC, e.g., it'd also contain
the ECC group identifier). The implementation of mbedtls_pk_write_pubkey_der()
calls mbedtls_pk_write_pubkey() first and then adds the corresponding
algorithm identifier wrapper.
Both of these functions need to be provided for PSA-based opaque PK contexts,
based on PSA's public key export function.
Previously, PSA used the SubjectPublicKeyInfo structure as its export format,
so mbedtls_pk_write_pubkey_der() could be easily implemented, while
mbedtls_pk_write_pubkey() would need to trim the output of the PSA export.
The previous implementation of mbedtls_pk_write_pubkey() is not quite right
because it calls PSA export doesn't do any trimming, hence exporting the large
SubjectPublicKeyInfo structure instead of the small SubjectPublicKey.
mbedtls_pk_write_pubkey_der(), in turn, immediately returns after calling
mbedtls_pk_write_pubkey(), hence also returning the SubjectPublicKeyInfo
structure, which is correct.
By now, the PSA public key export format has changed to the smaller
SubjectPublicKey structure. This means that, now, mbedtls_pk_write_pubkey()
can be implemented by just calling the PSA export, and that
mbedtls_pk_write_pubkey_der() needs to add the algorithm information around
it, just as in the other types of PK contexts. While not correct for the
old format, the existing code for mbedtls_pk_write_pubkey() is therefore
correct for the new PSA public key format, and needs no change apart from
the missing pointer shift in the last commit.
The implementation of mbedtls_pk_write_pubkey_der() needs a special code
path for PSA-based opaque PK contexts, as the PK context only contains
the PSA key handle, and the PSA API needs to be used to extract the
underlying EC curve to be able to write the AlgorithmParameter structure
that's part of the SubjectPublicKeyInfo structure.
That's what this commit does, (hopefully) making both
mbedtls_pk_write_pubkey() and mbedtls_pk_write_pubkey_der() export
the correctly formatted public key based on the new PSA public key format.
2019-02-01 10:07:07 +00:00
|
|
|
if( ret != 0 )
|
|
|
|
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
|
|
|
|
|
|
|
/* Write EC algorithm parameters; that's akin
|
|
|
|
* to pk_write_ec_param() above. */
|
|
|
|
MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_oid( &c, buf,
|
|
|
|
oid, oid_len ) );
|
|
|
|
|
|
|
|
/* The rest of the function works as for legacy EC contexts. */
|
|
|
|
pk_type = MBEDTLS_PK_ECKEY;
|
|
|
|
}
|
|
|
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
|
|
|
|
|
|
|
if( ( ret = mbedtls_oid_get_oid_by_pk_alg( pk_type, &oid,
|
|
|
|
&oid_len ) ) != 0 )
|
|
|
|
{
|
|
|
|
return( ret );
|
|
|
|
}
|
2013-09-15 12:54:56 +00:00
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, buf, oid, oid_len,
|
2013-09-15 12:54:56 +00:00
|
|
|
par_len ) );
|
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
|
|
|
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
|
|
|
|
MBEDTLS_ASN1_SEQUENCE ) );
|
2013-09-15 12:54:56 +00:00
|
|
|
|
2013-10-11 16:58:55 +00:00
|
|
|
return( (int) len );
|
2013-09-15 12:54:56 +00:00
|
|
|
}
|
|
|
|
|
2021-02-02 14:22:19 +00:00
|
|
|
int mbedtls_pk_write_key_der( const mbedtls_pk_context *key, unsigned char *buf, size_t size )
|
2013-09-15 12:54:56 +00:00
|
|
|
{
|
2019-11-22 13:21:35 +00:00
|
|
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
2019-01-31 13:20:20 +00:00
|
|
|
unsigned char *c;
|
2013-09-15 12:54:56 +00:00
|
|
|
size_t len = 0;
|
|
|
|
|
2019-01-31 13:20:20 +00:00
|
|
|
PK_VALIDATE_RET( key != NULL );
|
|
|
|
if( size == 0 )
|
|
|
|
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
|
|
|
PK_VALIDATE_RET( buf != NULL );
|
|
|
|
|
|
|
|
c = buf + size;
|
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
#if defined(MBEDTLS_RSA_C)
|
|
|
|
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
|
2013-09-15 12:54:56 +00:00
|
|
|
{
|
2017-08-23 11:38:27 +00:00
|
|
|
mbedtls_mpi T; /* Temporary holding the exported parameters */
|
2015-04-08 10:49:31 +00:00
|
|
|
mbedtls_rsa_context *rsa = mbedtls_pk_rsa( *key );
|
|
|
|
|
2017-08-23 11:38:27 +00:00
|
|
|
/*
|
|
|
|
* Export the parameters one after another to avoid simultaneous copies.
|
|
|
|
*/
|
2015-04-08 10:49:31 +00:00
|
|
|
|
2017-08-23 11:38:27 +00:00
|
|
|
mbedtls_mpi_init( &T );
|
|
|
|
|
|
|
|
/* Export QP */
|
|
|
|
if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, NULL, &T ) ) != 0 ||
|
|
|
|
( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
|
|
|
|
goto end_of_export;
|
|
|
|
len += ret;
|
|
|
|
|
|
|
|
/* Export DQ */
|
|
|
|
if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, &T, NULL ) ) != 0 ||
|
|
|
|
( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
|
|
|
|
goto end_of_export;
|
|
|
|
len += ret;
|
|
|
|
|
|
|
|
/* Export DP */
|
|
|
|
if( ( ret = mbedtls_rsa_export_crt( rsa, &T, NULL, NULL ) ) != 0 ||
|
|
|
|
( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
|
|
|
|
goto end_of_export;
|
|
|
|
len += ret;
|
|
|
|
|
|
|
|
/* Export Q */
|
2017-08-23 05:32:42 +00:00
|
|
|
if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
|
|
|
|
&T, NULL, NULL ) ) != 0 ||
|
2017-08-23 11:38:27 +00:00
|
|
|
( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
|
|
|
|
goto end_of_export;
|
|
|
|
len += ret;
|
|
|
|
|
|
|
|
/* Export P */
|
2017-08-23 05:32:42 +00:00
|
|
|
if ( ( ret = mbedtls_rsa_export( rsa, NULL, &T,
|
|
|
|
NULL, NULL, NULL ) ) != 0 ||
|
2017-08-23 11:38:27 +00:00
|
|
|
( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
|
|
|
|
goto end_of_export;
|
|
|
|
len += ret;
|
|
|
|
|
|
|
|
/* Export D */
|
2017-08-23 05:32:42 +00:00
|
|
|
if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
|
|
|
|
NULL, &T, NULL ) ) != 0 ||
|
2017-08-23 11:38:27 +00:00
|
|
|
( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
|
|
|
|
goto end_of_export;
|
|
|
|
len += ret;
|
|
|
|
|
|
|
|
/* Export E */
|
2017-08-23 05:32:42 +00:00
|
|
|
if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
|
|
|
|
NULL, NULL, &T ) ) != 0 ||
|
2017-08-23 11:38:27 +00:00
|
|
|
( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
|
|
|
|
goto end_of_export;
|
|
|
|
len += ret;
|
|
|
|
|
|
|
|
/* Export N */
|
2017-08-23 05:32:42 +00:00
|
|
|
if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL,
|
|
|
|
NULL, NULL, NULL ) ) != 0 ||
|
2017-08-23 11:38:27 +00:00
|
|
|
( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
|
|
|
|
goto end_of_export;
|
|
|
|
len += ret;
|
|
|
|
|
|
|
|
end_of_export:
|
|
|
|
|
|
|
|
mbedtls_mpi_free( &T );
|
|
|
|
if( ret < 0 )
|
|
|
|
return( ret );
|
|
|
|
|
|
|
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) );
|
2015-04-08 10:49:31 +00:00
|
|
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
|
2017-08-23 05:32:42 +00:00
|
|
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c,
|
|
|
|
buf, MBEDTLS_ASN1_CONSTRUCTED |
|
|
|
|
MBEDTLS_ASN1_SEQUENCE ) );
|
2013-09-15 12:54:56 +00:00
|
|
|
}
|
|
|
|
else
|
2015-04-08 10:49:31 +00:00
|
|
|
#endif /* MBEDTLS_RSA_C */
|
|
|
|
#if defined(MBEDTLS_ECP_C)
|
|
|
|
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
|
2013-09-15 12:54:56 +00:00
|
|
|
{
|
2015-04-08 10:49:31 +00:00
|
|
|
mbedtls_ecp_keypair *ec = mbedtls_pk_ec( *key );
|
2013-09-15 12:54:56 +00:00
|
|
|
size_t pub_len = 0, par_len = 0;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* RFC 5915, or SEC1 Appendix C.4
|
|
|
|
*
|
|
|
|
* ECPrivateKey ::= SEQUENCE {
|
|
|
|
* version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
|
|
|
|
* privateKey OCTET STRING,
|
|
|
|
* parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
|
|
|
|
* publicKey [1] BIT STRING OPTIONAL
|
|
|
|
* }
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* publicKey */
|
2015-04-08 10:49:31 +00:00
|
|
|
MBEDTLS_ASN1_CHK_ADD( pub_len, pk_write_ec_pubkey( &c, buf, ec ) );
|
2013-09-15 12:54:56 +00:00
|
|
|
|
|
|
|
if( c - buf < 1 )
|
2015-04-08 10:49:31 +00:00
|
|
|
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
2013-09-15 12:54:56 +00:00
|
|
|
*--c = 0;
|
|
|
|
pub_len += 1;
|
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) );
|
|
|
|
MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) );
|
2013-09-15 12:54:56 +00:00
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) );
|
|
|
|
MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf,
|
|
|
|
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) );
|
2013-09-15 12:54:56 +00:00
|
|
|
len += pub_len;
|
|
|
|
|
|
|
|
/* parameters */
|
2015-04-08 10:49:31 +00:00
|
|
|
MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, ec ) );
|
2013-09-15 12:54:56 +00:00
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_len( &c, buf, par_len ) );
|
|
|
|
MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_tag( &c, buf,
|
|
|
|
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
|
2013-09-15 12:54:56 +00:00
|
|
|
len += par_len;
|
|
|
|
|
2018-08-10 22:48:44 +00:00
|
|
|
/* privateKey */
|
|
|
|
MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_private( &c, buf, ec ) );
|
2013-09-15 12:54:56 +00:00
|
|
|
|
|
|
|
/* version */
|
2015-04-08 10:49:31 +00:00
|
|
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 1 ) );
|
2013-09-15 12:54:56 +00:00
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
|
|
|
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
|
|
|
|
MBEDTLS_ASN1_SEQUENCE ) );
|
2013-09-15 12:54:56 +00:00
|
|
|
}
|
|
|
|
else
|
2015-04-08 10:49:31 +00:00
|
|
|
#endif /* MBEDTLS_ECP_C */
|
|
|
|
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
2013-09-15 12:54:56 +00:00
|
|
|
|
2013-10-11 16:58:55 +00:00
|
|
|
return( (int) len );
|
2013-09-15 12:54:56 +00:00
|
|
|
}
|
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
#if defined(MBEDTLS_PEM_WRITE_C)
|
2013-09-15 12:54:56 +00:00
|
|
|
|
|
|
|
#define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----\n"
|
|
|
|
#define PEM_END_PUBLIC_KEY "-----END PUBLIC KEY-----\n"
|
|
|
|
|
|
|
|
#define PEM_BEGIN_PRIVATE_KEY_RSA "-----BEGIN RSA PRIVATE KEY-----\n"
|
|
|
|
#define PEM_END_PRIVATE_KEY_RSA "-----END RSA PRIVATE KEY-----\n"
|
|
|
|
#define PEM_BEGIN_PRIVATE_KEY_EC "-----BEGIN EC PRIVATE KEY-----\n"
|
|
|
|
#define PEM_END_PRIVATE_KEY_EC "-----END EC PRIVATE KEY-----\n"
|
|
|
|
|
2014-07-21 14:37:15 +00:00
|
|
|
/*
|
|
|
|
* Max sizes of key per types. Shown as tag + len (+ content).
|
|
|
|
*/
|
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
#if defined(MBEDTLS_RSA_C)
|
2014-07-21 14:37:15 +00:00
|
|
|
/*
|
|
|
|
* RSA public keys:
|
|
|
|
* SubjectPublicKeyInfo ::= SEQUENCE { 1 + 3
|
|
|
|
* algorithm AlgorithmIdentifier, 1 + 1 (sequence)
|
|
|
|
* + 1 + 1 + 9 (rsa oid)
|
|
|
|
* + 1 + 1 (params null)
|
|
|
|
* subjectPublicKey BIT STRING } 1 + 3 + (1 + below)
|
|
|
|
* RSAPublicKey ::= SEQUENCE { 1 + 3
|
|
|
|
* modulus INTEGER, -- n 1 + 3 + MPI_MAX + 1
|
|
|
|
* publicExponent INTEGER -- e 1 + 3 + MPI_MAX + 1
|
|
|
|
* }
|
|
|
|
*/
|
2021-02-01 13:26:08 +00:00
|
|
|
#define RSA_PUB_DER_MAX_BYTES ( 38 + 2 * MBEDTLS_MPI_MAX_SIZE )
|
2014-07-21 14:37:15 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* RSA private keys:
|
|
|
|
* RSAPrivateKey ::= SEQUENCE { 1 + 3
|
|
|
|
* version Version, 1 + 1 + 1
|
|
|
|
* modulus INTEGER, 1 + 3 + MPI_MAX + 1
|
|
|
|
* publicExponent INTEGER, 1 + 3 + MPI_MAX + 1
|
|
|
|
* privateExponent INTEGER, 1 + 3 + MPI_MAX + 1
|
|
|
|
* prime1 INTEGER, 1 + 3 + MPI_MAX / 2 + 1
|
|
|
|
* prime2 INTEGER, 1 + 3 + MPI_MAX / 2 + 1
|
|
|
|
* exponent1 INTEGER, 1 + 3 + MPI_MAX / 2 + 1
|
|
|
|
* exponent2 INTEGER, 1 + 3 + MPI_MAX / 2 + 1
|
|
|
|
* coefficient INTEGER, 1 + 3 + MPI_MAX / 2 + 1
|
|
|
|
* otherPrimeInfos OtherPrimeInfos OPTIONAL 0 (not supported)
|
|
|
|
* }
|
|
|
|
*/
|
2021-02-01 13:23:30 +00:00
|
|
|
#define MPI_MAX_SIZE_2 ( MBEDTLS_MPI_MAX_SIZE / 2 + \
|
|
|
|
MBEDTLS_MPI_MAX_SIZE % 2 )
|
2021-02-01 13:26:08 +00:00
|
|
|
#define RSA_PRV_DER_MAX_BYTES ( 47 + 3 * MBEDTLS_MPI_MAX_SIZE \
|
|
|
|
+ 5 * MPI_MAX_SIZE_2 )
|
2014-07-21 14:37:15 +00:00
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
#else /* MBEDTLS_RSA_C */
|
2014-07-21 14:37:15 +00:00
|
|
|
|
|
|
|
#define RSA_PUB_DER_MAX_BYTES 0
|
|
|
|
#define RSA_PRV_DER_MAX_BYTES 0
|
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
#endif /* MBEDTLS_RSA_C */
|
2014-07-21 14:37:15 +00:00
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
#if defined(MBEDTLS_ECP_C)
|
2014-07-21 14:37:15 +00:00
|
|
|
/*
|
|
|
|
* EC public keys:
|
|
|
|
* SubjectPublicKeyInfo ::= SEQUENCE { 1 + 2
|
|
|
|
* algorithm AlgorithmIdentifier, 1 + 1 (sequence)
|
|
|
|
* + 1 + 1 + 7 (ec oid)
|
|
|
|
* + 1 + 1 + 9 (namedCurve oid)
|
|
|
|
* subjectPublicKey BIT STRING 1 + 2 + 1 [1]
|
|
|
|
* + 1 (point format) [1]
|
|
|
|
* + 2 * ECP_MAX (coords) [1]
|
|
|
|
* }
|
|
|
|
*/
|
2021-02-01 13:26:08 +00:00
|
|
|
#define ECP_PUB_DER_MAX_BYTES ( 30 + 2 * MBEDTLS_ECP_MAX_BYTES )
|
2014-07-21 14:37:15 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* EC private keys:
|
|
|
|
* ECPrivateKey ::= SEQUENCE { 1 + 2
|
|
|
|
* version INTEGER , 1 + 1 + 1
|
|
|
|
* privateKey OCTET STRING, 1 + 1 + ECP_MAX
|
|
|
|
* parameters [0] ECParameters OPTIONAL, 1 + 1 + (1 + 1 + 9)
|
|
|
|
* publicKey [1] BIT STRING OPTIONAL 1 + 2 + [1] above
|
|
|
|
* }
|
|
|
|
*/
|
2021-02-01 13:26:08 +00:00
|
|
|
#define ECP_PRV_DER_MAX_BYTES ( 29 + 3 * MBEDTLS_ECP_MAX_BYTES )
|
2014-07-21 14:37:15 +00:00
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
#else /* MBEDTLS_ECP_C */
|
2014-07-21 14:37:15 +00:00
|
|
|
|
|
|
|
#define ECP_PUB_DER_MAX_BYTES 0
|
|
|
|
#define ECP_PRV_DER_MAX_BYTES 0
|
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
#endif /* MBEDTLS_ECP_C */
|
2014-07-21 14:37:15 +00:00
|
|
|
|
2021-02-01 13:26:08 +00:00
|
|
|
#define PUB_DER_MAX_BYTES ( RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \
|
|
|
|
RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES )
|
|
|
|
#define PRV_DER_MAX_BYTES ( RSA_PRV_DER_MAX_BYTES > ECP_PRV_DER_MAX_BYTES ? \
|
|
|
|
RSA_PRV_DER_MAX_BYTES : ECP_PRV_DER_MAX_BYTES )
|
2014-07-21 14:37:15 +00:00
|
|
|
|
2021-02-02 14:22:19 +00:00
|
|
|
int mbedtls_pk_write_pubkey_pem( const mbedtls_pk_context *key, unsigned char *buf, size_t size )
|
2013-09-15 12:54:56 +00:00
|
|
|
{
|
2019-11-22 13:21:35 +00:00
|
|
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
2014-07-21 14:37:15 +00:00
|
|
|
unsigned char output_buf[PUB_DER_MAX_BYTES];
|
2013-09-15 18:03:26 +00:00
|
|
|
size_t olen = 0;
|
2013-09-15 12:54:56 +00:00
|
|
|
|
2019-01-31 13:20:20 +00:00
|
|
|
PK_VALIDATE_RET( key != NULL );
|
|
|
|
PK_VALIDATE_RET( buf != NULL || size == 0 );
|
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf,
|
2013-09-15 18:03:26 +00:00
|
|
|
sizeof(output_buf) ) ) < 0 )
|
2013-09-15 12:54:56 +00:00
|
|
|
{
|
|
|
|
return( ret );
|
|
|
|
}
|
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY,
|
2013-09-15 12:54:56 +00:00
|
|
|
output_buf + sizeof(output_buf) - ret,
|
2013-09-15 18:03:26 +00:00
|
|
|
ret, buf, size, &olen ) ) != 0 )
|
2013-09-15 12:54:56 +00:00
|
|
|
{
|
|
|
|
return( ret );
|
|
|
|
}
|
|
|
|
|
|
|
|
return( 0 );
|
|
|
|
}
|
|
|
|
|
2021-02-02 14:22:19 +00:00
|
|
|
int mbedtls_pk_write_key_pem( const mbedtls_pk_context *key, unsigned char *buf, size_t size )
|
2013-09-15 12:54:56 +00:00
|
|
|
{
|
2019-11-22 13:21:35 +00:00
|
|
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
2014-07-21 14:37:15 +00:00
|
|
|
unsigned char output_buf[PRV_DER_MAX_BYTES];
|
2013-10-11 07:36:52 +00:00
|
|
|
const char *begin, *end;
|
2013-09-15 18:03:26 +00:00
|
|
|
size_t olen = 0;
|
2013-09-15 12:54:56 +00:00
|
|
|
|
2019-01-31 13:20:20 +00:00
|
|
|
PK_VALIDATE_RET( key != NULL );
|
|
|
|
PK_VALIDATE_RET( buf != NULL || size == 0 );
|
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
if( ( ret = mbedtls_pk_write_key_der( key, output_buf, sizeof(output_buf) ) ) < 0 )
|
2013-09-15 12:54:56 +00:00
|
|
|
return( ret );
|
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
#if defined(MBEDTLS_RSA_C)
|
|
|
|
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
|
2013-09-15 12:54:56 +00:00
|
|
|
{
|
|
|
|
begin = PEM_BEGIN_PRIVATE_KEY_RSA;
|
|
|
|
end = PEM_END_PRIVATE_KEY_RSA;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
#endif
|
2015-04-08 10:49:31 +00:00
|
|
|
#if defined(MBEDTLS_ECP_C)
|
|
|
|
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
|
2013-09-15 12:54:56 +00:00
|
|
|
{
|
|
|
|
begin = PEM_BEGIN_PRIVATE_KEY_EC;
|
|
|
|
end = PEM_END_PRIVATE_KEY_EC;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
#endif
|
2015-04-08 10:49:31 +00:00
|
|
|
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
2013-09-15 12:54:56 +00:00
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
if( ( ret = mbedtls_pem_write_buffer( begin, end,
|
2013-09-15 12:54:56 +00:00
|
|
|
output_buf + sizeof(output_buf) - ret,
|
2013-09-15 18:03:26 +00:00
|
|
|
ret, buf, size, &olen ) ) != 0 )
|
2013-09-15 12:54:56 +00:00
|
|
|
{
|
|
|
|
return( ret );
|
|
|
|
}
|
|
|
|
|
|
|
|
return( 0 );
|
|
|
|
}
|
2015-04-08 10:49:31 +00:00
|
|
|
#endif /* MBEDTLS_PEM_WRITE_C */
|
2013-09-15 12:54:56 +00:00
|
|
|
|
2015-04-08 10:49:31 +00:00
|
|
|
#endif /* MBEDTLS_PK_WRITE_C */
|