Commit c7bb02be authored by Paul Bakker's avatar Paul Bakker
Browse files

Moved PK key writing from X509 module to PK module

parent 1a7550ac
......@@ -405,35 +405,33 @@ int pk_parse_key( pk_context *ctx,
const unsigned char *key, size_t keylen,
const unsigned char *pwd, size_t pwdlen );
#if defined(POLARSSL_FS_IO)
/** \ingroup x509_module */
/**
* \brief Load and parse a private key
* \brief Parse a public key
*
* \param ctx key to be initialized
* \param path filename to read the private key from
* \param password password to decrypt the file (can be NULL)
* \param key input buffer
* \param keylen size of the buffer
*
* \return 0 if successful, or a specific PK or PEM error code
*/
int pk_parse_keyfile( pk_context *ctx,
const char *path, const char *password );
#endif /* POLARSSL_FS_IO */
int pk_parse_public_key( pk_context *ctx,
const unsigned char *key, size_t keylen );
#if defined(POLARSSL_FS_IO)
/** \ingroup x509_module */
/**
* \brief Parse a public key
* \brief Load and parse a private key
*
* \param ctx key to be initialized
* \param key input buffer
* \param keylen size of the buffer
* \param path filename to read the private key from
* \param password password to decrypt the file (can be NULL)
*
* \return 0 if successful, or a specific PK or PEM error code
*/
int pk_parse_public_key( pk_context *ctx,
const unsigned char *key, size_t keylen );
int pk_parse_keyfile( pk_context *ctx,
const char *path, const char *password );
#if defined(POLARSSL_FS_IO)
/** \ingroup x509_module */
/**
* \brief Load and parse a public key
......@@ -446,6 +444,65 @@ int pk_parse_public_key( pk_context *ctx,
int pk_parse_public_keyfile( pk_context *ctx, const char *path );
#endif /* POLARSSL_FS_IO */
/**
* \brief Write a private key to a PKCS#1 or SEC1 DER structure
* Note: data is written at the end of the buffer! Use the
* return value to determine where you should start
* using the buffer
*
* \param key private to write away
* \param buf buffer to write to
* \param size size of the buffer
*
* \return length of data written if successful, or a specific
* error code
*/
int pk_write_key_der( pk_context *pk, unsigned char *buf, size_t size );
/**
* \brief Write a public key to a SubjectPublicKeyInfo DER structure
* Note: data is written at the end of the buffer! Use the
* return value to determine where you should start
* using the buffer
*
* \param key public key to write away
* \param buf buffer to write to
* \param size size of the buffer
*
* \return length of data written if successful, or a specific
* error code
*/
int pk_write_pubkey_der( pk_context *key, unsigned char *buf, size_t size );
#if defined(POLARSSL_BASE64_C)
/**
* \brief Write a public key to a PEM string
*
* \param key public key to write away
* \param buf buffer to write to
* \param size size of the buffer
*
* \return 0 successful, or a specific error code
*/
int pk_write_pubkey_pem( pk_context *key, unsigned char *buf, size_t size );
/**
* \brief Write a private key to a PKCS#1 or SEC1 PEM string
*
* \param key private to write away
* \param buf buffer to write to
* \param size size of the buffer
*
* \return 0 successful, or a specific error code
*/
int pk_write_key_pem( pk_context *key, unsigned char *buf, size_t size );
#endif /* POLARSSL_BASE64_C */
/*
* WARNING: Low-level functions. You probably do not want to use these unless
* you are certain you do ;)
*/
/**
* \brief Parse a SubjectPublicKeyInfo DER structure
*
......@@ -458,6 +515,19 @@ int pk_parse_public_keyfile( pk_context *ctx, const char *path );
int pk_parse_get_pubkey( unsigned char **p, const unsigned char *end,
pk_context *pk );
/**
* \brief Write a subjectPublicKey to ASN.1 data
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param key public key to write away
*
* \return the length written or a negative error code
*/
int pk_write_pubkey( unsigned char **p, unsigned char *start,
const pk_context *key );
#ifdef __cplusplus
}
#endif
......
......@@ -389,36 +389,6 @@ int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
/**
* \brief Write a public key to a DER structure
* Note: data is written at the end of the buffer! Use the
* return value to determine where you should start
* using the buffer
*
* \param key public key to write away
* \param buf buffer to write to
* \param size size of the buffer
*
* \return length of data written if successful, or a specific
* error code
*/
int x509write_pubkey_der( pk_context *key, unsigned char *buf, size_t size );
/**
* \brief Write a private key to a PKCS#1 or SEC1 DER structure
* Note: data is written at the end of the buffer! Use the
* return value to determine where you should start
* using the buffer
*
* \param key private to write away
* \param buf buffer to write to
* \param size size of the buffer
*
* \return length of data written if successful, or a specific
* error code
*/
int x509write_key_der( pk_context *pk, unsigned char *buf, size_t size );
/**
* \brief Write a CSR (Certificate Signing Request) to a
* DER structure
......@@ -465,28 +435,6 @@ int x509write_crt_pem( x509write_cert *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
/**
* \brief Write a public key to a PEM string
*
* \param key public key to write away
* \param buf buffer to write to
* \param size size of the buffer
*
* \return 0 successful, or a specific error code
*/
int x509write_pubkey_pem( pk_context *key, unsigned char *buf, size_t size );
/**
* \brief Write a private key to a PKCS#1 or SEC1 PEM string
*
* \param key private to write away
* \param buf buffer to write to
* \param size size of the buffer
*
* \return 0 successful, or a specific error code
*/
int x509write_key_pem( pk_context *key, unsigned char *buf, size_t size );
/**
* \brief Write a CSR (Certificate Signing Request) to a
* PEM string
......
......@@ -42,6 +42,7 @@ set(src
pk.c
pk_wrap.c
pkparse.c
pkwrite.c
rsa.c
sha1.c
sha256.c
......
......@@ -50,6 +50,7 @@ OBJS= aes.o arc4.o asn1parse.o \
padlock.o pbkdf2.o pem.o \
pkcs5.o pkcs11.o pkcs12.o \
pk.o pk_wrap.o pkparse.o \
pkwrite.o \
rsa.o sha1.o sha256.o \
sha512.o ssl_cache.o ssl_cli.o \
ssl_srv.o ssl_ciphersuites.o \
......
/*
* Public Key layer for writing key files and structures
*
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "polarssl/config.h"
#if defined(POLARSSL_PK_C)
#include "polarssl/pk.h"
#include "polarssl/asn1write.h"
#include "polarssl/oid.h"
#if defined(POLARSSL_RSA_C)
#include "polarssl/rsa.h"
#endif
#if defined(POLARSSL_ECP_C)
#include "polarssl/ecp.h"
#endif
#if defined(POLARSSL_ECDSA_C)
#include "polarssl/ecdsa.h"
#endif
#if defined(POLARSSL_BASE64_C)
#include "polarssl/base64.h"
#endif
#if defined(POLARSSL_MEMORY_C)
#include "polarssl/memory.h"
#else
#include <stdlib.h>
#define polarssl_malloc malloc
#define polarssl_free free
#endif
#if defined(POLARSSL_RSA_C)
/*
* RSAPublicKey ::= SEQUENCE {
* modulus INTEGER, -- n
* publicExponent INTEGER -- e
* }
*/
static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start,
rsa_context *rsa )
{
int ret;
size_t len = 0;
ASN1_CHK_ADD( len, asn1_write_mpi( p, start, &rsa->E ) );
ASN1_CHK_ADD( len, asn1_write_mpi( p, start, &rsa->N ) );
ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
return( len );
}
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECP_C)
/*
* EC public key is an EC point
*/
static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
ecp_keypair *ec )
{
int ret;
size_t len = 0;
unsigned char buf[POLARSSL_ECP_MAX_PT_LEN];
if( ( ret = ecp_point_write_binary( &ec->grp, &ec->Q,
POLARSSL_ECP_PF_UNCOMPRESSED,
&len, buf, sizeof( buf ) ) ) != 0 )
{
return( ret );
}
if( *p - start < (int) len )
return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
*p -= len;
memcpy( *p, buf, len );
return( len );
}
/*
* ECParameters ::= CHOICE {
* namedCurve OBJECT IDENTIFIER
* }
*/
static int pk_write_ec_param( unsigned char **p, unsigned char *start,
ecp_keypair *ec )
{
int ret;
size_t len = 0;
const char *oid;
size_t oid_len;
if( ( ret = oid_get_oid_by_ec_grp( ec->grp.id, &oid, &oid_len ) ) != 0 )
return( ret );
ASN1_CHK_ADD( len, asn1_write_oid( p, start, oid, oid_len ) );
return( len );
}
#endif /* POLARSSL_ECP_C */
int pk_write_pubkey( unsigned char **p, unsigned char *start,
const pk_context *key )
{
int ret;
size_t len = 0;
#if defined(POLARSSL_RSA_C)
if( pk_get_type( key ) == POLARSSL_PK_RSA )
ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, pk_rsa( *key ) ) );
else
#endif
#if defined(POLARSSL_ECP_C)
if( pk_get_type( key ) == POLARSSL_PK_ECKEY )
ASN1_CHK_ADD( len, pk_write_ec_pubkey( p, start, pk_ec( *key ) ) );
else
#endif
return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE );
return( len );
}
int pk_write_pubkey_der( pk_context *key, unsigned char *buf, size_t size )
{
int ret;
unsigned char *c;
size_t len = 0, par_len = 0, oid_len;
const char *oid;
c = buf + size;
ASN1_CHK_ADD( len, pk_write_pubkey( &c, buf, key ) );
if( c - buf < 1 )
return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
/*
* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING }
*/
*--c = 0;
len += 1;
ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_BIT_STRING ) );
if( ( ret = oid_get_oid_by_pk_alg( pk_get_type( key ),
&oid, &oid_len ) ) != 0 )
{
return( ret );
}
#if defined(POLARSSL_ECP_C)
if( pk_get_type( key ) == POLARSSL_PK_ECKEY )
{
ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, pk_ec( *key ) ) );
}
#endif
ASN1_CHK_ADD( len, asn1_write_algorithm_identifier( &c, buf, oid, oid_len,
par_len ) );
ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
return( len );
}
int pk_write_key_der( pk_context *key, unsigned char *buf, size_t size )
{
int ret;
unsigned char *c = buf + size;
size_t len = 0;
#if defined(POLARSSL_RSA_C)
if( pk_get_type( key ) == POLARSSL_PK_RSA )
{
rsa_context *rsa = pk_rsa( *key );
ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->QP ) );
ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->DQ ) );
ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->DP ) );
ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->Q ) );
ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->P ) );
ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->D ) );
ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->E ) );
ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->N ) );
ASN1_CHK_ADD( len, asn1_write_int( &c, buf, 0 ) );
ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
}
else
#endif
#if defined(POLARSSL_ECP_C)
if( pk_get_type( key ) == POLARSSL_PK_ECKEY )
{
ecp_keypair *ec = pk_ec( *key );
size_t pub_len = 0, par_len = 0;
/*
* RFC 5915, or SEC1 Appendix C.4
*
* ECPrivateKey ::= SEQUENCE {
* version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
* privateKey OCTET STRING,
* parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
* publicKey [1] BIT STRING OPTIONAL
* }
*/
/* publicKey */
ASN1_CHK_ADD( pub_len, pk_write_ec_pubkey( &c, buf, ec ) );
if( c - buf < 1 )
return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
*--c = 0;
pub_len += 1;
ASN1_CHK_ADD( pub_len, asn1_write_len( &c, buf, pub_len ) );
ASN1_CHK_ADD( pub_len, asn1_write_tag( &c, buf, ASN1_BIT_STRING ) );
ASN1_CHK_ADD( pub_len, asn1_write_len( &c, buf, pub_len ) );
ASN1_CHK_ADD( pub_len, asn1_write_tag( &c, buf,
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) );
len += pub_len;
/* parameters */
ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, ec ) );
ASN1_CHK_ADD( par_len, asn1_write_len( &c, buf, par_len ) );
ASN1_CHK_ADD( par_len, asn1_write_tag( &c, buf,
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) );
len += par_len;
/* privateKey: write as MPI then fix tag */
ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &ec->d ) );
*c = ASN1_OCTET_STRING;
/* version */
ASN1_CHK_ADD( len, asn1_write_int( &c, buf, 1 ) );
ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
}
else
#endif
return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE );
return( len );
}
#if defined(POLARSSL_BASE64_C)
static int pk_write_pemify( const char *begin_str, const char *end_str,
const unsigned char *der_data, size_t der_len,
unsigned char *buf, size_t size )
{
int ret;
unsigned char base_buf[4096];
unsigned char *c = base_buf, *p = buf;
size_t len = 0, olen = sizeof(base_buf);
if( ( ret = base64_encode( base_buf, &olen, der_data, der_len ) ) != 0 )
return( ret );
if( olen + strlen( begin_str ) + strlen( end_str ) +
olen / 64 > size )
{
return( POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL );
}
memcpy( p, begin_str, strlen( begin_str ) );
p += strlen( begin_str );
while( olen )
{
len = ( olen > 64 ) ? 64 : olen;
memcpy( p, c, len );
olen -= len;
p += len;
c += len;
*p++ = '\n';
}
memcpy( p, end_str, strlen( end_str ) );
p += strlen( end_str );
*p = '\0';
return( 0 );
}
#define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----\n"
#define PEM_END_PUBLIC_KEY "-----END PUBLIC KEY-----\n"
#define PEM_BEGIN_PRIVATE_KEY_RSA "-----BEGIN RSA PRIVATE KEY-----\n"
#define PEM_END_PRIVATE_KEY_RSA "-----END RSA PRIVATE KEY-----\n"
#define PEM_BEGIN_PRIVATE_KEY_EC "-----BEGIN EC PRIVATE KEY-----\n"
#define PEM_END_PRIVATE_KEY_EC "-----END EC PRIVATE KEY-----\n"
int pk_write_pubkey_pem( pk_context *key, unsigned char *buf, size_t size )
{
int ret;
unsigned char output_buf[4096];
if( ( ret = pk_write_pubkey_der( key, output_buf,
sizeof(output_buf) ) ) < 0 )
{
return( ret );
}
if( ( ret = pk_write_pemify( PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY,
output_buf + sizeof(output_buf) - ret,
ret, buf, size ) ) != 0 )
{
return( ret );
}
return( 0 );
}
int pk_write_key_pem( pk_context *key, unsigned char *buf, size_t size )
{
int ret;
unsigned char output_buf[4096];
char *begin, *end;
if( ( ret = pk_write_key_der( key, output_buf,
sizeof(output_buf) ) ) < 0 )
{
return( ret );
}
#if defined(POLARSSL_RSA_C)
if( pk_get_type( key ) == POLARSSL_PK_RSA )
{
begin = PEM_BEGIN_PRIVATE_KEY_RSA;
end = PEM_END_PRIVATE_KEY_RSA;
}
else
#endif
#if defined(POLARSSL_ECP_C)
if( pk_get_type( key ) == POLARSSL_PK_ECKEY )
{
begin = PEM_BEGIN_PRIVATE_KEY_EC;
end = PEM_END_PRIVATE_KEY_EC;
}
else
#endif
return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE );
if( ( ret = pk_write_pemify( begin, end,
output_buf + sizeof(output_buf) - ret,
ret, buf, size ) ) != 0 )
{
return( ret );
}
return( 0 );
}
#endif /* POLARSSL_BASE64_C */
#endif /* POLARSSL_PK_C */
......@@ -117,99 +117,6 @@ exit:
return( ret );
}
#if defined(POLARSSL_RSA_C)
/*
* RSAPublicKey ::= SEQUENCE {
* modulus INTEGER, -- n
* publicExponent INTEGER -- e
* }
*/
static int x509_write_rsa_pubkey( unsigned char **p, unsigned char *start,
rsa_context *rsa )
{
int ret;
size_t len = 0;
ASN1_CHK_ADD( len, asn1_write_mpi( p, start, &rsa->E ) );