result_t PKey::copy(const mbedtls_pk_context &key) { mbedtls_pk_type_t type = mbedtls_pk_get_type(&key); int32_t ret; if (type == MBEDTLS_PK_RSA) { mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key); ret = mbedtls_pk_setup(&m_key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)); if (ret != 0) return CHECK_ERROR(_ssl::setError(ret)); mbedtls_rsa_context *rsa1 = mbedtls_pk_rsa(m_key); ret = mbedtls_rsa_copy(rsa1, rsa); if (ret != 0) return CHECK_ERROR(_ssl::setError(ret)); return 0; } if (type == MBEDTLS_PK_ECKEY) { mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(key); ret = mbedtls_pk_setup(&m_key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)); if (ret != 0) return CHECK_ERROR(_ssl::setError(ret)); mbedtls_ecp_keypair *ecp1 = mbedtls_pk_ec(m_key); ret = mbedtls_ecp_group_copy(&ecp1->grp, &ecp->grp); if (ret != 0) return CHECK_ERROR(_ssl::setError(ret)); ret = mbedtls_mpi_copy(&ecp1->d, &ecp->d); if (ret != 0) return CHECK_ERROR(_ssl::setError(ret)); ret = mbedtls_ecp_copy(&ecp1->Q, &ecp->Q); if (ret != 0) return CHECK_ERROR(_ssl::setError(ret)); return 0; } return CHECK_ERROR(CALL_E_INVALID_CALL); }
result_t PKey::genEcKey(const char *curve, AsyncEvent *ac) { if (!ac) return CHECK_ERROR(CALL_E_NOSYNC); const mbedtls_ecp_curve_info *curve_info; curve_info = mbedtls_ecp_curve_info_from_name(curve); if (curve_info == NULL) return CHECK_ERROR(Runtime::setError("PKey: Unknown curve")); int32_t ret; clear(); ret = mbedtls_pk_setup(&m_key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)); if (ret != 0) return CHECK_ERROR(_ssl::setError(ret)); ret = mbedtls_ecp_gen_key(curve_info->grp_id, mbedtls_pk_ec(m_key), mbedtls_ctr_drbg_random, &g_ssl.ctr_drbg); if (ret != 0) return CHECK_ERROR(_ssl::setError(ret)); return 0; }
/* * SubjectPublicKeyInfo ::= SEQUENCE { * algorithm AlgorithmIdentifier, * subjectPublicKey BIT STRING } */ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, mbedtls_pk_context *pk ) { int ret; size_t len; mbedtls_asn1_buf alg_params; mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; const mbedtls_pk_info_t *pk_info; if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); } end = *p + len; if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 ) return( ret ); if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 ) return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); if( *p + len != end ) return( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL ) return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ) return( ret ); #if defined(MBEDTLS_RSA_C) if( pk_alg == MBEDTLS_PK_RSA ) { ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) ); } else #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_C) if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY ) { ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp ); if( ret == 0 ) ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) ); } else #endif /* MBEDTLS_ECP_C */ ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; if( ret == 0 && *p != end ) ret = MBEDTLS_ERR_PK_INVALID_PUBKEY MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; if( ret != 0 ) mbedtls_pk_free( pk ); return( ret ); }
int pki_privkey_build_rsa(ssh_key key, ssh_string n, ssh_string e, ssh_string d, ssh_string iqmp, ssh_string p, ssh_string q) { mbedtls_rsa_context *rsa = NULL; const mbedtls_pk_info_t *pk_info = NULL; int rc; key->rsa = malloc(sizeof(mbedtls_pk_context)); if (key->rsa == NULL) { return SSH_ERROR; } mbedtls_pk_init(key->rsa); pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA); mbedtls_pk_setup(key->rsa, pk_info); rc = mbedtls_pk_can_do(key->rsa, MBEDTLS_PK_RSA); if (rc == 0) { goto fail; } rsa = mbedtls_pk_rsa(*key->rsa); rc = mbedtls_rsa_import_raw(rsa, ssh_string_data(n), ssh_string_len(n), ssh_string_data(p), ssh_string_len(p), ssh_string_data(q), ssh_string_len(q), ssh_string_data(d), ssh_string_len(d), ssh_string_data(e), ssh_string_len(e)); if (rc != 0) { SSH_LOG(SSH_LOG_WARN, "Failed to import private RSA key"); goto fail; } rc = mbedtls_rsa_complete(rsa); if (rc != 0) { SSH_LOG(SSH_LOG_WARN, "Failed to complete private RSA key"); goto fail; } rc = mbedtls_rsa_check_privkey(rsa); if (rc != 0) { SSH_LOG(SSH_LOG_WARN, "Inconsistent private RSA key"); goto fail; } return SSH_OK; fail: mbedtls_pk_free(key->rsa); SAFE_FREE(key->rsa); return SSH_ERROR; }
int extract_public_ec_key_length(uint8_t* buffer, size_t max_length, const uint8_t* private_key, size_t private_key_len) { mbedtls_pk_context key; mbedtls_pk_init(&key); int error = mbedtls_pk_setup(&key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)); if (!error) error = mbedtls_pk_parse_key(&key, private_key, private_key_len, nullptr, 0); if (!error) error = mbedtls_pk_write_pubkey_der(&key, buffer, max_length); mbedtls_pk_free(&key); return error; }
/** * Given the indirected identifier for the cipher algorithm return its label. * * @param Cipher The cipher algorithm in question. * @return The label for the cipher. */ const char* get_cipher_label(Cipher c) { if (_is_cipher_symmetric(c)) { const mbedtls_cipher_info_t* info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t)c); if (info) { return info->name; } } else { const mbedtls_pk_info_t* info = mbedtls_pk_info_from_type((mbedtls_pk_type_t)c); if (info) { return info->name; } } return "<UNKNOWN>"; }
/** * Given the identifier for the cipher algorithm return the key size. * * @param Cipher The cipher algorithm in question. * @return The size of the buffer (in bytes) required to hold the cipher key. */ int get_cipher_key_length(Cipher c) { if (_is_cipher_symmetric(c)) { const mbedtls_cipher_info_t* info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t)c); if (info) { return info->key_bitlen; } } else { const mbedtls_pk_info_t* info = mbedtls_pk_info_from_type((mbedtls_pk_type_t)c); if (info) { //return info->key_bitlen; } //mbedtls_pk_get_bitlen } return 0; }
int gen_ec_key(uint8_t* buffer, size_t max_length, int (*f_rng) (void *, uint8_t* buf, size_t len), void *p_rng) { mbedtls_pk_context key; memset(&key, 0, sizeof(key)); int error = mbedtls_pk_setup(&key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)); if (!error) error = mbedtls_ecp_gen_key(MBEDTLS_ECP_DP_SECP256R1, mbedtls_pk_ec(key), f_rng, p_rng ); if (!error) { int result = mbedtls_pk_write_key_der(&key, buffer, max_length); if (result<0) error = result; else if (result>0) { // the key is written to the end of the buffer - align to the start memmove(buffer, buffer+max_length-result, result); } } mbedtls_pk_free(&key); return error; }
int mbedtls_ecies_write_originator(unsigned char **p, unsigned char *start, mbedtls_ecp_keypair *originator_keypair) { int result = 0; size_t len = 0; mbedtls_pk_context pk; if (originator_keypair == NULL) { return MBEDTLS_ERR_ECIES_BAD_INPUT_DATA; } pk.pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY); pk.pk_ctx = originator_keypair; ACCUMULATE_AND_CHECK(result, len, mbedtls_pk_write_pubkey_der(&pk, start , *p - start) ); *p -= len; return (int)len; }
int pki_pubkey_build_rsa(ssh_key key, ssh_string e, ssh_string n) { mbedtls_rsa_context *rsa = NULL; const mbedtls_pk_info_t *pk_info = NULL; int rc; key->rsa = malloc(sizeof(mbedtls_pk_context)); if (key->rsa == NULL) { return SSH_ERROR; } mbedtls_pk_init(key->rsa); pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA); mbedtls_pk_setup(key->rsa, pk_info); rc = mbedtls_pk_can_do(key->rsa, MBEDTLS_PK_RSA); if (rc == 0) { goto fail; } rsa = mbedtls_pk_rsa(*key->rsa); rc = mbedtls_mpi_read_binary(&rsa->N, ssh_string_data(n), ssh_string_len(n)); if (rc != 0) { goto fail; } rc = mbedtls_mpi_read_binary(&rsa->E, ssh_string_data(e), ssh_string_len(e)); if (rc != 0) { goto fail; } rsa->len = (mbedtls_mpi_bitlen(&rsa->N) + 7) >> 3; return SSH_OK; fail: mbedtls_pk_free(key->rsa); SAFE_FREE(key->rsa); return SSH_ERROR; }
result_t PKey::genRsaKey(int32_t size, AsyncEvent *ac) { if (size < 128 || size > 8192) return CHECK_ERROR(Runtime::setError("PKey: Invalid key size")); if (!ac) return CHECK_ERROR(CALL_E_NOSYNC); int32_t ret; clear(); ret = mbedtls_pk_setup(&m_key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)); if (ret != 0) return CHECK_ERROR(_ssl::setError(ret)); ret = mbedtls_rsa_gen_key(mbedtls_pk_rsa(m_key), mbedtls_ctr_drbg_random, &g_ssl.ctr_drbg, size, 65537); if (ret != 0) return CHECK_ERROR(_ssl::setError(ret)); return 0; }
TEE_Result crypto_acipher_ecc_sign(uint32_t algo, struct ecc_keypair *key, const uint8_t *msg, size_t msg_len, uint8_t *sig, size_t *sig_len) { TEE_Result res = TEE_SUCCESS; int lmd_res = 0; const mbedtls_pk_info_t *pk_info = NULL; mbedtls_ecdsa_context ecdsa; size_t key_size_bytes = 0; size_t key_size_bits = 0; mbedtls_mpi r; mbedtls_mpi s; memset(&ecdsa, 0, sizeof(ecdsa)); memset(&r, 0, sizeof(r)); memset(&s, 0, sizeof(s)); if (algo == 0) return TEE_ERROR_BAD_PARAMETERS; mbedtls_mpi_init(&r); mbedtls_mpi_init(&s); mbedtls_ecdsa_init(&ecdsa); lmd_res = mbedtls_ecp_group_load(&ecdsa.grp, key->curve); if (lmd_res != 0) { res = TEE_ERROR_NOT_SUPPORTED; goto out; } ecdsa.d = *(mbedtls_mpi *)key->d; res = ecc_get_keysize(key->curve, algo, &key_size_bytes, &key_size_bits); if (res != TEE_SUCCESS) goto out; pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECDSA); if (pk_info == NULL) { res = TEE_ERROR_NOT_SUPPORTED; goto out; } lmd_res = mbedtls_ecdsa_sign(&ecdsa.grp, &r, &s, &ecdsa.d, msg, msg_len, mbd_rand, NULL); if (lmd_res == 0) { *sig_len = 2 * key_size_bytes; memset(sig, 0, *sig_len); mbedtls_mpi_write_binary(&r, sig + *sig_len / 2 - mbedtls_mpi_size(&r), mbedtls_mpi_size(&r)); mbedtls_mpi_write_binary(&s, sig + *sig_len - mbedtls_mpi_size(&s), mbedtls_mpi_size(&s)); res = TEE_SUCCESS; } else { FMSG("mbedtls_ecdsa_sign failed, returned 0x%x\n", -lmd_res); res = TEE_ERROR_GENERIC; } out: mbedtls_mpi_free(&r); mbedtls_mpi_free(&s); /* Reset mpi to skip freeing here, those mpis will be freed with key */ mbedtls_mpi_init(&ecdsa.d); mbedtls_ecdsa_free(&ecdsa); return res; }
/******************************************************************************* * Asymmetric ciphers * *******************************************************************************/ int __attribute__((weak)) wrapped_asym_keygen(Cipher c, CryptoKey key_type, uint8_t* pub, size_t* pub_len, uint8_t* priv, size_t* priv_len) { if (keygen_deferred_handling(key_type)) { // If overriden by user implementation. return _keygen_overrides[key_type](c, key_type, pub, pub_len, priv, priv_len); } int ret = -1; mbedtls_pk_context key; mbedtls_pk_init(&key); uint32_t pers = randomInt(); mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ctr_drbg_init(&ctr_drbg); ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const uint8_t*) &pers, 4 ); if (0 == ret) { switch (c) { #if defined(WRAPPED_ASYM_RSA) case Cipher::ASYM_RSA: { ret = mbedtls_pk_setup(&key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)); if (0 == ret) { mbedtls_rsa_context* rsa = mbedtls_pk_rsa(key); ret = mbedtls_rsa_gen_key(rsa, mbedtls_ctr_drbg_random, &ctr_drbg, (int) key_type, 65537 ); if (0 == ret) { ret--; memset(pub, 0, *pub_len); memset(priv, 0, *priv_len); int written = mbedtls_pk_write_pubkey_der(&key, pub, *pub_len); if (0 < written) { *pub_len = written; written = mbedtls_pk_write_key_der(&key, priv, *priv_len); if (0 < written) { *priv_len = written; ret = 0; } } } } } break; #endif #if defined(MBEDTLS_ECDSA_C) case Cipher::ASYM_ECDSA: { ret = mbedtls_pk_setup(&key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)); if (0 == ret) { mbedtls_ecp_keypair* ec_kp = mbedtls_pk_ec(key); ret = mbedtls_ecdsa_genkey(ec_kp, (mbedtls_ecp_group_id) key_type, mbedtls_ctr_drbg_random, &ctr_drbg ); if (0 == ret) { ret--; memset(pub, 0, *pub_len); memset(priv, 0, *priv_len); int written = mbedtls_pk_write_pubkey_der(&key, pub, *pub_len); if (0 < written) { *pub_len = written; written = mbedtls_pk_write_key_der(&key, priv, *priv_len); if (0 < written) { *priv_len = written; ret = 0; } } } } } break; #endif #if defined(MBEDTLS_ECP_C) case Cipher::ASYM_ECKEY: { ret = mbedtls_pk_setup(&key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)); if (0 == ret) { mbedtls_ecp_keypair* ec_kp = mbedtls_pk_ec(key); ret = mbedtls_ecp_gen_key( (mbedtls_ecp_group_id) key_type, ec_kp, mbedtls_ctr_drbg_random, &ctr_drbg ); if (0 == ret) { ret--; memset(pub, 0, *pub_len); memset(priv, 0, *priv_len); int written = mbedtls_pk_write_pubkey_der(&key, pub, *pub_len); if (0 < written) { *pub_len = written; written = mbedtls_pk_write_key_der(&key, priv, *priv_len); if (0 < written) { *priv_len = written; ret = 0; } } } } } break; #endif default: break; } } mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); return ret; }
result_t PKey::get_publicKey(obj_ptr<PKey_base> &retVal) { result_t hr; bool priv; hr = isPrivate(priv); if (hr < 0) return hr; if (!priv) return CALL_RETURN_NULL; mbedtls_pk_type_t type = mbedtls_pk_get_type(&m_key); int32_t ret; if (type == MBEDTLS_PK_RSA) { mbedtls_rsa_context *rsa = mbedtls_pk_rsa(m_key); obj_ptr<PKey> pk1 = new PKey(); ret = mbedtls_pk_setup(&pk1->m_key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)); if (ret != 0) return CHECK_ERROR(_ssl::setError(ret)); mbedtls_rsa_context *rsa1 = mbedtls_pk_rsa(pk1->m_key); rsa1->len = rsa->len; rsa1->padding = rsa->padding; rsa1->hash_id = rsa->hash_id; ret = mbedtls_mpi_copy(&rsa1->N, &rsa->N); if (ret != 0) return CHECK_ERROR(_ssl::setError(ret)); ret = mbedtls_mpi_copy(&rsa1->E, &rsa->E); if (ret != 0) return CHECK_ERROR(_ssl::setError(ret)); retVal = pk1; return 0; } if (type == MBEDTLS_PK_ECKEY) { mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(m_key); obj_ptr<PKey> pk1 = new PKey(); ret = mbedtls_pk_setup(&pk1->m_key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)); if (ret != 0) return CHECK_ERROR(_ssl::setError(ret)); mbedtls_ecp_keypair *ecp1 = mbedtls_pk_ec(pk1->m_key); ret = mbedtls_ecp_group_copy(&ecp1->grp, &ecp->grp); if (ret != 0) return CHECK_ERROR(_ssl::setError(ret)); ret = mbedtls_ecp_copy(&ecp1->Q, &ecp->Q); if (ret != 0) return CHECK_ERROR(_ssl::setError(ret)); retVal = pk1; return 0; } return CHECK_ERROR(CALL_E_INVALID_CALL); }
/** * Wrapper for sign-verify operations. * * @param Cipher Algorithm class * @param CryptoKey Key parameters * @param Hashes Digest alg to use. * @param uint8_t* Buffer to be signed/verified... * @param int ...and its length. * @param uint8_t* Buffer to hold signature... * @param int* ...and its length. * @param uint8_t* Buffer holding the key... * @param int ...and its length. * @param uint32_t Options to the operations. * @return 0 if the operation completed successfully. */ int __attribute__((weak)) wrapped_sign_verify(Cipher c, CryptoKey k, Hashes h, uint8_t* msg, int msg_len, uint8_t* sig, size_t* sig_len, uint8_t* key, int key_len, uint32_t opts) { if (keygen_deferred_handling(k)) { // If overriden by user implementation. return _s_v_overrides[k](c, k, h, msg, msg_len, sig, sig_len, key, key_len, opts); } int ret = -1; // Failure by default. uint8_t* hash; int hashlen; if (Hashes::NONE != h) { hashlen = get_digest_output_length(h); hash = (uint8_t*) alloca(hashlen); if (hash) { ret = wrapped_hash(msg, msg_len, hash, h); } } else { // This is the no-digest case. hashlen = msg_len; hash = msg; ret = 0; // TODO: Fail if size is greater than the maximum input length for the Key type. } if (0 == ret) { // If we are here, the hashing operation worked. Now we case-off on key/algo. mbedtls_pk_context k_ctx; mbedtls_pk_init(&k_ctx); uint32_t pers = randomInt(); mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ctr_drbg_init(&ctr_drbg); ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const uint8_t*) &pers, 4 ); if (0 == ret) { switch (c) { #if defined(WRAPPED_ASYM_RSA) case Cipher::ASYM_RSA: //ret = mbedtls_pk_setup(&k_ctx, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)); if (opts & OP_SIGN) { ret = mbedtls_pk_setup(&k_ctx, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)); if (0 == ret) { ret = mbedtls_pk_parse_key(&k_ctx, key, key_len, nullptr, 0); if (0 == ret) { ret = mbedtls_pk_sign( &k_ctx, (mbedtls_md_type_t) h, hash, hashlen, sig, sig_len, mbedtls_ctr_drbg_random, &ctr_drbg ); } } } else { ret = mbedtls_pk_parse_public_key(&k_ctx, key, key_len); if (0 == ret) { ret = mbedtls_pk_verify( &k_ctx, (mbedtls_md_type_t) h, hash, hashlen, sig, *sig_len ); } } break; #endif #if defined(MBEDTLS_ECDSA_C) case Cipher::ASYM_ECDSA: if (opts & OP_SIGN) { ret = mbedtls_pk_setup(&k_ctx, mbedtls_pk_info_from_type(MBEDTLS_PK_ECDSA)); if (0 == ret) { ret = mbedtls_pk_parse_key(&k_ctx, key, key_len, nullptr, 0); if (0 == ret) { ret = mbedtls_pk_sign( &k_ctx, (mbedtls_md_type_t) h, hash, hashlen, sig, sig_len, mbedtls_ctr_drbg_random, &ctr_drbg ); } } } else { ret = mbedtls_pk_parse_public_key(&k_ctx, key, key_len); if (0 == ret) { ret = mbedtls_pk_verify( &k_ctx, (mbedtls_md_type_t) h, hash, hashlen, sig, *sig_len ); } } break; #endif #if defined(MBEDTLS_ECP_C) case Cipher::ASYM_ECKEY: if (opts & OP_SIGN) { ret = mbedtls_pk_setup(&k_ctx, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)); if (0 == ret) { ret = mbedtls_pk_parse_key(&k_ctx, key, key_len, nullptr, 0); if (0 == ret) { ret = mbedtls_pk_sign( &k_ctx, (mbedtls_md_type_t) h, hash, hashlen, sig, sig_len, mbedtls_ctr_drbg_random, &ctr_drbg ); } } } else { ret = mbedtls_pk_parse_public_key(&k_ctx, key, key_len); if (0 == ret) { ret = mbedtls_pk_verify( &k_ctx, (mbedtls_md_type_t) h, hash, hashlen, sig, *sig_len ); } } break; #endif default: break; } } } return ret; }
/* * Parse a private key */ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, const unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen ) { int ret; const mbedtls_pk_info_t *pk_info; #if defined(MBEDTLS_PEM_PARSE_C) size_t len; mbedtls_pem_context pem; mbedtls_pem_init( &pem ); #if defined(MBEDTLS_RSA_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ if( keylen == 0 || key[keylen - 1] != '\0' ) ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; else ret = mbedtls_pem_read_buffer( &pem, "-----BEGIN RSA PRIVATE KEY-----", "-----END RSA PRIVATE KEY-----", key, pwd, pwdlen, &len ); if( ret == 0 ) { if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), pem.buf, pem.buflen ) ) != 0 ) { mbedtls_pk_free( pk ); } mbedtls_pem_free( &pem ); return( ret ); } else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ) return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ) return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) return( ret ); #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ if( keylen == 0 || key[keylen - 1] != '\0' ) ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; else ret = mbedtls_pem_read_buffer( &pem, "-----BEGIN EC PRIVATE KEY-----", "-----END EC PRIVATE KEY-----", key, pwd, pwdlen, &len ); if( ret == 0 ) { if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL ) return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), pem.buf, pem.buflen ) ) != 0 ) { mbedtls_pk_free( pk ); } mbedtls_pem_free( &pem ); return( ret ); } else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ) return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ) return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) return( ret ); #endif /* MBEDTLS_ECP_C */ /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ if( keylen == 0 || key[keylen - 1] != '\0' ) ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; else ret = mbedtls_pem_read_buffer( &pem, "-----BEGIN PRIVATE KEY-----", "-----END PRIVATE KEY-----", key, NULL, 0, &len ); if( ret == 0 ) { if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, pem.buf, pem.buflen ) ) != 0 ) { mbedtls_pk_free( pk ); } mbedtls_pem_free( &pem ); return( ret ); } else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) return( ret ); #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ if( keylen == 0 || key[keylen - 1] != '\0' ) ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; else ret = mbedtls_pem_read_buffer( &pem, "-----BEGIN ENCRYPTED PRIVATE KEY-----", "-----END ENCRYPTED PRIVATE KEY-----", key, NULL, 0, &len ); if( ret == 0 ) { if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, pem.buf, pem.buflen, pwd, pwdlen ) ) != 0 ) { mbedtls_pk_free( pk ); } mbedtls_pem_free( &pem ); return( ret ); } else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) return( ret ); #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ #else ((void) ret); ((void) pwd); ((void) pwdlen); #endif /* MBEDTLS_PEM_PARSE_C */ /* * At this point we only know it's not a PEM formatted key. Could be any * of the known DER encoded private key formats * * We try the different DER format parsers to see if one passes without * error */ #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen, pwd, pwdlen ) ) == 0 ) { return( 0 ); } mbedtls_pk_free( pk ); if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH ) { return( ret ); } #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 ) return( 0 ); mbedtls_pk_free( pk ); #if defined(MBEDTLS_RSA_C) if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) ) == 0 ) { return( 0 ); } mbedtls_pk_free( pk ); #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_C) if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL ) return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), key, keylen ) ) == 0 ) { return( 0 ); } mbedtls_pk_free( pk ); #endif /* MBEDTLS_ECP_C */ return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); }
int main( int argc, char *argv[] ) { int ret = 0; mbedtls_pk_context key; char buf[1024]; int i; char *p, *q; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "gen_key"; #if defined(MBEDTLS_ECP_C) const mbedtls_ecp_curve_info *curve_info; #endif /* * Set to sane values */ mbedtls_pk_init( &key ); mbedtls_ctr_drbg_init( &ctr_drbg ); memset( buf, 0, sizeof( buf ) ); if( argc == 0 ) { usage: ret = 1; mbedtls_printf( USAGE ); #if defined(MBEDTLS_ECP_C) mbedtls_printf( " available ec_curve values:\n" ); curve_info = mbedtls_ecp_curve_list(); mbedtls_printf( " %s (default)\n", curve_info->name ); while( ( ++curve_info )->name != NULL ) mbedtls_printf( " %s\n", curve_info->name ); #endif goto exit; } opt.type = DFL_TYPE; opt.rsa_keysize = DFL_RSA_KEYSIZE; opt.ec_curve = DFL_EC_CURVE; opt.filename = DFL_FILENAME; opt.format = DFL_FORMAT; opt.use_dev_random = DFL_USE_DEV_RANDOM; for( i = 1; i < argc; i++ ) { p = argv[i]; if( ( q = strchr( p, '=' ) ) == NULL ) goto usage; *q++ = '\0'; if( strcmp( p, "type" ) == 0 ) { if( strcmp( q, "rsa" ) == 0 ) opt.type = MBEDTLS_PK_RSA; else if( strcmp( q, "ec" ) == 0 ) opt.type = MBEDTLS_PK_ECKEY; else goto usage; } else if( strcmp( p, "format" ) == 0 ) { if( strcmp( q, "pem" ) == 0 ) opt.format = FORMAT_PEM; else if( strcmp( q, "der" ) == 0 ) opt.format = FORMAT_DER; else goto usage; } else if( strcmp( p, "rsa_keysize" ) == 0 ) { opt.rsa_keysize = atoi( q ); if( opt.rsa_keysize < 1024 || opt.rsa_keysize > MBEDTLS_MPI_MAX_BITS ) goto usage; } #if defined(MBEDTLS_ECP_C) else if( strcmp( p, "ec_curve" ) == 0 ) { if( ( curve_info = mbedtls_ecp_curve_info_from_name( q ) ) == NULL ) goto usage; opt.ec_curve = curve_info->grp_id; } #endif else if( strcmp( p, "filename" ) == 0 ) opt.filename = q; else if( strcmp( p, "use_dev_random" ) == 0 ) { opt.use_dev_random = atoi( q ); if( opt.use_dev_random < 0 || opt.use_dev_random > 1 ) goto usage; } else goto usage; } mbedtls_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); mbedtls_entropy_init( &entropy ); #if !defined(_WIN32) && defined(MBEDTLS_FS_IO) if( opt.use_dev_random ) { if( ( ret = mbedtls_entropy_add_source( &entropy, dev_random_entropy_poll, NULL, DEV_RANDOM_THRESHOLD, MBEDTLS_ENTROPY_SOURCE_STRONG ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_entropy_add_source returned -0x%04x\n", -ret ); goto exit; } mbedtls_printf("\n Using /dev/random, so can take a long time! " ); fflush( stdout ); } #endif /* !_WIN32 && MBEDTLS_FS_IO */ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", -ret ); goto exit; } /* * 1.1. Generate the key */ mbedtls_printf( "\n . Generating the private key ..." ); fflush( stdout ); if( ( ret = mbedtls_pk_setup( &key, mbedtls_pk_info_from_type( opt.type ) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_setup returned -0x%04x", -ret ); goto exit; } #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) if( opt.type == MBEDTLS_PK_RSA ) { ret = mbedtls_rsa_gen_key( mbedtls_pk_rsa( key ), mbedtls_ctr_drbg_random, &ctr_drbg, opt.rsa_keysize, 65537 ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned -0x%04x", -ret ); goto exit; } } else #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_C) if( opt.type == MBEDTLS_PK_ECKEY ) { ret = mbedtls_ecp_gen_key( opt.ec_curve, mbedtls_pk_ec( key ), mbedtls_ctr_drbg_random, &ctr_drbg ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned -0x%04x", -ret ); goto exit; } } else #endif /* MBEDTLS_ECP_C */ { mbedtls_printf( " failed\n ! key type not supported\n" ); goto exit; } /* * 1.2 Print the key */ mbedtls_printf( " ok\n . Key information:\n" ); #if defined(MBEDTLS_RSA_C) if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_RSA ) { mbedtls_rsa_context *rsa = mbedtls_pk_rsa( key ); mbedtls_mpi_write_file( "N: ", &rsa->N, 16, NULL ); mbedtls_mpi_write_file( "E: ", &rsa->E, 16, NULL ); mbedtls_mpi_write_file( "D: ", &rsa->D, 16, NULL ); mbedtls_mpi_write_file( "P: ", &rsa->P, 16, NULL ); mbedtls_mpi_write_file( "Q: ", &rsa->Q, 16, NULL ); mbedtls_mpi_write_file( "DP: ", &rsa->DP, 16, NULL ); mbedtls_mpi_write_file( "DQ: ", &rsa->DQ, 16, NULL ); mbedtls_mpi_write_file( "QP: ", &rsa->QP, 16, NULL ); } else #endif #if defined(MBEDTLS_ECP_C) if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY ) { mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key ); mbedtls_printf( "curve: %s\n", mbedtls_ecp_curve_info_from_grp_id( ecp->grp.id )->name ); mbedtls_mpi_write_file( "X_Q: ", &ecp->Q.X, 16, NULL ); mbedtls_mpi_write_file( "Y_Q: ", &ecp->Q.Y, 16, NULL ); mbedtls_mpi_write_file( "D: ", &ecp->d , 16, NULL ); } else #endif mbedtls_printf(" ! key type not supported\n"); /* * 1.3 Export key */ mbedtls_printf( " . Writing key to file..." ); if( ( ret = write_private_key( &key, opt.filename ) ) != 0 ) { mbedtls_printf( " failed\n" ); goto exit; } mbedtls_printf( " ok\n" ); exit: if( ret != 0 && ret != 1) { #ifdef MBEDTLS_ERROR_C mbedtls_strerror( ret, buf, sizeof( buf ) ); mbedtls_printf( " - %s\n", buf ); #else mbedtls_printf("\n"); #endif } mbedtls_pk_free( &key ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); #endif return( ret ); }
/* * Parse an unencrypted PKCS#8 encoded private key */ static int pk_parse_key_pkcs8_unencrypted_der( mbedtls_pk_context *pk, const unsigned char* key, size_t keylen ) { int ret, version; size_t len; mbedtls_asn1_buf params; unsigned char *p = (unsigned char *) key; unsigned char *end = p + keylen; mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; const mbedtls_pk_info_t *pk_info; /* * This function parses the PrivatKeyInfo object (PKCS#8 v1.2 = RFC 5208) * * PrivateKeyInfo ::= SEQUENCE { * version Version, * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, * privateKey PrivateKey, * attributes [0] IMPLICIT Attributes OPTIONAL } * * Version ::= INTEGER * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier * PrivateKey ::= OCTET STRING * * The PrivateKey OCTET STRING is a SEC1 ECPrivateKey */ if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); } end = p + len; if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); if( version != 0 ) return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret ); if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 ) return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); if( len < 1 ) return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA ); if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL ) return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ) return( ret ); #if defined(MBEDTLS_RSA_C) if( pk_alg == MBEDTLS_PK_RSA ) { if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 ) { mbedtls_pk_free( pk ); return( ret ); } } else #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_C) if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH ) { if( ( ret = pk_use_ecparams( ¶ms, &mbedtls_pk_ec( *pk )->grp ) ) != 0 || ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len ) ) != 0 ) { mbedtls_pk_free( pk ); return( ret ); } } else #endif /* MBEDTLS_ECP_C */ return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); return( 0 ); }
/* * CSR is output formatted as b64url(DER) * Private key is output as a PEM in memory */ LWS_VISIBLE LWS_EXTERN int lws_tls_acme_sni_csr_create(struct lws_context *context, const char *elements[], uint8_t *dcsr, size_t csr_len, char **privkey_pem, size_t *privkey_len) { mbedtls_x509write_csr csr; char subject[200]; mbedtls_pk_context mpk; int buf_size = 4096, n; uint8_t *buf = malloc(buf_size); /* malloc because given to user code */ if (!buf) return -1; mbedtls_x509write_csr_init(&csr); mbedtls_pk_init(&mpk); if (mbedtls_pk_setup(&mpk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA))) { lwsl_notice("%s: pk_setup failed\n", __func__); goto fail; } n = mbedtls_rsa_gen_key(mbedtls_pk_rsa(mpk), _rngf, context, lws_plat_recommended_rsa_bits(), 65537); if (n) { lwsl_notice("%s: failed to generate keys\n", __func__); goto fail1; } /* subject must be formatted like "C=TW,O=warmcat,CN=myserver" */ lws_snprintf(subject, sizeof(subject) - 1, "C=%s,ST=%s,L=%s,O=%s,CN=%s", elements[LWS_TLS_REQ_ELEMENT_COUNTRY], elements[LWS_TLS_REQ_ELEMENT_STATE], elements[LWS_TLS_REQ_ELEMENT_LOCALITY], elements[LWS_TLS_REQ_ELEMENT_ORGANIZATION], elements[LWS_TLS_REQ_ELEMENT_COMMON_NAME]); if (mbedtls_x509write_csr_set_subject_name(&csr, subject)) goto fail1; mbedtls_x509write_csr_set_key(&csr, &mpk); mbedtls_x509write_csr_set_md_alg(&csr, MBEDTLS_MD_SHA256); /* * data is written at the end of the buffer! Use the * return value to determine where you should start * using the buffer */ n = mbedtls_x509write_csr_der(&csr, buf, buf_size, _rngf, context); if (n < 0) { lwsl_notice("%s: write csr der failed\n", __func__); goto fail1; } /* we have it in DER, we need it in b64URL */ n = lws_jws_base64_enc((char *)(buf + buf_size) - n, n, (char *)dcsr, csr_len); if (n < 0) goto fail1; /* * okay, the CSR is done, last we need the private key in PEM * re-use the DER CSR buf as the result buffer since we cn do it in * one step */ if (mbedtls_pk_write_key_pem(&mpk, buf, buf_size)) { lwsl_notice("write key pem failed\n"); goto fail1; } *privkey_pem = (char *)buf; *privkey_len = strlen((const char *)buf); mbedtls_pk_free(&mpk); mbedtls_x509write_csr_free(&csr); return n; fail1: mbedtls_pk_free(&mpk); fail: mbedtls_x509write_csr_free(&csr); free(buf); return -1; }