/*
* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING }
*/
int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
mbedtls_pk_context *pk )
{
int ret;
size_t len;
mbedtls_asn1_buf alg_params;
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
const mbedtls_pk_info_t *pk_info;
if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
}
end = *p + len;
if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
return( ret );
if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
if( *p + len != end )
return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
return( ret );
#if defined(MBEDTLS_RSA_C)
if( pk_alg == MBEDTLS_PK_RSA )
{
ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) );
} else
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY )
{
ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp );
if( ret == 0 )
ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) );
} else
#endif /* MBEDTLS_ECP_C */
ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
if( ret == 0 && *p != end )
ret = MBEDTLS_ERR_PK_INVALID_PUBKEY
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
if( ret != 0 )
mbedtls_pk_free( pk );
return( ret );
}
/*
* Parse the public key used for signing.
*/
static int
bootutil_parse_eckey(mbedtls_ecdsa_context *ctx, uint8_t **p, uint8_t *end)
{
size_t len;
mbedtls_asn1_buf alg;
mbedtls_asn1_buf param;
if (mbedtls_asn1_get_tag(p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
return -1;
}
end = *p + len;
if (mbedtls_asn1_get_alg(p, end, &alg, ¶m)) {
return -2;
}
if (alg.len != sizeof(ec_pubkey_oid) - 1 ||
memcmp(alg.p, ec_pubkey_oid, sizeof(ec_pubkey_oid) - 1)) {
return -3;
}
if (param.len != sizeof(ec_secp224r1_oid) - 1||
memcmp(param.p, ec_secp224r1_oid, sizeof(ec_secp224r1_oid) - 1)) {
return -4;
}
if (mbedtls_ecp_group_load_secp224r1(&ctx->grp)) {
return -5;
}
if (mbedtls_asn1_get_bitstring_null(p, end, &len)) {
return -6;
}
if (*p + len != end) {
return -7;
}
if (mbedtls_ecp_point_read_binary(&ctx->grp, &ctx->Q, *p, end - *p)) {
return -8;
}
if (mbedtls_ecp_check_pubkey(&ctx->grp, &ctx->Q)) {
return -9;
}
return 0;
}
int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig )
{
int ret;
size_t len;
if( ( end - *p ) < 1 )
return( MBEDTLS_ERR_X509_INVALID_SIGNATURE +
MBEDTLS_ERR_ASN1_OUT_OF_DATA );
sig->tag = **p;
if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_SIGNATURE + ret );
sig->len = len;
sig->p = *p;
*p += len;
return( 0 );
}
/*
* Parse a SEC1 encoded private EC key
*/
static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
const unsigned char *key,
size_t keylen )
{
int ret;
int version, pubkey_done;
size_t len;
mbedtls_asn1_buf params;
unsigned char *p = (unsigned char *) key;
unsigned char *end = p + keylen;
unsigned char *end2;
/*
* RFC 5915, or SEC1 Appendix C.4
*
* ECPrivateKey ::= SEQUENCE {
* version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
* privateKey OCTET STRING,
* parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
* publicKey [1] BIT STRING OPTIONAL
* }
*/
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
}
end = p + len;
if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
if( version != 1 )
return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
if( ( ret = mbedtls_mpi_read_binary( &eck->d, p, len ) ) != 0 )
{
mbedtls_ecp_keypair_free( eck );
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
}
p += len;
pubkey_done = 0;
if( p != end )
{
/*
* Is 'parameters' present?
*/
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
{
if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 ||
( ret = pk_use_ecparams( ¶ms, &eck->grp ) ) != 0 )
{
mbedtls_ecp_keypair_free( eck );
return( ret );
}
}
else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
{
mbedtls_ecp_keypair_free( eck );
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
}
/*
* Is 'publickey' present? If not, or if we can't read it (eg because it
* is compressed), create it from the private key.
*/
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
{
end2 = p + len;
if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
if( p + len != end2 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
pubkey_done = 1;
else
{
/*
* The only acceptable failure mode of pk_get_ecpubkey() above
* is if the point format is not recognized.
*/
if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
}
}
else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
{
mbedtls_ecp_keypair_free( eck );
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
}
}
if( ! pubkey_done &&
( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
NULL, NULL ) ) != 0 )
{
mbedtls_ecp_keypair_free( eck );
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
}
if( ( ret = mbedtls_ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 )
{
mbedtls_ecp_keypair_free( eck );
return( ret );
}
return( 0 );
}
/*
* Verify a signature.
*
* Parameters are passed using the DER encoding format following the ASN.1
* structures detailed above.
*/
static int verify_signature(void *data_ptr, unsigned int data_len,
void *sig_ptr, unsigned int sig_len,
void *sig_alg, unsigned int sig_alg_len,
void *pk_ptr, unsigned int pk_len)
{
mbedtls_asn1_buf sig_oid, sig_params;
mbedtls_asn1_buf signature;
mbedtls_md_type_t md_alg;
mbedtls_pk_type_t pk_alg;
mbedtls_pk_context pk;
int rc;
void *sig_opts = NULL;
const mbedtls_md_info_t *md_info;
unsigned char *p, *end;
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
/* Get pointers to signature OID and parameters */
p = (unsigned char *)sig_alg;
end = (unsigned char *)(p + sig_alg_len);
rc = mbedtls_asn1_get_alg(&p, end, &sig_oid, &sig_params);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
/* Get the actual signature algorithm (MD + PK) */
rc = mbedtls_oid_get_sig_alg(&sig_oid, &md_alg, &pk_alg);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
/* Parse the public key */
mbedtls_pk_init(&pk);
p = (unsigned char *)pk_ptr;
end = (unsigned char *)(p + pk_len);
rc = mbedtls_pk_parse_subpubkey(&p, end, &pk);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
/* Get the signature (bitstring) */
p = (unsigned char *)sig_ptr;
end = (unsigned char *)(p + sig_len);
signature.tag = *p;
rc = mbedtls_asn1_get_bitstring_null(&p, end, &signature.len);
if (rc != 0) {
rc = CRYPTO_ERR_SIGNATURE;
goto end;
}
signature.p = p;
/* Calculate the hash of the data */
md_info = mbedtls_md_info_from_type(md_alg);
if (md_info == NULL) {
rc = CRYPTO_ERR_SIGNATURE;
goto end;
}
p = (unsigned char *)data_ptr;
rc = mbedtls_md(md_info, p, data_len, hash);
if (rc != 0) {
rc = CRYPTO_ERR_SIGNATURE;
goto end;
}
/* Verify the signature */
rc = mbedtls_pk_verify_ext(pk_alg, sig_opts, &pk, md_alg, hash,
mbedtls_md_get_size(md_info),
signature.p, signature.len);
if (rc != 0) {
rc = CRYPTO_ERR_SIGNATURE;
goto end;
}
/* Signature verification success */
rc = CRYPTO_SUCCESS;
end:
mbedtls_pk_free(&pk);
return rc;
}
