search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
update atrs list
[RRG-proxmark3.git] / common / mbedtls / pkwrite.c
blob216c98542cce6a1facb1e4a5b0ba55a35c2f26d9
1 /*
2 * Public Key layer for writing key files and structures
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19
20 #include "common.h"
21
22 #if defined(MBEDTLS_PK_WRITE_C)
23
24 #include "mbedtls/pk.h"
25 #include "mbedtls/asn1write.h"
26 #include "mbedtls/oid.h"
27 #include "mbedtls/platform_util.h"
28 #include "mbedtls/error.h"
29
30 #include <string.h>
31
32 #if defined(MBEDTLS_RSA_C)
33 #include "mbedtls/rsa.h"
34 #endif
35 #if defined(MBEDTLS_ECP_C)
36 #include "mbedtls/bignum.h"
37 #include "mbedtls/ecp.h"
38 #include "mbedtls/platform_util.h"
39 #endif
40 #if defined(MBEDTLS_ECDSA_C)
41 #include "mbedtls/ecdsa.h"
42 #endif
43 #if defined(MBEDTLS_PEM_WRITE_C)
44 #include "mbedtls/pem.h"
45 #endif
46
47 #if defined(MBEDTLS_USE_PSA_CRYPTO)
48 #include "psa/crypto.h"
49 #include "mbedtls/psa_util.h"
50 #endif
51 #if defined(MBEDTLS_PLATFORM_C)
52 #include "mbedtls/platform.h"
53 #else
54 #include <stdlib.h>
55 #define mbedtls_calloc calloc
56 #define mbedtls_free free
57 #endif
58
59 /* Parameter validation macros based on platform_util.h */
60 #define PK_VALIDATE_RET( cond ) \
61 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
62 #define PK_VALIDATE( cond ) \
63 MBEDTLS_INTERNAL_VALIDATE( cond )
64
65 #if defined(MBEDTLS_RSA_C)
66 /*
67 * RSAPublicKey ::= SEQUENCE {
68 * modulus INTEGER, -- n
69 * publicExponent INTEGER -- e
70 * }
71 */
72 static int pk_write_rsa_pubkey(unsigned char **p, unsigned char *start,
73 mbedtls_rsa_context *rsa) {
74 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
75 size_t len = 0;
76 mbedtls_mpi T;
77
78 mbedtls_mpi_init(&T);
79
80 /* Export E */
81 if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &T)) != 0 ||
82 (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0)
83 goto end_of_export;
84 len += ret;
85
86 /* Export N */
87 if ((ret = mbedtls_rsa_export(rsa, &T, NULL, NULL, NULL, NULL)) != 0 ||
88 (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0)
89 goto end_of_export;
90 len += ret;
91
92 end_of_export:
93
94 mbedtls_mpi_free(&T);
95 if (ret < 0)
96 return (ret);
97
98 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
99 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED |
100 MBEDTLS_ASN1_SEQUENCE));
101
102 return ((int) len);
103 }
104 #endif /* MBEDTLS_RSA_C */
105
106 #if defined(MBEDTLS_ECP_C)
107 /*
108 * EC public key is an EC point
109 */
110 static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start,
111 mbedtls_ecp_keypair *ec) {
112 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
113 size_t len = 0;
114 unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];
115
116 if ((ret = mbedtls_ecp_point_write_binary(&ec->grp, &ec->Q,
117 MBEDTLS_ECP_PF_UNCOMPRESSED,
118 &len, buf, sizeof(buf))) != 0) {
119 return (ret);
120 }
121
122 if (*p < start || (size_t)(*p - start) < len)
123 return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
124
125 *p -= len;
126 memcpy(*p, buf, len);
127
128 return ((int) len);
129 }
130
131 /*
132 * ECParameters ::= CHOICE {
133 * namedCurve OBJECT IDENTIFIER
134 * }
135 */
136 static int pk_write_ec_param(unsigned char **p, unsigned char *start,
137 mbedtls_ecp_keypair *ec) {
138 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
139 size_t len = 0;
140 const char *oid;
141 size_t oid_len;
142
143 if ((ret = mbedtls_oid_get_oid_by_ec_grp(ec->grp.id, &oid, &oid_len)) != 0)
144 return (ret);
145
146 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len));
147
148 return ((int) len);
149 }
150
151 /*
152 * privateKey OCTET STRING -- always of length ceil(log2(n)/8)
153 */
154 static int pk_write_ec_private(unsigned char **p, unsigned char *start,
155 mbedtls_ecp_keypair *ec) {
156 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
157 size_t byte_length = (ec->grp.pbits + 7) / 8;
158 unsigned char tmp[MBEDTLS_ECP_MAX_BYTES];
159
160 ret = mbedtls_ecp_write_key(ec, tmp, byte_length);
161 if (ret != 0)
162 goto exit;
163 ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length);
164
165 exit:
166 mbedtls_platform_zeroize(tmp, byte_length);
167 return (ret);
168 }
169 #endif /* MBEDTLS_ECP_C */
170
171 int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start,
172 const mbedtls_pk_context *key) {
173 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
174 size_t len = 0;
175
176 PK_VALIDATE_RET(p != NULL);
177 PK_VALIDATE_RET(*p != NULL);
178 PK_VALIDATE_RET(start != NULL);
179 PK_VALIDATE_RET(key != NULL);
180
181 #if defined(MBEDTLS_RSA_C)
182 if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA)
183 MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, mbedtls_pk_rsa(*key)));
184 else
185 #endif
186 #if defined(MBEDTLS_ECP_C)
187 if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY)
188 MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, mbedtls_pk_ec(*key)));
189 else
190 #endif
191 #if defined(MBEDTLS_USE_PSA_CRYPTO)
192 if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) {
193 size_t buffer_size;
194 psa_key_id_t *key_id = (psa_key_id_t *) key->pk_ctx;
195
196 if (*p < start)
197 return (MBEDTLS_ERR_PK_BAD_INPUT_DATA);
198
199 buffer_size = (size_t)(*p - start);
200 if (psa_export_public_key(*key_id, start, buffer_size, &len)
201 != PSA_SUCCESS) {
202 return (MBEDTLS_ERR_PK_BAD_INPUT_DATA);
203 } else {
204 *p -= len;
205 memmove(*p, start, len);
206 }
207 } else
208 #endif /* MBEDTLS_USE_PSA_CRYPTO */
209 return (MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE);
210
211 return ((int) len);
212 }
213
214 int mbedtls_pk_write_pubkey_der(mbedtls_pk_context *key, unsigned char *buf, size_t size) {
215 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
216 unsigned char *c;
217 size_t len = 0, par_len = 0, oid_len;
218 mbedtls_pk_type_t pk_type;
219 const char *oid;
220
221 PK_VALIDATE_RET(key != NULL);
222 if (size == 0)
223 return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
224 PK_VALIDATE_RET(buf != NULL);
225
226 c = buf + size;
227
228 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_pk_write_pubkey(&c, buf, key));
229
230 if (c - buf < 1)
231 return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
232
233 /*
234 * SubjectPublicKeyInfo ::= SEQUENCE {
235 * algorithm AlgorithmIdentifier,
236 * subjectPublicKey BIT STRING }
237 */
238 *--c = 0;
239 len += 1;
240
241 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
242 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING));
243
244 pk_type = mbedtls_pk_get_type(key);
245 #if defined(MBEDTLS_ECP_C)
246 if (pk_type == MBEDTLS_PK_ECKEY) {
247 MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, mbedtls_pk_ec(*key)));
248 }
249 #endif
250 #if defined(MBEDTLS_USE_PSA_CRYPTO)
251 if (pk_type == MBEDTLS_PK_OPAQUE) {
252 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
253 psa_key_type_t key_type;
254 psa_key_id_t key_id;
255 psa_ecc_family_t curve;
256 size_t bits;
257
258 key_id = *((psa_key_id_t *) key->pk_ctx);
259 if (PSA_SUCCESS != psa_get_key_attributes(key_id, &attributes))
260 return (MBEDTLS_ERR_PK_HW_ACCEL_FAILED);
261 key_type = psa_get_key_type(&attributes);
262 bits = psa_get_key_bits(&attributes);
263 psa_reset_key_attributes(&attributes);
264
265 curve = PSA_KEY_TYPE_ECC_GET_FAMILY(key_type);
266 if (curve == 0)
267 return (MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE);
268
269 ret = mbedtls_psa_get_ecc_oid_from_id(curve, bits, &oid, &oid_len);
270 if (ret != 0)
271 return (MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE);
272
273 /* Write EC algorithm parameters; that's akin
274 * to pk_write_ec_param() above. */
275 MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_oid(&c, buf,
276 oid, oid_len));
277
278 /* The rest of the function works as for legacy EC contexts. */
279 pk_type = MBEDTLS_PK_ECKEY;
280 }
281 #endif /* MBEDTLS_USE_PSA_CRYPTO */
282
283 if ((ret = mbedtls_oid_get_oid_by_pk_alg(pk_type, &oid,
284 &oid_len)) != 0) {
285 return (ret);
286 }
287
288 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier(&c, buf, oid, oid_len,
289 par_len));
290
291 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
292 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED |
293 MBEDTLS_ASN1_SEQUENCE));
294
295 return ((int) len);
296 }
297
298 int mbedtls_pk_write_key_der(mbedtls_pk_context *key, unsigned char *buf, size_t size) {
299 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
300 unsigned char *c;
301 size_t len = 0;
302
303 PK_VALIDATE_RET(key != NULL);
304 if (size == 0)
305 return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
306 PK_VALIDATE_RET(buf != NULL);
307
308 c = buf + size;
309
310 #if defined(MBEDTLS_RSA_C)
311 if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) {
312 mbedtls_mpi T; /* Temporary holding the exported parameters */
313 mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*key);
314
315 /*
316 * Export the parameters one after another to avoid simultaneous copies.
317 */
318
319 mbedtls_mpi_init(&T);
320
321 /* Export QP */
322 if ((ret = mbedtls_rsa_export_crt(rsa, NULL, NULL, &T)) != 0 ||
323 (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0)
324 goto end_of_export;
325 len += ret;
326
327 /* Export DQ */
328 if ((ret = mbedtls_rsa_export_crt(rsa, NULL, &T, NULL)) != 0 ||
329 (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0)
330 goto end_of_export;
331 len += ret;
332
333 /* Export DP */
334 if ((ret = mbedtls_rsa_export_crt(rsa, &T, NULL, NULL)) != 0 ||
335 (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0)
336 goto end_of_export;
337 len += ret;
338
339 /* Export Q */
340 if ((ret = mbedtls_rsa_export(rsa, NULL, NULL,
341 &T, NULL, NULL)) != 0 ||
342 (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0)
343 goto end_of_export;
344 len += ret;
345
346 /* Export P */
347 if ((ret = mbedtls_rsa_export(rsa, NULL, &T,
348 NULL, NULL, NULL)) != 0 ||
349 (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0)
350 goto end_of_export;
351 len += ret;
352
353 /* Export D */
354 if ((ret = mbedtls_rsa_export(rsa, NULL, NULL,
355 NULL, &T, NULL)) != 0 ||
356 (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0)
357 goto end_of_export;
358 len += ret;
359
360 /* Export E */
361 if ((ret = mbedtls_rsa_export(rsa, NULL, NULL,
362 NULL, NULL, &T)) != 0 ||
363 (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0)
364 goto end_of_export;
365 len += ret;
366
367 /* Export N */
368 if ((ret = mbedtls_rsa_export(rsa, &T, NULL,
369 NULL, NULL, NULL)) != 0 ||
370 (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0)
371 goto end_of_export;
372 len += ret;
373
374 end_of_export:
375
376 mbedtls_mpi_free(&T);
377 if (ret < 0)
378 return (ret);
379
380 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 0));
381 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
382 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c,
383 buf, MBEDTLS_ASN1_CONSTRUCTED |
384 MBEDTLS_ASN1_SEQUENCE));
385 } else
386 #endif /* MBEDTLS_RSA_C */
387 #if defined(MBEDTLS_ECP_C)
388 if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
389 mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*key);
390 size_t pub_len = 0, par_len = 0;
391
392 /*
393 * RFC 5915, or SEC1 Appendix C.4
394 *
395 * ECPrivateKey ::= SEQUENCE {
396 * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
397 * privateKey OCTET STRING,
398 * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
399 * publicKey [1] BIT STRING OPTIONAL
400 * }
401 */
402
403 /* publicKey */
404 MBEDTLS_ASN1_CHK_ADD(pub_len, pk_write_ec_pubkey(&c, buf, ec));
405
406 if (c - buf < 1)
407 return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
408 *--c = 0;
409 pub_len += 1;
410
411 MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(&c, buf, pub_len));
412 MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING));
413
414 MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(&c, buf, pub_len));
415 MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(&c, buf,
416 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1));
417 len += pub_len;
418
419 /* parameters */
420 MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, ec));
421
422 MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_len(&c, buf, par_len));
423 MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_tag(&c, buf,
424 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0));
425 len += par_len;
426
427 /* privateKey */
428 MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(&c, buf, ec));
429
430 /* version */
431 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 1));
432
433 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
434 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED |
435 MBEDTLS_ASN1_SEQUENCE));
436 } else
437 #endif /* MBEDTLS_ECP_C */
438 return (MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE);
439
440 return ((int) len);
441 }
442
443 #if defined(MBEDTLS_PEM_WRITE_C)
444
445 #define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----\n"
446 #define PEM_END_PUBLIC_KEY "-----END PUBLIC KEY-----\n"
447
448 #define PEM_BEGIN_PRIVATE_KEY_RSA "-----BEGIN RSA PRIVATE KEY-----\n"
449 #define PEM_END_PRIVATE_KEY_RSA "-----END RSA PRIVATE KEY-----\n"
450 #define PEM_BEGIN_PRIVATE_KEY_EC "-----BEGIN EC PRIVATE KEY-----\n"
451 #define PEM_END_PRIVATE_KEY_EC "-----END EC PRIVATE KEY-----\n"
452
453 /*
454 * Max sizes of key per types. Shown as tag + len (+ content).
455 */
456
457 #if defined(MBEDTLS_RSA_C)
458 /*
459 * RSA public keys:
460 * SubjectPublicKeyInfo ::= SEQUENCE { 1 + 3
461 * algorithm AlgorithmIdentifier, 1 + 1 (sequence)
462 * + 1 + 1 + 9 (rsa oid)
463 * + 1 + 1 (params null)
464 * subjectPublicKey BIT STRING } 1 + 3 + (1 + below)
465 * RSAPublicKey ::= SEQUENCE { 1 + 3
466 * modulus INTEGER, -- n 1 + 3 + MPI_MAX + 1
467 * publicExponent INTEGER -- e 1 + 3 + MPI_MAX + 1
468 * }
469 */
470 #define RSA_PUB_DER_MAX_BYTES ( 38 + 2 * MBEDTLS_MPI_MAX_SIZE )
471
472 /*
473 * RSA private keys:
474 * RSAPrivateKey ::= SEQUENCE { 1 + 3
475 * version Version, 1 + 1 + 1
476 * modulus INTEGER, 1 + 3 + MPI_MAX + 1
477 * publicExponent INTEGER, 1 + 3 + MPI_MAX + 1
478 * privateExponent INTEGER, 1 + 3 + MPI_MAX + 1
479 * prime1 INTEGER, 1 + 3 + MPI_MAX / 2 + 1
480 * prime2 INTEGER, 1 + 3 + MPI_MAX / 2 + 1
481 * exponent1 INTEGER, 1 + 3 + MPI_MAX / 2 + 1
482 * exponent2 INTEGER, 1 + 3 + MPI_MAX / 2 + 1
483 * coefficient INTEGER, 1 + 3 + MPI_MAX / 2 + 1
484 * otherPrimeInfos OtherPrimeInfos OPTIONAL 0 (not supported)
485 * }
486 */
487 #define MPI_MAX_SIZE_2 ( MBEDTLS_MPI_MAX_SIZE / 2 + \
488 MBEDTLS_MPI_MAX_SIZE % 2 )
489 #define RSA_PRV_DER_MAX_BYTES ( 47 + 3 * MBEDTLS_MPI_MAX_SIZE \
490 + 5 * MPI_MAX_SIZE_2 )
491
492 #else /* MBEDTLS_RSA_C */
493
494 #define RSA_PUB_DER_MAX_BYTES 0
495 #define RSA_PRV_DER_MAX_BYTES 0
496
497 #endif /* MBEDTLS_RSA_C */
498
499 #if defined(MBEDTLS_ECP_C)
500 /*
501 * EC public keys:
502 * SubjectPublicKeyInfo ::= SEQUENCE { 1 + 2
503 * algorithm AlgorithmIdentifier, 1 + 1 (sequence)
504 * + 1 + 1 + 7 (ec oid)
505 * + 1 + 1 + 9 (namedCurve oid)
506 * subjectPublicKey BIT STRING 1 + 2 + 1 [1]
507 * + 1 (point format) [1]
508 * + 2 * ECP_MAX (coords) [1]
509 * }
510 */
511 #define ECP_PUB_DER_MAX_BYTES ( 30 + 2 * MBEDTLS_ECP_MAX_BYTES )
512
513 /*
514 * EC private keys:
515 * ECPrivateKey ::= SEQUENCE { 1 + 2
516 * version INTEGER , 1 + 1 + 1
517 * privateKey OCTET STRING, 1 + 1 + ECP_MAX
518 * parameters [0] ECParameters OPTIONAL, 1 + 1 + (1 + 1 + 9)
519 * publicKey [1] BIT STRING OPTIONAL 1 + 2 + [1] above
520 * }
521 */
522 #define ECP_PRV_DER_MAX_BYTES ( 29 + 3 * MBEDTLS_ECP_MAX_BYTES )
523
524 #else /* MBEDTLS_ECP_C */
525
526 #define ECP_PUB_DER_MAX_BYTES 0
527 #define ECP_PRV_DER_MAX_BYTES 0
528
529 #endif /* MBEDTLS_ECP_C */
530
531 #define PUB_DER_MAX_BYTES ( RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \
532 RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES )
533 #define PRV_DER_MAX_BYTES ( RSA_PRV_DER_MAX_BYTES > ECP_PRV_DER_MAX_BYTES ? \
534 RSA_PRV_DER_MAX_BYTES : ECP_PRV_DER_MAX_BYTES )
535
536 int mbedtls_pk_write_pubkey_pem(mbedtls_pk_context *key, unsigned char *buf, size_t size) {
537 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
538 unsigned char output_buf[PUB_DER_MAX_BYTES];
539 size_t olen = 0;
540
541 PK_VALIDATE_RET(key != NULL);
542 PK_VALIDATE_RET(buf != NULL || size == 0);
543
544 if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf,
545 sizeof(output_buf))) < 0) {
546 return (ret);
547 }
548
549 if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY,
550 output_buf + sizeof(output_buf) - ret,
551 ret, buf, size, &olen)) != 0) {
552 return (ret);
553 }
554
555 return (0);
556 }
557
558 int mbedtls_pk_write_key_pem(mbedtls_pk_context *key, unsigned char *buf, size_t size) {
559 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
560 unsigned char output_buf[PRV_DER_MAX_BYTES];
561 const char *begin, *end;
562 size_t olen = 0;
563
564 PK_VALIDATE_RET(key != NULL);
565 PK_VALIDATE_RET(buf != NULL || size == 0);
566
567 if ((ret = mbedtls_pk_write_key_der(key, output_buf, sizeof(output_buf))) < 0)
568 return (ret);
569
570 #if defined(MBEDTLS_RSA_C)
571 if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) {
572 begin = PEM_BEGIN_PRIVATE_KEY_RSA;
573 end = PEM_END_PRIVATE_KEY_RSA;
574 } else
575 #endif
576 #if defined(MBEDTLS_ECP_C)
577 if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
578 begin = PEM_BEGIN_PRIVATE_KEY_EC;
579 end = PEM_END_PRIVATE_KEY_EC;
580 } else
581 #endif
582 return (MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE);
583
584 if ((ret = mbedtls_pem_write_buffer(begin, end,
585 output_buf + sizeof(output_buf) - ret,
586 ret, buf, size, &olen)) != 0) {
587 return (ret);
588 }
589
590 return (0);
591 }
592 #endif /* MBEDTLS_PEM_WRITE_C */
593
594 #endif /* MBEDTLS_PK_WRITE_C */
Proxmark3 - the RFID research Swiss army knife. Iceman firmware