--- /dev/null
+/*\r
+ * Public Key layer for writing key files and structures\r
+ *\r
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved\r
+ * SPDX-License-Identifier: Apache-2.0\r
+ *\r
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may\r
+ * not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\r
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ *\r
+ * This file is part of mbed TLS (https://tls.mbed.org)\r
+ */\r
+\r
+#if !defined(MBEDTLS_CONFIG_FILE)\r
+#include "mbedtls/config.h"\r
+#else\r
+#include MBEDTLS_CONFIG_FILE\r
+#endif\r
+\r
+#if defined(MBEDTLS_PK_WRITE_C)\r
+\r
+#include "mbedtls/pk.h"\r
+#include "mbedtls/asn1write.h"\r
+#include "mbedtls/oid.h"\r
+#include "mbedtls/platform_util.h"\r
+\r
+#include <string.h>\r
+\r
+#if defined(MBEDTLS_RSA_C)\r
+#include "mbedtls/rsa.h"\r
+#endif\r
+#if defined(MBEDTLS_ECP_C)\r
+#include "mbedtls/ecp.h"\r
+#endif\r
+#if defined(MBEDTLS_ECDSA_C)\r
+#include "mbedtls/ecdsa.h"\r
+#endif\r
+#if defined(MBEDTLS_PEM_WRITE_C)\r
+#include "mbedtls/pem.h"\r
+#endif\r
+\r
+#if defined(MBEDTLS_USE_PSA_CRYPTO)\r
+#include "psa/crypto.h"\r
+#include "mbedtls/psa_util.h"\r
+#endif\r
+#if defined(MBEDTLS_PLATFORM_C)\r
+#include "mbedtls/platform.h"\r
+#else\r
+#include <stdlib.h>\r
+#define mbedtls_calloc calloc\r
+#define mbedtls_free free\r
+#endif\r
+\r
+/* Parameter validation macros based on platform_util.h */\r
+#define PK_VALIDATE_RET( cond ) \\r
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )\r
+#define PK_VALIDATE( cond ) \\r
+ MBEDTLS_INTERNAL_VALIDATE( cond )\r
+\r
+#if defined(MBEDTLS_RSA_C)\r
+/*\r
+ * RSAPublicKey ::= SEQUENCE {\r
+ * modulus INTEGER, -- n\r
+ * publicExponent INTEGER -- e\r
+ * }\r
+ */\r
+static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start,\r
+ mbedtls_rsa_context *rsa )\r
+{\r
+ int ret;\r
+ size_t len = 0;\r
+ mbedtls_mpi T;\r
+\r
+ mbedtls_mpi_init( &T );\r
+\r
+ /* Export E */\r
+ if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &T ) ) != 0 ||\r
+ ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 )\r
+ goto end_of_export;\r
+ len += ret;\r
+\r
+ /* Export N */\r
+ if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, NULL, NULL, NULL ) ) != 0 ||\r
+ ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 )\r
+ goto end_of_export;\r
+ len += ret;\r
+\r
+end_of_export:\r
+\r
+ mbedtls_mpi_free( &T );\r
+ if( ret < 0 )\r
+ return( ret );\r
+\r
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );\r
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |\r
+ MBEDTLS_ASN1_SEQUENCE ) );\r
+\r
+ return( (int) len );\r
+}\r
+#endif /* MBEDTLS_RSA_C */\r
+\r
+#if defined(MBEDTLS_ECP_C)\r
+/*\r
+ * EC public key is an EC point\r
+ */\r
+static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,\r
+ mbedtls_ecp_keypair *ec )\r
+{\r
+ int ret;\r
+ size_t len = 0;\r
+ unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];\r
+\r
+ if( ( ret = mbedtls_ecp_point_write_binary( &ec->grp, &ec->Q,\r
+ MBEDTLS_ECP_PF_UNCOMPRESSED,\r
+ &len, buf, sizeof( buf ) ) ) != 0 )\r
+ {\r
+ return( ret );\r
+ }\r
+\r
+ if( *p < start || (size_t)( *p - start ) < len )\r
+ return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );\r
+\r
+ *p -= len;\r
+ memcpy( *p, buf, len );\r
+\r
+ return( (int) len );\r
+}\r
+\r
+/*\r
+ * ECParameters ::= CHOICE {\r
+ * namedCurve OBJECT IDENTIFIER\r
+ * }\r
+ */\r
+static int pk_write_ec_param( unsigned char **p, unsigned char *start,\r
+ mbedtls_ecp_keypair *ec )\r
+{\r
+ int ret;\r
+ size_t len = 0;\r
+ const char *oid;\r
+ size_t oid_len;\r
+\r
+ if( ( ret = mbedtls_oid_get_oid_by_ec_grp( ec->grp.id, &oid, &oid_len ) ) != 0 )\r
+ return( ret );\r
+\r
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );\r
+\r
+ return( (int) len );\r
+}\r
+#endif /* MBEDTLS_ECP_C */\r
+\r
+int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,\r
+ const mbedtls_pk_context *key )\r
+{\r
+ int ret;\r
+ size_t len = 0;\r
+\r
+ PK_VALIDATE_RET( p != NULL );\r
+ PK_VALIDATE_RET( *p != NULL );\r
+ PK_VALIDATE_RET( start != NULL );\r
+ PK_VALIDATE_RET( key != NULL );\r
+\r
+#if defined(MBEDTLS_RSA_C)\r
+ if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )\r
+ MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) );\r
+ else\r
+#endif\r
+#if defined(MBEDTLS_ECP_C)\r
+ if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )\r
+ MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_pubkey( p, start, mbedtls_pk_ec( *key ) ) );\r
+ else\r
+#endif\r
+#if defined(MBEDTLS_USE_PSA_CRYPTO)\r
+ if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_OPAQUE )\r
+ {\r
+ size_t buffer_size;\r
+ psa_key_handle_t* key_slot = (psa_key_handle_t*) key->pk_ctx;\r
+\r
+ if ( *p < start )\r
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );\r
+\r
+ buffer_size = (size_t)( *p - start );\r
+ if ( psa_export_public_key( *key_slot, start, buffer_size, &len )\r
+ != PSA_SUCCESS )\r
+ {\r
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );\r
+ }\r
+ else\r
+ {\r
+ *p -= len;\r
+ memmove( *p, start, len );\r
+ }\r
+ }\r
+ else\r
+#endif /* MBEDTLS_USE_PSA_CRYPTO */\r
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );\r
+\r
+ return( (int) len );\r
+}\r
+\r
+int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, size_t size )\r
+{\r
+ int ret;\r
+ unsigned char *c;\r
+ size_t len = 0, par_len = 0, oid_len;\r
+ mbedtls_pk_type_t pk_type;\r
+ const char *oid;\r
+\r
+ PK_VALIDATE_RET( key != NULL );\r
+ if( size == 0 )\r
+ return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );\r
+ PK_VALIDATE_RET( buf != NULL );\r
+\r
+ c = buf + size;\r
+\r
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, key ) );\r
+\r
+ if( c - buf < 1 )\r
+ return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );\r
+\r
+ /*\r
+ * SubjectPublicKeyInfo ::= SEQUENCE {\r
+ * algorithm AlgorithmIdentifier,\r
+ * subjectPublicKey BIT STRING }\r
+ */\r
+ *--c = 0;\r
+ len += 1;\r
+\r
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );\r
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) );\r
+\r
+ pk_type = mbedtls_pk_get_type( key );\r
+#if defined(MBEDTLS_ECP_C)\r
+ if( pk_type == MBEDTLS_PK_ECKEY )\r
+ {\r
+ MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, mbedtls_pk_ec( *key ) ) );\r
+ }\r
+#endif\r
+#if defined(MBEDTLS_USE_PSA_CRYPTO)\r
+ if( pk_type == MBEDTLS_PK_OPAQUE )\r
+ {\r
+ psa_status_t status;\r
+ psa_key_type_t key_type;\r
+ psa_key_handle_t handle;\r
+ psa_ecc_curve_t curve;\r
+\r
+ handle = *((psa_key_handle_t*) key->pk_ctx );\r
+\r
+ status = psa_get_key_information( handle, &key_type,\r
+ NULL /* bitsize not needed */ );\r
+ if( status != PSA_SUCCESS )\r
+ return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );\r
+\r
+ curve = PSA_KEY_TYPE_GET_CURVE( key_type );\r
+ if( curve == 0 )\r
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );\r
+\r
+ ret = mbedtls_psa_get_ecc_oid_from_id( curve, &oid, &oid_len );\r
+ if( ret != 0 )\r
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );\r
+\r
+ /* Write EC algorithm parameters; that's akin\r
+ * to pk_write_ec_param() above. */\r
+ MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_oid( &c, buf,\r
+ oid, oid_len ) );\r
+\r
+ /* The rest of the function works as for legacy EC contexts. */\r
+ pk_type = MBEDTLS_PK_ECKEY;\r
+ }\r
+#endif /* MBEDTLS_USE_PSA_CRYPTO */\r
+\r
+ if( ( ret = mbedtls_oid_get_oid_by_pk_alg( pk_type, &oid,\r
+ &oid_len ) ) != 0 )\r
+ {\r
+ return( ret );\r
+ }\r
+\r
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, buf, oid, oid_len,\r
+ par_len ) );\r
+\r
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );\r
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |\r
+ MBEDTLS_ASN1_SEQUENCE ) );\r
+\r
+ return( (int) len );\r
+}\r
+\r
+int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_t size )\r
+{\r
+ int ret;\r
+ unsigned char *c;\r
+ size_t len = 0;\r
+\r
+ PK_VALIDATE_RET( key != NULL );\r
+ if( size == 0 )\r
+ return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );\r
+ PK_VALIDATE_RET( buf != NULL );\r
+\r
+ c = buf + size;\r
+\r
+#if defined(MBEDTLS_RSA_C)\r
+ if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )\r
+ {\r
+ mbedtls_mpi T; /* Temporary holding the exported parameters */\r
+ mbedtls_rsa_context *rsa = mbedtls_pk_rsa( *key );\r
+\r
+ /*\r
+ * Export the parameters one after another to avoid simultaneous copies.\r
+ */\r
+\r
+ mbedtls_mpi_init( &T );\r
+\r
+ /* Export QP */\r
+ if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, NULL, &T ) ) != 0 ||\r
+ ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )\r
+ goto end_of_export;\r
+ len += ret;\r
+\r
+ /* Export DQ */\r
+ if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, &T, NULL ) ) != 0 ||\r
+ ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )\r
+ goto end_of_export;\r
+ len += ret;\r
+\r
+ /* Export DP */\r
+ if( ( ret = mbedtls_rsa_export_crt( rsa, &T, NULL, NULL ) ) != 0 ||\r
+ ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )\r
+ goto end_of_export;\r
+ len += ret;\r
+\r
+ /* Export Q */\r
+ if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,\r
+ &T, NULL, NULL ) ) != 0 ||\r
+ ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )\r
+ goto end_of_export;\r
+ len += ret;\r
+\r
+ /* Export P */\r
+ if ( ( ret = mbedtls_rsa_export( rsa, NULL, &T,\r
+ NULL, NULL, NULL ) ) != 0 ||\r
+ ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )\r
+ goto end_of_export;\r
+ len += ret;\r
+\r
+ /* Export D */\r
+ if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,\r
+ NULL, &T, NULL ) ) != 0 ||\r
+ ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )\r
+ goto end_of_export;\r
+ len += ret;\r
+\r
+ /* Export E */\r
+ if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,\r
+ NULL, NULL, &T ) ) != 0 ||\r
+ ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )\r
+ goto end_of_export;\r
+ len += ret;\r
+\r
+ /* Export N */\r
+ if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL,\r
+ NULL, NULL, NULL ) ) != 0 ||\r
+ ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )\r
+ goto end_of_export;\r
+ len += ret;\r
+\r
+ end_of_export:\r
+\r
+ mbedtls_mpi_free( &T );\r
+ if( ret < 0 )\r
+ return( ret );\r
+\r
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) );\r
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );\r
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c,\r
+ buf, MBEDTLS_ASN1_CONSTRUCTED |\r
+ MBEDTLS_ASN1_SEQUENCE ) );\r
+ }\r
+ else\r
+#endif /* MBEDTLS_RSA_C */\r
+#if defined(MBEDTLS_ECP_C)\r
+ if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )\r
+ {\r
+ mbedtls_ecp_keypair *ec = mbedtls_pk_ec( *key );\r
+ size_t pub_len = 0, par_len = 0;\r
+\r
+ /*\r
+ * RFC 5915, or SEC1 Appendix C.4\r
+ *\r
+ * ECPrivateKey ::= SEQUENCE {\r
+ * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),\r
+ * privateKey OCTET STRING,\r
+ * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,\r
+ * publicKey [1] BIT STRING OPTIONAL\r
+ * }\r
+ */\r
+\r
+ /* publicKey */\r
+ MBEDTLS_ASN1_CHK_ADD( pub_len, pk_write_ec_pubkey( &c, buf, ec ) );\r
+\r
+ if( c - buf < 1 )\r
+ return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );\r
+ *--c = 0;\r
+ pub_len += 1;\r
+\r
+ MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) );\r
+ MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) );\r
+\r
+ MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) );\r
+ MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf,\r
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) );\r
+ len += pub_len;\r
+\r
+ /* parameters */\r
+ MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, ec ) );\r
+\r
+ MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_len( &c, buf, par_len ) );\r
+ MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_tag( &c, buf,\r
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) );\r
+ len += par_len;\r
+\r
+ /* privateKey: write as MPI then fix tag */\r
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &ec->d ) );\r
+ *c = MBEDTLS_ASN1_OCTET_STRING;\r
+\r
+ /* version */\r
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 1 ) );\r
+\r
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );\r
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |\r
+ MBEDTLS_ASN1_SEQUENCE ) );\r
+ }\r
+ else\r
+#endif /* MBEDTLS_ECP_C */\r
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );\r
+\r
+ return( (int) len );\r
+}\r
+\r
+#if defined(MBEDTLS_PEM_WRITE_C)\r
+\r
+#define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----\n"\r
+#define PEM_END_PUBLIC_KEY "-----END PUBLIC KEY-----\n"\r
+\r
+#define PEM_BEGIN_PRIVATE_KEY_RSA "-----BEGIN RSA PRIVATE KEY-----\n"\r
+#define PEM_END_PRIVATE_KEY_RSA "-----END RSA PRIVATE KEY-----\n"\r
+#define PEM_BEGIN_PRIVATE_KEY_EC "-----BEGIN EC PRIVATE KEY-----\n"\r
+#define PEM_END_PRIVATE_KEY_EC "-----END EC PRIVATE KEY-----\n"\r
+\r
+/*\r
+ * Max sizes of key per types. Shown as tag + len (+ content).\r
+ */\r
+\r
+#if defined(MBEDTLS_RSA_C)\r
+/*\r
+ * RSA public keys:\r
+ * SubjectPublicKeyInfo ::= SEQUENCE { 1 + 3\r
+ * algorithm AlgorithmIdentifier, 1 + 1 (sequence)\r
+ * + 1 + 1 + 9 (rsa oid)\r
+ * + 1 + 1 (params null)\r
+ * subjectPublicKey BIT STRING } 1 + 3 + (1 + below)\r
+ * RSAPublicKey ::= SEQUENCE { 1 + 3\r
+ * modulus INTEGER, -- n 1 + 3 + MPI_MAX + 1\r
+ * publicExponent INTEGER -- e 1 + 3 + MPI_MAX + 1\r
+ * }\r
+ */\r
+#define RSA_PUB_DER_MAX_BYTES 38 + 2 * MBEDTLS_MPI_MAX_SIZE\r
+\r
+/*\r
+ * RSA private keys:\r
+ * RSAPrivateKey ::= SEQUENCE { 1 + 3\r
+ * version Version, 1 + 1 + 1\r
+ * modulus INTEGER, 1 + 3 + MPI_MAX + 1\r
+ * publicExponent INTEGER, 1 + 3 + MPI_MAX + 1\r
+ * privateExponent INTEGER, 1 + 3 + MPI_MAX + 1\r
+ * prime1 INTEGER, 1 + 3 + MPI_MAX / 2 + 1\r
+ * prime2 INTEGER, 1 + 3 + MPI_MAX / 2 + 1\r
+ * exponent1 INTEGER, 1 + 3 + MPI_MAX / 2 + 1\r
+ * exponent2 INTEGER, 1 + 3 + MPI_MAX / 2 + 1\r
+ * coefficient INTEGER, 1 + 3 + MPI_MAX / 2 + 1\r
+ * otherPrimeInfos OtherPrimeInfos OPTIONAL 0 (not supported)\r
+ * }\r
+ */\r
+#define MPI_MAX_SIZE_2 MBEDTLS_MPI_MAX_SIZE / 2 + \\r
+ MBEDTLS_MPI_MAX_SIZE % 2\r
+#define RSA_PRV_DER_MAX_BYTES 47 + 3 * MBEDTLS_MPI_MAX_SIZE \\r
+ + 5 * MPI_MAX_SIZE_2\r
+\r
+#else /* MBEDTLS_RSA_C */\r
+\r
+#define RSA_PUB_DER_MAX_BYTES 0\r
+#define RSA_PRV_DER_MAX_BYTES 0\r
+\r
+#endif /* MBEDTLS_RSA_C */\r
+\r
+#if defined(MBEDTLS_ECP_C)\r
+/*\r
+ * EC public keys:\r
+ * SubjectPublicKeyInfo ::= SEQUENCE { 1 + 2\r
+ * algorithm AlgorithmIdentifier, 1 + 1 (sequence)\r
+ * + 1 + 1 + 7 (ec oid)\r
+ * + 1 + 1 + 9 (namedCurve oid)\r
+ * subjectPublicKey BIT STRING 1 + 2 + 1 [1]\r
+ * + 1 (point format) [1]\r
+ * + 2 * ECP_MAX (coords) [1]\r
+ * }\r
+ */\r
+#define ECP_PUB_DER_MAX_BYTES 30 + 2 * MBEDTLS_ECP_MAX_BYTES\r
+\r
+/*\r
+ * EC private keys:\r
+ * ECPrivateKey ::= SEQUENCE { 1 + 2\r
+ * version INTEGER , 1 + 1 + 1\r
+ * privateKey OCTET STRING, 1 + 1 + ECP_MAX\r
+ * parameters [0] ECParameters OPTIONAL, 1 + 1 + (1 + 1 + 9)\r
+ * publicKey [1] BIT STRING OPTIONAL 1 + 2 + [1] above\r
+ * }\r
+ */\r
+#define ECP_PRV_DER_MAX_BYTES 29 + 3 * MBEDTLS_ECP_MAX_BYTES\r
+\r
+#else /* MBEDTLS_ECP_C */\r
+\r
+#define ECP_PUB_DER_MAX_BYTES 0\r
+#define ECP_PRV_DER_MAX_BYTES 0\r
+\r
+#endif /* MBEDTLS_ECP_C */\r
+\r
+#define PUB_DER_MAX_BYTES RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \\r
+ RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES\r
+#define PRV_DER_MAX_BYTES RSA_PRV_DER_MAX_BYTES > ECP_PRV_DER_MAX_BYTES ? \\r
+ RSA_PRV_DER_MAX_BYTES : ECP_PRV_DER_MAX_BYTES\r
+\r
+int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size )\r
+{\r
+ int ret;\r
+ unsigned char output_buf[PUB_DER_MAX_BYTES];\r
+ size_t olen = 0;\r
+\r
+ PK_VALIDATE_RET( key != NULL );\r
+ PK_VALIDATE_RET( buf != NULL || size == 0 );\r
+\r
+ if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf,\r
+ sizeof(output_buf) ) ) < 0 )\r
+ {\r
+ return( ret );\r
+ }\r
+\r
+ if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY,\r
+ output_buf + sizeof(output_buf) - ret,\r
+ ret, buf, size, &olen ) ) != 0 )\r
+ {\r
+ return( ret );\r
+ }\r
+\r
+ return( 0 );\r
+}\r
+\r
+int mbedtls_pk_write_key_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size )\r
+{\r
+ int ret;\r
+ unsigned char output_buf[PRV_DER_MAX_BYTES];\r
+ const char *begin, *end;\r
+ size_t olen = 0;\r
+\r
+ PK_VALIDATE_RET( key != NULL );\r
+ PK_VALIDATE_RET( buf != NULL || size == 0 );\r
+\r
+ if( ( ret = mbedtls_pk_write_key_der( key, output_buf, sizeof(output_buf) ) ) < 0 )\r
+ return( ret );\r
+\r
+#if defined(MBEDTLS_RSA_C)\r
+ if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )\r
+ {\r
+ begin = PEM_BEGIN_PRIVATE_KEY_RSA;\r
+ end = PEM_END_PRIVATE_KEY_RSA;\r
+ }\r
+ else\r
+#endif\r
+#if defined(MBEDTLS_ECP_C)\r
+ if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )\r
+ {\r
+ begin = PEM_BEGIN_PRIVATE_KEY_EC;\r
+ end = PEM_END_PRIVATE_KEY_EC;\r
+ }\r
+ else\r
+#endif\r
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );\r
+\r
+ if( ( ret = mbedtls_pem_write_buffer( begin, end,\r
+ output_buf + sizeof(output_buf) - ret,\r
+ ret, buf, size, &olen ) ) != 0 )\r
+ {\r
+ return( ret );\r
+ }\r
+\r
+ return( 0 );\r
+}\r
+#endif /* MBEDTLS_PEM_WRITE_C */\r
+\r
+#endif /* MBEDTLS_PK_WRITE_C */\r
projects / freertos / blobdiff