pem_key_import.c
Go to the documentation of this file.
1 /**
2  * @file pem_key_import.c
3  * @brief PEM key file import functions
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2025 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.5.2
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
33 
34 //Dependencies
35 #include "core/crypto.h"
36 #include "pkix/pem_key_import.h"
37 #include "pkix/pem_decrypt.h"
38 #include "pkix/pkcs5_decrypt.h"
39 #include "pkix/pkcs8_key_parse.h"
40 #include "pkix/x509_key_parse.h"
41 #include "encoding/oid.h"
42 #include "debug.h"
43 
44 //Check crypto library configuration
45 #if (PEM_SUPPORT == ENABLED)
46 
47 
48 /**
49  * @brief Decode a PEM file containing an RSA public key
50  * @param[out] publicKey RSA public key resulting from the parsing process
51  * @param[in] input Pointer to the PEM string
52  * @param[in] length Length of the PEM string
53  * @return Error code
54  **/
55 
56 error_t pemImportRsaPublicKey(RsaPublicKey *publicKey, const char_t *input,
57  size_t length)
58 {
59 #if (RSA_SUPPORT == ENABLED)
60  error_t error;
61  size_t n;
62  uint8_t *buffer;
63  X509SubjectPublicKeyInfo publicKeyInfo;
64 
65  //Check parameters
66  if(publicKey == NULL || input == NULL)
67  return ERROR_INVALID_PARAMETER;
68 
69  //Clear the SubjectPublicKeyInfo structure
70  osMemset(&publicKeyInfo, 0, sizeof(X509SubjectPublicKeyInfo));
71 
72  //The type of data encoded is labeled depending on the type label in
73  //the "-----BEGIN " line (refer to RFC 7468, section 2)
74  if(pemDecodeFile(input, length, "RSA PUBLIC KEY", NULL, &n, NULL,
75  NULL) == NO_ERROR)
76  {
77  //Allocate a memory buffer to hold the ASN.1 data
78  buffer = cryptoAllocMem(n);
79 
80  //Successful memory allocation?
81  if(buffer != NULL)
82  {
83  //Decode the content of the PEM container
84  error = pemDecodeFile(input, length, "RSA PUBLIC KEY", buffer, &n,
85  NULL, NULL);
86 
87  //Check status code
88  if(!error)
89  {
90  //Read RSAPublicKey structure
91  error = x509ParseRsaPublicKey(buffer, n, &publicKeyInfo.rsaPublicKey);
92  }
93 
94  //Check status code
95  if(!error)
96  {
97  //Set public key algorithm identifier
98  publicKeyInfo.oid.value = RSA_ENCRYPTION_OID;
99  publicKeyInfo.oid.length = sizeof(RSA_ENCRYPTION_OID);
100 
101  //Import the RSA public key
102  error = x509ImportRsaPublicKey(publicKey, &publicKeyInfo);
103  }
104 
105  //Release previously allocated memory
106  cryptoFreeMem(buffer);
107  }
108  else
109  {
110  //Failed to allocate memory
111  error = ERROR_OUT_OF_MEMORY;
112  }
113  }
114  else if(pemDecodeFile(input, length, "PUBLIC KEY", NULL, &n, NULL,
115  NULL) == NO_ERROR)
116  {
117  //Allocate a memory buffer to hold the ASN.1 data
118  buffer = cryptoAllocMem(n);
119 
120  //Successful memory allocation?
121  if(buffer != NULL)
122  {
123  //Decode the content of the PEM container
124  error = pemDecodeFile(input, length, "PUBLIC KEY", buffer, &n,
125  NULL, NULL);
126 
127  //Check status code
128  if(!error)
129  {
130  //The ASN.1 encoded data of the public key is the SubjectPublicKeyInfo
131  //structure (refer to RFC 7468, section 13)
132  error = x509ParseSubjectPublicKeyInfo(buffer, n, &n, &publicKeyInfo);
133  }
134 
135  //Check status code
136  if(!error)
137  {
138  //Import the RSA public key
139  error = x509ImportRsaPublicKey(publicKey, &publicKeyInfo);
140  }
141 
142  //Release previously allocated memory
143  cryptoFreeMem(buffer);
144  }
145  else
146  {
147  //Failed to allocate memory
148  error = ERROR_OUT_OF_MEMORY;
149  }
150  }
151  else
152  {
153  //The PEM file does not contain a valid public key
154  error = ERROR_END_OF_FILE;
155  }
156 
157  //Any error to report?
158  if(error)
159  {
160  //Clean up side effects
161  rsaFreePublicKey(publicKey);
162  }
163 
164  //Return status code
165  return error;
166 #else
167  //Not implemented
168  return ERROR_NOT_IMPLEMENTED;
169 #endif
170 }
171 
172 
173 /**
174  * @brief Decode a PEM file containing an RSA private key
175  * @param[out] privateKey RSA private key resulting from the parsing process
176  * @param[in] input Pointer to the PEM string
177  * @param[in] length Length of the PEM string
178  * @param[in] password NULL-terminated string containing the password. This
179  * parameter is required if the private key is encrypted
180  * @return Error code
181  **/
182 
183 error_t pemImportRsaPrivateKey(RsaPrivateKey *privateKey, const char_t *input,
184  size_t length, const char_t *password)
185 {
186 #if (RSA_SUPPORT == ENABLED)
187  error_t error;
188  size_t n;
189  uint8_t *buffer;
190  PemHeader header;
191  Pkcs8PrivateKeyInfo privateKeyInfo;
192 
193  //Check parameters
194  if(privateKey == NULL || input == NULL)
195  return ERROR_INVALID_PARAMETER;
196 
197  //Clear the PrivateKeyInfo structure
198  osMemset(&privateKeyInfo, 0, sizeof(Pkcs8PrivateKeyInfo));
199 
200  //The type of data encoded is labeled depending on the type label in
201  //the "-----BEGIN " line (refer to RFC 7468, section 2)
202  if(pemDecodeFile(input, length, "RSA PRIVATE KEY", NULL, &n, NULL,
203  NULL) == NO_ERROR)
204  {
205  //Allocate a memory buffer to hold the ASN.1 data
206  buffer = cryptoAllocMem(n);
207 
208  //Successful memory allocation?
209  if(buffer != NULL)
210  {
211  //Decode the content of the PEM container
212  error = pemDecodeFile(input, length, "RSA PRIVATE KEY", buffer, &n,
213  &header, NULL);
214 
215  //Check status code
216  if(!error)
217  {
218  //Check whether the PEM file is encrypted
219  if(pemCompareString(&header.procType.type, "ENCRYPTED"))
220  {
221  //Perform decryption
222  error = pemDecryptMessage(&header, password, buffer, n,
223  buffer, &n);
224  }
225  }
226 
227  //Check status code
228  if(!error)
229  {
230  //Read RSAPrivateKey structure
231  error = pkcs8ParseRsaPrivateKey(buffer, n,
232  &privateKeyInfo.rsaPrivateKey);
233  }
234 
235  //Check status code
236  if(!error)
237  {
238  //Set private key algorithm identifier
239  privateKeyInfo.oid.value = RSA_ENCRYPTION_OID;
240  privateKeyInfo.oid.length = sizeof(RSA_ENCRYPTION_OID);
241 
242  //Import the RSA private key
243  error = pkcs8ImportRsaPrivateKey(privateKey, &privateKeyInfo);
244  }
245 
246  //Release previously allocated memory
247  cryptoFreeMem(buffer);
248  }
249  else
250  {
251  //Failed to allocate memory
252  error = ERROR_OUT_OF_MEMORY;
253  }
254  }
255  else if(pemDecodeFile(input, length, "PRIVATE KEY", NULL, &n, NULL,
256  NULL) == NO_ERROR)
257  {
258  //Allocate a memory buffer to hold the ASN.1 data
259  buffer = cryptoAllocMem(n);
260 
261  //Successful memory allocation?
262  if(buffer != NULL)
263  {
264  //Decode the content of the PEM container
265  error = pemDecodeFile(input, length, "PRIVATE KEY", buffer, &n,
266  NULL, NULL);
267 
268  //Check status code
269  if(!error)
270  {
271  //Read the PrivateKeyInfo structure (refer to RFC 5208, section 5)
272  error = pkcs8ParsePrivateKeyInfo(buffer, n, &privateKeyInfo);
273  }
274 
275  //Check status code
276  if(!error)
277  {
278  //Import the RSA private key
279  error = pkcs8ImportRsaPrivateKey(privateKey, &privateKeyInfo);
280  }
281 
282  //Release previously allocated memory
283  cryptoFreeMem(buffer);
284  }
285  else
286  {
287  //Failed to allocate memory
288  error = ERROR_OUT_OF_MEMORY;
289  }
290  }
291  else if(pemDecodeFile(input, length, "ENCRYPTED PRIVATE KEY", NULL, &n, NULL,
292  NULL) == NO_ERROR)
293  {
294 #if (PEM_ENCRYPTED_KEY_SUPPORT == ENABLED)
295  //Allocate a memory buffer to hold the ASN.1 data
296  buffer = cryptoAllocMem(n);
297 
298  //Successful memory allocation?
299  if(buffer != NULL)
300  {
301  uint8_t *data;
302  Pkcs8EncryptedPrivateKeyInfo encryptedPrivateKeyInfo;
303 
304  //Decode the content of the PEM container
305  error = pemDecodeFile(input, length, "ENCRYPTED PRIVATE KEY", buffer,
306  &n, NULL, NULL);
307 
308  //Check status code
309  if(!error)
310  {
311  //Read the EncryptedPrivateKeyInfo structure (refer to RFC 5208,
312  //section 6)
313  error = pkcs8ParseEncryptedPrivateKeyInfo(buffer, n,
314  &encryptedPrivateKeyInfo);
315  }
316 
317  //Check status code
318  if(!error)
319  {
320  //Point to the encrypted data
321  data = (uint8_t *) encryptedPrivateKeyInfo.encryptedData.value;
322  n = encryptedPrivateKeyInfo.encryptedData.length;
323 
324  //Decrypt the private key information
325  error = pkcs5Decrypt(&encryptedPrivateKeyInfo.encryptionAlgo,
326  password, data, n, data, &n);
327  }
328 
329  //Check status code
330  if(!error)
331  {
332  //Read the PrivateKeyInfo structure (refer to RFC 5208, section 5)
333  error = pkcs8ParsePrivateKeyInfo(data, n, &privateKeyInfo);
334  }
335 
336  //Check status code
337  if(!error)
338  {
339  //Import the RSA private key
340  error = pkcs8ImportRsaPrivateKey(privateKey, &privateKeyInfo);
341  }
342 
343  //Release previously allocated memory
344  cryptoFreeMem(buffer);
345  }
346  else
347  {
348  //Failed to allocate memory
349  error = ERROR_OUT_OF_MEMORY;
350  }
351 #else
352  //The PEM file contains an encrypted private key
353  error = ERROR_DECRYPTION_FAILED;
354 #endif
355  }
356  else
357  {
358  //The PEM file does not contain a valid private key
359  error = ERROR_END_OF_FILE;
360  }
361 
362  //Any error to report?
363  if(error)
364  {
365  //Clean up side effects
366  rsaFreePrivateKey(privateKey);
367  }
368 
369  //Return status code
370  return error;
371 #else
372  //Not implemented
373  return ERROR_NOT_IMPLEMENTED;
374 #endif
375 }
376 
377 
378 /**
379  * @brief Decode a PEM file containing a DSA public key
380  * @param[out] publicKey DSA public key resulting from the parsing process
381  * @param[in] input Pointer to the PEM string
382  * @param[in] length Length of the PEM string
383  * @return Error code
384  **/
385 
386 error_t pemImportDsaPublicKey(DsaPublicKey *publicKey, const char_t *input,
387  size_t length)
388 {
389 #if (DSA_SUPPORT == ENABLED)
390  error_t error;
391  size_t n;
392  uint8_t *buffer;
393  X509SubjectPublicKeyInfo publicKeyInfo;
394 
395  //Check parameters
396  if(publicKey == NULL || input == NULL)
397  return ERROR_INVALID_PARAMETER;
398 
399  //Public keys are encoded using the "PUBLIC KEY" label
400  error = pemDecodeFile(input, length, "PUBLIC KEY", NULL, &n, NULL, NULL);
401 
402  //Check status code
403  if(!error)
404  {
405  //Allocate a memory buffer to hold the ASN.1 data
406  buffer = cryptoAllocMem(n);
407 
408  //Successful memory allocation?
409  if(buffer != NULL)
410  {
411  //Decode the content of the PEM container
412  error = pemDecodeFile(input, length, "PUBLIC KEY", buffer, &n, NULL,
413  NULL);
414 
415  //Check status code
416  if(!error)
417  {
418  //The ASN.1 encoded data of the public key is the SubjectPublicKeyInfo
419  //structure (refer to RFC 7468, section 13)
420  error = x509ParseSubjectPublicKeyInfo(buffer, n, &n, &publicKeyInfo);
421  }
422 
423  //Check status code
424  if(!error)
425  {
426  //Import the DSA public key
427  error = x509ImportDsaPublicKey(publicKey, &publicKeyInfo);
428  }
429 
430  //Release previously allocated memory
431  cryptoFreeMem(buffer);
432  }
433  else
434  {
435  //Failed to allocate memory
436  error = ERROR_OUT_OF_MEMORY;
437  }
438  }
439 
440  //Any error to report?
441  if(error)
442  {
443  //Clean up side effects
444  dsaFreePublicKey(publicKey);
445  }
446 
447  //Return status code
448  return error;
449 #else
450  //Not implemented
451  return ERROR_NOT_IMPLEMENTED;
452 #endif
453 }
454 
455 
456 /**
457  * @brief Decode a PEM file containing a DSA private key
458  * @param[out] privateKey DSA private key resulting from the parsing process
459  * @param[in] input Pointer to the PEM string
460  * @param[in] length Length of the PEM string
461  * @param[in] password NULL-terminated string containing the password. This
462  * parameter is required if the private key is encrypted
463  * @return Error code
464  **/
465 
466 error_t pemImportDsaPrivateKey(DsaPrivateKey *privateKey, const char_t *input,
467  size_t length, const char_t *password)
468 {
469 #if (DSA_SUPPORT == ENABLED)
470  error_t error;
471  size_t n;
472  uint8_t *buffer;
473  PemHeader header;
474  Pkcs8PrivateKeyInfo privateKeyInfo;
475 
476  //Check parameters
477  if(privateKey == NULL || input == NULL)
478  return ERROR_INVALID_PARAMETER;
479 
480  //Clear the PrivateKeyInfo structure
481  osMemset(&privateKeyInfo, 0, sizeof(Pkcs8PrivateKeyInfo));
482 
483  //The type of data encoded is labeled depending on the type label in
484  //the "-----BEGIN " line (refer to RFC 7468, section 2)
485  if(pemDecodeFile(input, length, "DSA PRIVATE KEY", NULL, &n, NULL,
486  NULL) == NO_ERROR)
487  {
488  //Allocate a memory buffer to hold the ASN.1 data
489  buffer = cryptoAllocMem(n);
490 
491  //Successful memory allocation?
492  if(buffer != NULL)
493  {
494  //Decode the content of the PEM container
495  error = pemDecodeFile(input, length, "DSA PRIVATE KEY", buffer, &n,
496  &header, NULL);
497 
498  //Check status code
499  if(!error)
500  {
501  //Check whether the PEM file is encrypted
502  if(pemCompareString(&header.procType.type, "ENCRYPTED"))
503  {
504  //Perform decryption
505  error = pemDecryptMessage(&header, password, buffer, n,
506  buffer, &n);
507  }
508  }
509 
510  //Check status code
511  if(!error)
512  {
513  //Read DSAPrivateKey structure
514  error = pkcs8ParseDsaPrivateKey(buffer, n, &privateKeyInfo.dsaParams,
515  &privateKeyInfo.dsaPrivateKey, &privateKeyInfo.dsaPublicKey);
516  }
517 
518  //Check status code
519  if(!error)
520  {
521  //Set private key algorithm identifier
522  privateKeyInfo.oid.value = DSA_OID;
523  privateKeyInfo.oid.length = sizeof(DSA_OID);
524 
525  //Import the DSA private key
526  error = pkcs8ImportDsaPrivateKey(privateKey, &privateKeyInfo);
527  }
528 
529  //Release previously allocated memory
530  cryptoFreeMem(buffer);
531  }
532  else
533  {
534  //Failed to allocate memory
535  error = ERROR_OUT_OF_MEMORY;
536  }
537  }
538  else if(pemDecodeFile(input, length, "PRIVATE KEY", NULL, &n, NULL,
539  NULL) == NO_ERROR)
540  {
541  //Allocate a memory buffer to hold the ASN.1 data
542  buffer = cryptoAllocMem(n);
543 
544  //Successful memory allocation?
545  if(buffer != NULL)
546  {
547  //Decode the content of the PEM container
548  error = pemDecodeFile(input, length, "PRIVATE KEY", buffer, &n,
549  NULL, NULL);
550 
551  //Check status code
552  if(!error)
553  {
554  //Read the PrivateKeyInfo structure (refer to RFC 5208, section 5)
555  error = pkcs8ParsePrivateKeyInfo(buffer, n, &privateKeyInfo);
556  }
557 
558  //Check status code
559  if(!error)
560  {
561  //Import the DSA private key
562  error = pkcs8ImportDsaPrivateKey(privateKey, &privateKeyInfo);
563  }
564 
565  //Release previously allocated memory
566  cryptoFreeMem(buffer);
567  }
568  else
569  {
570  //Failed to allocate memory
571  error = ERROR_OUT_OF_MEMORY;
572  }
573  }
574  else if(pemDecodeFile(input, length, "ENCRYPTED PRIVATE KEY", NULL, &n, NULL,
575  NULL) == NO_ERROR)
576  {
577 #if (PEM_ENCRYPTED_KEY_SUPPORT == ENABLED)
578  //Allocate a memory buffer to hold the ASN.1 data
579  buffer = cryptoAllocMem(n);
580 
581  //Successful memory allocation?
582  if(buffer != NULL)
583  {
584  uint8_t *data;
585  Pkcs8EncryptedPrivateKeyInfo encryptedPrivateKeyInfo;
586 
587  //Decode the content of the PEM container
588  error = pemDecodeFile(input, length, "ENCRYPTED PRIVATE KEY", buffer,
589  &n, NULL, NULL);
590 
591  //Check status code
592  if(!error)
593  {
594  //Read the EncryptedPrivateKeyInfo structure (refer to RFC 5208,
595  //section 6)
596  error = pkcs8ParseEncryptedPrivateKeyInfo(buffer, n,
597  &encryptedPrivateKeyInfo);
598  }
599 
600  //Check status code
601  if(!error)
602  {
603  //Point to the encrypted data
604  data = (uint8_t *) encryptedPrivateKeyInfo.encryptedData.value;
605  n = encryptedPrivateKeyInfo.encryptedData.length;
606 
607  //Decrypt the private key information
608  error = pkcs5Decrypt(&encryptedPrivateKeyInfo.encryptionAlgo,
609  password, data, n, data, &n);
610  }
611 
612  //Check status code
613  if(!error)
614  {
615  //Read the PrivateKeyInfo structure (refer to RFC 5208, section 5)
616  error = pkcs8ParsePrivateKeyInfo(data, n, &privateKeyInfo);
617  }
618 
619  //Check status code
620  if(!error)
621  {
622  //Import the DSA private key
623  error = pkcs8ImportDsaPrivateKey(privateKey, &privateKeyInfo);
624  }
625 
626  //Release previously allocated memory
627  cryptoFreeMem(buffer);
628  }
629  else
630  {
631  //Failed to allocate memory
632  error = ERROR_OUT_OF_MEMORY;
633  }
634 #else
635  //The PEM file contains an encrypted private key
636  error = ERROR_DECRYPTION_FAILED;
637 #endif
638  }
639  else
640  {
641  //The PEM file does not contain a valid private key
642  error = ERROR_END_OF_FILE;
643  }
644 
645  //Any error to report?
646  if(error)
647  {
648  //Clean up side effects
649  dsaFreePrivateKey(privateKey);
650  }
651 
652  //Return status code
653  return error;
654 #else
655  //Not implemented
656  return ERROR_NOT_IMPLEMENTED;
657 #endif
658 }
659 
660 
661 /**
662  * @brief Decode a PEM file containing an EC public key
663  * @param[out] publicKey EC public key resulting from the parsing process
664  * @param[in] input Pointer to the PEM string
665  * @param[in] length Length of the PEM string
666  * @return Error code
667  **/
668 
669 error_t pemImportEcPublicKey(EcPublicKey *publicKey, const char_t *input,
670  size_t length)
671 {
672 #if (EC_SUPPORT == ENABLED)
673  error_t error;
674  size_t n;
675  uint8_t *buffer;
676  X509SubjectPublicKeyInfo publicKeyInfo;
677 
678  //Check parameters
679  if(publicKey == NULL || input == NULL)
680  return ERROR_INVALID_PARAMETER;
681 
682  //Public keys are encoded using the "PUBLIC KEY" label
683  error = pemDecodeFile(input, length, "PUBLIC KEY", NULL, &n, NULL, NULL);
684 
685  //Check status code
686  if(!error)
687  {
688  //Allocate a memory buffer to hold the ASN.1 data
689  buffer = cryptoAllocMem(n);
690 
691  //Successful memory allocation?
692  if(buffer != NULL)
693  {
694  //Decode the content of the PEM container
695  error = pemDecodeFile(input, length, "PUBLIC KEY", buffer, &n, NULL,
696  NULL);
697 
698  //Check status code
699  if(!error)
700  {
701  //The ASN.1 encoded data of the public key is the SubjectPublicKeyInfo
702  //structure (refer to RFC 7468, section 13)
703  error = x509ParseSubjectPublicKeyInfo(buffer, n, &n, &publicKeyInfo);
704  }
705 
706  //Check status code
707  if(!error)
708  {
709  //Import the EC public key
710  error = x509ImportEcPublicKey(publicKey, &publicKeyInfo);
711  }
712 
713  //Release previously allocated memory
714  cryptoFreeMem(buffer);
715  }
716  else
717  {
718  //Failed to allocate memory
719  error = ERROR_OUT_OF_MEMORY;
720  }
721  }
722 
723  //Any error to report?
724  if(error)
725  {
726  //Clean up side effects
727  ecFreePublicKey(publicKey);
728  }
729 
730  //Return status code
731  return error;
732 #else
733  //Not implemented
734  return ERROR_NOT_IMPLEMENTED;
735 #endif
736 }
737 
738 
739 /**
740  * @brief Decode a PEM file containing an EC private key
741  * @param[out] privateKey EC private key resulting from the parsing process
742  * @param[in] input Pointer to the PEM string
743  * @param[in] length Length of the PEM string
744  * @param[in] password NULL-terminated string containing the password. This
745  * parameter is required if the private key is encrypted
746  * @return Error code
747  **/
748 
749 error_t pemImportEcPrivateKey(EcPrivateKey *privateKey, const char_t *input,
750  size_t length, const char_t *password)
751 {
752 #if (EC_SUPPORT == ENABLED)
753  error_t error;
754  size_t n;
755  uint8_t *buffer;
756  PemHeader header;
757  Pkcs8PrivateKeyInfo privateKeyInfo;
758 
759  //Check parameters
760  if(privateKey == NULL || input == NULL)
761  return ERROR_INVALID_PARAMETER;
762 
763  //Clear the PrivateKeyInfo structure
764  osMemset(&privateKeyInfo, 0, sizeof(Pkcs8PrivateKeyInfo));
765 
766  //The type of data encoded is labeled depending on the type label in
767  //the "-----BEGIN " line (refer to RFC 7468, section 2)
768  if(pemDecodeFile(input, length, "EC PRIVATE KEY", NULL, &n, NULL,
769  NULL) == NO_ERROR)
770  {
771  //Allocate a memory buffer to hold the ASN.1 data
772  buffer = cryptoAllocMem(n);
773 
774  //Successful memory allocation?
775  if(buffer != NULL)
776  {
777  //Decode the content of the PEM container
778  error = pemDecodeFile(input, length, "EC PRIVATE KEY", buffer, &n,
779  &header, NULL);
780 
781  //Check status code
782  if(!error)
783  {
784  //Check whether the PEM file is encrypted
785  if(pemCompareString(&header.procType.type, "ENCRYPTED"))
786  {
787  //Perform decryption
788  error = pemDecryptMessage(&header, password, buffer, n,
789  buffer, &n);
790  }
791  }
792 
793  //Check status code
794  if(!error)
795  {
796  //Read ECPrivateKey structure
797  error = pkcs8ParseEcPrivateKey(buffer, n, &privateKeyInfo.ecParams,
798  &privateKeyInfo.ecPrivateKey, &privateKeyInfo.ecPublicKey);
799  }
800 
801  //Check status code
802  if(!error)
803  {
804  //Set public key algorithm identifier
805  privateKeyInfo.oid.value = EC_PUBLIC_KEY_OID;
806  privateKeyInfo.oid.length = sizeof(EC_PUBLIC_KEY_OID);
807 
808  //Import the EC private key
809  error = pkcs8ImportEcPrivateKey(privateKey, &privateKeyInfo);
810  }
811 
812  //Release previously allocated memory
813  cryptoFreeMem(buffer);
814  }
815  else
816  {
817  //Failed to allocate memory
818  error = ERROR_OUT_OF_MEMORY;
819  }
820  }
821  else if(pemDecodeFile(input, length, "PRIVATE KEY", NULL, &n, NULL,
822  NULL) == NO_ERROR)
823  {
824  //Allocate a memory buffer to hold the ASN.1 data
825  buffer = cryptoAllocMem(n);
826 
827  //Successful memory allocation?
828  if(buffer != NULL)
829  {
830  //Decode the content of the PEM container
831  error = pemDecodeFile(input, length, "PRIVATE KEY", buffer, &n,
832  NULL, NULL);
833 
834  //Check status code
835  if(!error)
836  {
837  //Read the PrivateKeyInfo structure (refer to RFC 5208, section 5)
838  error = pkcs8ParsePrivateKeyInfo(buffer, n, &privateKeyInfo);
839  }
840 
841  //Check status code
842  if(!error)
843  {
844  //Import the EC private key
845  error = pkcs8ImportEcPrivateKey(privateKey, &privateKeyInfo);
846  }
847 
848  //Release previously allocated memory
849  cryptoFreeMem(buffer);
850  }
851  else
852  {
853  //Failed to allocate memory
854  error = ERROR_OUT_OF_MEMORY;
855  }
856  }
857  else if(pemDecodeFile(input, length, "ENCRYPTED PRIVATE KEY", NULL, &n, NULL,
858  NULL) == NO_ERROR)
859  {
860 #if (PEM_ENCRYPTED_KEY_SUPPORT == ENABLED)
861  //Allocate a memory buffer to hold the ASN.1 data
862  buffer = cryptoAllocMem(n);
863 
864  //Successful memory allocation?
865  if(buffer != NULL)
866  {
867  uint8_t *data;
868  Pkcs8EncryptedPrivateKeyInfo encryptedPrivateKeyInfo;
869 
870  //Decode the content of the PEM container
871  error = pemDecodeFile(input, length, "ENCRYPTED PRIVATE KEY", buffer, &n,
872  NULL, NULL);
873 
874  //Check status code
875  if(!error)
876  {
877  //Read the EncryptedPrivateKeyInfo structure (refer to RFC 5208,
878  //section 6)
879  error = pkcs8ParseEncryptedPrivateKeyInfo(buffer, n,
880  &encryptedPrivateKeyInfo);
881  }
882 
883  //Check status code
884  if(!error)
885  {
886  //Point to the encrypted data
887  data = (uint8_t *) encryptedPrivateKeyInfo.encryptedData.value;
888  n = encryptedPrivateKeyInfo.encryptedData.length;
889 
890  //Decrypt the private key information
891  error = pkcs5Decrypt(&encryptedPrivateKeyInfo.encryptionAlgo,
892  password, data, n, data, &n);
893  }
894 
895  //Check status code
896  if(!error)
897  {
898  //Read the PrivateKeyInfo structure (refer to RFC 5208, section 5)
899  error = pkcs8ParsePrivateKeyInfo(data, n, &privateKeyInfo);
900  }
901 
902  //Check status code
903  if(!error)
904  {
905  //Import the EC private key
906  error = pkcs8ImportEcPrivateKey(privateKey, &privateKeyInfo);
907  }
908 
909  //Release previously allocated memory
910  cryptoFreeMem(buffer);
911  }
912  else
913  {
914  //Failed to allocate memory
915  error = ERROR_OUT_OF_MEMORY;
916  }
917 #else
918  //The PEM file contains an encrypted private key
919  error = ERROR_DECRYPTION_FAILED;
920 #endif
921  }
922  else
923  {
924  //The PEM file does not contain a valid private key
925  error = ERROR_END_OF_FILE;
926  }
927 
928  //Any error to report?
929  if(error)
930  {
931  //Clean up side effects
932  ecFreePrivateKey(privateKey);
933  }
934 
935  //Return status code
936  return error;
937 #else
938  //Not implemented
939  return ERROR_NOT_IMPLEMENTED;
940 #endif
941 }
942 
943 
944 /**
945  * @brief Decode a PEM file containing a EdDSA public key
946  * @param[out] publicKey EdDSA public key resulting from the parsing process
947  * @param[in] input Pointer to the PEM string
948  * @param[in] length Length of the PEM string
949  * @return Error code
950  **/
951 
952 error_t pemImportEddsaPublicKey(EddsaPublicKey *publicKey, const char_t *input,
953  size_t length)
954 {
955 #if (ED25519_SUPPORT == ENABLED || ED448_SUPPORT == ENABLED)
956  error_t error;
957  size_t n;
958  uint8_t *buffer;
959  X509SubjectPublicKeyInfo publicKeyInfo;
960 
961  //Check parameters
962  if(publicKey == NULL || input == NULL)
963  return ERROR_INVALID_PARAMETER;
964 
965  //Public keys are encoded using the "PUBLIC KEY" label
966  error = pemDecodeFile(input, length, "PUBLIC KEY", NULL, &n, NULL, NULL);
967 
968  //Check status code
969  if(!error)
970  {
971  //Allocate a memory buffer to hold the ASN.1 data
972  buffer = cryptoAllocMem(n);
973 
974  //Successful memory allocation?
975  if(buffer != NULL)
976  {
977  //Decode the content of the PEM container
978  error = pemDecodeFile(input, length, "PUBLIC KEY", buffer, &n, NULL,
979  NULL);
980 
981  //Check status code
982  if(!error)
983  {
984  //The ASN.1 encoded data of the public key is the SubjectPublicKeyInfo
985  //structure (refer to RFC 7468, section 13)
986  error = x509ParseSubjectPublicKeyInfo(buffer, n, &n, &publicKeyInfo);
987  }
988 
989  //Check status code
990  if(!error)
991  {
992  //Import the EdDSA public key
993  error = x509ImportEddsaPublicKey(publicKey, &publicKeyInfo);
994  }
995 
996  //Release previously allocated memory
997  cryptoFreeMem(buffer);
998  }
999  else
1000  {
1001  //Failed to allocate memory
1002  error = ERROR_OUT_OF_MEMORY;
1003  }
1004  }
1005 
1006  //Any error to report?
1007  if(error)
1008  {
1009  //Clean up side effects
1010  eddsaFreePublicKey(publicKey);
1011  }
1012 
1013  //Return status code
1014  return error;
1015 #else
1016  //Not implemented
1017  return ERROR_NOT_IMPLEMENTED;
1018 #endif
1019 }
1020 
1021 
1022 /**
1023  * @brief Decode a PEM file containing a EdDSA private key
1024  * @param[out] privateKey EdDSA private key resulting from the parsing process
1025  * @param[in] input Pointer to the PEM string
1026  * @param[in] length Length of the PEM string
1027  * @param[in] password NULL-terminated string containing the password. This
1028  * parameter is required if the private key is encrypted
1029  * @return Error code
1030  **/
1031 
1032 error_t pemImportEddsaPrivateKey(EddsaPrivateKey *privateKey,
1033  const char_t *input, size_t length, const char_t *password)
1034 {
1035 #if (ED25519_SUPPORT == ENABLED || ED448_SUPPORT == ENABLED)
1036  error_t error;
1037  size_t n;
1038  uint8_t *buffer;
1039  Pkcs8PrivateKeyInfo privateKeyInfo;
1040 
1041  //Check parameters
1042  if(privateKey == NULL || input == NULL)
1043  return ERROR_INVALID_PARAMETER;
1044 
1045  //The type of data encoded is labeled depending on the type label in
1046  //the "-----BEGIN " line (refer to RFC 7468, section 2)
1047  if(pemDecodeFile(input, length, "PRIVATE KEY", NULL, &n, NULL,
1048  NULL) == NO_ERROR)
1049  {
1050  //Allocate a memory buffer to hold the ASN.1 data
1051  buffer = cryptoAllocMem(n);
1052 
1053  //Successful memory allocation?
1054  if(buffer != NULL)
1055  {
1056  //Decode the content of the PEM container
1057  error = pemDecodeFile(input, length, "PRIVATE KEY", buffer, &n,
1058  NULL, NULL);
1059 
1060  //Check status code
1061  if(!error)
1062  {
1063  //Read the PrivateKeyInfo structure (refer to RFC 5208, section 5)
1064  error = pkcs8ParsePrivateKeyInfo(buffer, n, &privateKeyInfo);
1065  }
1066 
1067  //Check status code
1068  if(!error)
1069  {
1070  //Import the EdDSA private key
1071  error = pkcs8ImportEddsaPrivateKey(privateKey, &privateKeyInfo);
1072  }
1073 
1074  //Release previously allocated memory
1075  cryptoFreeMem(buffer);
1076  }
1077  else
1078  {
1079  //Failed to allocate memory
1080  error = ERROR_OUT_OF_MEMORY;
1081  }
1082  }
1083  else if(pemDecodeFile(input, length, "ENCRYPTED PRIVATE KEY", NULL, &n, NULL,
1084  NULL) == NO_ERROR)
1085  {
1086 #if (PEM_ENCRYPTED_KEY_SUPPORT == ENABLED)
1087  //Allocate a memory buffer to hold the ASN.1 data
1088  buffer = cryptoAllocMem(n);
1089 
1090  //Successful memory allocation?
1091  if(buffer != NULL)
1092  {
1093  uint8_t *data;
1094  Pkcs8EncryptedPrivateKeyInfo encryptedPrivateKeyInfo;
1095 
1096  //Decode the content of the PEM container
1097  error = pemDecodeFile(input, length, "ENCRYPTED PRIVATE KEY", buffer, &n,
1098  NULL, NULL);
1099 
1100  //Check status code
1101  if(!error)
1102  {
1103  //Read the EncryptedPrivateKeyInfo structure (refer to RFC 5208,
1104  //section 6)
1105  error = pkcs8ParseEncryptedPrivateKeyInfo(buffer, n,
1106  &encryptedPrivateKeyInfo);
1107  }
1108 
1109  //Check status code
1110  if(!error)
1111  {
1112  //Point to the encrypted data
1113  data = (uint8_t *) encryptedPrivateKeyInfo.encryptedData.value;
1114  n = encryptedPrivateKeyInfo.encryptedData.length;
1115 
1116  //Decrypt the private key information
1117  error = pkcs5Decrypt(&encryptedPrivateKeyInfo.encryptionAlgo,
1118  password, data, n, data, &n);
1119  }
1120 
1121  //Check status code
1122  if(!error)
1123  {
1124  //Read the PrivateKeyInfo structure (refer to RFC 5208, section 5)
1125  error = pkcs8ParsePrivateKeyInfo(data, n, &privateKeyInfo);
1126  }
1127 
1128  //Check status code
1129  if(!error)
1130  {
1131  //Import the EdDSA private key
1132  error = pkcs8ImportEddsaPrivateKey(privateKey, &privateKeyInfo);
1133  }
1134 
1135  //Release previously allocated memory
1136  cryptoFreeMem(buffer);
1137  }
1138  else
1139  {
1140  //Failed to allocate memory
1141  error = ERROR_OUT_OF_MEMORY;
1142  }
1143 #else
1144  //The PEM file contains an encrypted private key
1145  error = ERROR_DECRYPTION_FAILED;
1146 #endif
1147  }
1148  else
1149  {
1150  //The PEM file does not contain a valid private key
1151  error = ERROR_END_OF_FILE;
1152  }
1153 
1154  //Any error to report?
1155  if(error)
1156  {
1157  //Clean up side effects
1158  eddsaFreePrivateKey(privateKey);
1159  }
1160 
1161  //Return status code
1162  return error;
1163 #else
1164  //Not implemented
1165  return ERROR_NOT_IMPLEMENTED;
1166 #endif
1167 }
1168 
1169 
1170 /**
1171  * @brief Extract the public key type from a PEM file
1172  * @param[in] input Pointer to the PEM string
1173  * @param[in] length Length of the PEM string
1174  * @return Public key type
1175  **/
1176 
1177 X509KeyType pemGetPublicKeyType(const char_t *input, size_t length)
1178 {
1179  error_t error;
1180  size_t n;
1181  uint8_t *buffer;
1182  X509KeyType keyType;
1183  X509SubjectPublicKeyInfo publicKeyInfo;
1184 
1185  //Initialize variable
1186  keyType = X509_KEY_TYPE_UNKNOWN;
1187 
1188 #if (RSA_SUPPORT == ENABLED)
1189  //PEM container with "RSA PUBLIC KEY" label?
1190  if(pemDecodeFile(input, length, "RSA PUBLIC KEY", NULL, &n, NULL,
1191  NULL) == NO_ERROR)
1192  {
1193  //The PEM file contains an RSA public key (PKCS #1 format)
1194  keyType = X509_KEY_TYPE_RSA;
1195  }
1196  else
1197 #endif
1198  //PEM container with "PUBLIC KEY" label?
1199  if(pemDecodeFile(input, length, "PUBLIC KEY", NULL, &n, NULL,
1200  NULL) == NO_ERROR)
1201  {
1202  //Allocate a memory buffer to hold the ASN.1 data
1203  buffer = cryptoAllocMem(n);
1204 
1205  //Successful memory allocation?
1206  if(buffer != NULL)
1207  {
1208  //Decode the content of the PEM container
1209  error = pemDecodeFile(input, length, "PUBLIC KEY", buffer, &n,
1210  NULL, NULL);
1211 
1212  //Check status code
1213  if(!error)
1214  {
1215  //The ASN.1 encoded data of the public key is the SubjectPublicKeyInfo
1216  //structure (refer to RFC 7468, section 13)
1217  error = x509ParseSubjectPublicKeyInfo(buffer, n, &n, &publicKeyInfo);
1218  }
1219 
1220  //Check status code
1221  if(!error)
1222  {
1223  //Check public key algorithm identifier
1224  keyType = x509GetPublicKeyType(publicKeyInfo.oid.value,
1225  publicKeyInfo.oid.length);
1226 
1227 #if (EC_SUPPORT == ENABLED)
1228  //EC public key identifier?
1229  if(keyType == X509_KEY_TYPE_EC)
1230  {
1231  //SM2 elliptic curve?
1232  if(OID_COMP(publicKeyInfo.ecParams.namedCurve.value,
1233  publicKeyInfo.ecParams.namedCurve.length, SM2_OID) == 0)
1234  {
1235  //The PEM file contains an SM2 public key
1236  keyType = X509_KEY_TYPE_SM2;
1237  }
1238  }
1239 #endif
1240  }
1241 
1242  //Release previously allocated memory
1243  cryptoFreeMem(buffer);
1244  }
1245  }
1246 
1247  //Return the public key type
1248  return keyType;
1249 }
1250 
1251 
1252 /**
1253  * @brief Extract elliptic curve parameters from a PEM file
1254  * @param[in] input Pointer to the PEM string
1255  * @param[in] length Length of the PEM string
1256  * @return Elliptic curve parameters
1257  **/
1258 
1259 const EcCurve *pemGetPublicKeyCurve(const char_t *input, size_t length)
1260 {
1261 #if (EC_SUPPORT == ENABLED)
1262  error_t error;
1263  size_t n;
1264  uint8_t *buffer;
1265  const EcCurve *curve;
1266 
1267  //Initialize variable
1268  curve = NULL;
1269 
1270  //The type of data encoded is labeled depending on the type label in
1271  //the "-----BEGIN " line (refer to RFC 7468, section 2)
1272  if(pemDecodeFile(input, length, "EC PARAMETERS", NULL, &n, NULL,
1273  NULL) == NO_ERROR)
1274  {
1275  X509EcParameters ecParams;
1276 
1277  //Allocate a memory buffer to hold the ASN.1 data
1278  buffer = cryptoAllocMem(n);
1279 
1280  //Successful memory allocation?
1281  if(buffer != NULL)
1282  {
1283  //Decode the content of the PEM container
1284  error = pemDecodeFile(input, length, "EC PARAMETERS", buffer, &n,
1285  NULL, NULL);
1286 
1287  //Check status code
1288  if(!error)
1289  {
1290  //Parse ECParameters structure
1291  error = x509ParseEcParameters(buffer, n, &ecParams);
1292  }
1293 
1294  //Check status code
1295  if(!error)
1296  {
1297  //Get the elliptic curve that matches the OID
1298  curve = ecGetCurve(ecParams.namedCurve.value,
1299  ecParams.namedCurve.length);
1300  }
1301 
1302  //Release previously allocated memory
1303  cryptoFreeMem(buffer);
1304  }
1305  }
1306  else if(pemDecodeFile(input, length, "PUBLIC KEY", NULL, &n, NULL,
1307  NULL) == NO_ERROR)
1308  {
1309  X509SubjectPublicKeyInfo publicKeyInfo;
1310 
1311  //Allocate a memory buffer to hold the ASN.1 data
1312  buffer = cryptoAllocMem(n);
1313 
1314  //Successful memory allocation?
1315  if(buffer != NULL)
1316  {
1317  //Decode the content of the PEM container
1318  error = pemDecodeFile(input, length, "PUBLIC KEY", buffer, &n,
1319  NULL, NULL);
1320 
1321  //Check status code
1322  if(!error)
1323  {
1324  //The ASN.1 encoded data of the public key is the SubjectPublicKeyInfo
1325  //structure (refer to RFC 7468, section 13)
1326  error = x509ParseSubjectPublicKeyInfo(buffer, n, &n, &publicKeyInfo);
1327  }
1328 
1329  //Check status code
1330  if(!error)
1331  {
1332  //Get the elliptic curve that matches the OID
1333  curve = ecGetCurve(publicKeyInfo.ecParams.namedCurve.value,
1334  publicKeyInfo.ecParams.namedCurve.length);
1335  }
1336 
1337  //Release previously allocated memory
1338  cryptoFreeMem(buffer);
1339  }
1340  }
1341 
1342  //Return the elliptic curve parameters, if any
1343  return curve;
1344 #else
1345  //Not implemented
1346  return NULL;
1347 #endif
1348 }
1349 
1350 #endif
pkcs8ParsePrivateKeyInfo
error_t pkcs8ParsePrivateKeyInfo(const uint8_t *data, size_t length, Pkcs8PrivateKeyInfo *privateKeyInfo)
Parse PrivateKeyInfo structure.
Definition: pkcs8_key_parse.c:55
X509_KEY_TYPE_RSA
@ X509_KEY_TYPE_RSA
Definition: x509_common.h:635
Pkcs8PrivateKeyInfo::rsaPrivateKey
Pkcs8RsaPrivateKey rsaPrivateKey
Definition: pkcs8_key_parse.h:112
x509ImportEcPublicKey
error_t x509ImportEcPublicKey(EcPublicKey *publicKey, const X509SubjectPublicKeyInfo *publicKeyInfo)
Import an EC public key.
Definition: x509_key_parse.c:722
Pkcs8PrivateKeyInfo
Private key information.
Definition: pkcs8_key_parse.h:108
rsaFreePublicKey
void rsaFreePublicKey(RsaPublicKey *key)
Release an RSA public key.
Definition: rsa.c:113
ERROR_NOT_IMPLEMENTED
@ ERROR_NOT_IMPLEMENTED
Definition: error.h:66
ERROR_DECRYPTION_FAILED
@ ERROR_DECRYPTION_FAILED
Definition: error.h:243
x509ParseSubjectPublicKeyInfo
error_t x509ParseSubjectPublicKeyInfo(const uint8_t *data, size_t length, size_t *totalLength, X509SubjectPublicKeyInfo *publicKeyInfo)
Parse SubjectPublicKeyInfo structure.
Definition: x509_key_parse.c:56
oid.h
OID (Object Identifier)
eddsaFreePrivateKey
void eddsaFreePrivateKey(EddsaPrivateKey *key)
Release an EdDSA private key.
Definition: eddsa.c:95
X509SubjectPublicKeyInfo::oid
X509OctetString oid
Definition: x509_common.h:840
pemDecodeFile
error_t pemDecodeFile(const char_t *input, size_t inputLen, const char_t *label, uint8_t *output, size_t *outputLen, PemHeader *header, size_t *consumed)
Convert PEM container to ASN.1 format.
Definition: pem_common.c:58
dsaFreePrivateKey
void dsaFreePrivateKey(DsaPrivateKey *key)
Release a DSA private key.
Definition: dsa.c:152
data
uint8_t data[]
Definition: ethernet.h:224
pemImportEcPrivateKey
error_t pemImportEcPrivateKey(EcPrivateKey *privateKey, const char_t *input, size_t length, const char_t *password)
Decode a PEM file containing an EC private key.
Definition: pem_key_import.c:749
EC_PUBLIC_KEY_OID
const uint8_t EC_PUBLIC_KEY_OID[7]
Definition: ec.c:44
pemGetPublicKeyCurve
const EcCurve * pemGetPublicKeyCurve(const char_t *input, size_t length)
Extract elliptic curve parameters from a PEM file.
Definition: pem_key_import.c:1259
Pkcs8EncryptedPrivateKeyInfo
Encrypted private key information.
Definition: pkcs8_key_parse.h:136
X509SubjectPublicKeyInfo::ecParams
X509EcParameters ecParams
Definition: x509_common.h:850
Pkcs8PrivateKeyInfo::dsaPublicKey
X509DsaPublicKey dsaPublicKey
Definition: pkcs8_key_parse.h:117
x509ParseRsaPublicKey
error_t x509ParseRsaPublicKey(const uint8_t *data, size_t length, X509RsaPublicKey *rsaPublicKey)
Parse RSAPublicKey structure.
Definition: x509_key_parse.c:309
pemImportDsaPublicKey
error_t pemImportDsaPublicKey(DsaPublicKey *publicKey, const char_t *input, size_t length)
Decode a PEM file containing a DSA public key.
Definition: pem_key_import.c:386
ERROR_OUT_OF_MEMORY
@ ERROR_OUT_OF_MEMORY
Definition: error.h:63
pem_key_import.h
PEM key file import functions.
pkcs8ImportDsaPrivateKey
error_t pkcs8ImportDsaPrivateKey(DsaPrivateKey *privateKey, const Pkcs8PrivateKeyInfo *privateKeyInfo)
Import a DSA private key.
Definition: pkcs8_key_parse.c:1149
x509ImportDsaPublicKey
error_t x509ImportDsaPublicKey(DsaPublicKey *publicKey, const X509SubjectPublicKeyInfo *publicKeyInfo)
Import a DSA public key.
Definition: x509_key_parse.c:633
pemCompareString
bool_t pemCompareString(const PemString *string, const char_t *value)
Compare a string against the supplied value.
Definition: pem_common.c:422
PemHeader
PEM encapsulated header.
Definition: pem_common.h:81
DSA_OID
const uint8_t DSA_OID[7]
Definition: dsa.c:51
X509_KEY_TYPE_EC
@ X509_KEY_TYPE_EC
Definition: x509_common.h:638
Pkcs8PrivateKeyInfo::ecPrivateKey
Pkcs8EcPrivateKey ecPrivateKey
Definition: pkcs8_key_parse.h:121
pemImportRsaPrivateKey
error_t pemImportRsaPrivateKey(RsaPrivateKey *privateKey, const char_t *input, size_t length, const char_t *password)
Decode a PEM file containing an RSA private key.
Definition: pem_key_import.c:183
DsaPublicKey
DSA public key.
Definition: dsa.h:61
ERROR_INVALID_PARAMETER
@ ERROR_INVALID_PARAMETER
Invalid parameter.
Definition: error.h:47
X509_KEY_TYPE_SM2
@ X509_KEY_TYPE_SM2
Definition: x509_common.h:639
error_t
error_t
Error codes.
Definition: error.h:43
X509EcParameters
EC parameters.
Definition: x509_common.h:818
rsaFreePrivateKey
void rsaFreePrivateKey(RsaPrivateKey *key)
Release an RSA private key.
Definition: rsa.c:148
EddsaPublicKey
EdDSA public key.
Definition: eddsa.h:64
pkcs8ImportRsaPrivateKey
error_t pkcs8ImportRsaPrivateKey(RsaPrivateKey *privateKey, const Pkcs8PrivateKeyInfo *privateKeyInfo)
Import an RSA private key.
Definition: pkcs8_key_parse.c:1005
pemDecryptMessage
error_t pemDecryptMessage(const PemHeader *header, const char_t *password, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext, size_t *plaintextLen)
PEM message decryption.
Definition: pem_decrypt.c:361
RsaPublicKey
RSA public key.
Definition: rsa.h:57
X509SubjectPublicKeyInfo::rsaPublicKey
X509RsaPublicKey rsaPublicKey
Definition: x509_common.h:843
pemImportRsaPublicKey
error_t pemImportRsaPublicKey(RsaPublicKey *publicKey, const char_t *input, size_t length)
Decode a PEM file containing an RSA public key.
Definition: pem_key_import.c:56
Pkcs8PrivateKeyInfo::ecPublicKey
X509EcPublicKey ecPublicKey
Definition: pkcs8_key_parse.h:122
Pkcs8PrivateKeyInfo::dsaParams
X509DsaParameters dsaParams
Definition: pkcs8_key_parse.h:115
x509ImportEddsaPublicKey
error_t x509ImportEddsaPublicKey(EddsaPublicKey *publicKey, const X509SubjectPublicKeyInfo *publicKeyInfo)
Import an EdDSA public key.
Definition: x509_key_parse.c:792
pemImportEddsaPublicKey
error_t pemImportEddsaPublicKey(EddsaPublicKey *publicKey, const char_t *input, size_t length)
Decode a PEM file containing a EdDSA public key.
Definition: pem_key_import.c:952
ERROR_END_OF_FILE
@ ERROR_END_OF_FILE
Definition: error.h:160
crypto.h
General definitions for cryptographic algorithms.
EcPrivateKey
EC private key.
Definition: ec.h:432
DsaPrivateKey
DSA private key.
Definition: dsa.h:72
ecFreePrivateKey
void ecFreePrivateKey(EcPrivateKey *key)
Release an EC private key.
Definition: ec.c:100
length
uint8_t length
Definition: tcp.h:375
pkcs8ParseRsaPrivateKey
error_t pkcs8ParseRsaPrivateKey(const uint8_t *data, size_t length, Pkcs8RsaPrivateKey *rsaPrivateKey)
Parse RSAPrivateKey structure.
Definition: pkcs8_key_parse.c:368
PemProcType::type
PemString type
Definition: pem_common.h:61
pemImportEddsaPrivateKey
error_t pemImportEddsaPrivateKey(EddsaPrivateKey *privateKey, const char_t *input, size_t length, const char_t *password)
Decode a PEM file containing a EdDSA private key.
Definition: pem_key_import.c:1032
pkcs8ParseDsaPrivateKey
error_t pkcs8ParseDsaPrivateKey(const uint8_t *data, size_t length, X509DsaParameters *dsaParams, Pkcs8DsaPrivateKey *dsaPrivateKey, X509DsaPublicKey *dsaPublicKey)
Parse DSAPrivateKey structure.
Definition: pkcs8_key_parse.c:565
pem_decrypt.h
PEM file decryption.
X509EcParameters::namedCurve
X509OctetString namedCurve
Definition: x509_common.h:819
EddsaPrivateKey
EdDSA private key.
Definition: eddsa.h:75
RSA_ENCRYPTION_OID
const uint8_t RSA_ENCRYPTION_OID[9]
Definition: rsa.c:54
EcPublicKey
EC public key.
Definition: ec.h:421
char_t
char char_t
Definition: compiler_port.h:55
pkcs8ImportEddsaPrivateKey
error_t pkcs8ImportEddsaPrivateKey(EddsaPrivateKey *privateKey, const Pkcs8PrivateKeyInfo *privateKeyInfo)
Import an EdDSA private key.
Definition: pkcs8_key_parse.c:1356
pkcs8ImportEcPrivateKey
error_t pkcs8ImportEcPrivateKey(EcPrivateKey *privateKey, const Pkcs8PrivateKeyInfo *privateKeyInfo)
Import an EC private key.
Definition: pkcs8_key_parse.c:1259
pkcs5Decrypt
error_t pkcs5Decrypt(const X509AlgoId *encryptionAlgoId, const char_t *password, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext, size_t *plaintextLen)
PKCS #5 decryption operation.
Definition: pkcs5_decrypt.c:61
OID_COMP
#define OID_COMP(oid1, oidLen1, oid2)
Definition: oid.h:42
x509ImportRsaPublicKey
error_t x509ImportRsaPublicKey(RsaPublicKey *publicKey, const X509SubjectPublicKeyInfo *publicKeyInfo)
Import an RSA public key.
Definition: x509_key_parse.c:563
n
uint8_t n
Definition: dhcpv6_common.h:416
RsaPrivateKey
RSA private key.
Definition: rsa.h:68
X509SubjectPublicKeyInfo
Subject Public Key Information extension.
Definition: x509_common.h:838
pkcs8ParseEncryptedPrivateKeyInfo
error_t pkcs8ParseEncryptedPrivateKeyInfo(const uint8_t *data, size_t length, Pkcs8EncryptedPrivateKeyInfo *encryptedPrivateKeyInfo)
Parse EncryptedPrivateKeyInfo structure.
Definition: pkcs8_key_parse.c:903
cryptoFreeMem
#define cryptoFreeMem(p)
Definition: crypto.h:833
pkcs8_key_parse.h
PKCS #8 key parsing.
pemImportEcPublicKey
error_t pemImportEcPublicKey(EcPublicKey *publicKey, const char_t *input, size_t length)
Decode a PEM file containing an EC public key.
Definition: pem_key_import.c:669
cryptoAllocMem
#define cryptoAllocMem(size)
Definition: crypto.h:828
eddsaFreePublicKey
void eddsaFreePublicKey(EddsaPublicKey *key)
Release an EdDSA public key.
Definition: eddsa.c:63
x509ParseEcParameters
error_t x509ParseEcParameters(const uint8_t *data, size_t length, X509EcParameters *ecParams)
Parse ECParameters structure.
Definition: x509_key_parse.c:530
ecGetCurve
const EcCurve * ecGetCurve(const uint8_t *oid, size_t length)
Get the elliptic curve that matches the specified OID.
Definition: ec_curves.c:5888
PemHeader::procType
PemProcType procType
Definition: pem_common.h:82
X509OctetString::value
const uint8_t * value
Definition: x509_common.h:702
X509_KEY_TYPE_UNKNOWN
@ X509_KEY_TYPE_UNKNOWN
Definition: x509_common.h:634
EcCurve
#define EcCurve
Definition: ec.h:346
x509_key_parse.h
Parsing of ASN.1 encoded keys.
Pkcs8PrivateKeyInfo::dsaPrivateKey
Pkcs8DsaPrivateKey dsaPrivateKey
Definition: pkcs8_key_parse.h:116
osMemset
#define osMemset(p, value, length)
Definition: os_port.h:138
pkcs5_decrypt.h
PKCS #5 decryption routines.
X509KeyType
X509KeyType
Public Key types.
Definition: x509_common.h:633
pemImportDsaPrivateKey
error_t pemImportDsaPrivateKey(DsaPrivateKey *privateKey, const char_t *input, size_t length, const char_t *password)
Decode a PEM file containing a DSA private key.
Definition: pem_key_import.c:466
Pkcs8PrivateKeyInfo::ecParams
X509EcParameters ecParams
Definition: pkcs8_key_parse.h:120
x509GetPublicKeyType
X509KeyType x509GetPublicKeyType(const uint8_t *oid, size_t length)
Get the public key type that matches the specified OID.
Definition: x509_common.c:835
Pkcs8PrivateKeyInfo::oid
X509OctetString oid
Definition: pkcs8_key_parse.h:110
pkcs8ParseEcPrivateKey
error_t pkcs8ParseEcPrivateKey(const uint8_t *data, size_t length, X509EcParameters *ecParams, Pkcs8EcPrivateKey *ecPrivateKey, X509EcPublicKey *ecPublicKey)
Parse ECPrivateKey structure.
Definition: pkcs8_key_parse.c:712
dsaFreePublicKey
void dsaFreePublicKey(DsaPublicKey *key)
Release a DSA public key.
Definition: dsa.c:119
NO_ERROR
@ NO_ERROR
Success.
Definition: error.h:44
pemGetPublicKeyType
X509KeyType pemGetPublicKeyType(const char_t *input, size_t length)
Extract the public key type from a PEM file.
Definition: pem_key_import.c:1177
debug.h
Debugging facilities.
ecFreePublicKey
void ecFreePublicKey(EcPublicKey *key)
Release an EC public key.
Definition: ec.c:68
SM2_OID
const uint8_t SM2_OID[8]
Definition: ec_curves.c:106