Resolve PR review comments

1) use `pk_get_rsapubkey` instead of reimplementing the parsing 2) rename the key files, according to their type and key size 3) comment in the data_files/Makefile hoe the keys were generated 4) Fix issue of failure parsing pkcs#1 DER format parsing, missed in previous commit
2025-10-30 03:00:21 -04:00 · 2017-10-16 12:40:27 +03:00 · 2017-10-16 12:40:27 +03:00 · b006518289
commit b006518289
parent d0c56de934
8 changed files with 43 additions and 47 deletions
--- a/library/pkparse.c
+++ b/library/pkparse.c
@ -649,14 +649,6 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,

    p = (unsigned char *) key;
    end = p + keylen;
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-    }
-
-    end = p + len;
-
    if( mode == 0 )
    {
    /*
@ -675,6 +667,14 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
     *      otherPrimeInfos   OtherPrimeInfos OPTIONAL
     *  }
     */
+        if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+        {
+            return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+        }
+
+        end = p + len;
+
        if( ( ret = mbedtls_asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
        {
            return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
@ -715,36 +715,11 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
    }
    else /* public key*/
    {
-    /*
-     * This function parses the RSAPublicKey (PKCS#1)
-     *
-     *  RSAPublicKey ::= SEQUENCE {
-     *                   modulus           INTEGER,  -- n
-     *                   publicExponent    INTEGER   -- e
-     *                   }
-     */
-        if( ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->N  ) ) != 0 ||
-            ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->E  ) ) != 0 )
+        if( ( ret = pk_get_rsapubkey( &p, end, rsa ) ) != 0 )
        {
            mbedtls_rsa_free( rsa );
-            return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+            return( ret );
        }
-
-        rsa->len = mbedtls_mpi_size( &rsa->N );
-
-        if( p != end )
-        {
-             mbedtls_rsa_free( rsa );
-             return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
-                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-        }
-
-        if( ( ret = mbedtls_rsa_check_pubkey( rsa ) ) != 0 )
-        {
-             mbedtls_rsa_free( rsa );
-             return( ret );
-        }
-
    }
    return( 0 );
 }
@ -1287,6 +1262,7 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
 #if defined(MBEDTLS_PEM_PARSE_C)
    size_t len;
    mbedtls_pem_context pem;
+    const mbedtls_pk_info_t *pk_info;

    mbedtls_pem_init( &pem );
 #if defined(MBEDTLS_RSA_C)
@ -1301,7 +1277,6 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,

    if( ret == 0 )
    {
-         const mbedtls_pk_info_t *pk_info;
         if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
              return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );

@ -1319,6 +1294,21 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
        mbedtls_pem_free( &pem );
        return( ret );
    }
+
+    if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
+          return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
+
+    if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
+        return( ret );
+
+    ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *ctx ),
+                                  key, keylen, 1 );
+    if ( ret == 0 )
+    {
+        mbedtls_pem_free( &pem );
+        return( ret );
+    }
+    mbedtls_pk_free( ctx );
 #endif /* MBEDTLS_RSA_C */

       /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@ -64,7 +64,13 @@ server2-sha256.crt: server2-rsa.csr
 	$(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in server2-rsa.csr -out $@
 all_final += server2-sha256.crt

+rsa_pkcs1_2048_public.pem: server8.key
+	$(OPENSSL)  rsa -in server8.key -outform PEM -RSAPublicKey_out -out $@
+all_final += rsa_pkcs8_2048_public.pem

+rsa_pkcs1_2048_public.der: rsa_pkcs1_2048_public.pem
+	$(OPENSSL) -RSAPublicKey_in -in rsa_pkcs1_2048_public.pem -outform DER -RSAPublicKey_out -out $@
+all_final += rsa_pkcs8_2048_public.der

 ################################################################
 #### Meta targets
--- a/tests/data_files/public_rsa_key.der
+++ b/tests/data_files/public_rsa_key.der
--- a/tests/data_files/public_rsa_key.pem
+++ b/tests/data_files/public_rsa_key.pem
@ -1,8 +0,0 @@
-----BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA2UFMidUiQFATstnnSR6Q97QThcnPzkATdIM5LQ1HMLLbzmTrLRa1
-mjneNIh9jE+ZpPDEXVcUAwrvgCOb/MQeqetYNxU8FHU1Baw76ZCSe91GPK6xSdIW
-ovsrsPCKnu8qQBYGTV/OQ4Y6KvVL5NvcLsQfxGgOYtFuD6xn6oE25SwScqWD5y4Q
-zB3Rm7u23xBBcLr+zb4fVjBOGS1vIVNnxj7aDYJTB9ZO2i+5MUch0BPHhsd3gf//
-u5ECyItnc+B50apbc/7wziwX1ABMvGVIWbvEMG68Vgst2kX91ojiDPZJej/c2xLR
-gpzage6SGEIQiCDQVIudSMnzZoltyMUmNwIDAQAB
-----END RSA PUBLIC KEY-----
--- a/tests/data_files/rsa_pkcs1_2048_public.der
+++ b/tests/data_files/rsa_pkcs1_2048_public.der
--- a/tests/data_files/rsa_pkcs1_2048_public.pem
+++ b/tests/data_files/rsa_pkcs1_2048_public.pem
@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA2xx/LgvNv87RdRCgorjOfariBeB62ERjj7W9wLAZuTe4GUoO8V10
+gGdGhwbeW38GA73BjV4HFdRb9Nzlzz35wREsrmq5ir0dZ2YX6k692xWagofk8HjD
+o4WHsP2fqZlf4zPszOoLtWFe8Ul+P6Mt6gEMzEKadpvE0DfTsRcBYQEWWX4cF8NT
+/dFyy0xgFdp94uqtUO+O4ovUandV1nDZa7vx7jkEOKO94tHgZmvinEeZ6Sjmtvwu
+ymdDhOjVg9admGsBPoHcPHrK+fOc99YoGyd4fMPQ1WOngTSJrSVqvfLq7fpX/OU0
+xsEPcS3SCBAbrURB4P55oGOTirFd6bDubwIDAQAB
+-----END RSA PUBLIC KEY-----
--- a/tests/data_files/rsa_pkcs8_1024_public.der
+++ b/tests/data_files/rsa_pkcs8_1024_public.der
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@ -108,15 +108,15 @@ pk_parse_public_keyfile_rsa:"data_files/format_gen.pub":0

 Parse Public RSA Key #1 (PKCS#8 wrapped, DER)
 depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C
-pk_parse_public_keyfile_rsa:"data_files/format_gen_der.pub":0
+pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs8_1024_public.der":0

 Parse Public RSA Key #3 (PKCS#1 wrapped)
 depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C
-pk_parse_public_keyfile_rsa:"data_files/public_rsa_key.pem":0
+pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs1_2048_public.pem":0

 Parse Public RSA Key #4 (PKCS#1 wrapped, DER)
 depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C
-pk_parse_public_keyfile_rsa:"data_files/public_rsa_key.der":0
+pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs1_2048_public.der":0

 Parse Public EC Key #1 (RFC 5480, DER)
 depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED