- Parsing of PEM files moved to separate module (Fixes ticket #13). Also possible to remove PEM support for systems only using DER encoding
- Parsing PEM private keys encrypted with DES and AES are now supported (Fixes ticket #5)
- Added tests for encrypted keyfiles
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 1cf5b50..014bc14 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -151,6 +151,7 @@
*
* Module: library/aes.c
* Caller: library/ssl_tls.c
+ * library/pem.c
*
* This module enables the following ciphersuites:
* SSL_RSA_AES_128_SHA
@@ -371,6 +372,18 @@
#define POLARSSL_PADLOCK_C
/**
+ * \def POLARSSL_PEM_C
+ *
+ * Enable PEM decoding
+ *
+ * Module: library/pem.c
+ * Caller: library/x509parse.c
+ *
+ * This modules adds support for decoding PEM files.
+ */
+#define POLARSSL_PEM_C
+
+/**
* \def POLARSSL_RSA_C
*
* Enable the RSA public-key cryptosystem.
diff --git a/include/polarssl/pem.h b/include/polarssl/pem.h
new file mode 100644
index 0000000..dfb2f1e
--- /dev/null
+++ b/include/polarssl/pem.h
@@ -0,0 +1,98 @@
+/**
+ * \file pem.h
+ *
+ * \brief Privacy Enhanced Mail (PEM) decoding
+ *
+ * Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_PEM_H
+#define POLARSSL_PEM_H
+
+/**
+ * \name PEM Error codes
+ * These error codes are returned in case of errors reading the
+ * PEM data.
+ * \{
+ */
+#define POLARSSL_ERR_PEM_NO_HEADER_PRESENT -0x0500 /**< No PEM header found. */
+#define POLARSSL_ERR_PEM_INVALID_DATA -0x0520 /**< PEM string is not as expected. */
+#define POLARSSL_ERR_PEM_MALLOC_FAILED -0x0540 /**< Failed to allocate memory. */
+#define POLARSSL_ERR_PEM_INVALID_ENC_IV -0x0560 /**< RSA IV is not in hex-format. */
+#define POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG -0x0580 /**< Unsupported key encryption algorithm. */
+#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED -0x05A0 /**< Private key password can't be empty. */
+#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH -0x05C0 /**< Given private key password does not allow for correct decryption. */
+#define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE -0x05E0 /**< Unavailable feature, e.g. hashing/encryption combination. */
+/* \} name */
+
+/**
+ * \brief PEM context structure
+ */
+typedef struct
+{
+ unsigned char *buf; /*!< buffer for decoded data */
+ int buflen; /*!< length of the buffer */
+ unsigned char *info; /*!< buffer for extra header information */
+}
+pem_context;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief PEM context setup
+ *
+ * \param ctx context to be initialized
+ */
+void pem_init( pem_context *ctx );
+
+/**
+ * \brief Read a buffer for PEM information and store the resulting
+ * data into the specified context buffers.
+ *
+ * \param ctx context to use
+ * \param header header string to seek and expect
+ * \param footer footer string to seek and expect
+ * \param data source data to look in
+ * \param pwd password for decryption (can be NULL)
+ * \param pwdlen length of password
+ * \param use_len destination for total length used
+ *
+ * \return 0 on success, ior a specific PEM error code
+ */
+int pem_read_buffer( pem_context *ctx, char *header, char *footer,
+ const unsigned char *data,
+ const unsigned char *pwd,
+ int pwdlen, int *use_len );
+
+/**
+ * \brief PEM context memory freeing
+ *
+ * \param ctx context to be freed
+ */
+void pem_free( pem_context *ctx );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* pem.h */
diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h
index eda5221..b2ca75e 100644
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@@ -69,13 +69,8 @@
#define POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0 /**< Public key algorithm is unsupported (only RSA is supported). */
#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0 /**< Certificate signature algorithms do not match. (see \c ::x509_cert sig_oid) */
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200 /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */
-#define POLARSSL_ERR_X509_KEY_INVALID_PEM -0x0220 /**< PEM key string is not as expected. */
#define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x0240 /**< Unsupported RSA key version */
#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260 /**< Invalid RSA key tag or value. */
-#define POLARSSL_ERR_X509_KEY_INVALID_ENC_IV -0x0280 /**< RSA IV is not in hex-format. */
-#define POLARSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG -0x02A0 /**< Unsupported key encryption algorithm. */
-#define POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED -0x02C0 /**< Private key password can't be empty. */
-#define POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH -0x02E0 /**< Given private key password does not allow for correct decryption. */
#define POLARSSL_ERR_X509_POINT_ERROR -0x0300 /**< Not used. */
#define POLARSSL_ERR_X509_VALUE_TO_LENGTH -0x0320 /**< Not used. */
/* \} name */
@@ -485,7 +480,7 @@
* \param buf buffer holding the certificate data
* \param buflen size of the buffer
*
- * \return 0 if successful, or a specific X509 error code
+ * \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen );
@@ -497,7 +492,7 @@
* \param chain points to the start of the chain
* \param path filename to read the certificates from
*
- * \return 0 if successful, or a specific X509 error code
+ * \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_crtfile( x509_cert *chain, const char *path );
@@ -510,7 +505,7 @@
* \param buf buffer holding the CRL data
* \param buflen size of the buffer
*
- * \return 0 if successful, or a specific X509 error code
+ * \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen );
@@ -522,7 +517,7 @@
* \param chain points to the start of the chain
* \param path filename to read the CRLs from
*
- * \return 0 if successful, or a specific X509 error code
+ * \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_crlfile( x509_crl *chain, const char *path );
@@ -536,7 +531,7 @@
* \param pwd password for decryption (optional)
* \param pwdlen size of the password
*
- * \return 0 if successful, or a specific X509 error code
+ * \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_key( rsa_context *rsa,
const unsigned char *key, int keylen,
@@ -550,7 +545,7 @@
* \param path filename to read the private key from
* \param password password to decrypt the file (can be NULL)
*
- * \return 0 if successful, or a specific X509 error code
+ * \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_keyfile( rsa_context *rsa, const char *path,
const char *password );
@@ -563,7 +558,7 @@
* \param dhmin input buffer
* \param dhminlen size of the buffer
*
- * \return 0 if successful, or a specific X509 error code
+ * \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen );
@@ -574,7 +569,7 @@
* \param dhm DHM context to be initialized
* \param path filename to read the DHM Parameters from
*
- * \return 0 if successful, or a specific X509 error code
+ * \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_dhmfile( dhm_context *dhm, const char *path );
