Arm Mbed and Pelion Device Management support forum

Mbedtls_pk_parse_key_failed

The below program is returning error code -3D00.
But the below key is correctly formed using openSSL command with the password mentioned in the program below.
Still we could able to print the key in RAW format using OpenSSL. However it is failing to parse the key while using Mbedtls pk_parse_key function.

Any help would be appreciated.
Thanks in advance.

#include <stdio.h>
#include <string.h>
#include <mbedtls/pk.h>

#define PASSWD "1234567890"

#define TEST_KEY                                                \
"-----BEGIN RSA PRIVATE KEY-----\r\n"                                   \
"Proc-Type: 4,ENCRYPTED\r\n"                                            \
"DEK-Info: AES-256-CBC,2B562090A59B0979180C4B9EBB5C782E\r\n"            \
"\r\n"                                                                  \
"UD76hvFyEMNzRe07vqAvBRwzz5J0JAyOFjo57dXXrQe3KFdsVMcM1Q6v4EPMGiu2\r\n"  \
"MuHvKATCtcYVVwqMzPeACk39MwqrnmAd9QrY5M8xy5FneiaE4PgcqmJvyPepAK+f\r\n"  \
"LGdu7X/vLjJJw3xsFt4wdSMz84KjQzAgRgiYgf6nCoVM8F+nAuk3lQJN4pki0ZAL\r\n"  \
"fZQYIidrDzWojwO1u6Y0NFt+ntG6PvDpiA66qMycQWct1MBoFS6kMpYvcfIEGG7g\r\n"  \
"4d0OxXeVINtZzHAYSzTzis5c9yDEGTUi/V8i++5Oas//qFJd9NDeoLFm12JEfU+o\r\n"  \
"CI4y2jG9hW68MapTRShkNv3m/rQZNaQhdII0GUjttNpkm/aP54IYJBepJRifZ+Pr\r\n"  \
"HQxTLlnmbGFVuc8WV58u64AFV1Hg4/yLv7RFzrLmWe43lugElMUk0B5BZll7tWj6\r\n"  \
"cYHx0CGjS/Gfv7WcKg/azVhQQh2GFtfi97spgqs/rQDfgZhWbGzSp3ufyJmDTyDP\r\n"  \
"S7P5jqcfDTGeSjpX7aDXe13kT2BxbKVgGswVuiCBZs1L97kWpxbQjznQSRrD7xU5\r\n"  \
"LW1op9XTidXjseEWjp5gCxqSO5oNYqZ9gP+wHqKyoSLjLyUw1f6pkmKpTEIJYNZa\r\n"  \
"7aYiU9CFrN9G2JcyE/voRnpgRKP/CuUN9AfLnXBYMtoaxAvIqtddfrYpY6ZzhCwi\r\n"  \
"o0kEbNM4ABrQk7QrGKs5a2MQB26muUI4vSmW0ffmqxZ5dmJB8kCXAB64TX48pKsV\r\n"  \
"EnAuE3YJdwympHwgxW99yHZIV1UI0y5Z0GR3iT/6Qvegm3BJeVNjbiAgFvM1zZDg\r\n"  \
"sOJrR7Cuj5N+m6UfY5o861DLZnbPqva8JHBUAV9TYGDeJsBx7cTgAvG8lPL3hrxI\r\n"  \
"LHe1YqHFnh5rW1mHSegB9ndza6FxC85sS/MguLLPLEuCWFn/iWrj8XgJCMSpBRjJ\r\n"  \
"Nu9nSBwTBp9PJaL1Gr3QGmpMAKjr5e0q/HOexyF2AFoHYK7ZbLODpSSmiQ1LU1/R\r\n"  \
"4oo16FPDTzbiEFDrmr0LLyYjPb0DDvRfSYfyLkJ2AWQcEpiktfANnwpEOP83+TOL\r\n"  \
"Dlc0IdL3FVe2+lbiKMfPj6uhGbZk1SGrxU886KprICbLRT66QJYQqWOH2aIFlf/I\r\n"  \
"HWQqava4iqecO/8TQZu9cXEedVyZ1td/7YFJy6e0NLsPbgnZ7lmoLD/nazF9TVDs\r\n"  \
"0YZECdGx9W3SLHJy53ekuGW3lw5Du5sGyJYzEFERprXy6M4wCqdH9i4F5d8ih85Y\r\n"  \
"dG7sKW6BYdUYRSoZac4bxZoXOMSiy+fFybx+LgjtaD1gKR0JGBbqgvDpvFbhHnCQ\r\n"  \
"v7h3ANHnjHJ2jYmORPxVPHVRAHM1BaM7/CTXECwZMakexZT6J21LGVs/HJs8lYlk\r\n"  \
"2hp48bX2s5s8/fMGcYELj0AbmMWZcfE7BSKIPQfqVpw0AuBuLEXluY5nK9wFu6ZR\r\n"  \
"Lb7jTJT1fYhU7B290CQFxm+PYKWhB0Fz7y+iZK3MUi95wGPIN/y3QeqBV4E84S/U\r\n"  \
"T3ua+DvmNnfVKi0D8X2KdCYBYXcokE8OGMj+tgiR5rxYmBU4LFC3aJ5FeJWcIIp2\r\n"  \
"-----END RSA PRIVATE KEY-----\r\n"

int main()
{
  int r = 0;

  mbedtls_pk_context pk;

  mbedtls_pk_init( &pk );
  r = mbedtls_pk_parse_key(&pk, TEST_KEY, strlen(TEST_KEY), PASSWD, strlen(PASSWD) );
  printf("mbedtls_pk_parse: -%04x", -r);

  return r;
}

Hi @lijintv07
Thank you for your interest in Mbed TLS!
As mentioned in the documentation:

 *                  The buffer must contain the input exactly, with no
 *                  extra trailing material. For PEM, the buffer must
 *                  contain a null-terminated string.
 * \param keylen    Size of \b key in bytes.
 *                  For PEM data, this includes the terminating null byte,
 *                  so \p keylen must be equal to `strlen(key) + 1`.

so you should add the null byte to the length of TEST_KEY:

r = mbedtls_pk_parse_key(&pk, TEST_KEY, strlen(TEST_KEY) + 1, PASSWD, strlen(PASSWD) );

Regards,
Mbed TLS Support
Ron

Thanks Ron