Mbedtls_pk_parse_key_failed

Mbed TLS Crypto and SSL questions
1

The below program is returning error code -3D00.
But the below key is correctly formed using openSSL command with the password mentioned in the program below.
Still we could able to print the key in RAW format using OpenSSL. However it is failing to parse the key while using Mbedtls pk_parse_key function.

Any help would be appreciated.
Thanks in advance.

#include <stdio.h>
#include <string.h>
#include <mbedtls/pk.h>

#define PASSWD "1234567890"

#define TEST_KEY                                                \
"-----BEGIN RSA PRIVATE KEY-----\r\n"                                   \
"Proc-Type: 4,ENCRYPTED\r\n"                                            \
"DEK-Info: AES-256-CBC,2B562090A59B0979180C4B9EBB5C782E\r\n"            \
"\r\n"                                                                  \
"UD76hvFyEMNzRe07vqAvBRwzz5J0JAyOFjo57dXXrQe3KFdsVMcM1Q6v4EPMGiu2\r\n"  \
"MuHvKATCtcYVVwqMzPeACk39MwqrnmAd9QrY5M8xy5FneiaE4PgcqmJvyPepAK+f\r\n"  \
"LGdu7X/vLjJJw3xsFt4wdSMz84KjQzAgRgiYgf6nCoVM8F+nAuk3lQJN4pki0ZAL\r\n"  \
"fZQYIidrDzWojwO1u6Y0NFt+ntG6PvDpiA66qMycQWct1MBoFS6kMpYvcfIEGG7g\r\n"  \
"4d0OxXeVINtZzHAYSzTzis5c9yDEGTUi/V8i++5Oas//qFJd9NDeoLFm12JEfU+o\r\n"  \
"CI4y2jG9hW68MapTRShkNv3m/rQZNaQhdII0GUjttNpkm/aP54IYJBepJRifZ+Pr\r\n"  \
"HQxTLlnmbGFVuc8WV58u64AFV1Hg4/yLv7RFzrLmWe43lugElMUk0B5BZll7tWj6\r\n"  \
"cYHx0CGjS/Gfv7WcKg/azVhQQh2GFtfi97spgqs/rQDfgZhWbGzSp3ufyJmDTyDP\r\n"  \
"S7P5jqcfDTGeSjpX7aDXe13kT2BxbKVgGswVuiCBZs1L97kWpxbQjznQSRrD7xU5\r\n"  \
"LW1op9XTidXjseEWjp5gCxqSO5oNYqZ9gP+wHqKyoSLjLyUw1f6pkmKpTEIJYNZa\r\n"  \
"7aYiU9CFrN9G2JcyE/voRnpgRKP/CuUN9AfLnXBYMtoaxAvIqtddfrYpY6ZzhCwi\r\n"  \
"o0kEbNM4ABrQk7QrGKs5a2MQB26muUI4vSmW0ffmqxZ5dmJB8kCXAB64TX48pKsV\r\n"  \
"EnAuE3YJdwympHwgxW99yHZIV1UI0y5Z0GR3iT/6Qvegm3BJeVNjbiAgFvM1zZDg\r\n"  \
"sOJrR7Cuj5N+m6UfY5o861DLZnbPqva8JHBUAV9TYGDeJsBx7cTgAvG8lPL3hrxI\r\n"  \
"LHe1YqHFnh5rW1mHSegB9ndza6FxC85sS/MguLLPLEuCWFn/iWrj8XgJCMSpBRjJ\r\n"  \
"Nu9nSBwTBp9PJaL1Gr3QGmpMAKjr5e0q/HOexyF2AFoHYK7ZbLODpSSmiQ1LU1/R\r\n"  \
"4oo16FPDTzbiEFDrmr0LLyYjPb0DDvRfSYfyLkJ2AWQcEpiktfANnwpEOP83+TOL\r\n"  \
"Dlc0IdL3FVe2+lbiKMfPj6uhGbZk1SGrxU886KprICbLRT66QJYQqWOH2aIFlf/I\r\n"  \
"HWQqava4iqecO/8TQZu9cXEedVyZ1td/7YFJy6e0NLsPbgnZ7lmoLD/nazF9TVDs\r\n"  \
"0YZECdGx9W3SLHJy53ekuGW3lw5Du5sGyJYzEFERprXy6M4wCqdH9i4F5d8ih85Y\r\n"  \
"dG7sKW6BYdUYRSoZac4bxZoXOMSiy+fFybx+LgjtaD1gKR0JGBbqgvDpvFbhHnCQ\r\n"  \
"v7h3ANHnjHJ2jYmORPxVPHVRAHM1BaM7/CTXECwZMakexZT6J21LGVs/HJs8lYlk\r\n"  \
"2hp48bX2s5s8/fMGcYELj0AbmMWZcfE7BSKIPQfqVpw0AuBuLEXluY5nK9wFu6ZR\r\n"  \
"Lb7jTJT1fYhU7B290CQFxm+PYKWhB0Fz7y+iZK3MUi95wGPIN/y3QeqBV4E84S/U\r\n"  \
"T3ua+DvmNnfVKi0D8X2KdCYBYXcokE8OGMj+tgiR5rxYmBU4LFC3aJ5FeJWcIIp2\r\n"  \
"-----END RSA PRIVATE KEY-----\r\n"

int main()
{
  int r = 0;

  mbedtls_pk_context pk;

  mbedtls_pk_init( &pk );
  r = mbedtls_pk_parse_key(&pk, TEST_KEY, strlen(TEST_KEY), PASSWD, strlen(PASSWD) );
  printf("mbedtls_pk_parse: -%04x", -r);

  return r;
}
2

Hi @lijintv07
Thank you for your interest in Mbed TLS!
As mentioned in the documentation:

 *                  The buffer must contain the input exactly, with no
 *                  extra trailing material. For PEM, the buffer must
 *                  contain a null-terminated string.
 * \param keylen    Size of \b key in bytes.
 *                  For PEM data, this includes the terminating null byte,
 *                  so \p keylen must be equal to `strlen(key) + 1`.

so you should add the null byte to the length of TEST_KEY:

r = mbedtls_pk_parse_key(&pk, TEST_KEY, strlen(TEST_KEY) + 1, PASSWD, strlen(PASSWD) );

Regards,
Mbed TLS Support
Ron

3

Thanks Ron

4

Hello, I want to import a secp_256r1 private key in pem format using the mbedtls_pk_parse_key method, but this method returns an error, code is 0xFFFFC300, Here’s my code:

unsigned char private_key_buffer[] = "-----BEGIN EC PRIVATE KEY-----\n"
"MHcCAQEEINK79I52HkeYGP/C5BOC7ObigHe5QoBxl0wS+OBC7XH0oAoGCCqGSM49\n"
"AwEHoUQDQgAEcO0VveyZn3F1H54XBvknLh5ArnNtP/VhzWzmikeGCLZXe08JZgMZ\n"
"VgVqbfqsbhK/bpNvddfjWIdc8kQqkI46XA==\n"
"-----END EC PRIVATE KEY-----";
mbedtls_pk_init(&private_key_context);
err_code = mbedtls_pk_parse_key(&private_key_context, (const unsigned char *)private_key_buffer, strlen(private_key_buffer) + 1, NULL, 0);

NRF_LOG_INFO("mbedtls_pk_parse_key ERROR 0x%04x", err_code);
APP_ERROR_CHECK(err_code);

Now that I’ve modified the configuration item,
#define MBEDTLS_PEM_PARSE_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_PKCS5_C
#define MBEDTLS_PKCS12_C
#define MBEDTLS_PKCS11_C

After compiling and downloading
The mbedtls_pk_parse_key function returns ERROR 0xFFFFEE80
what should I do?