feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Add an API function wc_DecryptPKCS8Key to handle decrypting a DER, PKCS#8

Browse Source 
encrypted key.
This commit is contained in:
Hayden Roche
2021-05-26 10:26:39 -07:00
parent 5e4e73d6e9
commit 88370285cc
2 changed files with 48 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
wolfcrypt/src/asn.c
View File

@@ -3921,6 +3921,48 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32 outSz,
return ret; return ret;
} }
/* PKCS#8 decryption from RFC 5208
*
* NOTE: input buffer is overwritten with decrypted data!
*
* This function takes an encrypted PKCS#8 DER key and decrypts it to PKCS#8
* unencrypted DER. Undoes the encryption done by wc_EncryptPKCS8Key. Returns
* the length of the decrypted buffer or a negative value if there was an error.
*/
int wc_DecryptPKCS8Key(byte* input, word32 sz, const char* password,
int passwordSz)
{
int ret;
int length;
word32 inOutIdx = 0;
if (GetSequence(input, &inOutIdx, &length, sz) < 0) {
ret = ASN_PARSE_E;
}
else {
ret = DecryptContent(input + inOutIdx, sz - inOutIdx, password,
passwordSz);
if (ret > 0) {
XMEMMOVE(input, input + inOutIdx, ret);
}
}
if (ret > 0) {
/* DecryptContent will decrypt the data, but it will leave any padding
* bytes intact. This code calculates the length without the padding
* and we return that to the user. */
inOutIdx = 0;
if (GetSequence(input, &inOutIdx, &length, ret) < 0) {
ret = ASN_PARSE_E;
}
else {
ret = inOutIdx + length;
}
}
return ret;
}
/* Takes an unencrypted, traditional DER-encoded key and converts it to a PKCS#8 /* Takes an unencrypted, traditional DER-encoded key and converts it to a PKCS#8
* encrypted key. */ * encrypted key. */
int TraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, int TraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz,
@@ -4146,25 +4188,16 @@ exit_dc:
return ret; return ret;
} }
/* Remove Encrypted PKCS8 header, move beginning of traditional to beginning /* Remove Encrypted PKCS8 header, move beginning of traditional to beginning
of input */ of input */
int ToTraditionalEnc(byte* input, word32 sz,const char* password, int ToTraditionalEnc(byte* input, word32 sz, const char* password,
int passwordSz, word32* algId) int passwordSz, word32* algId)
{ {
int ret, length; int ret;
word32 inOutIdx = 0;
if (GetSequence(input, &inOutIdx, &length, sz) < 0) { ret = wc_DecryptPKCS8Key(input, sz, password, passwordSz);
ret = ASN_PARSE_E; if (ret > 0) {
} ret = ToTraditional_ex(input, ret, algId);
else {
ret = DecryptContent(input + inOutIdx, sz - inOutIdx, password,
passwordSz);
if (ret > 0) {
XMEMMOVE(input, input + inOutIdx, ret);
ret = ToTraditional_ex(input, ret, algId);
}
} }
return ret; return ret;

1
wolfssl/wolfcrypt/asn_public.h
View File

@@ -585,6 +585,7 @@ WOLFSSL_API int wc_CreatePKCS8Key(byte* out, word32* outSz,
byte* key, word32 keySz, int algoID, const byte* curveOID, word32 oidSz); byte* key, word32 keySz, int algoID, const byte* curveOID, word32 oidSz);
WOLFSSL_API int wc_EncryptPKCS8Key(byte*, word32, byte*, word32, const char*, WOLFSSL_API int wc_EncryptPKCS8Key(byte*, word32, byte*, word32, const char*,
int, int, int, int, byte*, word32, int, WC_RNG*, void*); int, int, int, int, byte*, word32, int, WC_RNG*, void*);
WOLFSSL_API int wc_DecryptPKCS8Key(byte*, word32, const char*, int);
#ifndef NO_ASN_TIME #ifndef NO_ASN_TIME
/* Time */ /* Time */