feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #6569 from SparkiDev/pem_der_example

Browse Source 
PEM example: new example for convert between PEM and DER
This commit is contained in:
David Garske
2023-07-03 11:31:36 -07:00
committed by GitHub
parent ad2621a7a0 f72a6b705f
commit a921ab754d
23 changed files with 1691 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -74,6 +74,7 @@ examples/sctp/sctp-server-dtls
examples/sctp/sctp-client
examples/sctp/sctp-client-dtls
examples/asn1/asn1
examples/pem/pem
server_ready
snifftest
output

BIN
certs/crl/caEccCrl.der Normal file
View File

Binary file not shown.

1
certs/crl/include.am
View File

@ -10,6 +10,7 @@ EXTRA_DIST += \
certs/crl/eccSrvCRL.pem \
certs/crl/eccCliCRL.pem \
certs/crl/crl2.pem \
certs/crl/caEccCrl.der \
certs/crl/caEccCrl.pem \
certs/crl/caEcc384Crl.pem \
certs/crl/wolfssl.cnf \

BIN
certs/csr.dsa.der Normal file
View File

Binary file not shown.

1
certs/ecc-params.der Normal file
View File

@ -0,0 +1 @@
*<2A>H<EFBFBD>=

3
certs/ecc-params.pem Normal file
View File

@ -0,0 +1,3 @@
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----

2
certs/ecc-privkey.der Normal file
View File

@ -0,0 +1,2 @@
01 E<>is<>l<EFBFBD><6C>8[r<><72>Ǭ<EFBFBD><03>S5<04>l(<28>4<EFBFBD><34><EFBFBD> <09><>
*<2A>H<EFBFBD>=

2
certs/ed25519/eddsa-ed25519.der Normal file
View File

@ -0,0 +1,2 @@
0%
 <20><>r<EFBFBD><72>XJն<4A><D5B6><EFBFBD>i<EFBFBD><69>:<3A>|(<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>DuXB

3
certs/ed25519/eddsa-ed25519.pem Normal file
View File

@ -0,0 +1,3 @@
-----BEGIN EDDSA PRIVATE KEY-----
MCUKAQEEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC
-----END EDDSA PRIVATE KEY-----

4
certs/ed25519/include.am
View File

@ -27,7 +27,9 @@ EXTRA_DIST += \
certs/ed25519/server-ed25519-key.der \
certs/ed25519/server-ed25519-key.pem \
certs/ed25519/server-ed25519-priv.der \
certs/ed25519/server-ed25519-priv.pem
certs/ed25519/server-ed25519-priv.pem \
certs/ed25519/eddsa-ed25519.der \
certs/ed25519/eddsa-ed25519.pem
EXTRA_DIST += \
certs/ed25519/gen-ed25519.sh \

208
certs/include.am
View File

@ -3,115 +3,121 @@
#
EXTRA_DIST += \
certs/ca-cert-chain.der \
certs/ca-cert.pem \
certs/ca-key.pem \
certs/client-cert.pem \
certs/client-keyEnc.pem \
certs/client-key.pem \
certs/client-uri-cert.pem \
certs/client-absolute-urn.pem \
certs/client-relative-uri.pem \
certs/client-crl-dist.pem \
certs/client-crl-dist.der \
certs/ecc-key.pem \
certs/ecc-keyPub.pem \
certs/ecc-privkey.pem \
certs/ecc-privkeyPkcs8.der \
certs/ecc-privkeyPkcs8.pem \
certs/ecc-keyPkcs8Enc.pem \
certs/ecc-keyPkcs8Enc.der \
certs/ecc-key-comp.pem \
certs/ecc-keyPkcs8.pem \
certs/ecc-keyPkcs8.der \
certs/ecc-client-key.pem \
certs/ecc-client-keyPub.pem \
certs/client-ecc-cert.pem \
certs/client-ca.pem \
certs/dh2048.pem \
certs/server-cert.pem \
certs/server-ecc.pem \
certs/server-ecc-self.pem \
certs/server-ecc-comp.pem \
certs/server-ecc-rsa.pem \
certs/server-keyEnc.pem \
certs/server-key.pem \
certs/server-keyPub.pem \
certs/server-keyPkcs8.der \
certs/server-keyPkcs8Enc12.pem \
certs/server-keyPkcs8Enc2.pem \
certs/server-keyPkcs8Enc.pem \
certs/server-keyPkcs8Enc.der \
certs/server-keyPkcs8.pem \
certs/server-revoked-cert.pem \
certs/server-revoked-key.pem \
certs/wolfssl-website-ca.pem \
certs/test-degenerate.p7b \
certs/test-ber-exp02-05-2022.p7b \
certs/test-servercert.p12 \
certs/test-servercert-rc2.p12 \
certs/ecc-rsa-server.p12 \
certs/dsaparams.der \
certs/dsaparams.pem \
certs/ecc-privOnlyKey.pem \
certs/ecc-privOnlyCert.pem \
certs/dh3072.pem \
certs/dh4096.pem \
certs/client-cert-ext.pem \
certs/csr.attr.der \
certs/csr.dsa.pem \
certs/csr.signed.der \
certs/csr.ext.der \
certs/entity-no-ca-bool-cert.pem \
certs/entity-no-ca-bool-key.pem \
certs/x942dh2048.pem \
certs/fpki-cert.der \
certs/rid-cert.der
certs/ca-cert-chain.der \
certs/ca-cert.pem \
certs/ca-key.pem \
certs/client-cert.pem \
certs/client-keyEnc.pem \
certs/client-key.pem \
certs/client-uri-cert.pem \
certs/client-absolute-urn.pem \
certs/client-relative-uri.pem \
certs/client-crl-dist.pem \
certs/client-crl-dist.der \
certs/ecc-key.pem \
certs/ecc-keyPub.pem \
certs/ecc-params.der \
certs/ecc-params.pem \
certs/ecc-privkey.der \
certs/ecc-privkey.pem \
certs/ecc-privkeyPkcs8.der \
certs/ecc-privkeyPkcs8.pem \
certs/ecc-keyPkcs8Enc.pem \
certs/ecc-keyPkcs8Enc.der \
certs/ecc-key-comp.pem \
certs/ecc-keyPkcs8.pem \
certs/ecc-keyPkcs8.der \
certs/ecc-client-key.pem \
certs/ecc-client-keyPub.pem \
certs/client-ecc-cert.pem \
certs/client-ca.pem \
certs/dh2048.pem \
certs/server-cert.pem \
certs/server-ecc.pem \
certs/server-ecc-self.pem \
certs/server-ecc-comp.pem \
certs/server-ecc-rsa.pem \
certs/server-keyEnc.pem \
certs/server-key.pem \
certs/server-keyPub.der \
certs/server-keyPub.pem \
certs/server-keyPkcs8.der \
certs/server-keyPkcs8Enc12.pem \
certs/server-keyPkcs8Enc2.pem \
certs/server-keyPkcs8Enc.pem \
certs/server-keyPkcs8Enc.der \
certs/server-keyPkcs8.pem \
certs/server-revoked-cert.pem \
certs/server-revoked-key.pem \
certs/wolfssl-website-ca.pem \
certs/test-degenerate.p7b \
certs/test-ber-exp02-05-2022.p7b \
certs/test-servercert.p12 \
certs/test-servercert-rc2.p12 \
certs/ecc-rsa-server.p12 \
certs/dsaparams.der \
certs/dsaparams.pem \
certs/ecc-privOnlyKey.pem \
certs/ecc-privOnlyCert.pem \
certs/dh3072.pem \
certs/dh4096.pem \
certs/client-cert-ext.pem \
certs/csr.attr.der \
certs/csr.dsa.der \
certs/csr.dsa.pem \
certs/csr.signed.der \
certs/csr.ext.der \
certs/entity-no-ca-bool-cert.pem \
certs/entity-no-ca-bool-key.pem \
certs/x942dh2048.der \
certs/x942dh2048.pem \
certs/fpki-cert.der \
certs/rid-cert.der
EXTRA_DIST += \
certs/ca-key.der \
certs/ca-cert.der \
certs/client-cert.der \
certs/client-key.der \
certs/client-ecc-cert.der \
certs/client-keyPub.der \
certs/client-keyPub.pem \
certs/dh2048.der \
certs/dh3072.der \
certs/dh4096.der \
certs/dh-pubkey-2048.der \
certs/rsa2048.der \
certs/rsa-pub-2048.pem \
certs/rsa3072.der \
certs/dsa2048.der \
certs/dsa3072.der \
certs/dsa-pubkey-2048.der \
certs/ecc-client-key.der \
certs/ecc-client-keyPub.der \
certs/ecc-key.der \
certs/ecc-keyPub.der \
certs/server-key.der \
certs/server-cert.der \
certs/server-ecc-comp.der \
certs/server-ecc.der \
certs/server-ecc-self.der \
certs/server-ecc-rsa.der \
certs/server-cert-chain.der \
certs/client-cert-ext.der
certs/ca-key.der \
certs/ca-cert.der \
certs/client-cert.der \
certs/client-key.der \
certs/client-ecc-cert.der \
certs/client-keyPub.der \
certs/client-keyPub.pem \
certs/dh2048.der \
certs/dh3072.der \
certs/dh4096.der \
certs/dh-pubkey-2048.der \
certs/rsa2048.der \
certs/rsa-pub-2048.pem \
certs/rsa3072.der \
certs/dsa2048.der \
certs/dsa3072.der \
certs/dsa-pubkey-2048.der \
certs/ecc-client-key.der \
certs/ecc-client-keyPub.der \
certs/ecc-key.der \
certs/ecc-keyPub.der \
certs/server-key.der \
certs/server-cert.der \
certs/server-ecc-comp.der \
certs/server-ecc.der \
certs/server-ecc-self.der \
certs/server-ecc-rsa.der \
certs/server-cert-chain.der \
certs/client-cert-ext.der
# ECC CA prime256v1
EXTRA_DIST += \
certs/ca-ecc-cert.der \
certs/ca-ecc-cert.pem \
certs/ca-ecc-key.der \
certs/ca-ecc-key.pem
certs/ca-ecc-cert.der \
certs/ca-ecc-cert.pem \
certs/ca-ecc-key.der \
certs/ca-ecc-key.pem
# ECC CA SECP384R1
EXTRA_DIST += \
certs/ca-ecc384-cert.der \
certs/ca-ecc384-cert.pem \
certs/ca-ecc384-key.der \
certs/ca-ecc384-key.pem
certs/ca-ecc384-cert.der \
certs/ca-ecc384-cert.pem \
certs/ca-ecc384-key.der \
certs/ca-ecc384-key.pem
dist_doc_DATA+= certs/taoCert.txt

BIN
certs/server-keyPub.der Normal file
View File

Binary file not shown.

BIN
certs/x942dh2048.der Normal file
View File

Binary file not shown.

15
examples/asn1/asn1.c
View File

@ -283,7 +283,7 @@ static int PrintPem(FILE* fp, int pem_skip)
/* Usage lines to show. */
const char* usage[] = {
"asn1 [OPTOIN]... [FILE]",
"asn1 [OPTION]... [FILE]",
"Display a human-readable version of a DER/BER encoding.",
"",
"Options:",
@ -317,8 +317,8 @@ static void Usage(void)
/* Main entry of ASN.1 printing program.
*
* @param [in] argc Count of command line argements.
* @param [in] argv Command line argements.
* @param [in] argc Count of command line arguments.
* @param [in] argv Command line arguments.
* @return 0 on success.
* @return 1 on failure.
*/
@ -430,7 +430,7 @@ int main(int argc, char* argv[])
Usage();
return 0;
}
/* Unknown option dectection. */
/* Unknown option detection. */
else if (argv[0][0] == '-') {
fprintf(stderr, "Bad option: %s\n", argv[0]);
Usage();
@ -476,8 +476,8 @@ int main(int argc, char* argv[])
/* Main entry of ASN.1 printing program.
*
* @param [in] argc Count of command line argements.
* @param [in] argv Command line argements.
* @param [in] argc Count of command line arguments.
* @param [in] argv Command line arguments.
* @return 0 on success.
* @return 1 on failure.
*/
@ -489,6 +489,5 @@ int main(int argc, char* argv[])
return 0;
}
#endif
#endif /* WOLFSSL_ASN_PRINT */

1
examples/include.am
View File

@ -9,4 +9,5 @@ include examples/server/include.am
include examples/sctp/include.am
include examples/configs/include.am
include examples/asn1/include.am
include examples/pem/include.am
EXTRA_DIST += examples/README.md

12
examples/pem/include.am Normal file
View File

@ -0,0 +1,12 @@
# vim:ft=automake
# included from Top Level Makefile.am
# All paths should be given relative to the root
if BUILD_EXAMPLE_ASN1
noinst_PROGRAMS += examples/pem/pem
examples_pem_pem_SOURCES = examples/pem/pem.c
examples_pem_pem_LDADD = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD)
examples_pem_pem_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la
endif

1038
examples/pem/pem.c Normal file
View File

File diff suppressed because it is too large Load Diff

2
scripts/include.am
View File

@ -87,6 +87,8 @@ noinst_SCRIPTS+= scripts/unit.test.in
endif
endif
dist_noinst_SCRIPTS+= scripts/pem.test
EXTRA_DIST += scripts/sniffer-static-rsa.pcap \
scripts/sniffer-ipv6.pcap \
scripts/sniffer-tls13-dh.pcap \

459
scripts/pem.test Executable file
View File

@ -0,0 +1,459 @@
#!/bin/bash
# pem.test
# Copyright wolfSSL 2023-2023
tmp_file=./pem_test.$$
tmp_der_file=./pem_test_out_der.$$
tmp_pem_file=./pem_test_out_pem.$$
PEM_EXE=./examples/pem/pem
ASN1_EXE=./examples/asn1/asn1
TEST_CNT=0
TEST_PASS_CNT=0
TEST_SKIP_CNT=0
TEST_FAIL_CNT=0
TEST_FAIL=
TEST_CASES=()
RUN_ALL="YES"
CR=$'\n'
ENC_STRING="encrypt"
DER_TO_PEM_STRING="input is DER and output is PEM"
# Cleanup temporaries created during testing.
do_cleanup() {
echo
echo "in cleanup"
if [ -e "$tmp_der_file" ]; then
echo -e "removing existing temporary DER output file"
rm "$tmp_der_file"
fi
if [ -e "$tmp_pem_file" ]; then
echo -e "removing existing temporary PEM output file"
rm "$tmp_pem_file"
fi
if [ -e "$tmp_file" ]; then
echo -e "removing existing temporary output file"
rm "$tmp_file"
fi
}
# Called when a signal is trapped.
do_trap() {
echo
echo "got trap"
do_cleanup
exit 1
}
# Trap keyboard interrupt and termination signal.
trap do_trap INT TERM
# Check the usage text for a string to determine feature support.
#
# @param [in] $1 String to search for,
# @return 1 when string is found.
# @return 0 otherwise.
check_usage_string() {
$PEM_EXE -? | grep "$1" >$tmp_file 2>&1
if [ "$?" = "0" ]; then
return 1
fi
return 0
}
# Check whether the test case is to be run.
# When command line parameters given - only run those.
#
# @return 1 when test case is to be run.
# @return 0 otherwise.
check_run() {
# When RUN_ALL set them all test cases are run.
if [ "$RUN_ALL" != "" ]; then
return 1
else
# Check if test case number in list.
for T in "${TEST_CASE[@]}"; do
if [ "$T" = "$TEST_CNT" ]; then
return 1
fi
done
return 0
fi
}
# Setup for new test case.
#
# @param [in] $* Name of test case.
test_setup() {
TEST_CNT=$((TEST_CNT+1))
TEST_DESC="$TEST_CNT: $*"
FAILED=
SKIP=
if [ "$USAGE_STRING" != "" ]; then
# Check usage output for string to see whether we have to skip test case
# due to wolfSSL missing features.
check_usage_string "$USAGE_STRING"
if [ "$?" = "0" ] ; then
echo
echo "$TEST_DESC"
echo "SKIPPED"
SKIP="missing feature"
fi
USAGE_STRING=
fi
if [ "$SKIP" = "" ]; then
# Check whether this test case is to be run.
check_run
if [ "$?" = "1" ]; then
echo
echo "$TEST_DESC"
TEST_PASS_CNT=$((TEST_PASS_CNT+1))
else
SKIP="not requested"
fi
fi
# Handle skipping
if [ "$SKIP" != "" ]; then
TEST_SKIP_CNT=$((TEST_SKIP_CNT+1))
fi
}
# Handle when a test case failed.
test_fail() {
if [ "$SKIP" = "" -a "$FAILED" = "" ]; then
TEST_PASS_CNT=$((TEST_PASS_CNT-1))
TEST_FAIL_CNT=$((TEST_FAIL_CNT+1))
TEST_FAIL="$TEST_FAIL$CR $TEST_DESC"
FAILED=yes
fi
}
# Use asn1 to check DER produced is valid.
check_der() {
$ASN1_EXE $tmp_der_file >$tmp_file 2>&1
if [ "$?" != "0" ]; then
echo
echo " DER result bad"
test_fail
fi
}
# Convert PEM file to DER
#
# @param [in] $* Command line parameters to pem example.
convert_to_der() {
if [ "$SKIP" = "" -a "$FAILED" = "" ]; then
echo " $PEM_EXE $* -out $tmp_pem_file"
$PEM_EXE $* -out $tmp_der_file
if [ "$?" != "0" ]; then
echo " Failed to convert to DER"
test_fail
fi
check_der
fi
}
# Compare generated DER file to existing file.
#
# @param [in] $1 File to compare to.
compare_der() {
diff $tmp_der_file $1
if [ "$?" != "0" ]; then
echo " Created DER file different from expected"
test_fail
fi
}
# Convert DER file to PEM
#
# PEM_TYPE contains PEM header to encode.
#
# @param [in] $* Command line parameters to pem example.
convert_to_pem() {
if [ "$SKIP" = "" -a "$FAILED" = "" ]; then
echo " $PEM_EXE --der -t \"$PEM_TYPE\" $* -out $tmp_pem_file"
$PEM_EXE --der $* -t "$PEM_TYPE" -out $tmp_pem_file
if [ "$?" != "0" ]; then
test_fail
fi
fi
}
# Compare generated PEM file to existing file.
compare_pem() {
diff $tmp_pem_file $1 >$tmp_file 2>&1
if [ "$?" != "0" ]; then
cat $tmp_file
echo
echo " Created PEM file different from expected"
test_fail
fi
}
# Convert to and from PEM and DER and compare to file containing expected DER.
#
# @param [in] $1 Name of PEM file to read.
# @param [in] $2 Name of DER file to compare to.
# @param [in] $3 PEM type expected in PEM file and to place in created PEM
# file.
pem_der_exp() {
if [ "$SKIP" = "" -a "$FAILED" = "" ]; then
PEM_FILE=$1
DER_FILE=$2
PEM_TYPE="$3"
# Convert PEM to DER
convert_to_der -in $PEM_FILE
if [ "$FAILED" = "" ]; then
# On success, compare to DER file.
compare_der $DER_FILE
fi
# Check if converting from DER to PEM is supported.
check_usage_string $DER_TO_PEM_STRING
if [ "$?" = "1" ]; then
if [ "$FAILED" = "" ]; then
# Convert expected DER file to PEM
convert_to_pem -in $DER_FILE
fi
if [ "$FAILED" = "" ]; then
# On success, compare to original PEM file.
compare_pem $PEM_FILE
fi
fi
fi
}
# Convert DER to encrypted PEM.
#
# @param [in] $@ Command line parameters to pem example when encrypting.
der_pem_enc() {
PEM_TYPE="ENCRYPTED PRIVATE KEY"
convert_to_pem -in ./certs/server-key.der -p yassl123 "$@"
convert_to_der -in $tmp_pem_file -p yassl123
}
################################################################################
# Check for pem example - can't test without it.
if [ ! -x $PEM_EXE ]; then
echo "PEM example not available, won't run"
exit 77
fi
# Check for asn1 example - don't want to test without it.
if [ ! -x $ASN1_EXE ]; then
echo "ASN.1 example not available, won't run"
exit 77
fi
# Check the available features compiled into pem example.
echo "wolfSSL features:"
check_usage_string $DER_TO_PEM_STRING
if [ "$?" = "1" ]; then
echo " Conversion from DER to PEM support compiled in."
else
echo " Conversion from DER to PEM support NOT compiled in."
fi
check_usage_string $ENC_STRING
if [ "$?" = "1" ]; then
echo " Encryption support compiled in."
else
echo " Encryption support NOT compiled in."
fi
echo
# Command line parameters are test cases to run.
while [ $# -gt 0 ]; do
TEST_CASE[${#TEST_CASE[@]}]=$1
RUN_ALL=
shift 1
done
test_setup "Convert PEM certificate (first of many) to DER"
convert_to_der -in ./certs/server-cert.pem
test_setup "Convert PEM certificate (second of many) to DER"
convert_to_der -in ./certs/server-cert.pem --offset 6000
test_setup "RSA private key"
pem_der_exp ./certs/server-key.pem \
./certs/server-key.der "RSA PRIVATE KEY"
test_setup "RSA public key"
pem_der_exp ./certs/server-keyPub.pem \
./certs/server-keyPub.der "RSA PUBLIC KEY"
test_setup "DH parameters"
pem_der_exp ./certs/dh3072.pem \
./certs/dh3072.der "DH PARAMETERS"
test_setup "X9.42 parameters"
pem_der_exp ./certs/x942dh2048.pem \
./certs/x942dh2048.der "X9.42 DH PARAMETERS"
USAGE_STRING=" DSA PARAMETERS"
test_setup "DSA parameters"
pem_der_exp ./certs/dsaparams.pem \
./certs/dsaparams.der "DSA PARAMETERS"
USAGE_STRING=" DSA PRIVATE KEY"
test_setup "DSA private key"
pem_der_exp ./certs/1024/dsa1024.pem \
./certs/1024/dsa1024.der "DSA PRIVATE KEY"
USAGE_STRING=" EC PRIVATE KEY"
test_setup "ECC private key"
pem_der_exp ./certs/ecc-keyPkcs8.pem \
./certs/ecc-keyPkcs8.der "PRIVATE KEY"
USAGE_STRING=" EC PRIVATE KEY"
test_setup "EC PRIVATE KEY"
pem_der_exp ./certs/ecc-privkey.pem \
./certs/ecc-privkey.der "EC PRIVATE KEY"
USAGE_STRING=" EC PARAMETERS"
test_setup "ECC parameters"
pem_der_exp ./certs/ecc-params.pem \
./certs/ecc-params.der "EC PARAMETERS"
test_setup "ECC public key"
pem_der_exp ./certs/ecc-keyPub.pem \
./certs/ecc-keyPub.der "PUBLIC KEY"
test_setup "Ed25519 public key"
pem_der_exp ./certs/ed25519/client-ed25519-key.pem \
./certs/ed25519/client-ed25519-key.der 'PUBLIC KEY'
test_setup "Ed25519 private key"
pem_der_exp ./certs/ed25519/client-ed25519-priv.pem \
./certs/ed25519/client-ed25519-priv.der 'PRIVATE KEY'
USAGE_STRING=" EDDSA PRIVATE KEY"
test_setup "EdDSA private key"
pem_der_exp ./certs/ed25519/eddsa-ed25519.pem \
./certs/ed25519/eddsa-ed25519.der 'EDDSA PRIVATE KEY'
test_setup "Ed448 public key"
pem_der_exp ./certs/ed448/client-ed448-key.pem \
./certs/ed448/client-ed448-key.der 'PUBLIC KEY'
test_setup "Ed448 private key"
pem_der_exp ./certs/ed448/client-ed448-priv.pem \
./certs/ed448/client-ed448-priv.der 'PRIVATE KEY'
USAGE_STRING=" CERTIFICATE REQUEST"
test_setup "Certificate Request"
pem_der_exp ./certs/csr.dsa.pem \
./certs/csr.dsa.der 'CERTIFICATE REQUEST'
USAGE_STRING=" X509 CRL"
test_setup "X509 CRL"
pem_der_exp ./certs/crl/caEccCrl.pem \
./certs/crl/caEccCrl.der 'X509 CRL'
USAGE_STRING=$ENC_STRING
test_setup "Encrypted Key with header"
convert_to_der -in ./certs/server-keyEnc.pem -p yassl123 --padding
USAGE_STRING=$ENC_STRING
test_setup "Encrypted Key - PKCS#8"
convert_to_der -in ./certs/server-keyPkcs8Enc.pem -p yassl123
USAGE_STRING=$ENC_STRING
test_setup "Encrypted Key - PKCS#8 (PKCS#12 PBE)"
convert_to_der -in ./certs/server-keyPkcs8Enc12.pem -p yassl123
USAGE_STRING="PBES1_MD5_DES"
test_setup "Encrypted Key - PKCS#8 (PKCS#5 PBES1-MD5-DES)"
convert_to_der -in ./certs/ecc-keyPkcs8Enc.pem -p yassl123
USAGE_STRING=" DES3"
test_setup "Encrypted Key - PKCS#8 (PKCS#5v2 PBE-SHA1-DES3)"
convert_to_der -in ./certs/server-keyPkcs8Enc2.pem -p yassl123
USAGE_STRING="AES-256-CBC"
PEM_TYPE="ENCRYPTED PRIVATE KEY"
test_setup "Encrypt Key - PKCS#8 (Default: PKCS#5 PBES2 AES-256-CBC)"
der_pem_enc
USAGE_STRING="AES-256-CBC"
PEM_TYPE="ENCRYPTED PRIVATE KEY"
test_setup "Encrypt Key - PKCS#8 - Large salt"
der_pem_enc -s 16
USAGE_STRING="AES-256-CBC"
PEM_TYPE="ENCRYPTED PRIVATE KEY"
test_setup "Encrypt Key - PKCS#8 - 10000 iterations (DER encoding check)"
der_pem_enc -i 10000
USAGE_STRING="AES-256-CBC"
PEM_TYPE="ENCRYPTED PRIVATE KEY"
test_setup "Encrypt Key - PKCS#8 - 100 iterations (DER encoding check)"
der_pem_enc -i 100
USAGE_STRING="AES-128-CBC"
PEM_TYPE="ENCRYPTED PRIVATE KEY"
test_setup "Encrypt Key - PKCS#8 (PKCS#5 PBES2 AES-128-CBC)"
der_pem_enc --pbe-alg AES-128-CBC
USAGE_STRING="DES"
PEM_TYPE="ENCRYPTED PRIVATE KEY"
test_setup "Encrypt Key - PKCS#8 (PKCS#5 PBES2 DES)"
der_pem_enc --pbe-alg DES
USAGE_STRING="DES3"
PEM_TYPE="ENCRYPTED PRIVATE KEY"
test_setup "Encrypt Key - PKCS#8 (PKCS#5 PBES2 DES3)"
der_pem_enc --pbe-alg DES3
USAGE_STRING="PBES1_MD5_DES"
PEM_TYPE="ENCRYPTED PRIVATE KEY"
test_setup "Encrypt Key - PKCS#8 (PKCS#5 PBES1-MD5-DES)"
der_pem_enc --pbe PBES1_MD5_DES
USAGE_STRING="PBES1_SHA1_DES"
PEM_TYPE="ENCRYPTED PRIVATE KEY"
test_setup "Encrypt Key - PKCS#8 (PKCS#5 PBES1-SHA1-DES)"
der_pem_enc --pbe PBES1_SHA1_DES
USAGE_STRING=" SHA1_RC4_128"
PEM_TYPE="ENCRYPTED PRIVATE KEY"
test_setup "Encrypt Key - PKCS#8 (PKCS#12 PBE-SHA1-RC4-128)"
der_pem_enc --pbe-ver PKCS12 --pbe SHA1_RC4_128
USAGE_STRING=" SHA1_DES3"
PEM_TYPE="ENCRYPTED PRIVATE KEY"
test_setup "Encrypt Key - PKCS#8 (PKCS#12 PBE-SHA1-DES3)"
der_pem_enc --pbe-ver PKCS12 --pbe SHA1_DES3
USAGE_STRING="SHA1_40RC2_CBC"
PEM_TYPE="ENCRYPTED PRIVATE KEY"
test_setup "Encrypt Key - PKCS#8 (PKCS#12 PBE-SHA1-40RC2-CBC)"
der_pem_enc --pbe-ver PKCS12 --pbe SHA1_40RC2_CBC
# Note: PKCS#12 with SHA1_DES doesn't work as we encode as PKCS#5 SHA1_DES as
# ids are the same
# Report results
echo
if [ "$TEST_SKIP_CNT" = "0" ]; then
echo "RESULT: $TEST_PASS_CNT/$TEST_CNT (pass/total)"
else
echo "RESULT: $TEST_PASS_CNT/$TEST_SKIP_CNT/$TEST_CNT (pass/skip/total)"
fi
if [ "$TEST_FAIL_CNT" != "0" ]; then
echo "FAILURES ($TEST_FAIL_CNT):$TEST_FAIL"
else
echo "PASSED"
fi
# Cleanup temporaries
do_cleanup

25
wolfcrypt/src/asn.c
View File

@ -4362,6 +4362,9 @@ static const byte pbeSha1RC4128[] = {42, 134, 72, 134, 247, 13, 1, 12, 1, 1};
#if !defined(NO_DES3) && !defined(NO_SHA)
static const byte pbeSha1Des3[] = {42, 134, 72, 134, 247, 13, 1, 12, 1, 3};
#endif
#if defined(WC_RC2) && !defined(NO_SHA)
static const byte pbe40Rc2Cbc[] = {42, 134, 72, 134, 247, 13, 1, 12, 1, 6};
#endif
#ifdef HAVE_LIBZ
/* zlib compression */
@ -5168,6 +5171,13 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
oid = pbeSha1Des3;
*oidSz = sizeof(pbeSha1Des3);
break;
#endif
#if !defined(NO_SHA) && defined(WC_RC2)
case PBE_SHA1_40RC2_CBC_SUM:
case PBE_SHA1_40RC2_CBC:
oid = pbe40Rc2Cbc;
*oidSz = sizeof(pbe40Rc2Cbc);
break;
#endif
case PBES2_SUM:
case PBES2:
@ -7069,10 +7079,11 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
SetASN_Int8Bit(&dataASN[PKCS8KEYASN_IDX_VER], PKCS8v0);
/* Set key OID that corresponds to key data. */
SetASN_OID(&dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_KEY], (word32)algoID,
oidKeyType);
oidKeyType);
if (curveOID != NULL && oidSz > 0) {
/* ECC key and curveOID set to write. */
SetASN_Buffer(&dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE], curveOID, oidSz);
SetASN_Buffer(&dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE],
curveOID, oidSz);
}
else {
/* EC curve OID to encode. */
@ -8161,6 +8172,14 @@ static int GetAlgoV2(int encAlgId, const byte** oid, int *len, int* id,
*blkSz = 8;
break;
#endif
#if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
case AES128CBCb:
*len = sizeof(blkAes128CbcOid);
*oid = blkAes128CbcOid;
*id = PBE_AES128_CBC;
*blkSz = 16;
break;
#endif
#if defined(WOLFSSL_AES_256) && defined(HAVE_AES_CBC)
case AES256CBCb:
*len = sizeof(blkAes256CbcOid);
@ -8230,7 +8249,7 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz,
padSz = (word32)((blockSz - ((int)keySz & (blockSz - 1))) &
(blockSz - 1));
/* inner = OCT salt INT itt */
innerLen = 2 + saltSz + 2 + (itt < 256 ? 1 : 2);
innerLen = 2 + saltSz + 2 + ((itt < 256) ? 1 : ((itt < 65536) ? 2 : 3));
if (version != PKCS5v2) {
pbeOidBuf = OidFromId((word32)pbeId, oidPBEType, &pbeOidBufSz);

2
wolfcrypt/test/test.c
View File

@ -45417,7 +45417,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certpiv_test(void)
0x0B, 0x01, 0x00, /* Nonce */
0x0C, 0x01, 0x00, /* Signed Nonce */
};
/* PIV certificate data including certificate, info and error dectection. */
/* PIV certificate data including certificate, info and error detection. */
WOLFSSL_SMALL_STACK_STATIC const byte pivCert[] = {
0x53, 0x09, /* NIST PIV Cert */
0x70, 0x02, /* Certificate */

11
wolfssl/wolfcrypt/asn.h
View File

@ -2566,11 +2566,12 @@ enum PBESTypes {
PBE_AES128_CBC = 5,
PBE_SHA1_40RC2_CBC = 6,
PBE_SHA1_RC4_128_SUM = 657,
PBE_SHA1_DES3_SUM = 659,
PBE_MD5_DES_SUM = 651,
PBE_SHA1_DES_SUM = 658,
PBES2_SUM = 661,
PBE_SHA1_RC4_128_SUM = 657,
PBE_SHA1_DES3_SUM = 659,
PBE_SHA1_40RC2_CBC_SUM = 662,
PBE_MD5_DES_SUM = 651,
PBE_SHA1_DES_SUM = 658,
PBES2_SUM = 661,
PBES2 = 13, /* algo ID */
PBES1_MD5_DES = 3,

20
wolfssl/wolfcrypt/asn_public.h
View File

@ -116,6 +116,26 @@ enum Ecc_Sum {
};
enum EncPkcs8Types {
ENC_PKCS8_VER_PKCS12 = 1,
ENC_PKCS8_VER_PKCS5 = 5,
ENC_PKCS8_PBES2 = 13,
ENC_PKCS8_PBE_SHA1_RC4_128 = 1,
ENC_PKCS8_PBE_SHA1_DES = 2,
ENC_PKCS8_PBE_SHA1_DES3 = 3,
ENC_PKCS8_PBE_SHA1_40RC2_CBC = 6,
ENC_PKCS8_PBES1_MD5_DES = 3,
ENC_PKCS8_PBES1_SHA1_DES = 10,
ENC_PKCS8_ALG_AES128CBC = 414,
ENC_PKCS8_ALG_AES256CBC = 454,
ENC_PKCS8_ALG_DES = 69,
ENC_PKCS8_ALG_DES3 = 652
};
/* Certificate file Type */
enum CertType {
CERT_TYPE = 0,