diff --git a/certs/ca-key-pkcs8-attribute.der b/certs/ca-key-pkcs8-attribute.der new file mode 100644 index 000000000..692a8cccf Binary files /dev/null and b/certs/ca-key-pkcs8-attribute.der differ diff --git a/certs/include.am b/certs/include.am index dd87e3265..d4417fe8e 100644 --- a/certs/include.am +++ b/certs/include.am @@ -6,6 +6,7 @@ EXTRA_DIST += \ certs/ca-cert-chain.der \ certs/ca-cert.pem \ certs/ca-key.pem \ + certs/ca-key-pkcs8-attribute.der \ certs/client-cert.pem \ certs/client-keyEnc.pem \ certs/client-key.pem \ diff --git a/tests/api.c b/tests/api.c index b523b8ba9..70669bca5 100644 --- a/tests/api.c +++ b/tests/api.c @@ -74549,6 +74549,7 @@ static int test_wc_GetPkcs8TraditionalOffset(void) int derSz = 0; word32 inOutIdx; const char* path = "./certs/server-keyPkcs8.der"; + const char* pathAttributes = "./certs/ca-key-pkcs8-attribute.der"; XFILE file = XBADFILE; byte der[2048]; @@ -74556,6 +74557,7 @@ static int test_wc_GetPkcs8TraditionalOffset(void) ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), file), 0); if (file != XBADFILE) XFCLOSE(file); + file = XBADFILE; /* reset file to avoid warning of use after close */ /* valid case */ inOutIdx = 0; @@ -74577,6 +74579,16 @@ static int test_wc_GetPkcs8TraditionalOffset(void) inOutIdx = 0; ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, (word32)derSz), WC_NO_ERR_TRACE(ASN_PARSE_E)); + + /* test parsing with attributes */ + ExpectTrue((file = XFOPEN(pathAttributes, "rb")) != XBADFILE); + ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), file), 0); + if (file != XBADFILE) + XFCLOSE(file); + + inOutIdx = 0; + ExpectIntGT(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, + (word32)derSz), 0); #endif /* NO_ASN */ return EXPECT_RESULT(); } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index cf33e97fc..e99852296 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -6882,8 +6882,9 @@ static const ASNItem pkcs8KeyASN[] = { /* PKEY_ALGO_PARAM_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 1 }, #endif /* PKEY_DATA */ { 1, ASN_OCTET_STRING, 0, 0, 0 }, - /* attributes [0] Attributes OPTIONAL */ - /* [[2: publicKey [1] PublicKey OPTIONAL ]] */ +/* OPTIONAL Attributes IMPLICIT [0] */ + { 1, ASN_CONTEXT_SPECIFIC | 0, 1, 0, 1 }, +/* [[2: publicKey [1] PublicKey OPTIONAL ]] */ }; enum { PKCS8KEYASN_IDX_SEQ = 0, @@ -6896,6 +6897,7 @@ enum { PKCS8KEYASN_IDX_PKEY_ALGO_PARAM_SEQ, #endif PKCS8KEYASN_IDX_PKEY_DATA, + PKCS8KEYASN_IDX_PKEY_ATTRIBUTES, WOLF_ENUM_DUMMY_LAST_ELEMENT(PKCS8KEYASN_IDX) }; @@ -7306,7 +7308,9 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, *outSz = tmpSz + sz; return (int)(tmpSz + sz); #else - DECL_ASNSETDATA(dataASN, pkcs8KeyASN_Length); + /* pkcs8KeyASN_Length-1, the -1 is because we are not adding the optional + * set of attributes */ + DECL_ASNSETDATA(dataASN, pkcs8KeyASN_Length-1); int sz = 0; int ret = 0; word32 keyIdx = 0; @@ -7327,7 +7331,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, ret = ASN_PARSE_E; } - CALLOC_ASNSETDATA(dataASN, pkcs8KeyASN_Length, ret, NULL); + CALLOC_ASNSETDATA(dataASN, pkcs8KeyASN_Length-1, ret, NULL); if (ret == 0) { /* Only support default PKCS #8 format - v0. */ @@ -7353,7 +7357,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, SetASN_Buffer(&dataASN[PKCS8KEYASN_IDX_PKEY_DATA], key, keySz); /* Get the size of the DER encoding. */ - ret = SizeASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length, &sz); + ret = SizeASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length-1, &sz); } if (ret == 0) { /* Always return the calculated size. */ @@ -7366,7 +7370,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, } if (ret == 0) { /* Encode PKCS #8 key into buffer. */ - SetASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length, out); + SetASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length-1, out); ret = sz; }