feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #7944 from JacobBarthelmeh/pkcs12

Browse Source 
add parsing over optional PKCS8 attributes
This commit is contained in:
Daniel Pouzzner
2024-09-05 16:55:44 -05:00
committed by GitHub
parent 887c5abcb1 9a8573afc9
commit dcaff9dff4
4 changed files with 23 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
certs/ca-key-pkcs8-attribute.der Normal file
View File

Binary file not shown.

1
certs/include.am
View File

@ -6,6 +6,7 @@ EXTRA_DIST += \
certs/ca-cert-chain.der \ certs/ca-cert-chain.der \
certs/ca-cert.pem \ certs/ca-cert.pem \
certs/ca-key.pem \ certs/ca-key.pem \
certs/ca-key-pkcs8-attribute.der \
certs/client-cert.pem \ certs/client-cert.pem \
certs/client-keyEnc.pem \ certs/client-keyEnc.pem \
certs/client-key.pem \ certs/client-key.pem \

12
tests/api.c
View File

@ -74549,6 +74549,7 @@ static int test_wc_GetPkcs8TraditionalOffset(void)
int derSz = 0; int derSz = 0;
word32 inOutIdx; word32 inOutIdx;
const char* path = "./certs/server-keyPkcs8.der"; const char* path = "./certs/server-keyPkcs8.der";
const char* pathAttributes = "./certs/ca-key-pkcs8-attribute.der";
XFILE file = XBADFILE; XFILE file = XBADFILE;
byte der[2048]; byte der[2048];
@ -74556,6 +74557,7 @@ static int test_wc_GetPkcs8TraditionalOffset(void)
ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), file), 0); ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), file), 0);
if (file != XBADFILE) if (file != XBADFILE)
XFCLOSE(file); XFCLOSE(file);
file = XBADFILE; /* reset file to avoid warning of use after close */
/* valid case */ /* valid case */
inOutIdx = 0; inOutIdx = 0;
@ -74577,6 +74579,16 @@ static int test_wc_GetPkcs8TraditionalOffset(void)
inOutIdx = 0; inOutIdx = 0;
ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, (word32)derSz), ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, (word32)derSz),
WC_NO_ERR_TRACE(ASN_PARSE_E)); WC_NO_ERR_TRACE(ASN_PARSE_E));
/* test parsing with attributes */
ExpectTrue((file = XFOPEN(pathAttributes, "rb")) != XBADFILE);
ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), file), 0);
if (file != XBADFILE)
XFCLOSE(file);
inOutIdx = 0;
ExpectIntGT(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx,
(word32)derSz), 0);
#endif /* NO_ASN */ #endif /* NO_ASN */
return EXPECT_RESULT(); return EXPECT_RESULT();
} }

16
wolfcrypt/src/asn.c
View File

@ -6882,8 +6882,9 @@ static const ASNItem pkcs8KeyASN[] = {
/* PKEY_ALGO_PARAM_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 1 }, /* PKEY_ALGO_PARAM_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 1 },
#endif #endif
/* PKEY_DATA */ { 1, ASN_OCTET_STRING, 0, 0, 0 }, /* PKEY_DATA */ { 1, ASN_OCTET_STRING, 0, 0, 0 },
/* attributes [0] Attributes OPTIONAL */ /* OPTIONAL Attributes IMPLICIT [0] */
/* [[2: publicKey [1] PublicKey OPTIONAL ]] */ { 1, ASN_CONTEXT_SPECIFIC | 0, 1, 0, 1 },
/* [[2: publicKey [1] PublicKey OPTIONAL ]] */
}; };
enum { enum {
PKCS8KEYASN_IDX_SEQ = 0, PKCS8KEYASN_IDX_SEQ = 0,
@ -6896,6 +6897,7 @@ enum {
PKCS8KEYASN_IDX_PKEY_ALGO_PARAM_SEQ, PKCS8KEYASN_IDX_PKEY_ALGO_PARAM_SEQ,
#endif #endif
PKCS8KEYASN_IDX_PKEY_DATA, PKCS8KEYASN_IDX_PKEY_DATA,
PKCS8KEYASN_IDX_PKEY_ATTRIBUTES,
WOLF_ENUM_DUMMY_LAST_ELEMENT(PKCS8KEYASN_IDX) WOLF_ENUM_DUMMY_LAST_ELEMENT(PKCS8KEYASN_IDX)
}; };
@ -7306,7 +7308,9 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
*outSz = tmpSz + sz; *outSz = tmpSz + sz;
return (int)(tmpSz + sz); return (int)(tmpSz + sz);
#else #else
DECL_ASNSETDATA(dataASN, pkcs8KeyASN_Length); /* pkcs8KeyASN_Length-1, the -1 is because we are not adding the optional
* set of attributes */
DECL_ASNSETDATA(dataASN, pkcs8KeyASN_Length-1);
int sz = 0; int sz = 0;
int ret = 0; int ret = 0;
word32 keyIdx = 0; word32 keyIdx = 0;
@ -7327,7 +7331,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
} }
CALLOC_ASNSETDATA(dataASN, pkcs8KeyASN_Length, ret, NULL); CALLOC_ASNSETDATA(dataASN, pkcs8KeyASN_Length-1, ret, NULL);
if (ret == 0) { if (ret == 0) {
/* Only support default PKCS #8 format - v0. */ /* Only support default PKCS #8 format - v0. */
@ -7353,7 +7357,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
SetASN_Buffer(&dataASN[PKCS8KEYASN_IDX_PKEY_DATA], key, keySz); SetASN_Buffer(&dataASN[PKCS8KEYASN_IDX_PKEY_DATA], key, keySz);
/* Get the size of the DER encoding. */ /* Get the size of the DER encoding. */
ret = SizeASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length, &sz); ret = SizeASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length-1, &sz);
} }
if (ret == 0) { if (ret == 0) {
/* Always return the calculated size. */ /* Always return the calculated size. */
@ -7366,7 +7370,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
} }
if (ret == 0) { if (ret == 0) {
/* Encode PKCS #8 key into buffer. */ /* Encode PKCS #8 key into buffer. */
SetASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length, out); SetASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length-1, out);
ret = sz; ret = sz;
} }