feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Refactor of the wc_ParseCertPIV to support detection of Identiv format header. Added flag to indicate Identiv type. Added wolfCrypt test for wc_ParseCertPIV function with Identiv PIV template.

Browse Source
This commit is contained in:
David Garske
2018-10-02 17:01:56 -07:00
parent 0c72dee315
commit f0350c1efb
3 changed files with 66 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
wolfcrypt/src/asn.c
View File

@@ -14478,54 +14478,66 @@ int wc_ParseCertPIV(wc_CertPIV* piv, const byte* buf, word32 totalSz)
XMEMSET(piv, 0, sizeof(wc_CertPIV)); XMEMSET(piv, 0, sizeof(wc_CertPIV));
/* Certificate - Total Length (0A 82 05FA) */ /* Detect Identiv PIV (with 0x0A, 0x0B and 0x0C sections) */
/* Certificate (0A 82 05FA) */
if (GetASNHeader(buf, ASN_PIV_CERT, &idx, &length, totalSz) >= 0) { if (GetASNHeader(buf, ASN_PIV_CERT, &idx, &length, totalSz) >= 0) {
/* Certificate Buffer (53 82 05F6) */ /* Identiv Type PIV card */
if (GetASNHeader(buf, ASN_APPLICATION | ASN_PRINTABLE_STRING, &idx, piv->isIdentiv = 1;
&length, totalSz) < 0) {
return ASN_PARSE_E;
}
/* PIV Certificate (70 82 05ED) */
if (GetASNHeader(buf, ASN_PIV_TAG_CERT, &idx, &length,
totalSz) < 0) {
return ASN_PARSE_E;
}
/* Capture certificate buffer pointer and length */
piv->cert = &buf[idx]; piv->cert = &buf[idx];
piv->certSz = length; piv->certSz = length;
idx += length; idx += length;
/* PIV Certificate Info (71 01 00) */ /* Nonce (0B 14) */
if (GetASNHeader(buf, ASN_PIV_TAG_CERT_INFO, &idx, &length, if (GetASNHeader(buf, ASN_PIV_NONCE, &idx, &length, totalSz) >= 0) {
totalSz) >= 0) { piv->nonce = &buf[idx];
if (length >= 1) { piv->nonceSz = length;
piv->compression = (buf[idx] & ASN_PIV_CERT_INFO_COMPRESSED);
piv->isX509 = (buf[idx] & ASN_PIV_CERT_INFO_ISX509);
}
idx += length; idx += length;
} }
/* PIV Error Detection (FE 00) */ /* Signed Nonce (0C 82 0100) */
if (GetASNHeader(buf, ASN_PIV_TAG_ERR_DET, &idx, &length, if (GetASNHeader(buf, ASN_PIV_SIGNED_NONCE, &idx, &length, totalSz) >= 0) {
totalSz) >= 0) { piv->signedNonce = &buf[idx];
piv->certErrDet = &buf[idx]; piv->signedNonceSz = length;
piv->certErrDetSz = length;
idx += length; idx += length;
} }
idx = 0;
buf = piv->cert;
totalSz = piv->certSz;
} }
/* Nonce (0B 14) */ /* Certificate Buffer Total Size (53 82 05F6) */
if (GetASNHeader(buf, ASN_PIV_NONCE, &idx, &length, totalSz) >= 0) { if (GetASNHeader(buf, ASN_APPLICATION | ASN_PRINTABLE_STRING, &idx,
piv->nonce = &buf[idx]; &length, totalSz) < 0) {
piv->nonceSz = length; return ASN_PARSE_E;
}
/* PIV Certificate (70 82 05ED) */
if (GetASNHeader(buf, ASN_PIV_TAG_CERT, &idx, &length,
totalSz) < 0) {
return ASN_PARSE_E;
}
/* Capture certificate buffer pointer and length */
piv->cert = &buf[idx];
piv->certSz = length;
idx += length;
/* PIV Certificate Info (71 01 00) */
if (GetASNHeader(buf, ASN_PIV_TAG_CERT_INFO, &idx, &length,
totalSz) >= 0) {
if (length >= 1) {
piv->compression = (buf[idx] & ASN_PIV_CERT_INFO_COMPRESSED);
piv->isX509 = (buf[idx] & ASN_PIV_CERT_INFO_ISX509);
}
idx += length; idx += length;
} }
/* Signed Nonce (0C 82 0100) */ /* PIV Error Detection (FE 00) */
if (GetASNHeader(buf, ASN_PIV_SIGNED_NONCE, &idx, &length, totalSz) >= 0) { if (GetASNHeader(buf, ASN_PIV_TAG_ERR_DET, &idx, &length,
piv->signedNonce = &buf[idx]; totalSz) >= 0) {
piv->signedNonceSz = length; piv->certErrDet = &buf[idx];
piv->certErrDetSz = length;
idx += length; idx += length;
} }

22
wolfcrypt/test/test.c
View File

@@ -20331,12 +20331,24 @@ int cryptodev_test(void)
#ifdef WOLFSSL_CERT_PIV #ifdef WOLFSSL_CERT_PIV
int certpiv_test(void) int certpiv_test(void)
{ {
/* TODO: Add test for wc_ParseCertPIV */ int ret;
#if 0
wc_CertPIV piv; wc_CertPIV piv;
ret = wc_ParseCertPIV(&piv, buf, totalSz);
#endif /* Template for Identiv PIV cert, nonce and signature */
return 0; const byte pivCert[] = {
0x0A, 0x0D,
0x53, 0x04, /* NIST PIV Cert */
0x70, 0x02, /* Certificate */
0x30, 0x00,
0x71, 0x01, 0x00, /* Cert Info */
0xFE, 0x00, /* Error Detection */
0x0B, 0x01, 0x00, /* Nonce */
0x0C, 0x01, 0x00, /* Signed Nonce */
};
ret = wc_ParseCertPIV(&piv, pivCert, sizeof(pivCert));
return ret;
} }
#endif /* WOLFSSL_CERT_PIV */ #endif /* WOLFSSL_CERT_PIV */

9
wolfssl/wolfcrypt/asn_public.h
View File

@@ -486,14 +486,15 @@ typedef struct _wc_CertPIV {
word32 certSz; word32 certSz;
const byte* certErrDet; const byte* certErrDet;
word32 certErrDetSz; word32 certErrDetSz;
const byte* nonce; const byte* nonce; /* Identiv Only */
word32 nonceSz; word32 nonceSz; /* Identiv Only */
const byte* signedNonce; const byte* signedNonce; /* Identiv Only */
word32 signedNonceSz; word32 signedNonceSz; /* Identiv Only */
/* flags */ /* flags */
word16 compression:2; word16 compression:2;
word16 isX509:1; word16 isX509:1;
word16 isIdentiv:1;
} wc_CertPIV; } wc_CertPIV;
WOLFSSL_API int wc_ParseCertPIV(wc_CertPIV* cert, const byte* buf, word32 totalSz); WOLFSSL_API int wc_ParseCertPIV(wc_CertPIV* cert, const byte* buf, word32 totalSz);