wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2739 from dgarske/pkcs8_ed25519

Browse Source 
Added PKCS8 support for ED25519
This commit is contained in:
JacobBarthelmeh
2020-01-24 10:56:40 -08:00
committed by GitHub
parent b9f39b7c06 2cd3474e9d
commit 695b126a1c
4 changed files with 122 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
src/ssl.c
View File

@@ -5232,8 +5232,7 @@ static int ProcessUserChain(WOLFSSL_CTX* ctx, const unsigned char* buff,
} }
static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der, static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der,
int* keySz, word32* idx, int* resetSuites, int *rsaKey, int *eccKey, int* keySz, word32* idx, int* resetSuites, int* keyFormat, void* heap, int devId)
int *ed25519Key, void* heap, int devId)
{ {
int ret = 0; int ret = 0;
@@ -5242,11 +5241,11 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
if (ctx == NULL && ssl == NULL) if (ctx == NULL && ssl == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if (!der || !keySz || !idx || !resetSuites || !rsaKey || !eccKey || !ed25519Key) if (!der || !keySz || !idx || !resetSuites || !keyFormat)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#ifndef NO_RSA #ifndef NO_RSA
if (ret == 0 && !*eccKey && !*ed25519Key) { if (ret == 0 && (*keyFormat == 0 || *keyFormat == RSAk)) {
/* make sure RSA key can be used */ /* make sure RSA key can be used */
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
RsaKey* key = NULL; RsaKey* key = NULL;
@@ -5265,13 +5264,8 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
*idx = 0; *idx = 0;
if (wc_RsaPrivateKeyDecode(der->buffer, idx, key, der->length) if (wc_RsaPrivateKeyDecode(der->buffer, idx, key, der->length)
!= 0) { != 0) {
#ifdef HAVE_ECC #if !defined(HAVE_ECC) && !defined(HAVE_ED25519)
/* could have DER ECC (or pkcs8 ecc), no easy way to tell */ WOLFSSL_MSG("RSA decode failed and ECC/ED25519 not enabled to try");
*eccKey = 1; /* try it next */
#elif defined(HAVE_ED25519)
*ed25519Key = 1; /* try it next */
#else
WOLFSSL_MSG("RSA decode failed and ECC not enabled to try");
ret = WOLFSSL_BAD_FILE; ret = WOLFSSL_BAD_FILE;
#endif #endif
} }
@@ -5294,8 +5288,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
ctx->privateKeySz = *keySz; ctx->privateKeySz = *keySz;
} }
*rsaKey = 1; *keyFormat = RSAk;
(void)rsaKey; /* for no ecc builds */
if (ssl && ssl->options.side == WOLFSSL_SERVER_END) { if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
ssl->options.haveStaticECC = 0; ssl->options.haveStaticECC = 0;
@@ -5312,7 +5305,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
} }
#endif #endif
#ifdef HAVE_ECC #ifdef HAVE_ECC
if (ret == 0 && !*rsaKey && !*ed25519Key) { if (ret == 0 && (*keyFormat == 0 || *keyFormat == ECDSAk)) {
/* make sure ECC key can be used */ /* make sure ECC key can be used */
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
ecc_key* key = NULL; ecc_key* key = NULL;
@@ -5339,7 +5332,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
ret = ECC_KEY_SIZE_E; ret = ECC_KEY_SIZE_E;
} }
*eccKey = 1; *keyFormat = ECDSAk;
if (ssl) { if (ssl) {
ssl->options.haveStaticECC = 1; ssl->options.haveStaticECC = 1;
ssl->buffers.keyType = ecc_dsa_sa_algo; ssl->buffers.keyType = ecc_dsa_sa_algo;
@@ -5355,8 +5348,6 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
*resetSuites = 1; *resetSuites = 1;
} }
} }
else
*eccKey = 0;
wc_ecc_free(key); wc_ecc_free(key);
} }
@@ -5367,7 +5358,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
} }
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
#ifdef HAVE_ED25519 #ifdef HAVE_ED25519
if (ret == 0 && !*rsaKey && !*eccKey) { if (ret == 0 && (*keyFormat == 0 || *keyFormat == ED25519k)) {
/* make sure Ed25519 key can be used */ /* make sure Ed25519 key can be used */
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
ed25519_key* key = NULL; ed25519_key* key = NULL;
@@ -5410,7 +5401,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
ctx->privateKeySz = *keySz; ctx->privateKeySz = *keySz;
} }
*ed25519Key = 1; *keyFormat = ED25519k;
if (ssl && ssl->options.side == WOLFSSL_SERVER_END) { if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
*resetSuites = 1; *resetSuites = 1;
} }
@@ -5437,9 +5428,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
DerBuffer* der = NULL; /* holds DER or RAW (for NTRU) */ DerBuffer* der = NULL; /* holds DER or RAW (for NTRU) */
int ret = 0; int ret = 0;
int done = 0; int done = 0;
int eccKey = 0; int keyFormat = 0;
int ed25519Key = 0;
int rsaKey = 0;
int resetSuites = 0; int resetSuites = 0;
void* heap = wolfSSL_CTX_GetHeap(ctx, ssl); void* heap = wolfSSL_CTX_GetHeap(ctx, ssl);
int devId = wolfSSL_CTX_GetDevId(ctx, ssl); int devId = wolfSSL_CTX_GetDevId(ctx, ssl);
@@ -5455,7 +5444,6 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
EncryptedInfo info[1]; EncryptedInfo info[1];
#endif #endif
(void)rsaKey;
(void)devId; (void)devId;
(void)idx; (void)idx;
(void)keySz; (void)keySz;
@@ -5488,7 +5476,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
if (format == WOLFSSL_FILETYPE_PEM) { if (format == WOLFSSL_FILETYPE_PEM) {
#ifdef WOLFSSL_PEM_TO_DER #ifdef WOLFSSL_PEM_TO_DER
ret = PemToDer(buff, sz, type, &der, heap, info, &eccKey); ret = PemToDer(buff, sz, type, &der, heap, info, &keyFormat);
#else #else
ret = NOT_COMPILED_IN; ret = NOT_COMPILED_IN;
#endif #endif
@@ -5497,12 +5485,19 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
/* ASN1 (DER) or RAW (NTRU) */ /* ASN1 (DER) or RAW (NTRU) */
int length = (int)sz; int length = (int)sz;
if (format == WOLFSSL_FILETYPE_ASN1) { if (format == WOLFSSL_FILETYPE_ASN1) {
/* get length of der (read sequence) */ /* get length of der (read sequence or octet string) */
word32 inOutIdx = 0; word32 inOutIdx = 0;
if (GetSequence(buff, &inOutIdx, &length, (word32)sz) < 0) { if (GetSequence(buff, &inOutIdx, &length, (word32)sz) >= 0) {
length += inOutIdx; /* include leading sequence */
}
/* get length using octect string (allowed for private key types) */
else if (type == PRIVATEKEY_TYPE &&
GetOctetString(buff, &inOutIdx, &length, (word32)sz) >= 0) {
length += inOutIdx; /* include leading oct string */
}
else {
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
} }
length += inOutIdx; /* include leading sequence */
} }
info->consumed = length; info->consumed = length;
@@ -5640,22 +5635,16 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
} }
else if (type == PRIVATEKEY_TYPE && format != WOLFSSL_FILETYPE_RAW) { else if (type == PRIVATEKEY_TYPE && format != WOLFSSL_FILETYPE_RAW) {
#if defined(WOLFSSL_ENCRYPTED_KEYS) || defined(HAVE_PKCS8) #if defined(WOLFSSL_ENCRYPTED_KEYS) || defined(HAVE_PKCS8)
/* attempt to detect key type */ keyFormat = algId;
if (algId == RSAk)
rsaKey = 1;
else if (algId == ECDSAk)
eccKey = 1;
else if (algId == ED25519k)
ed25519Key = 1;
#endif #endif
ret = ProcessBufferTryDecode(ctx, ssl, der, &keySz, &idx, &resetSuites, ret = ProcessBufferTryDecode(ctx, ssl, der, &keySz, &idx, &resetSuites,
&rsaKey, &eccKey, &ed25519Key, heap, devId); &keyFormat, heap, devId);
#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED) #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)
/* for WOLFSSL_FILETYPE_PEM, PemToDer manages the decryption */ /* for WOLFSSL_FILETYPE_PEM, PemToDer manages the decryption */
/* If private key type PKCS8 header wasn't already removed (algoId == 0) */ /* If private key type PKCS8 header wasn't already removed (algoId == 0) */
if ((ret != 0 || (!rsaKey && !eccKey && !ed25519Key)) if ((ret != 0 || keyFormat == 0)
&& format != WOLFSSL_FILETYPE_PEM && info->passwd_cb && algId == 0) && format != WOLFSSL_FILETYPE_PEM && info->passwd_cb && algId == 0)
{ {
int passwordSz = NAME_SZ; int passwordSz = NAME_SZ;
@@ -5692,7 +5681,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
XFREE(password, heap, DYNAMIC_TYPE_STRING); XFREE(password, heap, DYNAMIC_TYPE_STRING);
#endif #endif
ret = ProcessBufferTryDecode(ctx, ssl, der, &keySz, &idx, ret = ProcessBufferTryDecode(ctx, ssl, der, &keySz, &idx,
&resetSuites, &rsaKey, &eccKey, &ed25519Key, heap, devId); &resetSuites, &keyFormat, heap, devId);
} }
#endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_PWDBASED */ #endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_PWDBASED */
@@ -5702,9 +5691,9 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
if (ret != 0) if (ret != 0)
return ret; return ret;
if (!rsaKey && !eccKey && !ed25519Key) if (keyFormat == 0)
return WOLFSSL_BAD_FILE; return WOLFSSL_BAD_FILE;
(void)ed25519Key;
(void)devId; (void)devId;
} }
else if (type == CERT_TYPE) { else if (type == CERT_TYPE) {
@@ -35263,14 +35252,14 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
if (keyFormat) { if (keyFormat) {
/* keyFormat is Key_Sum enum */ /* keyFormat is Key_Sum enum */
if (keyFormat == ECDSAk) if (keyFormat == RSAk)
type = EVP_PKEY_RSA;
else if (keyFormat == ECDSAk)
type = EVP_PKEY_EC; type = EVP_PKEY_EC;
else if (keyFormat == DSAk) else if (keyFormat == DSAk)
type = EVP_PKEY_DSA; type = EVP_PKEY_DSA;
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
else if (keyFormat == DHk) else if (keyFormat == DHk)
type = EVP_PKEY_DH; type = EVP_PKEY_DH;
#endif
} }
else { else {
/* Default to RSA if format is not set */ /* Default to RSA if format is not set */

38
tests/api.c
View File

@@ -4783,7 +4783,7 @@ static void test_wolfSSL_no_password_cb(void)
#ifdef TEST_PKCS8_ENC #ifdef TEST_PKCS8_ENC
/* for PKCS8 test case */ /* for PKCS8 test case */
static WC_INLINE int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata) static int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata)
{ {
int flag = 0; int flag = 0;
@@ -4895,7 +4895,7 @@ static void test_wolfSSL_PKCS8(void)
flag = 0; /* used by password callback as return code */ flag = 0; /* used by password callback as return code */
AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes, AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif /* !NO_RSA */ #endif /* !NO_RSA && !NO_SHA */
#if defined(HAVE_ECC) && !defined(NO_SHA) #if defined(HAVE_ECC) && !defined(NO_SHA)
/* test loading PEM PKCS8 encrypted ECC Key file */ /* test loading PEM PKCS8 encrypted ECC Key file */
@@ -4936,7 +4936,7 @@ static void test_wolfSSL_PKCS8(void)
/* leave flag as "okay" */ /* leave flag as "okay" */
flag = 1; flag = 1;
#endif /* HAVE_ECC */ #endif /* HAVE_ECC && !NO_SHA */
#endif /* TEST_PKCS8_ENC */ #endif /* TEST_PKCS8_ENC */
@@ -4998,6 +4998,37 @@ static void test_wolfSSL_PKCS8(void)
#endif /* !NO_FILESYSTEM && !NO_ASN && HAVE_PKCS8 */ #endif /* !NO_FILESYSTEM && !NO_ASN && HAVE_PKCS8 */
} }
static void test_wolfSSL_PKCS8_ED25519(void)
{
#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \
defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED25519)
const byte encPrivKey[] = \
"-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
"MIGbMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAheCGLmWGh7+AICCAAw\n"
"DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEC4L5P6GappsTyhOOoQfvh8EQJMX\n"
"OAdlsYKCOcFo4djg6AI1lRdeBRwVFWkha7gBdoCJOzS8wDvTbYcJMPvANu5ft3nl\n"
"2L9W4v7swXkV+X+a1ww=\n"
"-----END ENCRYPTED PRIVATE KEY-----\n";
const char password[] = "abcdefghijklmnopqrstuvwxyz";
byte der[FOURK_BUF];
WOLFSSL_CTX* ctx;
int bytes;
XMEMSET(der, 0, sizeof(der));
AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der,
(word32)sizeof(der), password)), 0);
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_CTX_free(ctx);
#endif
}
/* Testing functions dealing with PKCS5 */ /* Testing functions dealing with PKCS5 */
static void test_wolfSSL_PKCS5(void) static void test_wolfSSL_PKCS5(void)
{ {
@@ -30154,6 +30185,7 @@ void ApiTest(void)
test_wolfSSL_PKCS12(); test_wolfSSL_PKCS12();
test_wolfSSL_no_password_cb(); test_wolfSSL_no_password_cb();
test_wolfSSL_PKCS8(); test_wolfSSL_PKCS8();
test_wolfSSL_PKCS8_ED25519();
test_wolfSSL_PKCS5(); test_wolfSSL_PKCS5();
test_wolfSSL_URI(); test_wolfSSL_URI();
test_wolfSSL_TBS(); test_wolfSSL_TBS();

118
wolfcrypt/src/asn.c
View File

@@ -138,16 +138,16 @@ extern int wc_InitRsaHw(RsaKey* key);
#endif #endif
#endif #endif
#ifdef WOLFSSL_RENESAS_TSIP_TLS #ifdef WOLFSSL_RENESAS_TSIP_TLS
WOLFSSL_LOCAL void tsip_inform_key_position(const word32 key_n_start, void tsip_inform_key_position(const word32 key_n_start,
const word32 key_n_len, const word32 key_e_start, const word32 key_n_len, const word32 key_e_start,
const word32 key_e_len); const word32 key_e_len);
WOLFSSL_LOCAL int tsip_tls_CertVerify(const byte *cert, word32 certSz, int tsip_tls_CertVerify(const byte *cert, word32 certSz,
const byte *signature, word32 sigSz, const byte *signature, word32 sigSz,
word32 key_n_start, word32 key_n_len, word32 key_n_start, word32 key_n_len,
word32 key_e_start, word32 key_e_len, word32 key_e_start, word32 key_e_len,
byte *tsip_encRsaKeyIdx); byte *tsip_encRsaKeyIdx);
#endif #endif
WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, int GetLength(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx) word32 maxIdx)
{ {
return GetLength_ex(input, inOutIdx, len, maxIdx, 1); return GetLength_ex(input, inOutIdx, len, maxIdx, 1);
@@ -155,7 +155,7 @@ WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len,
/* give option to check length value found against index. 1 to check 0 to not */ /* give option to check length value found against index. 1 to check 0 to not */
WOLFSSL_LOCAL int GetLength_ex(const byte* input, word32* inOutIdx, int* len, int GetLength_ex(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx, int check) word32 maxIdx, int check)
{ {
int length = 0; int length = 0;
@@ -290,7 +290,7 @@ static int GetHeader(const byte* input, byte* tag, word32* inOutIdx, int* len,
return length; return length;
} }
WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len, int GetSequence(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx) word32 maxIdx)
{ {
return GetASNHeader(input, ASN_SEQUENCE | ASN_CONSTRUCTED, inOutIdx, len, return GetASNHeader(input, ASN_SEQUENCE | ASN_CONSTRUCTED, inOutIdx, len,
@@ -298,7 +298,7 @@ WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len,
} }
WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len, int GetSequence_ex(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx, int check) word32 maxIdx, int check)
{ {
return GetASNHeader_ex(input, ASN_SEQUENCE | ASN_CONSTRUCTED, inOutIdx, len, return GetASNHeader_ex(input, ASN_SEQUENCE | ASN_CONSTRUCTED, inOutIdx, len,
@@ -306,7 +306,7 @@ WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len,
} }
WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len, int GetSet(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx) word32 maxIdx)
{ {
return GetASNHeader(input, ASN_SET | ASN_CONSTRUCTED, inOutIdx, len, return GetASNHeader(input, ASN_SET | ASN_CONSTRUCTED, inOutIdx, len,
@@ -314,7 +314,7 @@ WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len,
} }
WOLFSSL_LOCAL int GetSet_ex(const byte* input, word32* inOutIdx, int* len, int GetSet_ex(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx, int check) word32 maxIdx, int check)
{ {
return GetASNHeader_ex(input, ASN_SET | ASN_CONSTRUCTED, inOutIdx, len, return GetASNHeader_ex(input, ASN_SET | ASN_CONSTRUCTED, inOutIdx, len,
@@ -423,7 +423,7 @@ static int SetBoolean(int val, byte* output)
* invalid. * invalid.
* Otherwise, the number of bytes in the ASN.1 data. * Otherwise, the number of bytes in the ASN.1 data.
*/ */
static int GetOctetString(const byte* input, word32* inOutIdx, int* len, int GetOctetString(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx) word32 maxIdx)
{ {
return GetASNHeader(input, ASN_OCTET_STRING, inOutIdx, len, maxIdx); return GetASNHeader(input, ASN_OCTET_STRING, inOutIdx, len, maxIdx);
@@ -714,7 +714,7 @@ static int SetASNIntRSA(void* n, byte* output)
#endif /* !NO_RSA && HAVE_USER_RSA && WOLFSSL_CERT_GEN */ #endif /* !NO_RSA && HAVE_USER_RSA && WOLFSSL_CERT_GEN */
/* Windows header clash for WinCE using GetVersion */ /* Windows header clash for WinCE using GetVersion */
WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx, int GetMyVersion(const byte* input, word32* inOutIdx,
int* version, word32 maxIdx) int* version, word32 maxIdx)
{ {
word32 idx = *inOutIdx; word32 idx = *inOutIdx;
@@ -741,7 +741,7 @@ WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx,
#ifndef NO_PWDBASED #ifndef NO_PWDBASED
/* Get small count integer, 32 bits or less */ /* Get small count integer, 32 bits or less */
WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number, word32 maxIdx) int GetShortInt(const byte* input, word32* inOutIdx, int* number, word32 maxIdx)
{ {
word32 idx = *inOutIdx; word32 idx = *inOutIdx;
word32 len; word32 len;
@@ -778,7 +778,7 @@ WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number,
/* Set small integer, 32 bits or less. DER encoding with no leading 0s /* Set small integer, 32 bits or less. DER encoding with no leading 0s
* returns total amount written including ASN tag and length byte on success */ * returns total amount written including ASN tag and length byte on success */
WOLFSSL_LOCAL int SetShortInt(byte* input, word32* inOutIdx, word32 number, word32 maxIdx) int SetShortInt(byte* input, word32* inOutIdx, word32 number, word32 maxIdx)
{ {
word32 idx = *inOutIdx; word32 idx = *inOutIdx;
word32 len = 0; word32 len = 0;
@@ -960,7 +960,7 @@ static int CheckBitString(const byte* input, word32* inOutIdx, int* len,
* output Buffer to write into. * output Buffer to write into.
* returns the number of bytes added to the buffer. * returns the number of bytes added to the buffer.
*/ */
WOLFSSL_LOCAL word32 SetBitString(word32 len, byte unusedBits, byte* output) word32 SetBitString(word32 len, byte unusedBits, byte* output)
{ {
word32 idx = 0; word32 idx = 0;
@@ -2502,7 +2502,7 @@ static int SkipObjectId(const byte* input, word32* inOutIdx, word32 maxIdx)
return 0; return 0;
} }
WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
word32 oidType, word32 maxIdx) word32 oidType, word32 maxIdx)
{ {
int length; int length;
@@ -5406,7 +5406,7 @@ WOLFSSL_API int EccEnumToNID(int n)
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn) int wc_OBJ_sn2nid(const char *sn)
{ {
const struct { const struct {
const char *sn; const char *sn;
@@ -6252,7 +6252,7 @@ int GetAsnTimeString(void* currTime, byte* buf, word32 len)
#if defined(USE_WOLF_VALIDDATE) #if defined(USE_WOLF_VALIDDATE)
/* to the second */ /* to the second */
WOLFSSL_LOCAL int DateGreaterThan(const struct tm* a, const struct tm* b) int DateGreaterThan(const struct tm* a, const struct tm* b)
{ {
if (a->tm_year > b->tm_year) if (a->tm_year > b->tm_year)
return 1; return 1;
@@ -6648,7 +6648,7 @@ static word32 BytePrecision(word32 value)
} }
WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output) word32 SetLength(word32 length, byte* output)
{ {
word32 i = 0, j; word32 i = 0, j;
@@ -6672,45 +6672,27 @@ WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output)
return i; return i;
} }
WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header) word32 SetSequence(word32 len, byte* output)
{
int i = 0;
if (output == NULL)
return BAD_FUNC_ARG;
if (header) {
output[i++] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED;
output[i++] = 3;
}
output[i++] = ASN_INTEGER;
output[i++] = 0x01;
output[i++] = (byte)version;
return i;
}
WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output)
{ {
if (output) if (output)
output[0] = ASN_SEQUENCE | ASN_CONSTRUCTED; output[0] = ASN_SEQUENCE | ASN_CONSTRUCTED;
return SetLength(len, output ? output + 1 : NULL) + 1; return SetLength(len, output ? output + 1 : NULL) + 1;
} }
WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output) word32 SetOctetString(word32 len, byte* output)
{ {
output[0] = ASN_OCTET_STRING; output[0] = ASN_OCTET_STRING;
return SetLength(len, output + 1) + 1; return SetLength(len, output + 1) + 1;
} }
/* Write a set header to output */ /* Write a set header to output */
WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output) word32 SetSet(word32 len, byte* output)
{ {
output[0] = ASN_SET | ASN_CONSTRUCTED; output[0] = ASN_SET | ASN_CONSTRUCTED;
return SetLength(len, output + 1) + 1; return SetLength(len, output + 1) + 1;
} }
WOLFSSL_LOCAL word32 SetImplicit(byte tag, byte number, word32 len, byte* output) word32 SetImplicit(byte tag, byte number, word32 len, byte* output)
{ {
output[0] = ((tag == ASN_SEQUENCE || tag == ASN_SET) ? ASN_CONSTRUCTED : 0) output[0] = ((tag == ASN_SEQUENCE || tag == ASN_SET) ? ASN_CONSTRUCTED : 0)
@@ -6718,7 +6700,7 @@ WOLFSSL_LOCAL word32 SetImplicit(byte tag, byte number, word32 len, byte* output
return SetLength(len, output + 1) + 1; return SetLength(len, output + 1) + 1;
} }
WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output) word32 SetExplicit(byte number, word32 len, byte* output)
{ {
output[0] = ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | number; output[0] = ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | number;
return SetLength(len, output + 1) + 1; return SetLength(len, output + 1) + 1;
@@ -6780,7 +6762,7 @@ static WC_INLINE int IsSigAlgoECDSA(int algoOID)
} }
#endif #endif
WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
{ {
word32 tagSz, idSz, seqSz, algoSz = 0; word32 tagSz, idSz, seqSz, algoSz = 0;
const byte* algoName = 0; const byte* algoName = 0;
@@ -8768,9 +8750,9 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm)
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
WOLFSSL_LOCAL Signer* GetCA(void* signers, byte* hash); Signer* GetCA(void* signers, byte* hash);
#ifndef NO_SKID #ifndef NO_SKID
WOLFSSL_LOCAL Signer* GetCAByName(void* signers, byte* hash); Signer* GetCAByName(void* signers, byte* hash);
#endif #endif
#ifdef __cplusplus #ifdef __cplusplus
} }
@@ -9539,7 +9521,25 @@ void FreeTrustedPeerTable(TrustedPeerCert** table, int rows, void* heap)
} }
#endif /* WOLFSSL_TRUST_PEER_CERT */ #endif /* WOLFSSL_TRUST_PEER_CERT */
WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output, int SetMyVersion(word32 version, byte* output, int header)
{
int i = 0;
if (output == NULL)
return BAD_FUNC_ARG;
if (header) {
output[i++] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED;
output[i++] = 3;
}
output[i++] = ASN_INTEGER;
output[i++] = 0x01;
output[i++] = (byte)version;
return i;
}
int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
word32 outputSz, int maxSnSz) word32 outputSz, int maxSnSz)
{ {
int i; int i;
@@ -9585,7 +9585,7 @@ WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
#endif /* !NO_CERTS */ #endif /* !NO_CERTS */
WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, int GetSerialNumber(const byte* input, word32* inOutIdx,
byte* serial, int* serialSz, word32 maxIdx) byte* serial, int* serialSz, word32 maxIdx)
{ {
int result = 0; int result = 0;
@@ -10330,18 +10330,9 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
/* pkcs8 key, convert and adjust length */ /* pkcs8 key, convert and adjust length */
if ((ret = ToTraditional_ex(der->buffer, der->length, &algId)) > 0) { if ((ret = ToTraditional_ex(der->buffer, der->length, &algId)) > 0) {
der->length = ret; der->length = ret;
#if !defined(NO_DSA) if (keyFormat) {
if (algId == DSAk) *keyFormat = algId;
*keyFormat = DSAk; }
#endif
#ifdef HAVE_ECC
if (algId == ECDSAk)
*keyFormat = ECDSAk;
#endif
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
if (algId == DHk)
*keyFormat = DHk;
#endif
} }
else { else {
/* ignore failure here and assume key is not pkcs8 wrapped */ /* ignore failure here and assume key is not pkcs8 wrapped */
@@ -10385,14 +10376,9 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
if (ret >= 0) { if (ret >= 0) {
der->length = ret; der->length = ret;
if ((algId == ECDSAk) && (keyFormat != NULL)) if (keyFormat) {
*keyFormat = ECDSAk; *keyFormat = algId;
else if ((algId == DSAk) && (keyFormat != NULL)) }
*keyFormat = DSAk;
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
else if ((algId == DHk) && (keyFormat != NULL))
*keyFormat = DHk;
#endif
ret = 0; ret = 0;
} }
#else #else
@@ -16444,7 +16430,7 @@ int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp)
/* store WC_SHA hash of NAME */ /* store WC_SHA hash of NAME */
WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, int GetNameHash(const byte* source, word32* idx, byte* hash,
int maxIdx) int maxIdx)
{ {
int length; /* length of all distinguished names */ int length; /* length of all distinguished names */

8
wolfssl/wolfcrypt/asn.h
View File

@@ -432,10 +432,8 @@ enum Key_Sum {
RSAk = 645, RSAk = 645,
NTRUk = 274, NTRUk = 274,
ECDSAk = 518, ECDSAk = 518,
ED25519k = 256 ED25519k = 256,
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) DHk = 647, /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */
,DHk = 647 /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */
#endif
}; };
#if !defined(NO_AES) || defined(HAVE_PKCS7) #if !defined(NO_AES) || defined(HAVE_PKCS7)
@@ -1114,6 +1112,8 @@ WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx); word32 maxIdx);
WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len, WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx, int check); word32 maxIdx, int check);
WOLFSSL_LOCAL int GetOctetString(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx);
WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len, WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx); word32 maxIdx);
WOLFSSL_LOCAL int GetSet_ex(const byte* input, word32* inOutIdx, int* len, WOLFSSL_LOCAL int GetSet_ex(const byte* input, word32* inOutIdx, int* len,