wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 04:34:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1877 from dgarske/pkcs8_ec

Browse Source 
Added support for ECC private key with PKCS8 encoding
This commit is contained in:
toddouska
2018-10-22 14:59:10 -07:00
committed by GitHub
parent 42fecee77b 7ce236f3af
commit 878b5925fc
4 changed files with 58 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
certs/ecc-privkeyPkcs8.pem Normal file
View File

@@ -0,0 +1,4 @@
-----BEGIN EC PRIVATE KEY-----
MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCBFtmkCc5xshaE4W3Lo
6MesxAONUzUE+mwo3DSN4agJjA==
-----END EC PRIVATE KEY-----

1
certs/include.am
View File

@@ -12,6 +12,7 @@ EXTRA_DIST += \
certs/client-relative-uri.pem \
certs/ecc-key.pem \
certs/ecc-privkey.pem \
certs/ecc-privkeyPkcs8.pem \
certs/ecc-keyPkcs8Enc.pem \
certs/ecc-key-comp.pem \
certs/ecc-keyPkcs8.pem \

52
tests/api.c
View File

@@ -3531,24 +3531,34 @@ static WC_INLINE int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userd
}
#endif
/* Testing functions dealing with PKCS8 */
static void test_wolfSSL_PKCS8(void)
{
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(NO_DES3) && !defined(NO_FILESYSTEM) && \
!defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \
defined(WOLFSSL_ENCRYPTED_KEYS)
#if !defined(NO_FILESYSTEM) && !defined(NO_ASN)
byte buffer[FOURK_BUF];
byte der[FOURK_BUF];
char file[] = "./certs/server-keyPkcs8Enc.pem";
const char eccPkcs8PrivKeyFile[] = "./certs/ecc-privkeyPkcs8.pem";
XFILE f;
int flag = 1;
int bytes;
int bytes;
#ifdef HAVE_ECC
int ret;
ecc_key key;
word32 x = 0;
#endif
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) && \
!defined(NO_PWDBASED) && !defined(NO_RSA)
#define TEST_PKCS8_ENC
const char serverKeyPkcs8EncFile[] = "./certs/server-keyPkcs8Enc.pem";
int flag = 1;
WOLFSSL_CTX* ctx;
#endif
printf(testingFmt, "wolfSSL_PKCS8()");
f = XFOPEN(file, "rb");
#ifdef TEST_PKCS8_ENC
f = XFOPEN(serverKeyPkcs8EncFile, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
XFCLOSE(f);
@@ -3581,14 +3591,34 @@ static void test_wolfSSL_PKCS8(void)
wolfSSL_CTX_free(ctx);
/* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */
AssertIntGT(wc_KeyPemToDer(buffer, bytes, der, FOURK_BUF, "yassl123"),
0);
AssertIntGT(wc_KeyPemToDer(buffer, bytes, der, FOURK_BUF, "yassl123"), 0);
/* test that error value is returned with a bad password */
AssertIntLT(wc_KeyPemToDer(buffer, bytes, der, FOURK_BUF, "bad"), 0);
#endif /* TEST_PKCS8_ENC */
/* Test PKCS8 PEM ECC key no crypt */
f = XFOPEN(eccPkcs8PrivKeyFile, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
XFCLOSE(f);
/* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */
#ifdef HAVE_ECC
AssertIntGT((bytes = wc_KeyPemToDer(buffer, bytes, der, FOURK_BUF, NULL)), 0);
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_EccPrivateKeyDecode(der, &x, &key, bytes);
wc_ecc_free(&key);
}
AssertIntEQ(ret, 0);
#else
AssertIntEQ((bytes = wc_KeyPemToDer(buffer, bytes, der, FOURK_BUF, NULL)),
ASN_NO_PEM_HEADER);
#endif
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
#endif /* !NO_FILESYSTEM && !NO_ASN */
}
/* Testing functions dealing with PKCS5 */

16
wolfcrypt/src/asn.c
View File

@@ -8512,12 +8512,20 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
der->buffer, &der->length) < 0)
return BUFFER_E;
if (header == BEGIN_PRIV_KEY && !encrypted_key) {
if ((header == BEGIN_PRIV_KEY
#ifdef HAVE_ECC
|| header == BEGIN_EC_PRIV
#endif
) && !encrypted_key)
{
/* pkcs8 key, convert and adjust length */
if ((ret = ToTraditional(der->buffer, der->length)) < 0)
return ret;
if ((ret = ToTraditional(der->buffer, der->length)) > 0) {
der->length = ret;
}
else {
/* ignore failure here and assume key is not pkcs8 wrapped */
}
der->length = ret;
return 0;
}