wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3869 from SparkiDev/asn1_template

Browse Source 
ASN1 Template: stricter and simpler DER/BER parsing/construction
This commit is contained in:
John Safranek
2021-08-19 12:47:04 -07:00
committed by GitHub
parent 3226e69649 d486b89c61
commit e7ef48d2b7
11 changed files with 13301 additions and 1349 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
certs/renewcerts.sh
View File

@@ -544,6 +544,16 @@ run_renewcerts(){
echo "End of section" echo "End of section"
echo "---------------------------------------------------------------------" echo "---------------------------------------------------------------------"
############################################################
########## generate Ed25519 certificates ###################
############################################################
echo "Renewing Ed448 certificates"
cd ed25519
./gen-ed25519-certs.sh
cd ..
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################ ############################################################
########## generate Ed448 certificates ##################### ########## generate Ed448 certificates #####################
############################################################ ############################################################
@@ -749,21 +759,6 @@ then
echo "changed directory to wolfssl root directory." echo "changed directory to wolfssl root directory."
echo "" echo ""
echo ""
echo "Enter directory to ed25519 certificate generation example."
echo "Can be found at https://github.com/wolfSSL/wolfssl-examples"
read -r ED25519_DIR
if [ -d "${ED25519_DIR}" ]; then
pushd ./certs/ed25519 || { echo "Failed to push certs/ed25519";
exit 1; }
./gen-ed25519.sh "${ED25519_DIR}"
check_result $? "./gen-ed25519.sh"
popd || exit 1
else
echo "Unable to find directory ${ED25519_DIR}"
exit 1
fi
############################################################ ############################################################
########## update ntru if already installed ################ ########## update ntru if already installed ################
############################################################ ############################################################
@@ -786,23 +781,11 @@ elif [ ! -z "$1" ]; then
if [ "$1" == "--override-ntru" ]; then if [ "$1" == "--override-ntru" ]; then
echo "overriding ntru, update all certs except ntru." echo "overriding ntru, update all certs except ntru."
run_renewcerts run_renewcerts
#valid argument create ed25519 certificates
elif [ "$1" == "--ed25519" ] || [ "$2" == "--ed25519" ]; then
echo ""
echo "Enter directory to ed25519 certificate generation example."
echo "Can be found at https://github.com/wolfSSL/wolfssl-examples"
read -r ED25519_DIR
pushd ./certs/ed25519 || { echo "failed to push ./certs/ed25519";
exit 1; }
./gen-ed25519.sh "${ED25519_DIR}"
check_result $? "./gen-ed25519.sh"
popd || exit 1
#valid argument print out other valid arguments #valid argument print out other valid arguments
elif [ "$1" == "-h" ] || [ "$1" == "-help" ]; then elif [ "$1" == "-h" ] || [ "$1" == "-help" ]; then
echo "" echo ""
echo "\"no argument\" will attempt to update all certificates" echo "\"no argument\" will attempt to update all certificates"
echo "--override-ntru updates all certificates except ntru" echo "--override-ntru updates all certificates except ntru"
echo "--ed25519 updates all ed25519 certificates"
echo "-h or -help display this menu" echo "-h or -help display this menu"
echo "" echo ""
echo "" echo ""

6
configure.ac
View File

@@ -2924,6 +2924,12 @@ AC_ARG_ENABLE([asn],
[ ENABLED_ASN=yes ] [ ENABLED_ASN=yes ]
) )
if test "$ENABLED_ASN" = "template"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE"
ENABLED_ASN=yes
fi
if test "$ENABLED_ASN" = "no" if test "$ENABLED_ASN" = "no"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN" AM_CFLAGS="$AM_CFLAGS -DNO_ASN"

69
src/ssl.c
View File

@@ -21282,7 +21282,9 @@ void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj)
return; return;
} }
if ((obj->obj != NULL) && ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0)) { if ((obj->obj != NULL) && ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0)) {
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_MSG("Freeing ASN1 data"); WOLFSSL_MSG("Freeing ASN1 data");
#endif
XFREE((void*)obj->obj, obj->heap, DYNAMIC_TYPE_ASN1); XFREE((void*)obj->obj, obj->heap, DYNAMIC_TYPE_ASN1);
obj->obj = NULL; obj->obj = NULL;
} }
@@ -21293,7 +21295,9 @@ void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj)
} }
#endif #endif
if ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC) != 0) { if ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC) != 0) {
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_MSG("Freeing ASN1 OBJECT"); WOLFSSL_MSG("Freeing ASN1 OBJECT");
#endif
XFREE(obj, NULL, DYNAMIC_TYPE_ASN1); XFREE(obj, NULL, DYNAMIC_TYPE_ASN1);
} }
} }
@@ -22758,7 +22762,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
{ {
WOLFSSL_ASN1_STRING* asn1; WOLFSSL_ASN1_STRING* asn1;
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_new"); WOLFSSL_ENTER("wolfSSL_ASN1_STRING_new");
#endif
asn1 = (WOLFSSL_ASN1_STRING*)XMALLOC(sizeof(WOLFSSL_ASN1_STRING), NULL, asn1 = (WOLFSSL_ASN1_STRING*)XMALLOC(sizeof(WOLFSSL_ASN1_STRING), NULL,
DYNAMIC_TYPE_OPENSSL); DYNAMIC_TYPE_OPENSSL);
@@ -22807,7 +22813,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
/* used to free a WOLFSSL_ASN1_STRING structure */ /* used to free a WOLFSSL_ASN1_STRING structure */
void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1) void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1)
{ {
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_free"); WOLFSSL_ENTER("wolfSSL_ASN1_STRING_free");
#endif
if (asn1 != NULL) { if (asn1 != NULL) {
if (asn1->length > 0 && asn1->data != NULL && asn1->isDynamic) { if (asn1->length > 0 && asn1->data != NULL && asn1->isDynamic) {
@@ -22866,7 +22874,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
{ {
WOLFSSL_ASN1_STRING* asn1; WOLFSSL_ASN1_STRING* asn1;
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_type_new"); WOLFSSL_ENTER("wolfSSL_ASN1_STRING_type_new");
#endif
asn1 = wolfSSL_ASN1_STRING_new(); asn1 = wolfSSL_ASN1_STRING_new();
if (asn1 == NULL) { if (asn1 == NULL) {
@@ -22887,7 +22897,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
int wolfSSL_ASN1_STRING_type(const WOLFSSL_ASN1_STRING* asn1) int wolfSSL_ASN1_STRING_type(const WOLFSSL_ASN1_STRING* asn1)
{ {
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_type"); WOLFSSL_ENTER("wolfSSL_ASN1_STRING_type");
#endif
if (asn1 == NULL) { if (asn1 == NULL) {
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
@@ -22908,7 +22920,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
{ {
int sz; int sz;
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_set"); WOLFSSL_ENTER("wolfSSL_ASN1_STRING_set");
#endif
if (asn1 == NULL || (data == NULL && dataSz < 0)) { if (asn1 == NULL || (data == NULL && dataSz < 0)) {
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
@@ -22970,7 +22984,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn) unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn)
{ {
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_data"); WOLFSSL_ENTER("wolfSSL_ASN1_STRING_data");
#endif
if (asn) { if (asn) {
return (unsigned char*)asn->data; return (unsigned char*)asn->data;
@@ -22983,7 +22999,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING* asn) int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING* asn)
{ {
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_length"); WOLFSSL_ENTER("wolfSSL_ASN1_STRING_length");
#endif
if (asn) { if (asn) {
return asn->length; return asn->length;
@@ -26130,6 +26148,7 @@ int wolfSSL_ASN1_INTEGER_set(WOLFSSL_ASN1_INTEGER *a, long v)
int j; int j;
unsigned int i = 0; unsigned int i = 0;
unsigned char tmp[sizeof(long)+1] = {0}; unsigned char tmp[sizeof(long)+1] = {0};
int pad = 0;
if (a != NULL) { if (a != NULL) {
/* dynamically create data buffer, +2 for type and length */ /* dynamically create data buffer, +2 for type and length */
@@ -26169,11 +26188,19 @@ int wolfSSL_ASN1_INTEGER_set(WOLFSSL_ASN1_INTEGER *a, long v)
v >>= 8; v >>= 8;
} }
/* 0 pad to indicate positive number when top bit set. */
if ((!a->negative) && (j > 0) && (tmp[j-1] & 0x80)) {
pad = 1;
}
/* Set length */ /* Set length */
a->data[i++] = (unsigned char)((j == 0) ? ++j : j); a->data[i++] = (unsigned char)(((j == 0) ? ++j : j) + pad);
/* +2 for type and length */ /* +2 for type and length */
a->length = j + 2; a->length = j + pad + 2;
/* Add padding if required. */
if (pad) {
a->data[i++] = 0;
}
/* Copy to data */ /* Copy to data */
for (; j > 0; j--) { for (; j > 0; j--) {
a->data[i++] = tmp[j-1]; a->data[i++] = tmp[j-1];
@@ -40939,7 +40966,12 @@ cleanup:
defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \
defined(OPENSSL_EXTRA)) defined(OPENSSL_EXTRA))
/* Converts from NID_* value to wolfSSL value if needed */ /* Converts from NID_* value to wolfSSL value if needed.
*
* @param [in] nid Numeric Id of a domain name component.
* @return Domain name tag values - wolfSSL internal values.
* @return -1 when nid isn't known.
*/
static int ConvertNIDToWolfSSL(int nid) static int ConvertNIDToWolfSSL(int nid)
{ {
switch (nid) { switch (nid) {
@@ -40995,8 +41027,7 @@ static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
/* type is set as UTF8 */ /* type is set as UTF8 */
asn_out->type = MBSTRING_UTF8; asn_out->type = MBSTRING_UTF8;
asn_out->length = wolfSSL_ASN1_STRING_to_UTF8( asn_out->length = wolfSSL_ASN1_STRING_to_UTF8(
(unsigned char**)&asn_out->data (unsigned char**)&asn_out->data, (WOLFSSL_ASN1_STRING*)asn_in);
, (WOLFSSL_ASN1_STRING*)asn_in);
if (asn_out->length < 0) { if (asn_out->length < 0) {
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
@@ -41145,7 +41176,7 @@ int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out)
} }
return totalBytes; return totalBytes;
} }
#endif #endif /* OPENSSL_ALL */
/* Converts the x509 name structure into DER format. /* Converts the x509 name structure into DER format.
* *
@@ -41255,7 +41286,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
/* check if using buffer passed in */ /* check if using buffer passed in */
if (*out == NULL) { if (*out == NULL) {
*out = local = (unsigned char*)XMALLOC(totalBytes + idx, NULL, *out = local = (unsigned char*)XMALLOC(totalBytes + idx, name->heap,
DYNAMIC_TYPE_OPENSSL); DYNAMIC_TYPE_OPENSSL);
if (*out == NULL) { if (*out == NULL) {
return MEMORY_E; return MEMORY_E;
@@ -42483,7 +42514,9 @@ err:
{ {
WOLFSSL_X509_NAME_ENTRY* ne; WOLFSSL_X509_NAME_ENTRY* ne;
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_create_by_NID()"); WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_create_by_NID()");
#endif
if (!data) { if (!data) {
WOLFSSL_MSG("Bad parameter"); WOLFSSL_MSG("Bad parameter");
@@ -42618,7 +42651,9 @@ err:
WOLFSSL_X509_NAME_ENTRY* current = NULL; WOLFSSL_X509_NAME_ENTRY* current = NULL;
int i; int i;
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_X509_NAME_add_entry()"); WOLFSSL_ENTER("wolfSSL_X509_NAME_add_entry()");
#endif
if (name == NULL || entry == NULL || entry->value == NULL) { if (name == NULL || entry == NULL || entry->value == NULL) {
WOLFSSL_MSG("NULL argument passed in"); WOLFSSL_MSG("NULL argument passed in");
@@ -42764,7 +42799,9 @@ err:
const char* sName = NULL; const char* sName = NULL;
int i; int i;
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_OBJ_nid2obj()"); WOLFSSL_ENTER("wolfSSL_OBJ_nid2obj()");
#endif
for (i = 0; i < (int)WOLFSSL_OBJECT_INFO_SZ; i++) { for (i = 0; i < (int)WOLFSSL_OBJECT_INFO_SZ; i++) {
if (wolfssl_object_info[i].nid == id) { if (wolfssl_object_info[i].nid == id) {
@@ -43255,7 +43292,9 @@ err:
word32 idx = 0; word32 idx = 0;
int ret; int ret;
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_OBJ_obj2nid"); WOLFSSL_ENTER("wolfSSL_OBJ_obj2nid");
#endif
if (o == NULL) { if (o == NULL) {
return -1; return -1;
@@ -43556,7 +43595,9 @@ err:
{ {
WOLFSSL_ASN1_OBJECT* obj = NULL; WOLFSSL_ASN1_OBJECT* obj = NULL;
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_object"); WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_object");
#endif
if (ne == NULL) return NULL; if (ne == NULL) return NULL;
obj = wolfSSL_OBJ_nid2obj_ex(ne->nid, ne->object); obj = wolfSSL_OBJ_nid2obj_ex(ne->nid, ne->object);
if (obj != NULL) { if (obj != NULL) {
@@ -43578,7 +43619,9 @@ err:
WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry( WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(
WOLFSSL_X509_NAME *name, int loc) WOLFSSL_X509_NAME *name, int loc)
{ {
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_X509_NAME_get_entry"); WOLFSSL_ENTER("wolfSSL_X509_NAME_get_entry");
#endif
if (name == NULL) { if (name == NULL) {
return NULL; return NULL;
@@ -52191,7 +52234,9 @@ int SetIndividualExternal(WOLFSSL_BIGNUM** bn, mp_int* mpi)
{ {
byte dynamic = 0; byte dynamic = 0;
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_MSG("Entering SetIndividualExternal"); WOLFSSL_MSG("Entering SetIndividualExternal");
#endif
if (mpi == NULL || bn == NULL) { if (mpi == NULL || bn == NULL) {
WOLFSSL_MSG("mpi NULL error"); WOLFSSL_MSG("mpi NULL error");
@@ -52231,7 +52276,9 @@ WOLFSSL_BIGNUM* wolfSSL_BN_new(void)
WOLFSSL_BIGNUM* external; WOLFSSL_BIGNUM* external;
mp_int* mpi; mp_int* mpi;
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_MSG("wolfSSL_BN_new"); WOLFSSL_MSG("wolfSSL_BN_new");
#endif
#if !defined(USE_FAST_MATH) || defined(HAVE_WOLF_BIGINT) #if !defined(USE_FAST_MATH) || defined(HAVE_WOLF_BIGINT)
mpi = (mp_int*) XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); mpi = (mp_int*) XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
@@ -52271,7 +52318,9 @@ WOLFSSL_BIGNUM* wolfSSL_BN_new(void)
void wolfSSL_BN_init(WOLFSSL_BIGNUM* bn) void wolfSSL_BN_init(WOLFSSL_BIGNUM* bn)
{ {
if(bn == NULL)return; if(bn == NULL)return;
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_MSG("wolfSSL_BN_init"); WOLFSSL_MSG("wolfSSL_BN_init");
#endif
InitwolfSSL_BigNum(bn); InitwolfSSL_BigNum(bn);
if (mp_init(&bn->fp) != MP_OKAY) if (mp_init(&bn->fp) != MP_OKAY)
return; return;
@@ -52281,7 +52330,9 @@ void wolfSSL_BN_init(WOLFSSL_BIGNUM* bn)
void wolfSSL_BN_free(WOLFSSL_BIGNUM* bn) void wolfSSL_BN_free(WOLFSSL_BIGNUM* bn)
{ {
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_MSG("wolfSSL_BN_free"); WOLFSSL_MSG("wolfSSL_BN_free");
#endif
if (bn) { if (bn) {
if (bn->internal) { if (bn->internal) {
mp_int* bni = (mp_int*)bn->internal; mp_int* bni = (mp_int*)bn->internal;
@@ -52299,7 +52350,9 @@ void wolfSSL_BN_free(WOLFSSL_BIGNUM* bn)
void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM* bn) void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM* bn)
{ {
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_MSG("wolfSSL_BN_clear_free"); WOLFSSL_MSG("wolfSSL_BN_clear_free");
#endif
if (bn) { if (bn) {
if (bn->internal) { if (bn->internal) {
mp_int* bni = (mp_int*)bn->internal; mp_int* bni = (mp_int*)bn->internal;
@@ -52311,7 +52364,9 @@ void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM* bn)
void wolfSSL_BN_clear(WOLFSSL_BIGNUM* bn) void wolfSSL_BN_clear(WOLFSSL_BIGNUM* bn)
{ {
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_MSG("wolfSSL_BN_clear"); WOLFSSL_MSG("wolfSSL_BN_clear");
#endif
if (bn && bn->internal) { if (bn && bn->internal) {
mp_forcezero((mp_int*)bn->internal); mp_forcezero((mp_int*)bn->internal);
} }

10
tests/api.c
View File

@@ -18294,6 +18294,7 @@ static int test_wc_DsaKeyToPublicDer(void)
DsaKey genKey; DsaKey genKey;
WC_RNG rng; WC_RNG rng;
byte* der; byte* der;
word32 sz;
printf(testingFmt, "wc_DsaKeyToPublicDer()"); printf(testingFmt, "wc_DsaKeyToPublicDer()");
@@ -18317,11 +18318,16 @@ static int test_wc_DsaKeyToPublicDer(void)
if (ret == 0) { if (ret == 0) {
ret = wc_DsaKeyToPublicDer(&genKey, der, ONEK_BUF); ret = wc_DsaKeyToPublicDer(&genKey, der, ONEK_BUF);
if (ret >= 0) { if (ret >= 0) {
sz = ret;
ret = 0; ret = 0;
} else { } else {
ret = WOLFSSL_FATAL_ERROR; ret = WOLFSSL_FATAL_ERROR;
} }
} }
if (ret == 0) {
word32 idx = 0;
ret = wc_DsaPublicKeyDecode(der, &idx, &genKey, sz);
}
/* Test bad args. */ /* Test bad args. */
if (ret == 0) { if (ret == 0) {
@@ -24025,7 +24031,7 @@ static int test_ToTraditional (void)
} }
if (ret == 0) { if (ret == 0) {
ret = ToTraditional(input, 0); ret = ToTraditional(input, 0);
if (ret == ASN_PARSE_E) { if (ret == ASN_PARSE_E || ret == BUFFER_E) {
ret = 0; ret = 0;
} }
} }
@@ -28551,7 +28557,7 @@ static void test_wolfSSL_PEM_PrivateKey(void)
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
pkey = NULL; pkey = NULL;
} }
#endif /* !HAVE_ECC && !NO_FILESYSTEM */ #endif
#if !defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)) #if !defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN))
{ {

13393
wolfcrypt/src/asn.c
View File

File diff suppressed because it is too large Load Diff

4
wolfcrypt/src/pkcs7.c
View File

@@ -4314,8 +4314,8 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
idx += length; idx += length;
} }
/* Get digestEncryptionAlgorithm */ /* Get digestEncryptionAlgorithm - key type or signature type */
if (ret == 0 && GetAlgoId(in, &idx, &sigOID, oidSigType, inSz) < 0) { if (ret == 0 && GetAlgoId(in, &idx, &sigOID, oidIgnoreType, inSz) < 0) {
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
} }

181
wolfcrypt/test/test.c
View File

@@ -12230,7 +12230,7 @@ static byte minDates[] = {
0x32, 0x33, 0x31, 0x30, 0x5a 0x32, 0x33, 0x31, 0x30, 0x5a
}; };
static byte minPubKey[] = { static byte minPubKey[] = {
0x30, 0x1b, 0x30, 0x1c,
0x30, 0x0d, 0x30, 0x0d,
0x06, 0x09, 0x06, 0x09,
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
@@ -12620,7 +12620,7 @@ WOLFSSL_TEST_SUBROUTINE int decodedCertCache_test(void)
} }
if (ret == 0) { if (ret == 0) {
if (wc_InitCert(&cert)) { if (wc_InitCert_ex(&cert, HEAP_HINT, devId)) {
ret = -7602; ret = -7602;
} }
} }
@@ -13169,30 +13169,44 @@ static int rsa_decode_test(RsaKey* keyPub)
WOLFSSL_SMALL_STACK_STATIC const byte e[2] = { 0x00, 0x03 }; WOLFSSL_SMALL_STACK_STATIC const byte e[2] = { 0x00, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte good[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, WOLFSSL_SMALL_STACK_STATIC const byte good[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1,
0x03 }; 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte goodAlgId[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, WOLFSSL_SMALL_STACK_STATIC const byte goodAlgId[] = {
0x30, 0x18, 0x30, 0x16,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte goodAlgIdNull[] = { 0x30, 0x11, 0x30, 0x0f, 0x06, 0x00, WOLFSSL_SMALL_STACK_STATIC const byte goodAlgIdNull[] = {
0x30, 0x1a, 0x30, 0x18,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
0x02, 0x1, 0x03 }; 0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badAlgIdNull[] = { 0x30, 0x12, 0x30, 0x10, 0x06, 0x00, WOLFSSL_SMALL_STACK_STATIC const byte badAlgIdNull[] = {
0x30, 0x1b, 0x30, 0x19,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
0x05, 0x01, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x05, 0x01, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
0x02, 0x1, 0x03 }; 0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badNotBitString[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, WOLFSSL_SMALL_STACK_STATIC const byte badNotBitString[] = {
0x30, 0x18, 0x30, 0x16,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
0x04, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; 0x04, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badBitStringLen[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, WOLFSSL_SMALL_STACK_STATIC const byte badBitStringLen[] = {
0x30, 0x18, 0x30, 0x16,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
0x03, 0x0a, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; 0x03, 0x0a, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badNoSeq[] = { 0x30, 0x0d, 0x30, 0x0b, 0x06, 0x00, 0x03, WOLFSSL_SMALL_STACK_STATIC const byte badNoSeq[] = {
0x30, 0x16, 0x30, 0x14,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
0x07, 0x00, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; 0x07, 0x00, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badNoObj[] = { WOLFSSL_SMALL_STACK_STATIC const byte badNoObj[] = {
0x30, 0x0f, 0x30, 0x0d, 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x30, 0x0f, 0x30, 0x0d, 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06,
0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badIntN[] = { 0x30, 0x06, 0x02, 0x05, 0x23, 0x02, 0x1, WOLFSSL_SMALL_STACK_STATIC const byte badIntN[] = {
0x03 }; 0x30, 0x06, 0x02, 0x05, 0x23, 0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badNotIntE[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x04, 0x1, WOLFSSL_SMALL_STACK_STATIC const byte badNotIntE[] = {
0x03 }; 0x30, 0x06, 0x02, 0x01, 0x23, 0x04, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badLength[] = { 0x30, 0x04, 0x02, 0x01, 0x23, 0x02, 0x1, WOLFSSL_SMALL_STACK_STATIC const byte badLength[] = {
0x03 }; 0x30, 0x04, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badBitStrNoZero[] = { 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x00, WOLFSSL_SMALL_STACK_STATIC const byte badBitStrNoZero[] = {
0x30, 0x17, 0x30, 0x15,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
0x03, 0x08, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; 0x03, 0x08, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
ret = wc_InitRsaKey(keyPub, NULL); ret = wc_InitRsaKey(keyPub, NULL);
@@ -13330,21 +13344,21 @@ static int rsa_decode_test(RsaKey* keyPub)
inSz = sizeof(badNoObj); inSz = sizeof(badNoObj);
inOutIdx = 0; inOutIdx = 0;
ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, keyPub, inSz); ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, keyPub, inSz);
if (ret != ASN_PARSE_E) { if (ret != ASN_PARSE_E && ret != ASN_OBJECT_ID_E) {
ret = -7710; ret = -7710;
goto done; goto done;
} }
inSz = sizeof(badIntN); inSz = sizeof(badIntN);
inOutIdx = 0; inOutIdx = 0;
ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, keyPub, inSz); ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, keyPub, inSz);
if (ret != ASN_RSA_KEY_E) { if (ret != ASN_RSA_KEY_E && ret != ASN_PARSE_E) {
ret = -7711; ret = -7711;
goto done; goto done;
} }
inSz = sizeof(badNotIntE); inSz = sizeof(badNotIntE);
inOutIdx = 0; inOutIdx = 0;
ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, keyPub, inSz); ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, keyPub, inSz);
if (ret != ASN_RSA_KEY_E) { if (ret != ASN_RSA_KEY_E && ret != ASN_PARSE_E) {
ret = -7712; ret = -7712;
goto done; goto done;
} }
@@ -13352,7 +13366,12 @@ static int rsa_decode_test(RsaKey* keyPub)
inSz = sizeof(badLength); inSz = sizeof(badLength);
inOutIdx = 0; inOutIdx = 0;
ret = wc_RsaPublicKeyDecode(badLength, &inOutIdx, keyPub, inSz); ret = wc_RsaPublicKeyDecode(badLength, &inOutIdx, keyPub, inSz);
if (ret != 0) { #ifndef WOLFSSL_ASN_TEMPLATE
if (ret != 0)
#else
if (ret != ASN_PARSE_E)
#endif
{
ret = -7713; ret = -7713;
goto done; goto done;
} }
@@ -13365,7 +13384,7 @@ static int rsa_decode_test(RsaKey* keyPub)
inSz = sizeof(badBitStrNoZero); inSz = sizeof(badBitStrNoZero);
inOutIdx = 0; inOutIdx = 0;
ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, keyPub, inSz); ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, keyPub, inSz);
if (ret != ASN_EXPECT_0_E) { if (ret != ASN_EXPECT_0_E && ret != ASN_PARSE_E) {
ret = -7715; ret = -7715;
goto done; goto done;
} }
@@ -14185,7 +14204,7 @@ static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
} }
/* self signed */ /* self signed */
if (wc_InitCert(myCert)) { if (wc_InitCert_ex(myCert, HEAP_HINT, devId)) {
ERROR_OUT(-7822, exit_rsa); ERROR_OUT(-7822, exit_rsa);
} }
@@ -14199,7 +14218,6 @@ static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
myCert->sigType = CTC_SHAwRSA; myCert->sigType = CTC_SHAwRSA;
#endif #endif
#ifdef WOLFSSL_CERT_EXT #ifdef WOLFSSL_CERT_EXT
/* add Policies */ /* add Policies */
XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42", XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42",
@@ -14264,7 +14282,7 @@ static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
} }
/* Setup Certificate */ /* Setup Certificate */
if (wc_InitCert(myCert)) { if (wc_InitCert_ex(myCert, HEAP_HINT, devId)) {
ERROR_OUT(-7829, exit_rsa); ERROR_OUT(-7829, exit_rsa);
} }
@@ -14552,7 +14570,7 @@ static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp)
} }
/* Setup Certificate */ /* Setup Certificate */
if (wc_InitCert(myCert)) { if (wc_InitCert_ex(myCert, HEAP_HINT, devId)) {
ERROR_OUT(-7858, exit_rsa); ERROR_OUT(-7858, exit_rsa);
} }
@@ -14861,7 +14879,7 @@ static int rsa_ntru_test(RsaKey* caKey, WC_RNG* rng, byte* tmp)
ERROR_OUT(-7952, exit_rsa); ERROR_OUT(-7952, exit_rsa);
} }
if (wc_InitCert(&myCert)) { if (wc_InitCert_ex(&myCert, HEAP_HINT, devId)) {
ERROR_OUT(-7953, exit_rsa); ERROR_OUT(-7953, exit_rsa);
} }
@@ -15856,7 +15874,7 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
ERROR_OUT(-7964, exit_rsa); ERROR_OUT(-7964, exit_rsa);
} }
if (wc_InitCert(req)) { if (wc_InitCert_ex(req, HEAP_HINT, devId)) {
ERROR_OUT(-7965, exit_rsa); ERROR_OUT(-7965, exit_rsa);
} }
@@ -22883,14 +22901,14 @@ static int ecc_decode_test(void)
inSz = sizeof(badNoObjId); inSz = sizeof(badNoObjId);
inOutIdx = 0; inOutIdx = 0;
ret = wc_EccPublicKeyDecode(badNoObjId, &inOutIdx, key, inSz); ret = wc_EccPublicKeyDecode(badNoObjId, &inOutIdx, key, inSz);
if (ret != ASN_OBJECT_ID_E) { if (ret != ASN_OBJECT_ID_E && ret != ASN_PARSE_E) {
ret = -10106; ret = -10106;
goto done; goto done;
} }
inSz = sizeof(badOneObjId); inSz = sizeof(badOneObjId);
inOutIdx = 0; inOutIdx = 0;
ret = wc_EccPublicKeyDecode(badOneObjId, &inOutIdx, key, inSz); ret = wc_EccPublicKeyDecode(badOneObjId, &inOutIdx, key, inSz);
if (ret != ASN_OBJECT_ID_E) { if (ret != ASN_OBJECT_ID_E && ret != ASN_PARSE_E) {
ret = -10107; ret = -10107;
goto done; goto done;
} }
@@ -22911,7 +22929,7 @@ static int ecc_decode_test(void)
inSz = sizeof(badNotBitStr); inSz = sizeof(badNotBitStr);
inOutIdx = 0; inOutIdx = 0;
ret = wc_EccPublicKeyDecode(badNotBitStr, &inOutIdx, key, inSz); ret = wc_EccPublicKeyDecode(badNotBitStr, &inOutIdx, key, inSz);
if (ret != ASN_BITSTR_E) { if (ret != ASN_BITSTR_E && ret != ASN_PARSE_E) {
ret = -10110; ret = -10110;
goto done; goto done;
} }
@@ -22925,14 +22943,14 @@ static int ecc_decode_test(void)
inSz = sizeof(badNoBitStrZero); inSz = sizeof(badNoBitStrZero);
inOutIdx = 0; inOutIdx = 0;
ret = wc_EccPublicKeyDecode(badNoBitStrZero, &inOutIdx, key, inSz); ret = wc_EccPublicKeyDecode(badNoBitStrZero, &inOutIdx, key, inSz);
if (ret != ASN_EXPECT_0_E) { if (ret != ASN_EXPECT_0_E && ret != ASN_PARSE_E) {
ret = -10112; ret = -10112;
goto done; goto done;
} }
inSz = sizeof(badPoint); inSz = sizeof(badPoint);
inOutIdx = 0; inOutIdx = 0;
ret = wc_EccPublicKeyDecode(badPoint, &inOutIdx, key, inSz); ret = wc_EccPublicKeyDecode(badPoint, &inOutIdx, key, inSz);
if (ret != ASN_ECC_KEY_E) { if (ret != ASN_ECC_KEY_E && ret != ASN_PARSE_E) {
ret = -10113; ret = -10113;
goto done; goto done;
} }
@@ -23207,7 +23225,7 @@ static int ecc_test_cert_gen(WC_RNG* rng)
TEST_SLEEP(); TEST_SLEEP();
/* Setup Certificate */ /* Setup Certificate */
if (wc_InitCert(myCert)) { if (wc_InitCert_ex(myCert, HEAP_HINT, devId)) {
ERROR_OUT(-10137, exit); ERROR_OUT(-10137, exit);
} }
@@ -25184,7 +25202,7 @@ static int ed25519_test_make_cert(void)
int ret = 0; int ret = 0;
byte* tmp = NULL; byte* tmp = NULL;
wc_InitCert(&cert); wc_InitCert_ex(&cert, HEAP_HINT, devId);
#ifndef HAVE_FIPS #ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
@@ -25983,28 +26001,28 @@ WOLFSSL_TEST_SUBROUTINE int ed25519_test(void)
idx = 0; idx = 0;
if (wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, &key3, if (wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, &key3,
sizeof(privateEd25519)) != 0) sizeof(privateEd25519)) != 0)
return -11121 - i; return -11121;
if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3)
!= BAD_FUNC_ARG) != BAD_FUNC_ARG)
return -11131 - i; return -11131;
idx = 0; idx = 0;
if (wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3, if (wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3,
sizeof(publicEd25519)) != 0) sizeof(publicEd25519)) != 0)
return -11141 - i; return -11141;
if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0) if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0)
return -11151 - i; return -11151;
if (XMEMCMP(out, sigs[0], 64)) if (XMEMCMP(out, sigs[0], 64))
return -11161 - i; return -11161;
#if defined(HAVE_ED25519_VERIFY) #if defined(HAVE_ED25519_VERIFY)
/* test verify on good msg */ /* test verify on good msg */
if (wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3) if (wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3)
!= 0 || verify != 1) != 0 || verify != 1)
return -11171 - i; return -11171;
#endif /* HAVE_ED25519_VERIFY */ #endif /* HAVE_ED25519_VERIFY */
wc_ed25519_free(&key3); wc_ed25519_free(&key3);
@@ -26013,13 +26031,13 @@ WOLFSSL_TEST_SUBROUTINE int ed25519_test(void)
idx = 0; idx = 0;
if (wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, &key3, if (wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, &key3,
sizeof(privPubEd25519)) != 0) sizeof(privPubEd25519)) != 0)
return -11181 - i; return -11181;
if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0) if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0)
return -11191 - i; return -11191;
if (XMEMCMP(out, sigs[0], 64)) if (XMEMCMP(out, sigs[0], 64))
return -11201 - i; return -11201;
wc_ed25519_free(&key3); wc_ed25519_free(&key3);
#endif /* NO_ASN */ #endif /* NO_ASN */
@@ -26488,7 +26506,7 @@ static int ed448_test_make_cert(void)
int ret = 0; int ret = 0;
byte* tmp = NULL; byte* tmp = NULL;
wc_InitCert(&cert); wc_InitCert_ex(&cert, HEAP_HINT, devId);
#ifndef HAVE_FIPS #ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
@@ -27405,28 +27423,28 @@ WOLFSSL_TEST_SUBROUTINE int ed448_test(void)
idx = 0; idx = 0;
if (wc_Ed448PrivateKeyDecode(privateEd448, &idx, &key3, if (wc_Ed448PrivateKeyDecode(privateEd448, &idx, &key3,
sizeof(privateEd448)) != 0) sizeof(privateEd448)) != 0)
return -11821 - i; return -11821;
if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0) if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0)
!= BAD_FUNC_ARG) != BAD_FUNC_ARG)
return -11831 - i; return -11831;
idx = 0; idx = 0;
if (wc_Ed448PublicKeyDecode(publicEd448, &idx, &key3, if (wc_Ed448PublicKeyDecode(publicEd448, &idx, &key3,
sizeof(publicEd448)) != 0) sizeof(publicEd448)) != 0)
return -11841 - i; return -11841;
if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0) != 0) if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0) != 0)
return -11851 - i; return -11851;
if (XMEMCMP(out, sigs[0], SIGSZ)) if (XMEMCMP(out, sigs[0], SIGSZ))
return -11861 - i; return -11861;
#if defined(HAVE_ED448_VERIFY) #if defined(HAVE_ED448_VERIFY)
/* test verify on good msg */ /* test verify on good msg */
if (wc_ed448_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3, if (wc_ed448_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3,
NULL, 0) != 0 || verify != 1) NULL, 0) != 0 || verify != 1)
return -11871 - i; return -11871;
#endif /* HAVE_ED448_VERIFY */ #endif /* HAVE_ED448_VERIFY */
wc_ed448_free(&key3); wc_ed448_free(&key3);
@@ -27435,13 +27453,13 @@ WOLFSSL_TEST_SUBROUTINE int ed448_test(void)
idx = 0; idx = 0;
if (wc_Ed448PrivateKeyDecode(privPubEd448, &idx, &key3, if (wc_Ed448PrivateKeyDecode(privPubEd448, &idx, &key3,
sizeof(privPubEd448)) != 0) sizeof(privPubEd448)) != 0)
return -11881 - i; return -11881;
if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0) != 0) if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0) != 0)
return -11891 - i; return -11891;
if (XMEMCMP(out, sigs[0], SIGSZ)) if (XMEMCMP(out, sigs[0], SIGSZ))
return -11901 - i; return -11901;
wc_ed448_free(&key3); wc_ed448_free(&key3);
#endif /* NO_ASN */ #endif /* NO_ASN */
@@ -37871,29 +37889,72 @@ WOLFSSL_TEST_SUBROUTINE int certpiv_test(void)
/* Template for Identiv PIV cert, nonce and signature */ /* Template for Identiv PIV cert, nonce and signature */
WOLFSSL_SMALL_STACK_STATIC const byte pivCertIdentiv[] = { WOLFSSL_SMALL_STACK_STATIC const byte pivCertIdentiv[] = {
0x0A, 0x0D, 0x0A, 0x0B,
0x53, 0x04, /* NIST PIV Cert */ 0x53, 0x09, /* NIST PIV Cert */
0x70, 0x02, /* Certificate */ 0x70, 0x02, /* Certificate */
0x30, 0x00, 0x30, 0x00,
0x71, 0x01, 0x00, /* Cert Info */ 0x71, 0x01, 0x05, /* Cert Info */
0xFE, 0x00, /* Error Detection */ 0xFE, 0x00, /* Error Detection */
0x0B, 0x01, 0x00, /* Nonce */ 0x0B, 0x01, 0x00, /* Nonce */
0x0C, 0x01, 0x00, /* Signed Nonce */ 0x0C, 0x01, 0x00, /* Signed Nonce */
}; };
/* PIV certificate data including certificate, info and error dectection. */
WOLFSSL_SMALL_STACK_STATIC const byte pivCert[] = { WOLFSSL_SMALL_STACK_STATIC const byte pivCert[] = {
0x53, 0x04, /* NIST PIV Cert */ 0x53, 0x09, /* NIST PIV Cert */
0x70, 0x02, /* Certificate */ 0x70, 0x02, /* Certificate */
0x30, 0x00, 0x30, 0x00,
0x71, 0x01, 0x00, /* Cert Info */ 0x71, 0x01, 0x04, /* Cert Info */
0xFE, 0x00, /* Error Detection */ 0xFE, 0x00, /* Error Detection */
}; };
/* Test with identiv 0x0A, 0x0B and 0x0C markers */ XMEMSET(&piv, 0, sizeof(piv));
/* Test with Identiv 0x0A, 0x0B and 0x0C markers */
ret = wc_ParseCertPIV(&piv, pivCertIdentiv, sizeof(pivCertIdentiv)); ret = wc_ParseCertPIV(&piv, pivCertIdentiv, sizeof(pivCertIdentiv));
if (ret == 0) { if (ret != 0) {
return -14000;
}
if (!piv.isIdentiv) {
return -14001;
}
if ((piv.cert == NULL) || (piv.certSz != 2)) {
return -14002;
}
if ((piv.certErrDet == NULL) || (piv.certErrDetSz != 0)) {
return -14003;
}
if ((piv.compression != ASN_PIV_CERT_INFO_GZIP)) {
return -14004;
}
if (!piv.isX509) {
return -14005;
}
if ((piv.nonce == NULL) || (piv.nonceSz != 1)) {
return -14006;
}
if ((piv.signedNonce == NULL) || (piv.signedNonceSz != 1)) {
return -14007;
}
XMEMSET(&piv, 0, sizeof(piv));
/* Test with NIST PIV format */ /* Test with NIST PIV format */
ret = wc_ParseCertPIV(&piv, pivCert, sizeof(pivCert)); ret = wc_ParseCertPIV(&piv, pivCert, sizeof(pivCert));
if (ret != 0) {
return -14010;
}
if (piv.isIdentiv) {
return -14011;
}
if ((piv.cert == NULL) || (piv.certSz != 2)) {
return -14012;
}
if ((piv.certErrDet == NULL) || (piv.certErrDetSz != 0)) {
return -14013;
}
if ((piv.compression != 0)) {
return -14014;
}
if (!piv.isX509) {
return -14015;
} }
return ret; return ret;

1
wolfssl/internal.h
View File

@@ -3827,6 +3827,7 @@ struct WOLFSSL_X509_NAME {
char staticName[ASN_NAME_MAX]; char staticName[ASN_NAME_MAX];
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(NO_ASN) !defined(NO_ASN)
DecodedName fullName;
int entrySz; /* number of entries */ int entrySz; /* number of entries */
WOLFSSL_X509_NAME_ENTRY entry[MAX_NAME_ENTRIES]; /* all entries i.e. CN */ WOLFSSL_X509_NAME_ENTRY entry[MAX_NAME_ENTRIES]; /* all entries i.e. CN */
WOLFSSL_X509* x509; /* x509 that struct belongs to */ WOLFSSL_X509* x509; /* x509 that struct belongs to */

593
wolfssl/wolfcrypt/asn.h
View File

@@ -100,17 +100,14 @@ enum ASN_Tags {
ASN_SEQUENCE = 0x10, ASN_SEQUENCE = 0x10,
ASN_SET = 0x11, ASN_SET = 0x11,
ASN_PRINTABLE_STRING = 0x13, ASN_PRINTABLE_STRING = 0x13,
ASN_T61STRING = 0x14,
ASN_IA5_STRING = 0x16, ASN_IA5_STRING = 0x16,
ASN_UTC_TIME = 0x17, ASN_UTC_TIME = 0x17,
ASN_OTHER_TYPE = 0x00,
ASN_RFC822_TYPE = 0x01,
ASN_DNS_TYPE = 0x02,
ASN_DIR_TYPE = 0x04,
ASN_URI_TYPE = 0x06, /* the value 6 is from GeneralName OID */
ASN_IP_TYPE = 0x07, /* the value 7 is from GeneralName OID */
ASN_GENERALIZED_TIME = 0x18, ASN_GENERALIZED_TIME = 0x18,
CRL_EXTENSIONS = 0xa0, ASN_UNIVERSALSTRING = 0x1c,
ASN_EXTENSIONS = 0xa3, ASN_BMPSTRING = 0x1e,
ASN_TYPE_MASK = 0x1f,
ASN_LONG_LENGTH = 0x80, ASN_LONG_LENGTH = 0x80,
ASN_INDEF_LENGTH = 0x80, ASN_INDEF_LENGTH = 0x80,
@@ -118,12 +115,481 @@ enum ASN_Tags {
ASN_CONSTRUCTED = 0x20, ASN_CONSTRUCTED = 0x20,
ASN_APPLICATION = 0x40, ASN_APPLICATION = 0x40,
ASN_CONTEXT_SPECIFIC = 0x80, ASN_CONTEXT_SPECIFIC = 0x80,
ASN_PRIVATE = 0xC0,
CRL_EXTENSIONS = 0xa0,
ASN_EXTENSIONS = 0xa3,
/* GeneralName types */
ASN_OTHER_TYPE = 0x00,
ASN_RFC822_TYPE = 0x01,
ASN_DNS_TYPE = 0x02,
ASN_DIR_TYPE = 0x04,
ASN_URI_TYPE = 0x06, /* the value 6 is from GeneralName OID */
ASN_IP_TYPE = 0x07, /* the value 7 is from GeneralName OID */
}; };
#define ASN_UTC_TIME_SIZE 14 #define ASN_UTC_TIME_SIZE 14
#define ASN_GENERALIZED_TIME_SIZE 16 #define ASN_GENERALIZED_TIME_SIZE 16
#define ASN_GENERALIZED_TIME_MAX 68 #define ASN_GENERALIZED_TIME_MAX 68
#ifdef WOLFSSL_ASN_TEMPLATE
/* Different data types that can be stored in ASNGetData/ASNSetData. */
enum ASNItem_DataType {
/* Default for tag type. */
ASN_DATA_TYPE_NONE = 0,
/* 8-bit integer value. */
ASN_DATA_TYPE_WORD8 = 1,
/* 16-bit integer value. */
ASN_DATA_TYPE_WORD16 = 2,
/* 32-bit integer value. */
ASN_DATA_TYPE_WORD32 = 4,
/* Buffer with data and length. */
ASN_DATA_TYPE_BUFFER = 5,
/* An expected/required buffer with data and length. */
ASN_DATA_TYPE_EXP_BUFFER = 6,
/* Replace the item with buffer (data and length). */
ASN_DATA_TYPE_REPLACE_BUFFER = 7,
/* Big number as an mp_int. */
ASN_DATA_TYPE_MP = 8,
/* Big number as a positive or negative mp_int. */
ASN_DATA_TYPE_MP_POS_NEG = 9,
/* ASN.1 CHOICE. A 0 terminated list of tags that are valid. */
ASN_DATA_TYPE_CHOICE = 10,
};
/* A template entry describing an ASN.1 item. */
typedef struct ASNItem {
/* Depth of ASN.1 item - how many consturcted ASN.1 items above. */
byte depth;
/* BER/DER tag to expect. */
byte tag;
/* Whether the ASN.1 item is constructed. */
byte constructed:1;
/* Whether to parse the header only or skip data. */
byte headerOnly:1;
/* Whether ASN.1 item is optional.
* - 0 means not optional
* - 1 means is optional
* - 2+ means one of these at the same level with same value must appear.
*/
byte optional;
} ASNItem;
/* Dynamic data for setting (encoding) an ASN.1 item. */
typedef struct ASNSetData {
/* Reverse offset into buffer of ASN.1 item - calculated in SizeASN_Items().
* SetASN_Items() subtracts from total length to get usable value.
*/
word32 offset;
/* Length of data in ASN.1 item - calculated in SizeASN_Items(). */
word32 length;
/* Different data type representation. */
union {
/* 8-bit integer value. */
byte u8;
/* 16-bit integer value. */
word16 u16;
/* 32-bit integer value. */
word32 u32;
/* Big number as an mp_int. */
mp_int* mp;
/* Buffer as data pointer and length. */
struct {
/* Data to write out. */
const byte* data;
/* Length of data to write out. */
word32 length;
} buffer;
} data;
/* Type of data stored in data field - enum ASNItem_DataType. */
byte dataType;
/* Don't write this ASN.1 item out.
* Optional items are dependent on the data being encoded.
*/
byte noOut;
} ASNSetData;
/* Dynamic data for getting (decoding) an ASN.1 item. */
typedef struct ASNGetData {
/* Offset into buffer where encoding starts. */
word32 offset;
/* Total length of data in ASN.1 item.
* BIT_STRING and INTEGER lengths include leading byte. */
word32 length;
union {
/* Pointer to 8-bit integer. */
byte* u8;
/* Pointer to 16-bit integer. */
word16* u16;
/* Pointer to 32-bit integer. */
word32* u32;
/* Pointer to mp_int for big number. */
mp_int* mp;
/* List of possible tags. Useful for CHOICE ASN.1 items. */
const byte* choice;
/* Buffer to copy into. */
struct {
/* Buffer to hold ASN.1 data. */
byte* data;
/* Maxumum length of buffer. */
word32* length;
} buffer;
/* Refernce to ASN.1 item's data. */
struct {
/* Pointer reference into input buffer. */
const byte* data;
/* Length of data. */
word32 length;
} ref;
/* Data of an OBJECT_ID. */
struct {
/* OID data reference into input buffer. */
const byte* data;
/* Length of OID data. */
word32 length;
/* Type of OID expected. */
word32 type;
/* OID sum - 32-bit id. */
word32 sum;
} oid;
} data;
/* Type of data stored in data field - enum ASNItem_DataType. */
byte dataType;
/* Tag found in BER/DER item. */
byte tag;
} ASNGetData;
WOLFSSL_LOCAL int SizeASN_Items(const ASNItem* asn, ASNSetData *data,
int count, int* encSz);
WOLFSSL_LOCAL int SetASN_Items(const ASNItem* asn, ASNSetData *data, int count,
byte* output);
WOLFSSL_LOCAL int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count,
int complete, const byte* input, word32* inOutIdx, word32 maxIdx);
#ifdef WOLFSSL_ASN_TEMPLATE_TYPE_CHECK
WOLFSSL_LOCAL void GetASN_Int8Bit(ASNGetData *dataASN, byte* num);
WOLFSSL_LOCAL void GetASN_Int16Bit(ASNGetData *dataASN, word16* num);
WOLFSSL_LOCAL void GetASN_Int32Bit(ASNGetData *dataASN, word32* num);
WOLFSSL_LOCAL void GetASN_Buffer(ASNGetData *dataASN, byte* data,
word32* length);
WOLFSSL_LOCAL void GetASN_ExpBuffer(ASNGetData *dataASN, const byte* data,
word32 length);
WOLFSSL_LOCAL void GetASN_MP(ASNGetData *dataASN, mp_int* num);
WOLFSSL_LOCAL void GetASN_MP_PosNeg(ASNGetData *dataASN, mp_int* num);
WOLFSSL_LOCAL void GetASN_Choice(ASNGetData *dataASN, const byte* options);
WOLFSSL_LOCAL void GetASN_Boolean(ASNGetData *dataASN, byte* num);
WOLFSSL_LOCAL void GetASN_OID(ASNGetData *dataASN, int oidType);
WOLFSSL_LOCAL void GetASN_GetConstRef(ASNGetData * dataASN, const byte** data,
word32* length);
WOLFSSL_LOCAL void GetASN_GetRef(ASNGetData * dataASN, byte** data,
word32* length);
WOLFSSL_LOCAL void GetASN_OIDData(ASNGetData * dataASN, byte** data,
word32* length);
WOLFSSL_LOCAL void SetASN_Boolean(ASNSetData *dataASN, byte val);
WOLFSSL_LOCAL void SetASN_Int8Bit(ASNSetData *dataASN, byte num);
WOLFSSL_LOCAL void SetASN_Int16Bit(ASNSetData *dataASN, word16 num);
WOLFSSL_LOCAL void SetASN_Buffer(ASNSetData *dataASN, const byte* data,
word32 length);
WOLFSSL_LOCAL void SetASN_ReplaceBuffer(ASNSetData *dataASN, const byte* data,
word32 length);
WOLFSSL_LOCAL void SetASN_MP(ASNSetData *dataASN, mp_int* num);
WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
#else
/* Setup ASN data item to get an 8-bit number.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] num Pointer to an 8-bit variable.
*/
#define GetASN_Int8Bit(dataASN, num) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_WORD8; \
(dataASN)->data.u8 = num; \
} while (0)
/* Setup ASN data item to get a 16-bit number.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] num Pointer to a 16-bit variable.
*/
#define GetASN_Int16Bit(dataASN, num) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_WORD16; \
(dataASN)->data.u16 = num; \
} while (0)
/* Setup ASN data item to get a 32-bit number.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] num Pointer to a 32-bit variable.
*/
#define GetASN_Int32Bit(dataASN, num) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_WORD32; \
(dataASN)->data.u32 = num; \
} while (0)
/* Setup ASN data item to get data into a buffer of a specific length.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] d Buffer to hold data.
* @param [in] l Length of buffer in bytes.
*/
#define GetASN_Buffer(dataASN, d, l) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_BUFFER; \
(dataASN)->data.buffer.data = d; \
(dataASN)->data.buffer.length = l; \
} while (0)
/* Setup ASN data item to check parsed data against expected buffer.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] d Buffer containing expected data.
* @param [in] l Length of buffer in bytes.
*/
#define GetASN_ExpBuffer(dataASN, d, l) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_EXP_BUFFER; \
(dataASN)->data.ref.data = d; \
(dataASN)->data.ref.length = l; \
} while (0)
/* Setup ASN data item to get a number into an mp_int.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] num Multi-precision number object.
*/
#define GetASN_MP(dataASN, num) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_MP; \
(dataASN)->data.mp = num; \
} while (0)
/* Setup ASN data item to get a positve or negative number into an mp_int.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] num Multi-precision number object.
*/
#define GetASN_MP_PosNeg(dataASN, num) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_MP_POS_NEG; \
(dataASN)->data.mp = num; \
} while (0)
/* Setup ASN data item to be a choice of tags.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] choice 0 terminated list of tags that are valid.
*/
#define GetASN_Choice(dataASN, options) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_CHOICE; \
(dataASN)->data.choice = options; \
} while (0)
/* Setup ASN data item to get a boolean value.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] num Pointer to an 8-bit variable.
*/
#define GetASN_Boolean(dataASN, num) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_NONE; \
(dataASN)->data.u8 = num; \
} while (0)
/* Setup ASN data item to be a an OID of a specific type.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] oidType Type of OID to expect.
*/
#define GetASN_OID(dataASN, oidType) \
(dataASN)->data.oid.type = oidType
/* Get the data and length from an ASN data item.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [out] d Pointer to data of item.
* @param [out] l Length of buffer in bytes.
*/
#define GetASN_GetConstRef(dataASN, d, l) \
do { \
*(d) = (dataASN)->data.ref.data; \
*(l) = (dataASN)->data.ref.length; \
} while (0)
/* Get the data and length from an ASN data item.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [out] d Pointer to data of item.
* @param [out] l Length of buffer in bytes.
*/
#define GetASN_GetRef(dataASN, d, l) \
do { \
*(d) = (byte*)(dataASN)->data.ref.data; \
*(l) = (dataASN)->data.ref.length; \
} while (0)
/* Get the data and length from an ASN data item that is an OID.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [out] d Pointer to .
* @param [out] l Length of buffer in bytes.
*/
#define GetASN_OIDData(dataASN, d, l) \
do { \
*(d) = (byte*)(dataASN)->data.oid.data; \
*(l) = (dataASN)->data.oid.length; \
} while (0)
/* Setup an ASN data item to set a boolean.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] val Boolean value.
*/
#define SetASN_Boolean(dataASN, val) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_NONE; \
(dataASN)->data.u8 = val; \
} while (0)
/* Setup an ASN data item to set an 8-bit number.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] num 8-bit number to set.
*/
#define SetASN_Int8Bit(dataASN, num) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_WORD8; \
(dataASN)->data.u8 = num; \
} while (0)
/* Setup an ASN data item to set a 16-bit number.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] num 16-bit number to set.
*/
#define SetASN_Int16Bit(dataASN, num) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_WORD16; \
(dataASN)->data.u16 = num; \
} while (0)
/* Setup an ASN data item to set the data in a buffer.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] d Buffer containing data to set.
* @param [in] l Length of data in buffer in bytes.
*/
#define SetASN_Buffer(dataASN, d, l) \
do { \
(dataASN)->data.buffer.data = d; \
(dataASN)->data.buffer.length = l; \
} while (0)
/* Setup an ASN data item to set the DER encode data in a buffer.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] d Buffer containing BER encoded data to set.
* @param [in] l Length of data in buffer in bytes.
*/
#define SetASN_ReplaceBuffer(dataASN, d, l) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_REPLACE_BUFFER; \
(dataASN)->data.buffer.data = d; \
(dataASN)->data.buffer.length = l; \
} while (0)
/* Setup an ASN data item to set an muli-precision number.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] num Multi-precision number.
*/
#define SetASN_MP(dataASN, num) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_MP; \
(dataASN)->data.mp = num; \
} while (0)
/* Setup an ASN data item to set an OID based on id and type.
*
* oid and oidType pair are unique.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] oid OID identifier.
* @param [in] oidType Type of OID.
*/
#define SetASN_OID(dataASN, oid, oidType) \
(dataASN)->data.buffer.data = OidFromId(oid, oidType, \
&(dataASN)->data.buffer.length)
#endif /* WOLFSSL_ASN_TEMPLATE_TYPE_CHECK */
/* Get address at the start of the BER item.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] in Input buffer.
* @return Address at start of BER item.
*/
#define GetASNItem_Addr(dataASN, in) \
((in) + (dataASN).offset)
/* Get length of a BER item - including tag and length.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] in Input buffer.
* @return Length of a BER item.
*/
#define GetASNItem_Length(dataASN, in) \
((dataASN).length + (word32)((dataASN).data.buffer.data - (in)) - \
(dataASN).offset)
/* Get the index of a BER item's data.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] in Input buffer.
* @return Index of a BER item's data.
*/
#define GetASNItem_DataIdx(dataASN, in) \
(word32)((dataASN).data.ref.data - (in))
/* Get the end index of a BER item - index of the start of the next item.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] in Input buffer.
* @return End index of a BER item.
*/
#define GetASNItem_EndIdx(dataASN, in) \
((word32)((dataASN).data.ref.data - (in)) + \
(dataASN).data.ref.length)
/* For a BIT_STRING, get the unused bits byte.
*
* @param [in] dataASN Dynamic ASN data item.
* @return Unused bits byte in BIT_STRING.
*/
#define GetASNItem_UnusedBits(dataASN) \
(*(dataASN.data.ref.data - 1))
/* Set the data items at indeces start to end inclusive to not be encoded.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] start First item not to be encoded.
* @param [in] end Last item not to be encoded.
*/
#define SetASNItem_NoOut(dataASN, start, end) \
do { \
int ii; \
for (ii = start; ii <= end; ii++) { \
dataASN[ii].noOut = 1; \
} \
} \
while (0)
#endif /* WOLFSSL_ASN_TEMPLATE */
enum DN_Tags { enum DN_Tags {
ASN_DN_NULL = 0x00, ASN_DN_NULL = 0x00,
ASN_COMMON_NAME = 0x03, /* CN */ ASN_COMMON_NAME = 0x03, /* CN */
@@ -280,6 +746,8 @@ enum ECC_TYPES
/* certificate info masks */ /* certificate info masks */
ASN_PIV_CERT_INFO_COMPRESSED = 0x03, ASN_PIV_CERT_INFO_COMPRESSED = 0x03,
ASN_PIV_CERT_INFO_ISX509 = 0x04, ASN_PIV_CERT_INFO_ISX509 = 0x04,
/* GZIP is 0x01 */
ASN_PIV_CERT_INFO_GZIP = 0x01,
}; };
#endif /* WOLFSSL_CERT_PIV */ #endif /* WOLFSSL_CERT_PIV */
@@ -311,6 +779,7 @@ enum Misc_ASN {
#endif #endif
RSA_INTS = 8, /* RSA ints in private key */ RSA_INTS = 8, /* RSA ints in private key */
DSA_PARAM_INTS = 3, /* DSA paramater ints */ DSA_PARAM_INTS = 3, /* DSA paramater ints */
RSA_PUB_INTS = 2, /* RSA ints in public key */
DSA_INTS = 5, /* DSA ints in private key */ DSA_INTS = 5, /* DSA ints in private key */
MIN_DATE_SIZE = 12, MIN_DATE_SIZE = 12,
MAX_DATE_SIZE = 32, MAX_DATE_SIZE = 32,
@@ -550,6 +1019,7 @@ enum Extensions_Sum {
AUTH_KEY_OID = 149, /* 2.5.29.35 */ AUTH_KEY_OID = 149, /* 2.5.29.35 */
SUBJ_KEY_OID = 128, /* 2.5.29.14 */ SUBJ_KEY_OID = 128, /* 2.5.29.14 */
CERT_POLICY_OID = 146, /* 2.5.29.32 */ CERT_POLICY_OID = 146, /* 2.5.29.32 */
CRL_NUMBER_OID = 134, /* 2.5.29.20 */
KEY_USAGE_OID = 129, /* 2.5.29.15 */ KEY_USAGE_OID = 129, /* 2.5.29.15 */
INHIBIT_ANY_OID = 168, /* 2.5.29.54 */ INHIBIT_ANY_OID = 168, /* 2.5.29.54 */
EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */ EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */
@@ -766,6 +1236,65 @@ struct CertSignCtx {
int state; /* enum CertSignState */ int state; /* enum CertSignState */
}; };
#define DOMAIN_COMPONENT_MAX 10
struct DecodedName {
char* fullName;
int fullNameLen;
int entryCount;
int cnIdx;
int cnLen;
int cnNid;
int snIdx;
int snLen;
int snNid;
int cIdx;
int cLen;
int cNid;
int lIdx;
int lLen;
int lNid;
int stIdx;
int stLen;
int stNid;
int oIdx;
int oLen;
int oNid;
int ouIdx;
int ouLen;
#ifdef WOLFSSL_CERT_EXT
int bcIdx;
int bcLen;
int jcIdx;
int jcLen;
int jsIdx;
int jsLen;
#endif
int ouNid;
int emailIdx;
int emailLen;
int emailNid;
int uidIdx;
int uidLen;
int uidNid;
int serialIdx;
int serialLen;
int serialNid;
int dcIdx[DOMAIN_COMPONENT_MAX];
int dcLen[DOMAIN_COMPONENT_MAX];
int dcNum;
int dcMode;
};
/* ASN Encoded Name field */
typedef struct EncodedName {
int nameLen; /* actual string value length */
int totalLen; /* total encoded length */
int type; /* type of name */
int used; /* are we actually using this one */
byte encoded[CTC_NAME_SIZE * 2]; /* encoding */
} EncodedName;
#ifndef WOLFSSL_MAX_PATH_LEN #ifndef WOLFSSL_MAX_PATH_LEN
/* RFC 5280 Section 6.1.2. "Initialization" - item (k) defines /* RFC 5280 Section 6.1.2. "Initialization" - item (k) defines
* (k) max_path_length: this integer is initialized to "n", is * (k) max_path_length: this integer is initialized to "n", is
@@ -781,6 +1310,7 @@ struct CertSignCtx {
#define WOLFSSL_MAX_PATH_LEN 127 #define WOLFSSL_MAX_PATH_LEN 127
#endif #endif
typedef struct DecodedName DecodedName;
typedef struct DecodedCert DecodedCert; typedef struct DecodedCert DecodedCert;
typedef struct Signer Signer; typedef struct Signer Signer;
#ifdef WOLFSSL_TRUST_PEER_CERT #ifdef WOLFSSL_TRUST_PEER_CERT
@@ -999,15 +1529,6 @@ struct DecodedCert {
#endif #endif
}; };
/* ASN Encoded Name field */
typedef struct EncodedName {
int nameLen; /* actual string value length */
int totalLen; /* total encoded length */
int type; /* type of name */
int used; /* are we actually using this one */
byte encoded[CTC_NAME_SIZE * 2]; /* encoding */
} EncodedName;
#ifdef NO_SHA #ifdef NO_SHA
#define SIGNER_DIGEST_SIZE WC_SHA256_DIGEST_SIZE #define SIGNER_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
#else #else
@@ -1145,6 +1666,9 @@ WOLFSSL_LOCAL int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz
int sigAlgoType); int sigAlgoType);
WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm); WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm);
WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify); WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify);
#ifdef WOLFSSL_ASN_TEMPLATE
WOLFSSL_LOCAL int DecodeCert(DecodedCert*, int verify, int* criticalExt);
#endif
WOLFSSL_LOCAL int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate); WOLFSSL_LOCAL int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate);
WOLFSSL_LOCAL const byte* OidFromId(word32 id, word32 type, word32* oidSz); WOLFSSL_LOCAL const byte* OidFromId(word32 id, word32 type, word32* oidSz);
@@ -1193,12 +1717,9 @@ WOLFSSL_LOCAL int DateGreaterThan(const struct tm* a, const struct tm* b);
WOLFSSL_LOCAL int wc_ValidateDate(const byte* date, byte format, int dateType); WOLFSSL_LOCAL int wc_ValidateDate(const byte* date, byte format, int dateType);
WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn); WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn);
WOLFSSL_LOCAL int wc_EncodeName(EncodedName* name, const char* nameStr,
char nameType, byte type);
WOLFSSL_LOCAL int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr,
char nameType, byte type);
/* ASN.1 helper functions */ /* ASN.1 helper functions */
#ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_GEN
WOLFSSL_LOCAL int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap);
WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name); WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name);
WOLFSSL_LOCAL const char* GetOneCertName(CertName* name, int idx); WOLFSSL_LOCAL const char* GetOneCertName(CertName* name, int idx);
WOLFSSL_LOCAL byte GetCertNameId(int idx); WOLFSSL_LOCAL byte GetCertNameId(int idx);
@@ -1229,6 +1750,7 @@ WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx,
int* version, word32 maxIdx); int* version, word32 maxIdx);
WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
word32 maxIdx); word32 maxIdx);
#ifdef HAVE_OID_ENCODING #ifdef HAVE_OID_ENCODING
WOLFSSL_LOCAL int EncodeObjectId(const word16* in, word32 inSz, WOLFSSL_LOCAL int EncodeObjectId(const word16* in, word32 inSz,
byte* out, word32* outSz); byte* out, word32* outSz);
@@ -1246,6 +1768,15 @@ WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
word32 oidType, word32 maxIdx); word32 oidType, word32 maxIdx);
WOLFSSL_LOCAL int GetASNTag(const byte* input, word32* idx, byte* tag, WOLFSSL_LOCAL int GetASNTag(const byte* input, word32* idx, byte* tag,
word32 inputSz); word32 inputSz);
WOLFSSL_LOCAL word32 SetASNLength(word32 length, byte* output);
WOLFSSL_LOCAL word32 SetASNSequence(word32 len, byte* output);
WOLFSSL_LOCAL word32 SetASNOctetString(word32 len, byte* output);
WOLFSSL_LOCAL word32 SetASNImplicit(byte tag,byte number, word32 len,
byte* output);
WOLFSSL_LOCAL word32 SetASNExplicit(byte number, word32 len, byte* output);
WOLFSSL_LOCAL word32 SetASNSet(word32 len, byte* output);
WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output); WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output);
WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output); WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output);
WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output); WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output);
@@ -1258,8 +1789,10 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz);
WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header); WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header);
WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output, WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
word32 outputSz, int maxSnSz); word32 outputSz, int maxSnSz);
#ifndef WOLFSSL_ASN_TEMPLATE
WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx,
byte* serial, int* serialSz, word32 maxIdx); byte* serial, int* serialSz, word32 maxIdx);
#endif
WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
int maxIdx); int maxIdx);
WOLFSSL_LOCAL int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der); WOLFSSL_LOCAL int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der);
@@ -1268,6 +1801,11 @@ WOLFSSL_LOCAL int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g); WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g);
WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*); WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*);
WOLFSSL_LOCAL int wc_EncodeName(EncodedName* name, const char* nameStr,
char nameType, byte type);
WOLFSSL_LOCAL int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr,
char nameType, byte type);
#if defined(HAVE_ECC) || !defined(NO_DSA) #if defined(HAVE_ECC) || !defined(NO_DSA)
/* ASN sig helpers */ /* ASN sig helpers */
WOLFSSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, WOLFSSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r,
@@ -1424,7 +1962,7 @@ struct OcspEntry
word32 ownStatus:1; /* do we need to free the status word32 ownStatus:1; /* do we need to free the status
* response list */ * response list */
word32 isDynamic:1; /* was dynamically allocated */ word32 isDynamic:1; /* was dynamically allocated */
word32 used:1; /* entry used */
}; };
/* TODO: Long-term, it would be helpful if we made this struct and other OCSP /* TODO: Long-term, it would be helpful if we made this struct and other OCSP
@@ -1571,7 +2109,13 @@ enum PBESTypes {
PBE_SHA1_RC4_128_SUM = 657, PBE_SHA1_RC4_128_SUM = 657,
PBE_SHA1_DES3_SUM = 659, PBE_SHA1_DES3_SUM = 659,
PBES2 = 13 /* algo ID */ PBE_MD5_DES_SUM = 651,
PBE_SHA1_DES_SUM = 658,
PBES2_SUM = 661,
PBES2 = 13, /* algo ID */
PBES1_MD5_DES = 3,
PBES1_SHA1_DES = 10,
}; };
enum PKCSTypes { enum PKCSTypes {
@@ -1579,6 +2123,9 @@ enum PKCSTypes {
PKCS12v1 = 12, /* PKCS #12 */ PKCS12v1 = 12, /* PKCS #12 */
PKCS5 = 5, /* PKCS oid tag */ PKCS5 = 5, /* PKCS oid tag */
PKCS8v0 = 0, /* default PKCS#8 version */ PKCS8v0 = 0, /* default PKCS#8 version */
PKCS8v1 = 1, /* PKCS#8 version including public key */
PKCS1v0 = 0, /* default PKCS#1 version */
PKCS1v1 = 1, /* Multi-prime version */
}; };
#endif /* !NO_ASN || !NO_PWDBASED */ #endif /* !NO_ASN || !NO_PWDBASED */

1
wolfssl/wolfcrypt/asn_public.h
View File

@@ -375,6 +375,7 @@ typedef struct Cert {
keyType = RSA_KEY (default) keyType = RSA_KEY (default)
*/ */
WOLFSSL_API int wc_InitCert(Cert*); WOLFSSL_API int wc_InitCert(Cert*);
WOLFSSL_API int wc_InitCert_ex(Cert*, void*, int);
WOLFSSL_API int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, WOLFSSL_API int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz,
int keyType, void* key, WC_RNG* rng); int keyType, void* key, WC_RNG* rng);
WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,

9
wolfssl/wolfcrypt/types.h
View File

@@ -579,8 +579,9 @@ decouple library dependencies with standard string, memory and so on.
debugging is turned on */ debugging is turned on */
#ifndef USE_WINDOWS_API #ifndef USE_WINDOWS_API
#ifndef XSNPRINTF #ifndef XSNPRINTF
#if defined(NO_FILESYSTEM) && (defined(OPENSSL_EXTRA) || \ #if defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \
defined(HAVE_PKCS7)) && !defined(NO_STDIO_FILESYSTEM) (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
defined(WOLFSSL_CERT_EXT) || defined(HAVE_PKCS7))
/* case where stdio is not included else where but is needed /* case where stdio is not included else where but is needed
for snprintf */ for snprintf */
#include <stdio.h> #include <stdio.h>
@@ -709,6 +710,10 @@ decouple library dependencies with standard string, memory and so on.
#define XTOLOWER(c) tolower((c)) #define XTOLOWER(c) tolower((c))
#endif #endif
#ifndef OFFSETOF
#define OFFSETOF(type, field) ((size_t)&(((type *)0)->field))
#endif
/* memory allocation types for user hints */ /* memory allocation types for user hints */
enum { enum {