Fix parsing of PKCS#8 encoded Elliptic Curve keys.

The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are: PrivateKeyInfo ::= SEQUENCE { version Version, privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, privateKey PrivateKey, attributes [0] IMPLICIT Attributes OPTIONAL } AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL } ECParameters ::= CHOICE { namedCurve OBJECT IDENTIFIER -- implicitCurve NULL -- specifiedCurve SpecifiedECDomain } ECPrivateKey ::= SEQUENCE { version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), privateKey OCTET STRING, parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, publicKey [1] BIT STRING OPTIONAL } Because of the two optional fields, there are 4 possible variants that need to be parsed: no optional fields, only parameters, only public key, and both optional fields. Previously mbedTLS was unable to parse keys with "only parameters". Also, only "only public key" was tested. There was a test for "no optional fields", but it was labelled incorrectly as SEC.1 and not run because of a great renaming mixup.
2025-12-21 21:36:21 +01:00 · 2018-02-16 13:11:04 -08:00 · 2018-02-16 13:11:04 -08:00 · d2df936e67
commit d2df936e67
parent 8be0e6db41
10 changed files with 126 additions and 4 deletions
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@ -578,7 +578,86 @@ keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 key
 ### Generate all RSA keys
 keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2

+################################################################
+#### Generate various EC keys
+################################################################

+###
+### PKCS8 encoded
+###
+
+ec_prv.pk8.der:
+	$(OPENSSL) genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime192v1 -pkeyopt ec_param_enc:named_curve -out $@ -outform DER
+all_final += ec_prv.pk8.der
+
+# ### Instructions for creating `ec_prv.pk8nopub.der`,
+# ### `ec_prv.pk8nopubparam.der`, and `ec_prv.pk8param.der` by hand from
+# ### `ec_prv.pk8.der`.
+#
+# These instructions assume you are familiar with ASN.1 DER encoding and can
+# use a hex editor to manipulate DER.
+#
+# The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:
+#
+# PrivateKeyInfo ::= SEQUENCE {
+#   version                   Version,
+#   privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
+#   privateKey                PrivateKey,
+#   attributes           [0]  IMPLICIT Attributes OPTIONAL
+# }
+#
+# AlgorithmIdentifier  ::=  SEQUENCE  {
+#   algorithm   OBJECT IDENTIFIER,
+#   parameters  ANY DEFINED BY algorithm OPTIONAL
+# }
+#
+# ECParameters ::= CHOICE {
+#   namedCurve         OBJECT IDENTIFIER
+#   -- implicitCurve   NULL
+#   -- specifiedCurve  SpecifiedECDomain
+# }
+#
+# ECPrivateKey ::= SEQUENCE {
+#   version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+#   privateKey     OCTET STRING,
+#   parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
+#   publicKey  [1] BIT STRING OPTIONAL
+# }
+#
+# `ec_prv.pk8.der` as generatde above by OpenSSL should have the following
+# fields:
+#
+# * privateKeyAlgorithm       namedCurve
+# * privateKey.parameters     NOT PRESENT
+# * privateKey.publicKey      PRESENT
+# * attributes                NOT PRESENT
+#
+# # ec_prv.pk8nopub.der
+#
+# Take `ec_prv.pk8.der` and remove `privateKey.publicKey`.
+#
+# # ec_prv.pk8nopubparam.der
+#
+# Take `ec_prv.pk8nopub.der` and add `privateKey.parameters`, the same value as
+# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag.
+#
+# # ec_prv.pk8param.der
+#
+# Take `ec_prv.pk8.der` and add `privateKey.parameters`, the same value as
+# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag.
+
+ec_prv.pk8.pem: ec_prv.pk8.der
+	$(OPENSSL) pkey -in $< -inform DER -out $@
+all_final += ec_prv.pk8.pem
+ec_prv.pk8nopub.pem: ec_prv.pk8nopub.der
+	$(OPENSSL) pkey -in $< -inform DER -out $@
+all_final += ec_prv.pk8nopub.pem
+ec_prv.pk8nopubparam.pem: ec_prv.pk8nopubparam.der
+	$(OPENSSL) pkey -in $< -inform DER -out $@
+all_final += ec_prv.pk8nopubparam.pem
+ec_prv.pk8param.pem: ec_prv.pk8param.der
+	$(OPENSSL) pkey -in $< -inform DER -out $@
+all_final += ec_prv.pk8param.pem

 ################################################################
 ### Generate certificates for CRT write check tests
--- a/tests/data_files/ec_prv.pk8nopub.der
+++ b/tests/data_files/ec_prv.pk8nopub.der
--- a/tests/data_files/ec_prv.pk8nopub.pem
+++ b/tests/data_files/ec_prv.pk8nopub.pem
@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCDH78XUX+cxmTPQ1hVkYbu3VvBc9c82
+EyGKaGvkAo1Pkw==
+-----END PRIVATE KEY-----
--- a/tests/data_files/ec_prv.pk8nopubparam.der
+++ b/tests/data_files/ec_prv.pk8nopubparam.der
--- a/tests/data_files/ec_prv.pk8nopubparam.pem
+++ b/tests/data_files/ec_prv.pk8nopubparam.pem
@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+ME0CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEMzAxAgEBBCDH78XUX+cxmTPQ1hVkYbu3VvBc9c82
+EyGKaGvkAo1Pk6AKBggqhkjOPQMBBw==
+-----END PRIVATE KEY-----
--- a/tests/data_files/ec_prv.pk8param.der
+++ b/tests/data_files/ec_prv.pk8param.der
--- a/tests/data_files/ec_prv.pk8param.pem
+++ b/tests/data_files/ec_prv.pk8param.pem
@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQgx+/F1F/nMZkz0NYVZGG7t1bwXPXP
+NhMhimhr5AKNT5OgCgYIKoZIzj0DAQehRANCAARkJXH1LofHesYJwJkoZQ0ijCVrxDFEi8e/fc1d
+6DS2Hsk55TWpL953QEIDN8RmW01lejceK3jQWs0uGDenGCcM
+-----END PRIVATE KEY-----