ccryptographyasn.1wolfssl

How to import der certificate in wolfssl using wc_EccPublicKeyDecode

I try to import a public key of a certificate to have it in ecc_key structure for further usage.

For this I found in the wolfssl API documentation this wc_EccPublicKeyDecode function. I tried to use it in to load the certificate into the ecc_key struct.

const byte b64_cert[] = "MIIB6TCCAY+gAwIBAgIJAPhfFTGxGQMtMAoGCCqGSM49BAMCMFExCzAJBgNVBAYT"
                        "AlhYMQswCQYDVQQIDAJYWDELMAkGA1UEBwwCWFgxCzAJBgNVBAoMAlhYMQswCQYD"
                        "VQQLDAJYWDEOMAwGA1UEAwwFWFhYWFgwHhcNMTkwOTE4MTExMDQ3WhcNMjAwOTE3"
                        "MTExMDQ3WjBRMQswCQYDVQQGEwJYWDELMAkGA1UECAwCWFgxCzAJBgNVBAcMAlhY"
                        "MQswCQYDVQQKDAJYWDELMAkGA1UECwwCWFgxDjAMBgNVBAMMBVhYWFhYMFkwEwYH"
                        "KoZIzj0CAQYIKoZIzj0DAQcDQgAEOJdKmIL9KXUMcrR2obrUuyDsWoj7GFYxnGAI"
                        "wKz7aWgKenLL9pOTs5xhIkeZIEekkRayhV++CqMzEHRJhF6vNaNQME4wHQYDVR0O"
                        "BBYEFKtf9OtFyPb7GIkxjXsc8LbI6p4xMB8GA1UdIwQYMBaAFKtf9OtFyPb7GIkx"
                        "jXsc8LbI6p4xMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhANN9YLSc"
                        "VcEQn/JEKcdPxdR70SnDkEa0hCrm3yiZqXSAAiB9krAmY/Shv2yq2sTD+84x7s9K"
                        "XcPcX00w1JyeaIbaDw==";

uint8_t der_cert[1000] = {0};
word32 size_of_cert = 1000;
ecc_key eccKey;
int wolfssl_ret = wc_ecc_init(&eccKey);

Base64_Decode(b64_cert, sizeof(b64_cert), der_cert, &size_of_cert);
word32 idx = 0;
wolfssl_ret = wc_EccPublicKeyDecode( der_cert, &idx, &eccKey, size_of_cert );
printf("wc_EccPublicKeyDecode failed! Wolfssl error = %d", wolfssl_ret);

But unfortunately I get always an ASN_OBJECT_ID_E (-144) error code:

wc_EccPublicKeyDecode failed! Wolfssl error = -144

So what am I doing wrong? Do I use the wrong function? How else could I import a DER/PEM certificate to an ecc_key structure?

Solution

  • Like you mentioned, you have a certificate and you're trying to pass it into an API that expects just a key, not a cert.

    Try using InitDecodedCert(), ParseCert(), to first decode the cert into it's respective parts in a DecodedCert structure. Then pass cert->publicKey to wc_EccPublicKeyDecode()! (Don't forget to FreeDecodedCert() when you're done).

    NOTE: You will need to use the setting WOLFSSL_TEST_CERT to expose ParseCert() to calling applications, it is an opaque API by default.

    You can contact the wolfSSL support team at support@wolfssl.com if you have any followup questions and for best response times.

    Thanks!