feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

maintenance to PKCS12 create for outputting encrypted bundles

Browse Source
This commit is contained in:
Jacob Barthelmeh
2020-03-18 12:00:57 -06:00
parent 00630baa53
commit 09dedfbe17
2 changed files with 551 additions and 474 deletions
Download Patch File Download Diff File Expand all files Collapse all files

154
wolfcrypt/src/asn.c
View File

@ -3426,7 +3426,8 @@ int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz,
/* check key type and get OID if ECC */ /* check key type and get OID if ECC */
if ((ret = wc_GetKeyOID(key, keySz, &curveOID, &oidSz, &algoID, heap))< 0) { if ((ret = wc_GetKeyOID(key, keySz, &curveOID, &oidSz, &algoID, heap))< 0) {
return ret; WOLFSSL_MSG("Error getting key OID");
return ret;
} }
/* PKCS#8 wrapping around key */ /* PKCS#8 wrapping around key */
@ -3937,6 +3938,9 @@ exit_tte:
* heap possible heap hint for mallocs/frees * heap possible heap hint for mallocs/frees
* *
* returns the total size of encrypted content on success. * returns the total size of encrypted content on success.
*
* data returned is :
* [ seq - obj [ seq -salt,itt]] , construct with encrypted data
*/ */
int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
const char* password, int passwordSz, int vPKCS, int vAlgo, const char* password, int passwordSz, int vPKCS, int vAlgo,
@ -3947,6 +3951,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
word32 tmpIdx = 0; word32 tmpIdx = 0;
word32 totalSz = 0; word32 totalSz = 0;
word32 seqSz; word32 seqSz;
word32 innerSz;
int ret; int ret;
int version, id, blockSz = 0; int version, id, blockSz = 0;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@ -3956,6 +3961,11 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
byte saltTmp[MAX_SALT_SIZE]; byte saltTmp[MAX_SALT_SIZE];
byte cbcIv[MAX_IV_SIZE]; byte cbcIv[MAX_IV_SIZE];
#endif #endif
byte seq[MAX_SEQ_SZ];
byte shr[MAX_SHORT_SZ];
word32 maxShr = MAX_SHORT_SZ;
word32 algoSz;
const byte* algoName;
(void)heap; (void)heap;
@ -3976,58 +3986,51 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
/* calculate size */
/* size of constructed string at end */
sz = Pkcs8Pad(NULL, inputSz, blockSz);
totalSz = ASN_TAG_SZ;
totalSz += SetLength(sz, seq);
totalSz += sz;
/* size of sequence holding object id and sub sequence of salt and itt */
algoName = OidFromId(id, oidPBEType, &algoSz);
if (algoName == NULL) {
WOLFSSL_MSG("Unknown Algorithm");
return 0;
}
innerSz = SetObjectId(algoSz, seq);
innerSz += algoSz;
/* get subsequence of salt and itt */
if (salt == NULL || saltSz == 0) {
sz = 8;
}
else {
sz = saltSz;
}
seqSz = SetOctetString(sz, seq);
seqSz += sz;
tmpIdx = 0;
seqSz += SetShortInt(shr, &tmpIdx, itt, maxShr);
innerSz += seqSz + SetSequence(seqSz, seq);
totalSz += innerSz + SetSequence(innerSz, seq);
if (out == NULL) { if (out == NULL) {
sz = inputSz;
switch (id) {
#if !defined(NO_DES3) && (!defined(NO_MD5) || !defined(NO_SHA))
case PBE_MD5_DES:
case PBE_SHA1_DES:
case PBE_SHA1_DES3:
/* set to block size of 8 for DES operations. This rounds up
* to the nearest multiple of 8 */
sz &= 0xfffffff8;
sz += 8;
break;
#endif /* !NO_DES3 && (!NO_MD5 || !NO_SHA) */
#if !defined(NO_RC4) && !defined(NO_SHA)
case PBE_SHA1_RC4_128:
break;
#endif
case -1:
break;
default:
return ALGO_ID_E;
}
if (saltSz == 0) {
sz += MAX_SALT_SIZE;
}
else {
sz += saltSz;
}
/* add 2 for tags */
totalSz = sz + MAX_ALGO_SZ + MAX_SEQ_SZ + MAX_LENGTH_SZ +
MAX_LENGTH_SZ + MAX_LENGTH_SZ + MAX_SHORT_SZ + 2;
/* adjust size to pad */
totalSz = Pkcs8Pad(NULL, totalSz, blockSz);
/* return result */
*outSz = totalSz; *outSz = totalSz;
return LENGTH_ONLY_E; return LENGTH_ONLY_E;
} }
if (inOutIdx + MAX_ALGO_SZ + MAX_SEQ_SZ + 1 > *outSz) inOutIdx = 0;
if (totalSz > *outSz)
return BUFFER_E; return BUFFER_E;
sz = SetAlgoID(id, out + inOutIdx, oidPBEType, 0); inOutIdx += SetSequence(innerSz, out + inOutIdx);
inOutIdx += sz; totalSz += sz; inOutIdx += SetObjectId(algoSz, out + inOutIdx);
tmpIdx = inOutIdx; XMEMCPY(out + inOutIdx, algoName, algoSz);
tmpIdx += MAX_SEQ_SZ; /* save room for salt and itter sequence */ inOutIdx += algoSz;
out[tmpIdx++] = ASN_OCTET_STRING; inOutIdx += SetSequence(seqSz, out + inOutIdx);
/* create random salt if one not provided */ /* create random salt if one not provided */
if (salt == NULL || saltSz == 0) { if (salt == NULL || saltSz == 0) {
@ -4047,22 +4050,18 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
return ret; return ret;
} }
} }
inOutIdx += SetOctetString(saltSz, out + inOutIdx);
if (tmpIdx + MAX_LENGTH_SZ + saltSz + MAX_SHORT_SZ > *outSz) { if (saltSz + inOutIdx > *outSz) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
return BUFFER_E; return BUFFER_E;
} }
XMEMCPY(out + inOutIdx, salt, saltSz);
sz = SetLength(saltSz, out + tmpIdx); inOutIdx += saltSz;
tmpIdx += sz;
XMEMCPY(out + tmpIdx, salt, saltSz);
tmpIdx += saltSz;
/* place iteration setting in buffer */ /* place iteration setting in buffer */
ret = SetShortInt(out, &tmpIdx, itt, *outSz); ret = SetShortInt(out, &inOutIdx, itt, *outSz);
if (ret < 0) { if (ret < 0) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
@ -4070,13 +4069,27 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
return ret; return ret;
} }
/* rewind and place sequence */ if (inOutIdx + 1 > *outSz) {
sz = tmpIdx - inOutIdx - MAX_SEQ_SZ; #ifdef WOLFSSL_SMALL_STACK
seqSz = SetSequence(sz, out + inOutIdx); XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
XMEMMOVE(out + inOutIdx + seqSz, out + inOutIdx + MAX_SEQ_SZ, sz); #endif
inOutIdx += seqSz; totalSz += seqSz; return BUFFER_E;
inOutIdx += sz; totalSz += sz; }
out[inOutIdx++] = ASN_CONTEXT_SPECIFIC | 0;
/* get pad size and verify buffer room */
sz = Pkcs8Pad(NULL, inputSz, blockSz);
if (sz + inOutIdx > *outSz) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return BUFFER_E;
}
inOutIdx += SetLength(sz, out + inOutIdx);
/* copy input to output buffer and pad end */
XMEMCPY(out + inOutIdx, input, inputSz);
sz = Pkcs8Pad(out + inOutIdx, inputSz, blockSz);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
cbcIv = (byte*)XMALLOC(MAX_IV_SIZE, heap, DYNAMIC_TYPE_TMP_BUFFER); cbcIv = (byte*)XMALLOC(MAX_IV_SIZE, heap, DYNAMIC_TYPE_TMP_BUFFER);
if (cbcIv == NULL) { if (cbcIv == NULL) {
@ -4085,23 +4098,6 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
} }
#endif #endif
if (inOutIdx + 1 + MAX_LENGTH_SZ + inputSz > *outSz)
return BUFFER_E;
out[inOutIdx++] = ASN_CONTEXT_SPECIFIC | 0; totalSz++;
sz = SetLength(inputSz, out + inOutIdx);
inOutIdx += sz; totalSz += sz;
/* get pad size and verify buffer room */
sz = Pkcs8Pad(NULL, inputSz, blockSz);
if (sz + inOutIdx > *outSz)
return BUFFER_E;
/* copy input to output buffer and pad end */
XMEMCPY(out + inOutIdx, input, inputSz);
sz = Pkcs8Pad(out + inOutIdx, inputSz, blockSz);
totalSz += sz;
/* encrypt */ /* encrypt */
if ((ret = wc_CryptKey(password, passwordSz, salt, saltSz, itt, id, if ((ret = wc_CryptKey(password, passwordSz, salt, saltSz, itt, id,
out + inOutIdx, sz, version, cbcIv, 1, 0)) < 0) { out + inOutIdx, sz, version, cbcIv, 1, 0)) < 0) {
@ -4120,7 +4116,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
(void)rng; (void)rng;
return totalSz; return inOutIdx + sz;
} }

871
wolfcrypt/src/pkcs12.c
View File

File diff suppressed because it is too large Load Diff