From 1d67d9217e772491499eca4fed5a7c8ed196ea00 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Fri, 10 Jan 2014 15:17:03 -0700 Subject: [PATCH] initial PKCS#7 stubs, tie into ./configure --- configure.ac | 15 ++++ ctaocrypt/src/pkcs7.c | 135 ++++++++++++++++++++++++++++++++++++ cyassl/ctaocrypt/include.am | 1 + cyassl/ctaocrypt/pkcs7.h | 70 +++++++++++++++++++ src/include.am | 4 ++ 5 files changed, 225 insertions(+) create mode 100644 ctaocrypt/src/pkcs7.c create mode 100644 cyassl/ctaocrypt/pkcs7.h diff --git a/configure.ac b/configure.ac index c4b6c9be2..e2a570e0c 100644 --- a/configure.ac +++ b/configure.ac @@ -1215,6 +1215,20 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC" fi +# PKCS#7 +AC_ARG_ENABLE([pkcs7], + [ --enable-pkcs7 Enable PKCS7 (default: disabled)], + [ ENABLED_PKCS7=$enableval ], + [ ENABLED_PKCS7=no ] + ) + +if test "ENABLED_PKCS7" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS7" +fi + +AM_CONDITIONAL([BUILD_PKCS7], [test "x$ENABLED_PKCS7" = "xyes"]) + #valgrind AC_ARG_ENABLE([valgrind], [ --enable-valgrind Enable valgrind for unit tests (default: disabled)], @@ -1600,6 +1614,7 @@ echo " * SNI: $ENABLED_SNI" echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT" echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC" echo " * All TLS Extensions: $ENABLED_TLSX" +echo " * PKCS#7 $ENABLED_PKCS7" echo " * valgrind unit tests: $ENABLED_VALGRIND" echo " * LIBZ: $ENABLED_LIBZ" echo " * Examples: $ENABLED_EXAMPLES" diff --git a/ctaocrypt/src/pkcs7.c b/ctaocrypt/src/pkcs7.c new file mode 100644 index 000000000..269686609 --- /dev/null +++ b/ctaocrypt/src/pkcs7.c @@ -0,0 +1,135 @@ +/* pkcs7.c + * + * Copyright (C) 2006-2013 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#ifdef HAVE_PKCS7 + +#include +#include +#include + +CYASSL_LOCAL int SetContentType(int pkcs7TypeOID, byte* output) +{ + /* PKCS#7 content types */ + static const byte pkcs7[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x07 }; + static const byte data[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x07, 0x01 }; + static const byte signedData[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x07, 0x02}; + static const byte envelopedData[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x07, 0x03 }; + static const byte signedAndEnveloped[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x07, 0x04 }; + static const byte digestedData[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x07, 0x05 }; + static const byte encryptedData[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x07, 0x06 }; + + int idSz; + int typeSz = 0, idx = 0; + const byte* typeName = 0; + byte ID_Length[MAX_LENGTH_SZ]; + + switch (pkcs7TypeOID) { + case PKCS7: + typeSz = sizeof(pkcs7); + typeName = pkcs7; + break; + + case DATA: + typeSz = sizeof(data); + typeName = data; + break; + + case SIGNED_DATA: + typeSz = sizeof(signedData); + typeName = signedData; + break; + + case ENVELOPED_DATA: + typeSz = sizeof(envelopedData); + typeName = envelopedData; + break; + + case SIGNED_AND_ENVELOPED_DATA: + typeSz = sizeof(signedAndEnveloped); + typeName = signedAndEnveloped; + break; + + case DIGESTED_DATA: + typeSz = sizeof(digestedData); + typeName = digestedData; + break; + + case ENCRYPTED_DATA: + typeSz = sizeof(encryptedData); + typeName = encryptedData; + break; + + default: + CYASSL_MSG("Unknown PKCS#7 Type"); + return 0; + }; + + idSz = SetLength(typeSz, ID_Length); + output[idx++] = ASN_OBJECT_ID; + XMEMCPY(output + idx, ID_Length, idSz); + idx += idSz; + XMEMCPY(output + idx, typeName, typeSz); + idx += typeSz; + + return idx; + +} + +/* Create PKCS#7 envelopedData structure */ +int Pkcs7_encrypt(const byte* certs, word32 certSz, byte* data, word32 dataSz, + int cipher, byte* out, word32* outSz, word32 flags) +{ + (void)certs; + (void)certSz; + (void)data; + (void)dataSz; + (void)cipher; + (void)out; + (void)outSz; + (void)flags; + + return 0; +} + +#else /* HAVE_PKCS7 */ + + +#ifdef _MSC_VER + /* 4206 warning for blank file */ + #pragma warning(disable: 4206) +#endif + + +#endif /* HAVE_PKCS7 */ + diff --git a/cyassl/ctaocrypt/include.am b/cyassl/ctaocrypt/include.am index 8be43c5e1..5c38659ef 100644 --- a/cyassl/ctaocrypt/include.am +++ b/cyassl/ctaocrypt/include.am @@ -21,6 +21,7 @@ nobase_include_HEADERS+= \ cyassl/ctaocrypt/md4.h \ cyassl/ctaocrypt/md5.h \ cyassl/ctaocrypt/misc.h \ + cyassl/ctaocrypt/pkcs7.h \ cyassl/ctaocrypt/port.h \ cyassl/ctaocrypt/pwdbased.h \ cyassl/ctaocrypt/rabbit.h \ diff --git a/cyassl/ctaocrypt/pkcs7.h b/cyassl/ctaocrypt/pkcs7.h new file mode 100644 index 000000000..ceb7cdb5e --- /dev/null +++ b/cyassl/ctaocrypt/pkcs7.h @@ -0,0 +1,70 @@ +/* pkcs7.h + * + * Copyright (C) 2006-2013 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + + +#ifdef HAVE_PKCS7 + +#ifndef CTAO_CRYPT_PKCS7_H +#define CTAO_CRYPT_PKCS7_H + +#include +#include +#include +#include +#include + +#ifdef __cplusplus + extern "C" { +#endif + +enum PKCS7_TYPES { + PKCS7 = 650, /* 1.2.840.113549.1.7 */ + DATA = 651, /* 1.2.840.113549.1.7.1 */ + SIGNED_DATA = 652, /* 1.2.840.113549.1.7.2 */ + ENVELOPED_DATA = 653, /* 1.2.840.113549.1.7.3 */ + SIGNED_AND_ENVELOPED_DATA = 654, /* 1.2.840.113549.1.7.4 */ + DIGESTED_DATA = 655, /* 1.2.840.113549.1.7.5 */ + ENCRYPTED_DATA = 656 /* 1.2.840.113549.1.7.6 */ +}; + +enum Pkcs7_Misc { + MAX_RECIP_SZ = MAX_VERSION_SZ + + MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ + + MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + + MAX_ENCRYPTED_KEY_SZ + MAX_CONTENT_KEY_LEN = DES3_KEYLEN, + MAX_ENCRYPTED_KEY_SZ = 512, /* max enc. key size, RSA <= 4096 */ +}; + +CYASSL_API int Pkcs7_encrypt(const byte* certs, word32 certSz, byte* data, + word32 dataSz, int cipher, byte* out, + word32* outSz, word32 flags); + +CYASSL_LOCAL int SetContentType(int pkcs7TypeOID, byte* output); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* CTAO_CRYPT_PKCS7_H */ + +#endif /* HAVE_PKCS7 */ + diff --git a/src/include.am b/src/include.am index d187ab0d6..e57f0f6fc 100644 --- a/src/include.am +++ b/src/include.am @@ -136,3 +136,7 @@ if BUILD_LIBZ src_libcyassl_la_SOURCES += ctaocrypt/src/compress.c endif +if BUILD_PKCS7 +src_libcyassl_la_SOURCES += ctaocrypt/src/pkcs7.c +endif +