feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Improvements to EncryptedInfo. Added build option WOLFSSL_ENCRYPTED_KEYS to indicate support for EncryptedInfo. Improvements to wc_PBKDF1 to support more hash types and the non-standard extra data option.

Browse Source
This commit is contained in:
David Garske
2018-03-30 10:30:45 -07:00
parent f9e830bce7
commit 264496567a
20 changed files with 1043 additions and 1240 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
doc/dox_comments/header_files/ssl.h
View File

@@ -7227,7 +7227,6 @@ WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version);
\endcode \endcode
\sa PemToDer \sa PemToDer
\sa wolfssl_decrypt_buffer_key
*/ */
WOLFSSL_API int wolfSSL_KeyPemToDer(const unsigned char*, int, WOLFSSL_API int wolfSSL_KeyPemToDer(const unsigned char*, int,
unsigned char*, int, const char*); unsigned char*, int, const char*);
@@ -11338,7 +11337,7 @@ WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
_Example_ _Example_
\code \code
WOLFSSL_CTX* ctx; WOLFSSL_CTX* ctx;
Pem_password_cb cb; pem_password_cb cb;
// setup ctx // setup ctx
cb = wolfSSL_CTX_get_default_passwd_cb(ctx); cb = wolfSSL_CTX_get_default_passwd_cb(ctx);
//use cb //use cb

6
src/crl.c
View File

@@ -442,11 +442,7 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if (type == WOLFSSL_FILETYPE_PEM) { if (type == WOLFSSL_FILETYPE_PEM) {
int eccKey = 0; /* not used */ ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, NULL, NULL);
EncryptedInfo info;
info.ctx = NULL;
ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, &info, &eccKey);
if (ret == 0) { if (ret == 0) {
myBuffer = der->buffer; myBuffer = der->buffer;
sz = der->length; sz = der->length;

797
src/ssl.c
View File

File diff suppressed because it is too large Load Diff

529
wolfcrypt/src/asn.c
View File

@@ -57,6 +57,7 @@ ASN Options:
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/pwdbased.h> #include <wolfssl/wolfcrypt/pwdbased.h>
#include <wolfssl/wolfcrypt/des3.h> #include <wolfssl/wolfcrypt/des3.h>
#include <wolfssl/wolfcrypt/wc_encrypt.h>
#include <wolfssl/wolfcrypt/logging.h> #include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/random.h> #include <wolfssl/wolfcrypt/random.h>
@@ -7363,7 +7364,268 @@ const char* const END_PUB_KEY = "-----END PUBLIC KEY-----";
const char* const END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----"; const char* const END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----";
#endif #endif
#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA)
int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
{
int ret = BAD_FUNC_ARG;
switch (type) {
case CA_TYPE: /* same as below */
case TRUSTED_PEER_TYPE:
case CERT_TYPE:
if (header) *header = BEGIN_CERT;
if (footer) *footer = END_CERT;
ret = 0;
break;
case CRL_TYPE:
if (header) *header = BEGIN_X509_CRL;
if (footer) *footer = END_X509_CRL;
ret = 0;
break;
#ifndef NO_DH
case DH_PARAM_TYPE:
if (header) *header = BEGIN_DH_PARAM;
if (footer) *footer = END_DH_PARAM;
ret = 0;
break;
#endif
#ifndef NO_DSA
case DSA_PARAM_TYPE:
if (header) *header = BEGIN_DSA_PARAM;
if (footer) *footer = END_DSA_PARAM;
ret = 0;
break;
#endif
#ifdef WOLFSSL_CERT_REQ
case CERTREQ_TYPE:
if (header) *header = BEGIN_CERT_REQ;
if (footer) *footer = END_CERT_REQ;
ret = 0;
break;
#endif
#ifndef NO_DSA
case DSA_TYPE:
case DSA_PRIVATEKEY_TYPE:
if (header) *header = BEGIN_DSA_PRIV;
if (footer) *footer = END_DSA_PRIV;
ret = 0;
break;
#endif
#ifdef HAVE_ECC
case ECC_TYPE:
case ECC_PRIVATEKEY_TYPE:
if (header) *header = BEGIN_EC_PRIV;
if (footer) *footer = END_EC_PRIV;
ret = 0;
break;
#endif
case RSA_TYPE:
case PRIVATEKEY_TYPE:
if (header) *header = BEGIN_RSA_PRIV;
if (footer) *footer = END_RSA_PRIV;
ret = 0;
break;
#ifdef HAVE_ED25519
case ED25519_TYPE:
case EDDSA_PRIVATEKEY_TYPE:
if (header) *header = BEGIN_EDDSA_PRIV;
if (footer) *footer = END_EDDSA_PRIV;
ret = 0;
break;
#endif
case PUBLICKEY_TYPE:
if (header) *header = BEGIN_PUB_KEY;
if (footer) *footer = END_PUB_KEY;
ret = 0;
break;
default:
break;
}
return ret;
}
#ifdef WOLFSSL_ENCRYPTED_KEYS
static const char* const kProcTypeHeader = "Proc-Type";
static const char* const kDecInfoHeader = "DEK-Info";
static const char* const kEncTypeDes = "DES-CBC";
static const char* const kEncTypeDes3 = "DES-EDE3-CBC";
static const char* const kEncTypeAesCbc128 = "AES-128-CBC";
static const char* const kEncTypeAesCbc192 = "AES-192-CBC";
static const char* const kEncTypeAesCbc256 = "AES-256-CBC";
int wc_EncryptedInfoGet(EncryptedInfo* info, const char* cipherInfo)
{
int ret = 0;
if (info == NULL || cipherInfo == NULL)
return BAD_FUNC_ARG;
/* determine cipher information */
#ifndef NO_DES3
if (XSTRNCMP(cipherInfo, kEncTypeDes, XSTRLEN(kEncTypeDes)) == 0) {
info->cipherType = WC_CIPHER_DES;
info->keySz = DES_KEY_SIZE;
info->ivSz = DES_IV_SIZE;
}
else if (XSTRNCMP(cipherInfo, kEncTypeDes3, XSTRLEN(kEncTypeDes3)) == 0) {
info->cipherType = WC_CIPHER_DES3;
info->keySz = DES3_KEY_SIZE;
info->ivSz = DES_IV_SIZE;
}
else
#endif /* NO_DES3 */
#ifndef NO_AES
#ifdef HAVE_AES_CBC
#ifdef WOLFSSL_AES_128
if (XSTRNCMP(cipherInfo, kEncTypeAesCbc128, XSTRLEN(kEncTypeAesCbc128)) == 0) {
info->cipherType = WC_CIPHER_AES_CBC;
info->keySz = AES_128_KEY_SIZE;
info->ivSz = AES_IV_SIZE;
}
else
#endif
#ifdef WOLFSSL_AES_192
if (XSTRNCMP(cipherInfo, kEncTypeAesCbc192, XSTRLEN(kEncTypeAesCbc192)) == 0) {
info->cipherType = WC_CIPHER_AES_CBC;
info->keySz = AES_192_KEY_SIZE;
info->ivSz = AES_IV_SIZE;
}
else
#endif
#ifdef WOLFSSL_AES_256
if (XSTRNCMP(cipherInfo, kEncTypeAesCbc256, XSTRLEN(kEncTypeAesCbc256)) == 0) {
info->cipherType = WC_CIPHER_AES_CBC;
info->keySz = AES_256_KEY_SIZE;
info->ivSz = AES_IV_SIZE;
}
else
#endif
#endif /* HAVE_AES_CBC */
#endif /* NO_AES */
{
ret = NOT_COMPILED_IN;
}
return ret;
}
static int wc_EncryptedInfo_Parse(EncryptedInfo* info,
char** pBuffer, size_t bufSz)
{
int err = 0;
char* bufferStart;
char* bufferEnd;
char* line;
word32 lineSz;
char* finish;
word32 finishSz;
char* start = NULL;
word32 startSz;
char* newline = NULL;
if (info == NULL || pBuffer == NULL || bufSz == 0)
return BAD_FUNC_ARG;
bufferStart = *pBuffer;
bufferEnd = bufferStart + bufSz;
/* find encrypted info marker */
line = XSTRNSTR(bufferStart, kProcTypeHeader,
min((word32)bufSz, PEM_LINE_LEN));
if (line != NULL) {
if (line >= bufferEnd) {
return BUFFER_E;
}
lineSz = (word32)(bufferEnd - line);
/* find DEC-Info marker */
start = XSTRNSTR(line, kDecInfoHeader, min(lineSz, PEM_LINE_LEN));
if (start == NULL)
return BUFFER_E;
if (start >= bufferEnd)
return BUFFER_E;
/* skip dec-info and ": " */
start += XSTRLEN(kDecInfoHeader) + 2;
if (start[0] == ':')
start++;
if (start[0] == ' ')
start++;
startSz = (word32)(bufferEnd - start);
finish = XSTRNSTR(start, ",", min(startSz, PEM_LINE_LEN));
if ((start != NULL) && (finish != NULL) && (start < finish)) {
if (finish >= bufferEnd) {
return BUFFER_E;
}
finishSz = (word32)(bufferEnd - finish);
newline = XSTRNSTR(finish, "\r", min(finishSz, PEM_LINE_LEN));
if (NAME_SZ < (finish - start)) /* buffer size of info->name */
return BUFFER_E;
if (XMEMCPY(info->name, start, finish - start) == NULL)
return BUFFER_E;
info->name[finish - start] = '\0'; /* null term */
if (finishSz < sizeof(info->iv) + 1)
return BUFFER_E;
if (XMEMCPY(info->iv, finish + 1, sizeof(info->iv)) == NULL)
return BUFFER_E;
if (newline == NULL)
newline = XSTRNSTR(finish, "\n", min(finishSz,
PEM_LINE_LEN));
if ((newline != NULL) && (newline > finish)) {
info->ivSz = (word32)(newline - (finish + 1));
info->set = 1;
}
else
return BUFFER_E;
}
else
return BUFFER_E;
/* eat blank line */
while (newline < bufferEnd &&
(*newline == '\r' || *newline == '\n')) {
newline++;
}
/* return new headerEnd */
if (pBuffer)
*pBuffer = newline;
/* populate info */
err = wc_EncryptedInfoGet(info, info->name);
}
return err;
}
static int wc_EncryptedInfo_Append(char* dest, char* cipherInfo)
{
if (cipherInfo != NULL) {
size_t cipherInfoStrLen = XSTRLEN(cipherInfo);
if (cipherInfoStrLen > HEADER_ENCRYPTED_KEY_SIZE - (9+14+10+3))
cipherInfoStrLen = HEADER_ENCRYPTED_KEY_SIZE - (9+14+10+3);
XSTRNCAT(dest, kProcTypeHeader, 9);
XSTRNCAT(dest, ": 4,ENCRYPTED\n", 14);
XSTRNCAT(dest, kDecInfoHeader, 8);
XSTRNCAT(dest, ": ", 2);
XSTRNCAT(dest, cipherInfo, cipherInfoStrLen);
XSTRNCAT(dest, "\n\n", 3);
}
return 0;
}
#endif /* WOLFSSL_ENCRYPTED_KEYS */
#ifdef WOLFSSL_DER_TO_PEM
/* Used for compatibility API */ /* Used for compatibility API */
int wc_DerToPem(const byte* der, word32 derSz, int wc_DerToPem(const byte* der, word32 derSz,
@@ -7377,6 +7639,8 @@ int wc_DerToPem(const byte* der, word32 derSz,
int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
byte *cipher_info, int type) byte *cipher_info, int type)
{ {
const char* headerStr = NULL;
const char* footerStr = NULL;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
char* header = NULL; char* header = NULL;
char* footer = NULL; char* footer = NULL;
@@ -7393,6 +7657,10 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
if (der == output) /* no in place conversion */ if (der == output) /* no in place conversion */
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
err = wc_PemGetHeaderFooter(type, &headerStr, &footerStr);
if (err != 0)
return err;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
header = (char*)XMALLOC(headerLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); header = (char*)XMALLOC(headerLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (header == NULL) if (header == NULL)
@@ -7410,71 +7678,23 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
footer[--footerLen] = '\0'; footer[--footerLen] = '\0'; footer[--footerLen] = '\0'; footer[--footerLen] = '\0';
/* build header and footer based on type */ /* build header and footer based on type */
if (type == CERT_TYPE) { XSTRNCPY(header, headerStr, headerLen);
XSTRNCPY(header, BEGIN_CERT, headerLen); XSTRNCPY(footer, footerStr, footerLen);
XSTRNCPY(footer, END_CERT, footerLen);
}
else if (type == PRIVATEKEY_TYPE) {
XSTRNCPY(header, BEGIN_RSA_PRIV, headerLen);
XSTRNCPY(footer, END_RSA_PRIV, footerLen);
}
else if (type == PUBLICKEY_TYPE) {
XSTRNCPY(header, BEGIN_PUB_KEY, headerLen);
XSTRNCPY(footer, END_PUB_KEY, footerLen);
}
#ifndef NO_DSA
else if (type == DSA_PRIVATEKEY_TYPE) {
XSTRNCPY(header, BEGIN_DSA_PRIV, headerLen);
XSTRNCPY(footer, END_DSA_PRIV, footerLen);
}
#endif
#ifdef HAVE_ECC
else if (type == ECC_PRIVATEKEY_TYPE) {
XSTRNCPY(header, BEGIN_EC_PRIV, headerLen);
XSTRNCPY(footer, END_EC_PRIV, footerLen);
}
#endif
#ifdef HAVE_ED25519
else if (type == EDDSA_PRIVATEKEY_TYPE) {
XSTRNCPY(header, BEGIN_EDDSA_PRIV, headerLen);
XSTRNCPY(footer, END_EDDSA_PRIV, footerLen);
}
#endif
#ifdef WOLFSSL_CERT_REQ
else if (type == CERTREQ_TYPE) {
XSTRNCPY(header, BEGIN_CERT_REQ, headerLen);
XSTRNCPY(footer, END_CERT_REQ, footerLen);
}
#endif
#ifdef HAVE_CRL
else if (type == CRL_TYPE) {
XSTRNCPY(header, BEGIN_X509_CRL, headerLen);
XSTRNCPY(footer, END_X509_CRL, footerLen);
}
#endif
else {
#ifdef WOLFSSL_SMALL_STACK
XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return BAD_FUNC_ARG;
}
/* add new line to end */ /* add new line to end */
XSTRNCAT(header, "\n", 2); XSTRNCAT(header, "\n", 2);
XSTRNCAT(footer, "\n", 2); XSTRNCAT(footer, "\n", 2);
/* extra header information for encrypted key */ #ifdef WOLFSSL_ENCRYPTED_KEYS
if (cipher_info != NULL) { err = wc_EncryptedInfo_Append(header, (char*)cipher_info);
size_t cipherInfoStrLen = XSTRLEN((char*)cipher_info); if (err != 0) {
if (cipherInfoStrLen > HEADER_ENCRYPTED_KEY_SIZE - (23+10+3)) #ifdef WOLFSSL_SMALL_STACK
cipherInfoStrLen = HEADER_ENCRYPTED_KEY_SIZE - (23+10+3); XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XSTRNCAT(header, "Proc-Type: 4,ENCRYPTED\n", 23); #endif
XSTRNCAT(header, "DEK-Info: ", 10); return err;
XSTRNCAT(header, (char*)cipher_info, cipherInfoStrLen);
XSTRNCAT(header, "\n\n", 3);
} }
#endif
headerLen = (int)XSTRLEN(header); headerLen = (int)XSTRLEN(header);
footerLen = (int)XSTRLEN(footer); footerLen = (int)XSTRLEN(footer);
@@ -7544,7 +7764,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
return outLen + headerLen + footerLen; return outLen + headerLen + footerLen;
} }
#endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN || OPENSSL_EXTRA */ #endif /* WOLFSSL_DER_TO_PEM */
int AllocDer(DerBuffer** pDer, word32 length, int type, void* heap) int AllocDer(DerBuffer** pDer, word32 length, int type, void* heap)
{ {
@@ -7600,7 +7820,6 @@ void FreeDer(DerBuffer** pDer)
} }
} }
/* Remove PEM header/footer, convert to ASN1, store any encrypted data /* Remove PEM header/footer, convert to ASN1, store any encrypted data
info->consumed tracks of PEM bytes consumed in case multiple parts */ info->consumed tracks of PEM bytes consumed in case multiple parts */
int PemToDer(const unsigned char* buff, long longSz, int type, int PemToDer(const unsigned char* buff, long longSz, int type,
@@ -7620,46 +7839,12 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
WOLFSSL_ENTER("PemToDer"); WOLFSSL_ENTER("PemToDer");
switch (type) { /* get PEM header and footer based on type */
case CA_TYPE: /* same as below */ ret = wc_PemGetHeaderFooter(type, &header, &footer);
case TRUSTED_PEER_TYPE: if (ret != 0)
case CERT_TYPE: header=BEGIN_CERT; footer=END_CERT; return ret;
break;
case CRL_TYPE: header=BEGIN_X509_CRL; footer=END_X509_CRL;
break;
#ifndef NO_DH
case DH_PARAM_TYPE: header=BEGIN_DH_PARAM; footer=END_DH_PARAM;
break;
#endif
#ifndef NO_DSA
case DSA_PARAM_TYPE: header=BEGIN_DSA_PARAM; footer=END_DSA_PARAM;
break;
#endif
#ifdef WOLFSSL_CERT_REQ
case CERTREQ_TYPE: header=BEGIN_CERT_REQ; footer=END_CERT_REQ;
break;
#endif
#ifndef NO_DSA
case DSA_TYPE: header=BEGIN_DSA_PRIV; footer=END_DSA_PRIV;
break;
#endif
#ifdef HAVE_ECC
case ECC_TYPE: header=BEGIN_EC_PRIV; footer=END_EC_PRIV;
break;
#endif
case RSA_TYPE: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV;
break;
#ifdef HAVE_ED25519
case ED25519_TYPE: header=BEGIN_EDDSA_PRIV; footer=END_EDDSA_PRIV;
break;
#endif
case PUBLICKEY_TYPE: header=BEGIN_PUB_KEY; footer=END_PUB_KEY;
break;
default: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV;
break;
}
/* find header */ /* map header if not found for type */
for (;;) { for (;;) {
headerEnd = XSTRNSTR((char*)buff, header, sz); headerEnd = XSTRNSTR((char*)buff, header, sz);
@@ -7714,96 +7899,22 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
if (type == PRIVATEKEY_TYPE) { if (type == PRIVATEKEY_TYPE) {
if (eccKey) { if (eccKey) {
#ifdef HAVE_ECC #ifdef HAVE_ECC
*eccKey = header == BEGIN_EC_PRIV; *eccKey = (header == BEGIN_EC_PRIV) ? 1 : 0;
#else #else
*eccKey = 0; *eccKey = 0;
#endif #endif
} }
} }
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ #ifdef WOLFSSL_ENCRYPTED_KEYS
defined(HAVE_WEBSERVER) if (info) {
{ ret = wc_EncryptedInfo_Parse(info, &headerEnd, bufferEnd - headerEnd);
/* remove encrypted header if there */ if (ret < 0)
const char* const encHeader = "Proc-Type"; return ret;
word32 headerEndSz = (word32)(bufferEnd - headerEnd); if (info->set)
char* line = XSTRNSTR(headerEnd, encHeader, min(headerEndSz,
PEM_LINE_LEN));
if (line != NULL) {
word32 lineSz;
char* finish;
word32 finishSz;
char* start = NULL;
word32 startSz;
char* newline;
if (line >= bufferEnd) {
return BUFFER_E;
}
lineSz = (word32)(bufferEnd - line);
#ifndef NO_DES3
start = XSTRNSTR(line, "DES", min(lineSz, PEM_LINE_LEN));
#endif
#ifndef NO_AES
if (start == NULL) {
start = XSTRNSTR(line, "AES", min(lineSz, PEM_LINE_LEN));
}
#endif
(void)lineSz;
if (start == NULL) return BUFFER_E;
if (info == NULL) return BUFFER_E;
if (start >= bufferEnd) {
return BUFFER_E;
}
startSz = (word32)(bufferEnd - start);
finish = XSTRNSTR(start, ",", min(startSz, PEM_LINE_LEN));
if ((start != NULL) && (finish != NULL) && (start < finish)) {
if (finish >= bufferEnd) {
return BUFFER_E;
}
finishSz = (word32)(bufferEnd - finish);
newline = XSTRNSTR(finish, "\r", min(finishSz, PEM_LINE_LEN));
if (NAME_SZ < (finish - start)) /* buffer size of info->name*/
return BUFFER_E;
if (XMEMCPY(info->name, start, finish - start) == NULL)
return WOLFSSL_FATAL_ERROR;
info->name[finish - start] = 0;
if (finishSz < sizeof(info->iv) + 1)
return BUFFER_E;
if (XMEMCPY(info->iv, finish + 1, sizeof(info->iv)) == NULL)
return WOLFSSL_FATAL_ERROR;
if (newline == NULL)
newline = XSTRNSTR(finish, "\n", min(finishSz,
PEM_LINE_LEN));
if ((newline != NULL) && (newline > finish)) {
info->ivSz = (word32)(newline - (finish + 1));
info->set = 1;
}
else
return BUFFER_E;
}
else
return BUFFER_E;
/* eat blank line */
while (newline < bufferEnd &&
(*newline == '\r' || *newline == '\n'))
newline++;
headerEnd = newline;
encrypted_key = 1; encrypted_key = 1;
}
} }
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER */ #endif /* WOLFSSL_ENCRYPTED_KEYS */
/* find footer */ /* find footer */
footerEnd = XSTRNSTR((char*)buff, footer, sz); footerEnd = XSTRNSTR((char*)buff, footer, sz);
@@ -7855,25 +7966,30 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
return 0; return 0;
} }
#if (defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)) && !defined(NO_PWDBASED) #ifdef WOLFSSL_ENCRYPTED_KEYS
if (encrypted_key || header == BEGIN_ENC_PRIV_KEY) { if (encrypted_key || header == BEGIN_ENC_PRIV_KEY) {
int passwordSz; int passwordSz = NAME_SZ;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
char* password = NULL; char* password = NULL;
#else #else
char password[NAME_SZ]; char password[NAME_SZ];
#endif #endif
if (!info || !info->ctx || !info->ctx->passwd_cb) if (!info || !info->passwd_cb) {
return BUFFER_E; /* no callback error */ WOLFSSL_MSG("No password callback set");
return NO_PASSWORD;
}
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
password = (char*)XMALLOC(NAME_SZ, heap, DYNAMIC_TYPE_STRING); password = (char*)XMALLOC(passwordSz, heap, DYNAMIC_TYPE_STRING);
if (password == NULL) if (password == NULL)
return MEMORY_E; return MEMORY_E;
#endif #endif
passwordSz = info->ctx->passwd_cb(password, NAME_SZ, 0,
info->ctx->userdata); /* get password */
passwordSz = info->passwd_cb(password, passwordSz, PEM_PASS_READ,
info->passwd_userdata);
/* convert and adjust length */ /* convert and adjust length */
if (header == BEGIN_ENC_PRIV_KEY) { if (header == BEGIN_ENC_PRIV_KEY) {
ret = ToTraditionalEnc(der->buffer, der->length, ret = ToTraditionalEnc(der->buffer, der->length,
@@ -7889,19 +8005,16 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
} }
/* decrypt the key */ /* decrypt the key */
else { else {
ret = wolfssl_decrypt_buffer_key(der, (byte*)password, ret = wc_BufferKeyDecrypt(info, der->buffer, der->length,
passwordSz, info); (byte*)password, passwordSz);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(password, heap, DYNAMIC_TYPE_STRING); XFREE(password, heap, DYNAMIC_TYPE_STRING);
#endif #endif
if (ret != WOLFSSL_SUCCESS) {
return ret;
}
} }
} }
#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER || NO_PWDBASED */ #endif /* WOLFSSL_ENCRYPTED_KEYS */
return 0; return ret;
} }
int wc_PemToDer(const unsigned char* buff, long longSz, int type, int wc_PemToDer(const unsigned char* buff, long longSz, int type,
@@ -7918,16 +8031,13 @@ int wc_PemToDer(const unsigned char* buff, long longSz, int type,
int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
{ {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
EncryptedInfo* info = NULL;
byte staticBuffer[1]; /* force XMALLOC */ byte staticBuffer[1]; /* force XMALLOC */
#else #else
EncryptedInfo info[1];
byte staticBuffer[FILE_BUFFER_SIZE]; byte staticBuffer[FILE_BUFFER_SIZE];
#endif #endif
byte* fileBuf = staticBuffer; byte* fileBuf = staticBuffer;
int dynamic = 0; int dynamic = 0;
int ret = 0; int ret = 0;
int ecc = 0;
long sz = 0; long sz = 0;
XFILE file = XFOPEN(fileName, "rb"); XFILE file = XFOPEN(fileName, "rb");
DerBuffer* converted = NULL; DerBuffer* converted = NULL;
@@ -7950,7 +8060,7 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
WOLFSSL_MSG("File was larger then static buffer"); WOLFSSL_MSG("File was larger then static buffer");
return MEMORY_E; return MEMORY_E;
#endif #endif
fileBuf = (byte*)XMALLOC(sz, 0, DYNAMIC_TYPE_FILE); fileBuf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
if (fileBuf == NULL) if (fileBuf == NULL)
ret = MEMORY_E; ret = MEMORY_E;
else else
@@ -7962,20 +8072,7 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
ret = BUFFER_E; ret = BUFFER_E;
} }
else { else {
#ifdef WOLFSSL_SMALL_STACK ret = PemToDer(fileBuf, sz, CA_TYPE, &converted, 0, NULL,NULL);
info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
DYNAMIC_TYPE_ENCRYPTEDINFO);
if (info == NULL)
ret = MEMORY_E;
else
#endif
{
ret = PemToDer(fileBuf, sz, CA_TYPE, &converted,
0, info, &ecc);
#ifdef WOLFSSL_SMALL_STACK
XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
#endif
}
} }
if (ret == 0) { if (ret == 0) {
@@ -7992,7 +8089,7 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
XFCLOSE(file); XFCLOSE(file);
if (dynamic) if (dynamic)
XFREE(fileBuf, 0, DYNAMIC_TYPE_FILE); XFREE(fileBuf, NULL, DYNAMIC_TYPE_FILE);
} }
return ret; return ret;

50
wolfcrypt/src/hash.c
View File

@@ -154,6 +154,56 @@ int wc_HashGetDigestSize(enum wc_HashType hash_type)
return dig_size; return dig_size;
} }
/* Get Hash block size */
int wc_HashGetBlockSize(enum wc_HashType hash_type)
{
int block_size = HASH_TYPE_E; /* Default to hash type error */
switch (hash_type)
{
case WC_HASH_TYPE_MD5:
#ifndef NO_MD5
block_size = WC_MD5_BLOCK_SIZE;
#endif
break;
case WC_HASH_TYPE_SHA:
#ifndef NO_SHA
block_size = WC_SHA_BLOCK_SIZE;
#endif
break;
case WC_HASH_TYPE_SHA224:
#ifdef WOLFSSL_SHA224
block_size = WC_SHA224_BLOCK_SIZE;
#endif
break;
case WC_HASH_TYPE_SHA256:
#ifndef NO_SHA256
block_size = WC_SHA256_BLOCK_SIZE;
#endif
break;
case WC_HASH_TYPE_SHA384:
#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_SHA384)
block_size = WC_SHA384_BLOCK_SIZE;
#endif
break;
case WC_HASH_TYPE_SHA512:
#ifdef WOLFSSL_SHA512
block_size = WC_SHA512_BLOCK_SIZE;
#endif
break;
/* Not Supported */
case WC_HASH_TYPE_MD5_SHA:
case WC_HASH_TYPE_MD2:
case WC_HASH_TYPE_MD4:
case WC_HASH_TYPE_NONE:
default:
block_size = BAD_FUNC_ARG;
break;
}
return block_size;
}
/* Generic Hashing Wrapper */ /* Generic Hashing Wrapper */
int wc_Hash(enum wc_HashType hash_type, const byte* data, int wc_Hash(enum wc_HashType hash_type, const byte* data,
word32 data_len, byte* hash, word32 hash_len) word32 data_len, byte* hash, word32 hash_len)

458
wolfcrypt/src/pwdbased.c
View File

@@ -30,11 +30,9 @@
#include <wolfssl/wolfcrypt/pwdbased.h> #include <wolfssl/wolfcrypt/pwdbased.h>
#include <wolfssl/wolfcrypt/hmac.h> #include <wolfssl/wolfcrypt/hmac.h>
#include <wolfssl/wolfcrypt/hash.h>
#include <wolfssl/wolfcrypt/integer.h> #include <wolfssl/wolfcrypt/integer.h>
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
#include <wolfssl/wolfcrypt/sha512.h>
#endif
#ifdef NO_INLINE #ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h> #include <wolfssl/wolfcrypt/misc.h>
@@ -44,120 +42,112 @@
#endif #endif
#ifndef NO_SHA /* PKCS#5 v1.5 with non standard extension to optionally derive the extra data (IV) */
/* PBKDF1 needs at least SHA available */ int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen,
int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt, const byte* passwd, int passwdLen, const byte* salt, int saltLen,
int sLen, int iterations, int kLen, int hashType) int iterations, int hashType, void* heap)
{ {
wc_Sha sha; int err;
#ifndef NO_MD5 int keyLeft, ivLeft, i;
wc_Md5 md5; int digestLeft, store;
#endif int keyOutput = 0;
int hLen = (int)WC_SHA_DIGEST_SIZE; int diestLen;
int i, ret = 0; byte digest[WC_MAX_DIGEST_SIZE];
byte buffer[WC_SHA_DIGEST_SIZE]; /* max size */ #ifdef WOLFSSL_SMALL_STACK
wc_HashAlg* hash = NULL;
if (hashType != WC_MD5 && hashType != WC_SHA) #else
return BAD_FUNC_ARG; wc_HashAlg hash[1];
#ifndef NO_MD5
if (hashType == WC_MD5)
hLen = (int)WC_MD5_DIGEST_SIZE;
#endif #endif
if ((kLen > hLen) || (kLen < 0)) (void)heap;
return BAD_FUNC_ARG;
if (iterations < 1) err = wc_HashGetDigestSize(hashType);
return BAD_FUNC_ARG; if (err < 0)
return err;
diestLen = err;
switch (hashType) { if (key == NULL || keyLen < 0 || passwd == NULL || passwdLen == 0 ||
#ifndef NO_MD5 iterations < 1) {
case WC_MD5: return BAD_FUNC_ARG;
ret = wc_InitMd5(&md5);
if (ret != 0) {
return ret;
}
ret = wc_Md5Update(&md5, passwd, pLen);
if (ret != 0) {
return ret;
}
ret = wc_Md5Update(&md5, salt, sLen);
if (ret != 0) {
return ret;
}
ret = wc_Md5Final(&md5, buffer);
if (ret != 0) {
return ret;
}
break;
#endif /* NO_MD5 */
case WC_SHA:
default:
ret = wc_InitSha(&sha);
if (ret != 0)
return ret;
wc_ShaUpdate(&sha, passwd, pLen);
wc_ShaUpdate(&sha, salt, sLen);
wc_ShaFinal(&sha, buffer);
break;
} }
for (i = 1; i < iterations; i++) { /* initialize hash */
if (hashType == WC_SHA) { #ifdef WOLFSSL_SMALL_STACK
wc_ShaUpdate(&sha, buffer, hLen); hash = (wc_HashAlg*)XMALLOC(sizeof(wc_HashAlg), heap,
wc_ShaFinal(&sha, buffer); DYNAMIC_TYPE_HASHCTX);
} if (hash == NULL)
#ifndef NO_MD5 return MEMORY_E;
else {
ret = wc_Md5Update(&md5, buffer, hLen);
if (ret != 0) {
return ret;
}
ret = wc_Md5Final(&md5, buffer);
if (ret != 0) {
return ret;
}
}
#endif #endif
err = wc_HashInit(hash, hashType);
if (err != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(hash, heap, DYNAMIC_TYPE_HASHCTX);
#endif
return err;
} }
XMEMCPY(output, buffer, kLen);
keyLeft = keyLen;
ivLeft = ivLen;
while (keyOutput < (keyLen + ivLen)) {
digestLeft = diestLen;
/* D_(i - 1) */
if (keyOutput) /* first time D_0 is empty */
err = wc_HashUpdate(hash, hashType, digest, diestLen);
/* data */
if (err == 0)
err = wc_HashUpdate(hash, hashType, passwd, passwdLen);
/* salt */
if (salt && err == 0)
err = wc_HashUpdate(hash, hashType, salt, saltLen);
if (err == 0)
err = wc_HashFinal(hash, hashType, digest);
/* count */
if (err == 0) {
for (i = 1; i < iterations; i++) {
err = wc_HashUpdate(hash, hashType, digest, diestLen);
err = wc_HashFinal(hash, hashType, digest);
}
}
if (keyLeft) {
store = min(keyLeft, diestLen);
XMEMCPY(&key[keyLen - keyLeft], digest, store);
keyOutput += store;
keyLeft -= store;
digestLeft -= store;
}
if (ivLeft && digestLeft) {
store = min(ivLeft, digestLeft);
if (iv != NULL)
XMEMCPY(&iv[ivLen - ivLeft],
&digest[diestLen - digestLeft], store);
keyOutput += store;
ivLeft -= store;
}
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(hash, heap, DYNAMIC_TYPE_HASHCTX);
#endif
if (keyOutput != (keyLen + ivLen))
return BUFFER_E;
return 0; return 0;
} }
#endif /* NO_SHA */
/* PKCS#5 v1.5 */
int GetDigestSize(int hashType) int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
int sLen, int iterations, int kLen, int hashType)
{ {
int hLen; return wc_PBKDF1_ex(output, kLen, NULL, 0,
passwd, pLen, salt, sLen, iterations, hashType, NULL);
switch (hashType) {
#ifndef NO_MD5
case WC_MD5:
hLen = WC_MD5_DIGEST_SIZE;
break;
#endif
#ifndef NO_SHA
case WC_SHA:
hLen = WC_SHA_DIGEST_SIZE;
break;
#endif
#ifndef NO_SHA256
case WC_SHA256:
hLen = WC_SHA256_DIGEST_SIZE;
break;
#endif
#ifdef WOLFSSL_SHA512
case WC_SHA512:
hLen = WC_SHA512_DIGEST_SIZE;
break;
#endif
default:
return BAD_FUNC_ARG;
}
return hLen;
} }
@@ -167,14 +157,15 @@ int wc_PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
word32 i = 1; word32 i = 1;
int hLen; int hLen;
int j, ret; int j, ret;
Hmac hmac;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
byte* buffer; byte* buffer;
Hmac* hmac;
#else #else
byte buffer[WC_MAX_DIGEST_SIZE]; byte buffer[WC_MAX_DIGEST_SIZE];
Hmac hmac[1];
#endif #endif
hLen = GetDigestSize(hashType); hLen = wc_HashGetDigestSize(hashType);
if (hLen < 0) if (hLen < 0)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -182,16 +173,19 @@ int wc_PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
buffer = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); buffer = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (buffer == NULL) if (buffer == NULL)
return MEMORY_E; return MEMORY_E;
hmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_HMAC);
if (buffer == NULL)
return MEMORY_E;
#endif #endif
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); ret = wc_HmacInit(hmac, NULL, INVALID_DEVID);
if (ret == 0) { if (ret == 0) {
ret = wc_HmacSetKey(&hmac, hashType, passwd, pLen); ret = wc_HmacSetKey(hmac, hashType, passwd, pLen);
while (ret == 0 && kLen) { while (ret == 0 && kLen) {
int currentLen; int currentLen;
ret = wc_HmacUpdate(&hmac, salt, sLen); ret = wc_HmacUpdate(hmac, salt, sLen);
if (ret != 0) if (ret != 0)
break; break;
@@ -199,7 +193,7 @@ int wc_PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
for (j = 0; j < 4; j++) { for (j = 0; j < 4; j++) {
byte b = (byte)(i >> ((3-j) * 8)); byte b = (byte)(i >> ((3-j) * 8));
ret = wc_HmacUpdate(&hmac, &b, 1); ret = wc_HmacUpdate(hmac, &b, 1);
if (ret != 0) if (ret != 0)
break; break;
} }
@@ -208,7 +202,7 @@ int wc_PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
if (ret != 0) if (ret != 0)
break; break;
ret = wc_HmacFinal(&hmac, buffer); ret = wc_HmacFinal(hmac, buffer);
if (ret != 0) if (ret != 0)
break; break;
@@ -216,10 +210,10 @@ int wc_PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
XMEMCPY(output, buffer, currentLen); XMEMCPY(output, buffer, currentLen);
for (j = 1; j < iterations; j++) { for (j = 1; j < iterations; j++) {
ret = wc_HmacUpdate(&hmac, buffer, hLen); ret = wc_HmacUpdate(hmac, buffer, hLen);
if (ret != 0) if (ret != 0)
break; break;
ret = wc_HmacFinal(&hmac, buffer); ret = wc_HmacFinal(hmac, buffer);
if (ret != 0) if (ret != 0)
break; break;
xorbuf(output, buffer, currentLen); xorbuf(output, buffer, currentLen);
@@ -233,194 +227,64 @@ int wc_PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
kLen -= currentLen; kLen -= currentLen;
i++; i++;
} }
wc_HmacFree(&hmac); wc_HmacFree(hmac);
} }
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(hmac, NULL, DYNAMIC_TYPE_HMAC);
#endif #endif
return ret; return ret;
} }
#ifdef WOLFSSL_SHA512
#define PBKDF_DIGEST_SIZE WC_SHA512_BLOCK_SIZE
#elif !defined(NO_SHA256)
#define PBKDF_DIGEST_SIZE WC_SHA256_BLOCK_SIZE
#else
#define PBKDF_DIGEST_SIZE WC_SHA_DIGEST_SIZE
#endif
/* helper for wc_PKCS12_PBKDF(), sets block and digest sizes */
int GetPKCS12HashSizes(int hashType, word32* v, word32* u)
{
if (!v || !u)
return BAD_FUNC_ARG;
switch (hashType) {
#ifndef NO_MD5
case WC_MD5:
*v = WC_MD5_BLOCK_SIZE;
*u = WC_MD5_DIGEST_SIZE;
break;
#endif
#ifndef NO_SHA
case WC_SHA:
*v = WC_SHA_BLOCK_SIZE;
*u = WC_SHA_DIGEST_SIZE;
break;
#endif
#ifndef NO_SHA256
case WC_SHA256:
*v = WC_SHA256_BLOCK_SIZE;
*u = WC_SHA256_DIGEST_SIZE;
break;
#endif
#ifdef WOLFSSL_SHA512
case WC_SHA512:
*v = WC_SHA512_BLOCK_SIZE;
*u = WC_SHA512_DIGEST_SIZE;
break;
#endif
default:
return BAD_FUNC_ARG;
}
return 0;
}
/* helper for PKCS12_PBKDF(), does hash operation */ /* helper for PKCS12_PBKDF(), does hash operation */
int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen, static int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
byte* Ai, word32 u, int iterations) byte* Ai, word32 u, int iterations)
{ {
int i; int i;
int ret = 0; int ret = 0;
#ifdef WOLFSSL_SMALL_STACK
wc_HashAlg* hash = NULL;
#else
wc_HashAlg hash[1];
#endif
if (buffer == NULL || Ai == NULL) if (buffer == NULL || Ai == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
switch (hashType) { /* initialize hash */
#ifndef NO_MD5 #ifdef WOLFSSL_SMALL_STACK
case WC_MD5: hash = (wc_HashAlg*)XMALLOC(sizeof(wc_HashAlg), NULL,
{ DYNAMIC_TYPE_HASHCTX);
wc_Md5 md5; if (hash == NULL)
ret = wc_InitMd5(&md5); return MEMORY_E;
if (ret != 0) { #endif
break;
}
ret = wc_Md5Update(&md5, buffer, totalLen);
if (ret != 0) {
break;
}
ret = wc_Md5Final(&md5, Ai);
if (ret != 0) {
break;
}
for (i = 1; i < iterations; i++) { ret = wc_HashInit(hash, hashType);
ret = wc_Md5Update(&md5, Ai, u); if (ret != 0) {
if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK
break; XFREE(hash, NULL, DYNAMIC_TYPE_HASHCTX);
} #endif
ret = wc_Md5Final(&md5, Ai); return ret;
if (ret != 0) {
break;
}
}
}
break;
#endif /* NO_MD5 */
#ifndef NO_SHA
case WC_SHA:
{
wc_Sha sha;
ret = wc_InitSha(&sha);
if (ret != 0)
break;
ret = wc_ShaUpdate(&sha, buffer, totalLen);
if (ret != 0) {
break;
}
ret = wc_ShaFinal(&sha, Ai);
if (ret != 0) {
break;
}
for (i = 1; i < iterations; i++) {
ret = wc_ShaUpdate(&sha, Ai, u);
if (ret != 0) {
break;
}
ret = wc_ShaFinal(&sha, Ai);
if (ret != 0) {
break;
}
}
}
break;
#endif /* NO_SHA */
#ifndef NO_SHA256
case WC_SHA256:
{
wc_Sha256 sha256;
ret = wc_InitSha256(&sha256);
if (ret != 0)
break;
ret = wc_Sha256Update(&sha256, buffer, totalLen);
if (ret != 0)
break;
ret = wc_Sha256Final(&sha256, Ai);
if (ret != 0)
break;
for (i = 1; i < iterations; i++) {
ret = wc_Sha256Update(&sha256, Ai, u);
if (ret != 0)
break;
ret = wc_Sha256Final(&sha256, Ai);
if (ret != 0)
break;
}
}
break;
#endif /* NO_SHA256 */
#ifdef WOLFSSL_SHA512
case WC_SHA512:
{
wc_Sha512 sha512;
ret = wc_InitSha512(&sha512);
if (ret != 0)
break;
ret = wc_Sha512Update(&sha512, buffer, totalLen);
if (ret != 0)
break;
ret = wc_Sha512Final(&sha512, Ai);
if (ret != 0)
break;
for (i = 1; i < iterations; i++) {
ret = wc_Sha512Update(&sha512, Ai, u);
if (ret != 0)
break;
ret = wc_Sha512Final(&sha512, Ai);
if (ret != 0)
break;
}
}
break;
#endif /* WOLFSSL_SHA512 */
default:
ret = BAD_FUNC_ARG;
break;
} }
ret = wc_HashUpdate(hash, hashType, buffer, totalLen);
if (ret == 0)
ret = wc_HashFinal(hash, hashType, Ai);
for (i = 1; i < iterations; i++) {
if (ret == 0)
ret = wc_HashUpdate(hash, hashType, Ai, u);
if (ret == 0)
ret = wc_HashFinal(hash, hashType, Ai);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(hash, NULL, DYNAMIC_TYPE_HASHCTX);
#endif
return ret; return ret;
} }
@@ -455,8 +319,8 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen,
byte* Ai; byte* Ai;
byte* B; byte* B;
#else #else
byte Ai[PBKDF_DIGEST_SIZE]; byte Ai[WC_MAX_DIGEST_SIZE];
byte B[PBKDF_DIGEST_SIZE]; byte B[WC_MAX_BLOCK_SIZE];
#endif #endif
(void)heap; (void)heap;
@@ -464,27 +328,33 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen,
if (!iterations) if (!iterations)
iterations = 1; iterations = 1;
ret = GetPKCS12HashSizes(hashType, &v, &u); ret = wc_HashGetDigestSize(hashType);
if (ret < 0) if (ret < 0)
return BAD_FUNC_ARG; return ret;
u = ret;
ret = wc_HashGetBlockSize(hashType);
if (ret < 0)
return ret;
v = ret;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
Ai = (byte*)XMALLOC(PBKDF_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); Ai = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, heap, DYNAMIC_TYPE_TMP_BUFFER);
if (Ai == NULL) if (Ai == NULL)
return MEMORY_E; return MEMORY_E;
B = (byte*)XMALLOC(PBKDF_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); B = (byte*)XMALLOC(WC_MAX_BLOCK_SIZE, heap, DYNAMIC_TYPE_TMP_BUFFER);
if (B == NULL) { if (B == NULL) {
XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(Ai, heap, DYNAMIC_TYPE_TMP_BUFFER);
return MEMORY_E; return MEMORY_E;
} }
#endif #endif
XMEMSET(Ai, 0, PBKDF_DIGEST_SIZE); XMEMSET(Ai, 0, WC_MAX_DIGEST_SIZE);
XMEMSET(B, 0, PBKDF_DIGEST_SIZE); XMEMSET(B, 0, WC_MAX_BLOCK_SIZE);
dLen = v; dLen = v;
sLen = v * ((saltLen + v - 1) / v); sLen = v * ((saltLen + v - 1) / v);
if (passLen) if (passLen)
pLen = v * ((passLen + v - 1) / v); pLen = v * ((passLen + v - 1) / v);
else else
@@ -497,8 +367,8 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen,
buffer = (byte*)XMALLOC(totalLen, heap, DYNAMIC_TYPE_KEY); buffer = (byte*)XMALLOC(totalLen, heap, DYNAMIC_TYPE_KEY);
if (buffer == NULL) { if (buffer == NULL) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(Ai, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(B, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(B, heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
return MEMORY_E; return MEMORY_E;
} }
@@ -585,8 +455,8 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen,
if (dynamic) XFREE(buffer, heap, DYNAMIC_TYPE_KEY); if (dynamic) XFREE(buffer, heap, DYNAMIC_TYPE_KEY);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(Ai, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(B, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(B, heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
return ret; return ret;
@@ -829,7 +699,7 @@ end:
} }
#endif #endif
#undef PBKDF_DIGEST_SIZE #undef WC_MAX_DIGEST_SIZE
#endif /* NO_PWDBASED */ #endif /* NO_PWDBASED */

123
wolfcrypt/src/wc_encrypt.c
View File

@@ -27,9 +27,19 @@
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/aes.h> #include <wolfssl/wolfcrypt/aes.h>
#include <wolfssl/wolfcrypt/des3.h> #include <wolfssl/wolfcrypt/des3.h>
#include <wolfssl/wolfcrypt/hash.h>
#include <wolfssl/wolfcrypt/wc_encrypt.h> #include <wolfssl/wolfcrypt/wc_encrypt.h>
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/wolfcrypt/coding.h>
#include <wolfssl/wolfcrypt/pwdbased.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#endif
#if !defined(NO_AES) && defined(HAVE_AES_CBC) #if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifdef HAVE_AES_DECRYPT #ifdef HAVE_AES_DECRYPT
@@ -224,3 +234,116 @@ int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
} }
#endif /* !NO_DES3 */ #endif /* !NO_DES3 */
#ifdef WOLFSSL_ENCRYPTED_KEYS
int wc_BufferKeyDecrypt(EncryptedInfo* info, byte* der, word32 derSz,
const byte* password, int passwordSz)
{
int ret;
#ifdef WOLFSSL_SMALL_STACK
byte* key = NULL;
#else
byte key[AES_MAX_KEY_SIZE];
#endif
(void)derSz;
if (der == NULL || password == NULL || info == NULL || info->keySz == 0) {
return BAD_FUNC_ARG;
}
/* use file's salt for key derivation, hex decode first */
if (Base16_Decode(info->iv, info->ivSz, info->iv, &info->ivSz) != 0) {
return BUFFER_E;
}
#ifdef WOLFSSL_SMALL_STACK
key = (byte*)XMALLOC(AES_MAX_KEY_SIZE, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);
if (key == NULL) {
return MEMORY_E;
}
#endif
if ((ret = wc_PBKDF1(key, password, passwordSz, info->iv, info->ivSz, 1,
info->keySz, info->hashType)) != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);
#endif
return ret;
}
ret = NOT_COMPILED_IN; /* set error in case no cipher is enabled/matched */
#ifndef NO_DES3
if (info->cipherType == WC_CIPHER_DES)
ret = wc_Des_CbcDecryptWithKey(der, der, derSz, key, info->iv);
if (info->cipherType == WC_CIPHER_DES3)
ret = wc_Des3_CbcDecryptWithKey(der, der, derSz, key, info->iv);
#endif /* NO_DES3 */
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT)
if (info->cipherType == WC_CIPHER_AES_CBC)
ret = wc_AesCbcDecryptWithKey(der, der, derSz, key, info->keySz,
info->iv);
#endif /* !NO_AES && HAVE_AES_CBC && HAVE_AES_DECRYPT */
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);
#endif
return ret;
}
int wc_BufferKeyEncrypt(EncryptedInfo* info, byte* der, word32 derSz,
const byte* password, int passwordSz)
{
int ret;
#ifdef WOLFSSL_SMALL_STACK
byte* key = NULL;
#else
byte key[AES_MAX_KEY_SIZE];
#endif
(void)derSz;
if (der == NULL || password == NULL || info == NULL || info->keySz == 0 ||
info->ivSz == 0) {
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_SMALL_STACK
key = (byte*)XMALLOC(AES_MAX_KEY_SIZE, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);
if (key == NULL) {
return MEMORY_E;
}
#endif /* WOLFSSL_SMALL_STACK */
if ((ret = wc_PBKDF1(key, password, passwordSz, info->iv, info->ivSz, 1,
info->keySz, info->hashType)) != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);
#endif
return ret;
}
ret = NOT_COMPILED_IN; /* set error in case no cipher is enabled/matched */
#ifndef NO_DES3
if (info->cipherType == WC_CIPHER_DES)
ret = wc_Des_CbcEncryptWithKey(der, der, derSz, key, info->iv);
if (info->cipherType == WC_CIPHER_DES3)
ret = wc_Des3_CbcEncryptWithKey(der, der, derSz, key, info->iv);
#endif /* NO_DES3 */
#ifndef NO_AES
if (info->cipherType == WC_CIPHER_AES_CBC)
ret = wc_AesCbcEncryptWithKey(der, der, derSz, key, info->keySz,
info->iv);
#endif /* NO_AES */
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);
#endif
return ret;
}
#endif /* WOLFSSL_ENCRYPTED_KEYS */

17
wolfssl/internal.h
View File

@@ -1069,7 +1069,6 @@ enum Misc {
COMPRESS_UPPER = 55, /* compression calc numerator */ COMPRESS_UPPER = 55, /* compression calc numerator */
COMPRESS_LOWER = 64, /* compression calc denominator */ COMPRESS_LOWER = 64, /* compression calc denominator */
PEM_LINE_LEN = 80, /* PEM line max + fudge */
LENGTH_SZ = 2, /* length field for HMAC, data only */ LENGTH_SZ = 2, /* length field for HMAC, data only */
VERSION_SZ = 2, /* length of proctocol version */ VERSION_SZ = 2, /* length of proctocol version */
SEQ_SZ = 8, /* 64 bit sequence number */ SEQ_SZ = 8, /* 64 bit sequence number */
@@ -1152,15 +1151,6 @@ enum Misc {
MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
RC4_KEY_SIZE = 16, /* always 128bit */
DES_KEY_SIZE = 8, /* des */
DES3_KEY_SIZE = 24, /* 3 des ede */
DES_IV_SIZE = DES_BLOCK_SIZE,
AES_256_KEY_SIZE = 32, /* for 256 bit */
AES_192_KEY_SIZE = 24, /* for 192 bit */
AES_IV_SIZE = 16, /* always block size */
AES_128_KEY_SIZE = 16, /* for 128 bit */
AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */ AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */
AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */ AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */
AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */ AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */
@@ -1238,8 +1228,6 @@ enum Misc {
MAX_X509_SIZE = 2048, /* max static x509 buffer size */ MAX_X509_SIZE = 2048, /* max static x509 buffer size */
CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */ CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input,
will use dynamic buffer if not big enough */
MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */ MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */ MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
@@ -2428,10 +2416,9 @@ struct WOLFSSL_CTX {
#ifdef HAVE_ANON #ifdef HAVE_ANON
byte haveAnon; /* User wants to allow Anon suites */ byte haveAnon; /* User wants to allow Anon suites */
#endif /* HAVE_ANON */ #endif /* HAVE_ANON */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ #ifdef WOLFSSL_ENCRYPTED_KEYS
defined(HAVE_WEBSERVER)
pem_password_cb* passwd_cb; pem_password_cb* passwd_cb;
void* userdata; void* passwd_userdata;
#endif #endif
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */ WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */

7
wolfssl/ssl.h
View File

@@ -33,6 +33,7 @@
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/version.h> #include <wolfssl/version.h>
#include <wolfssl/wolfcrypt/logging.h> #include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/asn_public.h>
#ifdef HAVE_WOLF_EVENT #ifdef HAVE_WOLF_EVENT
#include <wolfssl/wolfcrypt/wolfevent.h> #include <wolfssl/wolfcrypt/wolfevent.h>
@@ -592,7 +593,6 @@ WOLFSSL_API
#endif /* SESSION_INDEX && SESSION_CERTS */ #endif /* SESSION_INDEX && SESSION_CERTS */
typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*); typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*);
typedef int (pem_password_cb)(char*, int, int, void*);
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
typedef void (CallbackInfoState)(const WOLFSSL*, int, int); typedef void (CallbackInfoState)(const WOLFSSL*, int, int);
@@ -958,7 +958,8 @@ WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX*,
void* userdata); void* userdata);
WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX*, WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX*,
pem_password_cb*); pem_password_cb*);
WOLFSSL_API pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx);
WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx);
WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*, WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*,
void (*)(const WOLFSSL* ssl, int type, int val)); void (*)(const WOLFSSL* ssl, int type, int val));
@@ -2519,8 +2520,6 @@ WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl,
unsigned char *out, size_t outlen); unsigned char *out, size_t outlen);
WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl, WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
unsigned char* out, size_t outSz); unsigned char* out, size_t outSz);
WOLFSSL_API pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx);
WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx);
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX

7
wolfssl/wolfcrypt/aes.h
View File

@@ -73,7 +73,12 @@ enum {
AES_ENCRYPTION = 0, AES_ENCRYPTION = 0,
AES_DECRYPTION = 1, AES_DECRYPTION = 1,
KEYWRAP_BLOCK_SIZE = 8, KEYWRAP_BLOCK_SIZE = 8,
AES_BLOCK_SIZE = 16 AES_BLOCK_SIZE = 16,
AES_128_KEY_SIZE = 16, /* for 128 bit */
AES_256_KEY_SIZE = 32, /* for 256 bit */
AES_192_KEY_SIZE = 24, /* for 192 bit */
AES_IV_SIZE = 16, /* always block size */
}; };

3
wolfssl/wolfcrypt/arc4.h
View File

@@ -38,7 +38,8 @@
enum { enum {
ARC4_ENC_TYPE = 4, /* cipher unique type */ ARC4_ENC_TYPE = 4, /* cipher unique type */
ARC4_STATE_SIZE = 256 ARC4_STATE_SIZE = 256,
RC4_KEY_SIZE = 16, /* always 128bit */
}; };
/* ARC4 encryption and decryption */ /* ARC4 encryption and decryption */

45
wolfssl/wolfcrypt/asn.h
View File

@@ -221,13 +221,21 @@ enum Misc_ASN {
EIGHTK_BUF = 8192, /* Tmp buffer size */ EIGHTK_BUF = 8192, /* Tmp buffer size */
MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2, MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2,
/* use bigger NTRU size */ /* use bigger NTRU size */
#ifdef WOLFSSL_ENCRYPTED_KEYS
HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */ HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */
#else
HEADER_ENCRYPTED_KEY_SIZE = 0,
#endif
TRAILING_ZERO = 1, /* Used for size of zero pad */ TRAILING_ZERO = 1, /* Used for size of zero pad */
MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */ MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \ #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
MAX_TIME_STRING_SZ = 25, /* Max length of formatted time string */ MAX_TIME_STRING_SZ = 25, /* Max length of formatted time string */
#endif #endif
PEM_LINE_LEN = 80, /* PEM line max + fudge */
FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input,
will use dynamic buffer if not big enough */
}; };
@@ -713,43 +721,6 @@ struct DecodedCert {
}; };
extern const char* const BEGIN_CERT;
extern const char* const END_CERT;
#ifdef WOLFSSL_CERT_REQ
extern const char* const BEGIN_CERT_REQ;
extern const char* const END_CERT_REQ;
#endif
#ifndef NO_DSA
extern const char* const BEGIN_DSA_PARAM;
extern const char* const END_DSA_PARAM;
#endif
#ifndef NO_DH
extern const char* const BEGIN_DH_PARAM;
extern const char* const END_DH_PARAM;
#endif
extern const char* const BEGIN_X509_CRL;
extern const char* const END_X509_CRL;
extern const char* const BEGIN_RSA_PRIV;
extern const char* const END_RSA_PRIV;
extern const char* const BEGIN_PRIV_KEY;
extern const char* const END_PRIV_KEY;
extern const char* const BEGIN_ENC_PRIV_KEY;
extern const char* const END_ENC_PRIV_KEY;
#ifdef HAVE_ECC
extern const char* const BEGIN_EC_PRIV;
extern const char* const END_EC_PRIV;
#endif
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || !defined(NO_DSA)
extern const char* const BEGIN_DSA_PRIV;
extern const char* const END_DSA_PRIV;
#endif
extern const char* const BEGIN_PUB_KEY;
extern const char* const END_PUB_KEY;
#ifdef HAVE_ED25519
extern const char* const BEGIN_EDDSA_PRIV;
extern const char* const END_EDDSA_PRIV;
#endif
#ifdef NO_SHA #ifdef NO_SHA
#define SIGNER_DIGEST_SIZE WC_SHA256_DIGEST_SIZE #define SIGNER_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
#else #else

69
wolfssl/wolfcrypt/asn_public.h
View File

@@ -125,17 +125,31 @@ typedef struct DerBuffer {
} DerBuffer; } DerBuffer;
enum { enum {
IV_SZ = 32, /* max iv sz */ IV_SZ = 32, /* max iv sz */
NAME_SZ = 80 /* max one line */ NAME_SZ = 80, /* max one line */
PEM_PASS_READ = 0,
PEM_PASS_WRITE = 1,
}; };
typedef int (pem_password_cb)(char* passwd, int sz, int rw, void* userdata);
typedef struct EncryptedInfo { typedef struct EncryptedInfo {
char name[NAME_SZ]; /* encryption name */ pem_password_cb* passwd_cb;
byte iv[IV_SZ]; /* encrypted IV */ void* passwd_userdata;
word32 ivSz; /* encrypted IV size */
long consumed; /* tracks PEM bytes consumed */ long consumed; /* tracks PEM bytes consumed */
byte set; /* if encryption set */
struct WOLFSSL_CTX* ctx; /* CTX owner */ int cipherType;
int hashType;
word32 keySz;
word32 ivSz; /* salt or encrypted IV size */
char name[NAME_SZ]; /* cipher name, such as "DES-CBC" */
byte iv[IV_SZ]; /* salt or encrypted IV */
byte set:1; /* if encryption set */
} EncryptedInfo; } EncryptedInfo;
@@ -248,32 +262,32 @@ typedef struct Cert {
keyType = RSA_KEY (default) keyType = RSA_KEY (default)
*/ */
WOLFSSL_API int wc_InitCert(Cert*); WOLFSSL_API int wc_InitCert(Cert*);
WOLFSSL_API int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, WOLFSSL_API int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz,
int keyType, void* key, WC_RNG* rng); int keyType, void* key, WC_RNG* rng);
WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
ecc_key*, WC_RNG*); ecc_key*, WC_RNG*);
#ifdef WOLFSSL_CERT_REQ #ifdef WOLFSSL_CERT_REQ
WOLFSSL_API int wc_MakeCertReq_ex(Cert*, byte* derBuffer, word32 derSz, WOLFSSL_API int wc_MakeCertReq_ex(Cert*, byte* derBuffer, word32 derSz,
int, void*); int, void*);
WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz, WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz,
RsaKey*, ecc_key*); RsaKey*, ecc_key*);
#endif #endif
WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buffer, WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buffer,
word32 buffSz, int keyType, void* key, word32 buffSz, int keyType, void* key,
WC_RNG* rng); WC_RNG* rng);
WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer, WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer,
word32 derSz, RsaKey*, ecc_key*, WC_RNG*); word32 derSz, RsaKey*, ecc_key*, WC_RNG*);
WOLFSSL_API int wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, WOLFSSL_API int wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
WC_RNG*); WC_RNG*);
WOLFSSL_API int wc_SetIssuer(Cert*, const char*); WOLFSSL_API int wc_SetIssuer(Cert*, const char*);
WOLFSSL_API int wc_SetSubject(Cert*, const char*); WOLFSSL_API int wc_SetSubject(Cert*, const char*);
#ifdef WOLFSSL_ALT_NAMES #ifdef WOLFSSL_ALT_NAMES
WOLFSSL_API int wc_SetAltNames(Cert*, const char*); WOLFSSL_API int wc_SetAltNames(Cert*, const char*);
#endif #endif
WOLFSSL_API int wc_SetIssuerBuffer(Cert*, const byte*, int); WOLFSSL_API int wc_SetIssuerBuffer(Cert*, const byte*, int);
WOLFSSL_API int wc_SetSubjectBuffer(Cert*, const byte*, int); WOLFSSL_API int wc_SetSubjectBuffer(Cert*, const byte*, int);
WOLFSSL_API int wc_SetAltNamesBuffer(Cert*, const byte*, int); WOLFSSL_API int wc_SetAltNamesBuffer(Cert*, const byte*, int);
WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int); WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int);
#ifdef WOLFSSL_CERT_EXT #ifdef WOLFSSL_CERT_EXT
WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey_ex(Cert *cert, int keyType, WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey_ex(Cert *cert, int keyType,
@@ -319,7 +333,7 @@ WOLFSSL_API int wc_SetExtKeyUsageOID(Cert *cert, const char *oid, word32 sz,
#endif /* WOLFSSL_CERT_EXT */ #endif /* WOLFSSL_CERT_EXT */
#ifdef HAVE_NTRU #ifdef HAVE_NTRU
WOLFSSL_API int wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz, WOLFSSL_API int wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz,
const byte* ntruKey, word16 keySz, const byte* ntruKey, word16 keySz,
WC_RNG*); WC_RNG*);
#endif #endif
@@ -342,14 +356,15 @@ WOLFSSL_API int wc_SetExtKeyUsageOID(Cert *cert, const char *oid, word32 sz,
#endif /* WOLFSSL_PEMPUBKEY_TODER_DEFINED */ #endif /* WOLFSSL_PEMPUBKEY_TODER_DEFINED */
#endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */ #endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */
#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) || !defined(NO_DSA) \ #ifdef WOLFSSL_DER_TO_PEM
|| defined(OPENSSL_EXTRA)
WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output, WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output,
word32 outputSz, int type); word32 outputSz, int type);
WOLFSSL_API int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, WOLFSSL_API int wc_DerToPemEx(const byte* der, word32 derSz, byte* output,
word32 outputSz, byte *cipherIno, int type); word32 outputSz, byte *cipherIno, int type);
#endif #endif
WOLFSSL_API int wc_PemGetHeaderFooter(int type, const char** header,
const char** footer);
WOLFSSL_API int wc_PemToDer(const unsigned char* buff, long longSz, int type, WOLFSSL_API int wc_PemToDer(const unsigned char* buff, long longSz, int type,
DerBuffer** pDer, void* heap, EncryptedInfo* info, int* eccKey); DerBuffer** pDer, void* heap, EncryptedInfo* info, int* eccKey);
@@ -423,6 +438,12 @@ WOLFSSL_API int wc_CreatePKCS8Key(byte* out, word32* outSz,
*/ */
WOLFSSL_API int wc_GetTime(void* timePtr, word32 timeSize); WOLFSSL_API int wc_GetTime(void* timePtr, word32 timeSize);
#ifdef WOLFSSL_ENCRYPTED_KEYS
WOLFSSL_API int wc_EncryptedInfoGet(EncryptedInfo* info,
const char* cipherInfo);
#endif
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */
#endif #endif

7
wolfssl/wolfcrypt/des3.h
View File

@@ -48,8 +48,13 @@
enum { enum {
DES_ENC_TYPE = 2, /* cipher unique type */ DES_ENC_TYPE = 2, /* cipher unique type */
DES3_ENC_TYPE = 3, /* cipher unique type */ DES3_ENC_TYPE = 3, /* cipher unique type */
DES_BLOCK_SIZE = 8, DES_BLOCK_SIZE = 8,
DES_KS_SIZE = 32, DES_KS_SIZE = 32, /* internal DES key buffer size */
DES_KEY_SIZE = 8, /* des */
DES3_KEY_SIZE = 24, /* 3 des ede */
DES_IV_SIZE = DES_BLOCK_SIZE,
DES_ENCRYPTION = 0, DES_ENCRYPTION = 0,
DES_DECRYPTION = 1 DES_DECRYPTION = 1

10
wolfssl/wolfcrypt/hash.h
View File

@@ -95,22 +95,31 @@ typedef union {
Note if this gets up to the size of 80 or over check smallstack build */ Note if this gets up to the size of 80 or over check smallstack build */
#if defined(WOLFSSL_SHA3) #if defined(WOLFSSL_SHA3)
#define WC_MAX_DIGEST_SIZE WC_SHA3_512_DIGEST_SIZE #define WC_MAX_DIGEST_SIZE WC_SHA3_512_DIGEST_SIZE
#define WC_MAX_BLOCK_SIZE WC_SHA3_224_BLOCK_SIZE /* 224 is the largest block size */
#elif defined(WOLFSSL_SHA512) #elif defined(WOLFSSL_SHA512)
#define WC_MAX_DIGEST_SIZE WC_SHA512_DIGEST_SIZE #define WC_MAX_DIGEST_SIZE WC_SHA512_DIGEST_SIZE
#define WC_MAX_BLOCK_SIZE WC_SHA512_BLOCK_SIZE
#elif defined(HAVE_BLAKE2) #elif defined(HAVE_BLAKE2)
#define WC_MAX_DIGEST_SIZE BLAKE2B_OUTBYTES #define WC_MAX_DIGEST_SIZE BLAKE2B_OUTBYTES
#define WC_MAX_BLOCK_SIZE BLAKE2B_BLOCKBYTES
#elif defined(WOLFSSL_SHA384) #elif defined(WOLFSSL_SHA384)
#define WC_MAX_DIGEST_SIZE WC_SHA384_DIGEST_SIZE #define WC_MAX_DIGEST_SIZE WC_SHA384_DIGEST_SIZE
#define WC_MAX_BLOCK_SIZE WC_SHA384_BLOCK_SIZE
#elif !defined(NO_SHA256) #elif !defined(NO_SHA256)
#define WC_MAX_DIGEST_SIZE WC_SHA256_DIGEST_SIZE #define WC_MAX_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
#define WC_MAX_BLOCK_SIZE WC_SHA256_BLOCK_SIZE
#elif defined(WOLFSSL_SHA224) #elif defined(WOLFSSL_SHA224)
#define WC_MAX_DIGEST_SIZE WC_SHA224_DIGEST_SIZE #define WC_MAX_DIGEST_SIZE WC_SHA224_DIGEST_SIZE
#define WC_MAX_BLOCK_SIZE WC_SHA224_BLOCK_SIZE
#elif !defined(NO_SHA) #elif !defined(NO_SHA)
#define WC_MAX_DIGEST_SIZE WC_SHA_DIGEST_SIZE #define WC_MAX_DIGEST_SIZE WC_SHA_DIGEST_SIZE
#define WC_MAX_BLOCK_SIZE WC_SHA_BLOCK_SIZE
#elif !defined(NO_MD5) #elif !defined(NO_MD5)
#define WC_MAX_DIGEST_SIZE WC_MD5_DIGEST_SIZE #define WC_MAX_DIGEST_SIZE WC_MD5_DIGEST_SIZE
#define WC_MAX_BLOCK_SIZE WC_MD5_BLOCK_SIZE
#else #else
#define WC_MAX_DIGEST_SIZE 64 /* default to max size of 64 */ #define WC_MAX_DIGEST_SIZE 64 /* default to max size of 64 */
#define WC_MAX_BLOCK_SIZE 128
#endif #endif
#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
@@ -118,6 +127,7 @@ WOLFSSL_API int wc_HashGetOID(enum wc_HashType hash_type);
#endif #endif
WOLFSSL_API int wc_HashGetDigestSize(enum wc_HashType hash_type); WOLFSSL_API int wc_HashGetDigestSize(enum wc_HashType hash_type);
WOLFSSL_API int wc_HashGetBlockSize(enum wc_HashType hash_type);
WOLFSSL_API int wc_Hash(enum wc_HashType hash_type, WOLFSSL_API int wc_Hash(enum wc_HashType hash_type,
const byte* data, word32 data_len, const byte* data, word32 data_len,
byte* hash, word32 hash_len); byte* hash, word32 hash_len);

38
wolfssl/wolfcrypt/hmac.h
View File

@@ -83,38 +83,18 @@ enum {
WC_SHA3_256 = 11, WC_SHA3_256 = 11,
WC_SHA3_384 = 12, WC_SHA3_384 = 12,
WC_SHA3_512 = 13, WC_SHA3_512 = 13,
#else
/* These values are used for HMAC, not SHA-3 directly.
* They come from from FIPS PUB 202. */
WC_SHA3_224_BLOCK_SIZE = 144,
WC_SHA3_256_BLOCK_SIZE = 136,
WC_SHA3_384_BLOCK_SIZE = 104,
WC_SHA3_512_BLOCK_SIZE = 72,
#endif
/* Select the largest available hash for the buffer size. */
#if defined(WOLFSSL_SHA3)
WC_HMAC_BLOCK_SIZE = WC_SHA3_224_BLOCK_SIZE
/* SHA3-224 has the largest block size */
#elif defined(WOLFSSL_SHA512)
WC_HMAC_BLOCK_SIZE = WC_SHA512_BLOCK_SIZE,
#elif defined(HAVE_BLAKE2)
WC_HMAC_BLOCK_SIZE = BLAKE2B_BLOCKBYTES,
#elif defined(WOLFSSL_SHA384)
WC_HMAC_BLOCK_SIZE = WC_SHA384_BLOCK_SIZE
#elif !defined(NO_SHA256)
WC_HMAC_BLOCK_SIZE = WC_SHA256_BLOCK_SIZE
#elif defined(WOLFSSL_SHA224)
WC_HMAC_BLOCK_SIZE = WC_SHA224_BLOCK_SIZE
#elif !defined(NO_SHA)
WC_HMAC_BLOCK_SIZE = WC_SHA_BLOCK_SIZE,
#elif !defined(NO_MD5)
WC_HMAC_BLOCK_SIZE = WC_MD5_BLOCK_SIZE,
#else
#error "You have to have some kind of hash if you want to use HMAC."
#endif #endif
}; };
/* Select the largest available hash for the buffer size. */
#define WC_HMAC_BLOCK_SIZE WC_MAX_BLOCK_SIZE
#if !defined(WOLFSSL_SHA3) && !defined(WOLFSSL_SHA512) && !defined(HAVE_BLAKE2) && \
!defined(WOLFSSL_SHA384) && defined(NO_SHA256) && defined(WOLFSSL_SHA224) && \
defined(NO_SHA) && defined(NO_MD5)
#error "You have to have some kind of hash if you want to use HMAC."
#endif
/* hash union */ /* hash union */
typedef union { typedef union {

15
wolfssl/wolfcrypt/pwdbased.h
View File

@@ -30,11 +30,6 @@
#ifndef NO_PWDBASED #ifndef NO_PWDBASED
#ifndef NO_MD5
#include <wolfssl/wolfcrypt/md5.h> /* for hash type */
#endif
#include <wolfssl/wolfcrypt/sha.h>
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
@@ -44,6 +39,10 @@
* hashType renamed to typeH to avoid shadowing global declaration here: * hashType renamed to typeH to avoid shadowing global declaration here:
* wolfssl/wolfcrypt/asn.h line 173 in enum Oid_Types * wolfssl/wolfcrypt/asn.h line 173 in enum Oid_Types
*/ */
WOLFSSL_API int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen,
const byte* passwd, int passwdLen,
const byte* salt, int saltLen, int iterations,
int hashType, void* heap);
WOLFSSL_API int wc_PBKDF1(byte* output, const byte* passwd, int pLen, WOLFSSL_API int wc_PBKDF1(byte* output, const byte* passwd, int pLen,
const byte* salt, int sLen, int iterations, int kLen, const byte* salt, int sLen, int iterations, int kLen,
int typeH); int typeH);
@@ -63,12 +62,6 @@ WOLFSSL_API int wc_scrypt(byte* output, const byte* passwd, int passLen,
int blockSize, int parallel, int dkLen); int blockSize, int parallel, int dkLen);
#endif #endif
/* helper functions */
WOLFSSL_LOCAL int GetDigestSize(int typeH);
WOLFSSL_LOCAL int GetPKCS12HashSizes(int typeH, word32* v, word32* u);
WOLFSSL_LOCAL int DoPKCS12Hash(int typeH, byte* buffer, word32 totalLen,
byte* Ai, word32 u, int iterations);
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */

17
wolfssl/wolfcrypt/settings.h
View File

@@ -1652,6 +1652,23 @@ extern void uITRON4_free(void *p) ;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
/* support for encrypted keys */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
defined(HAVE_WEBSERVER)
#undef WOLFSSL_ENCRYPTED_KEYS
#define WOLFSSL_ENCRYPTED_KEYS
/* requires PWDBASED */
#undef NO_PWDBASED
#endif
/* support for converting DER to PEM */
#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) || \
defined(OPENSSL_EXTRA)
#undef WOLFSSL_DER_TO_PEM
#define WOLFSSL_DER_TO_PEM
#endif
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */
#endif #endif

9
wolfssl/wolfcrypt/sha3.h
View File

@@ -58,7 +58,14 @@ enum {
SHA3_512 = 13, /* hash type unique */ SHA3_512 = 13, /* hash type unique */
SHA3_512_DIGEST_SIZE = 64, SHA3_512_DIGEST_SIZE = 64,
SHA3_512_COUNT = 9 SHA3_512_COUNT = 9,
/* These values are used for HMAC, not SHA-3 directly.
* They come from from FIPS PUB 202. */
WC_SHA3_224_BLOCK_SIZE = 144,
WC_SHA3_256_BLOCK_SIZE = 136,
WC_SHA3_384_BLOCK_SIZE = 104,
WC_SHA3_512_BLOCK_SIZE = 72,
}; };
#define WC_SHA3_224 SHA3_224 #define WC_SHA3_224 SHA3_224

73
wolfssl/wolfcrypt/wc_encrypt.h
View File

@@ -33,31 +33,76 @@
extern "C" { extern "C" {
#endif #endif
enum CipherTypes {
WC_CIPHER_NONE,
#ifndef NO_AES #ifndef NO_AES
WOLFSSL_API int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz, #ifdef HAVE_AES_CBC
const byte* key, word32 keySz, WC_CIPHER_AES_CBC,
const byte* iv); #endif
WOLFSSL_API int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz, #ifdef HAVE_AESGCM
const byte* key, word32 keySz, WC_CIPHER_AES_GCM,
const byte* iv); #endif
#ifdef WOLFSSL_AES_COUNTER
WC_CIPHER_AES_CTR,
#endif
#ifdef WOLFSSL_AES_XTS
WC_CIPHER_AES_XTS,
#endif
#ifdef WOLFSSL_AES_CFB
WC_CIPHER_AES_CFB,
#endif
#endif
#ifndef NO_DES3
WC_CIPHER_DES3,
#endif
#ifndef NO_DES
WC_CIPHER_DES,
#endif
#ifdef HAVE_CHAHCA
WC_CIPHER_CHACHA,
#endif
#ifdef HAVE_HC128
WC_CIPHER_HC128,
#endif
};
#ifndef NO_AES
WOLFSSL_API int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
const byte* key, word32 keySz,
const byte* iv);
WOLFSSL_API int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
const byte* key, word32 keySz,
const byte* iv);
#endif /* !NO_AES */ #endif /* !NO_AES */
#ifndef NO_DES3 #ifndef NO_DES3
WOLFSSL_API int wc_Des_CbcDecryptWithKey(byte* out, WOLFSSL_API int wc_Des_CbcDecryptWithKey(byte* out,
const byte* in, word32 sz,
const byte* key, const byte* iv);
WOLFSSL_API int wc_Des_CbcEncryptWithKey(byte* out,
const byte* in, word32 sz,
const byte* key, const byte* iv);
WOLFSSL_API int wc_Des3_CbcEncryptWithKey(byte* out,
const byte* in, word32 sz, const byte* in, word32 sz,
const byte* key, const byte* iv); const byte* key, const byte* iv);
WOLFSSL_API int wc_Des_CbcEncryptWithKey(byte* out, WOLFSSL_API int wc_Des3_CbcDecryptWithKey(byte* out,
const byte* in, word32 sz, const byte* in, word32 sz,
const byte* key, const byte* iv); const byte* key, const byte* iv);
WOLFSSL_API int wc_Des3_CbcEncryptWithKey(byte* out,
const byte* in, word32 sz,
const byte* key, const byte* iv);
WOLFSSL_API int wc_Des3_CbcDecryptWithKey(byte* out,
const byte* in, word32 sz,
const byte* key, const byte* iv);
#endif /* !NO_DES3 */ #endif /* !NO_DES3 */
#ifdef WOLFSSL_ENCRYPTED_KEYS
struct EncryptedInfo;
WOLFSSL_API int wc_BufferKeyDecrypt(struct EncryptedInfo* info, byte* der, word32 derSz,
const byte* password, int passwordSz);
WOLFSSL_API int wc_BufferKeyEncrypt(struct EncryptedInfo* info, byte* der, word32 derSz,
const byte* password, int passwordSz);
#endif /* WOLFSSL_ENCRYPTED_KEYS */
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */
#endif #endif