feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #6045 from JacobBarthelmeh/PKCS7

Browse Source 
add sequence around algo parameters with authenvelop
This commit is contained in:
David Garske
2023-02-03 10:29:19 -08:00
committed by GitHub
parent 1027c0667a 9e9315f480
commit 29c884eafd
1 changed files with 34 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
wolfcrypt/src/pkcs7.c
View File

@@ -10996,7 +10996,8 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
byte authTag[AES_BLOCK_SIZE]; byte authTag[AES_BLOCK_SIZE];
byte nonce[GCM_NONCE_MID_SZ]; /* GCM nonce is larger than CCM */ byte nonce[GCM_NONCE_MID_SZ]; /* GCM nonce is larger than CCM */
byte macInt[MAX_VERSION_SZ]; byte macInt[MAX_VERSION_SZ];
word32 nonceSz = 0, macIntSz = 0; byte algoParamSeq[MAX_SEQ_SZ];
word32 nonceSz = 0, macIntSz = 0, algoParamSeqSz = 0;
/* authAttribs */ /* authAttribs */
byte* flatAuthAttribs = NULL; byte* flatAuthAttribs = NULL;
@@ -11345,12 +11346,16 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
/* put together aes-ICVlen INTEGER */ /* put together aes-ICVlen INTEGER */
macIntSz = SetMyVersion(sizeof(authTag), macInt, 0); macIntSz = SetMyVersion(sizeof(authTag), macInt, 0);
/* add nonce and icv len into parameters string RFC5084 */
algoParamSeqSz = SetSequence(nonceOctetStringSz + nonceSz + macIntSz,
algoParamSeq);
/* build up our ContentEncryptionAlgorithmIdentifier sequence, /* build up our ContentEncryptionAlgorithmIdentifier sequence,
* adding (nonceOctetStringSz + blockSz + macIntSz) for nonce OCTET STRING * adding (nonceOctetStringSz + blockSz + macIntSz) for nonce OCTET STRING
* and tag size */ * and tag size */
contentEncAlgoSz = SetAlgoID(pkcs7->encryptOID, contentEncAlgo, contentEncAlgoSz = SetAlgoID(pkcs7->encryptOID, contentEncAlgo,
oidBlkType, nonceOctetStringSz + nonceSz + oidBlkType, nonceOctetStringSz + nonceSz +
macIntSz); macIntSz + algoParamSeqSz);
if (contentEncAlgoSz == 0) { if (contentEncAlgoSz == 0) {
wc_PKCS7_FreeEncodedRecipientSet(pkcs7); wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
@@ -11367,17 +11372,17 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
encContentSeqSz = SetSequence(contentTypeSz + contentEncAlgoSz + encContentSeqSz = SetSequence(contentTypeSz + contentEncAlgoSz +
nonceOctetStringSz + nonceSz + macIntSz + nonceOctetStringSz + nonceSz + macIntSz +
encContentOctetSz + encryptedOutSz, algoParamSeqSz + encContentOctetSz +
encContentSeq); encryptedOutSz, encContentSeq);
macOctetStringSz = SetOctetString(sizeof(authTag), macOctetString); macOctetStringSz = SetOctetString(sizeof(authTag), macOctetString);
/* keep track of sizes for outer wrapper layering */ /* keep track of sizes for outer wrapper layering */
totalSz = verSz + recipSetSz + recipSz + encContentSeqSz + contentTypeSz + totalSz = verSz + recipSetSz + recipSz + encContentSeqSz + contentTypeSz +
contentEncAlgoSz + nonceOctetStringSz + nonceSz + macIntSz + contentEncAlgoSz + nonceOctetStringSz + nonceSz + macIntSz +
encContentOctetSz + encryptedOutSz + authAttribsSz + algoParamSeqSz + encContentOctetSz + encryptedOutSz +
authAttribsSetSz + macOctetStringSz + sizeof(authTag) + authAttribsSz + authAttribsSetSz + macOctetStringSz +
unauthAttribsSz + unauthAttribsSetSz; sizeof(authTag) + unauthAttribsSz + unauthAttribsSetSz;
/* EnvelopedData */ /* EnvelopedData */
envDataSeqSz = SetSequence(totalSz, envDataSeq); envDataSeqSz = SetSequence(totalSz, envDataSeq);
@@ -11429,6 +11434,8 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
idx += contentTypeSz; idx += contentTypeSz;
XMEMCPY(output + idx, contentEncAlgo, contentEncAlgoSz); XMEMCPY(output + idx, contentEncAlgo, contentEncAlgoSz);
idx += contentEncAlgoSz; idx += contentEncAlgoSz;
XMEMCPY(output + idx, algoParamSeq, algoParamSeqSz);
idx += algoParamSeqSz;
XMEMCPY(output + idx, nonceOctetString, nonceOctetStringSz); XMEMCPY(output + idx, nonceOctetString, nonceOctetStringSz);
idx += nonceOctetStringSz; idx += nonceOctetStringSz;
XMEMCPY(output + idx, nonce, nonceSz); XMEMCPY(output + idx, nonce, nonceSz);
@@ -11644,12 +11651,19 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
ret = expBlockSz; ret = expBlockSz;
} }
/* get nonce, stored in OPTIONAL parameter of AlgoID */ /* get nonce, stored in OPTIONAL parameter of AlgoID
* RFC 5084 Appendix lists GCM parameters as
* seq
* ---->octet string with nonce
* ---->aes gcm icvlen
*/
if (ret == 0 && GetASNTag(pkiMsg, &idx, &tag, pkiMsgSz) < 0) { if (ret == 0 && GetASNTag(pkiMsg, &idx, &tag, pkiMsgSz) < 0) {
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
} }
if (ret == 0 && tag != ASN_OCTET_STRING) {
if (ret == 0 && tag != (ASN_CONSTRUCTED | ASN_SEQUENCE)) {
WOLFSSL_MSG("Optional parameters is not wrapped in a sequence");
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
} }
@@ -11675,7 +11689,14 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
} }
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz; pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
#endif #endif
if (ret == 0 && GetLength(pkiMsg, &idx, &nonceSz, pkiMsgSz) < 0) { /* get length of optional parameter sequence */
if (ret == 0 && GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0) {
ret = ASN_PARSE_E;
}
/* get nonce from octet string */
if (ret == 0 &&
GetOctetString(pkiMsg, &idx, &nonceSz, pkiMsgSz) < 0) {
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
} }
@@ -11772,6 +11793,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
encryptedContentSz = pkcs7->stream->expected; encryptedContentSz = pkcs7->stream->expected;
#endif #endif
/* AES-GCM/CCM does NOT require padding for plaintext content or
* AAD inputs RFC 5084 section 3.1 and 3.2 */
encryptedContent = (byte*)XMALLOC(encryptedContentSz, pkcs7->heap, encryptedContent = (byte*)XMALLOC(encryptedContentSz, pkcs7->heap,
DYNAMIC_TYPE_PKCS7); DYNAMIC_TYPE_PKCS7);
if (ret == 0 && encryptedContent == NULL) { if (ret == 0 && encryptedContent == NULL) {