From 40ef246b1f6e4c3e80c538f8398b306044e633f5 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Mon, 24 Sep 2018 16:42:12 -0600 Subject: [PATCH] add CMS AuthEnvelopedData support for unauthAttrs --- .gitignore | 4 + Makefile.am | 4 + wolfcrypt/src/pkcs7.c | 117 +++++++++++++----- wolfcrypt/test/test.c | 247 ++++++++++++++++++++++++++------------ wolfssl/wolfcrypt/pkcs7.h | 10 ++ 5 files changed, 276 insertions(+), 106 deletions(-) diff --git a/.gitignore b/.gitignore index 538acaa5b..3f53b13af 100644 --- a/.gitignore +++ b/.gitignore @@ -109,6 +109,10 @@ pkcs7authEnvelopedDataAES128GCM_PWRI.der pkcs7authEnvelopedDataAES192GCM.der pkcs7authEnvelopedDataAES256GCM.der pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF.der +pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_authAttribs.der +pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_bothAttribs.der +pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_fw_bothAttribs.der +pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_unauthAttribs.der pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF.der pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der pkcs7authEnvelopedDataAES256GCM_firmwarePkgData.der diff --git a/Makefile.am b/Makefile.am index 6213db8f5..1f3923e68 100644 --- a/Makefile.am +++ b/Makefile.am @@ -47,6 +47,10 @@ CLEANFILES+= cert.der \ pkcs7authEnvelopedDataAES192GCM.der \ pkcs7authEnvelopedDataAES256GCM.der \ pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF.der \ + pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_authAttribs.der \ + pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_bothAttribs.der \ + pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_fw_bothAttribs.der \ + pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_unauthAttribs.der \ pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF.der \ pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der \ pkcs7authEnvelopedDataAES256GCM_firmwarePkgData.der \ diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 5148e81b1..92b2041fc 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -7119,15 +7119,25 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, byte macInt[MAX_VERSION_SZ]; word32 nonceSz, macIntSz; + /* authAttribs */ byte* flatAuthAttribs = NULL; - word32 flatAuthAttribsSz = 0; + byte authAttribSet[MAX_SET_SZ]; + EncodedAttrib authAttribs[MAX_AUTH_ATTRIBS_SZ]; + word32 authAttribsSz = 0, authAttribsCount = 0; + word32 authAttribsSetSz = 0; + byte* aadBuffer = NULL; word32 aadBufferSz = 0; - byte authAttribSet[MAX_SET_SZ]; byte authAttribAadSet[MAX_SET_SZ]; - EncodedAttrib authAttribs[MAX_SIGNED_ATTRIBS_SZ]; - word32 authAttribsSz = 0, authAttribsCount = 0; - word32 authAttribsSetSz = 0, authAttribsAadSetSz = 0; + word32 authAttribsAadSetSz = 0; + + /* unauthAttribs */ + byte* flatUnauthAttribs = NULL; + byte unauthAttribSet[MAX_SET_SZ]; + EncodedAttrib unauthAttribs[MAX_UNAUTH_ATTRIBS_SZ]; + word32 unauthAttribsSz = 0, unauthAttribsCount = 0; + word32 unauthAttribsSetSz = 0; + PKCS7Attrib contentTypeAttrib; byte contentTypeValue[MAX_OID_SZ]; @@ -7233,12 +7243,13 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, return ret; ret = wc_PKCS7_GenerateBlock(pkcs7, &rng, nonce, nonceSz); + wc_FreeRng(&rng); if (ret != 0) { - wc_FreeRng(&rng); return ret; } - /* build up authenticated attributes (authAttrs) */ + + /* authAttribs: add contentType attrib if needed */ if (pkcs7->contentOID != DATA) { /* if type is not id-data, contentType attribute MUST be added */ @@ -7252,8 +7263,8 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, contentTypeAttrib.value = contentTypeValue; contentTypeAttrib.valueSz = ret; + /* otherwise, try to set from custom content type */ } else if (ret <= 0) { - /* try to set from custom content type */ if (pkcs7->contentType == NULL || pkcs7->contentTypeSz == 0) { WOLFSSL_MSG("CMS pkcs7->contentType must be set if " "contentOID is not"); @@ -7263,29 +7274,30 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, contentTypeAttrib.valueSz = pkcs7->contentTypeSz; } - authAttribsCount += 1; authAttribsSz += EncodeAttributes(authAttribs, 1, &contentTypeAttrib, 1); + authAttribsCount += 1; + } - /* add in user's signed attributes */ - if (pkcs7->authAttribsSz > 0) { - authAttribsCount += pkcs7->authAttribsSz; - authAttribsSz += EncodeAttributes(authAttribs + - authAttribsCount * sizeof(PKCS7Attrib), - MAX_SIGNED_ATTRIBS_SZ - authAttribsCount, - pkcs7->authAttribs, - pkcs7->authAttribsSz); - - } + /* authAttribs: add in user authenticated attributes */ + if (pkcs7->authAttribs != NULL && pkcs7->authAttribsSz > 0) { + authAttribsSz += EncodeAttributes(authAttribs + authAttribsCount, + MAX_AUTH_ATTRIBS_SZ - authAttribsCount, + pkcs7->authAttribs, + pkcs7->authAttribsSz); + authAttribsCount += pkcs7->authAttribsSz; + } + /* authAttribs: flatten authAttribs */ + if (authAttribsSz > 0 && authAttribsCount > 0) { flatAuthAttribs = (byte*)XMALLOC(authAttribsSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - flatAuthAttribsSz = authAttribsSz; if (flatAuthAttribs == NULL) { return MEMORY_E; } FlattenAttributes(flatAuthAttribs, authAttribs, authAttribsCount); + authAttribsSetSz = SetImplicit(ASN_SET, 1, authAttribsSz, authAttribSet); @@ -7295,7 +7307,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, authAttribsAadSetSz = SetSet(authAttribsSz, authAttribAadSet); /* allocate temp buffer to hold alternate attrib encoding for aad */ - aadBuffer = (byte*)XMALLOC(flatAuthAttribsSz + authAttribsAadSetSz, + aadBuffer = (byte*)XMALLOC(authAttribsSz + authAttribsAadSetSz, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); if (aadBuffer == NULL) { XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -7306,8 +7318,31 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, aadBufferSz = 0; XMEMCPY(aadBuffer + aadBufferSz, authAttribAadSet, authAttribsAadSetSz); aadBufferSz += authAttribsAadSetSz; - XMEMCPY(aadBuffer + aadBufferSz, flatAuthAttribs, flatAuthAttribsSz); - aadBufferSz += flatAuthAttribsSz; + XMEMCPY(aadBuffer + aadBufferSz, flatAuthAttribs, authAttribsSz); + aadBufferSz += authAttribsSz; + } + + /* build up unauthenticated attributes (unauthAttrs) */ + if (pkcs7->unauthAttribsSz > 0) { + unauthAttribsSz = EncodeAttributes(unauthAttribs + unauthAttribsCount, + MAX_UNAUTH_ATTRIBS_SZ - unauthAttribsCount, + pkcs7->unauthAttribs, + pkcs7->unauthAttribsSz); + unauthAttribsCount = pkcs7->unauthAttribsSz; + + flatUnauthAttribs = (byte*)XMALLOC(unauthAttribsSz, pkcs7->heap, + DYNAMIC_TYPE_PKCS7); + if (flatUnauthAttribs == NULL) { + if (aadBuffer) + XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (flatAuthAttribs) + XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + return MEMORY_E; + } + + FlattenAttributes(flatUnauthAttribs, unauthAttribs, unauthAttribsCount); + unauthAttribsSetSz = SetImplicit(ASN_SET, 2, unauthAttribsSz, + unauthAttribSet); } /* allocate encrypted content buffer */ @@ -7315,6 +7350,10 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, encryptedContent = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (encryptedContent == NULL) { + if (aadBuffer) + XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (flatUnauthAttribs) + XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (flatAuthAttribs) XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return MEMORY_E; @@ -7325,10 +7364,14 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, pkcs7->cekSz, nonce, nonceSz, aadBuffer, aadBufferSz, authTag, sizeof(authTag), pkcs7->content, encryptedOutSz, encryptedContent); - if (aadBuffer) + if (aadBuffer) { XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + aadBuffer = NULL; + } if (ret != 0) { + if (flatUnauthAttribs) + XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (flatAuthAttribs) XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -7339,6 +7382,8 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, ret = wc_SetContentType(pkcs7->contentOID, contentType, sizeof(contentType)); if (ret < 0) { + if (flatUnauthAttribs) + XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (flatAuthAttribs) XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -7361,6 +7406,8 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, macIntSz); if (contentEncAlgoSz == 0) { + if (flatUnauthAttribs) + XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (flatAuthAttribs) XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -7380,8 +7427,9 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, /* keep track of sizes for outer wrapper layering */ totalSz = verSz + recipSetSz + recipSz + encContentSeqSz + contentTypeSz + contentEncAlgoSz + nonceOctetStringSz + nonceSz + macIntSz + - encContentOctetSz + encryptedOutSz + flatAuthAttribsSz + - authAttribsSetSz + macOctetStringSz + sizeof(authTag); + encContentOctetSz + encryptedOutSz + authAttribsSz + + authAttribsSetSz + macOctetStringSz + sizeof(authTag) + + unauthAttribsSz + unauthAttribsSetSz; /* EnvelopedData */ envDataSeqSz = SetSequence(totalSz, envDataSeq); @@ -7398,6 +7446,8 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, if (totalSz > (int)outputSz) { WOLFSSL_MSG("Pkcs7_encrypt output buffer too small"); + if (flatUnauthAttribs) + XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (flatAuthAttribs) XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -7442,11 +7492,11 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, idx += encryptedOutSz; /* authenticated attributes */ - if (flatAuthAttribsSz > 0) { + if (authAttribsSz > 0) { XMEMCPY(output + idx, authAttribSet, authAttribsSetSz); idx += authAttribsSetSz; - XMEMCPY(output + idx, flatAuthAttribs, flatAuthAttribsSz); - idx += flatAuthAttribsSz; + XMEMCPY(output + idx, flatAuthAttribs, authAttribsSz); + idx += authAttribsSz; XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); } @@ -7455,6 +7505,15 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, XMEMCPY(output + idx, authTag, sizeof(authTag)); idx += sizeof(authTag); + /* unauthenticated attributes */ + if (unauthAttribsSz > 0) { + XMEMCPY(output + idx, unauthAttribSet, unauthAttribsSetSz); + idx += unauthAttribsSetSz; + XMEMCPY(output + idx, flatUnauthAttribs, unauthAttribsSz); + idx += unauthAttribsSz; + XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + } + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return idx; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 5b62589d7..5e5a653ae 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -19529,8 +19529,10 @@ typedef struct { size_t certSz; byte* privateKey; word32 privateKeySz; - PKCS7Attrib* signedAttribs; - word32 signedAttribsSz; + PKCS7Attrib* authAttribs; + word32 authAttribsSz; + PKCS7Attrib* unauthAttribs; + word32 unauthAttribsSz; /* KARI / KTRI specific */ byte* optionalUkm; @@ -19579,6 +19581,7 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, byte enveloped[2048]; byte decoded[2048]; + WC_RNG rng; PKCS7* pkcs7; #ifdef PKCS7_OUTPUT_TEST_BUNDLES FILE* pkcs7File; @@ -19589,6 +19592,17 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, 0x72,0x6c,0x64 }; + static byte senderNonceOid[] = + { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, + 0x09, 0x05 }; + static byte senderNonce[PKCS7_NONCE_SZ + 2]; + + PKCS7Attrib attribs[] = + { + { senderNonceOid, sizeof(senderNonceOid), senderNonce, + sizeof(senderNonce) } + }; + #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \ defined(WOLFSSL_SHA512) byte optionalUkm[] = { @@ -19624,37 +19638,38 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, #if !defined(NO_AES) && defined(HAVE_AESGCM) #ifdef WOLFSSL_AES_128 {data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, - NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, - "pkcs7authEnvelopedDataAES128GCM.der"}, + rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, + NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, + 0, 0, "pkcs7authEnvelopedDataAES128GCM.der"}, #endif #ifdef WOLFSSL_AES_192 {data, (word32)sizeof(data), DATA, AES192GCMb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, - NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, - "pkcs7authEnvelopedDataAES192GCM.der"}, + rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, + NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, + 0, 0, "pkcs7authEnvelopedDataAES192GCM.der"}, #endif #ifdef WOLFSSL_AES_256 {data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, - NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, - "pkcs7authEnvelopedDataAES256GCM.der"}, + rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, + NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, + 0, 0, "pkcs7authEnvelopedDataAES256GCM.der"}, /* test with contentType set to FirmwarePkgData */ {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, 0, 0, - rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, 0, 0, - NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, - 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES256GCM_firmwarePkgData.der"}, + rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, + 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, + 0, 0, 0, 0, 0, 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_firmwarePkgData.der"}, /* explicitly using SKID for SubjectKeyIdentifier */ {data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, CMS_SKID, 0, NULL, 0, - NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, - 0, 0, "pkcs7authEnvelopedDataAES256GCM_SKID.der"}, + rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, CMS_SKID, 0, + NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, + 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES256GCM_SKID.der"}, /* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */ {data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, + rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, CMS_ISSUER_AND_SERIAL_NUMBER, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES256GCM_IANDS.der"}, @@ -19668,32 +19683,70 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) {data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, - 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, + eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, + NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES128GCM_ECDH_SHA1KDF.der"}, #endif #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256) {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, - NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, + eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, + NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF.der"}, + + /* with authenticated attributes */ + {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, + dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), + NULL, 0, NULL, 0, 0, 0, NULL, 0, + NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, + 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_authAttribs.der"}, + + /* with unauthenticated attributes */ + {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, + dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, NULL, 0, attribs, + (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0, NULL, 0, + NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, + 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_unauthAttribs.der"}, + + /* with authenticated AND unauthenticated attributes */ + {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, + dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), + attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0, + NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, + 0, 0, 0, 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_bothAttribs.der"}, + + /* with authenticated AND unauthenticated attributes AND + * contentType of FirmwarePkgData */ + {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, AES256_WRAP, + dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), + attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0, + NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, + 0, 0, 0, 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_fw_bothAttribs.der"}, #endif /* NO_SHA256 && WOLFSSL_AES_256 */ #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256) {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, - NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, + eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, + NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF.der"}, /* with optional user keying material (ukm) */ {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, NULL, 0, optionalUkm, sizeof(optionalUkm), 0, 0, NULL, 0, - NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, - 0, 0, "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der"}, + eccPrivKeySz, NULL, 0, NULL, 0, optionalUkm, sizeof(optionalUkm), 0, + 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, + 0, 0, 0, 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der"}, #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */ #endif /* NO_AES */ #endif @@ -19702,9 +19755,9 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, #if !defined(NO_AES) && defined(HAVE_AESGCM) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) {data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, 0, - NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, secretKey, sizeof(secretKey), - secretKeyId, sizeof(secretKeyId), NULL, NULL, 0, NULL, 0, - 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, + NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, + secretKey, sizeof(secretKey), secretKeyId, sizeof(secretKeyId), + NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES128GCM_KEKRI.der"}, #endif #endif @@ -19713,7 +19766,7 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) {data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, - NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, + NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, password, (word32)XSTRLEN(password), salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5, AES128CBCb, 0, 0, 0, "pkcs7authEnvelopedDataAES128GCM_PWRI.der"}, @@ -19724,8 +19777,8 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, #ifdef WOLFSSL_AES_128 /* ori (OtherRecipientInfo) recipient types */ {data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, NULL, 0, NULL, 0, - NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, - NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 1, 0, + NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, + NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 1, 0, "pkcs7authEnvelopedDataAES128GCM_ORI.der"}, #endif #endif @@ -19733,6 +19786,30 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, testSz = sizeof(testVectors) / sizeof(pkcs7AuthEnvelopedVector); + + /* generate senderNonce */ + { +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) { + return -9370; + } + + senderNonce[0] = 0x04; + senderNonce[1] = PKCS7_NONCE_SZ; + + ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ); + if (ret != 0) { + wc_FreeRng(&rng); + return -9371; + } + + wc_FreeRng(&rng); + } + for (i = 0; i < testSz; i++) { pkcs7 = wc_PKCS7_New(HEAP_HINT, #ifdef WOLFSSL_ASYNC_CRYPT @@ -19742,22 +19819,26 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, #endif ); if (pkcs7 == NULL) - return -9370; + return -9372; if (testVectors[i].secretKey != NULL) { /* KEKRI recipient type */ ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); if (ret != 0) { - return -9371; + return -9373; } - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->encryptOID = testVectors[i].encryptOID; - pkcs7->ukm = testVectors[i].optionalUkm; - pkcs7->ukmSz = testVectors[i].optionalUkmSz; + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->ukm = testVectors[i].optionalUkm; + pkcs7->ukmSz = testVectors[i].optionalUkmSz; + pkcs7->authAttribs = testVectors[i].authAttribs; + pkcs7->authAttribsSz = testVectors[i].authAttribsSz; + pkcs7->unauthAttribs = testVectors[i].unauthAttribs; + pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz; ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID, testVectors[i].secretKey, testVectors[i].secretKeySz, @@ -19768,7 +19849,7 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, if (ret < 0) { wc_PKCS7_Free(pkcs7); - return -9372; + return -9374; } /* set key, for decryption */ @@ -19777,7 +19858,7 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, if (ret != 0) { wc_PKCS7_Free(pkcs7); - return -9373; + return -9375; } } else if (testVectors[i].password != NULL) { @@ -19785,15 +19866,19 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); if (ret != 0) { - return -9374; + return -9376; } - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->encryptOID = testVectors[i].encryptOID; - pkcs7->ukm = testVectors[i].optionalUkm; - pkcs7->ukmSz = testVectors[i].optionalUkmSz; + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->ukm = testVectors[i].optionalUkm; + pkcs7->ukmSz = testVectors[i].optionalUkmSz; + pkcs7->authAttribs = testVectors[i].authAttribs; + pkcs7->authAttribsSz = testVectors[i].authAttribsSz; + pkcs7->unauthAttribs = testVectors[i].unauthAttribs; + pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz; ret = wc_PKCS7_AddRecipient_PWRI(pkcs7, (byte*)testVectors[i].password, @@ -19804,7 +19889,7 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, if (ret < 0) { wc_PKCS7_Free(pkcs7); - return -9375; + return -9377; } /* set password, for decryption */ @@ -19813,7 +19898,7 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, if (ret < 0) { wc_PKCS7_Free(pkcs7); - return -9376; + return -9378; } } else if (testVectors[i].isOri == 1) { @@ -19821,20 +19906,24 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); if (ret != 0) { - return -9377; + return -9379; } - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->authAttribs = testVectors[i].authAttribs; + pkcs7->authAttribsSz = testVectors[i].authAttribsSz; + pkcs7->unauthAttribs = testVectors[i].unauthAttribs; + pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz; ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb, testVectors[i].oriOptions); if (ret < 0) { wc_PKCS7_Free(pkcs7); - return -9378; + return -9380; } /* set decrypt callback for decryption */ @@ -19842,7 +19931,7 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, if (ret < 0) { wc_PKCS7_Free(pkcs7); - return -9379; + return -9381; } } else { @@ -19852,19 +19941,23 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, (word32)testVectors[i].certSz); if (ret != 0) { wc_PKCS7_Free(pkcs7); - return -9380; + return -9382; } - pkcs7->keyWrapOID = testVectors[i].keyWrapOID; - pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID; - pkcs7->privateKey = testVectors[i].privateKey; - pkcs7->privateKeySz = testVectors[i].privateKeySz; - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->encryptOID = testVectors[i].encryptOID; - pkcs7->ukm = testVectors[i].optionalUkm; - pkcs7->ukmSz = testVectors[i].optionalUkmSz; + pkcs7->keyWrapOID = testVectors[i].keyWrapOID; + pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID; + pkcs7->privateKey = testVectors[i].privateKey; + pkcs7->privateKeySz = testVectors[i].privateKeySz; + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->ukm = testVectors[i].optionalUkm; + pkcs7->ukmSz = testVectors[i].optionalUkmSz; + pkcs7->authAttribs = testVectors[i].authAttribs; + pkcs7->authAttribsSz = testVectors[i].authAttribsSz; + pkcs7->unauthAttribs = testVectors[i].unauthAttribs; + pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz; /* set SubjectIdentifier type for KTRI types */ if (testVectors[i].ktriOptions & CMS_SKID) { @@ -19872,7 +19965,7 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID); if (ret != 0) { wc_PKCS7_Free(pkcs7); - return -9381; + return -9383; } } else if (testVectors[i].ktriOptions & CMS_ISSUER_AND_SERIAL_NUMBER) { @@ -19881,7 +19974,7 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, CMS_ISSUER_AND_SERIAL_NUMBER); if (ret != 0) { wc_PKCS7_Free(pkcs7); - return -9382; + return -9384; } } } @@ -19891,7 +19984,7 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, sizeof(enveloped)); if (envelopedSz <= 0) { wc_PKCS7_Free(pkcs7); - return -9383; + return -9385; } /* decode envelopedData */ @@ -19900,13 +19993,13 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, sizeof(decoded)); if (decodedSz <= 0) { wc_PKCS7_Free(pkcs7); - return -9384; + return -9386; } /* test decode result */ if (XMEMCMP(decoded, data, sizeof(data)) != 0){ wc_PKCS7_Free(pkcs7); - return -9385; + return -9387; } #ifdef PKCS7_OUTPUT_TEST_BUNDLES @@ -19914,14 +20007,14 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, pkcs7File = fopen(testVectors[i].outFileName, "wb"); if (!pkcs7File) { wc_PKCS7_Free(pkcs7); - return -9386; + return -9388; } ret = (int)fwrite(enveloped, 1, envelopedSz, pkcs7File); fclose(pkcs7File); if (ret != envelopedSz) { wc_PKCS7_Free(pkcs7); - return -9387; + return -9389; } #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index 9f2d19fff..fdadba9d9 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -62,6 +62,14 @@ #define MAX_SIGNED_ATTRIBS_SZ 7 #endif +#ifndef MAX_AUTH_ATTRIBS_SZ + #define MAX_AUTH_ATTRIBS_SZ 7 +#endif + +#ifndef MAX_UNAUTH_ATTRIBS_SZ + #define MAX_UNAUTH_ATTRIBS_SZ 7 +#endif + /* PKCS#7 content types, ref RFC 2315 (Section 14) */ enum PKCS7_TYPES { PKCS7_MSG = 650, /* 1.2.840.113549.1.7 */ @@ -211,6 +219,8 @@ typedef struct PKCS7 { PKCS7Attrib* authAttribs; /* authenticated attribs */ word32 authAttribsSz; + PKCS7Attrib* unauthAttribs; /* unauthenticated attribs */ + word32 unauthAttribsSz; /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */ } PKCS7;