feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #1431 from JacobBarthelmeh/Optimizations

Browse Source 
more aes macro key size guards
This commit is contained in:
toddouska
2018-03-19 09:07:05 -07:00
committed by GitHub
parent b28c6a394f a207cae0f4
commit 7ce2efd572
4 changed files with 142 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/ssl.c
View File

@@ -29478,20 +29478,25 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
#endif /* HAVE_ECC */
/* oidBlkType */
#ifdef WOLFSSL_AES_128
case AES128CBCb:
sName = "AES-128-CBC";
type = oidBlkType;
break;
#endif
#ifdef WOLFSSL_AES_192
case AES192CBCb:
sName = "AES-192-CBC";
type = oidBlkType;
break;
#endif
#ifdef WOLFSSL_AES_256
case AES256CBCb:
sName = "AES-256-CBC";
type = oidBlkType;
break;
#endif
#ifndef NO_DES3
case NID_des:
@@ -29650,20 +29655,26 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
break;
/* oidKeyWrapType */
#ifdef WOLFSSL_AES_128
case AES128_WRAP:
sName = "AES-128 wrap";
type = oidKeyWrapType;
break;
#endif
#ifdef WOLFSSL_AES_192
case AES192_WRAP:
sName = "AES-192 wrap";
type = oidKeyWrapType;
break;
#endif
#ifdef WOLFSSL_AES_256
case AES256_WRAP:
sName = "AES-256 wrap";
type = oidKeyWrapType;
break;
#endif
/* oidCmsKeyAgreeType */
#ifndef NO_SHA
@@ -30125,16 +30136,24 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
/* oidBlkType */
case oidBlkType:
switch (oid) {
#ifdef WOLFSSL_AES_128
case AES128CBCb:
return AES128CBCb;
#endif
#ifdef WOLFSSL_AES_192
case AES192CBCb:
return AES192CBCb;
#endif
#ifdef WOLFSSL_AES_256
case AES256CBCb:
return AES256CBCb;
#endif
#ifndef NO_DES3
case DESb:
return NID_des;
case DES3b:
return NID_des3;
#endif
}
break;
@@ -30238,12 +30257,18 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
/* oidKeyWrapType */
case oidKeyWrapType:
switch (oid) {
#ifdef WOLFSSL_AES_128
case AES128_WRAP:
return AES128_WRAP;
#endif
#ifdef WOLFSSL_AES_192
case AES192_WRAP:
return AES192_WRAP;
#endif
#ifdef WOLFSSL_AES_256
case AES256_WRAP:
return AES256_WRAP;
#endif
}
break;

5
wolfcrypt/src/asn.c
View File

@@ -2431,16 +2431,21 @@ static int CheckAlgo(int first, int second, int* id, int* version)
< 0 on error */
static int CheckAlgoV2(int oid, int* id)
{
(void)id; /* not used if AES and DES3 disabled */
switch (oid) {
#ifndef NO_DES3
case DESb:
*id = PBE_SHA1_DES;
return 0;
case DES3b:
*id = PBE_SHA1_DES3;
return 0;
#endif
#ifdef WOLFSSL_AES_256
case AES256CBCb:
*id = PBE_AES256_CBC;
return 0;
#endif
default:
return ALGO_ID_E;

114
wolfcrypt/src/pkcs7.c
View File

@@ -157,9 +157,15 @@ static int wc_PKCS7_GetOIDBlockSize(int oid)
switch (oid) {
#ifndef NO_AES
#ifdef WOLFSSL_AES_128
case AES128CBCb:
#endif
#ifdef WOLFSSL_AES_192
case AES192CBCb:
#endif
#ifdef WOLFSSL_AES_256
case AES256CBCb:
#endif
blockSz = AES_BLOCK_SIZE;
break;
#endif
@@ -185,20 +191,24 @@ static int wc_PKCS7_GetOIDKeySize(int oid)
switch (oid) {
#ifndef NO_AES
#ifdef WOLFSSL_AES_128
case AES128CBCb:
case AES128_WRAP:
blockKeySz = 16;
break;
#endif
#ifdef WOLFSSL_AES_192
case AES192CBCb:
case AES192_WRAP:
blockKeySz = 24;
break;
#endif
#ifdef WOLFSSL_AES_256
case AES256CBCb:
case AES256_WRAP:
blockKeySz = 32;
break;
#endif
#endif
#ifndef NO_DES3
case DESb:
@@ -727,53 +737,68 @@ static int wc_PKCS7_SignedDataGetEncAlgoId(PKCS7* pkcs7, int* digEncAlgoId,
algoType = oidSigType;
switch (pkcs7->hashOID) {
#ifndef NO_SHA
case SHAh:
algoId = CTC_SHAwRSA;
break;
#endif
#ifdef WOLFSSL_SHA224
case SHA224h:
algoId = CTC_SHA224wRSA;
break;
#endif
#ifndef NO_SHA256
case SHA256h:
algoId = CTC_SHA256wRSA;
break;
#endif
#ifdef WOLFSSL_SHA384
case SHA384h:
algoId = CTC_SHA384wRSA;
break;
#endif
#ifdef WOLFSSL_SHA512
case SHA512h:
algoId = CTC_SHA512wRSA;
break;
#endif
}
} else if (pkcs7->publicKeyOID == ECDSAk) {
}
#ifdef HAVE_ECC
else if (pkcs7->publicKeyOID == ECDSAk) {
algoType = oidSigType;
switch (pkcs7->hashOID) {
#ifndef NO_SHA
case SHAh:
algoId = CTC_SHAwECDSA;
break;
#endif
#ifdef WOLFSSL_SHA224
case SHA224h:
algoId = CTC_SHA224wECDSA;
break;
#endif
#ifndef NO_SHA256
case SHA256h:
algoId = CTC_SHA256wECDSA;
break;
#endif
#ifdef WOLFSSL_SHA384
case SHA384h:
algoId = CTC_SHA384wECDSA;
break;
#endif
#ifdef WOLFSSL_SHA512
case SHA512h:
algoId = CTC_SHA512wECDSA;
break;
#endif
}
}
#endif /* HAVE_ECC */
if (algoId == 0) {
WOLFSSL_MSG("Invalid signature algorithm type");
@@ -2165,9 +2190,15 @@ static int wc_PKCS7_KariKeyWrap(byte* cek, word32 cekSz, byte* kek,
switch (keyWrapAlgo) {
#ifndef NO_AES
#ifdef WOLFSSL_AES_128
case AES128_WRAP:
#endif
#ifdef WOLFSSL_AES_192
case AES192_WRAP:
#endif
#ifdef WOLFSSL_AES_256
case AES256_WRAP:
#endif
if (direction == AES_ENCRYPTION) {
@@ -2669,9 +2700,15 @@ static int wc_CreateKeyAgreeRecipientInfo(PKCS7* pkcs7, const byte* cert,
/* set direction based on keyWrapAlgo */
switch (keyWrapAlgo) {
#ifndef NO_AES
#ifdef WOLFSSL_AES_128
case AES128_WRAP:
#endif
#ifdef WOLFSSL_AES_192
case AES192_WRAP:
#endif
#ifdef WOLFSSL_AES_256
case AES256_WRAP:
#endif
direction = AES_ENCRYPTION;
break;
#endif
@@ -3104,13 +3141,26 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
switch (encryptOID) {
#ifndef NO_AES
#ifdef WOLFSSL_AES_128
case AES128CBCb:
#endif
#ifdef WOLFSSL_AES_192
case AES192CBCb:
#endif
#ifdef WOLFSSL_AES_256
case AES256CBCb:
if ( (encryptOID == AES128CBCb && keySz != 16 ) ||
(encryptOID == AES192CBCb && keySz != 24 ) ||
(encryptOID == AES256CBCb && keySz != 32 ) ||
(ivSz != AES_BLOCK_SIZE) )
#endif
if (
#ifdef WOLFSSL_AES_128
(encryptOID == AES128CBCb && keySz != 16 ) ||
#endif
#ifdef WOLFSSL_AES_192
(encryptOID == AES192CBCb && keySz != 24 ) ||
#endif
#ifdef WOLFSSL_AES_256
(encryptOID == AES256CBCb && keySz != 32 ) ||
#endif
(ivSz != AES_BLOCK_SIZE) )
return BAD_FUNC_ARG;
ret = wc_AesSetKey(&aes, key, keySz, iv, AES_ENCRYPTION);
@@ -3168,13 +3218,26 @@ static int wc_PKCS7_DecryptContent(int encryptOID, byte* key, int keySz,
switch (encryptOID) {
#ifndef NO_AES
#ifdef WOLFSSL_AES_128
case AES128CBCb:
#endif
#ifdef WOLFSSL_AES_192
case AES192CBCb:
#endif
#ifdef WOLFSSL_AES_256
case AES256CBCb:
if ( (encryptOID == AES128CBCb && keySz != 16 ) ||
(encryptOID == AES192CBCb && keySz != 24 ) ||
(encryptOID == AES256CBCb && keySz != 32 ) ||
(ivSz != AES_BLOCK_SIZE) )
#endif
if (
#ifdef WOLFSSL_AES_128
(encryptOID == AES128CBCb && keySz != 16 ) ||
#endif
#ifdef WOLFSSL_AES_192
(encryptOID == AES192CBCb && keySz != 24 ) ||
#endif
#ifdef WOLFSSL_AES_256
(encryptOID == AES256CBCb && keySz != 32 ) ||
#endif
(ivSz != AES_BLOCK_SIZE) )
return BAD_FUNC_ARG;
ret = wc_AesSetKey(&aes, key, keySz, iv, AES_DECRYPTION);
@@ -4172,9 +4235,15 @@ static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
/* set direction based on key wrap algorithm */
switch (keyWrapOID) {
#ifndef NO_AES
#ifdef WOLFSSL_AES_128
case AES128_WRAP:
#endif
#ifdef WOLFSSL_AES_192
case AES192_WRAP:
#endif
#ifdef WOLFSSL_AES_256
case AES256_WRAP:
#endif
direction = AES_DECRYPTION;
break;
#endif
@@ -4402,8 +4471,11 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
return ASN_PARSE_E;
/* TODO :: make this more accurate */
if ((pkcs7->publicKeyOID == RSAk && version != 0) ||
(pkcs7->publicKeyOID == ECDSAk && version != 2)) {
if ((pkcs7->publicKeyOID == RSAk && version != 0)
#ifdef HAVE_ECC
|| (pkcs7->publicKeyOID == ECDSAk && version != 2)
#endif
) {
WOLFSSL_MSG("PKCS#7 envelopedData needs to be of version 0");
return ASN_VERSION_E;
}

19
wolfssl/wolfcrypt/asn.h
View File

@@ -263,13 +263,23 @@ enum Hash_Sum {
};
#if !defined(NO_DES3) || !defined(NO_AES)
enum Block_Sum {
#ifdef WOLFSSL_AES_128
AES128CBCb = 414,
#endif
#ifdef WOLFSSL_AES_192
AES192CBCb = 434,
#endif
#ifdef WOLFSSL_AES_256
AES256CBCb = 454,
#endif
#ifndef NO_DES3
DESb = 69,
DES3b = 652
#endif
};
#endif /* !NO_DES3 || !NO_AES */
enum Key_Sum {
@@ -281,12 +291,19 @@ enum Key_Sum {
};
#ifndef NO_AES
enum KeyWrap_Sum {
#ifdef WOLFSSL_AES_128
AES128_WRAP = 417,
#endif
#ifdef WOLFSSL_AES_192
AES192_WRAP = 437,
#endif
#ifdef WOLFSSL_AES_256
AES256_WRAP = 457
#endif
};
#endif /* !NO_AES */
enum Key_Agree {
dhSinglePass_stdDH_sha1kdf_scheme = 464,