feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #1431 from JacobBarthelmeh/Optimizations

Browse Source 
more aes macro key size guards
This commit is contained in:
toddouska
2018-03-19 09:07:05 -07:00
committed by GitHub
parent b28c6a394f a207cae0f4
commit 7ce2efd572
4 changed files with 142 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/ssl.c
View File

@@ -29478,20 +29478,25 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
/* oidBlkType */ /* oidBlkType */
#ifdef WOLFSSL_AES_128
case AES128CBCb: case AES128CBCb:
sName = "AES-128-CBC"; sName = "AES-128-CBC";
type = oidBlkType; type = oidBlkType;
break; break;
#endif
#ifdef WOLFSSL_AES_192
case AES192CBCb: case AES192CBCb:
sName = "AES-192-CBC"; sName = "AES-192-CBC";
type = oidBlkType; type = oidBlkType;
break; break;
#endif
#ifdef WOLFSSL_AES_256
case AES256CBCb: case AES256CBCb:
sName = "AES-256-CBC"; sName = "AES-256-CBC";
type = oidBlkType; type = oidBlkType;
break; break;
#endif
#ifndef NO_DES3 #ifndef NO_DES3
case NID_des: case NID_des:
@@ -29650,20 +29655,26 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
break; break;
/* oidKeyWrapType */ /* oidKeyWrapType */
#ifdef WOLFSSL_AES_128
case AES128_WRAP: case AES128_WRAP:
sName = "AES-128 wrap"; sName = "AES-128 wrap";
type = oidKeyWrapType; type = oidKeyWrapType;
break; break;
#endif
#ifdef WOLFSSL_AES_192
case AES192_WRAP: case AES192_WRAP:
sName = "AES-192 wrap"; sName = "AES-192 wrap";
type = oidKeyWrapType; type = oidKeyWrapType;
break; break;
#endif
#ifdef WOLFSSL_AES_256
case AES256_WRAP: case AES256_WRAP:
sName = "AES-256 wrap"; sName = "AES-256 wrap";
type = oidKeyWrapType; type = oidKeyWrapType;
break; break;
#endif
/* oidCmsKeyAgreeType */ /* oidCmsKeyAgreeType */
#ifndef NO_SHA #ifndef NO_SHA
@@ -30125,16 +30136,24 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
/* oidBlkType */ /* oidBlkType */
case oidBlkType: case oidBlkType:
switch (oid) { switch (oid) {
#ifdef WOLFSSL_AES_128
case AES128CBCb: case AES128CBCb:
return AES128CBCb; return AES128CBCb;
#endif
#ifdef WOLFSSL_AES_192
case AES192CBCb: case AES192CBCb:
return AES192CBCb; return AES192CBCb;
#endif
#ifdef WOLFSSL_AES_256
case AES256CBCb: case AES256CBCb:
return AES256CBCb; return AES256CBCb;
#endif
#ifndef NO_DES3
case DESb: case DESb:
return NID_des; return NID_des;
case DES3b: case DES3b:
return NID_des3; return NID_des3;
#endif
} }
break; break;
@@ -30238,12 +30257,18 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
/* oidKeyWrapType */ /* oidKeyWrapType */
case oidKeyWrapType: case oidKeyWrapType:
switch (oid) { switch (oid) {
#ifdef WOLFSSL_AES_128
case AES128_WRAP: case AES128_WRAP:
return AES128_WRAP; return AES128_WRAP;
#endif
#ifdef WOLFSSL_AES_192
case AES192_WRAP: case AES192_WRAP:
return AES192_WRAP; return AES192_WRAP;
#endif
#ifdef WOLFSSL_AES_256
case AES256_WRAP: case AES256_WRAP:
return AES256_WRAP; return AES256_WRAP;
#endif
} }
break; break;

5
wolfcrypt/src/asn.c
View File

@@ -2431,16 +2431,21 @@ static int CheckAlgo(int first, int second, int* id, int* version)
< 0 on error */ < 0 on error */
static int CheckAlgoV2(int oid, int* id) static int CheckAlgoV2(int oid, int* id)
{ {
(void)id; /* not used if AES and DES3 disabled */
switch (oid) { switch (oid) {
#ifndef NO_DES3
case DESb: case DESb:
*id = PBE_SHA1_DES; *id = PBE_SHA1_DES;
return 0; return 0;
case DES3b: case DES3b:
*id = PBE_SHA1_DES3; *id = PBE_SHA1_DES3;
return 0; return 0;
#endif
#ifdef WOLFSSL_AES_256
case AES256CBCb: case AES256CBCb:
*id = PBE_AES256_CBC; *id = PBE_AES256_CBC;
return 0; return 0;
#endif
default: default:
return ALGO_ID_E; return ALGO_ID_E;

102
wolfcrypt/src/pkcs7.c
View File

@@ -157,9 +157,15 @@ static int wc_PKCS7_GetOIDBlockSize(int oid)
switch (oid) { switch (oid) {
#ifndef NO_AES #ifndef NO_AES
#ifdef WOLFSSL_AES_128
case AES128CBCb: case AES128CBCb:
#endif
#ifdef WOLFSSL_AES_192
case AES192CBCb: case AES192CBCb:
#endif
#ifdef WOLFSSL_AES_256
case AES256CBCb: case AES256CBCb:
#endif
blockSz = AES_BLOCK_SIZE; blockSz = AES_BLOCK_SIZE;
break; break;
#endif #endif
@@ -185,20 +191,24 @@ static int wc_PKCS7_GetOIDKeySize(int oid)
switch (oid) { switch (oid) {
#ifndef NO_AES #ifndef NO_AES
#ifdef WOLFSSL_AES_128
case AES128CBCb: case AES128CBCb:
case AES128_WRAP: case AES128_WRAP:
blockKeySz = 16; blockKeySz = 16;
break; break;
#endif
#ifdef WOLFSSL_AES_192
case AES192CBCb: case AES192CBCb:
case AES192_WRAP: case AES192_WRAP:
blockKeySz = 24; blockKeySz = 24;
break; break;
#endif
#ifdef WOLFSSL_AES_256
case AES256CBCb: case AES256CBCb:
case AES256_WRAP: case AES256_WRAP:
blockKeySz = 32; blockKeySz = 32;
break; break;
#endif
#endif #endif
#ifndef NO_DES3 #ifndef NO_DES3
case DESb: case DESb:
@@ -727,53 +737,68 @@ static int wc_PKCS7_SignedDataGetEncAlgoId(PKCS7* pkcs7, int* digEncAlgoId,
algoType = oidSigType; algoType = oidSigType;
switch (pkcs7->hashOID) { switch (pkcs7->hashOID) {
#ifndef NO_SHA
case SHAh: case SHAh:
algoId = CTC_SHAwRSA; algoId = CTC_SHAwRSA;
break; break;
#endif
#ifdef WOLFSSL_SHA224
case SHA224h: case SHA224h:
algoId = CTC_SHA224wRSA; algoId = CTC_SHA224wRSA;
break; break;
#endif
#ifndef NO_SHA256
case SHA256h: case SHA256h:
algoId = CTC_SHA256wRSA; algoId = CTC_SHA256wRSA;
break; break;
#endif
#ifdef WOLFSSL_SHA384
case SHA384h: case SHA384h:
algoId = CTC_SHA384wRSA; algoId = CTC_SHA384wRSA;
break; break;
#endif
#ifdef WOLFSSL_SHA512
case SHA512h: case SHA512h:
algoId = CTC_SHA512wRSA; algoId = CTC_SHA512wRSA;
break; break;
#endif
} }
} else if (pkcs7->publicKeyOID == ECDSAk) { }
#ifdef HAVE_ECC
else if (pkcs7->publicKeyOID == ECDSAk) {
algoType = oidSigType; algoType = oidSigType;
switch (pkcs7->hashOID) { switch (pkcs7->hashOID) {
#ifndef NO_SHA
case SHAh: case SHAh:
algoId = CTC_SHAwECDSA; algoId = CTC_SHAwECDSA;
break; break;
#endif
#ifdef WOLFSSL_SHA224
case SHA224h: case SHA224h:
algoId = CTC_SHA224wECDSA; algoId = CTC_SHA224wECDSA;
break; break;
#endif
#ifndef NO_SHA256
case SHA256h: case SHA256h:
algoId = CTC_SHA256wECDSA; algoId = CTC_SHA256wECDSA;
break; break;
#endif
#ifdef WOLFSSL_SHA384
case SHA384h: case SHA384h:
algoId = CTC_SHA384wECDSA; algoId = CTC_SHA384wECDSA;
break; break;
#endif
#ifdef WOLFSSL_SHA512
case SHA512h: case SHA512h:
algoId = CTC_SHA512wECDSA; algoId = CTC_SHA512wECDSA;
break; break;
#endif
} }
} }
#endif /* HAVE_ECC */
if (algoId == 0) { if (algoId == 0) {
WOLFSSL_MSG("Invalid signature algorithm type"); WOLFSSL_MSG("Invalid signature algorithm type");
@@ -2165,9 +2190,15 @@ static int wc_PKCS7_KariKeyWrap(byte* cek, word32 cekSz, byte* kek,
switch (keyWrapAlgo) { switch (keyWrapAlgo) {
#ifndef NO_AES #ifndef NO_AES
#ifdef WOLFSSL_AES_128
case AES128_WRAP: case AES128_WRAP:
#endif
#ifdef WOLFSSL_AES_192
case AES192_WRAP: case AES192_WRAP:
#endif
#ifdef WOLFSSL_AES_256
case AES256_WRAP: case AES256_WRAP:
#endif
if (direction == AES_ENCRYPTION) { if (direction == AES_ENCRYPTION) {
@@ -2669,9 +2700,15 @@ static int wc_CreateKeyAgreeRecipientInfo(PKCS7* pkcs7, const byte* cert,
/* set direction based on keyWrapAlgo */ /* set direction based on keyWrapAlgo */
switch (keyWrapAlgo) { switch (keyWrapAlgo) {
#ifndef NO_AES #ifndef NO_AES
#ifdef WOLFSSL_AES_128
case AES128_WRAP: case AES128_WRAP:
#endif
#ifdef WOLFSSL_AES_192
case AES192_WRAP: case AES192_WRAP:
#endif
#ifdef WOLFSSL_AES_256
case AES256_WRAP: case AES256_WRAP:
#endif
direction = AES_ENCRYPTION; direction = AES_ENCRYPTION;
break; break;
#endif #endif
@@ -3104,12 +3141,25 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
switch (encryptOID) { switch (encryptOID) {
#ifndef NO_AES #ifndef NO_AES
#ifdef WOLFSSL_AES_128
case AES128CBCb: case AES128CBCb:
#endif
#ifdef WOLFSSL_AES_192
case AES192CBCb: case AES192CBCb:
#endif
#ifdef WOLFSSL_AES_256
case AES256CBCb: case AES256CBCb:
if ( (encryptOID == AES128CBCb && keySz != 16 ) || #endif
if (
#ifdef WOLFSSL_AES_128
(encryptOID == AES128CBCb && keySz != 16 ) ||
#endif
#ifdef WOLFSSL_AES_192
(encryptOID == AES192CBCb && keySz != 24 ) || (encryptOID == AES192CBCb && keySz != 24 ) ||
#endif
#ifdef WOLFSSL_AES_256
(encryptOID == AES256CBCb && keySz != 32 ) || (encryptOID == AES256CBCb && keySz != 32 ) ||
#endif
(ivSz != AES_BLOCK_SIZE) ) (ivSz != AES_BLOCK_SIZE) )
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -3168,12 +3218,25 @@ static int wc_PKCS7_DecryptContent(int encryptOID, byte* key, int keySz,
switch (encryptOID) { switch (encryptOID) {
#ifndef NO_AES #ifndef NO_AES
#ifdef WOLFSSL_AES_128
case AES128CBCb: case AES128CBCb:
#endif
#ifdef WOLFSSL_AES_192
case AES192CBCb: case AES192CBCb:
#endif
#ifdef WOLFSSL_AES_256
case AES256CBCb: case AES256CBCb:
if ( (encryptOID == AES128CBCb && keySz != 16 ) || #endif
if (
#ifdef WOLFSSL_AES_128
(encryptOID == AES128CBCb && keySz != 16 ) ||
#endif
#ifdef WOLFSSL_AES_192
(encryptOID == AES192CBCb && keySz != 24 ) || (encryptOID == AES192CBCb && keySz != 24 ) ||
#endif
#ifdef WOLFSSL_AES_256
(encryptOID == AES256CBCb && keySz != 32 ) || (encryptOID == AES256CBCb && keySz != 32 ) ||
#endif
(ivSz != AES_BLOCK_SIZE) ) (ivSz != AES_BLOCK_SIZE) )
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -4172,9 +4235,15 @@ static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
/* set direction based on key wrap algorithm */ /* set direction based on key wrap algorithm */
switch (keyWrapOID) { switch (keyWrapOID) {
#ifndef NO_AES #ifndef NO_AES
#ifdef WOLFSSL_AES_128
case AES128_WRAP: case AES128_WRAP:
#endif
#ifdef WOLFSSL_AES_192
case AES192_WRAP: case AES192_WRAP:
#endif
#ifdef WOLFSSL_AES_256
case AES256_WRAP: case AES256_WRAP:
#endif
direction = AES_DECRYPTION; direction = AES_DECRYPTION;
break; break;
#endif #endif
@@ -4402,8 +4471,11 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
return ASN_PARSE_E; return ASN_PARSE_E;
/* TODO :: make this more accurate */ /* TODO :: make this more accurate */
if ((pkcs7->publicKeyOID == RSAk && version != 0) || if ((pkcs7->publicKeyOID == RSAk && version != 0)
(pkcs7->publicKeyOID == ECDSAk && version != 2)) { #ifdef HAVE_ECC
|| (pkcs7->publicKeyOID == ECDSAk && version != 2)
#endif
) {
WOLFSSL_MSG("PKCS#7 envelopedData needs to be of version 0"); WOLFSSL_MSG("PKCS#7 envelopedData needs to be of version 0");
return ASN_VERSION_E; return ASN_VERSION_E;
} }

19
wolfssl/wolfcrypt/asn.h
View File

@@ -263,13 +263,23 @@ enum Hash_Sum {
}; };
#if !defined(NO_DES3) || !defined(NO_AES)
enum Block_Sum { enum Block_Sum {
#ifdef WOLFSSL_AES_128
AES128CBCb = 414, AES128CBCb = 414,
#endif
#ifdef WOLFSSL_AES_192
AES192CBCb = 434, AES192CBCb = 434,
#endif
#ifdef WOLFSSL_AES_256
AES256CBCb = 454, AES256CBCb = 454,
#endif
#ifndef NO_DES3
DESb = 69, DESb = 69,
DES3b = 652 DES3b = 652
#endif
}; };
#endif /* !NO_DES3 || !NO_AES */
enum Key_Sum { enum Key_Sum {
@@ -281,12 +291,19 @@ enum Key_Sum {
}; };
#ifndef NO_AES
enum KeyWrap_Sum { enum KeyWrap_Sum {
#ifdef WOLFSSL_AES_128
AES128_WRAP = 417, AES128_WRAP = 417,
#endif
#ifdef WOLFSSL_AES_192
AES192_WRAP = 437, AES192_WRAP = 437,
#endif
#ifdef WOLFSSL_AES_256
AES256_WRAP = 457 AES256_WRAP = 457
#endif
}; };
#endif /* !NO_AES */
enum Key_Agree { enum Key_Agree {
dhSinglePass_stdDH_sha1kdf_scheme = 464, dhSinglePass_stdDH_sha1kdf_scheme = 464,