forked from wolfSSL/wolfssl
place PKCS#7 IV in AlgoID optional params, resolve merge conflicts
This commit is contained in:
Chris Conlon
@@ -675,10 +675,13 @@ int PKCS7_EncodeEnvelopeData(PKCS7* pkcs7, byte* output, word32 outputSz)
|
|||||||
byte recip[MAX_RECIP_SZ];
|
byte recip[MAX_RECIP_SZ];
|
||||||
byte recipSet[MAX_SET_SZ];
|
byte recipSet[MAX_SET_SZ];
|
||||||
|
|
||||||
int encContentOctetSz, encContentSeqSz, contentTypeSz, contentEncAlgoSz;
|
int encContentOctetSz, encContentSeqSz, contentTypeSz;
|
||||||
|
int contentEncAlgoSz, ivOctetStringSz;
|
||||||
byte encContentSeq[MAX_SEQ_SZ];
|
byte encContentSeq[MAX_SEQ_SZ];
|
||||||
byte contentType[MAX_ALGO_SZ];
|
byte contentType[MAX_ALGO_SZ];
|
||||||
byte contentEncAlgo[MAX_ALGO_SZ];
|
byte contentEncAlgo[MAX_ALGO_SZ];
|
||||||
|
byte tmpIv[DES_BLOCK_SIZE];
|
||||||
|
byte ivOctetString[MAX_OCTET_STR_SZ];
|
||||||
byte encContentOctet[MAX_OCTET_STR_SZ];
|
byte encContentOctet[MAX_OCTET_STR_SZ];
|
||||||
|
|
||||||
if (pkcs7 == NULL || pkcs7->content == NULL || pkcs7->contentSz == 0 ||
|
if (pkcs7 == NULL || pkcs7->content == NULL || pkcs7->contentSz == 0 ||
|
||||||
@@ -730,11 +733,6 @@ int PKCS7_EncodeEnvelopeData(PKCS7* pkcs7, byte* output, word32 outputSz)
|
|||||||
if (contentTypeSz == 0)
|
if (contentTypeSz == 0)
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
contentEncAlgoSz = SetAlgoID(pkcs7->encryptOID, contentEncAlgo,
|
|
||||||
blkType, 0);
|
|
||||||
if (contentEncAlgoSz == 0)
|
|
||||||
return BAD_FUNC_ARG;
|
|
||||||
|
|
||||||
/* allocate encrypted content buffer, pad if necessary, PKCS#7 padding */
|
/* allocate encrypted content buffer, pad if necessary, PKCS#7 padding */
|
||||||
padSz = DES_BLOCK_SIZE - (pkcs7->contentSz % DES_BLOCK_SIZE);
|
padSz = DES_BLOCK_SIZE - (pkcs7->contentSz % DES_BLOCK_SIZE);
|
||||||
desOutSz = pkcs7->contentSz + padSz;
|
desOutSz = pkcs7->contentSz + padSz;
|
||||||
@@ -763,10 +761,20 @@ int PKCS7_EncodeEnvelopeData(PKCS7* pkcs7, byte* output, word32 outputSz)
|
|||||||
return MEMORY_E;
|
return MEMORY_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* use NULL iv for now */
|
/* generate IV for block cipher */
|
||||||
byte tmpIv[blockKeySz];
|
RNG_GenerateBlock(&rng, tmpIv, DES_BLOCK_SIZE);
|
||||||
XMEMSET(tmpIv, 0, sizeof(tmpIv));
|
|
||||||
|
|
||||||
|
/* put together IV OCTET STRING */
|
||||||
|
ivOctetStringSz = SetOctetString(DES_BLOCK_SIZE, ivOctetString);
|
||||||
|
|
||||||
|
/* build up our ContentEncryptionAlgorithmIdentifier sequence,
|
||||||
|
* adding (ivOctetStringSz + DES_BLOCK_SIZE) for IV OCTET STRING */
|
||||||
|
contentEncAlgoSz = SetAlgoID(pkcs7->encryptOID, contentEncAlgo,
|
||||||
|
blkType, ivOctetStringSz + DES_BLOCK_SIZE);
|
||||||
|
if (contentEncAlgoSz == 0)
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
|
/* encrypt content */
|
||||||
if (pkcs7->encryptOID == DESb) {
|
if (pkcs7->encryptOID == DESb) {
|
||||||
Des des;
|
Des des;
|
||||||
Des_SetKey(&des, contentKeyPlain, tmpIv, DES_ENCRYPTION);
|
Des_SetKey(&des, contentKeyPlain, tmpIv, DES_ENCRYPTION);
|
||||||
@@ -779,14 +787,16 @@ int PKCS7_EncodeEnvelopeData(PKCS7* pkcs7, byte* output, word32 outputSz)
|
|||||||
}
|
}
|
||||||
|
|
||||||
encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0,
|
encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0,
|
||||||
desOutSz, encContentOctet);
|
desOutSz, encContentOctet);
|
||||||
|
|
||||||
encContentSeqSz = SetSequence(contentTypeSz + contentEncAlgoSz +
|
encContentSeqSz = SetSequence(contentTypeSz + contentEncAlgoSz +
|
||||||
|
ivOctetStringSz + DES_BLOCK_SIZE +
|
||||||
encContentOctetSz + desOutSz, encContentSeq);
|
encContentOctetSz + desOutSz, encContentSeq);
|
||||||
|
|
||||||
/* keep track of sizes for outer wrapper layering */
|
/* keep track of sizes for outer wrapper layering */
|
||||||
totalSz = verSz + recipSetSz + recipSz + encContentSeqSz + contentTypeSz +
|
totalSz = verSz + recipSetSz + recipSz + encContentSeqSz + contentTypeSz +
|
||||||
contentEncAlgoSz + encContentOctetSz + desOutSz;
|
contentEncAlgoSz + ivOctetStringSz + DES_BLOCK_SIZE +
|
||||||
|
encContentOctetSz + desOutSz;
|
||||||
|
|
||||||
/* EnvelopedData */
|
/* EnvelopedData */
|
||||||
envDataSeqSz = SetSequence(totalSz, envDataSeq);
|
envDataSeqSz = SetSequence(totalSz, envDataSeq);
|
||||||
@@ -829,6 +839,10 @@ int PKCS7_EncodeEnvelopeData(PKCS7* pkcs7, byte* output, word32 outputSz)
|
|||||||
idx += contentTypeSz;
|
idx += contentTypeSz;
|
||||||
XMEMCPY(output + idx, contentEncAlgo, contentEncAlgoSz);
|
XMEMCPY(output + idx, contentEncAlgo, contentEncAlgoSz);
|
||||||
idx += contentEncAlgoSz;
|
idx += contentEncAlgoSz;
|
||||||
|
XMEMCPY(output + idx, ivOctetString, ivOctetStringSz);
|
||||||
|
idx += ivOctetStringSz;
|
||||||
|
XMEMCPY(output + idx, tmpIv, DES_BLOCK_SIZE);
|
||||||
|
idx += DES_BLOCK_SIZE;
|
||||||
XMEMCPY(output + idx, encContentOctet, encContentOctetSz);
|
XMEMCPY(output + idx, encContentOctet, encContentOctetSz);
|
||||||
idx += encContentOctetSz;
|
idx += encContentOctetSz;
|
||||||
XMEMCPY(output + idx, encryptedContent, desOutSz);
|
XMEMCPY(output + idx, encryptedContent, desOutSz);
|
||||||
@@ -863,7 +877,7 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
|
|||||||
DecodedCert decoded;
|
DecodedCert decoded;
|
||||||
|
|
||||||
int encryptedKeySz, keySz;
|
int encryptedKeySz, keySz;
|
||||||
byte tmpIv[DES3_KEYLEN];
|
byte tmpIv[DES_BLOCK_SIZE];
|
||||||
byte encryptedKey[MAX_ENCRYPTED_KEY_SZ];
|
byte encryptedKey[MAX_ENCRYPTED_KEY_SZ];
|
||||||
byte* decryptedKey = NULL;
|
byte* decryptedKey = NULL;
|
||||||
|
|
||||||
@@ -1015,6 +1029,21 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
|
|||||||
if (GetAlgoId(pkiMsg, &idx, &encOID, pkiMsgSz) < 0)
|
if (GetAlgoId(pkiMsg, &idx, &encOID, pkiMsgSz) < 0)
|
||||||
return ASN_PARSE_E;
|
return ASN_PARSE_E;
|
||||||
|
|
||||||
|
/* get block cipher IV, stored in OPTIONAL parameter of AlgoID */
|
||||||
|
if (pkiMsg[idx++] != ASN_OCTET_STRING)
|
||||||
|
return ASN_PARSE_E;
|
||||||
|
|
||||||
|
if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0)
|
||||||
|
return ASN_PARSE_E;
|
||||||
|
|
||||||
|
if (length != DES_BLOCK_SIZE) {
|
||||||
|
CYASSL_MSG("Incorrect IV length, must be of DES_BLOCK_SIZE");
|
||||||
|
return ASN_PARSE_E;
|
||||||
|
}
|
||||||
|
|
||||||
|
XMEMCPY(tmpIv, &pkiMsg[idx], length);
|
||||||
|
idx += length;
|
||||||
|
|
||||||
/* read encryptedContent, cont[0] */
|
/* read encryptedContent, cont[0] */
|
||||||
if (pkiMsg[idx++] != (ASN_CONTEXT_SPECIFIC | 0))
|
if (pkiMsg[idx++] != (ASN_CONTEXT_SPECIFIC | 0))
|
||||||
return ASN_PARSE_E;
|
return ASN_PARSE_E;
|
||||||
@@ -1033,9 +1062,7 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
|
|||||||
if (keySz < 0)
|
if (keySz < 0)
|
||||||
return keySz;
|
return keySz;
|
||||||
|
|
||||||
/* decrypt encryptedContent, using NULL iv for now */
|
/* decrypt encryptedContent */
|
||||||
XMEMSET(tmpIv, 0, sizeof(tmpIv));
|
|
||||||
|
|
||||||
if (encOID == DESb) {
|
if (encOID == DESb) {
|
||||||
Des des;
|
Des des;
|
||||||
Des_SetKey(&des, decryptedKey, tmpIv, DES_DECRYPTION);
|
Des_SetKey(&des, decryptedKey, tmpIv, DES_DECRYPTION);
|
||||||
|
|||||||
Reference in New Issue
Block a user