add AES-256-CBC to PKCS#7 Encode/DecodeEnvelopedData

wolfcrypt/src/asn.c

@@ -785,6 +785,7 @@ static const byte hashSha512hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 3};
 /* blkType */
 static const byte blkAes128CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 2};
 static const byte blkAes192CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 22};
+static const byte blkAes256CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 42};
 static const byte blkDesCbcOid[]  = {43, 14, 3, 2, 7};
 static const byte blkDes3CbcOid[] = {42, 134, 72, 134, 247, 13, 3, 7};
 
@@ -969,6 +970,10 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz)
                     oid = blkAes192CbcOid;
                     *oidSz = sizeof(blkAes192CbcOid);
                     break;
+                case AES256CBCb:
+                    oid = blkAes256CbcOid;
+                    *oidSz = sizeof(blkAes256CbcOid);
+                    break;
                 case DESb:
                     oid = blkDesCbcOid;
                     *oidSz = sizeof(blkDesCbcOid);

wolfcrypt/src/pkcs7.c

@@ -1193,6 +1193,7 @@ int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
 #ifndef NO_AES
         case AES128CBCb:
         case AES192CBCb:
+        case AES256CBCb:
             if (ivSz != AES_BLOCK_SIZE)
                 return BAD_FUNC_ARG;
 
@@ -1252,6 +1253,7 @@ int wc_PKCS7_DecryptContent(int encryptOID, byte* key, int keySz,
 #ifndef NO_AES
         case AES128CBCb:
         case AES192CBCb:
+        case AES256CBCb:
             if (ivSz != AES_BLOCK_SIZE)
                 return BAD_FUNC_ARG;
 
@@ -1340,7 +1342,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     if (output == NULL || outputSz == 0)
         return BAD_FUNC_ARG;
 
-    /* wolfCrypt PKCS#7 supports AES-128-CBC, DES, 3DES for now */
+    /* wolfCrypt PKCS#7 supports AES-128/192/256-CBC, DES, 3DES for now */
     switch (pkcs7->encryptOID) {
         case AES128CBCb:
             blockKeySz = 16;
@@ -1352,6 +1354,11 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
             blockSz    = AES_BLOCK_SIZE;
             break;
 
+        case AES256CBCb:
+            blockKeySz = 32;
+            blockSz    = AES_BLOCK_SIZE;
+            break;
+
         case DESb:
             blockKeySz = DES_KEYLEN;
             blockSz    = DES_BLOCK_SIZE;
@@ -1804,6 +1811,11 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
             expBlockSz = AES_BLOCK_SIZE;
             break;
 
+        case AES256CBCb:
+            blockKeySz = 32;
+            expBlockSz = AES_BLOCK_SIZE;
+            break;
+
         case DESb:
             blockKeySz = DES_KEYLEN;
             expBlockSz = DES_BLOCK_SIZE;

wolfcrypt/test/test.c

@@ -8538,8 +8538,8 @@ int pkcs7enveloped_test(void)
         0x72,0x6c,0x64
     };
 
-    pkcs7EnvelopedVector a, b, c;
-    pkcs7EnvelopedVector test_pkcs7env[3];
+    pkcs7EnvelopedVector a, b, c, d;
+    pkcs7EnvelopedVector test_pkcs7env[4];
     int times = sizeof(test_pkcs7env) / sizeof(pkcs7EnvelopedVector), i;
 
     /* read client cert and key in DER format */
@@ -8604,9 +8604,18 @@ int pkcs7enveloped_test(void)
     c.privateKeySz = (word32)privKeySz;
     c.outFileName  = "pkcs7envelopedDataAES192CBC.der";
 
+    d.content      = data;
+    d.contentSz    = (word32)sizeof(data);
+    d.contentOID   = DATA;
+    d.encryptOID   = AES256CBCb;
+    d.privateKey   = privKey;
+    d.privateKeySz = (word32)privKeySz;
+    d.outFileName  = "pkcs7envelopedDataAES256CBC.der";
+
     test_pkcs7env[0] = a;
     test_pkcs7env[1] = b;
     test_pkcs7env[2] = c;
+    test_pkcs7env[3] = d;
 
     for (i = 0; i < times; i++) {
         pkcs7.content     = (byte*)test_pkcs7env[i].content;

wolfssl/wolfcrypt/asn.h

@@ -229,6 +229,7 @@ enum Hash_Sum  {
 enum Block_Sum {
     AES128CBCb = 414,
     AES192CBCb = 434,
+    AES256CBCb = 454,
     DESb       = 69,
     DES3b      = 652
 };

wolfssl/wolfcrypt/pkcs7.h

@@ -56,9 +56,9 @@ enum PKCS7_TYPES {
 
 enum Pkcs7_Misc {
     PKCS7_NONCE_SZ        = 16,
-    MAX_ENCRYPTED_KEY_SZ  = 512,           /* max enc. key size, RSA <= 4096 */
-    MAX_CONTENT_KEY_LEN   = DES3_KEYLEN,   /* highest current cipher is 3DES */
-    MAX_CONTENT_IV_SIZE   = 16,            /* highest current is AES128 */
+    MAX_ENCRYPTED_KEY_SZ  = 512,    /* max enc. key size, RSA <= 4096 */
+    MAX_CONTENT_KEY_LEN   = 32,     /* highest current cipher is AES-256-CBC */
+    MAX_CONTENT_IV_SIZE   = 16,     /* highest current is AES128 */
     MAX_CONTENT_BLOCK_LEN = AES_BLOCK_SIZE,
     MAX_RECIP_SZ          = MAX_VERSION_SZ +
                             MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ +