feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

add AES-256-CBC to PKCS#7 Encode/DecodeEnvelopedData

Browse Source
This commit is contained in:
Chris Conlon
2016-10-31 11:31:15 -06:00
parent 8c23c3cdd0
commit fa9a9175d0
5 changed files with 33 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
wolfcrypt/src/asn.c
View File

@@ -785,6 +785,7 @@ static const byte hashSha512hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 3};
/* blkType */ /* blkType */
static const byte blkAes128CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 2}; static const byte blkAes128CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 2};
static const byte blkAes192CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 22}; static const byte blkAes192CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 22};
static const byte blkAes256CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 42};
static const byte blkDesCbcOid[] = {43, 14, 3, 2, 7}; static const byte blkDesCbcOid[] = {43, 14, 3, 2, 7};
static const byte blkDes3CbcOid[] = {42, 134, 72, 134, 247, 13, 3, 7}; static const byte blkDes3CbcOid[] = {42, 134, 72, 134, 247, 13, 3, 7};
@@ -969,6 +970,10 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz)
oid = blkAes192CbcOid; oid = blkAes192CbcOid;
*oidSz = sizeof(blkAes192CbcOid); *oidSz = sizeof(blkAes192CbcOid);
break; break;
case AES256CBCb:
oid = blkAes256CbcOid;
*oidSz = sizeof(blkAes256CbcOid);
break;
case DESb: case DESb:
oid = blkDesCbcOid; oid = blkDesCbcOid;
*oidSz = sizeof(blkDesCbcOid); *oidSz = sizeof(blkDesCbcOid);

14
wolfcrypt/src/pkcs7.c
View File

@@ -1193,6 +1193,7 @@ int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
#ifndef NO_AES #ifndef NO_AES
case AES128CBCb: case AES128CBCb:
case AES192CBCb: case AES192CBCb:
case AES256CBCb:
if (ivSz != AES_BLOCK_SIZE) if (ivSz != AES_BLOCK_SIZE)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -1252,6 +1253,7 @@ int wc_PKCS7_DecryptContent(int encryptOID, byte* key, int keySz,
#ifndef NO_AES #ifndef NO_AES
case AES128CBCb: case AES128CBCb:
case AES192CBCb: case AES192CBCb:
case AES256CBCb:
if (ivSz != AES_BLOCK_SIZE) if (ivSz != AES_BLOCK_SIZE)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -1340,7 +1342,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
if (output == NULL || outputSz == 0) if (output == NULL || outputSz == 0)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
/* wolfCrypt PKCS#7 supports AES-128-CBC, DES, 3DES for now */ /* wolfCrypt PKCS#7 supports AES-128/192/256-CBC, DES, 3DES for now */
switch (pkcs7->encryptOID) { switch (pkcs7->encryptOID) {
case AES128CBCb: case AES128CBCb:
blockKeySz = 16; blockKeySz = 16;
@@ -1352,6 +1354,11 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
blockSz = AES_BLOCK_SIZE; blockSz = AES_BLOCK_SIZE;
break; break;
case AES256CBCb:
blockKeySz = 32;
blockSz = AES_BLOCK_SIZE;
break;
case DESb: case DESb:
blockKeySz = DES_KEYLEN; blockKeySz = DES_KEYLEN;
blockSz = DES_BLOCK_SIZE; blockSz = DES_BLOCK_SIZE;
@@ -1804,6 +1811,11 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
expBlockSz = AES_BLOCK_SIZE; expBlockSz = AES_BLOCK_SIZE;
break; break;
case AES256CBCb:
blockKeySz = 32;
expBlockSz = AES_BLOCK_SIZE;
break;
case DESb: case DESb:
blockKeySz = DES_KEYLEN; blockKeySz = DES_KEYLEN;
expBlockSz = DES_BLOCK_SIZE; expBlockSz = DES_BLOCK_SIZE;

13
wolfcrypt/test/test.c
View File

@@ -8538,8 +8538,8 @@ int pkcs7enveloped_test(void)
0x72,0x6c,0x64 0x72,0x6c,0x64
}; };
pkcs7EnvelopedVector a, b, c; pkcs7EnvelopedVector a, b, c, d;
pkcs7EnvelopedVector test_pkcs7env[3]; pkcs7EnvelopedVector test_pkcs7env[4];
int times = sizeof(test_pkcs7env) / sizeof(pkcs7EnvelopedVector), i; int times = sizeof(test_pkcs7env) / sizeof(pkcs7EnvelopedVector), i;
/* read client cert and key in DER format */ /* read client cert and key in DER format */
@@ -8604,9 +8604,18 @@ int pkcs7enveloped_test(void)
c.privateKeySz = (word32)privKeySz; c.privateKeySz = (word32)privKeySz;
c.outFileName = "pkcs7envelopedDataAES192CBC.der"; c.outFileName = "pkcs7envelopedDataAES192CBC.der";
d.content = data;
d.contentSz = (word32)sizeof(data);
d.contentOID = DATA;
d.encryptOID = AES256CBCb;
d.privateKey = privKey;
d.privateKeySz = (word32)privKeySz;
d.outFileName = "pkcs7envelopedDataAES256CBC.der";
test_pkcs7env[0] = a; test_pkcs7env[0] = a;
test_pkcs7env[1] = b; test_pkcs7env[1] = b;
test_pkcs7env[2] = c; test_pkcs7env[2] = c;
test_pkcs7env[3] = d;
for (i = 0; i < times; i++) { for (i = 0; i < times; i++) {
pkcs7.content = (byte*)test_pkcs7env[i].content; pkcs7.content = (byte*)test_pkcs7env[i].content;

1
wolfssl/wolfcrypt/asn.h
View File

@@ -229,6 +229,7 @@ enum Hash_Sum {
enum Block_Sum { enum Block_Sum {
AES128CBCb = 414, AES128CBCb = 414,
AES192CBCb = 434, AES192CBCb = 434,
AES256CBCb = 454,
DESb = 69, DESb = 69,
DES3b = 652 DES3b = 652
}; };

2
wolfssl/wolfcrypt/pkcs7.h
View File

@@ -57,7 +57,7 @@ enum PKCS7_TYPES {
enum Pkcs7_Misc { enum Pkcs7_Misc {
PKCS7_NONCE_SZ = 16, PKCS7_NONCE_SZ = 16,
MAX_ENCRYPTED_KEY_SZ = 512, /* max enc. key size, RSA <= 4096 */ MAX_ENCRYPTED_KEY_SZ = 512, /* max enc. key size, RSA <= 4096 */
MAX_CONTENT_KEY_LEN = DES3_KEYLEN, /* highest current cipher is 3DES */ MAX_CONTENT_KEY_LEN = 32, /* highest current cipher is AES-256-CBC */
MAX_CONTENT_IV_SIZE = 16, /* highest current is AES128 */ MAX_CONTENT_IV_SIZE = 16, /* highest current is AES128 */
MAX_CONTENT_BLOCK_LEN = AES_BLOCK_SIZE, MAX_CONTENT_BLOCK_LEN = AES_BLOCK_SIZE,
MAX_RECIP_SZ = MAX_VERSION_SZ + MAX_RECIP_SZ = MAX_VERSION_SZ +