From 07401d909c6c30ae3843304e00e723d21963efd2 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 29 Jun 2018 15:04:28 -0700 Subject: [PATCH] Added support for dynamic allocation of PKCS7 structure using `wc_PKCS7_New` and `wc_PKCS7_Free`. Updated the test examples to use the dynamic method. Add API unit test for `wc_PKCS7_New`. --- tests/api.c | 102 ++++++++++++-------- wolfcrypt/src/pkcs7.c | 42 +++++--- wolfcrypt/test/test.c | 196 ++++++++++++++++++++++---------------- wolfssl/wolfcrypt/pkcs7.h | 13 ++- 4 files changed, 214 insertions(+), 139 deletions(-) diff --git a/tests/api.c b/tests/api.c index 832b164d8..736313308 100644 --- a/tests/api.c +++ b/tests/api.c @@ -3263,7 +3263,7 @@ static void test_wolfSSL_mcast(void) | Wolfcrypt *----------------------------------------------------------------------------*/ -/* +/* * Unit test for the wc_InitBlake2b() */ static int test_wc_InitBlake2b (void) @@ -7609,7 +7609,7 @@ static int test_wc_Des3_SetKey (void) return ret; } /* END test_wc_Des3_SetKey */ - + /* * Test function for wc_Des3_CbcEncrypt and wc_Des3_CbcDecrypt @@ -7856,7 +7856,7 @@ static int test_wc_Chacha_SetKey (void) static int test_wc_Poly1305SetKey(void) { int ret = 0; - + #ifdef HAVE_POLY1305 Poly1305 ctx; const byte key[] = @@ -7868,8 +7868,8 @@ static int test_wc_Poly1305SetKey(void) }; printf(testingFmt, "wc_Poly1305_SetKey()"); - - ret = wc_Poly1305SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte))); + + ret = wc_Poly1305SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte))); /* Test bad args. */ if (ret == 0) { ret = wc_Poly1305SetKey(NULL, key, (word32)(sizeof(key)/sizeof(byte))); @@ -7887,7 +7887,7 @@ static int test_wc_Poly1305SetKey(void) } printf(resultFmt, ret == 0 ? passed : failed); - + #endif return ret; } /* END test_wc_Poly1305_SetKey() */ @@ -10112,7 +10112,7 @@ static int test_wc_RsaKeyToDer (void) * Testing wc_RsaKeyToPublicDer() */ static int test_wc_RsaKeyToPublicDer (void) -{ +{ int ret = 0; #if !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) &&\ (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) @@ -14185,6 +14185,25 @@ static int test_wc_ecc_is_valid_idx (void) } /* END test_wc_ecc_is_valid_idx */ +/* + * Testing wc_PKCS7_New() + */ +static void test_wc_PKCS7_New (void) +{ +#if defined(HAVE_PKCS7) + PKCS7* pkcs7; + void* heap = NULL; + + printf(testingFmt, "wc_PKCS7_New()"); + + pkcs7 = wc_PKCS7_New(heap, devId); + AssertNotNull(pkcs7); + + printf(resultFmt, passed); + wc_PKCS7_Free(pkcs7); +#endif +} /* END test-wc_PKCS7_New */ + /* * Testing wc_PKCS7_Init() */ @@ -15038,43 +15057,43 @@ static void test_wc_PKCS7_EncodeEncryptedData (void) /* Testing wc_SignatureGetSize() for signature type ECC */ static int test_wc_SignatureGetSize_ecc(void) -{ - int ret = 0; +{ + int ret = 0; #if defined(HAVE_ECC) && !defined(NO_ECC256) enum wc_SignatureType sig_type; word32 key_len; /* Initialize ECC Key */ - ecc_key ecc; + ecc_key ecc; const char* qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0"; - const char* qy = + const char* qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09"; - const char* d = + const char* d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25"; - + ret = wc_ecc_init(&ecc); if (ret == 0) { ret = wc_ecc_import_raw(&ecc, qx, qy, d, "SECP256R1"); } printf(testingFmt, "wc_SigntureGetSize_ecc()"); - if (ret == 0) { + if (ret == 0) { /* Input for signature type ECC */ sig_type = WC_SIGNATURE_TYPE_ECC; key_len = sizeof(ecc_key); ret = wc_SignatureGetSize(sig_type, &ecc, key_len); - - /* Test bad args */ + + /* Test bad args */ if (ret > 0) { sig_type = (enum wc_SignatureType) 100; ret = wc_SignatureGetSize(sig_type, &ecc, key_len); if (ret == BAD_FUNC_ARG) { sig_type = WC_SIGNATURE_TYPE_ECC; ret = wc_SignatureGetSize(sig_type, NULL, key_len); - } + } if (ret >= 0) { key_len = (word32) 0; - ret = wc_SignatureGetSize(sig_type, &ecc, key_len); + ret = wc_SignatureGetSize(sig_type, &ecc, key_len); } if (ret == BAD_FUNC_ARG) { ret = SIG_TYPE_E; @@ -15102,7 +15121,7 @@ static int test_wc_SignatureGetSize_ecc(void) /* Testing wc_SignatureGetSize() for signature type rsa */ static int test_wc_SignatureGetSize_rsa(void) { - int ret = 0; + int ret = 0; #ifndef NO_RSA enum wc_SignatureType sig_type; word32 key_len; @@ -15112,7 +15131,7 @@ static int test_wc_SignatureGetSize_rsa(void) RsaKey rsa_key; byte* tmp = NULL; size_t bytes; - + #ifdef USE_CERT_BUFFERS_1024 bytes = (size_t)sizeof_client_key_der_1024; if (bytes < (size_t)sizeof_client_key_der_1024) @@ -15128,10 +15147,10 @@ static int test_wc_SignatureGetSize_rsa(void) tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (tmp != NULL) { #ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, client_key_der_1024, + XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024); #elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, client_key_der_2048, + XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048); #elif !defined(NO_FILESYSTEM) file = fopen(clientKey, "rb"); @@ -15148,7 +15167,7 @@ static int test_wc_SignatureGetSize_rsa(void) if (ret == 0) { ret = wc_InitRsaKey_ex(&rsa_key, HEAP_HINT, devId); if (ret == 0) { - ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsa_key, + ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsa_key, (word32)bytes); } } @@ -15162,7 +15181,7 @@ static int test_wc_SignatureGetSize_rsa(void) sig_type = WC_SIGNATURE_TYPE_RSA; key_len = sizeof(RsaKey); ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); - + /* Test bad args */ if (ret > 0) { sig_type = (enum wc_SignatureType) 100; @@ -15173,7 +15192,7 @@ static int test_wc_SignatureGetSize_rsa(void) } #ifndef HAVE_USER_RSA if (ret == BAD_FUNC_ARG) { - #else + #else if (ret == 0) { #endif key_len = (word32)0; @@ -15191,21 +15210,21 @@ static int test_wc_SignatureGetSize_rsa(void) #else ret = SIG_TYPE_E; #endif - + if (ret == SIG_TYPE_E) { ret = 0; }else { ret = WOLFSSL_FATAL_ERROR; } - + printf(resultFmt, ret == 0 ? passed : failed); return ret; }/* END test_wc_SignatureGetSize_rsa(void) */ - + /*----------------------------------------------------------------------------* | hash.h Tests *----------------------------------------------------------------------------*/ - + static int test_wc_HashInit(void) { int ret = 0, i; /* 0 indicates tests passed, 1 indicates failure */ @@ -15604,7 +15623,7 @@ static void test_wolfSSL_ASN1_GENERALIZEDTIME_free(){ XMEMSET(nullstr, 0, 32); asn1_gtime = (WOLFSSL_ASN1_GENERALIZEDTIME*)XMALLOC( - sizeof(WOLFSSL_ASN1_GENERALIZEDTIME), NULL, + sizeof(WOLFSSL_ASN1_GENERALIZEDTIME), NULL, DYNAMIC_TYPE_TMP_BUFFER); XMEMCPY(asn1_gtime->data,"20180504123500Z",ASN_GENERALIZED_TIME_SIZE); wolfSSL_ASN1_GENERALIZEDTIME_free(asn1_gtime); @@ -18374,14 +18393,14 @@ static void test_wolfSSL_SHA(void) "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" "\x15\xAD"; unsigned char out[WC_SHA256_DIGEST_SIZE]; - + XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE); AssertNotNull(SHA256(in, XSTRLEN((char*)in), out)); AssertIntEQ(XMEMCMP(out, expected, WC_SHA256_DIGEST_SIZE), 0); } #endif - #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) + #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) { const unsigned char in[] = "abc"; unsigned char expected[] = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50" @@ -18590,9 +18609,9 @@ static void test_wolfSSL_ASN1_STRING_print_ex(void){ unsigned long flags; int p_len; unsigned char rbuf[255]; - + printf(testingFmt, "wolfSSL_ASN1_STRING_print_ex()"); - + /* setup */ XMEMSET(rbuf, 0, 255); bio = BIO_new(BIO_s_mem()); @@ -19777,7 +19796,7 @@ static void test_wolfSSL_i2c_ASN1_INTEGER() DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); - wolfSSL_i2c_ASN1_INTEGER(a, &pp); + wolfSSL_i2c_ASN1_INTEGER(a, &pp); pp--; AssertIntEQ(*pp, 40); XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -19792,7 +19811,7 @@ static void test_wolfSSL_i2c_ASN1_INTEGER() DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); - wolfSSL_i2c_ASN1_INTEGER(a, &pp); + wolfSSL_i2c_ASN1_INTEGER(a, &pp); pp--; AssertIntEQ(*(pp--), 128); AssertIntEQ(*pp, 0); @@ -19809,7 +19828,7 @@ static void test_wolfSSL_i2c_ASN1_INTEGER() DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); - wolfSSL_i2c_ASN1_INTEGER(a, &pp); + wolfSSL_i2c_ASN1_INTEGER(a, &pp); pp--; AssertIntEQ(*pp, 216); XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -19825,7 +19844,7 @@ static void test_wolfSSL_i2c_ASN1_INTEGER() DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); - wolfSSL_i2c_ASN1_INTEGER(a, &pp); + wolfSSL_i2c_ASN1_INTEGER(a, &pp); pp--; AssertIntEQ(*pp, 128); XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -19841,13 +19860,13 @@ static void test_wolfSSL_i2c_ASN1_INTEGER() DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); - wolfSSL_i2c_ASN1_INTEGER(a, &pp); + wolfSSL_i2c_ASN1_INTEGER(a, &pp); pp--; AssertIntEQ(*(pp--), 56); AssertIntEQ(*pp, 255); XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); - wolfSSL_ASN1_INTEGER_free(a); + wolfSSL_ASN1_INTEGER_free(a); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ @@ -20176,6 +20195,7 @@ void ApiTest(void) AssertIntEQ(test_wc_ecc_mulmod(), 0); AssertIntEQ(test_wc_ecc_is_valid_idx(), 0); + test_wc_PKCS7_New(); test_wc_PKCS7_Init(); test_wc_PKCS7_InitWithCert(); test_wc_PKCS7_EncodeData(); @@ -20183,7 +20203,7 @@ void ApiTest(void) test_wc_PKCS7_VerifySignedData(); test_wc_PKCS7_EncodeDecodeEnvelopedData(); test_wc_PKCS7_EncodeEncryptedData(); - + printf(" End API Tests\n"); } diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 23072bab1..855019f8f 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -228,6 +228,17 @@ static int wc_PKCS7_GetOIDKeySize(int oid) } +PKCS7* wc_PKCS7_New(void* heap, int devId) +{ + PKCS7* pkcs7 = (PKCS7*)XMALLOC(sizeof(PKCS7), heap, DYNAMIC_TYPE_PKCS7); + if (pkcs7) { + XMEMSET(pkcs7, 0, sizeof(PKCS7)); + wc_PKCS7_Init(pkcs7, heap, devId); + pkcs7->isDynamic = 1; + } + return pkcs7; +} + /* This is to initialize a PKCS7 structure. It sets all values to 0 and can be * used to set the heap hint. * @@ -246,7 +257,11 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId) } XMEMSET(pkcs7, 0, sizeof(PKCS7)); +#ifdef WOLFSSL_HEAP_TEST + pkcs7->heap = (void*)WOLFSSL_HEAP_TEST; +#else pkcs7->heap = heap; +#endif pkcs7->devId = devId; return 0; @@ -254,34 +269,30 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId) /* init PKCS7 struct with recipient cert, decode into DecodedCert - * NOTE: keeps previously set pkcs7 memory heap hint */ + * NOTE: keeps previously set pkcs7 heap hint, devId and isDynamic */ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz) { int ret = 0; void* heap; int devId; + word16 isDynamic; if (pkcs7 == NULL || (cert == NULL && certSz != 0)) { return BAD_FUNC_ARG; } -#ifdef WOLFSSL_HEAP_TEST - heap = (void*)WOLFSSL_HEAP_TEST; -#else heap = pkcs7->heap; -#endif devId = pkcs7->devId; - - XMEMSET(pkcs7, 0, sizeof(PKCS7)); - pkcs7->heap = heap; - pkcs7->devId = devId; + isDynamic = pkcs7->isDynamic; + wc_PKCS7_Init(pkcs7, heap, devId); + pkcs7->isDynamic = isDynamic; if (cert != NULL && certSz > 0) { #ifdef WOLFSSL_SMALL_STACK DecodedCert* dCert; - dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, - DYNAMIC_TYPE_PKCS7); + dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), pkcs7->heap, + DYNAMIC_TYPE_DCERT); if (dCert == NULL) return MEMORY_E; #else @@ -297,7 +308,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz) if (ret < 0) { FreeDecodedCert(dCert); #ifdef WOLFSSL_SMALL_STACK - XFREE(dCert, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(dCert, NULL, DYNAMIC_TYPE_DCERT); #endif return ret; } @@ -313,7 +324,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz) FreeDecodedCert(dCert); #ifdef WOLFSSL_SMALL_STACK - XFREE(dCert, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(dCert, NULL, DYNAMIC_TYPE_DCERT); #endif } @@ -359,6 +370,11 @@ void wc_PKCS7_Free(PKCS7* pkcs7) if (pkcs7->der != NULL) XFREE(pkcs7->der, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif + + if (pkcs7->isDynamic) { + pkcs7->isDynamic = 0; + XFREE(pkcs7, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + } } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 4a45faf87..6478284ea 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -2834,7 +2834,7 @@ int hash_test(void) if (hashType != WC_HASH_TYPE_NONE) return -3071; #endif - + ret = wc_HashGetOID(WC_HASH_TYPE_MD5_SHA); #ifndef NO_MD5 if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) @@ -18050,7 +18050,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, byte enveloped[2048]; byte decoded[2048]; - PKCS7 pkcs7; + PKCS7* pkcs7; #ifdef PKCS7_OUTPUT_TEST_BUNDLES FILE* pkcs7File; #endif @@ -18128,64 +18128,75 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, testSz = sizeof(testVectors) / sizeof(pkcs7EnvelopedVector); for (i = 0; i < testSz; i++) { - ret = wc_PKCS7_Init(&pkcs7, HEAP_HINT, + pkcs7 = wc_PKCS7_New(HEAP_HINT, #ifdef WOLFSSL_ASYNC_CRYPT INVALID_DEVID /* async PKCS7 is not supported */ #else devId #endif ); - if (ret != 0) + if (pkcs7 == NULL) return -9214; - ret = wc_PKCS7_InitWithCert(&pkcs7, testVectors[i].cert, + ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert, (word32)testVectors[i].certSz); - if (ret != 0) + if (ret != 0) { + wc_PKCS7_Free(pkcs7); return -9215; + } - pkcs7.content = (byte*)testVectors[i].content; - pkcs7.contentSz = testVectors[i].contentSz; - pkcs7.contentOID = testVectors[i].contentOID; - pkcs7.encryptOID = testVectors[i].encryptOID; - pkcs7.keyWrapOID = testVectors[i].keyWrapOID; - pkcs7.keyAgreeOID = testVectors[i].keyAgreeOID; - pkcs7.privateKey = testVectors[i].privateKey; - pkcs7.privateKeySz = testVectors[i].privateKeySz; - pkcs7.ukm = testVectors[i].optionalUkm; - pkcs7.ukmSz = testVectors[i].optionalUkmSz; + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->keyWrapOID = testVectors[i].keyWrapOID; + pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID; + pkcs7->privateKey = testVectors[i].privateKey; + pkcs7->privateKeySz = testVectors[i].privateKeySz; + pkcs7->ukm = testVectors[i].optionalUkm; + pkcs7->ukmSz = testVectors[i].optionalUkmSz; /* encode envelopedData */ - envelopedSz = wc_PKCS7_EncodeEnvelopedData(&pkcs7, enveloped, + envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, enveloped, sizeof(enveloped)); if (envelopedSz <= 0) { printf("DEBUG: i = %d, envelopedSz = %d\n", i, envelopedSz); + wc_PKCS7_Free(pkcs7); return -9216; } /* decode envelopedData */ - decodedSz = wc_PKCS7_DecodeEnvelopedData(&pkcs7, enveloped, envelopedSz, + decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped, envelopedSz, decoded, sizeof(decoded)); - if (decodedSz <= 0) + if (decodedSz <= 0) { + wc_PKCS7_Free(pkcs7); return -9217; + } /* test decode result */ - if (XMEMCMP(decoded, data, sizeof(data)) != 0) + if (XMEMCMP(decoded, data, sizeof(data)) != 0){ + wc_PKCS7_Free(pkcs7); return -9218; + } #ifdef PKCS7_OUTPUT_TEST_BUNDLES /* output pkcs7 envelopedData for external testing */ pkcs7File = fopen(testVectors[i].outFileName, "wb"); - if (!pkcs7File) + if (!pkcs7File) { + wc_PKCS7_Free(pkcs7); return -9219; + } ret = (int)fwrite(enveloped, 1, envelopedSz, pkcs7File); fclose(pkcs7File); if (ret != envelopedSz) { + wc_PKCS7_Free(pkcs7); return -9220; } #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; } #if !defined(HAVE_ECC) || defined(NO_AES) @@ -18313,7 +18324,7 @@ int pkcs7encrypted_test(void) int ret = 0; int i, testSz; int encryptedSz, decodedSz, attribIdx; - PKCS7 pkcs7; + PKCS7* pkcs7; byte encrypted[2048]; byte decoded[2048]; #ifdef PKCS7_OUTPUT_TEST_BUNDLES @@ -18437,55 +18448,65 @@ int pkcs7encrypted_test(void) testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector); for (i = 0; i < testSz; i++) { - ret = wc_PKCS7_Init(&pkcs7, HEAP_HINT, devId); - if (ret != 0) + pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); + if (pkcs7 == NULL) return -9400; - pkcs7.content = (byte*)testVectors[i].content; - pkcs7.contentSz = testVectors[i].contentSz; - pkcs7.contentOID = testVectors[i].contentOID; - pkcs7.encryptOID = testVectors[i].encryptOID; - pkcs7.encryptionKey = testVectors[i].encryptionKey; - pkcs7.encryptionKeySz = testVectors[i].encryptionKeySz; - pkcs7.unprotectedAttribs = testVectors[i].attribs; - pkcs7.unprotectedAttribsSz = testVectors[i].attribsSz; + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->encryptionKey = testVectors[i].encryptionKey; + pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz; + pkcs7->unprotectedAttribs = testVectors[i].attribs; + pkcs7->unprotectedAttribsSz = testVectors[i].attribsSz; /* encode encryptedData */ - encryptedSz = wc_PKCS7_EncodeEncryptedData(&pkcs7, encrypted, + encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, sizeof(encrypted)); - if (encryptedSz <= 0) + if (encryptedSz <= 0) { + wc_PKCS7_Free(pkcs7); return -9401; + } /* decode encryptedData */ - decodedSz = wc_PKCS7_DecodeEncryptedData(&pkcs7, encrypted, encryptedSz, + decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz, decoded, sizeof(decoded)); - if (decodedSz <= 0) + if (decodedSz <= 0){ + wc_PKCS7_Free(pkcs7); return -9402; + } /* test decode result */ - if (XMEMCMP(decoded, data, sizeof(data)) != 0) + if (XMEMCMP(decoded, data, sizeof(data)) != 0) { + wc_PKCS7_Free(pkcs7); return -9403; + } /* verify decoded unprotected attributes */ - if (pkcs7.decodedAttrib != NULL) { - decodedAttrib = pkcs7.decodedAttrib; + if (pkcs7->decodedAttrib != NULL) { + decodedAttrib = pkcs7->decodedAttrib; attribIdx = 1; while (decodedAttrib != NULL) { /* expected attribute, stored list is reversed */ - expectedAttrib = &(pkcs7.unprotectedAttribs - [pkcs7.unprotectedAttribsSz - attribIdx]); + expectedAttrib = &(pkcs7->unprotectedAttribs + [pkcs7->unprotectedAttribsSz - attribIdx]); /* verify oid */ if (XMEMCMP(decodedAttrib->oid, expectedAttrib->oid, - decodedAttrib->oidSz) != 0) + decodedAttrib->oidSz) != 0) { + wc_PKCS7_Free(pkcs7); return -9404; + } /* verify value */ if (XMEMCMP(decodedAttrib->value, expectedAttrib->value, - decodedAttrib->valueSz) != 0) + decodedAttrib->valueSz) != 0) { + wc_PKCS7_Free(pkcs7); return -9405; + } decodedAttrib = decodedAttrib->next; attribIdx++; @@ -18495,8 +18516,10 @@ int pkcs7encrypted_test(void) #ifdef PKCS7_OUTPUT_TEST_BUNDLES /* output pkcs7 envelopedData for external testing */ pkcs7File = fopen(testVectors[i].outFileName, "wb"); - if (!pkcs7File) + if (!pkcs7File) { + wc_PKCS7_Free(pkcs7); return -9406; + } ret = (int)fwrite(encrypted, encryptedSz, 1, pkcs7File); fclose(pkcs7File); @@ -18505,7 +18528,7 @@ int pkcs7encrypted_test(void) ret = 0; #endif - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); } return ret; @@ -18539,7 +18562,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, byte* out; word32 outSz; WC_RNG rng; - PKCS7 pkcs7; + PKCS7* pkcs7; #ifdef PKCS7_OUTPUT_TEST_BUNDLES FILE* file; #endif @@ -18679,26 +18702,30 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, } for (i = 0; i < testSz; i++) { + pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID); + if (pkcs7 == NULL) + return -9410; - pkcs7.heap = HEAP_HINT; - pkcs7.devId = INVALID_DEVID; - ret = wc_PKCS7_InitWithCert(&pkcs7, testVectors[i].cert, + pkcs7->heap = HEAP_HINT; + pkcs7->devId = INVALID_DEVID; + ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert, (word32)testVectors[i].certSz); if (ret != 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); return -9410; } - pkcs7.rng = &rng; - pkcs7.content = (byte*)testVectors[i].content; - pkcs7.contentSz = testVectors[i].contentSz; - pkcs7.hashOID = testVectors[i].hashOID; - pkcs7.encryptOID = testVectors[i].encryptOID; - pkcs7.privateKey = testVectors[i].privateKey; - pkcs7.privateKeySz = testVectors[i].privateKeySz; - pkcs7.signedAttribs = testVectors[i].signedAttribs; - pkcs7.signedAttribsSz = testVectors[i].signedAttribsSz; + pkcs7->rng = &rng; + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->hashOID = testVectors[i].hashOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->privateKey = testVectors[i].privateKey; + pkcs7->privateKeySz = testVectors[i].privateKeySz; + pkcs7->signedAttribs = testVectors[i].signedAttribs; + pkcs7->signedAttribsSz = testVectors[i].signedAttribsSz; /* generate senderNonce */ { @@ -18708,7 +18735,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ); if (ret != 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9411; } } @@ -18731,20 +18758,20 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); if (ret != 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9412; } - wc_ShaUpdate(&sha, pkcs7.publicKey, pkcs7.publicKeySz); + wc_ShaUpdate(&sha, pkcs7->publicKey, pkcs7->publicKeySz); wc_ShaFinal(&sha, digest); wc_ShaFree(&sha); #else ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId); if (ret != 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9413; } - wc_Sha256Update(&sha, pkcs7.publicKey, pkcs7.publicKeySz); + wc_Sha256Update(&sha, pkcs7->publicKey, pkcs7->publicKeySz); wc_Sha256Final(&sha, digest); wc_Sha256Free(&sha); #endif @@ -18754,10 +18781,10 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, } } - encodedSz = wc_PKCS7_EncodeSignedData(&pkcs7, out, outSz); + encodedSz = wc_PKCS7_EncodeSignedData(pkcs7, out, outSz); if (encodedSz < 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9414; } @@ -18766,35 +18793,38 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, file = fopen(testVectors[i].outFileName, "wb"); if (!file) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9415; } ret = (int)fwrite(out, 1, encodedSz, file); fclose(file); if (ret != (int)encodedSz) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9416; } #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ - wc_PKCS7_Free(&pkcs7); - wc_PKCS7_InitWithCert(&pkcs7, NULL, 0); + wc_PKCS7_Free(pkcs7); - ret = wc_PKCS7_VerifySignedData(&pkcs7, out, outSz); + pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID); + if (pkcs7 == NULL) + return -9410; + wc_PKCS7_InitWithCert(pkcs7, NULL, 0); + + ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz); if (ret < 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9417; } - if (pkcs7.singleCert == NULL || pkcs7.singleCertSz == 0) { + if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9418; } - { /* check getting signed attributes */ #ifndef NO_SHA @@ -18807,25 +18837,25 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, int bufSz = 0; if (testVectors[i].signedAttribs != NULL && - wc_PKCS7_GetAttributeValue(&pkcs7, oidPt, oidSz, + wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz, NULL, (word32*)&bufSz) != LENGTH_ONLY_E) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9419; } if (bufSz > (int)sizeof(buf)) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9420; } - bufSz = wc_PKCS7_GetAttributeValue(&pkcs7, oidPt, oidSz, + bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz, buf, (word32*)&bufSz); if ((testVectors[i].signedAttribs != NULL && bufSz < 0) || (testVectors[i].signedAttribs == NULL && bufSz > 0)) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9421; } } @@ -18834,14 +18864,14 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, file = fopen("./pkcs7cert.der", "wb"); if (!file) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9422; } - ret = (int)fwrite(pkcs7.singleCert, 1, pkcs7.singleCertSz, file); + ret = (int)fwrite(pkcs7->singleCert, 1, pkcs7->singleCertSz, file); fclose(file); #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); } XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index e17bf2eec..ccddc06e5 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -95,10 +95,13 @@ typedef struct PKCS7DecodedAttrib { } PKCS7DecodedAttrib; +/* Public Structure Warning: + * Existing members must not be changed to maintain backwards compatibility! + */ typedef struct PKCS7 { WC_RNG* rng; PKCS7Attrib* signedAttribs; - byte* content; /* inner content, not owner */ + byte* content; /* inner content, not owner */ byte* singleCert; /* recipient cert, DER, not owner */ byte* issuer; /* issuer name of singleCert */ byte* privateKey; /* private key, DER, not owner */ @@ -136,11 +139,17 @@ typedef struct PKCS7 { int devId; /* device ID for HW based private key */ byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */ byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */ - byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ ];/*MAX RSA key size (m + e)*/ + byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ]; /* MAX RSA key size (m + e)*/ word32 certSz[MAX_PKCS7_CERTS]; + + /* flags - up to 32-bits */ + word16 isDynamic:1; + + /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */ } PKCS7; +WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId); WOLFSSL_API int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId); WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz); WOLFSSL_API void wc_PKCS7_Free(PKCS7* pkcs7);