wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 02:37:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5075 from dgarske/cryptocb

Browse Source 
Fix for PKCS7 with Crypto Callbacks
This commit is contained in:
JacobBarthelmeh
2022-04-25 17:23:28 -06:00
committed by GitHub
parent 3ab5ccd04f 9cbf92df01
commit 1181081c38
3 changed files with 165 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
wolfcrypt/src/cryptocb.c
View File

@ -47,6 +47,124 @@ typedef struct CryptoCb {
} CryptoCb;
static WOLFSSL_GLOBAL CryptoCb gCryptoDev[MAX_CRYPTO_DEVID_CALLBACKS];
#ifdef DEBUG_CRYPTOCB
static const char* GetAlgoTypeStr(int algo)
{
switch (algo) { /* enum wc_AlgoType */
case WC_ALGO_TYPE_HASH: return "Hash";
case WC_ALGO_TYPE_CIPHER: return "Cipher";
case WC_ALGO_TYPE_PK: return "PK";
case WC_ALGO_TYPE_RNG: return "RNG";
case WC_ALGO_TYPE_SEED: return "Seed";
case WC_ALGO_TYPE_HMAC: return "HMAC";
}
return NULL;
}
static const char* GetPkTypeStr(int pk)
{
switch (pk) {
case WC_PK_TYPE_RSA: return "RSA";
case WC_PK_TYPE_DH: return "DH";
case WC_PK_TYPE_ECDH: return "ECDH";
case WC_PK_TYPE_ECDSA_SIGN: return "ECDSA-Sign";
case WC_PK_TYPE_ECDSA_VERIFY: return "ECDSA-Verify";
case WC_PK_TYPE_ED25519_SIGN: return "ED25519-Sign";
case WC_PK_TYPE_ED25519_VERIFY: return "ED25519-Verify";
case WC_PK_TYPE_CURVE25519: return "CURVE25519";
case WC_PK_TYPE_RSA_KEYGEN: return "RSA KeyGen";
case WC_PK_TYPE_EC_KEYGEN: return "ECC KeyGen";
}
return NULL;
}
static const char* GetCipherTypeStr(int cipher)
{
switch (cipher) {
case WC_CIPHER_AES: return "AES ECB";
case WC_CIPHER_AES_CBC: return "AES CBC";
case WC_CIPHER_AES_GCM: return "AES GCM";
case WC_CIPHER_AES_CTR: return "AES CTR";
case WC_CIPHER_AES_XTS: return "AES XTS";
case WC_CIPHER_AES_CFB: return "AES CFB";
case WC_CIPHER_DES3: return "DES3";
case WC_CIPHER_DES: return "DES";
case WC_CIPHER_CHACHA: return "ChaCha20";
}
return NULL;
}
static const char* GetHashTypeStr(int hash)
{
switch (hash) {
case WC_HASH_TYPE_MD2: return "MD2";
case WC_HASH_TYPE_MD4: return "MD4";
case WC_HASH_TYPE_MD5: return "MD5";
case WC_HASH_TYPE_SHA: return "SHA-1";
case WC_HASH_TYPE_SHA224: return "SHA-224";
case WC_HASH_TYPE_SHA256: return "SHA-256";
case WC_HASH_TYPE_SHA384: return "SHA-384";
case WC_HASH_TYPE_SHA512: return "SHA-512";
case WC_HASH_TYPE_MD5_SHA: return "MD5-SHA1";
case WC_HASH_TYPE_SHA3_224: return "SHA3-224";
case WC_HASH_TYPE_SHA3_256: return "SHA3-256";
case WC_HASH_TYPE_SHA3_384: return "SHA3-384";
case WC_HASH_TYPE_SHA3_512: return "SHA3-512";
case WC_HASH_TYPE_BLAKE2B: return "Blake2B";
case WC_HASH_TYPE_BLAKE2S: return "Blake2S";
}
return NULL;
}
#ifndef NO_RSA
static const char* GetRsaType(int type)
{
switch (type) {
case RSA_PUBLIC_ENCRYPT: return "Public Encrypt";
case RSA_PUBLIC_DECRYPT: return "Public Decrypt";
case RSA_PRIVATE_ENCRYPT: return "Private Encrypt";
case RSA_PRIVATE_DECRYPT: return "Private Decrypt";
}
return NULL;
}
#endif
WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info)
{
if (info == NULL)
return;
if (info->algo_type == WC_ALGO_TYPE_PK) {
#ifndef NO_RSA
if (info->pk.type == WC_PK_TYPE_RSA) {
printf("Crypto CB: %s %s (%d), %s, Len %d\n",
GetAlgoTypeStr(info->algo_type),
GetPkTypeStr(info->pk.type), info->pk.type,
GetRsaType(info->pk.rsa.type), info->pk.rsa.inLen);
}
else
#endif
{
printf("Crypto CB: %s %s (%d)\n", GetAlgoTypeStr(info->algo_type),
GetPkTypeStr(info->pk.type), info->pk.type);
}
}
else if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
printf("Crypto CB: %s %s (%d)\n", GetAlgoTypeStr(info->algo_type),
GetCipherTypeStr(info->cipher.type), info->cipher.type);
}
else if (info->algo_type == WC_ALGO_TYPE_HASH) {
printf("Crypto CB: %s %s (%d)\n", GetAlgoTypeStr(info->algo_type),
GetHashTypeStr(info->hash.type), info->hash.type);
}
else if (info->algo_type == WC_ALGO_TYPE_HMAC) {
printf("Crypto CB: %s %s (%d)\n", GetAlgoTypeStr(info->algo_type),
GetHashTypeStr(info->hmac.macType), info->hmac.macType);
}
else {
printf("CryptoCb: %s \n", GetAlgoTypeStr(info->algo_type));
}
}
#endif /* DEBUG_CRYPTOCB */
static CryptoCb* wc_CryptoCb_FindDevice(int devId)
{
int i;
@ -1130,4 +1248,5 @@ int wc_CryptoCb_DefaultDevID()
return ret;
}
#endif /* WOLF_CRYPTO_CB */

68
wolfcrypt/src/pkcs7.c
View File

@ -1762,30 +1762,38 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
idx = 0;
ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &idx, privKey,
pkcs7->privateKeySz);
/* If not using old FIPS or CAVP selftest, or not using FAST,
* or USER RSA, able to check RSA key. */
if (ret == 0) {
#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(HAVE_FAST_RSA) && \
!defined(HAVE_USER_RSA) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \
!defined(HAVE_SELFTEST) && !defined(HAVE_INTEL_QA)
#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_NO_RSA_KEY_CHECK)
/* verify imported private key is a valid key before using it */
ret = wc_CheckRsaKey(privKey);
if (ret != 0) {
WOLFSSL_MSG("Invalid RSA private key, check "
"pkcs7->privateKey");
}
#endif
#endif
}
#ifdef WOLF_CRYPTO_CB
else if (ret == ASN_PARSE_E && pkcs7->devId != INVALID_DEVID) {
/* if using crypto callbacks, try public key decode */
idx = 0;
ret = wc_RsaPublicKeyDecode(pkcs7->privateKey, &idx, privKey,
pkcs7->privateKeySz);
}
#endif
}
else if (pkcs7->devId == INVALID_DEVID) {
ret = BAD_FUNC_ARG;
}
}
/* If not using old FIPS or CAVP selftest, or not using FAST,
or USER RSA, able to check RSA key. */
#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(HAVE_FAST_RSA) && \
!defined(HAVE_USER_RSA) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \
!defined(HAVE_SELFTEST) && !defined(HAVE_INTEL_QA)
#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_NO_RSA_KEY_CHECK)
/* verify imported private key is a valid key before using it */
if (ret == 0) {
ret = wc_CheckRsaKey(privKey);
if (ret != 0) {
WOLFSSL_MSG("Invalid RSA private key, check pkcs7->privateKey");
}
}
#endif
#endif
if (ret == 0) {
#ifdef WOLFSSL_ASYNC_CRYPT
do {
@ -1844,20 +1852,28 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
idx = 0;
ret = wc_EccPrivateKeyDecode(pkcs7->privateKey, &idx, privKey,
pkcs7->privateKeySz);
/* verify imported private key is a valid key before using it */
if (ret == 0) {
ret = wc_ecc_check_key(privKey);
if (ret != 0) {
WOLFSSL_MSG("Invalid ECC private key, check "
"pkcs7->privateKey");
}
}
#ifdef WOLF_CRYPTO_CB
else if (ret == ASN_PARSE_E && pkcs7->devId != INVALID_DEVID) {
/* if using crypto callbacks, try public key decode */
idx = 0;
ret = wc_EccPublicKeyDecode(pkcs7->privateKey, &idx, privKey,
pkcs7->privateKeySz);
}
#endif
}
else if (pkcs7->devId == INVALID_DEVID) {
ret = BAD_FUNC_ARG;
}
}
/* verify imported private key is a valid key before using it */
if (ret == 0) {
ret = wc_ecc_check_key(privKey);
if (ret != 0) {
WOLFSSL_MSG("Invalid ECC private key, check pkcs7->privateKey");
}
}
if (ret == 0) {
outSz = sizeof(esd->encContentDigest);
#ifdef WOLFSSL_ASYNC_CRYPT

4
wolfssl/wolfcrypt/cryptocb.h
View File

@ -358,6 +358,10 @@ WOLFSSL_API int wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb,
WOLFSSL_API void wc_CryptoCb_UnRegisterDevice(int devId);
WOLFSSL_API int wc_CryptoCb_DefaultDevID(void);
#ifdef DEBUG_CRYPTOCB
WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info);
#endif
/* old function names */
#define wc_CryptoDev_RegisterDevice wc_CryptoCb_RegisterDevice
#define wc_CryptoDev_UnRegisterDevice wc_CryptoCb_UnRegisterDevice