wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2855 from JacobBarthelmeh/PKCS12

Browse Source 
maintenance to PKCS12 create for outputting encrypted bundles
This commit is contained in:
toddouska
2020-03-26 10:41:04 -07:00
committed by GitHub
parent 1bc2ecff6a 2116c20f5d
commit 16fa1a4747
3 changed files with 562 additions and 475 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
tests/api.c
View File

@@ -4550,6 +4550,7 @@ static void test_wolfSSL_PKCS12(void)
d2i_PKCS12_bio(bio, &pkcs12);
AssertNotNull(pkcs12);
BIO_free(bio);
/* check verify MAC fail case */
ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL);
@@ -4631,6 +4632,13 @@ static void test_wolfSSL_PKCS12(void)
X509_free(cert);
sk_X509_free(ca);
/* convert to DER then back and parse */
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(i2d_PKCS12_bio(bio, pkcs12_2), SSL_SUCCESS);
PKCS12_free(pkcs12_2);
AssertNotNull(pkcs12_2 = d2i_PKCS12_bio(bio, NULL));
BIO_free(bio);
AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
SSL_SUCCESS);
@@ -4661,7 +4669,6 @@ static void test_wolfSSL_PKCS12(void)
EVP_PKEY_free(pkey);
X509_free(cert);
BIO_free(bio);
PKCS12_free(pkcs12);
PKCS12_free(pkcs12_2);
sk_X509_free(ca);

154
wolfcrypt/src/asn.c
View File

@@ -3426,7 +3426,8 @@ int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz,
/* check key type and get OID if ECC */
if ((ret = wc_GetKeyOID(key, keySz, &curveOID, &oidSz, &algoID, heap))< 0) {
return ret;
WOLFSSL_MSG("Error getting key OID");
return ret;
}
/* PKCS#8 wrapping around key */
@@ -3972,6 +3973,9 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,
* heap possible heap hint for mallocs/frees
*
* returns the total size of encrypted content on success.
*
* data returned is :
* [ seq - obj [ seq -salt,itt]] , construct with encrypted data
*/
int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
const char* password, int passwordSz, int vPKCS, int vAlgo,
@@ -3982,6 +3986,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
word32 tmpIdx = 0;
word32 totalSz = 0;
word32 seqSz;
word32 innerSz;
int ret;
int version, id, blockSz = 0;
#ifdef WOLFSSL_SMALL_STACK
@@ -3991,6 +3996,11 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
byte saltTmp[MAX_SALT_SIZE];
byte cbcIv[MAX_IV_SIZE];
#endif
byte seq[MAX_SEQ_SZ];
byte shr[MAX_SHORT_SZ];
word32 maxShr = MAX_SHORT_SZ;
word32 algoSz;
const byte* algoName;
(void)heap;
@@ -4011,58 +4021,51 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
return BAD_FUNC_ARG;
}
/* calculate size */
/* size of constructed string at end */
sz = Pkcs8Pad(NULL, inputSz, blockSz);
totalSz = ASN_TAG_SZ;
totalSz += SetLength(sz, seq);
totalSz += sz;
/* size of sequence holding object id and sub sequence of salt and itt */
algoName = OidFromId(id, oidPBEType, &algoSz);
if (algoName == NULL) {
WOLFSSL_MSG("Unknown Algorithm");
return 0;
}
innerSz = SetObjectId(algoSz, seq);
innerSz += algoSz;
/* get subsequence of salt and itt */
if (salt == NULL || saltSz == 0) {
sz = 8;
}
else {
sz = saltSz;
}
seqSz = SetOctetString(sz, seq);
seqSz += sz;
tmpIdx = 0;
seqSz += SetShortInt(shr, &tmpIdx, itt, maxShr);
innerSz += seqSz + SetSequence(seqSz, seq);
totalSz += innerSz + SetSequence(innerSz, seq);
if (out == NULL) {
sz = inputSz;
switch (id) {
#if !defined(NO_DES3) && (!defined(NO_MD5) || !defined(NO_SHA))
case PBE_MD5_DES:
case PBE_SHA1_DES:
case PBE_SHA1_DES3:
/* set to block size of 8 for DES operations. This rounds up
* to the nearest multiple of 8 */
sz &= 0xfffffff8;
sz += 8;
break;
#endif /* !NO_DES3 && (!NO_MD5 || !NO_SHA) */
#if !defined(NO_RC4) && !defined(NO_SHA)
case PBE_SHA1_RC4_128:
break;
#endif
case -1:
break;
default:
return ALGO_ID_E;
}
if (saltSz == 0) {
sz += MAX_SALT_SIZE;
}
else {
sz += saltSz;
}
/* add 2 for tags */
totalSz = sz + MAX_ALGO_SZ + MAX_SEQ_SZ + MAX_LENGTH_SZ +
MAX_LENGTH_SZ + MAX_LENGTH_SZ + MAX_SHORT_SZ + 2;
/* adjust size to pad */
totalSz = Pkcs8Pad(NULL, totalSz, blockSz);
/* return result */
*outSz = totalSz;
return LENGTH_ONLY_E;
}
if (inOutIdx + MAX_ALGO_SZ + MAX_SEQ_SZ + 1 > *outSz)
inOutIdx = 0;
if (totalSz > *outSz)
return BUFFER_E;
sz = SetAlgoID(id, out + inOutIdx, oidPBEType, 0);
inOutIdx += sz; totalSz += sz;
tmpIdx = inOutIdx;
tmpIdx += MAX_SEQ_SZ; /* save room for salt and itter sequence */
out[tmpIdx++] = ASN_OCTET_STRING;
inOutIdx += SetSequence(innerSz, out + inOutIdx);
inOutIdx += SetObjectId(algoSz, out + inOutIdx);
XMEMCPY(out + inOutIdx, algoName, algoSz);
inOutIdx += algoSz;
inOutIdx += SetSequence(seqSz, out + inOutIdx);
/* create random salt if one not provided */
if (salt == NULL || saltSz == 0) {
@@ -4082,22 +4085,18 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
return ret;
}
}
if (tmpIdx + MAX_LENGTH_SZ + saltSz + MAX_SHORT_SZ > *outSz) {
inOutIdx += SetOctetString(saltSz, out + inOutIdx);
if (saltSz + inOutIdx > *outSz) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return BUFFER_E;
}
sz = SetLength(saltSz, out + tmpIdx);
tmpIdx += sz;
XMEMCPY(out + tmpIdx, salt, saltSz);
tmpIdx += saltSz;
XMEMCPY(out + inOutIdx, salt, saltSz);
inOutIdx += saltSz;
/* place iteration setting in buffer */
ret = SetShortInt(out, &tmpIdx, itt, *outSz);
ret = SetShortInt(out, &inOutIdx, itt, *outSz);
if (ret < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -4105,13 +4104,27 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
return ret;
}
/* rewind and place sequence */
sz = tmpIdx - inOutIdx - MAX_SEQ_SZ;
seqSz = SetSequence(sz, out + inOutIdx);
XMEMMOVE(out + inOutIdx + seqSz, out + inOutIdx + MAX_SEQ_SZ, sz);
inOutIdx += seqSz; totalSz += seqSz;
inOutIdx += sz; totalSz += sz;
if (inOutIdx + 1 > *outSz) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return BUFFER_E;
}
out[inOutIdx++] = ASN_CONTEXT_SPECIFIC | 0;
/* get pad size and verify buffer room */
sz = Pkcs8Pad(NULL, inputSz, blockSz);
if (sz + inOutIdx > *outSz) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return BUFFER_E;
}
inOutIdx += SetLength(sz, out + inOutIdx);
/* copy input to output buffer and pad end */
XMEMCPY(out + inOutIdx, input, inputSz);
sz = Pkcs8Pad(out + inOutIdx, inputSz, blockSz);
#ifdef WOLFSSL_SMALL_STACK
cbcIv = (byte*)XMALLOC(MAX_IV_SIZE, heap, DYNAMIC_TYPE_TMP_BUFFER);
if (cbcIv == NULL) {
@@ -4120,23 +4133,6 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
}
#endif
if (inOutIdx + 1 + MAX_LENGTH_SZ + inputSz > *outSz)
return BUFFER_E;
out[inOutIdx++] = ASN_CONTEXT_SPECIFIC | 0; totalSz++;
sz = SetLength(inputSz, out + inOutIdx);
inOutIdx += sz; totalSz += sz;
/* get pad size and verify buffer room */
sz = Pkcs8Pad(NULL, inputSz, blockSz);
if (sz + inOutIdx > *outSz)
return BUFFER_E;
/* copy input to output buffer and pad end */
XMEMCPY(out + inOutIdx, input, inputSz);
sz = Pkcs8Pad(out + inOutIdx, inputSz, blockSz);
totalSz += sz;
/* encrypt */
if ((ret = wc_CryptKey(password, passwordSz, salt, saltSz, itt, id,
out + inOutIdx, sz, version, cbcIv, 1, 0)) < 0) {
@@ -4155,7 +4151,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
(void)rng;
return totalSz;
return inOutIdx + sz;
}

874
wolfcrypt/src/pkcs12.c
View File

File diff suppressed because it is too large Load Diff