diff --git a/doc/dox_comments/header_files/pkcs7.h b/doc/dox_comments/header_files/pkcs7.h index d5e0cea40..01e161649 100644 --- a/doc/dox_comments/header_files/pkcs7.h +++ b/doc/dox_comments/header_files/pkcs7.h @@ -573,6 +573,13 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, type, decoding the message into output. It uses the private key of the PKCS7 object passed in to decrypt the message. + Note that if the EnvelopedData is encrypted using an ECC key and the + KeyAgreementRecipientInfo structure, then either the HAVE_AES_KEYWRAP + build option should be enabled to enable the wolfcrypt built-in AES key + wrap/unwrap functionality, or a custom AES key wrap/unwrap callback should + be set with wc_PKCS7_SetAESKeyWrapUnwrapCb(). If neither of these is true, + decryption will fail. + \return On successfully extracting the information from the message, returns the bytes written to output \return BAD_FUNC_ARG Returned if one of the input parameters is invalid diff --git a/tests/api.c b/tests/api.c index f37b03d90..9812c296a 100644 --- a/tests/api.c +++ b/tests/api.c @@ -17487,7 +17487,7 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void) #if defined(HAVE_PKCS7) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \ - defined(WOLFSSL_AES_256) + defined(WOLFSSL_AES_256) && defined(HAVE_AES_KEYWRAP) static const byte defKey[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, @@ -17496,6 +17496,7 @@ static const byte defKey[] = { }; static byte aesHandle[32]; /* simulated hardware key handle */ + /* return 0 on success */ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz, byte* aad, word32 aadSz, byte* authTag, word32 authTagSz, @@ -17585,7 +17586,8 @@ static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId, return BAD_KEYWRAP_ALG_E; }; } -#endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 */ +#endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 && + HAVE_AES_KEYWRAP */ #if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER) @@ -17691,8 +17693,10 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) #ifdef ECC_TIMING_RESISTANT WC_RNG rng; #endif +#ifdef HAVE_AES_KEYWRAP word32 tempWrd32 = 0; byte* tmpBytePtr = NULL; +#endif const char input[] = "Test data to encode."; int i; int testSz = 0; @@ -17842,7 +17846,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, #endif /* NO_DES3 */ - #if !defined(NO_AES) && defined(HAVE_AES_CBC) + #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP) #ifdef WOLFSSL_AES_128 {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, @@ -17859,7 +17863,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) #endif /* NO_RSA */ #if defined(HAVE_ECC) - #if !defined(NO_AES) && defined(HAVE_AES_CBC) + #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb, AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme, @@ -17875,7 +17879,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) AES256CBCb, AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, eccPrivKeySz}, #endif - #endif /* NO_AES && HAVE_AES_CBC*/ + #endif /* NO_AES && HAVE_AES_CBC && HAVE_AES_KEYWRAP */ #endif /* END HAVE_ECC */ }; /* END pkcs7EnvelopedVector */ @@ -18031,7 +18035,8 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded, (word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/ -#if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC) +#if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \ + defined(HAVE_AES_KEYWRAP) /* only a failure for KARI test cases */ if (pkcs7 != NULL) { tempWrd32 = pkcs7->singleCertSz; @@ -18069,11 +18074,11 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) pkcs7->singleCert = tmpBytePtr; } #endif +#ifdef HAVE_AES_KEYWRAP if (pkcs7 != NULL) { tempWrd32 = pkcs7->privateKeySz; pkcs7->privateKeySz = 0; } - ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, (word32)sizeof(output), decoded, (word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); @@ -18089,11 +18094,13 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) if (pkcs7 != NULL) { pkcs7->privateKey = tmpBytePtr; } +#endif wc_PKCS7_Free(pkcs7); pkcs7 = NULL; -#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \ + defined(HAVE_AES_KEYWRAP) /* test of decrypt callback with KEKRI enveloped data */ { int envelopedSz = 0; @@ -18124,7 +18131,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) wc_PKCS7_Free(pkcs7); pkcs7 = NULL; } -#endif /* !NO_AES && WOLFSSL_AES_256 */ +#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 && HAVE_AES_KEYWRAP */ #ifndef NO_RSA XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 810c7c84d..424942b75 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -6843,8 +6843,12 @@ static int wc_PKCS7_KeyWrap(const wc_PKCS7 * pkcs7, const byte * cek, out, outSz); } else { + #ifdef HAVE_AES_KEYWRAP ret = wc_AesKeyWrap(kek, kekSz, cek, cekSz, out, outSz, NULL); + #else + ret = NOT_COMPILED_IN; + #endif } } else if (direction == AES_DECRYPTION) { @@ -6853,8 +6857,12 @@ static int wc_PKCS7_KeyWrap(const wc_PKCS7 * pkcs7, const byte * cek, out, outSz); } else { + #ifdef HAVE_AES_KEYWRAP ret = wc_AesKeyUnWrap(kek, kekSz, cek, cekSz, out, outSz, NULL); + #else + ret = NOT_COMPILED_IN; + #endif } } else { WOLFSSL_MSG("Bad key un/wrap direction"); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index c05cb23cd..c2f79acc6 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -52135,14 +52135,14 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, }; #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \ - defined(HAVE_ECC) && defined(WOLFSSL_SHA512) + defined(HAVE_ECC) && defined(WOLFSSL_SHA512) && defined(HAVE_AES_KEYWRAP) byte optionalUkm[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }; #endif /* !NO_AES */ #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ - !defined(NO_SHA) + !defined(NO_SHA) && defined(HAVE_AES_KEYWRAP) /* encryption key for kekri recipient types */ WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, @@ -52156,7 +52156,8 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, #endif #if !defined(NO_PWDBASED) && !defined(NO_SHA) && \ - !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) + !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_AES_KEYWRAP) #ifndef HAVE_FIPS WOLFSSL_SMALL_STACK_STATIC const char password[] = "password"; /* NOTE: Password is too short for FIPS */ @@ -52203,7 +52204,7 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, "pkcs7envelopedDataDES3.der"); #endif - #if !defined(NO_AES) && defined(HAVE_AES_CBC) + #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP) #ifdef WOLFSSL_AES_128 ADD_PKCS7ENVELOPEDVECTOR( data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz, @@ -52239,11 +52240,11 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_IANDS.der"); #endif - #endif /* !NO_AES && HAVE_AES_CBC */ + #endif /* !NO_AES && HAVE_AES_CBC && HAVE_AES_KEYWRAP */ #endif /* key agreement key encryption technique*/ -#ifdef HAVE_ECC +#if defined(HAVE_ECC) && defined(HAVE_AES_KEYWRAP) #if !defined(NO_AES) && defined(HAVE_AES_CBC) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) ADD_PKCS7ENVELOPEDVECTOR( @@ -52283,7 +52284,7 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, #endif /* kekri (KEKRecipientInfo) recipient types */ -#if !defined(NO_AES) && defined(HAVE_AES_CBC) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) ADD_PKCS7ENVELOPEDVECTOR( data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, 0, @@ -52292,11 +52293,12 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, "pkcs7envelopedDataAES128CBC_KEKRI.der"); #endif -#endif /* !NO_AES && HAVE_AES_CBC */ +#endif /* !NO_AES && HAVE_AES_CBC && HAVE_AES_KEYWRAP */ /* pwri (PasswordRecipientInfo) recipient types */ #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AES_CBC) - #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) + #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_AES_KEYWRAP) ADD_PKCS7ENVELOPEDVECTOR( data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, @@ -52306,7 +52308,8 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, #endif #endif -#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_AES_KEYWRAP) /* ori (OtherRecipientInfo) recipient types */ ADD_PKCS7ENVELOPEDVECTOR( data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0, @@ -52752,7 +52755,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer }; byte senderNonce[PKCS7_NONCE_SZ + 2]; #ifdef HAVE_ECC - #if !defined(NO_AES) && defined(HAVE_AESGCM) + #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP) #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256) WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] = { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, @@ -52768,13 +52771,14 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer #endif #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \ - defined(WOLFSSL_SHA512) && defined(HAVE_AESGCM) + defined(WOLFSSL_SHA512) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP) WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }; #endif /* !NO_AES */ -#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) +#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_AES_KEYWRAP) /* encryption key for kekri recipient types */ WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, @@ -52788,7 +52792,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer #endif #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ - !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) + !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_AES_KEYWRAP) #ifndef HAVE_FIPS WOLFSSL_SMALL_STACK_STATIC const char password[] = "password"; @@ -52826,7 +52831,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer { /* key transport key encryption technique */ #ifndef NO_RSA - #if !defined(NO_AES) && defined(HAVE_AESGCM) + #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP) #ifdef WOLFSSL_AES_128 ADD_PKCS7AUTHENVELOPEDVECTOR( data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, rsaCert, rsaCertSz, @@ -52876,12 +52881,12 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer (void)rsaCertSz; (void)rsaPrivKey; (void)rsaPrivKeySz; - #endif /* !NO_AES && !HAVE_AESGCM */ + #endif /* !NO_AES && !HAVE_AESGCM && HAVE_AES_KEYWRAP */ #endif /* key agreement key encryption technique*/ #ifdef HAVE_ECC - #if !defined(NO_AES) && defined(HAVE_AESGCM) + #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) ADD_PKCS7AUTHENVELOPEDVECTOR( data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, @@ -52958,11 +52963,11 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer 0, 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der"); #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */ - #endif /* !NO_AES && HAVE_AESGCM */ + #endif /* !NO_AES && HAVE_AESGCM && HAVE_AES_KEYWRAP */ #endif /* kekri (KEKRecipientInfo) recipient types */ -#if !defined(NO_AES) && defined(HAVE_AESGCM) +#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) ADD_PKCS7AUTHENVELOPEDVECTOR( data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, 0, @@ -52974,7 +52979,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer #endif /* pwri (PasswordRecipientInfo) recipient types */ -#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) +#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ + defined(HAVE_AES_KEYWRAP) #if !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) ADD_PKCS7AUTHENVELOPEDVECTOR( data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, @@ -52985,7 +52991,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer #endif #endif -#if !defined(NO_AES) && defined(HAVE_AESGCM) +#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP) #ifdef WOLFSSL_AES_128 /* ori (OtherRecipientInfo) recipient types */ ADD_PKCS7AUTHENVELOPEDVECTOR( @@ -53271,7 +53277,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer (void)eccCertSz; (void)eccPrivKey; (void)eccPrivKeySz; -#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) +#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_AES_KEYWRAP) (void)secretKey; (void)secretKeyId; #endif @@ -53381,7 +53388,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7authenveloped_test(void) #endif /* HAVE_AESGCM || HAVE_AESCCM */ -#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \ + defined(HAVE_AES_KEYWRAP) static const byte p7DefKey[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, @@ -53813,7 +53821,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 cert return ret; } -#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 */ +#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 && HAVE_AES_KEYWRAP */ #ifndef NO_PKCS7_ENCRYPTED_DATA @@ -55417,7 +55425,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7signed_test(void) eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz); #if !defined(NO_RSA) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \ - defined(WOLFSSL_AES_256) + defined(WOLFSSL_AES_256) && defined(HAVE_AES_KEYWRAP) if (ret >= 0) ret = pkcs7callback_test( rsaClientCertBuf, (word32)rsaClientCertBufSz, diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index c1d386b12..8fb193836 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -3416,9 +3416,6 @@ extern void uITRON4_free(void *p) ; #if defined(NO_AES) && defined(NO_DES3) #error PKCS7 needs either AES or 3DES enabled, please enable one #endif - #ifndef HAVE_AES_KEYWRAP - #error PKCS7 requires AES key wrap please define HAVE_AES_KEYWRAP - #endif #if defined(HAVE_ECC) && !defined(HAVE_X963_KDF) #error PKCS7 requires X963 KDF please define HAVE_X963_KDF #endif