wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 12:44:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9032 from holtrop/allow-pkcs7-without-aes-keywrap

Browse Source 
Allow building with HAVE_PKCS7 set and HAVE_AES_KEYWRAP unset
This commit is contained in:
JacobBarthelmeh
2025-07-29 09:44:07 -06:00
committed by GitHub
parent cc2f7927ec 26a4ea93eb
commit 26f4c968df
5 changed files with 64 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
doc/dox_comments/header_files/pkcs7.h
View File

@@ -573,6 +573,13 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
type, decoding the message into output. It uses the private key of the type, decoding the message into output. It uses the private key of the
PKCS7 object passed in to decrypt the message. PKCS7 object passed in to decrypt the message.
Note that if the EnvelopedData is encrypted using an ECC key and the
KeyAgreementRecipientInfo structure, then either the HAVE_AES_KEYWRAP
build option should be enabled to enable the wolfcrypt built-in AES key
wrap/unwrap functionality, or a custom AES key wrap/unwrap callback should
be set with wc_PKCS7_SetAESKeyWrapUnwrapCb(). If neither of these is true,
decryption will fail.
\return On successfully extracting the information from the message, \return On successfully extracting the information from the message,
returns the bytes written to output returns the bytes written to output
\return BAD_FUNC_ARG Returned if one of the input parameters is invalid \return BAD_FUNC_ARG Returned if one of the input parameters is invalid

25
tests/api.c
View File

@@ -17487,7 +17487,7 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
#if defined(HAVE_PKCS7) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \ #if defined(HAVE_PKCS7) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_AES_256) defined(WOLFSSL_AES_256) && defined(HAVE_AES_KEYWRAP)
static const byte defKey[] = { static const byte defKey[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
@@ -17496,6 +17496,7 @@ static const byte defKey[] = {
}; };
static byte aesHandle[32]; /* simulated hardware key handle */ static byte aesHandle[32]; /* simulated hardware key handle */
/* return 0 on success */ /* return 0 on success */
static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz, static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
byte* aad, word32 aadSz, byte* authTag, word32 authTagSz, byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
@@ -17585,7 +17586,8 @@ static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
return BAD_KEYWRAP_ALG_E; return BAD_KEYWRAP_ALG_E;
}; };
} }
#endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 */ #endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 &&
HAVE_AES_KEYWRAP */
#if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER) #if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER)
@@ -17691,8 +17693,10 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
#ifdef ECC_TIMING_RESISTANT #ifdef ECC_TIMING_RESISTANT
WC_RNG rng; WC_RNG rng;
#endif #endif
#ifdef HAVE_AES_KEYWRAP
word32 tempWrd32 = 0; word32 tempWrd32 = 0;
byte* tmpBytePtr = NULL; byte* tmpBytePtr = NULL;
#endif
const char input[] = "Test data to encode."; const char input[] = "Test data to encode.";
int i; int i;
int testSz = 0; int testSz = 0;
@@ -17842,7 +17846,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0, {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0,
rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
#endif /* NO_DES3 */ #endif /* NO_DES3 */
#if !defined(NO_AES) && defined(HAVE_AES_CBC) #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP)
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb, {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
@@ -17859,7 +17863,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
#endif /* NO_RSA */ #endif /* NO_RSA */
#if defined(HAVE_ECC) #if defined(HAVE_ECC)
#if !defined(NO_AES) && defined(HAVE_AES_CBC) #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA,
AES128CBCb, AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme, AES128CBCb, AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme,
@@ -17875,7 +17879,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
AES256CBCb, AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme, AES256CBCb, AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme,
eccCert, eccCertSz, eccPrivKey, eccPrivKeySz}, eccCert, eccCertSz, eccPrivKey, eccPrivKeySz},
#endif #endif
#endif /* NO_AES && HAVE_AES_CBC*/ #endif /* NO_AES && HAVE_AES_CBC && HAVE_AES_KEYWRAP */
#endif /* END HAVE_ECC */ #endif /* END HAVE_ECC */
}; /* END pkcs7EnvelopedVector */ }; /* END pkcs7EnvelopedVector */
@@ -18031,7 +18035,8 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded, ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded,
(word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); (word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
/* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/ /* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/
#if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC) #if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \
defined(HAVE_AES_KEYWRAP)
/* only a failure for KARI test cases */ /* only a failure for KARI test cases */
if (pkcs7 != NULL) { if (pkcs7 != NULL) {
tempWrd32 = pkcs7->singleCertSz; tempWrd32 = pkcs7->singleCertSz;
@@ -18069,11 +18074,11 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
pkcs7->singleCert = tmpBytePtr; pkcs7->singleCert = tmpBytePtr;
} }
#endif #endif
#ifdef HAVE_AES_KEYWRAP
if (pkcs7 != NULL) { if (pkcs7 != NULL) {
tempWrd32 = pkcs7->privateKeySz; tempWrd32 = pkcs7->privateKeySz;
pkcs7->privateKeySz = 0; pkcs7->privateKeySz = 0;
} }
ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
WC_NO_ERR_TRACE(BAD_FUNC_ARG)); WC_NO_ERR_TRACE(BAD_FUNC_ARG));
@@ -18089,11 +18094,13 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
if (pkcs7 != NULL) { if (pkcs7 != NULL) {
pkcs7->privateKey = tmpBytePtr; pkcs7->privateKey = tmpBytePtr;
} }
#endif
wc_PKCS7_Free(pkcs7); wc_PKCS7_Free(pkcs7);
pkcs7 = NULL; pkcs7 = NULL;
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \
defined(HAVE_AES_KEYWRAP)
/* test of decrypt callback with KEKRI enveloped data */ /* test of decrypt callback with KEKRI enveloped data */
{ {
int envelopedSz = 0; int envelopedSz = 0;
@@ -18124,7 +18131,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
wc_PKCS7_Free(pkcs7); wc_PKCS7_Free(pkcs7);
pkcs7 = NULL; pkcs7 = NULL;
} }
#endif /* !NO_AES && WOLFSSL_AES_256 */ #endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 && HAVE_AES_KEYWRAP */
#ifndef NO_RSA #ifndef NO_RSA
XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);

8
wolfcrypt/src/pkcs7.c
View File

@@ -6843,8 +6843,12 @@ static int wc_PKCS7_KeyWrap(const wc_PKCS7 * pkcs7, const byte * cek,
out, outSz); out, outSz);
} }
else { else {
#ifdef HAVE_AES_KEYWRAP
ret = wc_AesKeyWrap(kek, kekSz, cek, cekSz, ret = wc_AesKeyWrap(kek, kekSz, cek, cekSz,
out, outSz, NULL); out, outSz, NULL);
#else
ret = NOT_COMPILED_IN;
#endif
} }
} else if (direction == AES_DECRYPTION) { } else if (direction == AES_DECRYPTION) {
@@ -6853,8 +6857,12 @@ static int wc_PKCS7_KeyWrap(const wc_PKCS7 * pkcs7, const byte * cek,
out, outSz); out, outSz);
} }
else { else {
#ifdef HAVE_AES_KEYWRAP
ret = wc_AesKeyUnWrap(kek, kekSz, cek, cekSz, ret = wc_AesKeyUnWrap(kek, kekSz, cek, cekSz,
out, outSz, NULL); out, outSz, NULL);
#else
ret = NOT_COMPILED_IN;
#endif
} }
} else { } else {
WOLFSSL_MSG("Bad key un/wrap direction"); WOLFSSL_MSG("Bad key un/wrap direction");

58
wolfcrypt/test/test.c
View File

@@ -52135,14 +52135,14 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
}; };
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \ #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \
defined(HAVE_ECC) && defined(WOLFSSL_SHA512) defined(HAVE_ECC) && defined(WOLFSSL_SHA512) && defined(HAVE_AES_KEYWRAP)
byte optionalUkm[] = { byte optionalUkm[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
}; };
#endif /* !NO_AES */ #endif /* !NO_AES */
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
!defined(NO_SHA) !defined(NO_SHA) && defined(HAVE_AES_KEYWRAP)
/* encryption key for kekri recipient types */ /* encryption key for kekri recipient types */
WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = { WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
@@ -52156,7 +52156,8 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
#endif #endif
#if !defined(NO_PWDBASED) && !defined(NO_SHA) && \ #if !defined(NO_PWDBASED) && !defined(NO_SHA) && \
!defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
defined(HAVE_AES_KEYWRAP)
#ifndef HAVE_FIPS #ifndef HAVE_FIPS
WOLFSSL_SMALL_STACK_STATIC const char password[] = "password"; /* NOTE: Password is too short for FIPS */ WOLFSSL_SMALL_STACK_STATIC const char password[] = "password"; /* NOTE: Password is too short for FIPS */
@@ -52203,7 +52204,7 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
"pkcs7envelopedDataDES3.der"); "pkcs7envelopedDataDES3.der");
#endif #endif
#if !defined(NO_AES) && defined(HAVE_AES_CBC) #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP)
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
ADD_PKCS7ENVELOPEDVECTOR( ADD_PKCS7ENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz, data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz,
@@ -52239,11 +52240,11 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0,
0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_IANDS.der"); 0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_IANDS.der");
#endif #endif
#endif /* !NO_AES && HAVE_AES_CBC */ #endif /* !NO_AES && HAVE_AES_CBC && HAVE_AES_KEYWRAP */
#endif #endif
/* key agreement key encryption technique*/ /* key agreement key encryption technique*/
#ifdef HAVE_ECC #if defined(HAVE_ECC) && defined(HAVE_AES_KEYWRAP)
#if !defined(NO_AES) && defined(HAVE_AES_CBC) #if !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
ADD_PKCS7ENVELOPEDVECTOR( ADD_PKCS7ENVELOPEDVECTOR(
@@ -52283,7 +52284,7 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
#endif #endif
/* kekri (KEKRecipientInfo) recipient types */ /* kekri (KEKRecipientInfo) recipient types */
#if !defined(NO_AES) && defined(HAVE_AES_CBC) #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
ADD_PKCS7ENVELOPEDVECTOR( ADD_PKCS7ENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, 0, data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, 0,
@@ -52292,11 +52293,12 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
"pkcs7envelopedDataAES128CBC_KEKRI.der"); "pkcs7envelopedDataAES128CBC_KEKRI.der");
#endif #endif
#endif /* !NO_AES && HAVE_AES_CBC */ #endif /* !NO_AES && HAVE_AES_CBC && HAVE_AES_KEYWRAP */
/* pwri (PasswordRecipientInfo) recipient types */ /* pwri (PasswordRecipientInfo) recipient types */
#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AES_CBC) #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) && \
defined(HAVE_AES_KEYWRAP)
ADD_PKCS7ENVELOPEDVECTOR( ADD_PKCS7ENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0,
NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
@@ -52306,7 +52308,8 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
#endif #endif
#endif #endif
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
defined(HAVE_AES_KEYWRAP)
/* ori (OtherRecipientInfo) recipient types */ /* ori (OtherRecipientInfo) recipient types */
ADD_PKCS7ENVELOPEDVECTOR( ADD_PKCS7ENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0, data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0,
@@ -52752,7 +52755,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
}; };
byte senderNonce[PKCS7_NONCE_SZ + 2]; byte senderNonce[PKCS7_NONCE_SZ + 2];
#ifdef HAVE_ECC #ifdef HAVE_ECC
#if !defined(NO_AES) && defined(HAVE_AESGCM) #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP)
#if !defined(NO_SHA256) && defined(WOLFSSL_AES_256) #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] = WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
@@ -52768,13 +52771,14 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
#endif #endif
#if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \ #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \
defined(WOLFSSL_SHA512) && defined(HAVE_AESGCM) defined(WOLFSSL_SHA512) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP)
WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = { WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
}; };
#endif /* !NO_AES */ #endif /* !NO_AES */
#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) #if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) && \
defined(HAVE_AES_KEYWRAP)
/* encryption key for kekri recipient types */ /* encryption key for kekri recipient types */
WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = { WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
@@ -52788,7 +52792,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
#endif #endif
#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
!defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
defined(HAVE_AES_KEYWRAP)
#ifndef HAVE_FIPS #ifndef HAVE_FIPS
WOLFSSL_SMALL_STACK_STATIC const char password[] = "password"; WOLFSSL_SMALL_STACK_STATIC const char password[] = "password";
@@ -52826,7 +52831,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
{ {
/* key transport key encryption technique */ /* key transport key encryption technique */
#ifndef NO_RSA #ifndef NO_RSA
#if !defined(NO_AES) && defined(HAVE_AESGCM) #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP)
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
ADD_PKCS7AUTHENVELOPEDVECTOR( ADD_PKCS7AUTHENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, rsaCert, rsaCertSz, data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, rsaCert, rsaCertSz,
@@ -52876,12 +52881,12 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
(void)rsaCertSz; (void)rsaCertSz;
(void)rsaPrivKey; (void)rsaPrivKey;
(void)rsaPrivKeySz; (void)rsaPrivKeySz;
#endif /* !NO_AES && !HAVE_AESGCM */ #endif /* !NO_AES && !HAVE_AESGCM && HAVE_AES_KEYWRAP */
#endif #endif
/* key agreement key encryption technique*/ /* key agreement key encryption technique*/
#ifdef HAVE_ECC #ifdef HAVE_ECC
#if !defined(NO_AES) && defined(HAVE_AESGCM) #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
ADD_PKCS7AUTHENVELOPEDVECTOR( ADD_PKCS7AUTHENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP,
@@ -52958,11 +52963,11 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
"pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der"); "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der");
#endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */ #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
#endif /* !NO_AES && HAVE_AESGCM */ #endif /* !NO_AES && HAVE_AESGCM && HAVE_AES_KEYWRAP */
#endif #endif
/* kekri (KEKRecipientInfo) recipient types */ /* kekri (KEKRecipientInfo) recipient types */
#if !defined(NO_AES) && defined(HAVE_AESGCM) #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
ADD_PKCS7AUTHENVELOPEDVECTOR( ADD_PKCS7AUTHENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, 0, data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, 0,
@@ -52974,7 +52979,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
#endif #endif
/* pwri (PasswordRecipientInfo) recipient types */ /* pwri (PasswordRecipientInfo) recipient types */
#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
defined(HAVE_AES_KEYWRAP)
#if !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) #if !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
ADD_PKCS7AUTHENVELOPEDVECTOR( ADD_PKCS7AUTHENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0,
@@ -52985,7 +52991,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
#endif #endif
#endif #endif
#if !defined(NO_AES) && defined(HAVE_AESGCM) #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP)
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
/* ori (OtherRecipientInfo) recipient types */ /* ori (OtherRecipientInfo) recipient types */
ADD_PKCS7AUTHENVELOPEDVECTOR( ADD_PKCS7AUTHENVELOPEDVECTOR(
@@ -53271,7 +53277,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
(void)eccCertSz; (void)eccCertSz;
(void)eccPrivKey; (void)eccPrivKey;
(void)eccPrivKeySz; (void)eccPrivKeySz;
#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) #if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) && \
defined(HAVE_AES_KEYWRAP)
(void)secretKey; (void)secretKey;
(void)secretKeyId; (void)secretKeyId;
#endif #endif
@@ -53381,7 +53388,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7authenveloped_test(void)
#endif /* HAVE_AESGCM || HAVE_AESCCM */ #endif /* HAVE_AESGCM || HAVE_AESCCM */
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \
defined(HAVE_AES_KEYWRAP)
static const byte p7DefKey[] = { static const byte p7DefKey[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
@@ -53813,7 +53821,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 cert
return ret; return ret;
} }
#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 */ #endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 && HAVE_AES_KEYWRAP */
#ifndef NO_PKCS7_ENCRYPTED_DATA #ifndef NO_PKCS7_ENCRYPTED_DATA
@@ -55417,7 +55425,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7signed_test(void)
eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz); eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz);
#if !defined(NO_RSA) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \ #if !defined(NO_RSA) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_AES_256) defined(WOLFSSL_AES_256) && defined(HAVE_AES_KEYWRAP)
if (ret >= 0) if (ret >= 0)
ret = pkcs7callback_test( ret = pkcs7callback_test(
rsaClientCertBuf, (word32)rsaClientCertBufSz, rsaClientCertBuf, (word32)rsaClientCertBufSz,

3
wolfssl/wolfcrypt/settings.h
View File

@@ -3416,9 +3416,6 @@ extern void uITRON4_free(void *p) ;
#if defined(NO_AES) && defined(NO_DES3) #if defined(NO_AES) && defined(NO_DES3)
#error PKCS7 needs either AES or 3DES enabled, please enable one #error PKCS7 needs either AES or 3DES enabled, please enable one
#endif #endif
#ifndef HAVE_AES_KEYWRAP
#error PKCS7 requires AES key wrap please define HAVE_AES_KEYWRAP
#endif
#if defined(HAVE_ECC) && !defined(HAVE_X963_KDF) #if defined(HAVE_ECC) && !defined(HAVE_X963_KDF)
#error PKCS7 requires X963 KDF please define HAVE_X963_KDF #error PKCS7 requires X963 KDF please define HAVE_X963_KDF
#endif #endif