mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-08-02 12:14:38 +02:00
Combine AES key wrap/unwrap callbacks
This commit is contained in:
Josh Holtrop
@@ -11,11 +11,12 @@
|
|||||||
\param[in] keySz Size of the key to use.
|
\param[in] keySz Size of the key to use.
|
||||||
\param[in] in Specify the input data to wrap/unwrap.
|
\param[in] in Specify the input data to wrap/unwrap.
|
||||||
\param[in] inSz Size of the input data.
|
\param[in] inSz Size of the input data.
|
||||||
|
\param[in] wrap 1 if the requested operation is a key wrap, 0 for unwrap.
|
||||||
\param[out] out Specify the output buffer.
|
\param[out] out Specify the output buffer.
|
||||||
\param[out] outSz Size of the output buffer.
|
\param[out] outSz Size of the output buffer.
|
||||||
*/
|
*/
|
||||||
typedef int (*CallbackAESKeyWrap)(const byte* key, word32 keySz,
|
typedef int (*CallbackAESKeyWrapUnwrap)(const byte* key, word32 keySz,
|
||||||
const byte* in, word32 inSz, byte* out, word32 outSz);
|
const byte* in, word32 inSz, int wrap, byte* out, word32 outSz);
|
||||||
|
|
||||||
/*!
|
/*!
|
||||||
\ingroup PKCS7
|
\ingroup PKCS7
|
||||||
@@ -500,33 +501,16 @@ int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
|
|||||||
\ingroup PKCS7
|
\ingroup PKCS7
|
||||||
|
|
||||||
\brief Set the callback function to be used to perform a custom AES key
|
\brief Set the callback function to be used to perform a custom AES key
|
||||||
wrap operation.
|
wrap/unwrap operation.
|
||||||
|
|
||||||
\retval 0 Callback function was set successfully
|
\retval 0 Callback function was set successfully
|
||||||
\retval BAD_FUNC_ARG Parameter pkcs7 is NULL
|
\retval BAD_FUNC_ARG Parameter pkcs7 is NULL
|
||||||
|
|
||||||
\param pkcs7 pointer to the PKCS7 structure
|
\param pkcs7 pointer to the PKCS7 structure
|
||||||
\param aesKeyWrapCb pointer to custom AES key wrap function
|
\param aesKeyWrapCb pointer to custom AES key wrap/unwrap function
|
||||||
|
|
||||||
\sa wc_PKCS7_SetAESKeyUnwrapCb
|
|
||||||
*/
|
*/
|
||||||
int wc_PKCS7_SetAESKeyWrapCb(wc_PKCS7* pkcs7, CallbackAESKeyWrap aesKeyWrapCb);
|
int wc_PKCS7_SetAESKeyWrapUnwrapCb(wc_PKCS7* pkcs7,
|
||||||
|
CallbackAESKeyWrapUnwrap aesKeyWrapCb);
|
||||||
/*!
|
|
||||||
\ingroup PKCS7
|
|
||||||
|
|
||||||
\brief Set the callback function to be used to perform a custom AES key
|
|
||||||
unwrap operation.
|
|
||||||
|
|
||||||
\retval 0 Callback function was set successfully
|
|
||||||
\retval BAD_FUNC_ARG Parameter pkcs7 is NULL
|
|
||||||
|
|
||||||
\param pkcs7 pointer to the PKCS7 structure
|
|
||||||
\param aesKeyUnwrapCb pointer to custom AES key unwrap function
|
|
||||||
|
|
||||||
\sa wc_PKCS7_SetAESKeyWrapCb
|
|
||||||
*/
|
|
||||||
int wc_PKCS7_SetAESKeyUnwrapCb(wc_PKCS7* pkcs7, CallbackAESKeyWrap aesKeyUnwrapCb);
|
|
||||||
|
|
||||||
/*!
|
/*!
|
||||||
\ingroup PKCS7
|
\ingroup PKCS7
|
||||||
|
|||||||
22
tests/api.c
22
tests/api.c
@@ -17999,24 +17999,15 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
|
|||||||
static int wasAESKeyWrapCbCalled = 0;
|
static int wasAESKeyWrapCbCalled = 0;
|
||||||
static int wasAESKeyUnwrapCbCalled = 0;
|
static int wasAESKeyUnwrapCbCalled = 0;
|
||||||
|
|
||||||
static int testAESKeyWrapCb(const byte* key, word32 keySz,
|
static int testAESKeyWrapUnwrapCb(const byte* key, word32 keySz,
|
||||||
const byte* in, word32 inSz, byte* out, word32 outSz)
|
const byte* in, word32 inSz, int wrap, byte* out, word32 outSz)
|
||||||
{
|
{
|
||||||
(void)key;
|
(void)key;
|
||||||
(void)keySz;
|
(void)keySz;
|
||||||
|
(void)wrap;
|
||||||
|
if (wrap)
|
||||||
wasAESKeyWrapCbCalled = 1;
|
wasAESKeyWrapCbCalled = 1;
|
||||||
XMEMSET(out, 0xEE, outSz);
|
else
|
||||||
if (inSz <= outSz) {
|
|
||||||
XMEMCPY(out, in, inSz);
|
|
||||||
}
|
|
||||||
return inSz;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int testAESKeyUnwrapCb(const byte* key, word32 keySz,
|
|
||||||
const byte* in, word32 inSz, byte* out, word32 outSz)
|
|
||||||
{
|
|
||||||
(void)key;
|
|
||||||
(void)keySz;
|
|
||||||
wasAESKeyUnwrapCbCalled = 1;
|
wasAESKeyUnwrapCbCalled = 1;
|
||||||
XMEMSET(out, 0xEE, outSz);
|
XMEMSET(out, 0xEE, outSz);
|
||||||
if (inSz <= outSz) {
|
if (inSz <= outSz) {
|
||||||
@@ -18104,8 +18095,7 @@ static int test_wc_PKCS7_SetAESKeyWrapUnwrapCb(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Test custom AES key wrap/unwrap callback */
|
/* Test custom AES key wrap/unwrap callback */
|
||||||
ExpectIntEQ(wc_PKCS7_SetAESKeyWrapCb(pkcs7, testAESKeyWrapCb), 0);
|
ExpectIntEQ(wc_PKCS7_SetAESKeyWrapUnwrapCb(pkcs7, testAESKeyWrapUnwrapCb), 0);
|
||||||
ExpectIntEQ(wc_PKCS7_SetAESKeyUnwrapCb(pkcs7, testAESKeyUnwrapCb), 0);
|
|
||||||
|
|
||||||
ExpectIntGE(wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
|
ExpectIntGE(wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
|
||||||
(word32)sizeof(output)), 0);
|
(word32)sizeof(output)), 0);
|
||||||
|
|||||||
@@ -6838,8 +6838,8 @@ static int wc_PKCS7_KeyWrap(const wc_PKCS7 * pkcs7, byte const * cek,
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (direction == AES_ENCRYPTION) {
|
if (direction == AES_ENCRYPTION) {
|
||||||
if (pkcs7->aesKeyWrapCb != NULL) {
|
if (pkcs7->aesKeyWrapUnwrapCb != NULL) {
|
||||||
ret = pkcs7->aesKeyWrapCb(kek, kekSz, cek, cekSz,
|
ret = pkcs7->aesKeyWrapUnwrapCb(kek, kekSz, cek, cekSz, 1,
|
||||||
out, outSz);
|
out, outSz);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
@@ -6848,8 +6848,8 @@ static int wc_PKCS7_KeyWrap(const wc_PKCS7 * pkcs7, byte const * cek,
|
|||||||
}
|
}
|
||||||
|
|
||||||
} else if (direction == AES_DECRYPTION) {
|
} else if (direction == AES_DECRYPTION) {
|
||||||
if (pkcs7->aesKeyUnwrapCb != NULL) {
|
if (pkcs7->aesKeyWrapUnwrapCb != NULL) {
|
||||||
ret = pkcs7->aesKeyUnwrapCb(kek, kekSz, cek, cekSz,
|
ret = pkcs7->aesKeyWrapUnwrapCb(kek, kekSz, cek, cekSz, 0,
|
||||||
out, outSz);
|
out, outSz);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
@@ -11094,28 +11094,17 @@ int wc_PKCS7_SetWrapCEKCb(wc_PKCS7* pkcs7, CallbackWrapCEK cb)
|
|||||||
|
|
||||||
|
|
||||||
/* return 0 on success */
|
/* return 0 on success */
|
||||||
int wc_PKCS7_SetAESKeyWrapCb(wc_PKCS7* pkcs7, CallbackAESKeyWrap aesKeyWrapCb)
|
int wc_PKCS7_SetAESKeyWrapUnwrapCb(wc_PKCS7* pkcs7, CallbackAESKeyWrapUnwrap aesKeyWrapUnwrapCb)
|
||||||
{
|
{
|
||||||
if (pkcs7 == NULL)
|
if (pkcs7 == NULL)
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
pkcs7->aesKeyWrapCb = aesKeyWrapCb;
|
pkcs7->aesKeyWrapUnwrapCb = aesKeyWrapUnwrapCb;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* return 0 on success */
|
|
||||||
int wc_PKCS7_SetAESKeyUnwrapCb(wc_PKCS7* pkcs7, CallbackAESKeyWrap aesKeyUnwrapCb)
|
|
||||||
{
|
|
||||||
if (pkcs7 == NULL)
|
|
||||||
return BAD_FUNC_ARG;
|
|
||||||
|
|
||||||
pkcs7->aesKeyUnwrapCb = aesKeyUnwrapCb;
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Decrypt ASN.1 OtherRecipientInfo (ori), as defined by:
|
/* Decrypt ASN.1 OtherRecipientInfo (ori), as defined by:
|
||||||
*
|
*
|
||||||
* OtherRecipientInfo ::= SEQUENCE {
|
* OtherRecipientInfo ::= SEQUENCE {
|
||||||
|
|||||||
@@ -213,8 +213,8 @@ typedef int (*CallbackWrapCEK)(wc_PKCS7* pkcs7, byte* cek, word32 cekSz,
|
|||||||
byte* originKey, word32 originKeySz,
|
byte* originKey, word32 originKeySz,
|
||||||
byte* out, word32 outSz,
|
byte* out, word32 outSz,
|
||||||
int keyWrapAlgo, int type, int dir);
|
int keyWrapAlgo, int type, int dir);
|
||||||
typedef int (*CallbackAESKeyWrap)(const byte* key, word32 keySz,
|
typedef int (*CallbackAESKeyWrapUnwrap)(const byte* key, word32 keySz,
|
||||||
const byte* in, word32 inSz, byte* out, word32 outSz);
|
const byte* in, word32 inSz, int wrap, byte* out, word32 outSz);
|
||||||
|
|
||||||
/* Callbacks for supporting different stream cases */
|
/* Callbacks for supporting different stream cases */
|
||||||
typedef int (*CallbackGetContent)(wc_PKCS7* pkcs7, byte** content, void* ctx);
|
typedef int (*CallbackGetContent)(wc_PKCS7* pkcs7, byte** content, void* ctx);
|
||||||
@@ -373,8 +373,7 @@ struct wc_PKCS7 {
|
|||||||
} decryptKey;
|
} decryptKey;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
CallbackAESKeyWrap aesKeyWrapCb;
|
CallbackAESKeyWrapUnwrap aesKeyWrapUnwrapCb;
|
||||||
CallbackAESKeyWrap aesKeyUnwrapCb;
|
|
||||||
|
|
||||||
/* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
|
/* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
|
||||||
};
|
};
|
||||||
@@ -503,10 +502,8 @@ WOLFSSL_API int wc_PKCS7_AddRecipient_ORI(wc_PKCS7* pkcs7, CallbackOriEncrypt c
|
|||||||
int options);
|
int options);
|
||||||
WOLFSSL_API int wc_PKCS7_SetWrapCEKCb(wc_PKCS7* pkcs7,
|
WOLFSSL_API int wc_PKCS7_SetWrapCEKCb(wc_PKCS7* pkcs7,
|
||||||
CallbackWrapCEK wrapCEKCb);
|
CallbackWrapCEK wrapCEKCb);
|
||||||
WOLFSSL_API int wc_PKCS7_SetAESKeyWrapCb(wc_PKCS7* pkcs7,
|
WOLFSSL_API int wc_PKCS7_SetAESKeyWrapUnwrapCb(wc_PKCS7* pkcs7,
|
||||||
CallbackAESKeyWrap aesKeyWrapCb);
|
CallbackAESKeyWrapUnwrap aesKeyWrapUnwrapCb);
|
||||||
WOLFSSL_API int wc_PKCS7_SetAESKeyUnwrapCb(wc_PKCS7* pkcs7,
|
|
||||||
CallbackAESKeyWrap aesKeyUnwrapCb);
|
|
||||||
|
|
||||||
#if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
|
#if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
|
||||||
WOLFSSL_API int wc_PKCS7_SetRsaSignRawDigestCb(wc_PKCS7* pkcs7,
|
WOLFSSL_API int wc_PKCS7_SetRsaSignRawDigestCb(wc_PKCS7* pkcs7,
|
||||||
|
|||||||
Reference in New Issue
Block a user