wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 12:44:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9018 from holtrop/decode-skp

Browse Source 
Add API to decode SymmetricKeyPackage and OneSymmetricKey CMS objects
This commit is contained in:
David Garske
2025-07-23 16:01:58 -07:00
committed by GitHub
parent 44eba446ec 2f2f999657
commit 6aabc73845
10 changed files with 614 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
doc/dox_comments/header_files/pkcs7.h
View File

@@ -747,3 +747,97 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg,
*/ */
int wc_PKCS7_DecodeEncryptedKeyPackage(wc_PKCS7 * pkcs7, int wc_PKCS7_DecodeEncryptedKeyPackage(wc_PKCS7 * pkcs7,
byte * pkiMsg, word32 pkiMsgSz, byte * output, word32 outputSz); byte * pkiMsg, word32 pkiMsgSz, byte * output, word32 outputSz);
/*!
\ingroup PKCS7
\brief This function provides access to a SymmetricKeyPackage attribute.
\return 0 The requested attribute has been successfully located.
attr and attrSz output variables are populated with the address and size of
the attribute. The attribute will be in the same buffer passed in via the
skp input pointer.
\return BAD_FUNC_ARG One of the input parameters is invalid.
\return ASN_PARSE_E An error was encountered parsing the input object.
\return BAD_INDEX_E The requested attribute index was invalid.
\param[in] skp Input buffer containing the SymmetricKeyPackage object.
\param[in] skpSz Size of the SymmetricKeyPackage object.
\param[in] index Index of the attribute to access.
\param[out] attr Buffer in which to store the pointer to the requested
attribute object.
\param[out] attrSz Buffer in which to store the size of the requested
attribute object.
*/
int wc_PKCS7_DecodeSymmetricKeyPackageAttribute(const byte * skp,
word32 skpSz, size_t index, const byte ** attr, word32 * attrSz);
/*!
\ingroup PKCS7
\brief This function provides access to a SymmetricKeyPackage key.
\return 0 The requested key has been successfully located.
key and keySz output variables are populated with the address and size of
the key. The key will be in the same buffer passed in via the
skp input pointer.
\return BAD_FUNC_ARG One of the input parameters is invalid.
\return ASN_PARSE_E An error was encountered parsing the input object.
\return BAD_INDEX_E The requested key index was invalid.
\param[in] skp Input buffer containing the SymmetricKeyPackage object.
\param[in] skpSz Size of the SymmetricKeyPackage object.
\param[in] index Index of the key to access.
\param[out] key Buffer in which to store the pointer to the requested
key object.
\param[out] keySz Buffer in which to store the size of the requested
key object.
*/
int wc_PKCS7_DecodeSymmetricKeyPackageKey(const byte * skp,
word32 skpSz, size_t index, const byte ** key, word32 * keySz);
/*!
\ingroup PKCS7
\brief This function provides access to a OneSymmetricKey attribute.
\return 0 The requested attribute has been successfully located.
attr and attrSz output variables are populated with the address and size of
the attribute. The attribute will be in the same buffer passed in via the
osk input pointer.
\return BAD_FUNC_ARG One of the input parameters is invalid.
\return ASN_PARSE_E An error was encountered parsing the input object.
\return BAD_INDEX_E The requested attribute index was invalid.
\param[in] osk Input buffer containing the OneSymmetricKey object.
\param[in] oskSz Size of the OneSymmetricKey object.
\param[in] index Index of the attribute to access.
\param[out] attr Buffer in which to store the pointer to the requested
attribute object.
\param[out] attrSz Buffer in which to store the size of the requested
attribute object.
*/
int wc_PKCS7_DecodeOneSymmetricKeyAttribute(const byte * osk,
word32 oskSz, size_t index, const byte ** attr, word32 * attrSz);
/*!
\ingroup PKCS7
\brief This function provides access to a OneSymmetricKey key.
\return 0 The requested key has been successfully located.
key and keySz output variables are populated with the address and size of
the key. The key will be in the same buffer passed in via the
osk input pointer.
\return BAD_FUNC_ARG One of the input parameters is invalid.
\return ASN_PARSE_E An error was encountered parsing the input object.
\param[in] osk Input buffer containing the OneSymmetricKey object.
\param[in] oskSz Size of the OneSymmetricKey object.
\param[out] key Buffer in which to store the pointer to the requested
key object.
\param[out] keySz Buffer in which to store the size of the requested
key object.
*/
int wc_PKCS7_DecodeOneSymmetricKeyKey(const byte * osk,
word32 oskSz, const byte ** key, word32 * keySz);

264
tests/api.c
View File

@@ -18667,6 +18667,268 @@ static int test_wc_PKCS7_DecodeEncryptedKeyPackage(void)
} /* END test_wc_PKCS7_DecodeEncryptedKeyPackage() */ } /* END test_wc_PKCS7_DecodeEncryptedKeyPackage() */
/*
* Test wc_PKCS7_DecodeSymmetricKeyPackage().
*/
static int test_wc_PKCS7_DecodeSymmetricKeyPackage(void)
{
EXPECT_DECLS;
#if defined(HAVE_PKCS7)
const byte * item;
word32 itemSz;
int ret;
{
const byte one_key[] = {
0x30, 0x08, /* SymmetricKeyPackage SEQUENCE header */
0x02, 0x01, 0x01, /* version v1 */
0x30, 0x03, /* sKeys SEQUENCE OF */
0x02, 0x01, 0x01, /* INTEGER standin for OneSymmetricKey */
};
/* NULL input data pointer */
ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
NULL, sizeof(one_key), 0, &item, &itemSz);
ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
/* NULL output item pointer */
ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
one_key, sizeof(one_key), 0, NULL, &itemSz);
ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
/* NULL output size pointer */
ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
one_key, sizeof(one_key), 0, &item, NULL);
ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
/* Valid key index 0 extraction */
ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
one_key, sizeof(one_key), 0, &item, &itemSz);
ExpectIntEQ(ret, 0);
ExpectPtrEq(item, &one_key[7]);
ExpectIntEQ(itemSz, 3);
/* Key index 1 out of range */
ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
one_key, sizeof(one_key), 1, &item, &itemSz);
ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E));
/* Attribute index 0 out of range */
ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute(
one_key, sizeof(one_key), 0, &item, &itemSz);
ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E));
/* Attribute index 1 out of range */
ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute(
one_key, sizeof(one_key), 1, &item, &itemSz);
ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E));
}
/* Invalid SKP SEQUENCE header. */
{
const byte bad_seq_header[] = {
0x02, 0x01, 0x42, /* Invalid SymmetricKeyPackage SEQUENCE header */
};
ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
bad_seq_header, sizeof(bad_seq_header), 0, &item, &itemSz);
ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_PARSE_E));
}
/* Missing version object */
{
const byte missing_version[] = {
0x30, 0x05, /* SymmetricKeyPackage SEQUENCE header */
0x30, 0x03, /* sKeys SEQUENCE OF */
0x02, 0x01, 0x01, /* INTEGER standin for OneSymmetricKey */
};
ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
missing_version, sizeof(missing_version), 0, &item, &itemSz);
ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_PARSE_E));
}
/* Invalid version number */
{
const byte bad_version[] = {
0x30, 0x08, /* SymmetricKeyPackage SEQUENCE header */
0x02, 0x01, 0x00, /* version 0 (invalid) */
0x30, 0x03, /* sKeys SEQUENCE OF */
0x02, 0x01, 0x01, /* INTEGER standin for OneSymmetricKey */
};
ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
bad_version, sizeof(bad_version), 0, &item, &itemSz);
ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_PARSE_E));
}
{
const byte key3_attr2[] = {
0x30, 0x18, /* SymmetricKeyPackage SEQUENCE header */
0x02, 0x01, 0x01, /* version v1 */
0xA0, 0x08, /* sKeyPkgAttrs EXPLICIT [0] header */
0x30, 0x06, /* sKeyPkgAttrs SEQUENCE OF header */
0x02, 0x01, 0x40, /* INTEGER standin for Attribute 0 */
0x02, 0x01, 0x41, /* INTEGER standin for Attribute 1 */
0x30, 0x09, /* sKeys SEQUENCE OF header */
0x02, 0x01, 0x0A, /* INTEGER standin for OneSymmetricKey 0 */
0x02, 0x01, 0x0B, /* INTEGER standin for OneSymmetricKey 1 */
0x02, 0x01, 0x0C, /* INTEGER standin for OneSymmetricKey 2 */
};
/* Valid attribute index 0 extraction */
ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute(
key3_attr2, sizeof(key3_attr2), 0, &item, &itemSz);
ExpectIntEQ(ret, 0);
ExpectPtrEq(item, &key3_attr2[9]);
ExpectIntEQ(itemSz, 3);
/* Valid attribute index 1 extraction */
ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute(
key3_attr2, sizeof(key3_attr2), 1, &item, &itemSz);
ExpectIntEQ(ret, 0);
ExpectPtrEq(item, &key3_attr2[12]);
ExpectIntEQ(itemSz, 3);
/* Attribute index 2 out of range */
ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute(
key3_attr2, sizeof(key3_attr2), 2, &item, &itemSz);
ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E));
/* Valid key index 0 extraction */
ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
key3_attr2, sizeof(key3_attr2), 0, &item, &itemSz);
ExpectIntEQ(ret, 0);
ExpectPtrEq(item, &key3_attr2[17]);
ExpectIntEQ(itemSz, 3);
/* Valid key index 1 extraction */
ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
key3_attr2, sizeof(key3_attr2), 1, &item, &itemSz);
ExpectIntEQ(ret, 0);
ExpectPtrEq(item, &key3_attr2[20]);
ExpectIntEQ(itemSz, 3);
/* Valid key index 2 extraction */
ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
key3_attr2, sizeof(key3_attr2), 2, &item, &itemSz);
ExpectIntEQ(ret, 0);
ExpectPtrEq(item, &key3_attr2[23]);
ExpectIntEQ(itemSz, 3);
/* Key index 3 out of range */
ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
key3_attr2, sizeof(key3_attr2), 3, &item, &itemSz);
ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E));
}
#endif
return EXPECT_RESULT();
} /* END test_wc_PKCS7_DecodeSymmetricKeyPackage() */
/*
* Test wc_PKCS7_DecodeOneSymmetricKey().
*/
static int test_wc_PKCS7_DecodeOneSymmetricKey(void)
{
EXPECT_DECLS;
#if defined(HAVE_PKCS7)
const byte * item;
word32 itemSz;
int ret;
{
const byte key1_attr2[] = {
0x30, 0x0E, /* OneSymmetricKey SEQUENCE header */
0x30, 0x06, /* sKeyAttrs SEQUENCE OF header */
0x02, 0x01, 0x0A, /* INTEGER standin for Attribute 0 */
0x02, 0x01, 0x0B, /* INTEGER standin for Attribute 1 */
0x04, 0x04, 0xAA, 0xBB, 0xCC, 0xDD /* sKey OCTET STRING */
};
/* NULL input data pointer */
ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
NULL, sizeof(key1_attr2), 0, &item, &itemSz);
ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
/* NULL output pointer */
ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
key1_attr2, sizeof(key1_attr2), 0, NULL, &itemSz);
ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
/* NULL output size pointer */
ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
key1_attr2, sizeof(key1_attr2), 0, &item, NULL);
ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
/* Valid attribute 0 access */
ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
key1_attr2, sizeof(key1_attr2), 0, &item, &itemSz);
ExpectIntEQ(ret, 0);
ExpectPtrEq(item, &key1_attr2[4]);
ExpectIntEQ(itemSz, 3);
/* Valid attribute 1 access */
ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
key1_attr2, sizeof(key1_attr2), 1, &item, &itemSz);
ExpectIntEQ(ret, 0);
ExpectPtrEq(item, &key1_attr2[7]);
ExpectIntEQ(itemSz, 3);
/* Attribute index 2 out of range */
ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
key1_attr2, sizeof(key1_attr2), 2, &item, &itemSz);
ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E));
/* Valid key access */
ret = wc_PKCS7_DecodeOneSymmetricKeyKey(
key1_attr2, sizeof(key1_attr2), &item, &itemSz);
ExpectIntEQ(ret, 0);
ExpectPtrEq(item, &key1_attr2[12]);
ExpectIntEQ(itemSz, 4);
}
{
const byte no_attrs[] = {
0x30, 0x06, /* OneSymmetricKey SEQUENCE header */
0x04, 0x04, 0xAA, 0xBB, 0xCC, 0xDD /* sKey OCTET STRING */
};
/* Attribute index 0 out of range */
ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
no_attrs, sizeof(no_attrs), 0, &item, &itemSz);
ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E));
/* Valid key access */
ret = wc_PKCS7_DecodeOneSymmetricKeyKey(
no_attrs, sizeof(no_attrs), &item, &itemSz);
ExpectIntEQ(ret, 0);
ExpectPtrEq(item, &no_attrs[4]);
ExpectIntEQ(itemSz, 4);
}
{
const byte key0_attr2[] = {
0x30, 0x08, /* OneSymmetricKey SEQUENCE header */
0x30, 0x06, /* sKeyAttrs SEQUENCE OF header */
0x02, 0x01, 0x0A, /* INTEGER standin for Attribute 0 */
0x02, 0x01, 0x0B, /* INTEGER standin for Attribute 1 */
};
/* Valid attribute 0 access */
ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
key0_attr2, sizeof(key0_attr2), 0, &item, &itemSz);
ExpectIntEQ(ret, 0);
ExpectPtrEq(item, &key0_attr2[4]);
ExpectIntEQ(itemSz, 3);
/* Invalid key access */
ret = wc_PKCS7_DecodeOneSymmetricKeyKey(
key0_attr2, sizeof(key0_attr2), &item, &itemSz);
ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_PARSE_E));
}
#endif
return EXPECT_RESULT();
} /* END test_wc_PKCS7_DecodeOneSymmetricKey() */
/* /*
* Testing wc_PKCS7_Degenerate() * Testing wc_PKCS7_Degenerate()
*/ */
@@ -68144,6 +68406,8 @@ TEST_CASE testCases[] = {
TEST_DECL(test_wc_PKCS7_SetAESKeyWrapUnwrapCb), TEST_DECL(test_wc_PKCS7_SetAESKeyWrapUnwrapCb),
TEST_DECL(test_wc_PKCS7_EncodeEncryptedData), TEST_DECL(test_wc_PKCS7_EncodeEncryptedData),
TEST_DECL(test_wc_PKCS7_DecodeEncryptedKeyPackage), TEST_DECL(test_wc_PKCS7_DecodeEncryptedKeyPackage),
TEST_DECL(test_wc_PKCS7_DecodeSymmetricKeyPackage),
TEST_DECL(test_wc_PKCS7_DecodeOneSymmetricKey),
TEST_DECL(test_wc_PKCS7_Degenerate), TEST_DECL(test_wc_PKCS7_Degenerate),
TEST_DECL(test_wc_PKCS7_BER), TEST_DECL(test_wc_PKCS7_BER),
TEST_DECL(test_wc_PKCS7_signed_enveloped), TEST_DECL(test_wc_PKCS7_signed_enveloped),

44
tests/api/test_asn.c
View File

@@ -177,3 +177,47 @@ int test_SetShortInt(void)
return EXPECT_RESULT(); return EXPECT_RESULT();
} }
int test_wc_IndexSequenceOf(void)
{
EXPECT_DECLS;
#ifndef NO_ASN
const byte int_seq[] = {
0x30, 0x0A,
0x02, 0x01, 0x0A,
0x02, 0x02, 0x00, 0xF0,
0x02, 0x01, 0x7F,
};
const byte bad_seq[] = {
0xA0, 0x01, 0x01,
};
const byte empty_seq[] = {
0x30, 0x00,
};
const byte * element;
word32 elementSz;
ExpectIntEQ(wc_IndexSequenceOf(int_seq, sizeof(int_seq), 0U, &element, &elementSz), 0);
ExpectPtrEq(element, &int_seq[2]);
ExpectIntEQ(elementSz, 3);
ExpectIntEQ(wc_IndexSequenceOf(int_seq, sizeof(int_seq), 1U, &element, &elementSz), 0);
ExpectPtrEq(element, &int_seq[5]);
ExpectIntEQ(elementSz, 4);
ExpectIntEQ(wc_IndexSequenceOf(int_seq, sizeof(int_seq), 2U, &element, &elementSz), 0);
ExpectPtrEq(element, &int_seq[9]);
ExpectIntEQ(elementSz, 3);
ExpectIntEQ(wc_IndexSequenceOf(int_seq, sizeof(int_seq), 3U, &element, &elementSz), WC_NO_ERR_TRACE(BAD_INDEX_E));
ExpectIntEQ(wc_IndexSequenceOf(bad_seq, sizeof(bad_seq), 0U, &element, &elementSz), WC_NO_ERR_TRACE(ASN_PARSE_E));
ExpectIntEQ(wc_IndexSequenceOf(empty_seq, sizeof(empty_seq), 0U, &element, &elementSz), WC_NO_ERR_TRACE(BAD_INDEX_E));
#endif
return EXPECT_RESULT();
}

4
tests/api/test_asn.h
View File

@@ -25,8 +25,10 @@
#include <tests/api/api_decl.h> #include <tests/api/api_decl.h>
int test_SetShortInt(void); int test_SetShortInt(void);
int test_wc_IndexSequenceOf(void);
#define TEST_ASN_DECLS \ #define TEST_ASN_DECLS \
TEST_DECL_GROUP("asn", test_SetShortInt) \ TEST_DECL_GROUP("asn", test_SetShortInt), \
TEST_DECL_GROUP("asn", test_wc_IndexSequenceOf)
#endif /* WOLFCRYPT_TEST_ASN_H */ #endif /* WOLFCRYPT_TEST_ASN_H */

67
wolfcrypt/src/asn.c
View File

@@ -2570,6 +2570,73 @@ int GetSequence_ex(const byte* input, word32* inOutIdx, int* len,
maxIdx, check); maxIdx, check);
} }
/**
* Index a SEQUENCE OF object to get to a specific element.
*
* @param[in] seqOf Buffer holding DER/BER SEQUENCE OF object.
* @param[in] seqOfSz Size of the seqOf SEQUENCE OF object.
* @param[in] seqIndex Index of the SEQUENCE OF element being requested.
* @param[out] out Buffer in which to store pointer to the <seqIndex>th element
* of the SEQUENCE OF object.
* @param[out] outSz Buffer in which to store the length of the <seqIndex>th
* element of the SEQUENCE OF object.
*
* @return 0 on success.
* @return BUFFER_E when there is not enough data to parse.
* @return BAD_INDEX_E when the given seqIndex is out of range.
* @return ASN_PARSE_E when the seqOf is not in the expected format.
*/
int wc_IndexSequenceOf(const byte * seqOf, word32 seqOfSz, size_t seqIndex,
const byte ** out, word32 * outSz)
{
int length;
word32 seqOfIdx = 0U;
byte tagFound;
size_t i;
word32 elementIdx = 0U;
int ret = 0;
/* Validate the SEQUENCE OF header. */
if (GetSequence(seqOf, &seqOfIdx, &length, seqOfSz) < 0) {
ret = ASN_PARSE_E;
}
else {
seqOfSz = seqOfIdx + (word32)length;
for (i = 0U; i <= seqIndex; i++) {
if (seqOfIdx >= seqOfSz) {
ret = BAD_INDEX_E;
break;
}
elementIdx = seqOfIdx;
/* Validate the element tag. */
if (GetASNTag(seqOf, &seqOfIdx, &tagFound, seqOfSz) != 0) {
ret = ASN_PARSE_E;
break;
}
/* Validate and get the element's encoded length. */
if (GetLength(seqOf, &seqOfIdx, &length, seqOfSz) < 0) {
ret = ASN_PARSE_E;
break;
}
seqOfIdx += (word32)length;
}
}
/* If the tag and length checks above passed then we've found the requested
* element and validated it fits within seqOfSz. */
if (ret == 0) {
*out = &seqOf[elementIdx];
*outSz = (seqOfIdx - elementIdx);
}
return ret;
}
/* Decode the header of a BER/DER encoded SET. /* Decode the header of a BER/DER encoded SET.
* *
* @param [in] input Buffer holding DER/BER encoded data. * @param [in] input Buffer holding DER/BER encoded data.

3
wolfcrypt/src/error.c
View File

@@ -650,6 +650,9 @@ const char* wc_GetErrorString(int error)
case WC_ACCEL_INHIBIT_E: case WC_ACCEL_INHIBIT_E:
return "Crypto acceleration is currently inhibited"; return "Crypto acceleration is currently inhibited";
case BAD_INDEX_E:
return "Bad index";
case MAX_CODE_E: case MAX_CODE_E:
case WC_SPAN1_MIN_CODE_E: case WC_SPAN1_MIN_CODE_E:
case MIN_CODE_E: case MIN_CODE_E:

124
wolfcrypt/src/pkcs7.c
View File

@@ -15328,6 +15328,129 @@ int wc_PKCS7_DecodeCompressedData(wc_PKCS7* pkcs7, byte* pkiMsg,
#endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
static int wc_PKCS7_DecodeSymmetricKeyPackage(const byte * skp, word32 skpSz,
size_t index, const byte ** out, word32 * outSz, int getKey)
{
word32 skpIndex = 0;
int length = 0;
int version = 0;
int ret = 0;
if (skp == NULL || out == NULL || outSz == NULL)
ret = BAD_FUNC_ARG;
/* Expect a SEQUENCE header to start the SymmetricKeyPackage object. */
if (ret == 0 && GetSequence(skp, &skpIndex, &length, skpSz) < 0)
ret = ASN_PARSE_E;
/* Expect version v1 */
if (ret == 0 && GetMyVersion(skp, &skpIndex, &version, skpSz) < 0)
ret = ASN_PARSE_E;
if (ret == 0 && version != 1)
ret = ASN_PARSE_E;
if (ret == 0 && GetASNHeader(skp, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED,
&skpIndex, &length, skpSz) >= 0) {
/* sKeyPkgAttrs [0] tag found so there are attributes present. */
if (getKey != 0) {
/* Key was requested, not attribute, so skip the attributes. */
skpIndex += (word32)length;
}
else {
/* sKeyPkgAttrs is present at &skp[skpIndex], length in length */
ret = wc_IndexSequenceOf(&skp[skpIndex], (word32)length, index,
out, outSz);
}
}
else if (ret == 0 && getKey == 0) {
/* An attribute was requested, but none are present. */
ret = BAD_INDEX_E;
}
if (ret == 0 && getKey != 0) {
/* sKeys is present at &skp[skpIndex]. */
ret = wc_IndexSequenceOf(&skp[skpIndex], skpSz - skpIndex, index,
out, outSz);
}
return ret;
}
int wc_PKCS7_DecodeSymmetricKeyPackageAttribute(const byte * skp,
word32 skpSz, size_t index, const byte ** attr, word32 * attrSz)
{
return wc_PKCS7_DecodeSymmetricKeyPackage(skp, skpSz, index, attr, attrSz,
0);
}
int wc_PKCS7_DecodeSymmetricKeyPackageKey(const byte * skp,
word32 skpSz, size_t index, const byte ** key, word32 * keySz)
{
return wc_PKCS7_DecodeSymmetricKeyPackage(skp, skpSz, index, key, keySz, 1);
}
int wc_PKCS7_DecodeOneSymmetricKeyAttribute(const byte * osk,
word32 oskSz, size_t index, const byte ** attr, word32 * attrSz)
{
word32 oskIndex = 0;
word32 tmpIndex;
int length = 0;
int ret = 0;
if (osk == NULL || attr == NULL || attrSz == NULL)
ret = BAD_FUNC_ARG;
/* Expect a SEQUENCE header to start the OneSymmetricKey object. */
if (ret == 0 && GetSequence(osk, &oskIndex, &length, oskSz) < 0)
ret = ASN_PARSE_E;
tmpIndex = oskIndex;
if (ret == 0 && GetSequence(osk, &tmpIndex, &length, oskSz) < 0) {
/* sKeyAttrs is not present. */
ret = BAD_INDEX_E;
}
/* Index the sKeyAttrs SEQUENCE OF object with the given index. */
if (ret == 0)
ret = wc_IndexSequenceOf(&osk[oskIndex], oskSz - oskIndex, index, attr,
attrSz);
return ret;
}
int wc_PKCS7_DecodeOneSymmetricKeyKey(const byte * osk,
word32 oskSz, const byte ** key, word32 * keySz)
{
word32 oskIndex = 0;
int length = 0;
int ret = 0;
if (osk == NULL || key == NULL || keySz == NULL)
ret = BAD_FUNC_ARG;
/* Expect a SEQUENCE header to start the OneSymmetricKey object. */
if (ret == 0 && GetSequence(osk, &oskIndex, &length, oskSz) < 0)
ret = ASN_PARSE_E;
if (ret == 0 && GetSequence(osk, &oskIndex, &length, oskSz) >= 0) {
/* sKeyAttrs is present. Skip it. */
oskIndex += (word32)length;
}
if (ret == 0 && GetASNHeader(osk, ASN_OCTET_STRING, &oskIndex, &length,
oskSz) < 0)
ret = ASN_PARSE_E;
if (ret == 0) {
*key = &osk[oskIndex];
*keySz = (word32)length;
}
return ret;
}
#else /* HAVE_PKCS7 */ #else /* HAVE_PKCS7 */
@@ -15338,4 +15461,3 @@ int wc_PKCS7_DecodeCompressedData(wc_PKCS7* pkcs7, byte* pkiMsg,
#endif /* HAVE_PKCS7 */ #endif /* HAVE_PKCS7 */

2
wolfssl/wolfcrypt/asn.h
View File

@@ -2219,6 +2219,8 @@ WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx); word32 maxIdx);
WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len, WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx, int check); word32 maxIdx, int check);
WOLFSSL_TEST_VIS int wc_IndexSequenceOf(byte const * seqOf, word32 seqOfSz,
size_t seqIndex, byte const ** out, word32 * outSz);
WOLFSSL_LOCAL int GetOctetString(const byte* input, word32* inOutIdx, int* len, WOLFSSL_LOCAL int GetOctetString(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx); word32 maxIdx);
WOLFSSL_LOCAL int CheckBitString(const byte* input, word32* inOutIdx, int* len, WOLFSSL_LOCAL int CheckBitString(const byte* input, word32* inOutIdx, int* len,

11
wolfssl/wolfcrypt/error-crypt.h
View File

@@ -305,14 +305,13 @@ enum wolfCrypt_ErrorCodes {
DEADLOCK_AVERTED_E = -1000, /* Deadlock averted -- retry the call */ DEADLOCK_AVERTED_E = -1000, /* Deadlock averted -- retry the call */
ASCON_AUTH_E = -1001, /* ASCON Authentication check failure */ ASCON_AUTH_E = -1001, /* ASCON Authentication check failure */
WC_ACCEL_INHIBIT_E = -1002, /* Crypto acceleration is currently inhibited */ WC_ACCEL_INHIBIT_E = -1002, /* Crypto acceleration is currently inhibited */
BAD_INDEX_E = -1003, /* Bad index */
WC_SPAN2_LAST_E = -1003, /* Update to indicate last used error code */
WC_LAST_E = -1003, /* the last code used either here or in
* error-ssl.h */
WC_SPAN2_LAST_E = -1002, /* Update to indicate last used error code */
WC_SPAN2_MIN_CODE_E = -1999, /* Last usable code in span 2 */ WC_SPAN2_MIN_CODE_E = -1999, /* Last usable code in span 2 */
WC_LAST_E = -1002, /* the last code used either here or in
* error-ssl.h
*/
MIN_CODE_E = -1999 /* the last code allocated either here or in MIN_CODE_E = -1999 /* the last code allocated either here or in
* error-ssl.h * error-ssl.h
*/ */

10
wolfssl/wolfcrypt/pkcs7.h
View File

@@ -558,10 +558,18 @@ WOLFSSL_API int wc_PKCS7_DecodeCompressedData(wc_PKCS7* pkcs7, byte* pkiMsg,
word32 outputSz); word32 outputSz);
#endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
WOLFSSL_API int wc_PKCS7_DecodeSymmetricKeyPackageAttribute(const byte * skp,
word32 skpSz, size_t index, const byte ** attr, word32 * attrSz);
WOLFSSL_API int wc_PKCS7_DecodeSymmetricKeyPackageKey(const byte * skp,
word32 skpSz, size_t index, const byte ** key, word32 * keySz);
WOLFSSL_API int wc_PKCS7_DecodeOneSymmetricKeyAttribute(const byte * osk,
word32 oskSz, size_t index, const byte ** attr, word32 * attrSz);
WOLFSSL_API int wc_PKCS7_DecodeOneSymmetricKeyKey(const byte * osk,
word32 oskSz, const byte ** key, word32 * keySz);
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */
#endif #endif
#endif /* HAVE_PKCS7 */ #endif /* HAVE_PKCS7 */
#endif /* WOLF_CRYPT_PKCS7_H */ #endif /* WOLF_CRYPT_PKCS7_H */