wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

refactor streaming and additional comments

Browse Source
This commit is contained in:
JacobBarthelmeh
2024-02-01 09:55:18 -07:00
parent c843064681
commit bf23357c8c
5 changed files with 182 additions and 266 deletions
Download Patch File Download Diff File Expand all files Collapse all files

123
wolfcrypt/src/asn.c
View File

@@ -3463,6 +3463,18 @@ word32 SetBitString(word32 len, byte unusedBits, byte* output)
#define BER_OCTET_LENGTH 4096 #define BER_OCTET_LENGTH 4096
/* sets the terminating 0x00 0x00 at the end of an indefinite length
* returns the number of bytes written */
word32 SetIndefEnd(byte* in)
{
byte terminate[] = { 0x00, 0x00 };
if (in != NULL) {
XMEMCPY(in, terminate, 2);
}
return 2;
}
/* Breaks an octet string up into chunks for use with streaming /* Breaks an octet string up into chunks for use with streaming
* returns 0 on success and updates idx */ * returns 0 on success and updates idx */
@@ -3510,50 +3522,6 @@ int StreamOctetString(const byte* in, word32 inSz, byte* out, word32* outSz,
} }
} }
long SetImplicitBer(byte tag, byte num, const byte* data, word32 dataSz,
byte* out, word32* outSz)
{
word32 sz = 0;
long outIdx = 0;
byte berTag = tag;
(void)num;
if (outSz == NULL || data == NULL) {
return BAD_FUNC_ARG;
}
/* create a list of chuncked up octets */
if (tag == ASN_OCTET_STRING) {
berTag = ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC;
}
if (out != NULL) {
if (*outSz < 2) {
return BUFFER_E;
}
out[outIdx] = berTag;
out[outIdx + 1] = ASN_INDEF_LENGTH;
}
outIdx += 2;
sz = *outSz;
StreamOctetString(data, dataSz, out, &sz, (word32*)&outIdx);
if (out) {
out[outIdx] = 0x00;
out[outIdx + 1] = 0x00;
}
outIdx += 2;
if (out) {
return outIdx;
}
else {
*outSz = outIdx;
return LENGTH_ONLY_E;
}
}
/* Convert BER to DER */ /* Convert BER to DER */
@@ -15429,6 +15397,16 @@ word32 SetLength(word32 length, byte* output)
return i; return i;
} }
word32 SetLengthEx(word32 length, byte* output, byte isIndef)
{
if (isIndef) {
output[0] = ASN_INDEF_LENGTH;
return 1;
}
else {
return SetLength(length, output);
}
}
/* Encode a DER header - type/tag and length. /* Encode a DER header - type/tag and length.
* *
* @param [in] tag DER tag of ASN.1 item. * @param [in] tag DER tag of ASN.1 item.
@@ -15436,14 +15414,15 @@ word32 SetLength(word32 length, byte* output)
* @param [out] output Buffer to encode into. * @param [out] output Buffer to encode into.
* @return Number of bytes encoded. * @return Number of bytes encoded.
*/ */
static word32 SetHeader(byte tag, word32 len, byte* output) static word32 SetHeader(byte tag, word32 len, byte* output, byte isIndef)
{ {
if (output) { if (output) {
/* Encode tag first. */ /* Encode tag first. */
output[0] = tag; output[0] = tag;
} }
/* Encode the length. */ /* Encode the length. */
return SetLength(len, output ? output + ASN_TAG_SZ : NULL) + ASN_TAG_SZ; return SetLengthEx(len, output ? output + ASN_TAG_SZ : NULL, isIndef) +
ASN_TAG_SZ;
} }
/* Encode a SEQUENCE header in DER. /* Encode a SEQUENCE header in DER.
@@ -15454,7 +15433,12 @@ static word32 SetHeader(byte tag, word32 len, byte* output)
*/ */
word32 SetSequence(word32 len, byte* output) word32 SetSequence(word32 len, byte* output)
{ {
return SetHeader(ASN_SEQUENCE | ASN_CONSTRUCTED, len, output); return SetHeader(ASN_SEQUENCE | ASN_CONSTRUCTED, len, output, 0);
}
word32 SetSequenceEx(word32 len, byte* output, byte isIndef)
{
return SetHeader(ASN_SEQUENCE | ASN_CONSTRUCTED, len, output, isIndef);
} }
/* Encode an OCTET STRING header in DER. /* Encode an OCTET STRING header in DER.
@@ -15465,7 +15449,14 @@ word32 SetSequence(word32 len, byte* output)
*/ */
word32 SetOctetString(word32 len, byte* output) word32 SetOctetString(word32 len, byte* output)
{ {
return SetHeader(ASN_OCTET_STRING, len, output); return SetHeader(ASN_OCTET_STRING, len, output, 0);
}
word32 SetOctetStringEx(word32 len, byte* output, byte indef)
{
if (indef)
return SetHeader(ASN_OCTET_STRING | ASN_CONSTRUCTED, len, output, indef);
return SetOctetString(len, output);
} }
/* Encode a SET header in DER. /* Encode a SET header in DER.
@@ -15476,7 +15467,7 @@ word32 SetOctetString(word32 len, byte* output)
*/ */
word32 SetSet(word32 len, byte* output) word32 SetSet(word32 len, byte* output)
{ {
return SetHeader(ASN_SET | ASN_CONSTRUCTED, len, output); return SetHeader(ASN_SET | ASN_CONSTRUCTED, len, output, 0);
} }
/* Encode an implicit context specific header in DER. /* Encode an implicit context specific header in DER.
@@ -15489,11 +15480,23 @@ word32 SetSet(word32 len, byte* output)
* @param [out] output Buffer to encode into. * @param [out] output Buffer to encode into.
* @return Number of bytes encoded. * @return Number of bytes encoded.
*/ */
word32 SetImplicit(byte tag, byte number, word32 len, byte* output) word32 SetImplicit(byte tag, byte number, word32 len, byte* output, byte isIndef)
{ {
tag = (byte)(((tag == ASN_SEQUENCE || tag == ASN_SET) ? ASN_CONSTRUCTED : 0) int useIndef = 0;
| ASN_CONTEXT_SPECIFIC | number);
return SetHeader(tag, len, output); if ((tag == ASN_OCTET_STRING) && isIndef) {
tag = ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | number;
}
else {
tag = (byte)(((tag == ASN_SEQUENCE || tag == ASN_SET) ?
ASN_CONSTRUCTED : 0) | ASN_CONTEXT_SPECIFIC | number);
}
if (isIndef && (tag & ASN_CONSTRUCTED)) {
useIndef = 1;
}
return SetHeader(tag, len, output, useIndef);
} }
/* Encode an explicit context specific header in DER. /* Encode an explicit context specific header in DER.
@@ -15505,10 +15508,10 @@ word32 SetImplicit(byte tag, byte number, word32 len, byte* output)
* @param [out] output Buffer to encode into. * @param [out] output Buffer to encode into.
* @return Number of bytes encoded. * @return Number of bytes encoded.
*/ */
word32 SetExplicit(byte number, word32 len, byte* output) word32 SetExplicit(byte number, word32 len, byte* output, byte isIndef)
{ {
return SetHeader((byte)(ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | number), return SetHeader((byte)(ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | number),
len, output); len, output, isIndef);
} }
#if defined(OPENSSL_EXTRA) #if defined(OPENSSL_EXTRA)
@@ -15534,8 +15537,8 @@ word32 SetOthername(void *name, byte *output)
nameSz = (word32)nm->value->value.utf8string->length; nameSz = (word32)nm->value->value.utf8string->length;
len = nm->type_id->objSz + len = nm->type_id->objSz +
SetHeader(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC, nameSz + 2, NULL) + SetHeader(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC, nameSz + 2, NULL, 0) +
SetHeader(CTC_UTF8, nameSz, NULL) + nameSz; SetHeader(CTC_UTF8, nameSz, NULL, 0) + nameSz;
if (output != NULL) { if (output != NULL) {
/* otherName OID */ /* otherName OID */
@@ -15543,9 +15546,9 @@ word32 SetOthername(void *name, byte *output)
output += nm->type_id->objSz; output += nm->type_id->objSz;
output += SetHeader(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC, nameSz + 2, output += SetHeader(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC, nameSz + 2,
output); output, 0);
output += SetHeader(CTC_UTF8, nameSz, output); output += SetHeader(CTC_UTF8, nameSz, output, 0);
XMEMCPY(output, nameStr, nameSz); XMEMCPY(output, nameStr, nameSz);
} }
@@ -34549,7 +34552,7 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
/* pubKey */ /* pubKey */
if (pubKey) { if (pubKey) {
idx += SetHeader(ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_PUBKEY | idx += SetHeader(ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_PUBKEY |
1, pubKeyLen, output + idx); 1, pubKeyLen, output + idx, 0);
XMEMCPY(output + idx, pubKey, pubKeyLen); XMEMCPY(output + idx, pubKey, pubKeyLen);
idx += pubKeyLen; idx += pubKeyLen;
} }

2
wolfcrypt/src/pkcs12.c
View File

@@ -1836,7 +1836,7 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng,
/* rewind index and set tag and length */ /* rewind index and set tag and length */
tmpIdx -= MAX_LENGTH_SZ + 1; tmpIdx -= MAX_LENGTH_SZ + 1;
sz = (word32)SetExplicit(0, (word32)ret, out + tmpIdx); sz = (word32)SetExplicit(0, (word32)ret, out + tmpIdx, 0);
tmpIdx += sz; totalSz += sz; tmpIdx += sz; totalSz += sz;
XMEMMOVE(out + tmpIdx, out + MAX_LENGTH_SZ + 1, (size_t)ret); XMEMMOVE(out + tmpIdx, out + MAX_LENGTH_SZ + 1, (size_t)ret);

292
wolfcrypt/src/pkcs7.c
View File

@@ -2463,29 +2463,16 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
esd->contentInfoSeqSz = SetSequence(pkcs7->contentTypeSz, esd->contentInfoSeqSz = SetSequence(pkcs7->contentTypeSz,
esd->contentInfoSeq); esd->contentInfoSeq);
} }
#ifdef ASN_BER_TO_DER
else if (pkcs7->encodeStream) {
byte tmp[] = { 0xA0, 0x80 };
byte tmpSeq[] = { 0x30, 0x80 };
byte tmpStr[] = { 0x24, 0x80 };
XMEMCPY(esd->innerContSeq, tmp, 2);
esd->innerContSeqSz = 2;
XMEMCPY(esd->contentInfoSeq, tmpSeq, 2);
esd->contentInfoSeqSz = 2;
XMEMCPY(esd->innerOctets, tmpStr, 2);
esd->innerOctetsSz = 2;
}
#endif
else { else {
esd->innerOctetsSz = SetOctetString(pkcs7->contentSz, esd->innerOctets); esd->innerOctetsSz = SetOctetStringEx(pkcs7->contentSz, esd->innerOctets,
pkcs7->encodeStream);
esd->innerContSeqSz = SetExplicit(0, esd->innerOctetsSz + esd->innerContSeqSz = SetExplicit(0, esd->innerOctetsSz +
pkcs7->contentSz, esd->innerContSeq); pkcs7->contentSz, esd->innerContSeq,
esd->contentInfoSeqSz = SetSequence(pkcs7->contentSz + pkcs7->encodeStream);
esd->contentInfoSeqSz = SetSequenceEx(pkcs7->contentSz +
esd->innerOctetsSz + pkcs7->contentTypeSz + esd->innerOctetsSz + pkcs7->contentTypeSz +
esd->innerContSeqSz, esd->contentInfoSeq); esd->innerContSeqSz, esd->contentInfoSeq,
pkcs7->encodeStream);
} }
/* SignerIdentifier */ /* SignerIdentifier */
@@ -2512,7 +2499,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
/* SubjectKeyIdentifier */ /* SubjectKeyIdentifier */
esd->issuerSKIDSz = SetOctetString(keyIdSize, esd->issuerSKID); esd->issuerSKIDSz = SetOctetString(keyIdSize, esd->issuerSKID);
esd->issuerSKIDSeqSz = SetExplicit(0, esd->issuerSKIDSz + keyIdSize, esd->issuerSKIDSeqSz = SetExplicit(0, esd->issuerSKIDSz + keyIdSize,
esd->issuerSKIDSeq); esd->issuerSKIDSeq, 0);
signerInfoSz += (esd->issuerSKIDSz + esd->issuerSKIDSeqSz + keyIdSize); signerInfoSz += (esd->issuerSKIDSz + esd->issuerSKIDSeqSz + keyIdSize);
/* version MUST be 3 */ /* version MUST be 3 */
@@ -2567,7 +2554,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
FlattenAttributes(pkcs7, flatSignedAttribs, FlattenAttributes(pkcs7, flatSignedAttribs,
esd->signedAttribs, esd->signedAttribsCount); esd->signedAttribs, esd->signedAttribsCount);
esd->signedAttribSetSz = SetImplicit(ASN_SET, 0, esd->signedAttribsSz, esd->signedAttribSetSz = SetImplicit(ASN_SET, 0, esd->signedAttribsSz,
esd->signedAttribSet); esd->signedAttribSet, 0);
} else { } else {
esd->signedAttribSetSz = 0; esd->signedAttribSetSz = 0;
} }
@@ -2604,7 +2591,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
certPtr = NULL; certPtr = NULL;
if (certSetSz > 0) if (certSetSz > 0)
esd->certsSetSz = SetImplicit(ASN_SET, 0, certSetSz, esd->certsSet); esd->certsSetSz = SetImplicit(ASN_SET, 0, certSetSz, esd->certsSet, 0);
if (pkcs7->sidType != DEGENERATE_SID) { if (pkcs7->sidType != DEGENERATE_SID) {
esd->singleDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->singleDigAlgoId, esd->singleDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->singleDigAlgoId,
@@ -2627,10 +2614,10 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
#ifdef ASN_BER_TO_DER #ifdef ASN_BER_TO_DER
if (pkcs7->encodeStream) { if (pkcs7->encodeStream) {
word32 sz = 0, tmpIdx = 0; word32 sz = 0, tmpIdx = 0;
totalSz += 6; /* 00's for BER with inner content */ totalSz += (3 * ASN_INDEF_END_SZ) ; /* 00's for BER with inner content */
StreamOctetString(pkcs7->content, pkcs7->contentSz, NULL, &sz, &tmpIdx); StreamOctetString(pkcs7->content, pkcs7->contentSz, NULL, &sz, &tmpIdx);
totalSz += sz + 6; totalSz += sz + (3 * ASN_INDEF_END_SZ);
} }
else else
#endif #endif
@@ -2643,32 +2630,27 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
totalSz -= pkcs7->contentSz; totalSz -= pkcs7->contentSz;
} }
#ifdef ASN_BER_TO_DER
if (pkcs7->encodeStream) {
byte tmp[] = { 0xA0, 0x80 };
byte tmpSeq[] = { 0x30, 0x80 };
XMEMCPY(esd->innerSeq, tmpSeq, 2);
esd->innerSeqSz = 2;
totalSz += esd->innerSeqSz + 2;
XMEMCPY(esd->outerContent, tmp, 2);
esd->outerContentSz = 2;
totalSz += esd->outerContentSz + 2 + signedDataOidSz;
XMEMCPY(esd->outerSeq, tmpSeq, 2);
esd->outerSeqSz = 2;
totalSz += esd->outerSeqSz + 2;
}
else
#endif
{ {
esd->innerSeqSz = SetSequence(totalSz + total2Sz, esd->innerSeq); esd->innerSeqSz = SetSequenceEx(totalSz + total2Sz, esd->innerSeq,
pkcs7->encodeStream);
totalSz += esd->innerSeqSz; totalSz += esd->innerSeqSz;
esd->outerContentSz = SetExplicit(0, totalSz + total2Sz, esd->outerContent); if (pkcs7->encodeStream) {
totalSz += ASN_INDEF_END_SZ;
}
esd->outerContentSz = SetExplicit(0, totalSz + total2Sz,
esd->outerContent, pkcs7->encodeStream);
totalSz += esd->outerContentSz + signedDataOidSz; totalSz += esd->outerContentSz + signedDataOidSz;
esd->outerSeqSz = SetSequence(totalSz + total2Sz, esd->outerSeq); if (pkcs7->encodeStream) {
totalSz += ASN_INDEF_END_SZ;
}
esd->outerSeqSz = SetSequenceEx(totalSz + total2Sz, esd->outerSeq,
pkcs7->encodeStream);
totalSz += esd->outerSeqSz; totalSz += esd->outerSeqSz;
if (pkcs7->encodeStream) {
totalSz += ASN_INDEF_END_SZ;
}
} }
/* if using header/footer, we are not returning the content */ /* if using header/footer, we are not returning the content */
@@ -2748,12 +2730,15 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
if (pkcs7->encodeStream) { if (pkcs7->encodeStream) {
StreamOctetString(pkcs7->content, pkcs7->contentSz, output, StreamOctetString(pkcs7->content, pkcs7->contentSz, output,
outputSz, (word32*)&idx); outputSz, (word32*)&idx);
output[idx++] = 0x00;
output[idx++] = 0x00; /* end of content octet string */
output[idx++] = 0x00; idx += SetIndefEnd(output + idx);
output[idx++] = 0x00;
output[idx++] = 0x00; /* end of inner content seq */
output[idx++] = 0x00; idx += SetIndefEnd(output + idx);
/* end of inner content info seq */
idx += SetIndefEnd(output + idx);
} }
else else
#endif #endif
@@ -2831,16 +2816,14 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
#ifdef ASN_BER_TO_DER #ifdef ASN_BER_TO_DER
if (pkcs7->encodeStream) { if (pkcs7->encodeStream) {
byte tmp[] = { 0x00, 0x00 }; /* end of signedData seq */
idx += SetIndefEnd(output2 + idx);
XMEMCPY(output2 + idx, tmp, 2); /* end of outer content set */
idx += 2; idx += SetIndefEnd(output2 + idx);
XMEMCPY(output2 + idx, tmp, 2); /* end of outer content info seq */
idx += 2; idx += SetIndefEnd(output2 + idx);
XMEMCPY(output2 + idx, tmp, 2);
idx += 2;
} }
#endif #endif
@@ -6097,7 +6080,7 @@ static int wc_PKCS7_KariGenerateSharedInfo(WC_PKCS7_KARI* kari, int keyWrapOID)
/* suppPubInfo */ /* suppPubInfo */
suppPubInfoSeqSz = SetImplicit(ASN_SEQUENCE, 2, suppPubInfoSeqSz = SetImplicit(ASN_SEQUENCE, 2,
kekOctetSz + sizeof(word32), kekOctetSz + sizeof(word32),
suppPubInfoSeq); suppPubInfoSeq, 0);
sharedInfoSz += suppPubInfoSeqSz; sharedInfoSz += suppPubInfoSeqSz;
/* optional ukm/entityInfo */ /* optional ukm/entityInfo */
@@ -6107,7 +6090,7 @@ static int wc_PKCS7_KariGenerateSharedInfo(WC_PKCS7_KARI* kari, int keyWrapOID)
entityUInfoExplicitSz = SetExplicit(0, entityUInfoOctetSz + entityUInfoExplicitSz = SetExplicit(0, entityUInfoOctetSz +
kari->ukmSz, kari->ukmSz,
entityUInfoExplicitSeq); entityUInfoExplicitSeq, 0);
sharedInfoSz += entityUInfoExplicitSz; sharedInfoSz += entityUInfoExplicitSz;
} }
@@ -6483,7 +6466,7 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
/* RecipientKeyIdentifier IMPLICIT [0] */ /* RecipientKeyIdentifier IMPLICIT [0] */
recipKeyIdSeqSz = SetImplicit(ASN_SEQUENCE, 0, subjKeyIdOctetSz + recipKeyIdSeqSz = SetImplicit(ASN_SEQUENCE, 0, subjKeyIdOctetSz +
keyIdSize, recipKeyIdSeq); keyIdSize, recipKeyIdSeq, 0);
totalSz += recipKeyIdSeqSz; totalSz += recipKeyIdSeqSz;
/* RecipientEncryptedKey */ /* RecipientEncryptedKey */
@@ -6501,7 +6484,7 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
totalSz += (ukmOctetSz + kari->ukmSz); totalSz += (ukmOctetSz + kari->ukmSz);
ukmExplicitSz = SetExplicit(1, ukmOctetSz + kari->ukmSz, ukmExplicitSz = SetExplicit(1, ukmOctetSz + kari->ukmSz,
ukmExplicitSeq); ukmExplicitSeq, 0);
totalSz += ukmExplicitSz; totalSz += ukmExplicitSz;
} }
@@ -6535,14 +6518,14 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
/* outer OriginatorPublicKey IMPLICIT [1] */ /* outer OriginatorPublicKey IMPLICIT [1] */
origPubKeySeqSz = SetImplicit(ASN_SEQUENCE, 1, origPubKeySeqSz = SetImplicit(ASN_SEQUENCE, 1,
origAlgIdSz + origPubKeyStrSz + origAlgIdSz + origPubKeyStrSz +
kari->senderKeyExportSz, origPubKeySeq); kari->senderKeyExportSz, origPubKeySeq, 0);
totalSz += origPubKeySeqSz; totalSz += origPubKeySeqSz;
/* outer OriginatorIdentifierOrKey IMPLICIT [0] */ /* outer OriginatorIdentifierOrKey IMPLICIT [0] */
origIdOrKeySeqSz = SetImplicit(ASN_SEQUENCE, 0, origIdOrKeySeqSz = SetImplicit(ASN_SEQUENCE, 0,
origPubKeySeqSz + origAlgIdSz + origPubKeySeqSz + origAlgIdSz +
origPubKeyStrSz + kari->senderKeyExportSz, origPubKeyStrSz + kari->senderKeyExportSz,
origIdOrKeySeq); origIdOrKeySeq, 0);
totalSz += origIdOrKeySeqSz; totalSz += origIdOrKeySeqSz;
/* version, always 3 */ /* version, always 3 */
@@ -6551,7 +6534,7 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
recip->recipVersion = 3; recip->recipVersion = 3;
/* outer IMPLICIT [1] kari */ /* outer IMPLICIT [1] kari */
kariSeqSz = SetImplicit(ASN_SEQUENCE, 1, totalSz, kariSeq); kariSeqSz = SetImplicit(ASN_SEQUENCE, 1, totalSz, kariSeq, 0);
totalSz += kariSeqSz; totalSz += kariSeqSz;
if (totalSz > MAX_RECIP_SZ) { if (totalSz > MAX_RECIP_SZ) {
@@ -7666,7 +7649,7 @@ int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb,
oriTypeLenSz = SetLength(oriTypeSz, oriTypeLen); oriTypeLenSz = SetLength(oriTypeSz, oriTypeLen);
recipSeqSz = SetImplicit(ASN_SEQUENCE, 4, 1 + oriTypeLenSz + oriTypeSz + recipSeqSz = SetImplicit(ASN_SEQUENCE, 4, 1 + oriTypeLenSz + oriTypeSz +
oriValueSz, recipSeq); oriValueSz, recipSeq, 0);
idx = 0; idx = 0;
XMEMCPY(recip->recip + idx, recipSeq, recipSeqSz); XMEMCPY(recip->recip + idx, recipSeq, recipSeqSz);
@@ -8116,7 +8099,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
/* set KeyDerivationAlgorithmIdentifier EXPLICIT [0] SEQ */ /* set KeyDerivationAlgorithmIdentifier EXPLICIT [0] SEQ */
kdfAlgoIdSeqSz = SetExplicit(0, kdfAlgoIdSz + kdfParamsSeqSz + kdfAlgoIdSeqSz = SetExplicit(0, kdfAlgoIdSz + kdfParamsSeqSz +
kdfSaltOctetStrSz + saltSz + kdfIterationsSz, kdfSaltOctetStrSz + saltSz + kdfIterationsSz,
kdfAlgoIdSeq); kdfAlgoIdSeq, 0);
totalSz += kdfAlgoIdSeqSz; totalSz += kdfAlgoIdSeqSz;
/* set PasswordRecipientInfo CMSVersion, MUST be 0 */ /* set PasswordRecipientInfo CMSVersion, MUST be 0 */
@@ -8125,7 +8108,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
recip->recipVersion = 0; recip->recipVersion = 0;
/* set PasswordRecipientInfo SEQ */ /* set PasswordRecipientInfo SEQ */
recipSeqSz = SetImplicit(ASN_SEQUENCE, 3, totalSz, recipSeq); recipSeqSz = SetImplicit(ASN_SEQUENCE, 3, totalSz, recipSeq, 0);
totalSz += recipSeqSz; totalSz += recipSeqSz;
if (totalSz > MAX_RECIP_SZ) { if (totalSz > MAX_RECIP_SZ) {
@@ -8368,7 +8351,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
recip->recipVersion = 4; recip->recipVersion = 4;
/* KEKRecipientInfo SEQ */ /* KEKRecipientInfo SEQ */
recipSeqSz = SetImplicit(ASN_SEQUENCE, 2, totalSz, recipSeq); recipSeqSz = SetImplicit(ASN_SEQUENCE, 2, totalSz, recipSeq, 0);
totalSz += recipSeqSz; totalSz += recipSeqSz;
if (totalSz > MAX_RECIP_SZ) { if (totalSz > MAX_RECIP_SZ) {
@@ -8672,32 +8655,12 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
return ret; return ret;
} }
#ifdef ASN_BER_TO_DER
if (pkcs7->encodeStream) {
int err;
byte tmp[] = { 0x30, 0x80};
err = SetImplicitBer(ASN_OCTET_STRING, 0, encryptedContent,
encryptedOutSz, NULL, (word32*)&encContentOctetSz);
if (err != LENGTH_ONLY_E) {
}
encContentOctetSz -= encryptedOutSz;
XMEMCPY(encContentSeq, tmp, 2);
encContentSeqSz = 2;
}
else
#endif
{
encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0, encryptedOutSz, encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0, encryptedOutSz,
encContentOctet); encContentOctet, pkcs7->encodeStream);
encContentSeqSz = SetSequence(contentTypeSz + contentEncAlgoSz + encContentSeqSz = SetSequenceEx(contentTypeSz + contentEncAlgoSz +
ivOctetStringSz + blockSz + ivOctetStringSz + blockSz +
encContentOctetSz + encryptedOutSz, encContentOctetSz + encryptedOutSz,
encContentSeq); encContentSeq, pkcs7->encodeStream);
}
/* keep track of sizes for outer wrapper layering */ /* keep track of sizes for outer wrapper layering */
totalSz = verSz + recipSetSz + recipSz + encContentSeqSz + contentTypeSz + totalSz = verSz + recipSetSz + recipSz + encContentSeqSz + contentTypeSz +
@@ -8707,53 +8670,47 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
/* EnvelopedData */ /* EnvelopedData */
#ifdef ASN_BER_TO_DER #ifdef ASN_BER_TO_DER
if (pkcs7->encodeStream) { if (pkcs7->encodeStream) {
byte tmp[] = { 0x30, 0x80}; word32 streamSz = 0, tmpIdx = 0;
/* account for ending of encContentOctet */
totalSz += ASN_INDEF_END_SZ;
/* account for ending of encContentSeq */ /* account for ending of encContentSeq */
totalSz += 2; totalSz += ASN_INDEF_END_SZ;
XMEMCPY(envDataSeq, tmp, 2); /* account for asn1 syntax around octet strings */
envDataSeqSz = 2; StreamOctetString(NULL, encryptedOutSz, NULL, &streamSz, &tmpIdx);
totalSz += 2; /* 30 80 00 00 */ totalSz += (streamSz - encryptedOutSz);
} }
else
#endif #endif
{ envDataSeqSz = SetSequenceEx(totalSz, envDataSeq, pkcs7->encodeStream);
envDataSeqSz = SetSequence(totalSz, envDataSeq);
}
totalSz += envDataSeqSz; totalSz += envDataSeqSz;
/* outer content */
#ifdef ASN_BER_TO_DER #ifdef ASN_BER_TO_DER
if (pkcs7->encodeStream) { if (pkcs7->encodeStream) {
byte tmp[] = { 0xA0, 0x80}; totalSz += ASN_INDEF_END_SZ;
XMEMCPY(outerContent, tmp, 2);
outerContentSz = 2;
totalSz += 2; /* A0 80 00 00 */
} }
else
#endif #endif
{
outerContentSz = SetExplicit(0, totalSz, outerContent); /* outer content */
outerContentSz = SetExplicit(0, totalSz, outerContent, pkcs7->encodeStream);
#ifdef ASN_BER_TO_DER
if (pkcs7->encodeStream) {
totalSz += ASN_INDEF_END_SZ;
} }
#endif
totalSz += outerContentTypeSz; totalSz += outerContentTypeSz;
totalSz += outerContentSz; totalSz += outerContentSz;
if (pkcs7->contentOID != FIRMWARE_PKG_DATA) { if (pkcs7->contentOID != FIRMWARE_PKG_DATA) {
/* ContentInfo */ /* ContentInfo */
contentInfoSeqSz = SetSequenceEx(totalSz, contentInfoSeq,
pkcs7->encodeStream);
totalSz += contentInfoSeqSz;
#ifdef ASN_BER_TO_DER #ifdef ASN_BER_TO_DER
if (pkcs7->encodeStream) { if (pkcs7->encodeStream) {
byte tmp[] = { 0x30, 0x80}; totalSz += ASN_INDEF_END_SZ;
XMEMCPY(contentInfoSeq, tmp, 2);
contentInfoSeqSz = 2;
totalSz += contentInfoSeqSz + 2; /* 30 80 00 00 */
} }
else
#endif #endif
{
contentInfoSeqSz = SetSequence(totalSz, contentInfoSeq);
totalSz += contentInfoSeqSz;
}
} }
if (totalSz > (int)outputSz) { if (totalSz > (int)outputSz) {
@@ -8798,50 +8755,35 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
idx += ivOctetStringSz; idx += ivOctetStringSz;
XMEMCPY(output + idx, tmpIv, blockSz); XMEMCPY(output + idx, tmpIv, blockSz);
idx += blockSz; idx += blockSz;
XMEMCPY(output + idx, encContentOctet, encContentOctetSz);
idx += encContentOctetSz;
/* stream the content (octet string with multiple octet elements) */
#ifdef ASN_BER_TO_DER #ifdef ASN_BER_TO_DER
/* stream the content (octet string with multiple octet elements) */
if (pkcs7->encodeStream) { if (pkcs7->encodeStream) {
int err; if (StreamOctetString(encryptedContent, encryptedOutSz, output,
byte* tmp; &outputSz, (word32*)&idx) != 0) {
byte tmpPad[] = { 0x00, 0x00}; return BUFFER_E;
tmp = XMALLOC(encContentOctetSz + encryptedOutSz, pkcs7->heap,
DYNAMIC_TYPE_PKCS7);
if (tmp == NULL) {
return MEMORY_E;
} }
err = SetImplicitBer(ASN_OCTET_STRING, 0, encryptedContent, /* end of encrypted content */
encryptedOutSz, tmp, (word32*)&encContentOctetSz); idx += SetIndefEnd(output + idx);
if (err <= 0) {
return ASN_PARSE_E;
}
XMEMCPY(output + idx, tmp, err);
idx += err;
/* end of encrypted content info */ /* end of encrypted content info */
XMEMCPY(output + idx, tmpPad, 2); idx += SetIndefEnd(output + idx);
idx += 2;
/* end of Enveloped Data seq */ /* end of Enveloped Data seq */
XMEMCPY(output + idx, tmpPad, 2); idx += SetIndefEnd(output + idx);
idx += 2;
/* end of outer content set */ /* end of outer content set */
XMEMCPY(output + idx, tmpPad, 2); idx += SetIndefEnd(output + idx);
idx += 2;
/* end of outer content info seq */ /* end of outer content info seq */
XMEMCPY(output + idx, tmpPad, 2); idx += SetIndefEnd(output + idx);
idx += 2;
XFREE(tmp, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
} }
else else
#endif #endif
{ {
XMEMCPY(output + idx, encContentOctet, encContentOctetSz);
idx += encContentOctetSz;
XMEMCPY(output + idx, encryptedContent, encryptedOutSz); XMEMCPY(output + idx, encryptedContent, encryptedOutSz);
idx += encryptedOutSz; idx += encryptedOutSz;
} }
@@ -11687,7 +11629,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
} }
authAttribsSetSz = SetImplicit(ASN_SET, 1, authAttribsSz, authAttribsSetSz = SetImplicit(ASN_SET, 1, authAttribsSz,
authAttribSet); authAttribSet, 0);
/* From RFC5083, "For the purpose of constructing the AAD, the /* From RFC5083, "For the purpose of constructing the AAD, the
* IMPLICIT [1] tag in the authAttrs field is not used for the * IMPLICIT [1] tag in the authAttrs field is not used for the
@@ -11733,7 +11675,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
FlattenAttributes(pkcs7, flatUnauthAttribs, unauthAttribs, FlattenAttributes(pkcs7, flatUnauthAttribs, unauthAttribs,
unauthAttribsCount); unauthAttribsCount);
unauthAttribsSetSz = SetImplicit(ASN_SET, 2, unauthAttribsSz, unauthAttribsSetSz = SetImplicit(ASN_SET, 2, unauthAttribsSz,
unauthAttribSet); unauthAttribSet, 0);
} }
/* AES-GCM/CCM does NOT require padding for plaintext content or /* AES-GCM/CCM does NOT require padding for plaintext content or
@@ -11844,24 +11786,8 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#ifdef ASN_BER_TO_DER
if (pkcs7->encodeStream) {
int err;
err = SetImplicitBer(ASN_OCTET_STRING, 0, encryptedContent,
encryptedOutSz, NULL, (word32*)&encContentOctetSz);
if (err != LENGTH_ONLY_E) {
}
encContentOctetSz -= encryptedOutSz;
}
else
#endif
{
encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0, encryptedOutSz, encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0, encryptedOutSz,
encContentOctet); encContentOctet, 0);
}
encContentSeqSz = SetSequence(contentTypeSz + contentEncAlgoSz + encContentSeqSz = SetSequence(contentTypeSz + contentEncAlgoSz +
nonceOctetStringSz + nonceSz + macIntSz + nonceOctetStringSz + nonceSz + macIntSz +
algoParamSeqSz + encContentOctetSz + algoParamSeqSz + encContentOctetSz +
@@ -11881,7 +11807,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
totalSz += envDataSeqSz; totalSz += envDataSeqSz;
/* outer content */ /* outer content */
outerContentSz = SetExplicit(0, totalSz, outerContent); outerContentSz = SetExplicit(0, totalSz, outerContent, 0);
totalSz += outerContentTypeSz; totalSz += outerContentTypeSz;
totalSz += outerContentSz; totalSz += outerContentSz;
@@ -11936,28 +11862,10 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
idx += macIntSz; idx += macIntSz;
#ifdef ASN_BER_TO_DER
if (pkcs7->encodeStream) {
int err;
byte* tmp = malloc(encContentOctetSz + encryptedOutSz);
err = SetImplicitBer(ASN_OCTET_STRING, 0, encryptedContent,
encryptedOutSz, tmp, (word32*)&encContentOctetSz);
if (err <= 0) {
return ASN_PARSE_E;
}
XMEMCPY(output + idx, tmp, encContentOctetSz);
idx += encContentOctetSz;
}
else
#endif
{
XMEMCPY(output + idx, encContentOctet, encContentOctetSz); XMEMCPY(output + idx, encContentOctet, encContentOctetSz);
idx += encContentOctetSz; idx += encContentOctetSz;
XMEMCPY(output + idx, encryptedContent, encryptedOutSz); XMEMCPY(output + idx, encryptedContent, encryptedOutSz);
idx += encryptedOutSz; idx += encryptedOutSz;
}
/* authenticated attributes */ /* authenticated attributes */
if (flatAuthAttribs && authAttribsSz > 0) { if (flatAuthAttribs && authAttribsSz > 0) {
@@ -12764,7 +12672,7 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
} }
encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0, encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0,
encryptedOutSz, encContentOctet); encryptedOutSz, encContentOctet, 0);
encContentSeqSz = SetSequence(contentTypeSz + contentEncAlgoSz + encContentSeqSz = SetSequence(contentTypeSz + contentEncAlgoSz +
ivOctetStringSz + blockSz + ivOctetStringSz + blockSz +
@@ -12810,7 +12718,7 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return ret; return ret;
} }
attribsSetSz = SetImplicit(ASN_SET, 1, attribsSz, attribSet); attribsSetSz = SetImplicit(ASN_SET, 1, attribsSz, attribSet, 0);
} else { } else {
attribsSz = 0; attribsSz = 0;
@@ -12828,7 +12736,7 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
if (pkcs7->version != 3) { if (pkcs7->version != 3) {
/* outer content */ /* outer content */
outerContentSz = SetExplicit(0, totalSz, outerContent); outerContentSz = SetExplicit(0, totalSz, outerContent, 0);
totalSz += outerContentTypeSz; totalSz += outerContentTypeSz;
totalSz += outerContentSz; totalSz += outerContentSz;
/* ContentInfo */ /* ContentInfo */
@@ -13427,7 +13335,7 @@ int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output, word32 outputSz)
totalSz = contentOctetStrSz + compressedSz; totalSz = contentOctetStrSz + compressedSz;
/* EXPLICIT [0] eContentType */ /* EXPLICIT [0] eContentType */
contentSeqSz = SetExplicit(0, totalSz, contentSeq); contentSeqSz = SetExplicit(0, totalSz, contentSeq, 0);
totalSz += contentSeqSz; totalSz += contentSeqSz;
/* eContentType OBJECT IDENTIFIER */ /* eContentType OBJECT IDENTIFIER */
@@ -13487,7 +13395,7 @@ int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output, word32 outputSz)
*/ */
/* ContentInfo content EXPLICIT SEQUENCE */ /* ContentInfo content EXPLICIT SEQUENCE */
contentInfoContentSeqSz = SetExplicit(0, totalSz, contentInfoContentSeq); contentInfoContentSeqSz = SetExplicit(0, totalSz, contentInfoContentSeq, 0);
totalSz += contentInfoContentSeqSz; totalSz += contentInfoContentSeqSz;
ret = wc_SetContentType(COMPRESSED_DATA, contentInfoTypeOid, ret = wc_SetContentType(COMPRESSED_DATA, contentInfoTypeOid,

13
wolfssl/wolfcrypt/asn.h
View File

@@ -1023,6 +1023,7 @@ enum Misc_ASN {
#endif #endif
TRAILING_ZERO = 1, /* Used for size of zero pad */ TRAILING_ZERO = 1, /* Used for size of zero pad */
ASN_TAG_SZ = 1, /* single byte ASN.1 tag */ ASN_TAG_SZ = 1, /* single byte ASN.1 tag */
ASN_INDEF_END_SZ = 2, /* 0x00 0x00 at end of indef */
MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */ MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */
MAX_X509_VERSION = 3, /* Max X509 version allowed */ MAX_X509_VERSION = 3, /* Max X509 version allowed */
MIN_X509_VERSION = 0, /* Min X509 version allowed */ MIN_X509_VERSION = 0, /* Min X509 version allowed */
@@ -2276,14 +2277,18 @@ WOLFSSL_LOCAL word32 SetASNExplicit(byte number, word32 len, byte* output);
WOLFSSL_LOCAL word32 SetASNSet(word32 len, byte* output); WOLFSSL_LOCAL word32 SetASNSet(word32 len, byte* output);
WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output); WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output);
WOLFSSL_LOCAL word32 SetLengthEx(word32 length, byte* output, byte isIndef);
WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output); WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output);
WOLFSSL_LOCAL word32 SetSequenceEx(word32 len, byte* output, byte isIndef);
WOLFSSL_LOCAL word32 SetIndefEnd(byte* in);
WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output); WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output);
WOLFSSL_LOCAL word32 SetOctetStringEx(word32 len, byte* output, byte indef);
WOLFSSL_LOCAL int SetASNInt(int len, byte firstByte, byte* output); WOLFSSL_LOCAL int SetASNInt(int len, byte firstByte, byte* output);
WOLFSSL_LOCAL word32 SetBitString(word32 len, byte unusedBits, byte* output); WOLFSSL_LOCAL word32 SetBitString(word32 len, byte unusedBits, byte* output);
WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output); WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output,
WOLFSSL_LOCAL long SetImplicitBer(byte tag, byte num, const byte* data, word32 dataSz, byte isIndef);
byte* out, word32* outSz); WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output,
WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output); byte isIndef);
WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output); WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output);
WOLFSSL_API word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz); WOLFSSL_API word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz);
WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header); WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header);

2
wolfssl/wolfcrypt/pkcs7.h
View File

@@ -247,8 +247,8 @@ struct PKCS7 {
#ifdef ASN_BER_TO_DER #ifdef ASN_BER_TO_DER
byte* der; /* DER encoded version of message */ byte* der; /* DER encoded version of message */
word32 derSz; word32 derSz;
byte encodeStream; /* use BER when encoding */
#endif #endif
byte encodeStream:1; /* use BER when encoding */
byte noCerts:1; /* if certificates should be added into bundle byte noCerts:1; /* if certificates should be added into bundle
during creation */ during creation */
byte* cert[MAX_PKCS7_CERTS]; /* array of certs parsed from bundle */ byte* cert[MAX_PKCS7_CERTS]; /* array of certs parsed from bundle */