wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for CMAC compatibility layer with AES CBC disabled. CMAC code cleanups. Fixes for "make check" with AES CBC disabled.

Browse Source
This commit is contained in:
David Garske
2021-08-18 11:30:18 -07:00
parent d1e027b6fa
commit c5f9e55567
8 changed files with 180 additions and 137 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/ssl.c
View File

@@ -33835,7 +33835,8 @@ const WOLFSSL_EVP_MD *wolfSSL_HMAC_CTX_get_md(const WOLFSSL_HMAC_CTX *ctx)
return wolfSSL_macType2EVP_md((enum wc_HashType)ctx->type);
}
#if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA)
#if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_AES_DIRECT)
WOLFSSL_CMAC_CTX* wolfSSL_CMAC_CTX_new(void)
{
WOLFSSL_CMAC_CTX* ctx = NULL;
@@ -33894,13 +33895,10 @@ int wolfSSL_CMAC_Init(WOLFSSL_CMAC_CTX* ctx, const void *key, size_t keyLen,
WOLFSSL_ENTER("wolfSSL_CMAC_Init");
if (ctx == NULL || cipher == NULL
#ifdef HAVE_AES_CBC
|| (cipher != EVP_AES_128_CBC &&
if (ctx == NULL || cipher == NULL || (
cipher != EVP_AES_128_CBC &&
cipher != EVP_AES_192_CBC &&
cipher != EVP_AES_256_CBC)
#endif
) {
cipher != EVP_AES_256_CBC)) {
ret = WOLFSSL_FAILURE;
}
@@ -33986,7 +33984,7 @@ int wolfSSL_CMAC_Final(WOLFSSL_CMAC_CTX* ctx, unsigned char* out,
return ret;
}
#endif /* WOLFSSL_CMAC && OPENSSL_EXTRA */
#endif /* WOLFSSL_CMAC && OPENSSL_EXTRA && WOLFSSL_AES_DIRECT */
/* Free the dynamically allocated data.
*
@@ -57256,9 +57254,8 @@ int wolfSSL_RAND_poll(void)
}
switch (ctx->cipherType) {
#ifndef NO_AES
#ifdef HAVE_AES_CBC
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
case AES_128_CBC_TYPE :
case AES_192_CBC_TYPE :
case AES_256_CBC_TYPE :
@@ -57379,7 +57376,7 @@ int wolfSSL_RAND_poll(void)
switch (ctx->cipherType) {
#ifndef NO_AES
#ifdef HAVE_AES_CBC
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
case AES_128_CBC_TYPE :
case AES_192_CBC_TYPE :
case AES_256_CBC_TYPE :

79
tests/api.c
View File

@@ -3508,7 +3508,8 @@ static void test_wolfSSL_EVP_get_cipherbynid(void)
const WOLFSSL_EVP_CIPHER* c;
c = wolfSSL_EVP_get_cipherbynid(419);
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
#if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
defined(WOLFSSL_AES_128)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_128_CBC", c));
#else
@@ -3516,7 +3517,8 @@ static void test_wolfSSL_EVP_get_cipherbynid(void)
#endif
c = wolfSSL_EVP_get_cipherbynid(423);
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_192)
#if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
defined(WOLFSSL_AES_192)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_192_CBC", c));
#else
@@ -3524,7 +3526,8 @@ static void test_wolfSSL_EVP_get_cipherbynid(void)
#endif
c = wolfSSL_EVP_get_cipherbynid(427);
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
#if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
defined(WOLFSSL_AES_256)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_256_CBC", c));
#else
@@ -6993,7 +6996,7 @@ static void test_wolfSSL_PKCS8(void)
static void test_wolfSSL_PKCS8_ED25519(void)
{
#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \
#if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED25519) && \
defined(HAVE_ED25519_KEY_IMPORT)
const byte encPrivKey[] = \
@@ -7025,7 +7028,7 @@ static void test_wolfSSL_PKCS8_ED25519(void)
static void test_wolfSSL_PKCS8_ED448(void)
{
#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \
#if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED448) && \
defined(HAVE_ED448_KEY_IMPORT)
const byte encPrivKey[] = \
@@ -23168,8 +23171,8 @@ static int test_wc_ecc_encryptDecrypt (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128) \
&& !defined(WC_NO_RNG)
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) && \
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
ecc_key srvKey, cliKey, tmpKey;
WC_RNG rng;
const char* msg = "EccBlock Size 16";
@@ -25894,25 +25897,16 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
tempWrd32 = pkcs7->privateKeySz;
pkcs7->privateKeySz = 0;
i = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded));
#ifndef HAVE_AES_CBC
AssertIntEQ(i, ASN_PARSE_E);
#else
AssertIntEQ(i, BAD_FUNC_ARG);
#endif
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
pkcs7->privateKeySz = tempWrd32;
tmpBytePtr = pkcs7->privateKey;
pkcs7->privateKey = NULL;
i = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded));
#ifndef HAVE_AES_CBC
AssertIntEQ(i, ASN_PARSE_E);
#else
AssertIntEQ(i, BAD_FUNC_ARG);
#endif
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
pkcs7->privateKey = tmpBytePtr;
wc_PKCS7_Free(pkcs7);
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_256)
@@ -34602,7 +34596,8 @@ static void test_wolfSSL_HMAC(void)
static void test_wolfSSL_CMAC(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CMAC) && defined(HAVE_AES_CBC)
#if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_AES_DIRECT)
int i;
byte key[AES_128_KEY_SIZE];
CMAC_CTX* cmacCtx = NULL;
@@ -34627,7 +34622,7 @@ static void test_wolfSSL_CMAC(void)
CMAC_CTX_free(cmacCtx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_CMAC && HAVE_AES_CBC */
#endif /* WOLFSSL_CMAC && OPENSSL_EXTRA && WOLFSSL_AES_DIRECT */
}
@@ -40279,9 +40274,9 @@ static void test_wolfSSL_EVP_CIPHER_iv_length(void)
int enumArray[] = {
#ifdef HAVE_AES_CBC
NID_aes_128_cbc,
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128
NID_aes_128_cbc,
#endif
#ifdef WOLFSSL_AES_192
NID_aes_192_cbc,
@@ -40289,6 +40284,7 @@ static void test_wolfSSL_EVP_CIPHER_iv_length(void)
#ifdef WOLFSSL_AES_256
NID_aes_256_cbc,
#endif
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
#ifdef HAVE_AESGCM
@@ -40322,8 +40318,10 @@ static void test_wolfSSL_EVP_CIPHER_iv_length(void)
NID_idea_cbc,
#endif
};
int iv_lengths[] = {
#ifdef HAVE_AES_CBC
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128
AES_BLOCK_SIZE,
#endif
#ifdef WOLFSSL_AES_192
@@ -40332,6 +40330,7 @@ static void test_wolfSSL_EVP_CIPHER_iv_length(void)
#ifdef WOLFSSL_AES_256
AES_BLOCK_SIZE,
#endif
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
#ifdef HAVE_AESGCM
@@ -40370,8 +40369,8 @@ static void test_wolfSSL_EVP_CIPHER_iv_length(void)
enumlen = (sizeof(enumArray)/sizeof(int));
for(i = 0; i < enumlen; i++)
{
const EVP_CIPHER *c = wolfSSL_EVP_get_cipherbynid(enumArray[i]);
AssertIntEQ(wolfSSL_EVP_CIPHER_iv_length(c), iv_lengths[i]);
const EVP_CIPHER *c = EVP_get_cipherbynid(enumArray[i]);
AssertIntEQ(EVP_CIPHER_iv_length(c), iv_lengths[i]);
}
printf(resultFmt, passed);
@@ -40551,7 +40550,7 @@ static void test_wolfSSL_EVP_PKEY_param_check(void)
}
static void test_wolfSSL_EVP_BytesToKey(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_DES3)
#if defined(OPENSSL_ALL) && !defined(NO_AES) && defined(HAVE_AES_CBC)
byte key[AES_BLOCK_SIZE] = {0};
byte iv[AES_BLOCK_SIZE] = {0};
int sz = 5;
@@ -40567,20 +40566,20 @@ static void test_wolfSSL_EVP_BytesToKey(void)
type = wolfSSL_EVP_get_cipherbynid(NID_aes_128_cbc);
printf(testingFmt, "wolfSSL_EVP_BytesToKey");
printf(testingFmt, "EVP_BytesToKey");
/* Bad cases */
AssertIntEQ(wolfSSL_EVP_BytesToKey(NULL, md, salt, data, sz, count, key, iv),
AssertIntEQ(EVP_BytesToKey(NULL, md, salt, data, sz, count, key, iv),
0);
AssertIntEQ(wolfSSL_EVP_BytesToKey(type, md, salt, NULL, sz, count, key, iv),
AssertIntEQ(EVP_BytesToKey(type, md, salt, NULL, sz, count, key, iv),
16);
md = "2";
AssertIntEQ(wolfSSL_EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
AssertIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
WOLFSSL_FAILURE);
/* Good case */
md = "SHA256";
AssertIntEQ(wolfSSL_EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
AssertIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
16);
printf(resultFmt, passed);
@@ -43667,7 +43666,8 @@ static int test_tls13_apis(void)
#if defined(HAVE_PK_CALLBACKS) && (!defined(WOLFSSL_NO_TLS12) || \
!defined(NO_OLD_TLS))
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && \
!defined(NO_AES) && defined(HAVE_AES_CBC) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED)
static int my_DhCallback(WOLFSSL* ssl, struct DhKey* key,
const unsigned char* priv, unsigned int privSz,
@@ -43687,11 +43687,11 @@ static int my_DhCallback(WOLFSSL* ssl, struct DhKey* key,
static void test_dh_ctx_setup(WOLFSSL_CTX* ctx) {
wolfSSL_CTX_SetDhAgreeCb(ctx, my_DhCallback);
#ifdef WOLFSSL_AES_128
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES128-SHA256"),
WOLFSSL_SUCCESS);
#endif
#ifdef WOLFSSL_AES_256
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES256-SHA256"),
WOLFSSL_SUCCESS);
#endif
@@ -43726,7 +43726,8 @@ static void test_dh_ssl_setup_fail(WOLFSSL* ssl)
static void test_DhCallbacks(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && \
!defined(NO_AES) && defined(HAVE_AES_CBC) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED)
WOLFSSL_CTX *ctx;
WOLFSSL *ssl;

99
wolfcrypt/src/cmac.c
View File

@@ -88,10 +88,10 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz,
(void)unused;
(void)heap;
(void)devId;
if (cmac == NULL || keySz == 0 || type != WC_CMAC_AES)
if (cmac == NULL || keySz == 0 || type != WC_CMAC_AES) {
return BAD_FUNC_ARG;
}
XMEMSET(cmac, 0, sizeof(Cmac));
@@ -106,10 +106,13 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz,
return ret;
/* fall-through when unavailable */
}
#else
(void)devId;
#endif
if (key == NULL)
if (key == NULL) {
return BAD_FUNC_ARG;
}
ret = wc_AesSetKey(&cmac->aes, key, keySz, NULL, AES_ENCRYPTION);
if (ret == 0) {
@@ -129,23 +132,22 @@ int wc_InitCmac(Cmac* cmac, const byte* key, word32 keySz,
int type, void* unused)
{
#ifdef WOLFSSL_QNX_CAAM
return wc_InitCmac_ex(cmac, key, keySz, type, unused, NULL,
WOLFSSL_CAAM_DEVID);
int devId = WOLFSSL_CAAM_DEVID;
#else
return wc_InitCmac_ex(cmac, key, keySz, type, unused, NULL, INVALID_DEVID);
#endif
int devId = INVALID_DEVID;
#endif
return wc_InitCmac_ex(cmac, key, keySz, type, unused, NULL, devId);
}
int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz)
{
#ifdef WOLF_CRYPTO_CB
int ret;
#endif
int ret = 0;
if ((cmac == NULL) || (in == NULL && inSz != 0))
if ((cmac == NULL) || (in == NULL && inSz != 0)) {
return BAD_FUNC_ARG;
}
#ifdef WOLF_CRYPTO_CB
if (cmac->devId != INVALID_DEVID) {
@@ -154,8 +156,10 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz)
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
/* fall-through when unavailable */
ret = 0; /* reset error code */
}
#endif
while (inSz != 0) {
word32 add = min(inSz, AES_BLOCK_SIZE - cmac->bufferSz);
XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add);
@@ -165,32 +169,30 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz)
inSz -= add;
if (cmac->bufferSz == AES_BLOCK_SIZE && inSz != 0) {
if (cmac->totalSz != 0)
if (cmac->totalSz != 0) {
xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE);
wc_AesEncryptDirect(&cmac->aes,
cmac->digest,
cmac->buffer);
}
wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer);
cmac->totalSz += AES_BLOCK_SIZE;
cmac->bufferSz = 0;
}
}
return 0;
return ret;
}
int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
{
#ifdef WOLF_CRYPTO_CB
int ret;
#endif
int ret = 0;
const byte* subKey;
if (cmac == NULL || out == NULL || outSz == NULL)
if (cmac == NULL || out == NULL || outSz == NULL) {
return BAD_FUNC_ARG;
if (*outSz < WC_CMAC_TAG_MIN_SZ || *outSz > WC_CMAC_TAG_MAX_SZ)
}
if (*outSz < WC_CMAC_TAG_MIN_SZ || *outSz > WC_CMAC_TAG_MAX_SZ) {
return BUFFER_E;
}
#ifdef WOLF_CRYPTO_CB
if (cmac->devId != INVALID_DEVID) {
@@ -198,6 +200,7 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
/* fall-through when unavailable */
ret = 0; /* reset error code */
}
#endif
@@ -207,11 +210,12 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
else {
word32 remainder = AES_BLOCK_SIZE - cmac->bufferSz;
if (remainder == 0)
if (remainder == 0) {
remainder = AES_BLOCK_SIZE;
if (remainder > 1)
}
if (remainder > 1) {
XMEMSET(cmac->buffer + AES_BLOCK_SIZE - remainder, 0, remainder);
}
cmac->buffer[AES_BLOCK_SIZE - remainder] = 0x80;
subKey = cmac->k2;
}
@@ -223,7 +227,7 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
ForceZero(cmac, sizeof(Cmac));
return 0;
return ret;
}
@@ -231,39 +235,36 @@ int wc_AesCmacGenerate(byte* out, word32* outSz,
const byte* in, word32 inSz,
const byte* key, word32 keySz)
{
int ret;
#ifdef WOLFSSL_SMALL_STACK
Cmac *cmac;
#else
Cmac cmac[1];
#endif
int ret;
if (out == NULL || (in == NULL && inSz > 0) || key == NULL || keySz == 0)
if (out == NULL || (in == NULL && inSz > 0) || key == NULL || keySz == 0) {
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_SMALL_STACK
if ((cmac = (Cmac *)XMALLOC(sizeof *cmac, NULL,
DYNAMIC_TYPE_CMAC)) == NULL)
DYNAMIC_TYPE_CMAC)) == NULL) {
return MEMORY_E;
}
#endif
ret = wc_InitCmac(cmac, key, keySz, WC_CMAC_AES, NULL);
if (ret != 0)
goto out;
ret = wc_CmacUpdate(cmac, in, inSz);
if (ret != 0)
goto out;
ret = wc_CmacFinal(cmac, out, outSz);
if (ret != 0)
goto out;
out:
if (ret == 0) {
ret = wc_CmacUpdate(cmac, in, inSz);
}
if (ret == 0) {
ret = wc_CmacFinal(cmac, out, outSz);
}
#ifdef WOLFSSL_SMALL_STACK
if (cmac)
if (cmac) {
XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC);
}
#endif
return ret;
@@ -274,24 +275,24 @@ int wc_AesCmacVerify(const byte* check, word32 checkSz,
const byte* in, word32 inSz,
const byte* key, word32 keySz)
{
int ret;
byte a[AES_BLOCK_SIZE];
word32 aSz = sizeof(a);
int result;
int compareRet;
if (check == NULL || checkSz == 0 || (in == NULL && inSz != 0) ||
key == NULL || keySz == 0)
key == NULL || keySz == 0) {
return BAD_FUNC_ARG;
}
XMEMSET(a, 0, aSz);
result = wc_AesCmacGenerate(a, &aSz, in, inSz, key, keySz);
ret = wc_AesCmacGenerate(a, &aSz, in, inSz, key, keySz);
compareRet = ConstantCompare(check, a, min(checkSz, aSz));
if (result == 0)
result = compareRet ? 1 : 0;
if (ret == 0)
ret = compareRet ? 1 : 0;
return result;
return ret;
}

34
wolfcrypt/src/evp.c
View File

@@ -47,7 +47,7 @@
#include <wolfssl/wolfcrypt/integer.h>
#ifndef NO_AES
#ifdef HAVE_AES_CBC
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128
static const char EVP_AES_128_CBC[] = "AES-128-CBC";
#endif
@@ -57,7 +57,7 @@
#ifdef WOLFSSL_AES_256
static const char EVP_AES_256_CBC[] = "AES-256-CBC";
#endif
#endif /* HAVE_AES_CBC */
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#ifdef WOLFSSL_AES_OFB
#ifdef WOLFSSL_AES_128
@@ -202,7 +202,7 @@ int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c)
switch (cipherType(c)) {
#if !defined(NO_AES)
#if defined(HAVE_AES_CBC)
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
case AES_128_CBC_TYPE: return 16;
case AES_192_CBC_TYPE: return 24;
case AES_256_CBC_TYPE: return 32;
@@ -985,7 +985,7 @@ int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx)
switch (ctx->cipherType) {
#if !defined(NO_AES) || !defined(NO_DES3)
#if !defined(NO_AES)
#if defined(HAVE_AES_CBC)
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
case AES_128_CBC_TYPE:
case AES_192_CBC_TYPE:
case AES_256_CBC_TYPE:
@@ -1054,7 +1054,7 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher)
#endif /* NO_DES3 && HAVE_AES_ECB */
#endif
#if !defined(NO_AES)
#if defined(HAVE_AES_CBC)
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128
else if (XSTRNCMP(cipher, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
return AES_128_CBC_TYPE;
@@ -1067,7 +1067,7 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher)
else if (XSTRNCMP(cipher, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)
return AES_256_CBC_TYPE;
#endif
#endif /* HAVE_AES_CBC */
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#if defined(HAVE_AESGCM)
#ifdef WOLFSSL_AES_128
else if (XSTRNCMP(cipher, EVP_AES_128_GCM, EVP_AES_SIZE) == 0)
@@ -1186,7 +1186,7 @@ int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher)
if (cipher == NULL) return BAD_FUNC_ARG;
switch (cipherType(cipher)) {
#if !defined(NO_AES)
#if defined(HAVE_AES_CBC)
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
case AES_128_CBC_TYPE:
case AES_192_CBC_TYPE:
case AES_256_CBC_TYPE:
@@ -1255,7 +1255,7 @@ unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher)
{
switch (cipherType(cipher)) {
#if !defined(NO_AES)
#if defined(HAVE_AES_CBC)
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
case AES_128_CBC_TYPE:
case AES_192_CBC_TYPE:
case AES_256_CBC_TYPE:
@@ -1301,7 +1301,7 @@ unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher)
case AES_192_ECB_TYPE:
case AES_256_ECB_TYPE:
return WOLFSSL_EVP_CIPH_ECB_MODE;
#endif /* NO_AES */
#endif /* !NO_AES */
#ifndef NO_DES3
case DES_CBC_TYPE:
case DES_EDE3_CBC_TYPE:
@@ -3215,7 +3215,7 @@ static const struct cipher{
} cipher_tbl[] = {
#ifndef NO_AES
#ifdef HAVE_AES_CBC
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128
{AES_128_CBC_TYPE, EVP_AES_128_CBC, NID_aes_128_cbc},
#endif
@@ -3479,7 +3479,7 @@ const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbynid(int id)
switch(id) {
#ifndef NO_AES
#ifdef HAVE_AES_CBC
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128
case NID_aes_128_cbc:
return wolfSSL_EVP_aes_128_cbc();
@@ -4130,7 +4130,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
#ifndef NO_AES
#ifdef HAVE_AES_CBC
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128
const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void)
{
@@ -4818,7 +4818,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
#endif
#ifndef NO_AES
#ifdef HAVE_AES_CBC
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128
if (ctx->cipherType == AES_128_CBC_TYPE ||
(type && XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)) {
@@ -4898,7 +4898,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
}
}
#endif /* WOLFSSL_AES_256 */
#endif /* HAVE_AES_CBC */
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
#ifdef HAVE_AESGCM
@@ -7152,7 +7152,7 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
switch (ctx->cipherType) {
#ifdef HAVE_AES_CBC
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
case AES_128_CBC_TYPE :
case AES_192_CBC_TYPE :
case AES_256_CBC_TYPE :
@@ -7245,7 +7245,7 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher)
WOLFSSL_MSG("wolfSSL_EVP_CIPHER_iv_length");
#ifndef NO_AES
#ifdef HAVE_AES_CBC
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128
if (XSTRNCMP(name, EVP_AES_128_CBC, XSTRLEN(EVP_AES_128_CBC)) == 0)
return AES_BLOCK_SIZE;
@@ -7258,7 +7258,7 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher)
if (XSTRNCMP(name, EVP_AES_256_CBC, XSTRLEN(EVP_AES_256_CBC)) == 0)
return AES_BLOCK_SIZE;
#endif
#endif /* HAVE_AES_CBC */
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
#ifdef HAVE_AESGCM

45
wolfcrypt/src/pkcs7.c
View File

@@ -643,23 +643,42 @@ static int wc_PKCS7_GetOIDBlockSize(int oid)
switch (oid) {
#ifndef NO_AES
#ifdef WOLFSSL_AES_128
#ifdef HAVE_AES_CBC
case AES128CBCb:
#endif
#ifdef HAVE_AESGCM
case AES128GCMb:
#endif
#ifdef HAVE_AESCCM
case AES128CCMb:
#endif
#endif
#ifdef WOLFSSL_AES_192
#ifdef HAVE_AES_CBC
case AES192CBCb:
#endif
#ifdef HAVE_AESGCM
case AES192GCMb:
#endif
#ifdef HAVE_AESCCM
case AES192CCMb:
#endif
#endif
#ifdef WOLFSSL_AES_256
#ifdef HAVE_AES_CBC
case AES256CBCb:
#endif
#ifdef HAVE_AESGCM
case AES256GCMb:
#endif
#ifdef HAVE_AESCCM
case AES256CCMb:
#endif
#endif
blockSz = AES_BLOCK_SIZE;
break;
#endif
#endif /* !NO_AES */
#ifndef NO_DES3
case DESb:
case DES3b:
@@ -683,35 +702,53 @@ static int wc_PKCS7_GetOIDKeySize(int oid)
switch (oid) {
#ifndef NO_AES
#ifdef WOLFSSL_AES_128
#ifdef HAVE_AES_CBC
case AES128CBCb:
#endif
#ifdef HAVE_AESGCM
case AES128GCMb:
#endif
#ifdef HAVE_AESCCM
case AES128CCMb:
#endif
case AES128_WRAP:
blockKeySz = 16;
break;
#endif
#ifdef WOLFSSL_AES_192
#ifdef HAVE_AES_CBC
case AES192CBCb:
#endif
#ifdef HAVE_AESGCM
case AES192GCMb:
#endif
#ifdef HAVE_AESCCM
case AES192CCMb:
#endif
case AES192_WRAP:
blockKeySz = 24;
break;
#endif
#ifdef WOLFSSL_AES_256
#ifdef HAVE_AES_CBC
case AES256CBCb:
#endif
#ifdef HAVE_AESGCM
case AES256GCMb:
#endif
#ifdef HAVE_AESCCM
case AES256CCMb:
#endif
case AES256_WRAP:
blockKeySz = 32;
break;
#endif
#endif
#endif /* !NO_AES */
#ifndef NO_DES3
case DESb:
blockKeySz = DES_KEYLEN;
break;
case DES3b:
blockKeySz = DES3_KEYLEN;
break;
@@ -7513,7 +7550,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
word32 kdfAlgoIdSeqSz, kdfAlgoIdSz;
word32 kdfParamsSeqSz, kdfSaltOctetStrSz, kdfIterationsSz;
/* OPTIONAL: keyLength, not supported yet */
/* OPTIONAL: prf AlgorithIdentifier, not supported yet */
/* OPTIONAL: prf AlgorithmIdentifier, not supported yet */
/* KeyEncryptionAlgorithmIdentifier */
byte keyEncAlgoIdSeq[MAX_SEQ_SZ];

37
wolfcrypt/test/test.c
View File

@@ -454,7 +454,8 @@ WOLFSSL_TEST_SUBROUTINE int pbkdf2_test(void);
WOLFSSL_TEST_SUBROUTINE int scrypt_test(void);
#ifdef HAVE_ECC
WOLFSSL_TEST_SUBROUTINE int ecc_test(void);
#ifdef HAVE_ECC_ENCRYPT
#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_AES_128)
WOLFSSL_TEST_SUBROUTINE int ecc_encrypt_test(void);
#endif
#if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
@@ -1215,7 +1216,8 @@ initDefaultName();
return err_sys("ECC test failed!\n", ret);
else
test_pass("ECC test passed!\n");
#if defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128)
#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_AES_128)
if ( (ret = ecc_encrypt_test()) != 0)
return err_sys("ECC Enc test failed!\n", ret);
else
@@ -23976,7 +23978,8 @@ done:
return ret;
}
#if defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128)
#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_AES_128)
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
static int ecc_encrypt_kat(WC_RNG *rng)
@@ -24431,7 +24434,7 @@ done:
return ret;
}
#endif /* HAVE_ECC_ENCRYPT */
#endif /* HAVE_ECC_ENCRYPT && HAVE_AES_CBC && WOLFSSL_AES_128 */
#if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
@@ -24513,7 +24516,8 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test_buffers(void)
#endif
#endif /* !WC_NO_RNG */
#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF)
#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) && \
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
{
word32 y;
/* test encrypt and decrypt if they're available */
@@ -30754,7 +30758,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
"pkcs7envelopedDataDES3.der"},
#endif
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifdef WOLFSSL_AES_128
{data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz,
rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
@@ -30785,7 +30789,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0,
0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_IANDS.der"},
#endif
#endif /* NO_AES */
#endif /* !NO_AES && HAVE_AES_CBC */
#endif
/* key agreement key encryption technique*/
@@ -31328,7 +31332,7 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
#endif
#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
!defined(NO_SHA) && defined(WOLFSSL_AES_128)
!defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
#ifndef HAVE_FIPS
WOLFSSL_SMALL_STACK_STATIC const char password[] = "password";
@@ -31501,7 +31505,7 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
/* pwri (PasswordRecipientInfo) recipient types */
#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
#if !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
ADD_PKCS7_TEST_VEC(
{data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0,
NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
@@ -32372,7 +32376,7 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7encrypted_test(void)
};
#endif
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifdef WOLFSSL_AES_128
byte aes128Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
@@ -32440,7 +32444,7 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7encrypted_test(void)
NULL, 0, "pkcs7encryptedDataDES.der"},
#endif /* NO_DES3 */
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifdef WOLFSSL_AES_128
{data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
sizeof(aes128Key), NULL, 0, "pkcs7encryptedDataAES128CBC.der"},
@@ -32469,7 +32473,7 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7encrypted_test(void)
sizeof(aes256Key), NULL, 0,
"pkcs7encryptedDataAES256CBC_firmwarePkgData.der"},
#endif
#endif /* NO_AES */
#endif /* !NO_AES && HAVE_AES_CBC */
};
encrypted = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -33277,7 +33281,8 @@ static int pkcs7signed_run_SingleShotVectors(
0x72,0x6c,0x64
};
#if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA)
#if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
static byte aes256Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
@@ -33330,7 +33335,8 @@ static int pkcs7signed_run_SingleShotVectors(
"pkcs7signedFirmwarePkgData_RSA_SHA256_with_ca_cert.der", 0, NULL,
0, 0, 0, 0, NULL, 0, NULL, 0, 0},
#if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA)
#if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
/* Signed Encrypted FirmwarePkgData, RSA, SHA256, no attribs */
{data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
@@ -33410,7 +33416,8 @@ static int pkcs7signed_run_SingleShotVectors(
"pkcs7signedFirmwarePkgData_ECDSA_SHA256_SKID.der", 0, NULL,
0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0},
#if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA)
#if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
/* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, no attribs */
{data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,

2
wolfssl/openssl/aes.h
View File

@@ -82,7 +82,7 @@ WOLFSSL_API void wolfSSL_AES_decrypt
#define AES_encrypt wolfSSL_AES_encrypt
#define AES_decrypt wolfSSL_AES_decrypt
#endif /* HAVE_AES_DIRECT */
#endif /* WOLFSSL_AES_DIRECT */
#ifndef AES_ENCRYPT
#define AES_ENCRYPT AES_ENCRYPTION

2
wolfssl/openssl/evp.h
View File

@@ -105,7 +105,7 @@ WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void);
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_AES) && (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT))
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void);
#endif