wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add to parse RSA ES OAEP Oid

Browse Source
This commit is contained in:
Hideki Miyazaki
2022-08-12 16:58:42 +09:00
parent 3f7d56d957
commit d494894268
2 changed files with 67 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
wolfcrypt/src/pkcs7.c
View File

@@ -8479,6 +8479,9 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
#ifdef WC_RSA_BLINDING #ifdef WC_RSA_BLINDING
WC_RNG rng; WC_RNG rng;
#endif #endif
#ifndef WC_NO_RSA_OAEP
word32 outLen;
#endif
byte* encryptedKey = NULL; byte* encryptedKey = NULL;
@@ -8644,9 +8647,26 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
return ASN_PARSE_E; return ASN_PARSE_E;
/* key encryption algorithm must be RSA for now */ /* key encryption algorithm must be RSA for now */
if (encOID != RSAk) if (encOID != RSAk
#ifndef WC_NO_RSA_OAEP
&& encOID != RSAESOAEPk
#endif
)
return ALGO_ID_E; return ALGO_ID_E;
#ifndef WC_NO_RSA_OAEP
if (encOID == RSAESOAEPk) {
if (GetSequence(pkiMsg, idx, &length, pkiMsgSz) < 0) {
return ASN_PARSE_E;
}
if (length > 0) {
WOLFSSL_MSG("only supported default OAEP");
WOLFSSL_ERROR(ALGO_ID_E);
return ALGO_ID_E;
}
}
#endif
/* read encryptedKey */ /* read encryptedKey */
if (GetASNTag(pkiMsg, idx, &tag, pkiMsgSz) < 0) if (GetASNTag(pkiMsg, idx, &tag, pkiMsgSz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
@@ -8744,9 +8764,37 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
if (keySz >= 0) if (keySz >= 0)
#endif #endif
{ {
#ifndef WC_NO_RSA_OAEP
if (encOID != RSAESOAEPk) {
#endif
keySz = wc_RsaPrivateDecryptInline(encryptedKey, keySz = wc_RsaPrivateDecryptInline(encryptedKey,
encryptedKeySz, &outKey, encryptedKeySz, &outKey,
privKey); privKey);
#ifndef WC_NO_RSA_OAEP
}
else {
outLen = wc_RsaEncryptSize(privKey);
outKey = (byte*)XMALLOC(outLen, pkcs7->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (!outKey) {
WOLFSSL_MSG("Failed to allocate out key buffer");
wc_FreeRsaKey(privKey);
XFREE(encryptedKey, pkcs7->heap,
DYNAMIC_TYPE_WOLF_BIGINT);
#ifdef WOLFSSL_SMALL_STACK
XFREE(privKey, pkcs7->heap,
DYNAMIC_TYPE_TMP_BUFFER);
#endif
WOLFSSL_ERROR_VERBOSE(MEMORY_E);
return MEMORY_E;
}
keySz = wc_RsaPrivateDecrypt_ex(encryptedKey,
encryptedKeySz, outKey, outLen, privKey,
WC_RSA_OAEP_PAD,
WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
}
#endif
} }
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
} while (keySz == WC_PENDING_E); } while (keySz == WC_PENDING_E);
@@ -8764,6 +8812,13 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifndef WC_NO_RSA_OAEP
if (encOID == RSAESOAEPk) {
if (!outKey) {
XFREE(outKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
}
#endif #endif
return keySz; return keySz;
} else { } else {
@@ -8776,7 +8831,13 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
#ifndef WC_NO_RSA_OAEP
if (encOID == RSAESOAEPk) {
if (!outKey) {
XFREE(outKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
}
#endif
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) { if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) {
break; break;

1
wolfssl/wolfcrypt/asn.h
View File

@@ -1081,6 +1081,7 @@ enum Key_Sum {
DSAk = 515, DSAk = 515,
RSAk = 645, RSAk = 645,
RSAPSSk = 654, RSAPSSk = 654,
RSAESOAEPk = 651, /* 1.2.840.113549.1.1.7 */
ECDSAk = 518, ECDSAk = 518,
ED25519k = 256, /* 1.3.101.112 */ ED25519k = 256, /* 1.3.101.112 */
X25519k = 254, /* 1.3.101.110 */ X25519k = 254, /* 1.3.101.110 */