wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 04:04:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow building with HAVE_PKCS7 set and HAVE_X963_KDF unset

Browse Source
This commit is contained in:
Josh Holtrop
2025-07-25 15:44:12 -04:00
parent 26f4c968df
commit df7e105fb7
5 changed files with 32 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
doc/dox_comments/header_files/pkcs7.h
View File

@@ -532,6 +532,8 @@ int wc_PKCS7_SetAESKeyWrapUnwrapCb(wc_PKCS7* pkcs7,
number generator for encryption
\return DRBG_FAILED Returned if there is an error generating numbers with
the random number generator used for encryption
\return NOT_COMPILED_IN may be returned if using an ECC key and wolfssl was
built without HAVE_X963_KDF support
\param pkcs7 pointer to the PKCS7 structure to encode
\param output pointer to the buffer in which to store the encoded
@@ -617,6 +619,8 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
verification
\return MP_MEM may be returned if there is an error during signature
verification
\return NOT_COMPILED_IN may be returned if the EnvelopedData is encrypted
using an ECC key and wolfssl was built without HAVE_X963_KDF support
\param pkcs7 pointer to the PKCS7 structure containing the private key with
which to decode the enveloped data package

24
tests/api.c
View File

@@ -17714,8 +17714,8 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
rsaPrivKeySz = (word32)sizeof(rsaClientKey);
#endif
#endif
#if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
!defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
#if defined(HAVE_ECC) && defined(HAVE_X963_KDF) && (!defined(NO_AES) || \
!defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA512))
byte* eccCert = NULL;
byte* eccPrivKey = NULL;
word32 eccCertSz;
@@ -17793,8 +17793,8 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
#endif /* NO_RSA */
/* ECC */
#if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
!defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
#if defined(HAVE_ECC) && defined(HAVE_X963_KDF) && (!defined(NO_AES) || \
!defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA512))
#ifdef USE_CERT_BUFFERS_256
ExpectNotNull(eccCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
@@ -17862,7 +17862,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
#endif /* NO_AES && HAVE_AES_CBC */
#endif /* NO_RSA */
#if defined(HAVE_ECC)
#if defined(HAVE_ECC) && defined(HAVE_X963_KDF)
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA,
@@ -18036,7 +18036,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
(word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
/* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/
#if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \
defined(HAVE_AES_KEYWRAP)
defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
/* only a failure for KARI test cases */
if (pkcs7 != NULL) {
tempWrd32 = pkcs7->singleCertSz;
@@ -18137,7 +18137,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif /* NO_RSA */
#ifdef HAVE_ECC
#if defined(HAVE_ECC) && defined(HAVE_X963_KDF)
XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif /* HAVE_ECC */
@@ -18186,7 +18186,8 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
} /* END test_wc_PKCS7_EncodeDecodeEnvelopedData() */
#if defined(HAVE_PKCS7) && defined(HAVE_ECC) && !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
#if defined(HAVE_PKCS7) && defined(HAVE_ECC) && defined(HAVE_X963_KDF) && \
!defined(NO_SHA256) && defined(WOLFSSL_AES_256)
static int wasAESKeyWrapCbCalled = 0;
static int wasAESKeyUnwrapCbCalled = 0;
@@ -18215,7 +18216,8 @@ static int testAESKeyWrapUnwrapCb(const byte* key, word32 keySz,
static int test_wc_PKCS7_SetAESKeyWrapUnwrapCb(void)
{
EXPECT_DECLS;
#if defined(HAVE_PKCS7) && defined(HAVE_ECC) && !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
#if defined(HAVE_PKCS7) && defined(HAVE_ECC) && defined(HAVE_X963_KDF) && \
!defined(NO_SHA256) && defined(WOLFSSL_AES_256)
static const char input[] = "Test input for AES key wrapping";
PKCS7 * pkcs7 = NULL;
byte * eccCert = NULL;
@@ -18318,8 +18320,8 @@ static int test_wc_PKCS7_GetEnvelopedDataKariRid(void)
{
EXPECT_DECLS;
#if defined(HAVE_PKCS7)
#if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) || \
!defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
#if defined(HAVE_ECC) && defined(HAVE_X963_KDF) && (!defined(NO_AES) || \
!defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA512))
/* The kari-keyid-cms.msg generated by openssl has a 68 byte RID structure.
* Reserve a bit more than that in case it might grow. */
byte rid[256];

12
wolfcrypt/src/pkcs7.c
View File

@@ -7372,16 +7372,16 @@ static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari, WC_RNG* rng,
return BAD_FUNC_ARG;
};
#ifdef HAVE_X963_KDF
ret = wc_X963_KDF(kdfType, secret, secretSz, kari->sharedInfo,
kari->sharedInfoSz, kari->kek, kari->kekSz);
if (ret != 0) {
XFREE(secret, kari->heap, DYNAMIC_TYPE_PKCS7);
return ret;
}
#else
(void)kdfType;
ret = NOT_COMPILED_IN;
#endif
XFREE(secret, kari->heap, DYNAMIC_TYPE_PKCS7);
return 0;
return ret;
}

14
wolfcrypt/test/test.c
View File

@@ -52135,7 +52135,8 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
};
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \
defined(HAVE_ECC) && defined(WOLFSSL_SHA512) && defined(HAVE_AES_KEYWRAP)
defined(HAVE_ECC) && defined(WOLFSSL_SHA512) && \
defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
byte optionalUkm[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
};
@@ -52244,7 +52245,7 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
#endif
/* key agreement key encryption technique*/
#if defined(HAVE_ECC) && defined(HAVE_AES_KEYWRAP)
#if defined(HAVE_ECC) && defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
ADD_PKCS7ENVELOPEDVECTOR(
@@ -52755,7 +52756,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
};
byte senderNonce[PKCS7_NONCE_SZ + 2];
#ifdef HAVE_ECC
#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP)
#if !defined(NO_AES) && defined(HAVE_AESGCM) && \
defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
#if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
@@ -52771,7 +52773,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
#endif
#if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \
defined(WOLFSSL_SHA512) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP)
defined(WOLFSSL_SHA512) && defined(HAVE_AESGCM) && \
defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
};
@@ -52886,7 +52889,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
/* key agreement key encryption technique*/
#ifdef HAVE_ECC
#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP)
#if !defined(NO_AES) && defined(HAVE_AESGCM) && \
defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
ADD_PKCS7AUTHENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP,

3
wolfssl/wolfcrypt/settings.h
View File

@@ -3416,9 +3416,6 @@ extern void uITRON4_free(void *p) ;
#if defined(NO_AES) && defined(NO_DES3)
#error PKCS7 needs either AES or 3DES enabled, please enable one
#endif
#if defined(HAVE_ECC) && !defined(HAVE_X963_KDF)
#error PKCS7 requires X963 KDF please define HAVE_X963_KDF
#endif
#endif
#ifndef NO_PKCS12