wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow building with HAVE_PKCS7 set and HAVE_X963_KDF unset

Browse Source
This commit is contained in:
Josh Holtrop
2025-07-25 15:44:12 -04:00
parent 26f4c968df
commit df7e105fb7
5 changed files with 32 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
doc/dox_comments/header_files/pkcs7.h
View File

@@ -532,6 +532,8 @@ int wc_PKCS7_SetAESKeyWrapUnwrapCb(wc_PKCS7* pkcs7,
number generator for encryption number generator for encryption
\return DRBG_FAILED Returned if there is an error generating numbers with \return DRBG_FAILED Returned if there is an error generating numbers with
the random number generator used for encryption the random number generator used for encryption
\return NOT_COMPILED_IN may be returned if using an ECC key and wolfssl was
built without HAVE_X963_KDF support
\param pkcs7 pointer to the PKCS7 structure to encode \param pkcs7 pointer to the PKCS7 structure to encode
\param output pointer to the buffer in which to store the encoded \param output pointer to the buffer in which to store the encoded
@@ -617,6 +619,8 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
verification verification
\return MP_MEM may be returned if there is an error during signature \return MP_MEM may be returned if there is an error during signature
verification verification
\return NOT_COMPILED_IN may be returned if the EnvelopedData is encrypted
using an ECC key and wolfssl was built without HAVE_X963_KDF support
\param pkcs7 pointer to the PKCS7 structure containing the private key with \param pkcs7 pointer to the PKCS7 structure containing the private key with
which to decode the enveloped data package which to decode the enveloped data package

24
tests/api.c
View File

@@ -17714,8 +17714,8 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
rsaPrivKeySz = (word32)sizeof(rsaClientKey); rsaPrivKeySz = (word32)sizeof(rsaClientKey);
#endif #endif
#endif #endif
#if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\ #if defined(HAVE_ECC) && defined(HAVE_X963_KDF) && (!defined(NO_AES) || \
!defined(NO_SHA256) || defined(WOLFSSL_SHA512))) !defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA512))
byte* eccCert = NULL; byte* eccCert = NULL;
byte* eccPrivKey = NULL; byte* eccPrivKey = NULL;
word32 eccCertSz; word32 eccCertSz;
@@ -17793,8 +17793,8 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
#endif /* NO_RSA */ #endif /* NO_RSA */
/* ECC */ /* ECC */
#if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\ #if defined(HAVE_ECC) && defined(HAVE_X963_KDF) && (!defined(NO_AES) || \
!defined(NO_SHA256) || defined(WOLFSSL_SHA512))) !defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA512))
#ifdef USE_CERT_BUFFERS_256 #ifdef USE_CERT_BUFFERS_256
ExpectNotNull(eccCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, ExpectNotNull(eccCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
@@ -17862,7 +17862,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
#endif /* NO_AES && HAVE_AES_CBC */ #endif /* NO_AES && HAVE_AES_CBC */
#endif /* NO_RSA */ #endif /* NO_RSA */
#if defined(HAVE_ECC) #if defined(HAVE_ECC) && defined(HAVE_X963_KDF)
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP) #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA,
@@ -18036,7 +18036,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
(word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); (word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
/* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/ /* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/
#if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \ #if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \
defined(HAVE_AES_KEYWRAP) defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
/* only a failure for KARI test cases */ /* only a failure for KARI test cases */
if (pkcs7 != NULL) { if (pkcs7 != NULL) {
tempWrd32 = pkcs7->singleCertSz; tempWrd32 = pkcs7->singleCertSz;
@@ -18137,7 +18137,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif /* NO_RSA */ #endif /* NO_RSA */
#ifdef HAVE_ECC #if defined(HAVE_ECC) && defined(HAVE_X963_KDF)
XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
@@ -18186,7 +18186,8 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
} /* END test_wc_PKCS7_EncodeDecodeEnvelopedData() */ } /* END test_wc_PKCS7_EncodeDecodeEnvelopedData() */
#if defined(HAVE_PKCS7) && defined(HAVE_ECC) && !defined(NO_SHA256) && defined(WOLFSSL_AES_256) #if defined(HAVE_PKCS7) && defined(HAVE_ECC) && defined(HAVE_X963_KDF) && \
!defined(NO_SHA256) && defined(WOLFSSL_AES_256)
static int wasAESKeyWrapCbCalled = 0; static int wasAESKeyWrapCbCalled = 0;
static int wasAESKeyUnwrapCbCalled = 0; static int wasAESKeyUnwrapCbCalled = 0;
@@ -18215,7 +18216,8 @@ static int testAESKeyWrapUnwrapCb(const byte* key, word32 keySz,
static int test_wc_PKCS7_SetAESKeyWrapUnwrapCb(void) static int test_wc_PKCS7_SetAESKeyWrapUnwrapCb(void)
{ {
EXPECT_DECLS; EXPECT_DECLS;
#if defined(HAVE_PKCS7) && defined(HAVE_ECC) && !defined(NO_SHA256) && defined(WOLFSSL_AES_256) #if defined(HAVE_PKCS7) && defined(HAVE_ECC) && defined(HAVE_X963_KDF) && \
!defined(NO_SHA256) && defined(WOLFSSL_AES_256)
static const char input[] = "Test input for AES key wrapping"; static const char input[] = "Test input for AES key wrapping";
PKCS7 * pkcs7 = NULL; PKCS7 * pkcs7 = NULL;
byte * eccCert = NULL; byte * eccCert = NULL;
@@ -18318,8 +18320,8 @@ static int test_wc_PKCS7_GetEnvelopedDataKariRid(void)
{ {
EXPECT_DECLS; EXPECT_DECLS;
#if defined(HAVE_PKCS7) #if defined(HAVE_PKCS7)
#if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) || \ #if defined(HAVE_ECC) && defined(HAVE_X963_KDF) && (!defined(NO_AES) || \
!defined(NO_SHA256) || defined(WOLFSSL_SHA512))) !defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA512))
/* The kari-keyid-cms.msg generated by openssl has a 68 byte RID structure. /* The kari-keyid-cms.msg generated by openssl has a 68 byte RID structure.
* Reserve a bit more than that in case it might grow. */ * Reserve a bit more than that in case it might grow. */
byte rid[256]; byte rid[256];

12
wolfcrypt/src/pkcs7.c
View File

@@ -7372,16 +7372,16 @@ static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari, WC_RNG* rng,
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
}; };
#ifdef HAVE_X963_KDF
ret = wc_X963_KDF(kdfType, secret, secretSz, kari->sharedInfo, ret = wc_X963_KDF(kdfType, secret, secretSz, kari->sharedInfo,
kari->sharedInfoSz, kari->kek, kari->kekSz); kari->sharedInfoSz, kari->kek, kari->kekSz);
if (ret != 0) { #else
(void)kdfType;
ret = NOT_COMPILED_IN;
#endif
XFREE(secret, kari->heap, DYNAMIC_TYPE_PKCS7); XFREE(secret, kari->heap, DYNAMIC_TYPE_PKCS7);
return ret; return ret;
}
XFREE(secret, kari->heap, DYNAMIC_TYPE_PKCS7);
return 0;
} }

14
wolfcrypt/test/test.c
View File

@@ -52135,7 +52135,8 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
}; };
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \ #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \
defined(HAVE_ECC) && defined(WOLFSSL_SHA512) && defined(HAVE_AES_KEYWRAP) defined(HAVE_ECC) && defined(WOLFSSL_SHA512) && \
defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
byte optionalUkm[] = { byte optionalUkm[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
}; };
@@ -52244,7 +52245,7 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
#endif #endif
/* key agreement key encryption technique*/ /* key agreement key encryption technique*/
#if defined(HAVE_ECC) && defined(HAVE_AES_KEYWRAP) #if defined(HAVE_ECC) && defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
#if !defined(NO_AES) && defined(HAVE_AES_CBC) #if !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
ADD_PKCS7ENVELOPEDVECTOR( ADD_PKCS7ENVELOPEDVECTOR(
@@ -52755,7 +52756,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
}; };
byte senderNonce[PKCS7_NONCE_SZ + 2]; byte senderNonce[PKCS7_NONCE_SZ + 2];
#ifdef HAVE_ECC #ifdef HAVE_ECC
#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP) #if !defined(NO_AES) && defined(HAVE_AESGCM) && \
defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
#if !defined(NO_SHA256) && defined(WOLFSSL_AES_256) #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] = WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
@@ -52771,7 +52773,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
#endif #endif
#if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \ #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \
defined(WOLFSSL_SHA512) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP) defined(WOLFSSL_SHA512) && defined(HAVE_AESGCM) && \
defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = { WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
}; };
@@ -52886,7 +52889,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
/* key agreement key encryption technique*/ /* key agreement key encryption technique*/
#ifdef HAVE_ECC #ifdef HAVE_ECC
#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP) #if !defined(NO_AES) && defined(HAVE_AESGCM) && \
defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
ADD_PKCS7AUTHENVELOPEDVECTOR( ADD_PKCS7AUTHENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP,

3
wolfssl/wolfcrypt/settings.h
View File

@@ -3416,9 +3416,6 @@ extern void uITRON4_free(void *p) ;
#if defined(NO_AES) && defined(NO_DES3) #if defined(NO_AES) && defined(NO_DES3)
#error PKCS7 needs either AES or 3DES enabled, please enable one #error PKCS7 needs either AES or 3DES enabled, please enable one
#endif #endif
#if defined(HAVE_ECC) && !defined(HAVE_X963_KDF)
#error PKCS7 requires X963 KDF please define HAVE_X963_KDF
#endif
#endif #endif
#ifndef NO_PKCS12 #ifndef NO_PKCS12