From fa21fb4a2778044531af1a81c46374b74ef3ed9b Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 12 Mar 2018 15:44:48 -0600 Subject: [PATCH] more aes macro key size guards --- wolfcrypt/src/pkcs7.c | 74 +++++++++++++++++++++++++++++++++++------ wolfssl/wolfcrypt/asn.h | 14 ++++++++ 2 files changed, 78 insertions(+), 10 deletions(-) diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 2a4335b33..833ab544a 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -157,9 +157,15 @@ static int wc_PKCS7_GetOIDBlockSize(int oid) switch (oid) { #ifndef NO_AES + #ifdef WOLFSSL_AES_128 case AES128CBCb: + #endif + #ifdef WOLFSSL_AES_192 case AES192CBCb: + #endif + #ifdef WOLFSSL_AES_256 case AES256CBCb: + #endif blockSz = AES_BLOCK_SIZE; break; #endif @@ -185,20 +191,24 @@ static int wc_PKCS7_GetOIDKeySize(int oid) switch (oid) { #ifndef NO_AES + #ifdef WOLFSSL_AES_128 case AES128CBCb: case AES128_WRAP: blockKeySz = 16; break; - + #endif + #ifdef WOLFSSL_AES_192 case AES192CBCb: case AES192_WRAP: blockKeySz = 24; break; - + #endif + #ifdef WOLFSSL_AES_256 case AES256CBCb: case AES256_WRAP: blockKeySz = 32; break; + #endif #endif #ifndef NO_DES3 case DESb: @@ -2165,9 +2175,15 @@ static int wc_PKCS7_KariKeyWrap(byte* cek, word32 cekSz, byte* kek, switch (keyWrapAlgo) { #ifndef NO_AES + #ifdef WOLFSSL_AES_128 case AES128_WRAP: + #endif + #ifdef WOLFSSL_AES_192 case AES192_WRAP: + #endif + #ifdef WOLFSSL_AES_256 case AES256_WRAP: + #endif if (direction == AES_ENCRYPTION) { @@ -2669,9 +2685,15 @@ static int wc_CreateKeyAgreeRecipientInfo(PKCS7* pkcs7, const byte* cert, /* set direction based on keyWrapAlgo */ switch (keyWrapAlgo) { #ifndef NO_AES + #ifdef WOLFSSL_AES_128 case AES128_WRAP: + #endif + #ifdef WOLFSSL_AES_192 case AES192_WRAP: + #endif + #ifdef WOLFSSL_AES_256 case AES256_WRAP: + #endif direction = AES_ENCRYPTION; break; #endif @@ -3104,13 +3126,26 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz, switch (encryptOID) { #ifndef NO_AES + #ifdef WOLFSSL_AES_128 case AES128CBCb: + #endif + #ifdef WOLFSSL_AES_192 case AES192CBCb: + #endif + #ifdef WOLFSSL_AES_256 case AES256CBCb: - if ( (encryptOID == AES128CBCb && keySz != 16 ) || - (encryptOID == AES192CBCb && keySz != 24 ) || - (encryptOID == AES256CBCb && keySz != 32 ) || - (ivSz != AES_BLOCK_SIZE) ) + #endif + if ( + #ifdef WOLFSSL_AES_128 + (encryptOID == AES128CBCb && keySz != 16 ) || + #endif + #ifdef WOLFSSL_AES_192 + (encryptOID == AES192CBCb && keySz != 24 ) || + #endif + #ifdef WOLFSSL_AES_256 + (encryptOID == AES256CBCb && keySz != 32 ) || + #endif + (ivSz != AES_BLOCK_SIZE) ) return BAD_FUNC_ARG; ret = wc_AesSetKey(&aes, key, keySz, iv, AES_ENCRYPTION); @@ -3168,13 +3203,26 @@ static int wc_PKCS7_DecryptContent(int encryptOID, byte* key, int keySz, switch (encryptOID) { #ifndef NO_AES + #ifdef WOLFSSL_AES_128 case AES128CBCb: + #endif + #ifdef WOLFSSL_AES_192 case AES192CBCb: + #endif + #ifdef WOLFSSL_AES_256 case AES256CBCb: - if ( (encryptOID == AES128CBCb && keySz != 16 ) || - (encryptOID == AES192CBCb && keySz != 24 ) || - (encryptOID == AES256CBCb && keySz != 32 ) || - (ivSz != AES_BLOCK_SIZE) ) + #endif + if ( + #ifdef WOLFSSL_AES_128 + (encryptOID == AES128CBCb && keySz != 16 ) || + #endif + #ifdef WOLFSSL_AES_192 + (encryptOID == AES192CBCb && keySz != 24 ) || + #endif + #ifdef WOLFSSL_AES_256 + (encryptOID == AES256CBCb && keySz != 32 ) || + #endif + (ivSz != AES_BLOCK_SIZE) ) return BAD_FUNC_ARG; ret = wc_AesSetKey(&aes, key, keySz, iv, AES_DECRYPTION); @@ -4172,9 +4220,15 @@ static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, /* set direction based on key wrap algorithm */ switch (keyWrapOID) { #ifndef NO_AES + #ifdef WOLFSSL_AES_128 case AES128_WRAP: + #endif + #ifdef WOLFSSL_AES_192 case AES192_WRAP: + #endif + #ifdef WOLFSSL_AES_256 case AES256_WRAP: + #endif direction = AES_DECRYPTION; break; #endif diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index e76aff46b..853c12f5e 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -261,11 +261,19 @@ enum Hash_Sum { enum Block_Sum { +#ifdef WOLFSSL_AES_128 AES128CBCb = 414, +#endif +#ifdef WOLFSSL_AES_192 AES192CBCb = 434, +#endif +#ifdef WOLFSSL_AES_256 AES256CBCb = 454, +#endif +#ifndef NO_DES3 DESb = 69, DES3b = 652 +#endif }; @@ -279,9 +287,15 @@ enum Key_Sum { enum KeyWrap_Sum { +#ifdef WOLFSSL_AES_128 AES128_WRAP = 417, +#endif +#ifdef WOLFSSL_AES_192 AES192_WRAP = 437, +#endif +#ifdef WOLFSSL_AES_256 AES256_WRAP = 457 +#endif };