add AES-256-CBC to PKCS#7 Encode/DecodeEnvelopedData

2026-01-27 02:22:21 +01:00 · 2016-10-31 11:31:15 -06:00
parent 8c23c3cdd0
commit fa9a9175d0
5 changed files with 33 additions and 6 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -785,6 +785,7 @@ static const byte hashSha512hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 3};
 /* blkType */
 static const byte blkAes128CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 2};
 static const byte blkAes192CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 22};
+static const byte blkAes256CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 42};
 static const byte blkDesCbcOid[]  = {43, 14, 3, 2, 7};
 static const byte blkDes3CbcOid[] = {42, 134, 72, 134, 247, 13, 3, 7};

@@ -969,6 +970,10 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz)
                    oid = blkAes192CbcOid;
                    *oidSz = sizeof(blkAes192CbcOid);
                    break;
+                case AES256CBCb:
+                    oid = blkAes256CbcOid;
+                    *oidSz = sizeof(blkAes256CbcOid);
+                    break;
                case DESb:
                    oid = blkDesCbcOid;
                    *oidSz = sizeof(blkDesCbcOid);
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -1193,6 +1193,7 @@ int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
 #ifndef NO_AES
        case AES128CBCb:
        case AES192CBCb:
+        case AES256CBCb:
            if (ivSz != AES_BLOCK_SIZE)
                return BAD_FUNC_ARG;

@@ -1252,6 +1253,7 @@ int wc_PKCS7_DecryptContent(int encryptOID, byte* key, int keySz,
 #ifndef NO_AES
        case AES128CBCb:
        case AES192CBCb:
+        case AES256CBCb:
            if (ivSz != AES_BLOCK_SIZE)
                return BAD_FUNC_ARG;

@@ -1340,7 +1342,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
    if (output == NULL || outputSz == 0)
        return BAD_FUNC_ARG;

-    /* wolfCrypt PKCS#7 supports AES-128-CBC, DES, 3DES for now */
+    /* wolfCrypt PKCS#7 supports AES-128/192/256-CBC, DES, 3DES for now */
    switch (pkcs7->encryptOID) {
        case AES128CBCb:
            blockKeySz = 16;
@@ -1352,6 +1354,11 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
            blockSz    = AES_BLOCK_SIZE;
            break;

+        case AES256CBCb:
+            blockKeySz = 32;
+            blockSz    = AES_BLOCK_SIZE;
+            break;
+
        case DESb:
            blockKeySz = DES_KEYLEN;
            blockSz    = DES_BLOCK_SIZE;
@@ -1804,6 +1811,11 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
            expBlockSz = AES_BLOCK_SIZE;
            break;

+        case AES256CBCb:
+            blockKeySz = 32;
+            expBlockSz = AES_BLOCK_SIZE;
+            break;
+
        case DESb:
            blockKeySz = DES_KEYLEN;
            expBlockSz = DES_BLOCK_SIZE;