Xuyi Wang / wolfSSL

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependents:   OS

wolfcrypt/src/wc_encrypt.c@16:048e5e270a58, 2019-11-19 (annotated)

Committer:
sPymbed
Date:
Tue Nov 19 14:32:16 2019 +0000
Revision:
16:048e5e270a58
Parent:
15:117db924cf7c 
working ssl

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 15:117db924cf7c 1 /* wc_encrypt.c
wolfSSL 15:117db924cf7c 2 *
wolfSSL 15:117db924cf7c 3 * Copyright (C) 2006-2017 wolfSSL Inc.
wolfSSL 15:117db924cf7c 4 *
wolfSSL 15:117db924cf7c 5 * This file is part of wolfSSL.
wolfSSL 15:117db924cf7c 6 *
wolfSSL 15:117db924cf7c 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 15:117db924cf7c 8 * it under the terms of the GNU General Public License as published by
wolfSSL 15:117db924cf7c 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 15:117db924cf7c 10 * (at your option) any later version.
wolfSSL 15:117db924cf7c 11 *
wolfSSL 15:117db924cf7c 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 15:117db924cf7c 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 15:117db924cf7c 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 15:117db924cf7c 15 * GNU General Public License for more details.
wolfSSL 15:117db924cf7c 16 *
wolfSSL 15:117db924cf7c 17 * You should have received a copy of the GNU General Public License
wolfSSL 15:117db924cf7c 18 * along with this program; if not, write to the Free Software
wolfSSL 15:117db924cf7c 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 15:117db924cf7c 20 */
wolfSSL 15:117db924cf7c 21
wolfSSL 15:117db924cf7c 22
wolfSSL 15:117db924cf7c 23 #ifdef HAVE_CONFIG_H
wolfSSL 15:117db924cf7c 24 #include <config.h>
wolfSSL 15:117db924cf7c 25 #endif
wolfSSL 15:117db924cf7c 26
wolfSSL 15:117db924cf7c 27 #include <wolfssl/wolfcrypt/settings.h>
wolfSSL 15:117db924cf7c 28 #include <wolfssl/wolfcrypt/aes.h>
wolfSSL 15:117db924cf7c 29 #include <wolfssl/wolfcrypt/des3.h>
wolfSSL 15:117db924cf7c 30 #include <wolfssl/wolfcrypt/hash.h>
wolfSSL 15:117db924cf7c 31 #include <wolfssl/wolfcrypt/arc4.h>
wolfSSL 15:117db924cf7c 32 #include <wolfssl/wolfcrypt/wc_encrypt.h>
wolfSSL 15:117db924cf7c 33 #include <wolfssl/wolfcrypt/error-crypt.h>
wolfSSL 15:117db924cf7c 34 #include <wolfssl/wolfcrypt/asn.h>
wolfSSL 15:117db924cf7c 35 #include <wolfssl/wolfcrypt/coding.h>
wolfSSL 15:117db924cf7c 36 #include <wolfssl/wolfcrypt/pwdbased.h>
wolfSSL 15:117db924cf7c 37 #include <wolfssl/wolfcrypt/logging.h>
wolfSSL 15:117db924cf7c 38
wolfSSL 15:117db924cf7c 39 #ifdef NO_INLINE
wolfSSL 15:117db924cf7c 40 #include <wolfssl/wolfcrypt/misc.h>
wolfSSL 15:117db924cf7c 41 #else
wolfSSL 15:117db924cf7c 42 #define WOLFSSL_MISC_INCLUDED
wolfSSL 15:117db924cf7c 43 #include <wolfcrypt/src/misc.c>
wolfSSL 15:117db924cf7c 44 #endif
wolfSSL 15:117db924cf7c 45
wolfSSL 15:117db924cf7c 46 #if !defined(NO_AES) && defined(HAVE_AES_CBC)
wolfSSL 15:117db924cf7c 47 #ifdef HAVE_AES_DECRYPT
wolfSSL 15:117db924cf7c 48 int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
wolfSSL 15:117db924cf7c 49 const byte* key, word32 keySz, const byte* iv)
wolfSSL 15:117db924cf7c 50 {
wolfSSL 15:117db924cf7c 51 int ret = 0;
wolfSSL 15:117db924cf7c 52 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 53 Aes* aes = NULL;
wolfSSL 15:117db924cf7c 54 #else
wolfSSL 15:117db924cf7c 55 Aes aes[1];
wolfSSL 15:117db924cf7c 56 #endif
wolfSSL 15:117db924cf7c 57
wolfSSL 15:117db924cf7c 58 if (out == NULL || in == NULL || key == NULL || iv == NULL) {
wolfSSL 15:117db924cf7c 59 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 60 }
wolfSSL 15:117db924cf7c 61
wolfSSL 15:117db924cf7c 62 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 63 aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 64 if (aes == NULL)
wolfSSL 15:117db924cf7c 65 return MEMORY_E;
wolfSSL 15:117db924cf7c 66 #endif
wolfSSL 15:117db924cf7c 67
wolfSSL 15:117db924cf7c 68 ret = wc_AesInit(aes, NULL, INVALID_DEVID);
wolfSSL 15:117db924cf7c 69 if (ret == 0) {
wolfSSL 15:117db924cf7c 70 ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION);
wolfSSL 15:117db924cf7c 71 if (ret == 0)
wolfSSL 15:117db924cf7c 72 ret = wc_AesCbcDecrypt(aes, out, in, inSz);
wolfSSL 15:117db924cf7c 73
wolfSSL 15:117db924cf7c 74 wc_AesFree(aes);
wolfSSL 15:117db924cf7c 75 }
wolfSSL 15:117db924cf7c 76
wolfSSL 15:117db924cf7c 77 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 78 XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 79 #endif
wolfSSL 15:117db924cf7c 80
wolfSSL 15:117db924cf7c 81 return ret;
wolfSSL 15:117db924cf7c 82 }
wolfSSL 15:117db924cf7c 83 #endif /* HAVE_AES_DECRYPT */
wolfSSL 15:117db924cf7c 84
wolfSSL 15:117db924cf7c 85 int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
wolfSSL 15:117db924cf7c 86 const byte* key, word32 keySz, const byte* iv)
wolfSSL 15:117db924cf7c 87 {
wolfSSL 15:117db924cf7c 88 int ret = 0;
wolfSSL 15:117db924cf7c 89 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 90 Aes* aes = NULL;
wolfSSL 15:117db924cf7c 91 #else
wolfSSL 15:117db924cf7c 92 Aes aes[1];
wolfSSL 15:117db924cf7c 93 #endif
wolfSSL 15:117db924cf7c 94
wolfSSL 15:117db924cf7c 95 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 96 aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 97 if (aes == NULL)
wolfSSL 15:117db924cf7c 98 return MEMORY_E;
wolfSSL 15:117db924cf7c 99 #endif
wolfSSL 15:117db924cf7c 100
wolfSSL 15:117db924cf7c 101 ret = wc_AesInit(aes, NULL, INVALID_DEVID);
wolfSSL 15:117db924cf7c 102 if (ret == 0) {
wolfSSL 15:117db924cf7c 103 ret = wc_AesSetKey(aes, key, keySz, iv, AES_ENCRYPTION);
wolfSSL 15:117db924cf7c 104 if (ret == 0)
wolfSSL 15:117db924cf7c 105 ret = wc_AesCbcEncrypt(aes, out, in, inSz);
wolfSSL 15:117db924cf7c 106
wolfSSL 15:117db924cf7c 107 wc_AesFree(aes);
wolfSSL 15:117db924cf7c 108 }
wolfSSL 15:117db924cf7c 109
wolfSSL 15:117db924cf7c 110 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 111 XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 112 #endif
wolfSSL 15:117db924cf7c 113
wolfSSL 15:117db924cf7c 114 return ret;
wolfSSL 15:117db924cf7c 115 }
wolfSSL 15:117db924cf7c 116 #endif /* !NO_AES && HAVE_AES_CBC */
wolfSSL 15:117db924cf7c 117
wolfSSL 15:117db924cf7c 118
wolfSSL 15:117db924cf7c 119 #ifndef NO_DES3
wolfSSL 15:117db924cf7c 120 int wc_Des_CbcEncryptWithKey(byte* out, const byte* in, word32 sz,
wolfSSL 15:117db924cf7c 121 const byte* key, const byte* iv)
wolfSSL 15:117db924cf7c 122 {
wolfSSL 15:117db924cf7c 123 int ret = 0;
wolfSSL 15:117db924cf7c 124 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 125 Des* des = NULL;
wolfSSL 15:117db924cf7c 126 #else
wolfSSL 15:117db924cf7c 127 Des des[1];
wolfSSL 15:117db924cf7c 128 #endif
wolfSSL 15:117db924cf7c 129
wolfSSL 15:117db924cf7c 130 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 131 des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 132 if (des == NULL)
wolfSSL 15:117db924cf7c 133 return MEMORY_E;
wolfSSL 15:117db924cf7c 134 #endif
wolfSSL 15:117db924cf7c 135
wolfSSL 15:117db924cf7c 136 ret = wc_Des_SetKey(des, key, iv, DES_ENCRYPTION);
wolfSSL 15:117db924cf7c 137 if (ret == 0)
wolfSSL 15:117db924cf7c 138 ret = wc_Des_CbcEncrypt(des, out, in, sz);
wolfSSL 15:117db924cf7c 139
wolfSSL 15:117db924cf7c 140 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 141 XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 142 #endif
wolfSSL 15:117db924cf7c 143
wolfSSL 15:117db924cf7c 144 return ret;
wolfSSL 15:117db924cf7c 145 }
wolfSSL 15:117db924cf7c 146
wolfSSL 15:117db924cf7c 147 int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
wolfSSL 15:117db924cf7c 148 const byte* key, const byte* iv)
wolfSSL 15:117db924cf7c 149 {
wolfSSL 15:117db924cf7c 150 int ret = 0;
wolfSSL 15:117db924cf7c 151 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 152 Des* des = NULL;
wolfSSL 15:117db924cf7c 153 #else
wolfSSL 15:117db924cf7c 154 Des des[1];
wolfSSL 15:117db924cf7c 155 #endif
wolfSSL 15:117db924cf7c 156
wolfSSL 15:117db924cf7c 157 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 158 des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 159 if (des == NULL)
wolfSSL 15:117db924cf7c 160 return MEMORY_E;
wolfSSL 15:117db924cf7c 161 #endif
wolfSSL 15:117db924cf7c 162
wolfSSL 15:117db924cf7c 163 ret = wc_Des_SetKey(des, key, iv, DES_DECRYPTION);
wolfSSL 15:117db924cf7c 164 if (ret == 0)
wolfSSL 15:117db924cf7c 165 ret = wc_Des_CbcDecrypt(des, out, in, sz);
wolfSSL 15:117db924cf7c 166
wolfSSL 15:117db924cf7c 167 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 168 XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 169 #endif
wolfSSL 15:117db924cf7c 170
wolfSSL 15:117db924cf7c 171 return ret;
wolfSSL 15:117db924cf7c 172 }
wolfSSL 15:117db924cf7c 173
wolfSSL 15:117db924cf7c 174
wolfSSL 15:117db924cf7c 175 int wc_Des3_CbcEncryptWithKey(byte* out, const byte* in, word32 sz,
wolfSSL 15:117db924cf7c 176 const byte* key, const byte* iv)
wolfSSL 15:117db924cf7c 177 {
wolfSSL 15:117db924cf7c 178 int ret = 0;
wolfSSL 15:117db924cf7c 179 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 180 Des3* des3 = NULL;
wolfSSL 15:117db924cf7c 181 #else
wolfSSL 15:117db924cf7c 182 Des3 des3[1];
wolfSSL 15:117db924cf7c 183 #endif
wolfSSL 15:117db924cf7c 184
wolfSSL 15:117db924cf7c 185 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 186 des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 187 if (des3 == NULL)
wolfSSL 15:117db924cf7c 188 return MEMORY_E;
wolfSSL 15:117db924cf7c 189 #endif
wolfSSL 15:117db924cf7c 190
wolfSSL 15:117db924cf7c 191 ret = wc_Des3Init(des3, NULL, INVALID_DEVID);
wolfSSL 15:117db924cf7c 192 if (ret == 0) {
wolfSSL 15:117db924cf7c 193 ret = wc_Des3_SetKey(des3, key, iv, DES_ENCRYPTION);
wolfSSL 15:117db924cf7c 194 if (ret == 0)
wolfSSL 15:117db924cf7c 195 ret = wc_Des3_CbcEncrypt(des3, out, in, sz);
wolfSSL 15:117db924cf7c 196 wc_Des3Free(des3);
wolfSSL 15:117db924cf7c 197 }
wolfSSL 15:117db924cf7c 198
wolfSSL 15:117db924cf7c 199 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 200 XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 201 #endif
wolfSSL 15:117db924cf7c 202
wolfSSL 15:117db924cf7c 203 return ret;
wolfSSL 15:117db924cf7c 204 }
wolfSSL 15:117db924cf7c 205
wolfSSL 15:117db924cf7c 206
wolfSSL 15:117db924cf7c 207 int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
wolfSSL 15:117db924cf7c 208 const byte* key, const byte* iv)
wolfSSL 15:117db924cf7c 209 {
wolfSSL 15:117db924cf7c 210 int ret = 0;
wolfSSL 15:117db924cf7c 211 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 212 Des3* des3 = NULL;
wolfSSL 15:117db924cf7c 213 #else
wolfSSL 15:117db924cf7c 214 Des3 des3[1];
wolfSSL 15:117db924cf7c 215 #endif
wolfSSL 15:117db924cf7c 216
wolfSSL 15:117db924cf7c 217 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 218 des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 219 if (des3 == NULL)
wolfSSL 15:117db924cf7c 220 return MEMORY_E;
wolfSSL 15:117db924cf7c 221 #endif
wolfSSL 15:117db924cf7c 222
wolfSSL 15:117db924cf7c 223 ret = wc_Des3Init(des3, NULL, INVALID_DEVID);
wolfSSL 15:117db924cf7c 224 if (ret == 0) {
wolfSSL 15:117db924cf7c 225 ret = wc_Des3_SetKey(des3, key, iv, DES_DECRYPTION);
wolfSSL 15:117db924cf7c 226 if (ret == 0)
wolfSSL 15:117db924cf7c 227 ret = wc_Des3_CbcDecrypt(des3, out, in, sz);
wolfSSL 15:117db924cf7c 228 wc_Des3Free(des3);
wolfSSL 15:117db924cf7c 229 }
wolfSSL 15:117db924cf7c 230
wolfSSL 15:117db924cf7c 231 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 232 XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 233 #endif
wolfSSL 15:117db924cf7c 234
wolfSSL 15:117db924cf7c 235 return ret;
wolfSSL 15:117db924cf7c 236 }
wolfSSL 15:117db924cf7c 237
wolfSSL 15:117db924cf7c 238 #endif /* !NO_DES3 */
wolfSSL 15:117db924cf7c 239
wolfSSL 15:117db924cf7c 240
wolfSSL 15:117db924cf7c 241 #ifdef WOLFSSL_ENCRYPTED_KEYS
wolfSSL 15:117db924cf7c 242
wolfSSL 15:117db924cf7c 243 int wc_BufferKeyDecrypt(EncryptedInfo* info, byte* der, word32 derSz,
wolfSSL 15:117db924cf7c 244 const byte* password, int passwordSz, int hashType)
wolfSSL 15:117db924cf7c 245 {
wolfSSL 15:117db924cf7c 246 int ret = NOT_COMPILED_IN;
wolfSSL 15:117db924cf7c 247 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 248 byte* key = NULL;
wolfSSL 15:117db924cf7c 249 #else
wolfSSL 15:117db924cf7c 250 byte key[WC_MAX_SYM_KEY_SIZE];
wolfSSL 15:117db924cf7c 251 #endif
wolfSSL 15:117db924cf7c 252
wolfSSL 15:117db924cf7c 253 (void)derSz;
wolfSSL 15:117db924cf7c 254 (void)passwordSz;
wolfSSL 15:117db924cf7c 255 (void)hashType;
wolfSSL 15:117db924cf7c 256
wolfSSL 15:117db924cf7c 257 if (der == NULL || password == NULL || info == NULL || info->keySz == 0) {
wolfSSL 15:117db924cf7c 258 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 259 }
wolfSSL 15:117db924cf7c 260
wolfSSL 15:117db924cf7c 261 /* use file's salt for key derivation, hex decode first */
wolfSSL 15:117db924cf7c 262 if (Base16_Decode(info->iv, info->ivSz, info->iv, &info->ivSz) != 0) {
wolfSSL 15:117db924cf7c 263 return BUFFER_E;
wolfSSL 15:117db924cf7c 264 }
wolfSSL 15:117db924cf7c 265 if (info->ivSz < PKCS5_SALT_SZ)
wolfSSL 15:117db924cf7c 266 return BUFFER_E;
wolfSSL 15:117db924cf7c 267
wolfSSL 15:117db924cf7c 268 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 269 key = (byte*)XMALLOC(WC_MAX_SYM_KEY_SIZE, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);
wolfSSL 15:117db924cf7c 270 if (key == NULL) {
wolfSSL 15:117db924cf7c 271 return MEMORY_E;
wolfSSL 15:117db924cf7c 272 }
wolfSSL 15:117db924cf7c 273 #endif
wolfSSL 15:117db924cf7c 274
wolfSSL 15:117db924cf7c 275 #ifndef NO_PWDBASED
wolfSSL 15:117db924cf7c 276 if ((ret = wc_PBKDF1(key, password, passwordSz, info->iv, PKCS5_SALT_SZ, 1,
wolfSSL 15:117db924cf7c 277 info->keySz, hashType)) != 0) {
wolfSSL 15:117db924cf7c 278 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 279 XFREE(key, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);
wolfSSL 15:117db924cf7c 280 #endif
wolfSSL 15:117db924cf7c 281 return ret;
wolfSSL 15:117db924cf7c 282 }
wolfSSL 15:117db924cf7c 283 #endif
wolfSSL 15:117db924cf7c 284
wolfSSL 15:117db924cf7c 285 #ifndef NO_DES3
wolfSSL 15:117db924cf7c 286 if (info->cipherType == WC_CIPHER_DES)
wolfSSL 15:117db924cf7c 287 ret = wc_Des_CbcDecryptWithKey(der, der, derSz, key, info->iv);
wolfSSL 15:117db924cf7c 288 if (info->cipherType == WC_CIPHER_DES3)
wolfSSL 15:117db924cf7c 289 ret = wc_Des3_CbcDecryptWithKey(der, der, derSz, key, info->iv);
wolfSSL 15:117db924cf7c 290 #endif /* NO_DES3 */
wolfSSL 15:117db924cf7c 291 #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT)
wolfSSL 15:117db924cf7c 292 if (info->cipherType == WC_CIPHER_AES_CBC)
wolfSSL 15:117db924cf7c 293 ret = wc_AesCbcDecryptWithKey(der, der, derSz, key, info->keySz,
wolfSSL 15:117db924cf7c 294 info->iv);
wolfSSL 15:117db924cf7c 295 #endif /* !NO_AES && HAVE_AES_CBC && HAVE_AES_DECRYPT */
wolfSSL 15:117db924cf7c 296
wolfSSL 15:117db924cf7c 297 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 298 XFREE(key, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);
wolfSSL 15:117db924cf7c 299 #endif
wolfSSL 15:117db924cf7c 300
wolfSSL 15:117db924cf7c 301 return ret;
wolfSSL 15:117db924cf7c 302 }
wolfSSL 15:117db924cf7c 303
wolfSSL 15:117db924cf7c 304 int wc_BufferKeyEncrypt(EncryptedInfo* info, byte* der, word32 derSz,
wolfSSL 15:117db924cf7c 305 const byte* password, int passwordSz, int hashType)
wolfSSL 15:117db924cf7c 306 {
wolfSSL 15:117db924cf7c 307 int ret = NOT_COMPILED_IN;
wolfSSL 15:117db924cf7c 308 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 309 byte* key = NULL;
wolfSSL 15:117db924cf7c 310 #else
wolfSSL 15:117db924cf7c 311 byte key[WC_MAX_SYM_KEY_SIZE];
wolfSSL 15:117db924cf7c 312 #endif
wolfSSL 15:117db924cf7c 313
wolfSSL 15:117db924cf7c 314 (void)derSz;
wolfSSL 15:117db924cf7c 315 (void)passwordSz;
wolfSSL 15:117db924cf7c 316 (void)hashType;
wolfSSL 15:117db924cf7c 317
wolfSSL 15:117db924cf7c 318 if (der == NULL || password == NULL || info == NULL || info->keySz == 0 ||
wolfSSL 15:117db924cf7c 319 info->ivSz < PKCS5_SALT_SZ) {
wolfSSL 15:117db924cf7c 320 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 321 }
wolfSSL 15:117db924cf7c 322
wolfSSL 15:117db924cf7c 323 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 324 key = (byte*)XMALLOC(WC_MAX_SYM_KEY_SIZE, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);
wolfSSL 15:117db924cf7c 325 if (key == NULL) {
wolfSSL 15:117db924cf7c 326 return MEMORY_E;
wolfSSL 15:117db924cf7c 327 }
wolfSSL 15:117db924cf7c 328 #endif /* WOLFSSL_SMALL_STACK */
wolfSSL 15:117db924cf7c 329
wolfSSL 15:117db924cf7c 330 #ifndef NO_PWDBASED
wolfSSL 15:117db924cf7c 331 if ((ret = wc_PBKDF1(key, password, passwordSz, info->iv, PKCS5_SALT_SZ, 1,
wolfSSL 15:117db924cf7c 332 info->keySz, hashType)) != 0) {
wolfSSL 15:117db924cf7c 333 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 334 XFREE(key, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);
wolfSSL 15:117db924cf7c 335 #endif
wolfSSL 15:117db924cf7c 336 return ret;
wolfSSL 15:117db924cf7c 337 }
wolfSSL 15:117db924cf7c 338 #endif
wolfSSL 15:117db924cf7c 339
wolfSSL 15:117db924cf7c 340 #ifndef NO_DES3
wolfSSL 15:117db924cf7c 341 if (info->cipherType == WC_CIPHER_DES)
wolfSSL 15:117db924cf7c 342 ret = wc_Des_CbcEncryptWithKey(der, der, derSz, key, info->iv);
wolfSSL 15:117db924cf7c 343 if (info->cipherType == WC_CIPHER_DES3)
wolfSSL 15:117db924cf7c 344 ret = wc_Des3_CbcEncryptWithKey(der, der, derSz, key, info->iv);
wolfSSL 15:117db924cf7c 345 #endif /* NO_DES3 */
wolfSSL 15:117db924cf7c 346 #ifndef NO_AES
wolfSSL 15:117db924cf7c 347 if (info->cipherType == WC_CIPHER_AES_CBC)
wolfSSL 15:117db924cf7c 348 ret = wc_AesCbcEncryptWithKey(der, der, derSz, key, info->keySz,
wolfSSL 15:117db924cf7c 349 info->iv);
wolfSSL 15:117db924cf7c 350 #endif /* NO_AES */
wolfSSL 15:117db924cf7c 351
wolfSSL 15:117db924cf7c 352 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 353 XFREE(key, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);
wolfSSL 15:117db924cf7c 354 #endif
wolfSSL 15:117db924cf7c 355
wolfSSL 15:117db924cf7c 356 return ret;
wolfSSL 15:117db924cf7c 357 }
wolfSSL 15:117db924cf7c 358
wolfSSL 15:117db924cf7c 359 #endif /* WOLFSSL_ENCRYPTED_KEYS */
wolfSSL 15:117db924cf7c 360
wolfSSL 15:117db924cf7c 361
wolfSSL 15:117db924cf7c 362 #ifndef NO_PWDBASED
wolfSSL 15:117db924cf7c 363
wolfSSL 15:117db924cf7c 364 /* Decrypt/Encrypt input in place from parameters based on id
wolfSSL 15:117db924cf7c 365 *
wolfSSL 15:117db924cf7c 366 * returns a negative value on fail case
wolfSSL 15:117db924cf7c 367 */
wolfSSL 15:117db924cf7c 368 int wc_CryptKey(const char* password, int passwordSz, byte* salt,
wolfSSL 15:117db924cf7c 369 int saltSz, int iterations, int id, byte* input,
wolfSSL 15:117db924cf7c 370 int length, int version, byte* cbcIv, int enc)
wolfSSL 15:117db924cf7c 371 {
wolfSSL 15:117db924cf7c 372 int typeH;
wolfSSL 15:117db924cf7c 373 int derivedLen;
wolfSSL 15:117db924cf7c 374 int ret = 0;
wolfSSL 15:117db924cf7c 375 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 376 byte* key;
wolfSSL 15:117db924cf7c 377 #else
wolfSSL 15:117db924cf7c 378 byte key[MAX_KEY_SIZE];
wolfSSL 15:117db924cf7c 379 #endif
wolfSSL 15:117db924cf7c 380
wolfSSL 15:117db924cf7c 381 (void)input;
wolfSSL 15:117db924cf7c 382 (void)length;
wolfSSL 15:117db924cf7c 383 (void)enc;
wolfSSL 15:117db924cf7c 384
wolfSSL 15:117db924cf7c 385 WOLFSSL_ENTER("wc_CryptKey");
wolfSSL 15:117db924cf7c 386
wolfSSL 15:117db924cf7c 387 switch (id) {
wolfSSL 15:117db924cf7c 388 #ifndef NO_DES3
wolfSSL 15:117db924cf7c 389 #ifndef NO_MD5
wolfSSL 15:117db924cf7c 390 case PBE_MD5_DES:
wolfSSL 15:117db924cf7c 391 typeH = WC_MD5;
wolfSSL 15:117db924cf7c 392 derivedLen = 16; /* may need iv for v1.5 */
wolfSSL 15:117db924cf7c 393 break;
wolfSSL 15:117db924cf7c 394 #endif
wolfSSL 15:117db924cf7c 395 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 396 case PBE_SHA1_DES:
wolfSSL 15:117db924cf7c 397 typeH = WC_SHA;
wolfSSL 15:117db924cf7c 398 derivedLen = 16; /* may need iv for v1.5 */
wolfSSL 15:117db924cf7c 399 break;
wolfSSL 15:117db924cf7c 400
wolfSSL 15:117db924cf7c 401 case PBE_SHA1_DES3:
wolfSSL 15:117db924cf7c 402 typeH = WC_SHA;
wolfSSL 15:117db924cf7c 403 derivedLen = 32; /* may need iv for v1.5 */
wolfSSL 15:117db924cf7c 404 break;
wolfSSL 15:117db924cf7c 405 #endif /* !NO_SHA */
wolfSSL 15:117db924cf7c 406 #endif /* !NO_DES3 */
wolfSSL 15:117db924cf7c 407 #if !defined(NO_SHA) && !defined(NO_RC4)
wolfSSL 15:117db924cf7c 408 case PBE_SHA1_RC4_128:
wolfSSL 15:117db924cf7c 409 typeH = WC_SHA;
wolfSSL 15:117db924cf7c 410 derivedLen = 16;
wolfSSL 15:117db924cf7c 411 break;
wolfSSL 15:117db924cf7c 412 #endif
wolfSSL 15:117db924cf7c 413 #ifdef WOLFSSL_AES_256
wolfSSL 15:117db924cf7c 414 case PBE_AES256_CBC:
wolfSSL 15:117db924cf7c 415 typeH = WC_SHA256;
wolfSSL 15:117db924cf7c 416 derivedLen = 32;
wolfSSL 15:117db924cf7c 417 break;
wolfSSL 15:117db924cf7c 418 #endif
wolfSSL 15:117db924cf7c 419 default:
wolfSSL 15:117db924cf7c 420 WOLFSSL_MSG("Unknown/Unsupported encrypt/decrypt id");
wolfSSL 15:117db924cf7c 421 return ALGO_ID_E;
wolfSSL 15:117db924cf7c 422 }
wolfSSL 15:117db924cf7c 423
wolfSSL 15:117db924cf7c 424 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 425 key = (byte*)XMALLOC(MAX_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 426 if (key == NULL)
wolfSSL 15:117db924cf7c 427 return MEMORY_E;
wolfSSL 15:117db924cf7c 428 #endif
wolfSSL 15:117db924cf7c 429
wolfSSL 15:117db924cf7c 430 if (version == PKCS5v2)
wolfSSL 15:117db924cf7c 431 ret = wc_PBKDF2(key, (byte*)password, passwordSz,
wolfSSL 15:117db924cf7c 432 salt, saltSz, iterations, derivedLen, typeH);
wolfSSL 15:117db924cf7c 433 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 434 else if (version == PKCS5)
wolfSSL 15:117db924cf7c 435 ret = wc_PBKDF1(key, (byte*)password, passwordSz,
wolfSSL 15:117db924cf7c 436 salt, saltSz, iterations, derivedLen, typeH);
wolfSSL 15:117db924cf7c 437 #endif
wolfSSL 15:117db924cf7c 438 else if (version == PKCS12v1) {
wolfSSL 15:117db924cf7c 439 int i, idx = 0;
wolfSSL 15:117db924cf7c 440 byte unicodePasswd[MAX_UNICODE_SZ];
wolfSSL 15:117db924cf7c 441
wolfSSL 15:117db924cf7c 442 if ( (passwordSz * 2 + 2) > (int)sizeof(unicodePasswd)) {
wolfSSL 15:117db924cf7c 443 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 444 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 445 #endif
wolfSSL 15:117db924cf7c 446 return UNICODE_SIZE_E;
wolfSSL 15:117db924cf7c 447 }
wolfSSL 15:117db924cf7c 448
wolfSSL 15:117db924cf7c 449 for (i = 0; i < passwordSz; i++) {
wolfSSL 15:117db924cf7c 450 unicodePasswd[idx++] = 0x00;
wolfSSL 15:117db924cf7c 451 unicodePasswd[idx++] = (byte)password[i];
wolfSSL 15:117db924cf7c 452 }
wolfSSL 15:117db924cf7c 453 /* add trailing NULL */
wolfSSL 15:117db924cf7c 454 unicodePasswd[idx++] = 0x00;
wolfSSL 15:117db924cf7c 455 unicodePasswd[idx++] = 0x00;
wolfSSL 15:117db924cf7c 456
wolfSSL 15:117db924cf7c 457 ret = wc_PKCS12_PBKDF(key, unicodePasswd, idx, salt, saltSz,
wolfSSL 15:117db924cf7c 458 iterations, derivedLen, typeH, 1);
wolfSSL 15:117db924cf7c 459 if (id != PBE_SHA1_RC4_128)
wolfSSL 15:117db924cf7c 460 ret += wc_PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt, saltSz,
wolfSSL 15:117db924cf7c 461 iterations, 8, typeH, 2);
wolfSSL 15:117db924cf7c 462 }
wolfSSL 15:117db924cf7c 463 else {
wolfSSL 15:117db924cf7c 464 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 465 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 466 #endif
wolfSSL 15:117db924cf7c 467 WOLFSSL_MSG("Unknown/Unsupported PKCS version");
wolfSSL 15:117db924cf7c 468 return ALGO_ID_E;
wolfSSL 15:117db924cf7c 469 }
wolfSSL 15:117db924cf7c 470
wolfSSL 15:117db924cf7c 471 if (ret != 0) {
wolfSSL 15:117db924cf7c 472 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 473 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 474 #endif
wolfSSL 15:117db924cf7c 475 return ret;
wolfSSL 15:117db924cf7c 476 }
wolfSSL 15:117db924cf7c 477
wolfSSL 15:117db924cf7c 478 switch (id) {
wolfSSL 15:117db924cf7c 479 #ifndef NO_DES3
wolfSSL 15:117db924cf7c 480 #if !defined(NO_SHA) || !defined(NO_MD5)
wolfSSL 15:117db924cf7c 481 case PBE_MD5_DES:
wolfSSL 15:117db924cf7c 482 case PBE_SHA1_DES:
wolfSSL 15:117db924cf7c 483 {
wolfSSL 15:117db924cf7c 484 Des des;
wolfSSL 15:117db924cf7c 485 byte* desIv = key + 8;
wolfSSL 15:117db924cf7c 486
wolfSSL 15:117db924cf7c 487 if (version == PKCS5v2 || version == PKCS12v1)
wolfSSL 15:117db924cf7c 488 desIv = cbcIv;
wolfSSL 15:117db924cf7c 489
wolfSSL 15:117db924cf7c 490 if (enc) {
wolfSSL 15:117db924cf7c 491 ret = wc_Des_SetKey(&des, key, desIv, DES_ENCRYPTION);
wolfSSL 15:117db924cf7c 492 }
wolfSSL 15:117db924cf7c 493 else {
wolfSSL 15:117db924cf7c 494 ret = wc_Des_SetKey(&des, key, desIv, DES_DECRYPTION);
wolfSSL 15:117db924cf7c 495 }
wolfSSL 15:117db924cf7c 496 if (ret != 0) {
wolfSSL 15:117db924cf7c 497 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 498 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 499 #endif
wolfSSL 15:117db924cf7c 500 return ret;
wolfSSL 15:117db924cf7c 501 }
wolfSSL 15:117db924cf7c 502
wolfSSL 15:117db924cf7c 503 if (enc) {
wolfSSL 15:117db924cf7c 504 wc_Des_CbcEncrypt(&des, input, input, length);
wolfSSL 15:117db924cf7c 505 }
wolfSSL 15:117db924cf7c 506 else {
wolfSSL 15:117db924cf7c 507 wc_Des_CbcDecrypt(&des, input, input, length);
wolfSSL 15:117db924cf7c 508 }
wolfSSL 15:117db924cf7c 509 break;
wolfSSL 15:117db924cf7c 510 }
wolfSSL 15:117db924cf7c 511 #endif /* !NO_SHA || !NO_MD5 */
wolfSSL 15:117db924cf7c 512
wolfSSL 15:117db924cf7c 513 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 514 case PBE_SHA1_DES3:
wolfSSL 15:117db924cf7c 515 {
wolfSSL 15:117db924cf7c 516 Des3 des;
wolfSSL 15:117db924cf7c 517 byte* desIv = key + 24;
wolfSSL 15:117db924cf7c 518
wolfSSL 15:117db924cf7c 519 if (version == PKCS5v2 || version == PKCS12v1)
wolfSSL 15:117db924cf7c 520 desIv = cbcIv;
wolfSSL 15:117db924cf7c 521
wolfSSL 15:117db924cf7c 522 ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
wolfSSL 15:117db924cf7c 523 if (ret != 0) {
wolfSSL 15:117db924cf7c 524 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 525 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 526 #endif
wolfSSL 15:117db924cf7c 527 return ret;
wolfSSL 15:117db924cf7c 528 }
wolfSSL 15:117db924cf7c 529 if (enc) {
wolfSSL 15:117db924cf7c 530 ret = wc_Des3_SetKey(&des, key, desIv, DES_ENCRYPTION);
wolfSSL 15:117db924cf7c 531 }
wolfSSL 15:117db924cf7c 532 else {
wolfSSL 15:117db924cf7c 533 ret = wc_Des3_SetKey(&des, key, desIv, DES_DECRYPTION);
wolfSSL 15:117db924cf7c 534 }
wolfSSL 15:117db924cf7c 535 if (ret != 0) {
wolfSSL 15:117db924cf7c 536 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 537 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 538 #endif
wolfSSL 15:117db924cf7c 539 return ret;
wolfSSL 15:117db924cf7c 540 }
wolfSSL 15:117db924cf7c 541 if (enc) {
wolfSSL 15:117db924cf7c 542 ret = wc_Des3_CbcEncrypt(&des, input, input, length);
wolfSSL 15:117db924cf7c 543 }
wolfSSL 15:117db924cf7c 544 else {
wolfSSL 15:117db924cf7c 545 ret = wc_Des3_CbcDecrypt(&des, input, input, length);
wolfSSL 15:117db924cf7c 546 }
wolfSSL 15:117db924cf7c 547 if (ret != 0) {
wolfSSL 15:117db924cf7c 548 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 549 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 550 #endif
wolfSSL 15:117db924cf7c 551 return ret;
wolfSSL 15:117db924cf7c 552 }
wolfSSL 15:117db924cf7c 553 break;
wolfSSL 15:117db924cf7c 554 }
wolfSSL 15:117db924cf7c 555 #endif /* !NO_SHA */
wolfSSL 15:117db924cf7c 556 #endif
wolfSSL 15:117db924cf7c 557 #if !defined(NO_RC4) && !defined(NO_SHA)
wolfSSL 15:117db924cf7c 558 case PBE_SHA1_RC4_128:
wolfSSL 15:117db924cf7c 559 {
wolfSSL 15:117db924cf7c 560 Arc4 dec;
wolfSSL 15:117db924cf7c 561
wolfSSL 15:117db924cf7c 562 wc_Arc4SetKey(&dec, key, derivedLen);
wolfSSL 15:117db924cf7c 563 wc_Arc4Process(&dec, input, input, length);
wolfSSL 15:117db924cf7c 564 break;
wolfSSL 15:117db924cf7c 565 }
wolfSSL 15:117db924cf7c 566 #endif
wolfSSL 15:117db924cf7c 567 #ifndef NO_AES
wolfSSL 15:117db924cf7c 568 #ifdef WOLFSSL_AES_256
wolfSSL 15:117db924cf7c 569 case PBE_AES256_CBC:
wolfSSL 15:117db924cf7c 570 {
wolfSSL 15:117db924cf7c 571 Aes dec;
wolfSSL 15:117db924cf7c 572 ret = wc_AesInit(&dec, NULL, INVALID_DEVID);
wolfSSL 15:117db924cf7c 573 if (ret == 0)
wolfSSL 15:117db924cf7c 574 ret = wc_AesSetKey(&dec, key, derivedLen,
wolfSSL 15:117db924cf7c 575 cbcIv, AES_DECRYPTION);
wolfSSL 15:117db924cf7c 576 if (ret == 0)
wolfSSL 15:117db924cf7c 577 ret = wc_AesCbcDecrypt(&dec, input, input, length);
wolfSSL 15:117db924cf7c 578 if (ret != 0) {
wolfSSL 15:117db924cf7c 579 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 580 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 581 #endif
wolfSSL 15:117db924cf7c 582 return ret;
wolfSSL 15:117db924cf7c 583 }
wolfSSL 15:117db924cf7c 584 ForceZero(&dec, sizeof(Aes));
wolfSSL 15:117db924cf7c 585 break;
wolfSSL 15:117db924cf7c 586 }
wolfSSL 15:117db924cf7c 587 #endif /* WOLFSSL_AES_256 */
wolfSSL 15:117db924cf7c 588 #endif
wolfSSL 15:117db924cf7c 589
wolfSSL 15:117db924cf7c 590 default:
wolfSSL 15:117db924cf7c 591 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 592 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 593 #endif
wolfSSL 15:117db924cf7c 594 WOLFSSL_MSG("Unknown/Unsupported encrypt/decryption algorithm");
wolfSSL 15:117db924cf7c 595 return ALGO_ID_E;
wolfSSL 15:117db924cf7c 596 }
wolfSSL 15:117db924cf7c 597
wolfSSL 15:117db924cf7c 598 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 599 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 600 #endif
wolfSSL 15:117db924cf7c 601
wolfSSL 15:117db924cf7c 602 return ret;
wolfSSL 15:117db924cf7c 603 }
wolfSSL 15:117db924cf7c 604
wolfSSL 15:117db924cf7c 605 #endif /* !NO_PWDBASED */
wolfSSL 15:117db924cf7c 606