wolf SSL / wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents:   CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

wolfcrypt/src/pkcs7.c@13:f67a6c6013ca, 2017-08-22 (annotated)

Committer:
wolfSSL
Date:
Tue Aug 22 10:48:22 2017 +0000
Revision:
13:f67a6c6013ca
wolfSSL3.12.0 with TLS1.3

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 13:f67a6c6013ca 1 /* pkcs7.c
wolfSSL 13:f67a6c6013ca 2 *
wolfSSL 13:f67a6c6013ca 3 * Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL 13:f67a6c6013ca 4 *
wolfSSL 13:f67a6c6013ca 5 * This file is part of wolfSSL.
wolfSSL 13:f67a6c6013ca 6 *
wolfSSL 13:f67a6c6013ca 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 13:f67a6c6013ca 8 * it under the terms of the GNU General Public License as published by
wolfSSL 13:f67a6c6013ca 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 13:f67a6c6013ca 10 * (at your option) any later version.
wolfSSL 13:f67a6c6013ca 11 *
wolfSSL 13:f67a6c6013ca 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 13:f67a6c6013ca 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 13:f67a6c6013ca 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 13:f67a6c6013ca 15 * GNU General Public License for more details.
wolfSSL 13:f67a6c6013ca 16 *
wolfSSL 13:f67a6c6013ca 17 * You should have received a copy of the GNU General Public License
wolfSSL 13:f67a6c6013ca 18 * along with this program; if not, write to the Free Software
wolfSSL 13:f67a6c6013ca 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 13:f67a6c6013ca 20 */
wolfSSL 13:f67a6c6013ca 21
wolfSSL 13:f67a6c6013ca 22
wolfSSL 13:f67a6c6013ca 23 #ifdef HAVE_CONFIG_H
wolfSSL 13:f67a6c6013ca 24 #include <config.h>
wolfSSL 13:f67a6c6013ca 25 #endif
wolfSSL 13:f67a6c6013ca 26
wolfSSL 13:f67a6c6013ca 27 #include <wolfssl/wolfcrypt/settings.h>
wolfSSL 13:f67a6c6013ca 28
wolfSSL 13:f67a6c6013ca 29 #ifdef HAVE_PKCS7
wolfSSL 13:f67a6c6013ca 30
wolfSSL 13:f67a6c6013ca 31 #include <wolfssl/wolfcrypt/pkcs7.h>
wolfSSL 13:f67a6c6013ca 32 #include <wolfssl/wolfcrypt/error-crypt.h>
wolfSSL 13:f67a6c6013ca 33 #include <wolfssl/wolfcrypt/logging.h>
wolfSSL 13:f67a6c6013ca 34 #include <wolfssl/wolfcrypt/hash.h>
wolfSSL 13:f67a6c6013ca 35 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 36 #include <wolfssl/wolfcrypt/rsa.h>
wolfSSL 13:f67a6c6013ca 37 #endif
wolfSSL 13:f67a6c6013ca 38 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 39 #include <wolfssl/wolfcrypt/ecc.h>
wolfSSL 13:f67a6c6013ca 40 #endif
wolfSSL 13:f67a6c6013ca 41 #ifdef NO_INLINE
wolfSSL 13:f67a6c6013ca 42 #include <wolfssl/wolfcrypt/misc.h>
wolfSSL 13:f67a6c6013ca 43 #else
wolfSSL 13:f67a6c6013ca 44 #define WOLFSSL_MISC_INCLUDED
wolfSSL 13:f67a6c6013ca 45 #include <wolfcrypt/src/misc.c>
wolfSSL 13:f67a6c6013ca 46 #endif
wolfSSL 13:f67a6c6013ca 47
wolfSSL 13:f67a6c6013ca 48
wolfSSL 13:f67a6c6013ca 49 /* direction for processing, encoding or decoding */
wolfSSL 13:f67a6c6013ca 50 typedef enum {
wolfSSL 13:f67a6c6013ca 51 WC_PKCS7_ENCODE,
wolfSSL 13:f67a6c6013ca 52 WC_PKCS7_DECODE
wolfSSL 13:f67a6c6013ca 53 } pkcs7Direction;
wolfSSL 13:f67a6c6013ca 54
wolfSSL 13:f67a6c6013ca 55 #define MAX_PKCS7_DIGEST_SZ (MAX_SEQ_SZ + MAX_ALGO_SZ + \
wolfSSL 13:f67a6c6013ca 56 MAX_OCTET_STR_SZ + WC_MAX_DIGEST_SIZE)
wolfSSL 13:f67a6c6013ca 57
wolfSSL 13:f67a6c6013ca 58
wolfSSL 13:f67a6c6013ca 59 /* placed ASN.1 contentType OID into *output, return idx on success,
wolfSSL 13:f67a6c6013ca 60 * 0 upon failure */
wolfSSL 13:f67a6c6013ca 61 static int wc_SetContentType(int pkcs7TypeOID, byte* output)
wolfSSL 13:f67a6c6013ca 62 {
wolfSSL 13:f67a6c6013ca 63 /* PKCS#7 content types, RFC 2315, section 14 */
wolfSSL 13:f67a6c6013ca 64 const byte pkcs7[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7,
wolfSSL 13:f67a6c6013ca 65 0x0D, 0x01, 0x07 };
wolfSSL 13:f67a6c6013ca 66 const byte data[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7,
wolfSSL 13:f67a6c6013ca 67 0x0D, 0x01, 0x07, 0x01 };
wolfSSL 13:f67a6c6013ca 68 const byte signedData[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7,
wolfSSL 13:f67a6c6013ca 69 0x0D, 0x01, 0x07, 0x02};
wolfSSL 13:f67a6c6013ca 70 const byte envelopedData[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7,
wolfSSL 13:f67a6c6013ca 71 0x0D, 0x01, 0x07, 0x03 };
wolfSSL 13:f67a6c6013ca 72 const byte signedAndEnveloped[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7,
wolfSSL 13:f67a6c6013ca 73 0x0D, 0x01, 0x07, 0x04 };
wolfSSL 13:f67a6c6013ca 74 const byte digestedData[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7,
wolfSSL 13:f67a6c6013ca 75 0x0D, 0x01, 0x07, 0x05 };
wolfSSL 13:f67a6c6013ca 76 const byte encryptedData[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7,
wolfSSL 13:f67a6c6013ca 77 0x0D, 0x01, 0x07, 0x06 };
wolfSSL 13:f67a6c6013ca 78
wolfSSL 13:f67a6c6013ca 79 int idSz;
wolfSSL 13:f67a6c6013ca 80 int typeSz = 0, idx = 0;
wolfSSL 13:f67a6c6013ca 81 const byte* typeName = 0;
wolfSSL 13:f67a6c6013ca 82 byte ID_Length[MAX_LENGTH_SZ];
wolfSSL 13:f67a6c6013ca 83
wolfSSL 13:f67a6c6013ca 84 switch (pkcs7TypeOID) {
wolfSSL 13:f67a6c6013ca 85 case PKCS7_MSG:
wolfSSL 13:f67a6c6013ca 86 typeSz = sizeof(pkcs7);
wolfSSL 13:f67a6c6013ca 87 typeName = pkcs7;
wolfSSL 13:f67a6c6013ca 88 break;
wolfSSL 13:f67a6c6013ca 89
wolfSSL 13:f67a6c6013ca 90 case DATA:
wolfSSL 13:f67a6c6013ca 91 typeSz = sizeof(data);
wolfSSL 13:f67a6c6013ca 92 typeName = data;
wolfSSL 13:f67a6c6013ca 93 break;
wolfSSL 13:f67a6c6013ca 94
wolfSSL 13:f67a6c6013ca 95 case SIGNED_DATA:
wolfSSL 13:f67a6c6013ca 96 typeSz = sizeof(signedData);
wolfSSL 13:f67a6c6013ca 97 typeName = signedData;
wolfSSL 13:f67a6c6013ca 98 break;
wolfSSL 13:f67a6c6013ca 99
wolfSSL 13:f67a6c6013ca 100 case ENVELOPED_DATA:
wolfSSL 13:f67a6c6013ca 101 typeSz = sizeof(envelopedData);
wolfSSL 13:f67a6c6013ca 102 typeName = envelopedData;
wolfSSL 13:f67a6c6013ca 103 break;
wolfSSL 13:f67a6c6013ca 104
wolfSSL 13:f67a6c6013ca 105 case SIGNED_AND_ENVELOPED_DATA:
wolfSSL 13:f67a6c6013ca 106 typeSz = sizeof(signedAndEnveloped);
wolfSSL 13:f67a6c6013ca 107 typeName = signedAndEnveloped;
wolfSSL 13:f67a6c6013ca 108 break;
wolfSSL 13:f67a6c6013ca 109
wolfSSL 13:f67a6c6013ca 110 case DIGESTED_DATA:
wolfSSL 13:f67a6c6013ca 111 typeSz = sizeof(digestedData);
wolfSSL 13:f67a6c6013ca 112 typeName = digestedData;
wolfSSL 13:f67a6c6013ca 113 break;
wolfSSL 13:f67a6c6013ca 114
wolfSSL 13:f67a6c6013ca 115 case ENCRYPTED_DATA:
wolfSSL 13:f67a6c6013ca 116 typeSz = sizeof(encryptedData);
wolfSSL 13:f67a6c6013ca 117 typeName = encryptedData;
wolfSSL 13:f67a6c6013ca 118 break;
wolfSSL 13:f67a6c6013ca 119
wolfSSL 13:f67a6c6013ca 120 default:
wolfSSL 13:f67a6c6013ca 121 WOLFSSL_MSG("Unknown PKCS#7 Type");
wolfSSL 13:f67a6c6013ca 122 return 0;
wolfSSL 13:f67a6c6013ca 123 };
wolfSSL 13:f67a6c6013ca 124
wolfSSL 13:f67a6c6013ca 125 idSz = SetLength(typeSz, ID_Length);
wolfSSL 13:f67a6c6013ca 126 output[idx++] = ASN_OBJECT_ID;
wolfSSL 13:f67a6c6013ca 127 XMEMCPY(output + idx, ID_Length, idSz);
wolfSSL 13:f67a6c6013ca 128 idx += idSz;
wolfSSL 13:f67a6c6013ca 129 XMEMCPY(output + idx, typeName, typeSz);
wolfSSL 13:f67a6c6013ca 130 idx += typeSz;
wolfSSL 13:f67a6c6013ca 131
wolfSSL 13:f67a6c6013ca 132 return idx;
wolfSSL 13:f67a6c6013ca 133 }
wolfSSL 13:f67a6c6013ca 134
wolfSSL 13:f67a6c6013ca 135
wolfSSL 13:f67a6c6013ca 136 /* get ASN.1 contentType OID sum, return 0 on success, <0 on failure */
wolfSSL 13:f67a6c6013ca 137 static int wc_GetContentType(const byte* input, word32* inOutIdx, word32* oid,
wolfSSL 13:f67a6c6013ca 138 word32 maxIdx)
wolfSSL 13:f67a6c6013ca 139 {
wolfSSL 13:f67a6c6013ca 140 WOLFSSL_ENTER("wc_GetContentType");
wolfSSL 13:f67a6c6013ca 141 if (GetObjectId(input, inOutIdx, oid, oidIgnoreType, maxIdx) < 0)
wolfSSL 13:f67a6c6013ca 142 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 143
wolfSSL 13:f67a6c6013ca 144 return 0;
wolfSSL 13:f67a6c6013ca 145 }
wolfSSL 13:f67a6c6013ca 146
wolfSSL 13:f67a6c6013ca 147
wolfSSL 13:f67a6c6013ca 148 /* return block size for algorithm represented by oid, or <0 on error */
wolfSSL 13:f67a6c6013ca 149 static int wc_PKCS7_GetOIDBlockSize(int oid)
wolfSSL 13:f67a6c6013ca 150 {
wolfSSL 13:f67a6c6013ca 151 int blockSz;
wolfSSL 13:f67a6c6013ca 152
wolfSSL 13:f67a6c6013ca 153 switch (oid) {
wolfSSL 13:f67a6c6013ca 154 #ifndef NO_AES
wolfSSL 13:f67a6c6013ca 155 case AES128CBCb:
wolfSSL 13:f67a6c6013ca 156 case AES192CBCb:
wolfSSL 13:f67a6c6013ca 157 case AES256CBCb:
wolfSSL 13:f67a6c6013ca 158 blockSz = AES_BLOCK_SIZE;
wolfSSL 13:f67a6c6013ca 159 break;
wolfSSL 13:f67a6c6013ca 160 #endif
wolfSSL 13:f67a6c6013ca 161 #ifndef NO_DES3
wolfSSL 13:f67a6c6013ca 162 case DESb:
wolfSSL 13:f67a6c6013ca 163 case DES3b:
wolfSSL 13:f67a6c6013ca 164 blockSz = DES_BLOCK_SIZE;
wolfSSL 13:f67a6c6013ca 165 break;
wolfSSL 13:f67a6c6013ca 166 #endif
wolfSSL 13:f67a6c6013ca 167 default:
wolfSSL 13:f67a6c6013ca 168 WOLFSSL_MSG("Unsupported content cipher type");
wolfSSL 13:f67a6c6013ca 169 return ALGO_ID_E;
wolfSSL 13:f67a6c6013ca 170 };
wolfSSL 13:f67a6c6013ca 171
wolfSSL 13:f67a6c6013ca 172 return blockSz;
wolfSSL 13:f67a6c6013ca 173 }
wolfSSL 13:f67a6c6013ca 174
wolfSSL 13:f67a6c6013ca 175
wolfSSL 13:f67a6c6013ca 176 /* get key size for algorithm represented by oid, or <0 on error */
wolfSSL 13:f67a6c6013ca 177 static int wc_PKCS7_GetOIDKeySize(int oid)
wolfSSL 13:f67a6c6013ca 178 {
wolfSSL 13:f67a6c6013ca 179 int blockKeySz;
wolfSSL 13:f67a6c6013ca 180
wolfSSL 13:f67a6c6013ca 181 switch (oid) {
wolfSSL 13:f67a6c6013ca 182 #ifndef NO_AES
wolfSSL 13:f67a6c6013ca 183 case AES128CBCb:
wolfSSL 13:f67a6c6013ca 184 case AES128_WRAP:
wolfSSL 13:f67a6c6013ca 185 blockKeySz = 16;
wolfSSL 13:f67a6c6013ca 186 break;
wolfSSL 13:f67a6c6013ca 187
wolfSSL 13:f67a6c6013ca 188 case AES192CBCb:
wolfSSL 13:f67a6c6013ca 189 case AES192_WRAP:
wolfSSL 13:f67a6c6013ca 190 blockKeySz = 24;
wolfSSL 13:f67a6c6013ca 191 break;
wolfSSL 13:f67a6c6013ca 192
wolfSSL 13:f67a6c6013ca 193 case AES256CBCb:
wolfSSL 13:f67a6c6013ca 194 case AES256_WRAP:
wolfSSL 13:f67a6c6013ca 195 blockKeySz = 32;
wolfSSL 13:f67a6c6013ca 196 break;
wolfSSL 13:f67a6c6013ca 197 #endif
wolfSSL 13:f67a6c6013ca 198 #ifndef NO_DES3
wolfSSL 13:f67a6c6013ca 199 case DESb:
wolfSSL 13:f67a6c6013ca 200 blockKeySz = DES_KEYLEN;
wolfSSL 13:f67a6c6013ca 201 break;
wolfSSL 13:f67a6c6013ca 202
wolfSSL 13:f67a6c6013ca 203 case DES3b:
wolfSSL 13:f67a6c6013ca 204 blockKeySz = DES3_KEYLEN;
wolfSSL 13:f67a6c6013ca 205 break;
wolfSSL 13:f67a6c6013ca 206 #endif
wolfSSL 13:f67a6c6013ca 207 default:
wolfSSL 13:f67a6c6013ca 208 WOLFSSL_MSG("Unsupported content cipher type");
wolfSSL 13:f67a6c6013ca 209 return ALGO_ID_E;
wolfSSL 13:f67a6c6013ca 210 };
wolfSSL 13:f67a6c6013ca 211
wolfSSL 13:f67a6c6013ca 212 return blockKeySz;
wolfSSL 13:f67a6c6013ca 213 }
wolfSSL 13:f67a6c6013ca 214
wolfSSL 13:f67a6c6013ca 215
wolfSSL 13:f67a6c6013ca 216 /* This is to initialize a PKCS7 structure. It sets all values to 0 and can be
wolfSSL 13:f67a6c6013ca 217 * used to set the heap hint.
wolfSSL 13:f67a6c6013ca 218 *
wolfSSL 13:f67a6c6013ca 219 * pkcs7 PKCS7 structure to initialize
wolfSSL 13:f67a6c6013ca 220 * heap memory heap hint for PKCS7 structure to use
wolfSSL 13:f67a6c6013ca 221 * devId currently not used but a place holder for async operations
wolfSSL 13:f67a6c6013ca 222 *
wolfSSL 13:f67a6c6013ca 223 * returns 0 on success or a negative value for failure
wolfSSL 13:f67a6c6013ca 224 */
wolfSSL 13:f67a6c6013ca 225 int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId)
wolfSSL 13:f67a6c6013ca 226 {
wolfSSL 13:f67a6c6013ca 227 WOLFSSL_ENTER("wc_PKCS7_Init");
wolfSSL 13:f67a6c6013ca 228
wolfSSL 13:f67a6c6013ca 229 if (pkcs7 == NULL) {
wolfSSL 13:f67a6c6013ca 230 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 231 }
wolfSSL 13:f67a6c6013ca 232
wolfSSL 13:f67a6c6013ca 233 XMEMSET(pkcs7, 0, sizeof(PKCS7));
wolfSSL 13:f67a6c6013ca 234 pkcs7->heap = heap;
wolfSSL 13:f67a6c6013ca 235
wolfSSL 13:f67a6c6013ca 236 (void)devId; /* silence unused warning */
wolfSSL 13:f67a6c6013ca 237 return 0;
wolfSSL 13:f67a6c6013ca 238 }
wolfSSL 13:f67a6c6013ca 239
wolfSSL 13:f67a6c6013ca 240
wolfSSL 13:f67a6c6013ca 241 /* init PKCS7 struct with recipient cert, decode into DecodedCert
wolfSSL 13:f67a6c6013ca 242 * NOTE: keeps previously set pkcs7 memory heap hint */
wolfSSL 13:f67a6c6013ca 243 int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz)
wolfSSL 13:f67a6c6013ca 244 {
wolfSSL 13:f67a6c6013ca 245 int ret = 0;
wolfSSL 13:f67a6c6013ca 246 void* heap;
wolfSSL 13:f67a6c6013ca 247
wolfSSL 13:f67a6c6013ca 248
wolfSSL 13:f67a6c6013ca 249 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 13:f67a6c6013ca 250 heap = (void*)WOLFSSL_HEAP_TEST;
wolfSSL 13:f67a6c6013ca 251 #else
wolfSSL 13:f67a6c6013ca 252 heap = pkcs7->heap;
wolfSSL 13:f67a6c6013ca 253 #endif
wolfSSL 13:f67a6c6013ca 254
wolfSSL 13:f67a6c6013ca 255 XMEMSET(pkcs7, 0, sizeof(PKCS7));
wolfSSL 13:f67a6c6013ca 256 pkcs7->heap = heap;
wolfSSL 13:f67a6c6013ca 257
wolfSSL 13:f67a6c6013ca 258 if (cert != NULL && certSz > 0) {
wolfSSL 13:f67a6c6013ca 259 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 260 DecodedCert* dCert;
wolfSSL 13:f67a6c6013ca 261
wolfSSL 13:f67a6c6013ca 262 dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 13:f67a6c6013ca 263 DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 264 if (dCert == NULL)
wolfSSL 13:f67a6c6013ca 265 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 266 #else
wolfSSL 13:f67a6c6013ca 267 DecodedCert stack_dCert;
wolfSSL 13:f67a6c6013ca 268 DecodedCert* dCert = &stack_dCert;
wolfSSL 13:f67a6c6013ca 269 #endif
wolfSSL 13:f67a6c6013ca 270
wolfSSL 13:f67a6c6013ca 271 pkcs7->singleCert = cert;
wolfSSL 13:f67a6c6013ca 272 pkcs7->singleCertSz = certSz;
wolfSSL 13:f67a6c6013ca 273 InitDecodedCert(dCert, cert, certSz, pkcs7->heap);
wolfSSL 13:f67a6c6013ca 274
wolfSSL 13:f67a6c6013ca 275 ret = ParseCert(dCert, CA_TYPE, NO_VERIFY, 0);
wolfSSL 13:f67a6c6013ca 276 if (ret < 0) {
wolfSSL 13:f67a6c6013ca 277 FreeDecodedCert(dCert);
wolfSSL 13:f67a6c6013ca 278 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 279 XFREE(dCert, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 280 #endif
wolfSSL 13:f67a6c6013ca 281 return ret;
wolfSSL 13:f67a6c6013ca 282 }
wolfSSL 13:f67a6c6013ca 283
wolfSSL 13:f67a6c6013ca 284 XMEMCPY(pkcs7->publicKey, dCert->publicKey, dCert->pubKeySize);
wolfSSL 13:f67a6c6013ca 285 pkcs7->publicKeySz = dCert->pubKeySize;
wolfSSL 13:f67a6c6013ca 286 pkcs7->publicKeyOID = dCert->keyOID;
wolfSSL 13:f67a6c6013ca 287 XMEMCPY(pkcs7->issuerHash, dCert->issuerHash, KEYID_SIZE);
wolfSSL 13:f67a6c6013ca 288 pkcs7->issuer = dCert->issuerRaw;
wolfSSL 13:f67a6c6013ca 289 pkcs7->issuerSz = dCert->issuerRawLen;
wolfSSL 13:f67a6c6013ca 290 XMEMCPY(pkcs7->issuerSn, dCert->serial, dCert->serialSz);
wolfSSL 13:f67a6c6013ca 291 pkcs7->issuerSnSz = dCert->serialSz;
wolfSSL 13:f67a6c6013ca 292 FreeDecodedCert(dCert);
wolfSSL 13:f67a6c6013ca 293
wolfSSL 13:f67a6c6013ca 294 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 295 XFREE(dCert, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 296 #endif
wolfSSL 13:f67a6c6013ca 297 }
wolfSSL 13:f67a6c6013ca 298
wolfSSL 13:f67a6c6013ca 299 return ret;
wolfSSL 13:f67a6c6013ca 300 }
wolfSSL 13:f67a6c6013ca 301
wolfSSL 13:f67a6c6013ca 302
wolfSSL 13:f67a6c6013ca 303 /* free linked list of PKCS7DecodedAttrib structs */
wolfSSL 13:f67a6c6013ca 304 static void wc_PKCS7_FreeDecodedAttrib(PKCS7DecodedAttrib* attrib, void* heap)
wolfSSL 13:f67a6c6013ca 305 {
wolfSSL 13:f67a6c6013ca 306 PKCS7DecodedAttrib* current;
wolfSSL 13:f67a6c6013ca 307
wolfSSL 13:f67a6c6013ca 308 if (attrib == NULL) {
wolfSSL 13:f67a6c6013ca 309 return;
wolfSSL 13:f67a6c6013ca 310 }
wolfSSL 13:f67a6c6013ca 311
wolfSSL 13:f67a6c6013ca 312 current = attrib;
wolfSSL 13:f67a6c6013ca 313 while (current != NULL) {
wolfSSL 13:f67a6c6013ca 314 PKCS7DecodedAttrib* next = current->next;
wolfSSL 13:f67a6c6013ca 315 if (current->oid != NULL) {
wolfSSL 13:f67a6c6013ca 316 XFREE(current->oid, heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 317 }
wolfSSL 13:f67a6c6013ca 318 if (current->value != NULL) {
wolfSSL 13:f67a6c6013ca 319 XFREE(current->value, heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 320 }
wolfSSL 13:f67a6c6013ca 321 XFREE(current, heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 322 current = next;
wolfSSL 13:f67a6c6013ca 323 }
wolfSSL 13:f67a6c6013ca 324
wolfSSL 13:f67a6c6013ca 325 (void)heap;
wolfSSL 13:f67a6c6013ca 326 }
wolfSSL 13:f67a6c6013ca 327
wolfSSL 13:f67a6c6013ca 328
wolfSSL 13:f67a6c6013ca 329 /* releases any memory allocated by a PKCS7 initializer */
wolfSSL 13:f67a6c6013ca 330 void wc_PKCS7_Free(PKCS7* pkcs7)
wolfSSL 13:f67a6c6013ca 331 {
wolfSSL 13:f67a6c6013ca 332 if (pkcs7 == NULL)
wolfSSL 13:f67a6c6013ca 333 return;
wolfSSL 13:f67a6c6013ca 334
wolfSSL 13:f67a6c6013ca 335 wc_PKCS7_FreeDecodedAttrib(pkcs7->decodedAttrib, pkcs7->heap);
wolfSSL 13:f67a6c6013ca 336 }
wolfSSL 13:f67a6c6013ca 337
wolfSSL 13:f67a6c6013ca 338
wolfSSL 13:f67a6c6013ca 339 /* build PKCS#7 data content type */
wolfSSL 13:f67a6c6013ca 340 int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz)
wolfSSL 13:f67a6c6013ca 341 {
wolfSSL 13:f67a6c6013ca 342 static const byte oid[] =
wolfSSL 13:f67a6c6013ca 343 { ASN_OBJECT_ID, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
wolfSSL 13:f67a6c6013ca 344 0x07, 0x01 };
wolfSSL 13:f67a6c6013ca 345 byte seq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 346 byte octetStr[MAX_OCTET_STR_SZ];
wolfSSL 13:f67a6c6013ca 347 word32 seqSz;
wolfSSL 13:f67a6c6013ca 348 word32 octetStrSz;
wolfSSL 13:f67a6c6013ca 349 word32 oidSz = (word32)sizeof(oid);
wolfSSL 13:f67a6c6013ca 350 int idx = 0;
wolfSSL 13:f67a6c6013ca 351
wolfSSL 13:f67a6c6013ca 352 octetStrSz = SetOctetString(pkcs7->contentSz, octetStr);
wolfSSL 13:f67a6c6013ca 353 seqSz = SetSequence(pkcs7->contentSz + octetStrSz + oidSz, seq);
wolfSSL 13:f67a6c6013ca 354
wolfSSL 13:f67a6c6013ca 355 if (outputSz < pkcs7->contentSz + octetStrSz + oidSz + seqSz)
wolfSSL 13:f67a6c6013ca 356 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 357
wolfSSL 13:f67a6c6013ca 358 XMEMCPY(output, seq, seqSz);
wolfSSL 13:f67a6c6013ca 359 idx += seqSz;
wolfSSL 13:f67a6c6013ca 360 XMEMCPY(output + idx, oid, oidSz);
wolfSSL 13:f67a6c6013ca 361 idx += oidSz;
wolfSSL 13:f67a6c6013ca 362 XMEMCPY(output + idx, octetStr, octetStrSz);
wolfSSL 13:f67a6c6013ca 363 idx += octetStrSz;
wolfSSL 13:f67a6c6013ca 364 XMEMCPY(output + idx, pkcs7->content, pkcs7->contentSz);
wolfSSL 13:f67a6c6013ca 365 idx += pkcs7->contentSz;
wolfSSL 13:f67a6c6013ca 366
wolfSSL 13:f67a6c6013ca 367 return idx;
wolfSSL 13:f67a6c6013ca 368 }
wolfSSL 13:f67a6c6013ca 369
wolfSSL 13:f67a6c6013ca 370
wolfSSL 13:f67a6c6013ca 371 typedef struct EncodedAttrib {
wolfSSL 13:f67a6c6013ca 372 byte valueSeq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 373 const byte* oid;
wolfSSL 13:f67a6c6013ca 374 byte valueSet[MAX_SET_SZ];
wolfSSL 13:f67a6c6013ca 375 const byte* value;
wolfSSL 13:f67a6c6013ca 376 word32 valueSeqSz, oidSz, idSz, valueSetSz, valueSz, totalSz;
wolfSSL 13:f67a6c6013ca 377 } EncodedAttrib;
wolfSSL 13:f67a6c6013ca 378
wolfSSL 13:f67a6c6013ca 379
wolfSSL 13:f67a6c6013ca 380 typedef struct ESD {
wolfSSL 13:f67a6c6013ca 381 wc_HashAlg hash;
wolfSSL 13:f67a6c6013ca 382 enum wc_HashType hashType;
wolfSSL 13:f67a6c6013ca 383 byte contentDigest[WC_MAX_DIGEST_SIZE + 2]; /* content only + ASN.1 heading */
wolfSSL 13:f67a6c6013ca 384 byte contentAttribsDigest[WC_MAX_DIGEST_SIZE];
wolfSSL 13:f67a6c6013ca 385 byte encContentDigest[512];
wolfSSL 13:f67a6c6013ca 386
wolfSSL 13:f67a6c6013ca 387 byte outerSeq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 388 byte outerContent[MAX_EXP_SZ];
wolfSSL 13:f67a6c6013ca 389 byte innerSeq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 390 byte version[MAX_VERSION_SZ];
wolfSSL 13:f67a6c6013ca 391 byte digAlgoIdSet[MAX_SET_SZ];
wolfSSL 13:f67a6c6013ca 392 byte singleDigAlgoId[MAX_ALGO_SZ];
wolfSSL 13:f67a6c6013ca 393
wolfSSL 13:f67a6c6013ca 394 byte contentInfoSeq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 395 byte innerContSeq[MAX_EXP_SZ];
wolfSSL 13:f67a6c6013ca 396 byte innerOctets[MAX_OCTET_STR_SZ];
wolfSSL 13:f67a6c6013ca 397
wolfSSL 13:f67a6c6013ca 398 byte certsSet[MAX_SET_SZ];
wolfSSL 13:f67a6c6013ca 399
wolfSSL 13:f67a6c6013ca 400 byte signerInfoSet[MAX_SET_SZ];
wolfSSL 13:f67a6c6013ca 401 byte signerInfoSeq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 402 byte signerVersion[MAX_VERSION_SZ];
wolfSSL 13:f67a6c6013ca 403 byte issuerSnSeq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 404 byte issuerName[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 405 byte issuerSn[MAX_SN_SZ];
wolfSSL 13:f67a6c6013ca 406 byte signerDigAlgoId[MAX_ALGO_SZ];
wolfSSL 13:f67a6c6013ca 407 byte digEncAlgoId[MAX_ALGO_SZ];
wolfSSL 13:f67a6c6013ca 408 byte signedAttribSet[MAX_SET_SZ];
wolfSSL 13:f67a6c6013ca 409 EncodedAttrib signedAttribs[6];
wolfSSL 13:f67a6c6013ca 410 byte signerDigest[MAX_OCTET_STR_SZ];
wolfSSL 13:f67a6c6013ca 411 word32 innerOctetsSz, innerContSeqSz, contentInfoSeqSz;
wolfSSL 13:f67a6c6013ca 412 word32 outerSeqSz, outerContentSz, innerSeqSz, versionSz, digAlgoIdSetSz,
wolfSSL 13:f67a6c6013ca 413 singleDigAlgoIdSz, certsSetSz;
wolfSSL 13:f67a6c6013ca 414 word32 signerInfoSetSz, signerInfoSeqSz, signerVersionSz,
wolfSSL 13:f67a6c6013ca 415 issuerSnSeqSz, issuerNameSz, issuerSnSz,
wolfSSL 13:f67a6c6013ca 416 signerDigAlgoIdSz, digEncAlgoIdSz, signerDigestSz;
wolfSSL 13:f67a6c6013ca 417 word32 encContentDigestSz, signedAttribsSz, signedAttribsCount,
wolfSSL 13:f67a6c6013ca 418 signedAttribSetSz;
wolfSSL 13:f67a6c6013ca 419 } ESD;
wolfSSL 13:f67a6c6013ca 420
wolfSSL 13:f67a6c6013ca 421
wolfSSL 13:f67a6c6013ca 422 static int EncodeAttributes(EncodedAttrib* ea, int eaSz,
wolfSSL 13:f67a6c6013ca 423 PKCS7Attrib* attribs, int attribsSz)
wolfSSL 13:f67a6c6013ca 424 {
wolfSSL 13:f67a6c6013ca 425 int i;
wolfSSL 13:f67a6c6013ca 426 int maxSz = min(eaSz, attribsSz);
wolfSSL 13:f67a6c6013ca 427 int allAttribsSz = 0;
wolfSSL 13:f67a6c6013ca 428
wolfSSL 13:f67a6c6013ca 429 for (i = 0; i < maxSz; i++)
wolfSSL 13:f67a6c6013ca 430 {
wolfSSL 13:f67a6c6013ca 431 int attribSz = 0;
wolfSSL 13:f67a6c6013ca 432
wolfSSL 13:f67a6c6013ca 433 ea[i].value = attribs[i].value;
wolfSSL 13:f67a6c6013ca 434 ea[i].valueSz = attribs[i].valueSz;
wolfSSL 13:f67a6c6013ca 435 attribSz += ea[i].valueSz;
wolfSSL 13:f67a6c6013ca 436 ea[i].valueSetSz = SetSet(attribSz, ea[i].valueSet);
wolfSSL 13:f67a6c6013ca 437 attribSz += ea[i].valueSetSz;
wolfSSL 13:f67a6c6013ca 438 ea[i].oid = attribs[i].oid;
wolfSSL 13:f67a6c6013ca 439 ea[i].oidSz = attribs[i].oidSz;
wolfSSL 13:f67a6c6013ca 440 attribSz += ea[i].oidSz;
wolfSSL 13:f67a6c6013ca 441 ea[i].valueSeqSz = SetSequence(attribSz, ea[i].valueSeq);
wolfSSL 13:f67a6c6013ca 442 attribSz += ea[i].valueSeqSz;
wolfSSL 13:f67a6c6013ca 443 ea[i].totalSz = attribSz;
wolfSSL 13:f67a6c6013ca 444
wolfSSL 13:f67a6c6013ca 445 allAttribsSz += attribSz;
wolfSSL 13:f67a6c6013ca 446 }
wolfSSL 13:f67a6c6013ca 447 return allAttribsSz;
wolfSSL 13:f67a6c6013ca 448 }
wolfSSL 13:f67a6c6013ca 449
wolfSSL 13:f67a6c6013ca 450
wolfSSL 13:f67a6c6013ca 451 static int FlattenAttributes(byte* output, EncodedAttrib* ea, int eaSz)
wolfSSL 13:f67a6c6013ca 452 {
wolfSSL 13:f67a6c6013ca 453 int i, idx;
wolfSSL 13:f67a6c6013ca 454
wolfSSL 13:f67a6c6013ca 455 idx = 0;
wolfSSL 13:f67a6c6013ca 456 for (i = 0; i < eaSz; i++) {
wolfSSL 13:f67a6c6013ca 457 XMEMCPY(output + idx, ea[i].valueSeq, ea[i].valueSeqSz);
wolfSSL 13:f67a6c6013ca 458 idx += ea[i].valueSeqSz;
wolfSSL 13:f67a6c6013ca 459 XMEMCPY(output + idx, ea[i].oid, ea[i].oidSz);
wolfSSL 13:f67a6c6013ca 460 idx += ea[i].oidSz;
wolfSSL 13:f67a6c6013ca 461 XMEMCPY(output + idx, ea[i].valueSet, ea[i].valueSetSz);
wolfSSL 13:f67a6c6013ca 462 idx += ea[i].valueSetSz;
wolfSSL 13:f67a6c6013ca 463 XMEMCPY(output + idx, ea[i].value, ea[i].valueSz);
wolfSSL 13:f67a6c6013ca 464 idx += ea[i].valueSz;
wolfSSL 13:f67a6c6013ca 465 }
wolfSSL 13:f67a6c6013ca 466 return 0;
wolfSSL 13:f67a6c6013ca 467 }
wolfSSL 13:f67a6c6013ca 468
wolfSSL 13:f67a6c6013ca 469
wolfSSL 13:f67a6c6013ca 470 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 471
wolfSSL 13:f67a6c6013ca 472 /* returns size of signature put into out, negative on error */
wolfSSL 13:f67a6c6013ca 473 static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
wolfSSL 13:f67a6c6013ca 474 {
wolfSSL 13:f67a6c6013ca 475 int ret;
wolfSSL 13:f67a6c6013ca 476 word32 idx;
wolfSSL 13:f67a6c6013ca 477 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 478 RsaKey* privKey;
wolfSSL 13:f67a6c6013ca 479 #else
wolfSSL 13:f67a6c6013ca 480 RsaKey stack_privKey;
wolfSSL 13:f67a6c6013ca 481 RsaKey* privKey = &stack_privKey;
wolfSSL 13:f67a6c6013ca 482 #endif
wolfSSL 13:f67a6c6013ca 483
wolfSSL 13:f67a6c6013ca 484 if (pkcs7 == NULL || pkcs7->privateKey == NULL || pkcs7->rng == NULL ||
wolfSSL 13:f67a6c6013ca 485 in == NULL || esd == NULL)
wolfSSL 13:f67a6c6013ca 486 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 487
wolfSSL 13:f67a6c6013ca 488 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 489 privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 490 if (privKey == NULL)
wolfSSL 13:f67a6c6013ca 491 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 492 #endif
wolfSSL 13:f67a6c6013ca 493
wolfSSL 13:f67a6c6013ca 494 ret = wc_InitRsaKey(privKey, pkcs7->heap);
wolfSSL 13:f67a6c6013ca 495
wolfSSL 13:f67a6c6013ca 496 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 497 idx = 0;
wolfSSL 13:f67a6c6013ca 498 ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &idx, privKey,
wolfSSL 13:f67a6c6013ca 499 pkcs7->privateKeySz);
wolfSSL 13:f67a6c6013ca 500 }
wolfSSL 13:f67a6c6013ca 501
wolfSSL 13:f67a6c6013ca 502 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 503 ret = wc_RsaSSL_Sign(in, inSz, esd->encContentDigest,
wolfSSL 13:f67a6c6013ca 504 sizeof(esd->encContentDigest),
wolfSSL 13:f67a6c6013ca 505 privKey, pkcs7->rng);
wolfSSL 13:f67a6c6013ca 506 }
wolfSSL 13:f67a6c6013ca 507
wolfSSL 13:f67a6c6013ca 508 wc_FreeRsaKey(privKey);
wolfSSL 13:f67a6c6013ca 509 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 510 XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 511 #endif
wolfSSL 13:f67a6c6013ca 512
wolfSSL 13:f67a6c6013ca 513 return ret;
wolfSSL 13:f67a6c6013ca 514 }
wolfSSL 13:f67a6c6013ca 515
wolfSSL 13:f67a6c6013ca 516 #endif /* NO_RSA */
wolfSSL 13:f67a6c6013ca 517
wolfSSL 13:f67a6c6013ca 518
wolfSSL 13:f67a6c6013ca 519 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 520
wolfSSL 13:f67a6c6013ca 521 /* returns size of signature put into out, negative on error */
wolfSSL 13:f67a6c6013ca 522 static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
wolfSSL 13:f67a6c6013ca 523 {
wolfSSL 13:f67a6c6013ca 524 int ret;
wolfSSL 13:f67a6c6013ca 525 word32 outSz, idx;
wolfSSL 13:f67a6c6013ca 526 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 527 ecc_key* privKey;
wolfSSL 13:f67a6c6013ca 528 #else
wolfSSL 13:f67a6c6013ca 529 ecc_key stack_privKey;
wolfSSL 13:f67a6c6013ca 530 ecc_key* privKey = &stack_privKey;
wolfSSL 13:f67a6c6013ca 531 #endif
wolfSSL 13:f67a6c6013ca 532
wolfSSL 13:f67a6c6013ca 533 if (pkcs7 == NULL || pkcs7->privateKey == NULL || pkcs7->rng == NULL ||
wolfSSL 13:f67a6c6013ca 534 in == NULL || esd == NULL)
wolfSSL 13:f67a6c6013ca 535 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 536
wolfSSL 13:f67a6c6013ca 537 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 538 privKey = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 539 if (privKey == NULL)
wolfSSL 13:f67a6c6013ca 540 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 541 #endif
wolfSSL 13:f67a6c6013ca 542
wolfSSL 13:f67a6c6013ca 543 ret = wc_ecc_init_ex(privKey, pkcs7->heap, INVALID_DEVID);
wolfSSL 13:f67a6c6013ca 544
wolfSSL 13:f67a6c6013ca 545 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 546 idx = 0;
wolfSSL 13:f67a6c6013ca 547 ret = wc_EccPrivateKeyDecode(pkcs7->privateKey, &idx, privKey,
wolfSSL 13:f67a6c6013ca 548 pkcs7->privateKeySz);
wolfSSL 13:f67a6c6013ca 549 }
wolfSSL 13:f67a6c6013ca 550
wolfSSL 13:f67a6c6013ca 551 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 552 outSz = sizeof(esd->encContentDigest);
wolfSSL 13:f67a6c6013ca 553 ret = wc_ecc_sign_hash(in, inSz, esd->encContentDigest,
wolfSSL 13:f67a6c6013ca 554 &outSz, pkcs7->rng, privKey);
wolfSSL 13:f67a6c6013ca 555 if (ret == 0)
wolfSSL 13:f67a6c6013ca 556 ret = (int)outSz;
wolfSSL 13:f67a6c6013ca 557 }
wolfSSL 13:f67a6c6013ca 558
wolfSSL 13:f67a6c6013ca 559 wc_ecc_free(privKey);
wolfSSL 13:f67a6c6013ca 560 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 561 XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 562 #endif
wolfSSL 13:f67a6c6013ca 563
wolfSSL 13:f67a6c6013ca 564 return ret;
wolfSSL 13:f67a6c6013ca 565 }
wolfSSL 13:f67a6c6013ca 566
wolfSSL 13:f67a6c6013ca 567 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 568
wolfSSL 13:f67a6c6013ca 569
wolfSSL 13:f67a6c6013ca 570 /* builds up SignedData signed attributes, including default ones.
wolfSSL 13:f67a6c6013ca 571 *
wolfSSL 13:f67a6c6013ca 572 * pkcs7 - pointer to initialized PKCS7 structure
wolfSSL 13:f67a6c6013ca 573 * esd - pointer to initialized ESD structure, used for output
wolfSSL 13:f67a6c6013ca 574 *
wolfSSL 13:f67a6c6013ca 575 * return 0 on success, negative on error */
wolfSSL 13:f67a6c6013ca 576 static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd,
wolfSSL 13:f67a6c6013ca 577 byte* contentTypeOid, word32 contentTypeOidSz,
wolfSSL 13:f67a6c6013ca 578 byte* contentType, word32 contentTypeSz,
wolfSSL 13:f67a6c6013ca 579 byte* messageDigestOid, word32 messageDigestOidSz)
wolfSSL 13:f67a6c6013ca 580 {
wolfSSL 13:f67a6c6013ca 581 int hashSz;
wolfSSL 13:f67a6c6013ca 582
wolfSSL 13:f67a6c6013ca 583 PKCS7Attrib cannedAttribs[2];
wolfSSL 13:f67a6c6013ca 584 word32 cannedAttribsCount;
wolfSSL 13:f67a6c6013ca 585
wolfSSL 13:f67a6c6013ca 586 if (pkcs7 == NULL || esd == NULL || contentTypeOid == NULL ||
wolfSSL 13:f67a6c6013ca 587 contentType == NULL || messageDigestOid == NULL)
wolfSSL 13:f67a6c6013ca 588 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 589
wolfSSL 13:f67a6c6013ca 590 hashSz = wc_HashGetDigestSize(esd->hashType);
wolfSSL 13:f67a6c6013ca 591 if (hashSz < 0)
wolfSSL 13:f67a6c6013ca 592 return hashSz;
wolfSSL 13:f67a6c6013ca 593
wolfSSL 13:f67a6c6013ca 594 cannedAttribsCount = sizeof(cannedAttribs)/sizeof(PKCS7Attrib);
wolfSSL 13:f67a6c6013ca 595
wolfSSL 13:f67a6c6013ca 596 cannedAttribs[0].oid = contentTypeOid;
wolfSSL 13:f67a6c6013ca 597 cannedAttribs[0].oidSz = contentTypeOidSz;
wolfSSL 13:f67a6c6013ca 598 cannedAttribs[0].value = contentType;
wolfSSL 13:f67a6c6013ca 599 cannedAttribs[0].valueSz = contentTypeSz;
wolfSSL 13:f67a6c6013ca 600 cannedAttribs[1].oid = messageDigestOid;
wolfSSL 13:f67a6c6013ca 601 cannedAttribs[1].oidSz = messageDigestOidSz;
wolfSSL 13:f67a6c6013ca 602 cannedAttribs[1].value = esd->contentDigest;
wolfSSL 13:f67a6c6013ca 603 cannedAttribs[1].valueSz = hashSz + 2; /* ASN.1 heading */
wolfSSL 13:f67a6c6013ca 604
wolfSSL 13:f67a6c6013ca 605 esd->signedAttribsCount += cannedAttribsCount;
wolfSSL 13:f67a6c6013ca 606 esd->signedAttribsSz += EncodeAttributes(&esd->signedAttribs[0], 2,
wolfSSL 13:f67a6c6013ca 607 cannedAttribs, cannedAttribsCount);
wolfSSL 13:f67a6c6013ca 608
wolfSSL 13:f67a6c6013ca 609 esd->signedAttribsCount += pkcs7->signedAttribsSz;
wolfSSL 13:f67a6c6013ca 610 esd->signedAttribsSz += EncodeAttributes(&esd->signedAttribs[2], 4,
wolfSSL 13:f67a6c6013ca 611 pkcs7->signedAttribs, pkcs7->signedAttribsSz);
wolfSSL 13:f67a6c6013ca 612
wolfSSL 13:f67a6c6013ca 613 return 0;
wolfSSL 13:f67a6c6013ca 614 }
wolfSSL 13:f67a6c6013ca 615
wolfSSL 13:f67a6c6013ca 616
wolfSSL 13:f67a6c6013ca 617 /* gets correct encryption algo ID for SignedData, either RSAk or
wolfSSL 13:f67a6c6013ca 618 * CTC_<hash>wECDSA, from pkcs7->publicKeyOID.
wolfSSL 13:f67a6c6013ca 619 *
wolfSSL 13:f67a6c6013ca 620 * pkcs7 - pointer to PKCS7 structure
wolfSSL 13:f67a6c6013ca 621 * digEncAlgoId - [OUT] output int to store correct algo ID in
wolfSSL 13:f67a6c6013ca 622 * digEncAlgoType - [OUT] output for algo ID type
wolfSSL 13:f67a6c6013ca 623 *
wolfSSL 13:f67a6c6013ca 624 * return 0 on success, negative on error */
wolfSSL 13:f67a6c6013ca 625 static int wc_PKCS7_SignedDataGetEncAlgoId(PKCS7* pkcs7, int* digEncAlgoId,
wolfSSL 13:f67a6c6013ca 626 int* digEncAlgoType)
wolfSSL 13:f67a6c6013ca 627 {
wolfSSL 13:f67a6c6013ca 628 int algoId = 0;
wolfSSL 13:f67a6c6013ca 629 int algoType = 0;
wolfSSL 13:f67a6c6013ca 630
wolfSSL 13:f67a6c6013ca 631 if (pkcs7 == NULL || digEncAlgoId == NULL || digEncAlgoType == NULL)
wolfSSL 13:f67a6c6013ca 632 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 633
wolfSSL 13:f67a6c6013ca 634 if (pkcs7->publicKeyOID == RSAk) {
wolfSSL 13:f67a6c6013ca 635
wolfSSL 13:f67a6c6013ca 636 algoId = pkcs7->encryptOID;
wolfSSL 13:f67a6c6013ca 637 algoType = oidKeyType;
wolfSSL 13:f67a6c6013ca 638
wolfSSL 13:f67a6c6013ca 639 } else if (pkcs7->publicKeyOID == ECDSAk) {
wolfSSL 13:f67a6c6013ca 640
wolfSSL 13:f67a6c6013ca 641 algoType = oidSigType;
wolfSSL 13:f67a6c6013ca 642
wolfSSL 13:f67a6c6013ca 643 switch (pkcs7->hashOID) {
wolfSSL 13:f67a6c6013ca 644 case SHAh:
wolfSSL 13:f67a6c6013ca 645 algoId = CTC_SHAwECDSA;
wolfSSL 13:f67a6c6013ca 646 break;
wolfSSL 13:f67a6c6013ca 647
wolfSSL 13:f67a6c6013ca 648 case SHA224h:
wolfSSL 13:f67a6c6013ca 649 algoId = CTC_SHA224wECDSA;
wolfSSL 13:f67a6c6013ca 650 break;
wolfSSL 13:f67a6c6013ca 651
wolfSSL 13:f67a6c6013ca 652 case SHA256h:
wolfSSL 13:f67a6c6013ca 653 algoId = CTC_SHA256wECDSA;
wolfSSL 13:f67a6c6013ca 654 break;
wolfSSL 13:f67a6c6013ca 655
wolfSSL 13:f67a6c6013ca 656 case SHA384h:
wolfSSL 13:f67a6c6013ca 657 algoId = CTC_SHA384wECDSA;
wolfSSL 13:f67a6c6013ca 658 break;
wolfSSL 13:f67a6c6013ca 659
wolfSSL 13:f67a6c6013ca 660 case SHA512h:
wolfSSL 13:f67a6c6013ca 661 algoId = CTC_SHA512wECDSA;
wolfSSL 13:f67a6c6013ca 662 break;
wolfSSL 13:f67a6c6013ca 663 }
wolfSSL 13:f67a6c6013ca 664 }
wolfSSL 13:f67a6c6013ca 665
wolfSSL 13:f67a6c6013ca 666 if (algoId == 0) {
wolfSSL 13:f67a6c6013ca 667 WOLFSSL_MSG("Invalid signature algorithm type");
wolfSSL 13:f67a6c6013ca 668 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 669 }
wolfSSL 13:f67a6c6013ca 670
wolfSSL 13:f67a6c6013ca 671 *digEncAlgoId = algoId;
wolfSSL 13:f67a6c6013ca 672 *digEncAlgoType = algoType;
wolfSSL 13:f67a6c6013ca 673
wolfSSL 13:f67a6c6013ca 674 return 0;
wolfSSL 13:f67a6c6013ca 675 }
wolfSSL 13:f67a6c6013ca 676
wolfSSL 13:f67a6c6013ca 677
wolfSSL 13:f67a6c6013ca 678 /* build SignedData DigestInfo for use with PKCS#7/RSA
wolfSSL 13:f67a6c6013ca 679 *
wolfSSL 13:f67a6c6013ca 680 * pkcs7 - pointer to initialized PKCS7 struct
wolfSSL 13:f67a6c6013ca 681 * flatSignedAttribs - flattened, signed attributes
wolfSSL 13:f67a6c6013ca 682 * flatSignedAttrbsSz - size of flatSignedAttribs, octets
wolfSSL 13:f67a6c6013ca 683 * esd - pointer to initialized ESD struct
wolfSSL 13:f67a6c6013ca 684 * digestInfo - [OUT] output array for DigestInfo
wolfSSL 13:f67a6c6013ca 685 * digestInfoSz - [IN/OUT] - input size of array, size of digestInfo
wolfSSL 13:f67a6c6013ca 686 *
wolfSSL 13:f67a6c6013ca 687 * return 0 on success, negative on error */
wolfSSL 13:f67a6c6013ca 688 static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs,
wolfSSL 13:f67a6c6013ca 689 word32 flatSignedAttribsSz, ESD* esd,
wolfSSL 13:f67a6c6013ca 690 byte* digestInfo, word32* digestInfoSz)
wolfSSL 13:f67a6c6013ca 691 {
wolfSSL 13:f67a6c6013ca 692 int ret, hashSz, digIdx = 0;
wolfSSL 13:f67a6c6013ca 693 byte digestInfoSeq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 694 byte digestStr[MAX_OCTET_STR_SZ];
wolfSSL 13:f67a6c6013ca 695 byte attribSet[MAX_SET_SZ];
wolfSSL 13:f67a6c6013ca 696 byte algoId[MAX_ALGO_SZ];
wolfSSL 13:f67a6c6013ca 697 word32 digestInfoSeqSz, digestStrSz, algoIdSz;
wolfSSL 13:f67a6c6013ca 698 word32 attribSetSz;
wolfSSL 13:f67a6c6013ca 699
wolfSSL 13:f67a6c6013ca 700 if (pkcs7 == NULL || esd == NULL || digestInfo == NULL ||
wolfSSL 13:f67a6c6013ca 701 digestInfoSz == NULL) {
wolfSSL 13:f67a6c6013ca 702 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 703 }
wolfSSL 13:f67a6c6013ca 704
wolfSSL 13:f67a6c6013ca 705 hashSz = wc_HashGetDigestSize(esd->hashType);
wolfSSL 13:f67a6c6013ca 706 if (hashSz < 0)
wolfSSL 13:f67a6c6013ca 707 return hashSz;
wolfSSL 13:f67a6c6013ca 708
wolfSSL 13:f67a6c6013ca 709 if (pkcs7->signedAttribsSz != 0) {
wolfSSL 13:f67a6c6013ca 710
wolfSSL 13:f67a6c6013ca 711 if (flatSignedAttribs == NULL)
wolfSSL 13:f67a6c6013ca 712 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 713
wolfSSL 13:f67a6c6013ca 714 attribSetSz = SetSet(flatSignedAttribsSz, attribSet);
wolfSSL 13:f67a6c6013ca 715
wolfSSL 13:f67a6c6013ca 716 ret = wc_HashInit(&esd->hash, esd->hashType);
wolfSSL 13:f67a6c6013ca 717 if (ret < 0)
wolfSSL 13:f67a6c6013ca 718 return ret;
wolfSSL 13:f67a6c6013ca 719
wolfSSL 13:f67a6c6013ca 720 ret = wc_HashUpdate(&esd->hash, esd->hashType,
wolfSSL 13:f67a6c6013ca 721 attribSet, attribSetSz);
wolfSSL 13:f67a6c6013ca 722 if (ret < 0)
wolfSSL 13:f67a6c6013ca 723 return ret;
wolfSSL 13:f67a6c6013ca 724
wolfSSL 13:f67a6c6013ca 725 ret = wc_HashUpdate(&esd->hash, esd->hashType,
wolfSSL 13:f67a6c6013ca 726 flatSignedAttribs, flatSignedAttribsSz);
wolfSSL 13:f67a6c6013ca 727 if (ret < 0)
wolfSSL 13:f67a6c6013ca 728 return ret;
wolfSSL 13:f67a6c6013ca 729
wolfSSL 13:f67a6c6013ca 730 ret = wc_HashFinal(&esd->hash, esd->hashType,
wolfSSL 13:f67a6c6013ca 731 esd->contentAttribsDigest);
wolfSSL 13:f67a6c6013ca 732 if (ret < 0)
wolfSSL 13:f67a6c6013ca 733 return ret;
wolfSSL 13:f67a6c6013ca 734
wolfSSL 13:f67a6c6013ca 735 } else {
wolfSSL 13:f67a6c6013ca 736 /* when no attrs, digest is contentDigest without tag and length */
wolfSSL 13:f67a6c6013ca 737 XMEMCPY(esd->contentAttribsDigest, esd->contentDigest + 2, hashSz);
wolfSSL 13:f67a6c6013ca 738 }
wolfSSL 13:f67a6c6013ca 739
wolfSSL 13:f67a6c6013ca 740 /* set algoID, with NULL attributes */
wolfSSL 13:f67a6c6013ca 741 algoIdSz = SetAlgoID(pkcs7->hashOID, algoId, oidHashType, 0);
wolfSSL 13:f67a6c6013ca 742
wolfSSL 13:f67a6c6013ca 743 digestStrSz = SetOctetString(hashSz, digestStr);
wolfSSL 13:f67a6c6013ca 744 digestInfoSeqSz = SetSequence(algoIdSz + digestStrSz + hashSz,
wolfSSL 13:f67a6c6013ca 745 digestInfoSeq);
wolfSSL 13:f67a6c6013ca 746
wolfSSL 13:f67a6c6013ca 747 if (*digestInfoSz < (digestInfoSeqSz + algoIdSz + digestStrSz + hashSz)) {
wolfSSL 13:f67a6c6013ca 748 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 749 }
wolfSSL 13:f67a6c6013ca 750
wolfSSL 13:f67a6c6013ca 751 XMEMCPY(digestInfo + digIdx, digestInfoSeq, digestInfoSeqSz);
wolfSSL 13:f67a6c6013ca 752 digIdx += digestInfoSeqSz;
wolfSSL 13:f67a6c6013ca 753 XMEMCPY(digestInfo + digIdx, algoId, algoIdSz);
wolfSSL 13:f67a6c6013ca 754 digIdx += algoIdSz;
wolfSSL 13:f67a6c6013ca 755 XMEMCPY(digestInfo + digIdx, digestStr, digestStrSz);
wolfSSL 13:f67a6c6013ca 756 digIdx += digestStrSz;
wolfSSL 13:f67a6c6013ca 757 XMEMCPY(digestInfo + digIdx, esd->contentAttribsDigest, hashSz);
wolfSSL 13:f67a6c6013ca 758 digIdx += hashSz;
wolfSSL 13:f67a6c6013ca 759
wolfSSL 13:f67a6c6013ca 760 *digestInfoSz = digIdx;
wolfSSL 13:f67a6c6013ca 761
wolfSSL 13:f67a6c6013ca 762 return 0;
wolfSSL 13:f67a6c6013ca 763 }
wolfSSL 13:f67a6c6013ca 764
wolfSSL 13:f67a6c6013ca 765
wolfSSL 13:f67a6c6013ca 766 /* build SignedData signature over DigestInfo or content digest
wolfSSL 13:f67a6c6013ca 767 *
wolfSSL 13:f67a6c6013ca 768 * pkcs7 - pointer to initizlied PKCS7 struct
wolfSSL 13:f67a6c6013ca 769 * flatSignedAttribs - flattened, signed attributes
wolfSSL 13:f67a6c6013ca 770 * flatSignedAttribsSz - size of flatSignedAttribs, octets
wolfSSL 13:f67a6c6013ca 771 * esd - pointer to initialized ESD struct
wolfSSL 13:f67a6c6013ca 772 *
wolfSSL 13:f67a6c6013ca 773 * returns length of signature on success, negative on error */
wolfSSL 13:f67a6c6013ca 774 static int wc_PKCS7_SignedDataBuildSignature(PKCS7* pkcs7,
wolfSSL 13:f67a6c6013ca 775 byte* flatSignedAttribs,
wolfSSL 13:f67a6c6013ca 776 word32 flatSignedAttribsSz,
wolfSSL 13:f67a6c6013ca 777 ESD* esd)
wolfSSL 13:f67a6c6013ca 778 {
wolfSSL 13:f67a6c6013ca 779 int ret;
wolfSSL 13:f67a6c6013ca 780 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 781 int hashSz;
wolfSSL 13:f67a6c6013ca 782 #endif
wolfSSL 13:f67a6c6013ca 783 word32 digestInfoSz = MAX_PKCS7_DIGEST_SZ;
wolfSSL 13:f67a6c6013ca 784 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 785 byte* digestInfo;
wolfSSL 13:f67a6c6013ca 786 #else
wolfSSL 13:f67a6c6013ca 787 byte digestInfo[MAX_PKCS7_DIGEST_SZ];
wolfSSL 13:f67a6c6013ca 788 #endif
wolfSSL 13:f67a6c6013ca 789
wolfSSL 13:f67a6c6013ca 790 if (pkcs7 == NULL || esd == NULL)
wolfSSL 13:f67a6c6013ca 791 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 792
wolfSSL 13:f67a6c6013ca 793 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 794 digestInfo = (byte*)XMALLOC(digestInfoSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 795 if (digestInfo == NULL) {
wolfSSL 13:f67a6c6013ca 796 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 797 }
wolfSSL 13:f67a6c6013ca 798 #endif
wolfSSL 13:f67a6c6013ca 799
wolfSSL 13:f67a6c6013ca 800 ret = wc_PKCS7_BuildDigestInfo(pkcs7, flatSignedAttribs,
wolfSSL 13:f67a6c6013ca 801 flatSignedAttribsSz, esd, digestInfo,
wolfSSL 13:f67a6c6013ca 802 &digestInfoSz);
wolfSSL 13:f67a6c6013ca 803 if (ret < 0) {
wolfSSL 13:f67a6c6013ca 804 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 805 XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 806 #endif
wolfSSL 13:f67a6c6013ca 807 return ret;
wolfSSL 13:f67a6c6013ca 808 }
wolfSSL 13:f67a6c6013ca 809
wolfSSL 13:f67a6c6013ca 810 /* sign digestInfo */
wolfSSL 13:f67a6c6013ca 811 switch (pkcs7->publicKeyOID) {
wolfSSL 13:f67a6c6013ca 812
wolfSSL 13:f67a6c6013ca 813 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 814 case RSAk:
wolfSSL 13:f67a6c6013ca 815 ret = wc_PKCS7_RsaSign(pkcs7, digestInfo, digestInfoSz, esd);
wolfSSL 13:f67a6c6013ca 816 break;
wolfSSL 13:f67a6c6013ca 817 #endif
wolfSSL 13:f67a6c6013ca 818
wolfSSL 13:f67a6c6013ca 819 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 820 case ECDSAk:
wolfSSL 13:f67a6c6013ca 821 /* CMS with ECDSA does not sign DigestInfo structure
wolfSSL 13:f67a6c6013ca 822 * like PKCS#7 with RSA does */
wolfSSL 13:f67a6c6013ca 823 hashSz = wc_HashGetDigestSize(esd->hashType);
wolfSSL 13:f67a6c6013ca 824 if (hashSz < 0) {
wolfSSL 13:f67a6c6013ca 825 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 826 XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 827 #endif
wolfSSL 13:f67a6c6013ca 828 return hashSz;
wolfSSL 13:f67a6c6013ca 829 }
wolfSSL 13:f67a6c6013ca 830
wolfSSL 13:f67a6c6013ca 831 ret = wc_PKCS7_EcdsaSign(pkcs7, esd->contentAttribsDigest,
wolfSSL 13:f67a6c6013ca 832 hashSz, esd);
wolfSSL 13:f67a6c6013ca 833 break;
wolfSSL 13:f67a6c6013ca 834 #endif
wolfSSL 13:f67a6c6013ca 835
wolfSSL 13:f67a6c6013ca 836 default:
wolfSSL 13:f67a6c6013ca 837 WOLFSSL_MSG("Unsupported public key type");
wolfSSL 13:f67a6c6013ca 838 ret = BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 839 }
wolfSSL 13:f67a6c6013ca 840
wolfSSL 13:f67a6c6013ca 841 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 842 XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 843 #endif
wolfSSL 13:f67a6c6013ca 844
wolfSSL 13:f67a6c6013ca 845 if (ret >= 0) {
wolfSSL 13:f67a6c6013ca 846 esd->encContentDigestSz = (word32)ret;
wolfSSL 13:f67a6c6013ca 847 }
wolfSSL 13:f67a6c6013ca 848
wolfSSL 13:f67a6c6013ca 849 return ret;
wolfSSL 13:f67a6c6013ca 850 }
wolfSSL 13:f67a6c6013ca 851
wolfSSL 13:f67a6c6013ca 852
wolfSSL 13:f67a6c6013ca 853 /* sets the wc_HashType in ESD struct based on pkcs7->hashOID
wolfSSL 13:f67a6c6013ca 854 *
wolfSSL 13:f67a6c6013ca 855 * pkcs7 - pointer to initialized PKCS7 struct
wolfSSL 13:f67a6c6013ca 856 * type - [OUT] pointer to wc_HashType for output
wolfSSL 13:f67a6c6013ca 857 *
wolfSSL 13:f67a6c6013ca 858 * returns hash digest size on success, negative on error */
wolfSSL 13:f67a6c6013ca 859 static int wc_PKCS7_SetHashType(PKCS7* pkcs7, enum wc_HashType* type)
wolfSSL 13:f67a6c6013ca 860 {
wolfSSL 13:f67a6c6013ca 861 if (pkcs7 == NULL || type == NULL)
wolfSSL 13:f67a6c6013ca 862 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 863
wolfSSL 13:f67a6c6013ca 864 switch (pkcs7->hashOID) {
wolfSSL 13:f67a6c6013ca 865
wolfSSL 13:f67a6c6013ca 866 #ifndef NO_SHA
wolfSSL 13:f67a6c6013ca 867 case SHAh:
wolfSSL 13:f67a6c6013ca 868 *type = WC_HASH_TYPE_SHA;
wolfSSL 13:f67a6c6013ca 869 break;
wolfSSL 13:f67a6c6013ca 870 #endif
wolfSSL 13:f67a6c6013ca 871 #ifdef WOLFSSL_SHA224
wolfSSL 13:f67a6c6013ca 872 case SHA224h:
wolfSSL 13:f67a6c6013ca 873 *type = WC_HASH_TYPE_SHA224;
wolfSSL 13:f67a6c6013ca 874 break;
wolfSSL 13:f67a6c6013ca 875 #endif
wolfSSL 13:f67a6c6013ca 876 #ifndef NO_SHA256
wolfSSL 13:f67a6c6013ca 877 case SHA256h:
wolfSSL 13:f67a6c6013ca 878 *type = WC_HASH_TYPE_SHA256;
wolfSSL 13:f67a6c6013ca 879 break;
wolfSSL 13:f67a6c6013ca 880 #endif
wolfSSL 13:f67a6c6013ca 881 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 882 case SHA384h:
wolfSSL 13:f67a6c6013ca 883 *type = WC_HASH_TYPE_SHA384;
wolfSSL 13:f67a6c6013ca 884 break;
wolfSSL 13:f67a6c6013ca 885 #endif
wolfSSL 13:f67a6c6013ca 886 #ifdef WOLFSSL_SHA512
wolfSSL 13:f67a6c6013ca 887 case SHA512h:
wolfSSL 13:f67a6c6013ca 888 *type = WC_HASH_TYPE_SHA512;
wolfSSL 13:f67a6c6013ca 889 break;
wolfSSL 13:f67a6c6013ca 890 #endif
wolfSSL 13:f67a6c6013ca 891 default:
wolfSSL 13:f67a6c6013ca 892 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 893 }
wolfSSL 13:f67a6c6013ca 894
wolfSSL 13:f67a6c6013ca 895 return wc_HashGetDigestSize(*type);
wolfSSL 13:f67a6c6013ca 896 }
wolfSSL 13:f67a6c6013ca 897
wolfSSL 13:f67a6c6013ca 898
wolfSSL 13:f67a6c6013ca 899 /* build PKCS#7 signedData content type */
wolfSSL 13:f67a6c6013ca 900 int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
wolfSSL 13:f67a6c6013ca 901 {
wolfSSL 13:f67a6c6013ca 902 static const byte outerOid[] =
wolfSSL 13:f67a6c6013ca 903 { ASN_OBJECT_ID, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
wolfSSL 13:f67a6c6013ca 904 0x07, 0x02 };
wolfSSL 13:f67a6c6013ca 905 static const byte innerOid[] =
wolfSSL 13:f67a6c6013ca 906 { ASN_OBJECT_ID, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
wolfSSL 13:f67a6c6013ca 907 0x07, 0x01 };
wolfSSL 13:f67a6c6013ca 908
wolfSSL 13:f67a6c6013ca 909 byte contentTypeOid[] =
wolfSSL 13:f67a6c6013ca 910 { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xF7, 0x0d, 0x01,
wolfSSL 13:f67a6c6013ca 911 0x09, 0x03 };
wolfSSL 13:f67a6c6013ca 912 byte contentType[] =
wolfSSL 13:f67a6c6013ca 913 { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
wolfSSL 13:f67a6c6013ca 914 0x07, 0x01 };
wolfSSL 13:f67a6c6013ca 915 byte messageDigestOid[] =
wolfSSL 13:f67a6c6013ca 916 { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
wolfSSL 13:f67a6c6013ca 917 0x09, 0x04 };
wolfSSL 13:f67a6c6013ca 918
wolfSSL 13:f67a6c6013ca 919 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 920 ESD* esd = NULL;
wolfSSL 13:f67a6c6013ca 921 #else
wolfSSL 13:f67a6c6013ca 922 ESD stack_esd;
wolfSSL 13:f67a6c6013ca 923 ESD* esd = &stack_esd;
wolfSSL 13:f67a6c6013ca 924 #endif
wolfSSL 13:f67a6c6013ca 925
wolfSSL 13:f67a6c6013ca 926 word32 signerInfoSz = 0;
wolfSSL 13:f67a6c6013ca 927 word32 totalSz = 0;
wolfSSL 13:f67a6c6013ca 928 int idx = 0, ret = 0;
wolfSSL 13:f67a6c6013ca 929 int digEncAlgoId, digEncAlgoType, hashSz;
wolfSSL 13:f67a6c6013ca 930 byte* flatSignedAttribs = NULL;
wolfSSL 13:f67a6c6013ca 931 word32 flatSignedAttribsSz = 0;
wolfSSL 13:f67a6c6013ca 932 word32 innerOidSz = sizeof(innerOid);
wolfSSL 13:f67a6c6013ca 933 word32 outerOidSz = sizeof(outerOid);
wolfSSL 13:f67a6c6013ca 934
wolfSSL 13:f67a6c6013ca 935 if (pkcs7 == NULL || pkcs7->content == NULL || pkcs7->contentSz == 0 ||
wolfSSL 13:f67a6c6013ca 936 pkcs7->encryptOID == 0 || pkcs7->hashOID == 0 || pkcs7->rng == 0 ||
wolfSSL 13:f67a6c6013ca 937 pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0 ||
wolfSSL 13:f67a6c6013ca 938 pkcs7->privateKey == NULL || pkcs7->privateKeySz == 0 ||
wolfSSL 13:f67a6c6013ca 939 output == NULL || outputSz == 0)
wolfSSL 13:f67a6c6013ca 940 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 941
wolfSSL 13:f67a6c6013ca 942 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 943 esd = (ESD*)XMALLOC(sizeof(ESD), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 944 if (esd == NULL)
wolfSSL 13:f67a6c6013ca 945 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 946 #endif
wolfSSL 13:f67a6c6013ca 947
wolfSSL 13:f67a6c6013ca 948 XMEMSET(esd, 0, sizeof(ESD));
wolfSSL 13:f67a6c6013ca 949
wolfSSL 13:f67a6c6013ca 950 hashSz = wc_PKCS7_SetHashType(pkcs7, &esd->hashType);
wolfSSL 13:f67a6c6013ca 951 if (hashSz < 0) {
wolfSSL 13:f67a6c6013ca 952 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 953 XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 954 #endif
wolfSSL 13:f67a6c6013ca 955 return hashSz;
wolfSSL 13:f67a6c6013ca 956 }
wolfSSL 13:f67a6c6013ca 957
wolfSSL 13:f67a6c6013ca 958 ret = wc_HashInit(&esd->hash, esd->hashType);
wolfSSL 13:f67a6c6013ca 959 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 960 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 961 XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 962 #endif
wolfSSL 13:f67a6c6013ca 963 return ret;
wolfSSL 13:f67a6c6013ca 964 }
wolfSSL 13:f67a6c6013ca 965
wolfSSL 13:f67a6c6013ca 966 if (pkcs7->contentSz != 0)
wolfSSL 13:f67a6c6013ca 967 {
wolfSSL 13:f67a6c6013ca 968 ret = wc_HashUpdate(&esd->hash, esd->hashType,
wolfSSL 13:f67a6c6013ca 969 pkcs7->content, pkcs7->contentSz);
wolfSSL 13:f67a6c6013ca 970 if (ret < 0) {
wolfSSL 13:f67a6c6013ca 971 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 972 XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 973 #endif
wolfSSL 13:f67a6c6013ca 974 return ret;
wolfSSL 13:f67a6c6013ca 975 }
wolfSSL 13:f67a6c6013ca 976 esd->contentDigest[0] = ASN_OCTET_STRING;
wolfSSL 13:f67a6c6013ca 977 esd->contentDigest[1] = (byte)hashSz;
wolfSSL 13:f67a6c6013ca 978 ret = wc_HashFinal(&esd->hash, esd->hashType,
wolfSSL 13:f67a6c6013ca 979 &esd->contentDigest[2]);
wolfSSL 13:f67a6c6013ca 980 if (ret < 0) {
wolfSSL 13:f67a6c6013ca 981 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 982 XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 983 #endif
wolfSSL 13:f67a6c6013ca 984 return ret;
wolfSSL 13:f67a6c6013ca 985 }
wolfSSL 13:f67a6c6013ca 986 }
wolfSSL 13:f67a6c6013ca 987
wolfSSL 13:f67a6c6013ca 988 esd->innerOctetsSz = SetOctetString(pkcs7->contentSz, esd->innerOctets);
wolfSSL 13:f67a6c6013ca 989 esd->innerContSeqSz = SetExplicit(0, esd->innerOctetsSz + pkcs7->contentSz,
wolfSSL 13:f67a6c6013ca 990 esd->innerContSeq);
wolfSSL 13:f67a6c6013ca 991 esd->contentInfoSeqSz = SetSequence(pkcs7->contentSz + esd->innerOctetsSz +
wolfSSL 13:f67a6c6013ca 992 innerOidSz + esd->innerContSeqSz,
wolfSSL 13:f67a6c6013ca 993 esd->contentInfoSeq);
wolfSSL 13:f67a6c6013ca 994
wolfSSL 13:f67a6c6013ca 995 esd->issuerSnSz = SetSerialNumber(pkcs7->issuerSn, pkcs7->issuerSnSz,
wolfSSL 13:f67a6c6013ca 996 esd->issuerSn);
wolfSSL 13:f67a6c6013ca 997 signerInfoSz += esd->issuerSnSz;
wolfSSL 13:f67a6c6013ca 998 esd->issuerNameSz = SetSequence(pkcs7->issuerSz, esd->issuerName);
wolfSSL 13:f67a6c6013ca 999 signerInfoSz += esd->issuerNameSz + pkcs7->issuerSz;
wolfSSL 13:f67a6c6013ca 1000 esd->issuerSnSeqSz = SetSequence(signerInfoSz, esd->issuerSnSeq);
wolfSSL 13:f67a6c6013ca 1001 signerInfoSz += esd->issuerSnSeqSz;
wolfSSL 13:f67a6c6013ca 1002 esd->signerVersionSz = SetMyVersion(1, esd->signerVersion, 0);
wolfSSL 13:f67a6c6013ca 1003 signerInfoSz += esd->signerVersionSz;
wolfSSL 13:f67a6c6013ca 1004 esd->signerDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->signerDigAlgoId,
wolfSSL 13:f67a6c6013ca 1005 oidHashType, 0);
wolfSSL 13:f67a6c6013ca 1006 signerInfoSz += esd->signerDigAlgoIdSz;
wolfSSL 13:f67a6c6013ca 1007
wolfSSL 13:f67a6c6013ca 1008 /* set signatureAlgorithm */
wolfSSL 13:f67a6c6013ca 1009 ret = wc_PKCS7_SignedDataGetEncAlgoId(pkcs7, &digEncAlgoId,
wolfSSL 13:f67a6c6013ca 1010 &digEncAlgoType);
wolfSSL 13:f67a6c6013ca 1011 if (ret < 0) {
wolfSSL 13:f67a6c6013ca 1012 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1013 XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1014 #endif
wolfSSL 13:f67a6c6013ca 1015 return ret;
wolfSSL 13:f67a6c6013ca 1016 }
wolfSSL 13:f67a6c6013ca 1017 esd->digEncAlgoIdSz = SetAlgoID(digEncAlgoId, esd->digEncAlgoId,
wolfSSL 13:f67a6c6013ca 1018 digEncAlgoType, 0);
wolfSSL 13:f67a6c6013ca 1019 signerInfoSz += esd->digEncAlgoIdSz;
wolfSSL 13:f67a6c6013ca 1020
wolfSSL 13:f67a6c6013ca 1021 if (pkcs7->signedAttribsSz != 0) {
wolfSSL 13:f67a6c6013ca 1022
wolfSSL 13:f67a6c6013ca 1023 /* build up signed attributes */
wolfSSL 13:f67a6c6013ca 1024 ret = wc_PKCS7_BuildSignedAttributes(pkcs7, esd,
wolfSSL 13:f67a6c6013ca 1025 contentTypeOid, sizeof(contentTypeOid),
wolfSSL 13:f67a6c6013ca 1026 contentType, sizeof(contentType),
wolfSSL 13:f67a6c6013ca 1027 messageDigestOid, sizeof(messageDigestOid));
wolfSSL 13:f67a6c6013ca 1028 if (ret < 0) {
wolfSSL 13:f67a6c6013ca 1029 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1030 XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1031 #endif
wolfSSL 13:f67a6c6013ca 1032 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 1033 }
wolfSSL 13:f67a6c6013ca 1034
wolfSSL 13:f67a6c6013ca 1035 flatSignedAttribs = (byte*)XMALLOC(esd->signedAttribsSz, pkcs7->heap,
wolfSSL 13:f67a6c6013ca 1036 DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 1037 flatSignedAttribsSz = esd->signedAttribsSz;
wolfSSL 13:f67a6c6013ca 1038 if (flatSignedAttribs == NULL) {
wolfSSL 13:f67a6c6013ca 1039 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1040 XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1041 #endif
wolfSSL 13:f67a6c6013ca 1042 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 1043 }
wolfSSL 13:f67a6c6013ca 1044
wolfSSL 13:f67a6c6013ca 1045 FlattenAttributes(flatSignedAttribs,
wolfSSL 13:f67a6c6013ca 1046 esd->signedAttribs, esd->signedAttribsCount);
wolfSSL 13:f67a6c6013ca 1047 esd->signedAttribSetSz = SetImplicit(ASN_SET, 0, esd->signedAttribsSz,
wolfSSL 13:f67a6c6013ca 1048 esd->signedAttribSet);
wolfSSL 13:f67a6c6013ca 1049 }
wolfSSL 13:f67a6c6013ca 1050
wolfSSL 13:f67a6c6013ca 1051 /* Calculate the final hash and encrypt it. */
wolfSSL 13:f67a6c6013ca 1052 ret = wc_PKCS7_SignedDataBuildSignature(pkcs7, flatSignedAttribs,
wolfSSL 13:f67a6c6013ca 1053 flatSignedAttribsSz, esd);
wolfSSL 13:f67a6c6013ca 1054 if (ret < 0) {
wolfSSL 13:f67a6c6013ca 1055 if (pkcs7->signedAttribsSz != 0)
wolfSSL 13:f67a6c6013ca 1056 XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 1057 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1058 XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1059 #endif
wolfSSL 13:f67a6c6013ca 1060 return ret;
wolfSSL 13:f67a6c6013ca 1061 }
wolfSSL 13:f67a6c6013ca 1062
wolfSSL 13:f67a6c6013ca 1063 signerInfoSz += flatSignedAttribsSz + esd->signedAttribSetSz;
wolfSSL 13:f67a6c6013ca 1064
wolfSSL 13:f67a6c6013ca 1065 esd->signerDigestSz = SetOctetString(esd->encContentDigestSz,
wolfSSL 13:f67a6c6013ca 1066 esd->signerDigest);
wolfSSL 13:f67a6c6013ca 1067 signerInfoSz += esd->signerDigestSz + esd->encContentDigestSz;
wolfSSL 13:f67a6c6013ca 1068
wolfSSL 13:f67a6c6013ca 1069 esd->signerInfoSeqSz = SetSequence(signerInfoSz, esd->signerInfoSeq);
wolfSSL 13:f67a6c6013ca 1070 signerInfoSz += esd->signerInfoSeqSz;
wolfSSL 13:f67a6c6013ca 1071 esd->signerInfoSetSz = SetSet(signerInfoSz, esd->signerInfoSet);
wolfSSL 13:f67a6c6013ca 1072 signerInfoSz += esd->signerInfoSetSz;
wolfSSL 13:f67a6c6013ca 1073
wolfSSL 13:f67a6c6013ca 1074 esd->certsSetSz = SetImplicit(ASN_SET, 0, pkcs7->singleCertSz,
wolfSSL 13:f67a6c6013ca 1075 esd->certsSet);
wolfSSL 13:f67a6c6013ca 1076
wolfSSL 13:f67a6c6013ca 1077 esd->singleDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->singleDigAlgoId,
wolfSSL 13:f67a6c6013ca 1078 oidHashType, 0);
wolfSSL 13:f67a6c6013ca 1079 esd->digAlgoIdSetSz = SetSet(esd->singleDigAlgoIdSz, esd->digAlgoIdSet);
wolfSSL 13:f67a6c6013ca 1080
wolfSSL 13:f67a6c6013ca 1081
wolfSSL 13:f67a6c6013ca 1082 esd->versionSz = SetMyVersion(1, esd->version, 0);
wolfSSL 13:f67a6c6013ca 1083
wolfSSL 13:f67a6c6013ca 1084 totalSz = esd->versionSz + esd->singleDigAlgoIdSz + esd->digAlgoIdSetSz +
wolfSSL 13:f67a6c6013ca 1085 esd->contentInfoSeqSz + esd->certsSetSz + pkcs7->singleCertSz +
wolfSSL 13:f67a6c6013ca 1086 esd->innerOctetsSz + esd->innerContSeqSz +
wolfSSL 13:f67a6c6013ca 1087 innerOidSz + pkcs7->contentSz +
wolfSSL 13:f67a6c6013ca 1088 signerInfoSz;
wolfSSL 13:f67a6c6013ca 1089 esd->innerSeqSz = SetSequence(totalSz, esd->innerSeq);
wolfSSL 13:f67a6c6013ca 1090 totalSz += esd->innerSeqSz;
wolfSSL 13:f67a6c6013ca 1091 esd->outerContentSz = SetExplicit(0, totalSz, esd->outerContent);
wolfSSL 13:f67a6c6013ca 1092 totalSz += esd->outerContentSz + outerOidSz;
wolfSSL 13:f67a6c6013ca 1093 esd->outerSeqSz = SetSequence(totalSz, esd->outerSeq);
wolfSSL 13:f67a6c6013ca 1094 totalSz += esd->outerSeqSz;
wolfSSL 13:f67a6c6013ca 1095
wolfSSL 13:f67a6c6013ca 1096 if (outputSz < totalSz) {
wolfSSL 13:f67a6c6013ca 1097 if (pkcs7->signedAttribsSz != 0)
wolfSSL 13:f67a6c6013ca 1098 XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 1099 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1100 XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1101 #endif
wolfSSL 13:f67a6c6013ca 1102 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 1103 }
wolfSSL 13:f67a6c6013ca 1104
wolfSSL 13:f67a6c6013ca 1105 idx = 0;
wolfSSL 13:f67a6c6013ca 1106 XMEMCPY(output + idx, esd->outerSeq, esd->outerSeqSz);
wolfSSL 13:f67a6c6013ca 1107 idx += esd->outerSeqSz;
wolfSSL 13:f67a6c6013ca 1108 XMEMCPY(output + idx, outerOid, outerOidSz);
wolfSSL 13:f67a6c6013ca 1109 idx += outerOidSz;
wolfSSL 13:f67a6c6013ca 1110 XMEMCPY(output + idx, esd->outerContent, esd->outerContentSz);
wolfSSL 13:f67a6c6013ca 1111 idx += esd->outerContentSz;
wolfSSL 13:f67a6c6013ca 1112 XMEMCPY(output + idx, esd->innerSeq, esd->innerSeqSz);
wolfSSL 13:f67a6c6013ca 1113 idx += esd->innerSeqSz;
wolfSSL 13:f67a6c6013ca 1114 XMEMCPY(output + idx, esd->version, esd->versionSz);
wolfSSL 13:f67a6c6013ca 1115 idx += esd->versionSz;
wolfSSL 13:f67a6c6013ca 1116 XMEMCPY(output + idx, esd->digAlgoIdSet, esd->digAlgoIdSetSz);
wolfSSL 13:f67a6c6013ca 1117 idx += esd->digAlgoIdSetSz;
wolfSSL 13:f67a6c6013ca 1118 XMEMCPY(output + idx, esd->singleDigAlgoId, esd->singleDigAlgoIdSz);
wolfSSL 13:f67a6c6013ca 1119 idx += esd->singleDigAlgoIdSz;
wolfSSL 13:f67a6c6013ca 1120 XMEMCPY(output + idx, esd->contentInfoSeq, esd->contentInfoSeqSz);
wolfSSL 13:f67a6c6013ca 1121 idx += esd->contentInfoSeqSz;
wolfSSL 13:f67a6c6013ca 1122 XMEMCPY(output + idx, innerOid, innerOidSz);
wolfSSL 13:f67a6c6013ca 1123 idx += innerOidSz;
wolfSSL 13:f67a6c6013ca 1124 XMEMCPY(output + idx, esd->innerContSeq, esd->innerContSeqSz);
wolfSSL 13:f67a6c6013ca 1125 idx += esd->innerContSeqSz;
wolfSSL 13:f67a6c6013ca 1126 XMEMCPY(output + idx, esd->innerOctets, esd->innerOctetsSz);
wolfSSL 13:f67a6c6013ca 1127 idx += esd->innerOctetsSz;
wolfSSL 13:f67a6c6013ca 1128 XMEMCPY(output + idx, pkcs7->content, pkcs7->contentSz);
wolfSSL 13:f67a6c6013ca 1129 idx += pkcs7->contentSz;
wolfSSL 13:f67a6c6013ca 1130 XMEMCPY(output + idx, esd->certsSet, esd->certsSetSz);
wolfSSL 13:f67a6c6013ca 1131 idx += esd->certsSetSz;
wolfSSL 13:f67a6c6013ca 1132 XMEMCPY(output + idx, pkcs7->singleCert, pkcs7->singleCertSz);
wolfSSL 13:f67a6c6013ca 1133 idx += pkcs7->singleCertSz;
wolfSSL 13:f67a6c6013ca 1134 XMEMCPY(output + idx, esd->signerInfoSet, esd->signerInfoSetSz);
wolfSSL 13:f67a6c6013ca 1135 idx += esd->signerInfoSetSz;
wolfSSL 13:f67a6c6013ca 1136 XMEMCPY(output + idx, esd->signerInfoSeq, esd->signerInfoSeqSz);
wolfSSL 13:f67a6c6013ca 1137 idx += esd->signerInfoSeqSz;
wolfSSL 13:f67a6c6013ca 1138 XMEMCPY(output + idx, esd->signerVersion, esd->signerVersionSz);
wolfSSL 13:f67a6c6013ca 1139 idx += esd->signerVersionSz;
wolfSSL 13:f67a6c6013ca 1140 XMEMCPY(output + idx, esd->issuerSnSeq, esd->issuerSnSeqSz);
wolfSSL 13:f67a6c6013ca 1141 idx += esd->issuerSnSeqSz;
wolfSSL 13:f67a6c6013ca 1142 XMEMCPY(output + idx, esd->issuerName, esd->issuerNameSz);
wolfSSL 13:f67a6c6013ca 1143 idx += esd->issuerNameSz;
wolfSSL 13:f67a6c6013ca 1144 XMEMCPY(output + idx, pkcs7->issuer, pkcs7->issuerSz);
wolfSSL 13:f67a6c6013ca 1145 idx += pkcs7->issuerSz;
wolfSSL 13:f67a6c6013ca 1146 XMEMCPY(output + idx, esd->issuerSn, esd->issuerSnSz);
wolfSSL 13:f67a6c6013ca 1147 idx += esd->issuerSnSz;
wolfSSL 13:f67a6c6013ca 1148 XMEMCPY(output + idx, esd->signerDigAlgoId, esd->signerDigAlgoIdSz);
wolfSSL 13:f67a6c6013ca 1149 idx += esd->signerDigAlgoIdSz;
wolfSSL 13:f67a6c6013ca 1150
wolfSSL 13:f67a6c6013ca 1151 /* SignerInfo:Attributes */
wolfSSL 13:f67a6c6013ca 1152 if (flatSignedAttribsSz > 0) {
wolfSSL 13:f67a6c6013ca 1153 XMEMCPY(output + idx, esd->signedAttribSet, esd->signedAttribSetSz);
wolfSSL 13:f67a6c6013ca 1154 idx += esd->signedAttribSetSz;
wolfSSL 13:f67a6c6013ca 1155 XMEMCPY(output + idx, flatSignedAttribs, flatSignedAttribsSz);
wolfSSL 13:f67a6c6013ca 1156 idx += flatSignedAttribsSz;
wolfSSL 13:f67a6c6013ca 1157 XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 1158 }
wolfSSL 13:f67a6c6013ca 1159
wolfSSL 13:f67a6c6013ca 1160 XMEMCPY(output + idx, esd->digEncAlgoId, esd->digEncAlgoIdSz);
wolfSSL 13:f67a6c6013ca 1161 idx += esd->digEncAlgoIdSz;
wolfSSL 13:f67a6c6013ca 1162 XMEMCPY(output + idx, esd->signerDigest, esd->signerDigestSz);
wolfSSL 13:f67a6c6013ca 1163 idx += esd->signerDigestSz;
wolfSSL 13:f67a6c6013ca 1164 XMEMCPY(output + idx, esd->encContentDigest, esd->encContentDigestSz);
wolfSSL 13:f67a6c6013ca 1165 idx += esd->encContentDigestSz;
wolfSSL 13:f67a6c6013ca 1166
wolfSSL 13:f67a6c6013ca 1167 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1168 XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1169 #endif
wolfSSL 13:f67a6c6013ca 1170
wolfSSL 13:f67a6c6013ca 1171 return idx;
wolfSSL 13:f67a6c6013ca 1172 }
wolfSSL 13:f67a6c6013ca 1173
wolfSSL 13:f67a6c6013ca 1174
wolfSSL 13:f67a6c6013ca 1175 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 1176
wolfSSL 13:f67a6c6013ca 1177 /* returns size of signature put into out, negative on error */
wolfSSL 13:f67a6c6013ca 1178 static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
wolfSSL 13:f67a6c6013ca 1179 byte* hash, word32 hashSz)
wolfSSL 13:f67a6c6013ca 1180 {
wolfSSL 13:f67a6c6013ca 1181 int ret = 0;
wolfSSL 13:f67a6c6013ca 1182 word32 scratch = 0;
wolfSSL 13:f67a6c6013ca 1183 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1184 byte* digest;
wolfSSL 13:f67a6c6013ca 1185 RsaKey* key;
wolfSSL 13:f67a6c6013ca 1186 #else
wolfSSL 13:f67a6c6013ca 1187 byte digest[MAX_PKCS7_DIGEST_SZ];
wolfSSL 13:f67a6c6013ca 1188 RsaKey stack_key;
wolfSSL 13:f67a6c6013ca 1189 RsaKey* key = &stack_key;
wolfSSL 13:f67a6c6013ca 1190 #endif
wolfSSL 13:f67a6c6013ca 1191
wolfSSL 13:f67a6c6013ca 1192 if (pkcs7 == NULL || sig == NULL || hash == NULL) {
wolfSSL 13:f67a6c6013ca 1193 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1194 }
wolfSSL 13:f67a6c6013ca 1195
wolfSSL 13:f67a6c6013ca 1196 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1197 digest = (byte*)XMALLOC(MAX_PKCS7_DIGEST_SZ, NULL,
wolfSSL 13:f67a6c6013ca 1198 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1199
wolfSSL 13:f67a6c6013ca 1200 if (digest == NULL)
wolfSSL 13:f67a6c6013ca 1201 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 1202
wolfSSL 13:f67a6c6013ca 1203 key = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1204 if (key == NULL) {
wolfSSL 13:f67a6c6013ca 1205 XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1206 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 1207 }
wolfSSL 13:f67a6c6013ca 1208 #endif
wolfSSL 13:f67a6c6013ca 1209
wolfSSL 13:f67a6c6013ca 1210 XMEMSET(digest, 0, MAX_PKCS7_DIGEST_SZ);
wolfSSL 13:f67a6c6013ca 1211
wolfSSL 13:f67a6c6013ca 1212 ret = wc_InitRsaKey(key, pkcs7->heap);
wolfSSL 13:f67a6c6013ca 1213 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 1214 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1215 XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1216 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1217 #endif
wolfSSL 13:f67a6c6013ca 1218 return ret;
wolfSSL 13:f67a6c6013ca 1219 }
wolfSSL 13:f67a6c6013ca 1220
wolfSSL 13:f67a6c6013ca 1221 if (wc_RsaPublicKeyDecode(pkcs7->publicKey, &scratch, key,
wolfSSL 13:f67a6c6013ca 1222 pkcs7->publicKeySz) < 0) {
wolfSSL 13:f67a6c6013ca 1223 WOLFSSL_MSG("ASN RSA key decode error");
wolfSSL 13:f67a6c6013ca 1224 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1225 XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1226 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1227 #endif
wolfSSL 13:f67a6c6013ca 1228 return PUBLIC_KEY_E;
wolfSSL 13:f67a6c6013ca 1229 }
wolfSSL 13:f67a6c6013ca 1230
wolfSSL 13:f67a6c6013ca 1231 ret = wc_RsaSSL_Verify(sig, sigSz, digest, MAX_PKCS7_DIGEST_SZ, key);
wolfSSL 13:f67a6c6013ca 1232
wolfSSL 13:f67a6c6013ca 1233 wc_FreeRsaKey(key);
wolfSSL 13:f67a6c6013ca 1234
wolfSSL 13:f67a6c6013ca 1235 if (((int)hashSz != ret) || (XMEMCMP(digest, hash, ret) != 0)) {
wolfSSL 13:f67a6c6013ca 1236 ret = SIG_VERIFY_E;
wolfSSL 13:f67a6c6013ca 1237 }
wolfSSL 13:f67a6c6013ca 1238
wolfSSL 13:f67a6c6013ca 1239 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1240 XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1241 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1242 #endif
wolfSSL 13:f67a6c6013ca 1243
wolfSSL 13:f67a6c6013ca 1244 return ret;
wolfSSL 13:f67a6c6013ca 1245 }
wolfSSL 13:f67a6c6013ca 1246
wolfSSL 13:f67a6c6013ca 1247 #endif /* NO_RSA */
wolfSSL 13:f67a6c6013ca 1248
wolfSSL 13:f67a6c6013ca 1249
wolfSSL 13:f67a6c6013ca 1250 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 1251
wolfSSL 13:f67a6c6013ca 1252 /* returns size of signature put into out, negative on error */
wolfSSL 13:f67a6c6013ca 1253 static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
wolfSSL 13:f67a6c6013ca 1254 byte* hash, word32 hashSz)
wolfSSL 13:f67a6c6013ca 1255 {
wolfSSL 13:f67a6c6013ca 1256 int ret = 0;
wolfSSL 13:f67a6c6013ca 1257 int res = 0;
wolfSSL 13:f67a6c6013ca 1258 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1259 byte* digest;
wolfSSL 13:f67a6c6013ca 1260 ecc_key* key;
wolfSSL 13:f67a6c6013ca 1261 #else
wolfSSL 13:f67a6c6013ca 1262 byte digest[MAX_PKCS7_DIGEST_SZ];
wolfSSL 13:f67a6c6013ca 1263 ecc_key stack_key;
wolfSSL 13:f67a6c6013ca 1264 ecc_key* key = &stack_key;
wolfSSL 13:f67a6c6013ca 1265 #endif
wolfSSL 13:f67a6c6013ca 1266
wolfSSL 13:f67a6c6013ca 1267 if (pkcs7 == NULL || sig == NULL)
wolfSSL 13:f67a6c6013ca 1268 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1269
wolfSSL 13:f67a6c6013ca 1270 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1271 digest = (byte*)XMALLOC(MAX_PKCS7_DIGEST_SZ, NULL,
wolfSSL 13:f67a6c6013ca 1272 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1273
wolfSSL 13:f67a6c6013ca 1274 if (digest == NULL)
wolfSSL 13:f67a6c6013ca 1275 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 1276
wolfSSL 13:f67a6c6013ca 1277 key = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1278 if (key == NULL) {
wolfSSL 13:f67a6c6013ca 1279 XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1280 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 1281 }
wolfSSL 13:f67a6c6013ca 1282 #endif
wolfSSL 13:f67a6c6013ca 1283
wolfSSL 13:f67a6c6013ca 1284 XMEMSET(digest, 0, MAX_PKCS7_DIGEST_SZ);
wolfSSL 13:f67a6c6013ca 1285
wolfSSL 13:f67a6c6013ca 1286 ret = wc_ecc_init_ex(key, pkcs7->heap, INVALID_DEVID);
wolfSSL 13:f67a6c6013ca 1287 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 1288 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1289 XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1290 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1291 #endif
wolfSSL 13:f67a6c6013ca 1292 return ret;
wolfSSL 13:f67a6c6013ca 1293 }
wolfSSL 13:f67a6c6013ca 1294
wolfSSL 13:f67a6c6013ca 1295 if (wc_ecc_import_x963(pkcs7->publicKey, pkcs7->publicKeySz, key) < 0) {
wolfSSL 13:f67a6c6013ca 1296 WOLFSSL_MSG("ASN ECDSA key decode error");
wolfSSL 13:f67a6c6013ca 1297 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1298 XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1299 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1300 #endif
wolfSSL 13:f67a6c6013ca 1301 return PUBLIC_KEY_E;
wolfSSL 13:f67a6c6013ca 1302 }
wolfSSL 13:f67a6c6013ca 1303
wolfSSL 13:f67a6c6013ca 1304 ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, &res, key);
wolfSSL 13:f67a6c6013ca 1305
wolfSSL 13:f67a6c6013ca 1306 wc_ecc_free(key);
wolfSSL 13:f67a6c6013ca 1307
wolfSSL 13:f67a6c6013ca 1308 if (ret == 0 && res != 1) {
wolfSSL 13:f67a6c6013ca 1309 ret = SIG_VERIFY_E;
wolfSSL 13:f67a6c6013ca 1310 }
wolfSSL 13:f67a6c6013ca 1311
wolfSSL 13:f67a6c6013ca 1312 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1313 XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1314 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1315 #endif
wolfSSL 13:f67a6c6013ca 1316
wolfSSL 13:f67a6c6013ca 1317 return ret;
wolfSSL 13:f67a6c6013ca 1318 }
wolfSSL 13:f67a6c6013ca 1319
wolfSSL 13:f67a6c6013ca 1320 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 1321
wolfSSL 13:f67a6c6013ca 1322
wolfSSL 13:f67a6c6013ca 1323 /* build SignedData digest, both in PKCS#7 DigestInfo format and
wolfSSL 13:f67a6c6013ca 1324 * as plain digest for CMS.
wolfSSL 13:f67a6c6013ca 1325 *
wolfSSL 13:f67a6c6013ca 1326 * pkcs7 - pointer to initialized PKCS7 struct
wolfSSL 13:f67a6c6013ca 1327 * signedAttrib - signed attributes
wolfSSL 13:f67a6c6013ca 1328 * signedAttribSz - size of signedAttrib, octets
wolfSSL 13:f67a6c6013ca 1329 * pkcs7Digest - [OUT] PKCS#7 DigestInfo
wolfSSL 13:f67a6c6013ca 1330 * pkcs7DigestSz - [IN/OUT] size of pkcs7Digest
wolfSSL 13:f67a6c6013ca 1331 * plainDigest - [OUT] pointer to plain digest, offset into pkcs7Digest
wolfSSL 13:f67a6c6013ca 1332 * plainDigestSz - [OUT] size of digest at plainDigest
wolfSSL 13:f67a6c6013ca 1333 *
wolfSSL 13:f67a6c6013ca 1334 * returns 0 on success, negative on error */
wolfSSL 13:f67a6c6013ca 1335 static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib,
wolfSSL 13:f67a6c6013ca 1336 word32 signedAttribSz, byte* pkcs7Digest,
wolfSSL 13:f67a6c6013ca 1337 word32* pkcs7DigestSz, byte** plainDigest,
wolfSSL 13:f67a6c6013ca 1338 word32* plainDigestSz)
wolfSSL 13:f67a6c6013ca 1339 {
wolfSSL 13:f67a6c6013ca 1340 int ret = 0, digIdx = 0, hashSz;
wolfSSL 13:f67a6c6013ca 1341 word32 attribSetSz;
wolfSSL 13:f67a6c6013ca 1342 byte attribSet[MAX_SET_SZ];
wolfSSL 13:f67a6c6013ca 1343 byte digest[WC_MAX_DIGEST_SIZE];
wolfSSL 13:f67a6c6013ca 1344 byte digestInfoSeq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 1345 byte digestStr[MAX_OCTET_STR_SZ];
wolfSSL 13:f67a6c6013ca 1346 byte algoId[MAX_ALGO_SZ];
wolfSSL 13:f67a6c6013ca 1347 word32 digestInfoSeqSz, digestStrSz, algoIdSz;
wolfSSL 13:f67a6c6013ca 1348 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1349 byte* digestInfo;
wolfSSL 13:f67a6c6013ca 1350 #else
wolfSSL 13:f67a6c6013ca 1351 byte digestInfo[MAX_PKCS7_DIGEST_SZ];
wolfSSL 13:f67a6c6013ca 1352 #endif
wolfSSL 13:f67a6c6013ca 1353
wolfSSL 13:f67a6c6013ca 1354 wc_HashAlg hash;
wolfSSL 13:f67a6c6013ca 1355 enum wc_HashType hashType;
wolfSSL 13:f67a6c6013ca 1356
wolfSSL 13:f67a6c6013ca 1357 if (pkcs7 == NULL || pkcs7Digest == NULL ||
wolfSSL 13:f67a6c6013ca 1358 pkcs7DigestSz == NULL || plainDigest == NULL) {
wolfSSL 13:f67a6c6013ca 1359 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1360 }
wolfSSL 13:f67a6c6013ca 1361
wolfSSL 13:f67a6c6013ca 1362 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1363 digestInfo = (byte*)XMALLOC(MAX_PKCS7_DIGEST_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1364 if (digestInfo == NULL)
wolfSSL 13:f67a6c6013ca 1365 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 1366 #endif
wolfSSL 13:f67a6c6013ca 1367
wolfSSL 13:f67a6c6013ca 1368 XMEMSET(pkcs7Digest, 0, *pkcs7DigestSz);
wolfSSL 13:f67a6c6013ca 1369 XMEMSET(digest, 0, WC_MAX_DIGEST_SIZE);
wolfSSL 13:f67a6c6013ca 1370 XMEMSET(digestInfo, 0, MAX_PKCS7_DIGEST_SZ);
wolfSSL 13:f67a6c6013ca 1371
wolfSSL 13:f67a6c6013ca 1372 hashSz = wc_PKCS7_SetHashType(pkcs7, &hashType);
wolfSSL 13:f67a6c6013ca 1373 if (hashSz < 0) {
wolfSSL 13:f67a6c6013ca 1374 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1375 XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1376 #endif
wolfSSL 13:f67a6c6013ca 1377 return hashSz;
wolfSSL 13:f67a6c6013ca 1378 }
wolfSSL 13:f67a6c6013ca 1379
wolfSSL 13:f67a6c6013ca 1380 /* calculate digest */
wolfSSL 13:f67a6c6013ca 1381 ret = wc_HashInit(&hash, hashType);
wolfSSL 13:f67a6c6013ca 1382 if (ret < 0) {
wolfSSL 13:f67a6c6013ca 1383 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1384 XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1385 #endif
wolfSSL 13:f67a6c6013ca 1386 return ret;
wolfSSL 13:f67a6c6013ca 1387 }
wolfSSL 13:f67a6c6013ca 1388
wolfSSL 13:f67a6c6013ca 1389 if (signedAttribSz > 0) {
wolfSSL 13:f67a6c6013ca 1390
wolfSSL 13:f67a6c6013ca 1391 if (signedAttrib == NULL) {
wolfSSL 13:f67a6c6013ca 1392 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1393 XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1394 #endif
wolfSSL 13:f67a6c6013ca 1395 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1396 }
wolfSSL 13:f67a6c6013ca 1397
wolfSSL 13:f67a6c6013ca 1398 attribSetSz = SetSet(signedAttribSz, attribSet);
wolfSSL 13:f67a6c6013ca 1399 ret = wc_HashUpdate(&hash, hashType, attribSet, attribSetSz);
wolfSSL 13:f67a6c6013ca 1400 if (ret < 0) {
wolfSSL 13:f67a6c6013ca 1401 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1402 XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1403 #endif
wolfSSL 13:f67a6c6013ca 1404 return ret;
wolfSSL 13:f67a6c6013ca 1405 }
wolfSSL 13:f67a6c6013ca 1406
wolfSSL 13:f67a6c6013ca 1407 ret = wc_HashUpdate(&hash, hashType, signedAttrib, signedAttribSz);
wolfSSL 13:f67a6c6013ca 1408 if (ret < 0) {
wolfSSL 13:f67a6c6013ca 1409 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1410 XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1411 #endif
wolfSSL 13:f67a6c6013ca 1412 return ret;
wolfSSL 13:f67a6c6013ca 1413 }
wolfSSL 13:f67a6c6013ca 1414
wolfSSL 13:f67a6c6013ca 1415 ret = wc_HashFinal(&hash, hashType, digest);
wolfSSL 13:f67a6c6013ca 1416 if (ret < 0) {
wolfSSL 13:f67a6c6013ca 1417 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1418 XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1419 #endif
wolfSSL 13:f67a6c6013ca 1420 return ret;
wolfSSL 13:f67a6c6013ca 1421 }
wolfSSL 13:f67a6c6013ca 1422
wolfSSL 13:f67a6c6013ca 1423 } else {
wolfSSL 13:f67a6c6013ca 1424
wolfSSL 13:f67a6c6013ca 1425 if (pkcs7->content == NULL) {
wolfSSL 13:f67a6c6013ca 1426 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1427 XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1428 #endif
wolfSSL 13:f67a6c6013ca 1429 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1430 }
wolfSSL 13:f67a6c6013ca 1431
wolfSSL 13:f67a6c6013ca 1432 ret = wc_HashUpdate(&hash, hashType, pkcs7->content, pkcs7->contentSz);
wolfSSL 13:f67a6c6013ca 1433 if (ret < 0) {
wolfSSL 13:f67a6c6013ca 1434 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1435 XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1436 #endif
wolfSSL 13:f67a6c6013ca 1437 return ret;
wolfSSL 13:f67a6c6013ca 1438 }
wolfSSL 13:f67a6c6013ca 1439
wolfSSL 13:f67a6c6013ca 1440 ret = wc_HashFinal(&hash, hashType, digest);
wolfSSL 13:f67a6c6013ca 1441 if (ret < 0) {
wolfSSL 13:f67a6c6013ca 1442 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1443 XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1444 #endif
wolfSSL 13:f67a6c6013ca 1445 return ret;
wolfSSL 13:f67a6c6013ca 1446 }
wolfSSL 13:f67a6c6013ca 1447 }
wolfSSL 13:f67a6c6013ca 1448
wolfSSL 13:f67a6c6013ca 1449 /* Set algoID, with NULL attributes */
wolfSSL 13:f67a6c6013ca 1450 algoIdSz = SetAlgoID(pkcs7->hashOID, algoId, oidHashType, 0);
wolfSSL 13:f67a6c6013ca 1451
wolfSSL 13:f67a6c6013ca 1452 digestStrSz = SetOctetString(hashSz, digestStr);
wolfSSL 13:f67a6c6013ca 1453 digestInfoSeqSz = SetSequence(algoIdSz + digestStrSz + hashSz,
wolfSSL 13:f67a6c6013ca 1454 digestInfoSeq);
wolfSSL 13:f67a6c6013ca 1455
wolfSSL 13:f67a6c6013ca 1456 XMEMCPY(digestInfo + digIdx, digestInfoSeq, digestInfoSeqSz);
wolfSSL 13:f67a6c6013ca 1457 digIdx += digestInfoSeqSz;
wolfSSL 13:f67a6c6013ca 1458 XMEMCPY(digestInfo + digIdx, algoId, algoIdSz);
wolfSSL 13:f67a6c6013ca 1459 digIdx += algoIdSz;
wolfSSL 13:f67a6c6013ca 1460 XMEMCPY(digestInfo + digIdx, digestStr, digestStrSz);
wolfSSL 13:f67a6c6013ca 1461 digIdx += digestStrSz;
wolfSSL 13:f67a6c6013ca 1462 XMEMCPY(digestInfo + digIdx, digest, hashSz);
wolfSSL 13:f67a6c6013ca 1463 digIdx += hashSz;
wolfSSL 13:f67a6c6013ca 1464
wolfSSL 13:f67a6c6013ca 1465 XMEMCPY(pkcs7Digest, digestInfo, digIdx);
wolfSSL 13:f67a6c6013ca 1466 *pkcs7DigestSz = digIdx;
wolfSSL 13:f67a6c6013ca 1467
wolfSSL 13:f67a6c6013ca 1468 /* set plain digest pointer */
wolfSSL 13:f67a6c6013ca 1469 *plainDigest = pkcs7Digest + digIdx - hashSz;
wolfSSL 13:f67a6c6013ca 1470 *plainDigestSz = hashSz;
wolfSSL 13:f67a6c6013ca 1471
wolfSSL 13:f67a6c6013ca 1472 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1473 XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1474 #endif
wolfSSL 13:f67a6c6013ca 1475 return 0;
wolfSSL 13:f67a6c6013ca 1476 }
wolfSSL 13:f67a6c6013ca 1477
wolfSSL 13:f67a6c6013ca 1478
wolfSSL 13:f67a6c6013ca 1479 /* verifies SignedData signature, over either PKCS#7 DigestInfo or
wolfSSL 13:f67a6c6013ca 1480 * content digest.
wolfSSL 13:f67a6c6013ca 1481 *
wolfSSL 13:f67a6c6013ca 1482 * pkcs7 - pointer to initialized PKCS7 struct
wolfSSL 13:f67a6c6013ca 1483 * sig - signature to verify
wolfSSL 13:f67a6c6013ca 1484 * sigSz - size of sig
wolfSSL 13:f67a6c6013ca 1485 * signedAttrib - signed attributes, or null if empty
wolfSSL 13:f67a6c6013ca 1486 * signedAttribSz - size of signedAttributes
wolfSSL 13:f67a6c6013ca 1487 *
wolfSSL 13:f67a6c6013ca 1488 * return 0 on success, negative on error */
wolfSSL 13:f67a6c6013ca 1489 static int wc_PKCS7_SignedDataVerifySignature(PKCS7* pkcs7, byte* sig,
wolfSSL 13:f67a6c6013ca 1490 word32 sigSz, byte* signedAttrib,
wolfSSL 13:f67a6c6013ca 1491 word32 signedAttribSz)
wolfSSL 13:f67a6c6013ca 1492 {
wolfSSL 13:f67a6c6013ca 1493 int ret = 0;
wolfSSL 13:f67a6c6013ca 1494 word32 plainDigestSz = 0, pkcs7DigestSz;
wolfSSL 13:f67a6c6013ca 1495 byte* plainDigest = NULL; /* offset into pkcs7Digest */
wolfSSL 13:f67a6c6013ca 1496 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1497 byte* pkcs7Digest;
wolfSSL 13:f67a6c6013ca 1498 #else
wolfSSL 13:f67a6c6013ca 1499 byte pkcs7Digest[MAX_PKCS7_DIGEST_SZ];
wolfSSL 13:f67a6c6013ca 1500 #endif
wolfSSL 13:f67a6c6013ca 1501
wolfSSL 13:f67a6c6013ca 1502 if (pkcs7 == NULL)
wolfSSL 13:f67a6c6013ca 1503 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1504
wolfSSL 13:f67a6c6013ca 1505 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1506 pkcs7Digest = (byte*)XMALLOC(MAX_PKCS7_DIGEST_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1507 if (pkcs7Digest == NULL)
wolfSSL 13:f67a6c6013ca 1508 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 1509 #endif
wolfSSL 13:f67a6c6013ca 1510
wolfSSL 13:f67a6c6013ca 1511 /* build hash to verify against */
wolfSSL 13:f67a6c6013ca 1512 pkcs7DigestSz = MAX_PKCS7_DIGEST_SZ;
wolfSSL 13:f67a6c6013ca 1513 ret = wc_PKCS7_BuildSignedDataDigest(pkcs7, signedAttrib,
wolfSSL 13:f67a6c6013ca 1514 signedAttribSz, pkcs7Digest,
wolfSSL 13:f67a6c6013ca 1515 &pkcs7DigestSz, &plainDigest,
wolfSSL 13:f67a6c6013ca 1516 &plainDigestSz);
wolfSSL 13:f67a6c6013ca 1517 if (ret < 0) {
wolfSSL 13:f67a6c6013ca 1518 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1519 XFREE(pkcs7Digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1520 #endif
wolfSSL 13:f67a6c6013ca 1521 return ret;
wolfSSL 13:f67a6c6013ca 1522 }
wolfSSL 13:f67a6c6013ca 1523
wolfSSL 13:f67a6c6013ca 1524 switch (pkcs7->publicKeyOID) {
wolfSSL 13:f67a6c6013ca 1525
wolfSSL 13:f67a6c6013ca 1526 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 1527 case RSAk:
wolfSSL 13:f67a6c6013ca 1528 ret = wc_PKCS7_RsaVerify(pkcs7, sig, sigSz, pkcs7Digest,
wolfSSL 13:f67a6c6013ca 1529 pkcs7DigestSz);
wolfSSL 13:f67a6c6013ca 1530 if (ret < 0) {
wolfSSL 13:f67a6c6013ca 1531 WOLFSSL_MSG("PKCS#7 verification failed, trying CMS");
wolfSSL 13:f67a6c6013ca 1532 ret = wc_PKCS7_RsaVerify(pkcs7, sig, sigSz, plainDigest,
wolfSSL 13:f67a6c6013ca 1533 plainDigestSz);
wolfSSL 13:f67a6c6013ca 1534 }
wolfSSL 13:f67a6c6013ca 1535 break;
wolfSSL 13:f67a6c6013ca 1536 #endif
wolfSSL 13:f67a6c6013ca 1537
wolfSSL 13:f67a6c6013ca 1538 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 1539 case ECDSAk:
wolfSSL 13:f67a6c6013ca 1540 ret = wc_PKCS7_EcdsaVerify(pkcs7, sig, sigSz, plainDigest,
wolfSSL 13:f67a6c6013ca 1541 plainDigestSz);
wolfSSL 13:f67a6c6013ca 1542 break;
wolfSSL 13:f67a6c6013ca 1543 #endif
wolfSSL 13:f67a6c6013ca 1544
wolfSSL 13:f67a6c6013ca 1545 default:
wolfSSL 13:f67a6c6013ca 1546 WOLFSSL_MSG("Unsupported public key type");
wolfSSL 13:f67a6c6013ca 1547 ret = BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1548 }
wolfSSL 13:f67a6c6013ca 1549
wolfSSL 13:f67a6c6013ca 1550 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 1551 XFREE(pkcs7Digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 1552 #endif
wolfSSL 13:f67a6c6013ca 1553 return ret;
wolfSSL 13:f67a6c6013ca 1554 }
wolfSSL 13:f67a6c6013ca 1555
wolfSSL 13:f67a6c6013ca 1556
wolfSSL 13:f67a6c6013ca 1557 /* Finds the certificates in the message and saves it. */
wolfSSL 13:f67a6c6013ca 1558 int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
wolfSSL 13:f67a6c6013ca 1559 {
wolfSSL 13:f67a6c6013ca 1560 word32 idx, contentType, hashOID;
wolfSSL 13:f67a6c6013ca 1561 int length, version, ret;
wolfSSL 13:f67a6c6013ca 1562 byte* content = NULL;
wolfSSL 13:f67a6c6013ca 1563 byte* sig = NULL;
wolfSSL 13:f67a6c6013ca 1564 byte* cert = NULL;
wolfSSL 13:f67a6c6013ca 1565 byte* signedAttrib = NULL;
wolfSSL 13:f67a6c6013ca 1566 int contentSz = 0, sigSz = 0, certSz = 0, signedAttribSz = 0;
wolfSSL 13:f67a6c6013ca 1567
wolfSSL 13:f67a6c6013ca 1568 if (pkcs7 == NULL || pkiMsg == NULL || pkiMsgSz == 0)
wolfSSL 13:f67a6c6013ca 1569 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1570
wolfSSL 13:f67a6c6013ca 1571 idx = 0;
wolfSSL 13:f67a6c6013ca 1572
wolfSSL 13:f67a6c6013ca 1573 /* Get the contentInfo sequence */
wolfSSL 13:f67a6c6013ca 1574 if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 1575 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1576
wolfSSL 13:f67a6c6013ca 1577 /* Get the contentInfo contentType */
wolfSSL 13:f67a6c6013ca 1578 if (wc_GetContentType(pkiMsg, &idx, &contentType, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 1579 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1580
wolfSSL 13:f67a6c6013ca 1581 if (contentType != SIGNED_DATA) {
wolfSSL 13:f67a6c6013ca 1582 WOLFSSL_MSG("PKCS#7 input not of type SignedData");
wolfSSL 13:f67a6c6013ca 1583 return PKCS7_OID_E;
wolfSSL 13:f67a6c6013ca 1584 }
wolfSSL 13:f67a6c6013ca 1585
wolfSSL 13:f67a6c6013ca 1586 /* get the ContentInfo content */
wolfSSL 13:f67a6c6013ca 1587 if (pkiMsg[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0))
wolfSSL 13:f67a6c6013ca 1588 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1589
wolfSSL 13:f67a6c6013ca 1590 if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 1591 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1592
wolfSSL 13:f67a6c6013ca 1593 /* Get the signedData sequence */
wolfSSL 13:f67a6c6013ca 1594 if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 1595 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1596
wolfSSL 13:f67a6c6013ca 1597 /* Get the version */
wolfSSL 13:f67a6c6013ca 1598 if (GetMyVersion(pkiMsg, &idx, &version, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 1599 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1600
wolfSSL 13:f67a6c6013ca 1601 if (version != 1) {
wolfSSL 13:f67a6c6013ca 1602 WOLFSSL_MSG("PKCS#7 signedData needs to be of version 1");
wolfSSL 13:f67a6c6013ca 1603 return ASN_VERSION_E;
wolfSSL 13:f67a6c6013ca 1604 }
wolfSSL 13:f67a6c6013ca 1605
wolfSSL 13:f67a6c6013ca 1606 /* Get the set of DigestAlgorithmIdentifiers */
wolfSSL 13:f67a6c6013ca 1607 if (GetSet(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 1608 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1609
wolfSSL 13:f67a6c6013ca 1610 /* Skip the set. */
wolfSSL 13:f67a6c6013ca 1611 idx += length;
wolfSSL 13:f67a6c6013ca 1612
wolfSSL 13:f67a6c6013ca 1613 /* Get the inner ContentInfo sequence */
wolfSSL 13:f67a6c6013ca 1614 if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 1615 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1616
wolfSSL 13:f67a6c6013ca 1617 /* Get the inner ContentInfo contentType */
wolfSSL 13:f67a6c6013ca 1618 if (wc_GetContentType(pkiMsg, &idx, &contentType, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 1619 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1620
wolfSSL 13:f67a6c6013ca 1621 if (contentType != DATA) {
wolfSSL 13:f67a6c6013ca 1622 WOLFSSL_MSG("PKCS#7 inner input not of type Data");
wolfSSL 13:f67a6c6013ca 1623 return PKCS7_OID_E;
wolfSSL 13:f67a6c6013ca 1624 }
wolfSSL 13:f67a6c6013ca 1625
wolfSSL 13:f67a6c6013ca 1626 if (pkiMsg[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0))
wolfSSL 13:f67a6c6013ca 1627 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1628
wolfSSL 13:f67a6c6013ca 1629 if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) <= 0)
wolfSSL 13:f67a6c6013ca 1630 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1631
wolfSSL 13:f67a6c6013ca 1632 if (pkiMsg[idx++] != ASN_OCTET_STRING)
wolfSSL 13:f67a6c6013ca 1633 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1634
wolfSSL 13:f67a6c6013ca 1635 if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 1636 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1637
wolfSSL 13:f67a6c6013ca 1638 /* Save the inner data as the content. */
wolfSSL 13:f67a6c6013ca 1639 if (length > 0) {
wolfSSL 13:f67a6c6013ca 1640 /* Local pointer for calculating hashes later */
wolfSSL 13:f67a6c6013ca 1641 pkcs7->content = content = &pkiMsg[idx];
wolfSSL 13:f67a6c6013ca 1642 pkcs7->contentSz = contentSz = length;
wolfSSL 13:f67a6c6013ca 1643 idx += length;
wolfSSL 13:f67a6c6013ca 1644 }
wolfSSL 13:f67a6c6013ca 1645
wolfSSL 13:f67a6c6013ca 1646 /* Get the implicit[0] set of certificates */
wolfSSL 13:f67a6c6013ca 1647 if (pkiMsg[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) {
wolfSSL 13:f67a6c6013ca 1648 idx++;
wolfSSL 13:f67a6c6013ca 1649 if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 1650 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1651
wolfSSL 13:f67a6c6013ca 1652 if (length > 0) {
wolfSSL 13:f67a6c6013ca 1653 /* At this point, idx is at the first certificate in
wolfSSL 13:f67a6c6013ca 1654 * a set of certificates. There may be more than one,
wolfSSL 13:f67a6c6013ca 1655 * or none, or they may be a PKCS 6 extended
wolfSSL 13:f67a6c6013ca 1656 * certificate. We want to save the first cert if it
wolfSSL 13:f67a6c6013ca 1657 * is X.509. */
wolfSSL 13:f67a6c6013ca 1658
wolfSSL 13:f67a6c6013ca 1659 word32 certIdx = idx;
wolfSSL 13:f67a6c6013ca 1660
wolfSSL 13:f67a6c6013ca 1661 if (pkiMsg[certIdx++] == (ASN_CONSTRUCTED | ASN_SEQUENCE)) {
wolfSSL 13:f67a6c6013ca 1662 if (GetLength(pkiMsg, &certIdx, &certSz, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 1663 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1664
wolfSSL 13:f67a6c6013ca 1665 cert = &pkiMsg[idx];
wolfSSL 13:f67a6c6013ca 1666 certSz += (certIdx - idx);
wolfSSL 13:f67a6c6013ca 1667 }
wolfSSL 13:f67a6c6013ca 1668 wc_PKCS7_InitWithCert(pkcs7, cert, certSz);
wolfSSL 13:f67a6c6013ca 1669 }
wolfSSL 13:f67a6c6013ca 1670 idx += length;
wolfSSL 13:f67a6c6013ca 1671 }
wolfSSL 13:f67a6c6013ca 1672
wolfSSL 13:f67a6c6013ca 1673 /* Get the implicit[1] set of crls */
wolfSSL 13:f67a6c6013ca 1674 if (pkiMsg[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)) {
wolfSSL 13:f67a6c6013ca 1675 idx++;
wolfSSL 13:f67a6c6013ca 1676 if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 1677 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1678
wolfSSL 13:f67a6c6013ca 1679 /* Skip the set */
wolfSSL 13:f67a6c6013ca 1680 idx += length;
wolfSSL 13:f67a6c6013ca 1681 }
wolfSSL 13:f67a6c6013ca 1682
wolfSSL 13:f67a6c6013ca 1683 /* Get the set of signerInfos */
wolfSSL 13:f67a6c6013ca 1684 if (GetSet(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 1685 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1686
wolfSSL 13:f67a6c6013ca 1687 if (length > 0) {
wolfSSL 13:f67a6c6013ca 1688 /* Get the sequence of the first signerInfo */
wolfSSL 13:f67a6c6013ca 1689 if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 1690 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1691
wolfSSL 13:f67a6c6013ca 1692 /* Get the version */
wolfSSL 13:f67a6c6013ca 1693 if (GetMyVersion(pkiMsg, &idx, &version, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 1694 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1695
wolfSSL 13:f67a6c6013ca 1696 if (version != 1) {
wolfSSL 13:f67a6c6013ca 1697 WOLFSSL_MSG("PKCS#7 signerInfo needs to be of version 1");
wolfSSL 13:f67a6c6013ca 1698 return ASN_VERSION_E;
wolfSSL 13:f67a6c6013ca 1699 }
wolfSSL 13:f67a6c6013ca 1700
wolfSSL 13:f67a6c6013ca 1701 /* Get the sequence of IssuerAndSerialNumber */
wolfSSL 13:f67a6c6013ca 1702 if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 1703 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1704
wolfSSL 13:f67a6c6013ca 1705 /* Skip it */
wolfSSL 13:f67a6c6013ca 1706 idx += length;
wolfSSL 13:f67a6c6013ca 1707
wolfSSL 13:f67a6c6013ca 1708 /* Get the sequence of digestAlgorithm */
wolfSSL 13:f67a6c6013ca 1709 if (GetAlgoId(pkiMsg, &idx, &hashOID, oidHashType, pkiMsgSz) < 0) {
wolfSSL 13:f67a6c6013ca 1710 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1711 }
wolfSSL 13:f67a6c6013ca 1712 pkcs7->hashOID = (int)hashOID;
wolfSSL 13:f67a6c6013ca 1713
wolfSSL 13:f67a6c6013ca 1714 /* Get the IMPLICIT[0] SET OF signedAttributes */
wolfSSL 13:f67a6c6013ca 1715 if (pkiMsg[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) {
wolfSSL 13:f67a6c6013ca 1716 idx++;
wolfSSL 13:f67a6c6013ca 1717
wolfSSL 13:f67a6c6013ca 1718 if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 1719 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1720
wolfSSL 13:f67a6c6013ca 1721 /* save pointer and length */
wolfSSL 13:f67a6c6013ca 1722 signedAttrib = &pkiMsg[idx];
wolfSSL 13:f67a6c6013ca 1723 signedAttribSz = length;
wolfSSL 13:f67a6c6013ca 1724
wolfSSL 13:f67a6c6013ca 1725 idx += length;
wolfSSL 13:f67a6c6013ca 1726 }
wolfSSL 13:f67a6c6013ca 1727
wolfSSL 13:f67a6c6013ca 1728 /* Get the sequence of digestEncryptionAlgorithm */
wolfSSL 13:f67a6c6013ca 1729 if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 1730 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1731
wolfSSL 13:f67a6c6013ca 1732 /* Skip it */
wolfSSL 13:f67a6c6013ca 1733 idx += length;
wolfSSL 13:f67a6c6013ca 1734
wolfSSL 13:f67a6c6013ca 1735 /* Get the signature */
wolfSSL 13:f67a6c6013ca 1736 if (pkiMsg[idx] == ASN_OCTET_STRING) {
wolfSSL 13:f67a6c6013ca 1737 idx++;
wolfSSL 13:f67a6c6013ca 1738
wolfSSL 13:f67a6c6013ca 1739 if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 1740 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 1741
wolfSSL 13:f67a6c6013ca 1742 /* save pointer and length */
wolfSSL 13:f67a6c6013ca 1743 sig = &pkiMsg[idx];
wolfSSL 13:f67a6c6013ca 1744 sigSz = length;
wolfSSL 13:f67a6c6013ca 1745
wolfSSL 13:f67a6c6013ca 1746 idx += length;
wolfSSL 13:f67a6c6013ca 1747 }
wolfSSL 13:f67a6c6013ca 1748
wolfSSL 13:f67a6c6013ca 1749 pkcs7->content = content;
wolfSSL 13:f67a6c6013ca 1750 pkcs7->contentSz = contentSz;
wolfSSL 13:f67a6c6013ca 1751
wolfSSL 13:f67a6c6013ca 1752 ret = wc_PKCS7_SignedDataVerifySignature(pkcs7, sig, sigSz,
wolfSSL 13:f67a6c6013ca 1753 signedAttrib, signedAttribSz);
wolfSSL 13:f67a6c6013ca 1754 if (ret < 0)
wolfSSL 13:f67a6c6013ca 1755 return ret;
wolfSSL 13:f67a6c6013ca 1756 }
wolfSSL 13:f67a6c6013ca 1757
wolfSSL 13:f67a6c6013ca 1758 return 0;
wolfSSL 13:f67a6c6013ca 1759 }
wolfSSL 13:f67a6c6013ca 1760
wolfSSL 13:f67a6c6013ca 1761
wolfSSL 13:f67a6c6013ca 1762 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 1763
wolfSSL 13:f67a6c6013ca 1764 /* KARI == KeyAgreeRecipientInfo (key agreement) */
wolfSSL 13:f67a6c6013ca 1765 typedef struct WC_PKCS7_KARI {
wolfSSL 13:f67a6c6013ca 1766 DecodedCert* decoded; /* decoded recip cert */
wolfSSL 13:f67a6c6013ca 1767 void* heap; /* user heap, points to PKCS7->heap */
wolfSSL 13:f67a6c6013ca 1768 ecc_key* recipKey; /* recip key (pub | priv) */
wolfSSL 13:f67a6c6013ca 1769 ecc_key* senderKey; /* sender key (pub | priv) */
wolfSSL 13:f67a6c6013ca 1770 byte* senderKeyExport; /* sender ephemeral key DER */
wolfSSL 13:f67a6c6013ca 1771 byte* kek; /* key encryption key */
wolfSSL 13:f67a6c6013ca 1772 byte* ukm; /* OPTIONAL user keying material */
wolfSSL 13:f67a6c6013ca 1773 byte* sharedInfo; /* ECC-CMS-SharedInfo ASN.1 encoded blob */
wolfSSL 13:f67a6c6013ca 1774 word32 senderKeyExportSz; /* size of sender ephemeral key DER */
wolfSSL 13:f67a6c6013ca 1775 word32 kekSz; /* size of key encryption key */
wolfSSL 13:f67a6c6013ca 1776 word32 ukmSz; /* size of user keying material */
wolfSSL 13:f67a6c6013ca 1777 word32 sharedInfoSz; /* size of ECC-CMS-SharedInfo encoded */
wolfSSL 13:f67a6c6013ca 1778 byte ukmOwner; /* do we own ukm buffer? 1:yes, 0:no */
wolfSSL 13:f67a6c6013ca 1779 byte direction; /* WC_PKCS7_ENCODE | WC_PKCS7_DECODE */
wolfSSL 13:f67a6c6013ca 1780 } WC_PKCS7_KARI;
wolfSSL 13:f67a6c6013ca 1781
wolfSSL 13:f67a6c6013ca 1782
wolfSSL 13:f67a6c6013ca 1783 /* wrap CEK (content encryption key) with KEK, 0 on success, < 0 on error */
wolfSSL 13:f67a6c6013ca 1784 static int wc_PKCS7_KariKeyWrap(byte* cek, word32 cekSz, byte* kek,
wolfSSL 13:f67a6c6013ca 1785 word32 kekSz, byte* out, word32 outSz,
wolfSSL 13:f67a6c6013ca 1786 int keyWrapAlgo, int direction)
wolfSSL 13:f67a6c6013ca 1787 {
wolfSSL 13:f67a6c6013ca 1788 int ret;
wolfSSL 13:f67a6c6013ca 1789
wolfSSL 13:f67a6c6013ca 1790 if (cek == NULL || kek == NULL || out == NULL)
wolfSSL 13:f67a6c6013ca 1791 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1792
wolfSSL 13:f67a6c6013ca 1793 switch (keyWrapAlgo) {
wolfSSL 13:f67a6c6013ca 1794 #ifndef NO_AES
wolfSSL 13:f67a6c6013ca 1795 case AES128_WRAP:
wolfSSL 13:f67a6c6013ca 1796 case AES192_WRAP:
wolfSSL 13:f67a6c6013ca 1797 case AES256_WRAP:
wolfSSL 13:f67a6c6013ca 1798
wolfSSL 13:f67a6c6013ca 1799 if (direction == AES_ENCRYPTION) {
wolfSSL 13:f67a6c6013ca 1800
wolfSSL 13:f67a6c6013ca 1801 ret = wc_AesKeyWrap(kek, kekSz, cek, cekSz,
wolfSSL 13:f67a6c6013ca 1802 out, outSz, NULL);
wolfSSL 13:f67a6c6013ca 1803
wolfSSL 13:f67a6c6013ca 1804 } else if (direction == AES_DECRYPTION) {
wolfSSL 13:f67a6c6013ca 1805
wolfSSL 13:f67a6c6013ca 1806 ret = wc_AesKeyUnWrap(kek, kekSz, cek, cekSz,
wolfSSL 13:f67a6c6013ca 1807 out, outSz, NULL);
wolfSSL 13:f67a6c6013ca 1808 } else {
wolfSSL 13:f67a6c6013ca 1809 WOLFSSL_MSG("Bad key un/wrap direction");
wolfSSL 13:f67a6c6013ca 1810 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1811 }
wolfSSL 13:f67a6c6013ca 1812
wolfSSL 13:f67a6c6013ca 1813 if (ret <= 0)
wolfSSL 13:f67a6c6013ca 1814 return ret;
wolfSSL 13:f67a6c6013ca 1815
wolfSSL 13:f67a6c6013ca 1816 break;
wolfSSL 13:f67a6c6013ca 1817 #endif /* NO_AES */
wolfSSL 13:f67a6c6013ca 1818
wolfSSL 13:f67a6c6013ca 1819 default:
wolfSSL 13:f67a6c6013ca 1820 WOLFSSL_MSG("Unsupported key wrap algorithm");
wolfSSL 13:f67a6c6013ca 1821 return BAD_KEYWRAP_ALG_E;
wolfSSL 13:f67a6c6013ca 1822 };
wolfSSL 13:f67a6c6013ca 1823
wolfSSL 13:f67a6c6013ca 1824 (void)cekSz;
wolfSSL 13:f67a6c6013ca 1825 (void)kekSz;
wolfSSL 13:f67a6c6013ca 1826 (void)outSz;
wolfSSL 13:f67a6c6013ca 1827 (void)direction;
wolfSSL 13:f67a6c6013ca 1828 return ret;
wolfSSL 13:f67a6c6013ca 1829 }
wolfSSL 13:f67a6c6013ca 1830
wolfSSL 13:f67a6c6013ca 1831
wolfSSL 13:f67a6c6013ca 1832 /* allocate and create new WC_PKCS7_KARI struct,
wolfSSL 13:f67a6c6013ca 1833 * returns struct pointer on success, NULL on failure */
wolfSSL 13:f67a6c6013ca 1834 static WC_PKCS7_KARI* wc_PKCS7_KariNew(PKCS7* pkcs7, byte direction)
wolfSSL 13:f67a6c6013ca 1835 {
wolfSSL 13:f67a6c6013ca 1836 WC_PKCS7_KARI* kari = NULL;
wolfSSL 13:f67a6c6013ca 1837
wolfSSL 13:f67a6c6013ca 1838 if (pkcs7 == NULL)
wolfSSL 13:f67a6c6013ca 1839 return NULL;
wolfSSL 13:f67a6c6013ca 1840
wolfSSL 13:f67a6c6013ca 1841 kari = (WC_PKCS7_KARI*)XMALLOC(sizeof(WC_PKCS7_KARI), pkcs7->heap,
wolfSSL 13:f67a6c6013ca 1842 DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 1843 if (kari == NULL) {
wolfSSL 13:f67a6c6013ca 1844 WOLFSSL_MSG("Failed to allocate WC_PKCS7_KARI");
wolfSSL 13:f67a6c6013ca 1845 return NULL;
wolfSSL 13:f67a6c6013ca 1846 }
wolfSSL 13:f67a6c6013ca 1847
wolfSSL 13:f67a6c6013ca 1848 kari->decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), pkcs7->heap,
wolfSSL 13:f67a6c6013ca 1849 DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 1850 if (kari->decoded == NULL) {
wolfSSL 13:f67a6c6013ca 1851 WOLFSSL_MSG("Failed to allocate DecodedCert");
wolfSSL 13:f67a6c6013ca 1852 XFREE(kari, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 1853 return NULL;
wolfSSL 13:f67a6c6013ca 1854 }
wolfSSL 13:f67a6c6013ca 1855
wolfSSL 13:f67a6c6013ca 1856 kari->recipKey = (ecc_key*)XMALLOC(sizeof(ecc_key), pkcs7->heap,
wolfSSL 13:f67a6c6013ca 1857 DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 1858 if (kari->recipKey == NULL) {
wolfSSL 13:f67a6c6013ca 1859 WOLFSSL_MSG("Failed to allocate recipient ecc_key");
wolfSSL 13:f67a6c6013ca 1860 XFREE(kari->decoded, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 1861 XFREE(kari, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 1862 return NULL;
wolfSSL 13:f67a6c6013ca 1863 }
wolfSSL 13:f67a6c6013ca 1864
wolfSSL 13:f67a6c6013ca 1865 kari->senderKey = (ecc_key*)XMALLOC(sizeof(ecc_key), pkcs7->heap,
wolfSSL 13:f67a6c6013ca 1866 DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 1867 if (kari->senderKey == NULL) {
wolfSSL 13:f67a6c6013ca 1868 WOLFSSL_MSG("Failed to allocate sender ecc_key");
wolfSSL 13:f67a6c6013ca 1869 XFREE(kari->recipKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 1870 XFREE(kari->decoded, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 1871 XFREE(kari, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 1872 return NULL;
wolfSSL 13:f67a6c6013ca 1873 }
wolfSSL 13:f67a6c6013ca 1874
wolfSSL 13:f67a6c6013ca 1875 kari->senderKeyExport = NULL;
wolfSSL 13:f67a6c6013ca 1876 kari->senderKeyExportSz = 0;
wolfSSL 13:f67a6c6013ca 1877 kari->kek = NULL;
wolfSSL 13:f67a6c6013ca 1878 kari->kekSz = 0;
wolfSSL 13:f67a6c6013ca 1879 kari->ukm = NULL;
wolfSSL 13:f67a6c6013ca 1880 kari->ukmSz = 0;
wolfSSL 13:f67a6c6013ca 1881 kari->ukmOwner = 0;
wolfSSL 13:f67a6c6013ca 1882 kari->sharedInfo = NULL;
wolfSSL 13:f67a6c6013ca 1883 kari->sharedInfoSz = 0;
wolfSSL 13:f67a6c6013ca 1884 kari->direction = direction;
wolfSSL 13:f67a6c6013ca 1885
wolfSSL 13:f67a6c6013ca 1886 kari->heap = pkcs7->heap;
wolfSSL 13:f67a6c6013ca 1887
wolfSSL 13:f67a6c6013ca 1888 return kari;
wolfSSL 13:f67a6c6013ca 1889 }
wolfSSL 13:f67a6c6013ca 1890
wolfSSL 13:f67a6c6013ca 1891
wolfSSL 13:f67a6c6013ca 1892 /* free WC_PKCS7_KARI struct, return 0 on success */
wolfSSL 13:f67a6c6013ca 1893 static int wc_PKCS7_KariFree(WC_PKCS7_KARI* kari)
wolfSSL 13:f67a6c6013ca 1894 {
wolfSSL 13:f67a6c6013ca 1895 void* heap;
wolfSSL 13:f67a6c6013ca 1896
wolfSSL 13:f67a6c6013ca 1897 if (kari) {
wolfSSL 13:f67a6c6013ca 1898 heap = kari->heap;
wolfSSL 13:f67a6c6013ca 1899
wolfSSL 13:f67a6c6013ca 1900 if (kari->decoded) {
wolfSSL 13:f67a6c6013ca 1901 FreeDecodedCert(kari->decoded);
wolfSSL 13:f67a6c6013ca 1902 XFREE(kari->decoded, heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 1903 }
wolfSSL 13:f67a6c6013ca 1904 if (kari->senderKey) {
wolfSSL 13:f67a6c6013ca 1905 wc_ecc_free(kari->senderKey);
wolfSSL 13:f67a6c6013ca 1906 XFREE(kari->senderKey, heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 1907 }
wolfSSL 13:f67a6c6013ca 1908 if (kari->recipKey) {
wolfSSL 13:f67a6c6013ca 1909 wc_ecc_free(kari->recipKey);
wolfSSL 13:f67a6c6013ca 1910 XFREE(kari->recipKey, heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 1911 }
wolfSSL 13:f67a6c6013ca 1912 if (kari->senderKeyExport) {
wolfSSL 13:f67a6c6013ca 1913 ForceZero(kari->senderKeyExport, kari->senderKeyExportSz);
wolfSSL 13:f67a6c6013ca 1914 XFREE(kari->senderKeyExport, heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 1915 kari->senderKeyExportSz = 0;
wolfSSL 13:f67a6c6013ca 1916 }
wolfSSL 13:f67a6c6013ca 1917 if (kari->kek) {
wolfSSL 13:f67a6c6013ca 1918 ForceZero(kari->kek, kari->kekSz);
wolfSSL 13:f67a6c6013ca 1919 XFREE(kari->kek, heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 1920 kari->kekSz = 0;
wolfSSL 13:f67a6c6013ca 1921 }
wolfSSL 13:f67a6c6013ca 1922 if (kari->ukm) {
wolfSSL 13:f67a6c6013ca 1923 if (kari->ukmOwner == 1) {
wolfSSL 13:f67a6c6013ca 1924 XFREE(kari->ukm, heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 1925 }
wolfSSL 13:f67a6c6013ca 1926 kari->ukmSz = 0;
wolfSSL 13:f67a6c6013ca 1927 }
wolfSSL 13:f67a6c6013ca 1928 if (kari->sharedInfo) {
wolfSSL 13:f67a6c6013ca 1929 ForceZero(kari->sharedInfo, kari->sharedInfoSz);
wolfSSL 13:f67a6c6013ca 1930 XFREE(kari->sharedInfo, heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 1931 kari->sharedInfoSz = 0;
wolfSSL 13:f67a6c6013ca 1932 }
wolfSSL 13:f67a6c6013ca 1933 XFREE(kari, heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 1934 }
wolfSSL 13:f67a6c6013ca 1935
wolfSSL 13:f67a6c6013ca 1936 (void)heap;
wolfSSL 13:f67a6c6013ca 1937
wolfSSL 13:f67a6c6013ca 1938 return 0;
wolfSSL 13:f67a6c6013ca 1939 }
wolfSSL 13:f67a6c6013ca 1940
wolfSSL 13:f67a6c6013ca 1941
wolfSSL 13:f67a6c6013ca 1942 /* parse recipient cert/key, return 0 on success, negative on error
wolfSSL 13:f67a6c6013ca 1943 * key/keySz only needed during decoding (WC_PKCS7_DECODE) */
wolfSSL 13:f67a6c6013ca 1944 static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert,
wolfSSL 13:f67a6c6013ca 1945 word32 certSz, const byte* key,
wolfSSL 13:f67a6c6013ca 1946 word32 keySz)
wolfSSL 13:f67a6c6013ca 1947 {
wolfSSL 13:f67a6c6013ca 1948 int ret;
wolfSSL 13:f67a6c6013ca 1949 word32 idx;
wolfSSL 13:f67a6c6013ca 1950
wolfSSL 13:f67a6c6013ca 1951 if (kari == NULL || kari->decoded == NULL ||
wolfSSL 13:f67a6c6013ca 1952 cert == NULL || certSz == 0)
wolfSSL 13:f67a6c6013ca 1953 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1954
wolfSSL 13:f67a6c6013ca 1955 if (kari->direction == WC_PKCS7_DECODE &&
wolfSSL 13:f67a6c6013ca 1956 (key == NULL || keySz == 0))
wolfSSL 13:f67a6c6013ca 1957 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1958
wolfSSL 13:f67a6c6013ca 1959 /* decode certificate */
wolfSSL 13:f67a6c6013ca 1960 InitDecodedCert(kari->decoded, (byte*)cert, certSz, kari->heap);
wolfSSL 13:f67a6c6013ca 1961 ret = ParseCert(kari->decoded, CA_TYPE, NO_VERIFY, 0);
wolfSSL 13:f67a6c6013ca 1962 if (ret < 0)
wolfSSL 13:f67a6c6013ca 1963 return ret;
wolfSSL 13:f67a6c6013ca 1964
wolfSSL 13:f67a6c6013ca 1965 /* make sure subject key id was read from cert */
wolfSSL 13:f67a6c6013ca 1966 if (kari->decoded->extSubjKeyIdSet == 0) {
wolfSSL 13:f67a6c6013ca 1967 WOLFSSL_MSG("Failed to read subject key ID from recipient cert");
wolfSSL 13:f67a6c6013ca 1968 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1969 }
wolfSSL 13:f67a6c6013ca 1970
wolfSSL 13:f67a6c6013ca 1971 ret = wc_ecc_init_ex(kari->recipKey, kari->heap, INVALID_DEVID);
wolfSSL 13:f67a6c6013ca 1972 if (ret != 0)
wolfSSL 13:f67a6c6013ca 1973 return ret;
wolfSSL 13:f67a6c6013ca 1974
wolfSSL 13:f67a6c6013ca 1975 /* get recip public key */
wolfSSL 13:f67a6c6013ca 1976 if (kari->direction == WC_PKCS7_ENCODE) {
wolfSSL 13:f67a6c6013ca 1977
wolfSSL 13:f67a6c6013ca 1978 ret = wc_ecc_import_x963(kari->decoded->publicKey,
wolfSSL 13:f67a6c6013ca 1979 kari->decoded->pubKeySize,
wolfSSL 13:f67a6c6013ca 1980 kari->recipKey);
wolfSSL 13:f67a6c6013ca 1981 }
wolfSSL 13:f67a6c6013ca 1982 /* get recip private key */
wolfSSL 13:f67a6c6013ca 1983 else if (kari->direction == WC_PKCS7_DECODE) {
wolfSSL 13:f67a6c6013ca 1984
wolfSSL 13:f67a6c6013ca 1985 idx = 0;
wolfSSL 13:f67a6c6013ca 1986 ret = wc_EccPrivateKeyDecode(key, &idx, kari->recipKey, keySz);
wolfSSL 13:f67a6c6013ca 1987 if (ret != 0)
wolfSSL 13:f67a6c6013ca 1988 return ret;
wolfSSL 13:f67a6c6013ca 1989
wolfSSL 13:f67a6c6013ca 1990 } else {
wolfSSL 13:f67a6c6013ca 1991 /* bad direction */
wolfSSL 13:f67a6c6013ca 1992 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1993 }
wolfSSL 13:f67a6c6013ca 1994
wolfSSL 13:f67a6c6013ca 1995 if (ret != 0)
wolfSSL 13:f67a6c6013ca 1996 return ret;
wolfSSL 13:f67a6c6013ca 1997
wolfSSL 13:f67a6c6013ca 1998 (void)idx;
wolfSSL 13:f67a6c6013ca 1999
wolfSSL 13:f67a6c6013ca 2000 return 0;
wolfSSL 13:f67a6c6013ca 2001 }
wolfSSL 13:f67a6c6013ca 2002
wolfSSL 13:f67a6c6013ca 2003
wolfSSL 13:f67a6c6013ca 2004 /* create ephemeral ECC key, places ecc_key in kari->senderKey,
wolfSSL 13:f67a6c6013ca 2005 * DER encoded in kari->senderKeyExport. return 0 on success,
wolfSSL 13:f67a6c6013ca 2006 * negative on error */
wolfSSL 13:f67a6c6013ca 2007 static int wc_PKCS7_KariGenerateEphemeralKey(WC_PKCS7_KARI* kari, WC_RNG* rng)
wolfSSL 13:f67a6c6013ca 2008 {
wolfSSL 13:f67a6c6013ca 2009 int ret;
wolfSSL 13:f67a6c6013ca 2010
wolfSSL 13:f67a6c6013ca 2011 if (kari == NULL || kari->decoded == NULL ||
wolfSSL 13:f67a6c6013ca 2012 kari->recipKey == NULL || kari->recipKey->dp == NULL ||
wolfSSL 13:f67a6c6013ca 2013 rng == NULL)
wolfSSL 13:f67a6c6013ca 2014 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 2015
wolfSSL 13:f67a6c6013ca 2016 kari->senderKeyExport = (byte*)XMALLOC(kari->decoded->pubKeySize, kari->heap,
wolfSSL 13:f67a6c6013ca 2017 DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 2018 if (kari->senderKeyExport == NULL)
wolfSSL 13:f67a6c6013ca 2019 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 2020
wolfSSL 13:f67a6c6013ca 2021 kari->senderKeyExportSz = kari->decoded->pubKeySize;
wolfSSL 13:f67a6c6013ca 2022
wolfSSL 13:f67a6c6013ca 2023 ret = wc_ecc_init_ex(kari->senderKey, kari->heap, INVALID_DEVID);
wolfSSL 13:f67a6c6013ca 2024 if (ret != 0)
wolfSSL 13:f67a6c6013ca 2025 return ret;
wolfSSL 13:f67a6c6013ca 2026
wolfSSL 13:f67a6c6013ca 2027 ret = wc_ecc_make_key_ex(rng, kari->recipKey->dp->size,
wolfSSL 13:f67a6c6013ca 2028 kari->senderKey, kari->recipKey->dp->id);
wolfSSL 13:f67a6c6013ca 2029 if (ret != 0)
wolfSSL 13:f67a6c6013ca 2030 return ret;
wolfSSL 13:f67a6c6013ca 2031
wolfSSL 13:f67a6c6013ca 2032 /* dump generated key to X.963 DER for output in CMS bundle */
wolfSSL 13:f67a6c6013ca 2033 ret = wc_ecc_export_x963(kari->senderKey, kari->senderKeyExport,
wolfSSL 13:f67a6c6013ca 2034 &kari->senderKeyExportSz);
wolfSSL 13:f67a6c6013ca 2035 if (ret != 0)
wolfSSL 13:f67a6c6013ca 2036 return ret;
wolfSSL 13:f67a6c6013ca 2037
wolfSSL 13:f67a6c6013ca 2038 return 0;
wolfSSL 13:f67a6c6013ca 2039 }
wolfSSL 13:f67a6c6013ca 2040
wolfSSL 13:f67a6c6013ca 2041
wolfSSL 13:f67a6c6013ca 2042 /* create ASN.1 encoded ECC-CMS-SharedInfo using specified key wrap algorithm,
wolfSSL 13:f67a6c6013ca 2043 * place in kari->sharedInfo. returns 0 on success, negative on error */
wolfSSL 13:f67a6c6013ca 2044 static int wc_PKCS7_KariGenerateSharedInfo(WC_PKCS7_KARI* kari, int keyWrapOID)
wolfSSL 13:f67a6c6013ca 2045 {
wolfSSL 13:f67a6c6013ca 2046 int idx = 0;
wolfSSL 13:f67a6c6013ca 2047 int sharedInfoSeqSz = 0;
wolfSSL 13:f67a6c6013ca 2048 int keyInfoSz = 0;
wolfSSL 13:f67a6c6013ca 2049 int suppPubInfoSeqSz = 0;
wolfSSL 13:f67a6c6013ca 2050 int entityUInfoOctetSz = 0;
wolfSSL 13:f67a6c6013ca 2051 int entityUInfoExplicitSz = 0;
wolfSSL 13:f67a6c6013ca 2052 int kekOctetSz = 0;
wolfSSL 13:f67a6c6013ca 2053 int sharedInfoSz = 0;
wolfSSL 13:f67a6c6013ca 2054
wolfSSL 13:f67a6c6013ca 2055 word32 kekBitSz = 0;
wolfSSL 13:f67a6c6013ca 2056
wolfSSL 13:f67a6c6013ca 2057 byte sharedInfoSeq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 2058 byte keyInfo[MAX_ALGO_SZ];
wolfSSL 13:f67a6c6013ca 2059 byte suppPubInfoSeq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 2060 byte entityUInfoOctet[MAX_OCTET_STR_SZ];
wolfSSL 13:f67a6c6013ca 2061 byte entityUInfoExplicitSeq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 2062 byte kekOctet[MAX_OCTET_STR_SZ];
wolfSSL 13:f67a6c6013ca 2063
wolfSSL 13:f67a6c6013ca 2064 if (kari == NULL)
wolfSSL 13:f67a6c6013ca 2065 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 2066
wolfSSL 13:f67a6c6013ca 2067 if ((kari->ukmSz > 0) && (kari->ukm == NULL))
wolfSSL 13:f67a6c6013ca 2068 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 2069
wolfSSL 13:f67a6c6013ca 2070 /* kekOctet */
wolfSSL 13:f67a6c6013ca 2071 kekOctetSz = SetOctetString(sizeof(word32), kekOctet);
wolfSSL 13:f67a6c6013ca 2072 sharedInfoSz += (kekOctetSz + sizeof(word32));
wolfSSL 13:f67a6c6013ca 2073
wolfSSL 13:f67a6c6013ca 2074 /* suppPubInfo */
wolfSSL 13:f67a6c6013ca 2075 suppPubInfoSeqSz = SetImplicit(ASN_SEQUENCE, 2,
wolfSSL 13:f67a6c6013ca 2076 kekOctetSz + sizeof(word32),
wolfSSL 13:f67a6c6013ca 2077 suppPubInfoSeq);
wolfSSL 13:f67a6c6013ca 2078 sharedInfoSz += suppPubInfoSeqSz;
wolfSSL 13:f67a6c6013ca 2079
wolfSSL 13:f67a6c6013ca 2080 /* optional ukm/entityInfo */
wolfSSL 13:f67a6c6013ca 2081 if (kari->ukmSz > 0) {
wolfSSL 13:f67a6c6013ca 2082 entityUInfoOctetSz = SetOctetString(kari->ukmSz, entityUInfoOctet);
wolfSSL 13:f67a6c6013ca 2083 sharedInfoSz += (entityUInfoOctetSz + kari->ukmSz);
wolfSSL 13:f67a6c6013ca 2084
wolfSSL 13:f67a6c6013ca 2085 entityUInfoExplicitSz = SetExplicit(0, entityUInfoOctetSz +
wolfSSL 13:f67a6c6013ca 2086 kari->ukmSz,
wolfSSL 13:f67a6c6013ca 2087 entityUInfoExplicitSeq);
wolfSSL 13:f67a6c6013ca 2088 sharedInfoSz += entityUInfoExplicitSz;
wolfSSL 13:f67a6c6013ca 2089 }
wolfSSL 13:f67a6c6013ca 2090
wolfSSL 13:f67a6c6013ca 2091 /* keyInfo */
wolfSSL 13:f67a6c6013ca 2092 keyInfoSz = SetAlgoID(keyWrapOID, keyInfo, oidKeyWrapType, 0);
wolfSSL 13:f67a6c6013ca 2093 sharedInfoSz += keyInfoSz;
wolfSSL 13:f67a6c6013ca 2094
wolfSSL 13:f67a6c6013ca 2095 /* sharedInfo */
wolfSSL 13:f67a6c6013ca 2096 sharedInfoSeqSz = SetSequence(sharedInfoSz, sharedInfoSeq);
wolfSSL 13:f67a6c6013ca 2097 sharedInfoSz += sharedInfoSeqSz;
wolfSSL 13:f67a6c6013ca 2098
wolfSSL 13:f67a6c6013ca 2099 kari->sharedInfo = (byte*)XMALLOC(sharedInfoSz, kari->heap,
wolfSSL 13:f67a6c6013ca 2100 DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 2101 if (kari->sharedInfo == NULL)
wolfSSL 13:f67a6c6013ca 2102 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 2103
wolfSSL 13:f67a6c6013ca 2104 kari->sharedInfoSz = sharedInfoSz;
wolfSSL 13:f67a6c6013ca 2105
wolfSSL 13:f67a6c6013ca 2106 XMEMCPY(kari->sharedInfo + idx, sharedInfoSeq, sharedInfoSeqSz);
wolfSSL 13:f67a6c6013ca 2107 idx += sharedInfoSeqSz;
wolfSSL 13:f67a6c6013ca 2108 XMEMCPY(kari->sharedInfo + idx, keyInfo, keyInfoSz);
wolfSSL 13:f67a6c6013ca 2109 idx += keyInfoSz;
wolfSSL 13:f67a6c6013ca 2110 if (kari->ukmSz > 0) {
wolfSSL 13:f67a6c6013ca 2111 XMEMCPY(kari->sharedInfo + idx, entityUInfoExplicitSeq,
wolfSSL 13:f67a6c6013ca 2112 entityUInfoExplicitSz);
wolfSSL 13:f67a6c6013ca 2113 idx += entityUInfoExplicitSz;
wolfSSL 13:f67a6c6013ca 2114 XMEMCPY(kari->sharedInfo + idx, entityUInfoOctet, entityUInfoOctetSz);
wolfSSL 13:f67a6c6013ca 2115 idx += entityUInfoOctetSz;
wolfSSL 13:f67a6c6013ca 2116 XMEMCPY(kari->sharedInfo + idx, kari->ukm, kari->ukmSz);
wolfSSL 13:f67a6c6013ca 2117 idx += kari->ukmSz;
wolfSSL 13:f67a6c6013ca 2118 }
wolfSSL 13:f67a6c6013ca 2119 XMEMCPY(kari->sharedInfo + idx, suppPubInfoSeq, suppPubInfoSeqSz);
wolfSSL 13:f67a6c6013ca 2120 idx += suppPubInfoSeqSz;
wolfSSL 13:f67a6c6013ca 2121 XMEMCPY(kari->sharedInfo + idx, kekOctet, kekOctetSz);
wolfSSL 13:f67a6c6013ca 2122 idx += kekOctetSz;
wolfSSL 13:f67a6c6013ca 2123
wolfSSL 13:f67a6c6013ca 2124 kekBitSz = (kari->kekSz) * 8; /* convert to bits */
wolfSSL 13:f67a6c6013ca 2125 #ifdef LITTLE_ENDIAN_ORDER
wolfSSL 13:f67a6c6013ca 2126 kekBitSz = ByteReverseWord32(kekBitSz); /* network byte order */
wolfSSL 13:f67a6c6013ca 2127 #endif
wolfSSL 13:f67a6c6013ca 2128 XMEMCPY(kari->sharedInfo + idx, &kekBitSz, sizeof(kekBitSz));
wolfSSL 13:f67a6c6013ca 2129
wolfSSL 13:f67a6c6013ca 2130 return 0;
wolfSSL 13:f67a6c6013ca 2131 }
wolfSSL 13:f67a6c6013ca 2132
wolfSSL 13:f67a6c6013ca 2133
wolfSSL 13:f67a6c6013ca 2134 /* create key encryption key (KEK) using key wrap algorithm and key encryption
wolfSSL 13:f67a6c6013ca 2135 * algorithm, place in kari->kek. return 0 on success, <0 on error. */
wolfSSL 13:f67a6c6013ca 2136 static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari,
wolfSSL 13:f67a6c6013ca 2137 int keyWrapOID, int keyEncOID)
wolfSSL 13:f67a6c6013ca 2138 {
wolfSSL 13:f67a6c6013ca 2139 int ret;
wolfSSL 13:f67a6c6013ca 2140 int kSz;
wolfSSL 13:f67a6c6013ca 2141 enum wc_HashType kdfType;
wolfSSL 13:f67a6c6013ca 2142 byte* secret;
wolfSSL 13:f67a6c6013ca 2143 word32 secretSz;
wolfSSL 13:f67a6c6013ca 2144
wolfSSL 13:f67a6c6013ca 2145 if (kari == NULL || kari->recipKey == NULL ||
wolfSSL 13:f67a6c6013ca 2146 kari->senderKey == NULL || kari->senderKey->dp == NULL)
wolfSSL 13:f67a6c6013ca 2147 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 2148
wolfSSL 13:f67a6c6013ca 2149 /* get KEK size, allocate buff */
wolfSSL 13:f67a6c6013ca 2150 kSz = wc_PKCS7_GetOIDKeySize(keyWrapOID);
wolfSSL 13:f67a6c6013ca 2151 if (kSz < 0)
wolfSSL 13:f67a6c6013ca 2152 return kSz;
wolfSSL 13:f67a6c6013ca 2153
wolfSSL 13:f67a6c6013ca 2154 kari->kek = (byte*)XMALLOC(kSz, kari->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 2155 if (kari->kek == NULL)
wolfSSL 13:f67a6c6013ca 2156 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 2157
wolfSSL 13:f67a6c6013ca 2158 kari->kekSz = (word32)kSz;
wolfSSL 13:f67a6c6013ca 2159
wolfSSL 13:f67a6c6013ca 2160 /* generate ECC-CMS-SharedInfo */
wolfSSL 13:f67a6c6013ca 2161 ret = wc_PKCS7_KariGenerateSharedInfo(kari, keyWrapOID);
wolfSSL 13:f67a6c6013ca 2162 if (ret != 0)
wolfSSL 13:f67a6c6013ca 2163 return ret;
wolfSSL 13:f67a6c6013ca 2164
wolfSSL 13:f67a6c6013ca 2165 /* generate shared secret */
wolfSSL 13:f67a6c6013ca 2166 secretSz = kari->senderKey->dp->size;
wolfSSL 13:f67a6c6013ca 2167 secret = (byte*)XMALLOC(secretSz, kari->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 2168 if (secret == NULL)
wolfSSL 13:f67a6c6013ca 2169 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 2170
wolfSSL 13:f67a6c6013ca 2171 if (kari->direction == WC_PKCS7_ENCODE) {
wolfSSL 13:f67a6c6013ca 2172
wolfSSL 13:f67a6c6013ca 2173 ret = wc_ecc_shared_secret(kari->senderKey, kari->recipKey,
wolfSSL 13:f67a6c6013ca 2174 secret, &secretSz);
wolfSSL 13:f67a6c6013ca 2175
wolfSSL 13:f67a6c6013ca 2176 } else if (kari->direction == WC_PKCS7_DECODE) {
wolfSSL 13:f67a6c6013ca 2177
wolfSSL 13:f67a6c6013ca 2178 ret = wc_ecc_shared_secret(kari->recipKey, kari->senderKey,
wolfSSL 13:f67a6c6013ca 2179 secret, &secretSz);
wolfSSL 13:f67a6c6013ca 2180
wolfSSL 13:f67a6c6013ca 2181 } else {
wolfSSL 13:f67a6c6013ca 2182 /* bad direction */
wolfSSL 13:f67a6c6013ca 2183 XFREE(secret, kari->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 2184 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 2185 }
wolfSSL 13:f67a6c6013ca 2186
wolfSSL 13:f67a6c6013ca 2187 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 2188 XFREE(secret, kari->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 2189 return ret;
wolfSSL 13:f67a6c6013ca 2190 }
wolfSSL 13:f67a6c6013ca 2191
wolfSSL 13:f67a6c6013ca 2192 /* run through KDF */
wolfSSL 13:f67a6c6013ca 2193 switch (keyEncOID) {
wolfSSL 13:f67a6c6013ca 2194
wolfSSL 13:f67a6c6013ca 2195 #ifndef NO_SHA
wolfSSL 13:f67a6c6013ca 2196 case dhSinglePass_stdDH_sha1kdf_scheme:
wolfSSL 13:f67a6c6013ca 2197 kdfType = WC_HASH_TYPE_SHA;
wolfSSL 13:f67a6c6013ca 2198 break;
wolfSSL 13:f67a6c6013ca 2199 #endif
wolfSSL 13:f67a6c6013ca 2200 #ifndef WOLFSSL_SHA224
wolfSSL 13:f67a6c6013ca 2201 case dhSinglePass_stdDH_sha224kdf_scheme:
wolfSSL 13:f67a6c6013ca 2202 kdfType = WC_HASH_TYPE_SHA224;
wolfSSL 13:f67a6c6013ca 2203 break;
wolfSSL 13:f67a6c6013ca 2204 #endif
wolfSSL 13:f67a6c6013ca 2205 #ifndef NO_SHA256
wolfSSL 13:f67a6c6013ca 2206 case dhSinglePass_stdDH_sha256kdf_scheme:
wolfSSL 13:f67a6c6013ca 2207 kdfType = WC_HASH_TYPE_SHA256;
wolfSSL 13:f67a6c6013ca 2208 break;
wolfSSL 13:f67a6c6013ca 2209 #endif
wolfSSL 13:f67a6c6013ca 2210 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 2211 case dhSinglePass_stdDH_sha384kdf_scheme:
wolfSSL 13:f67a6c6013ca 2212 kdfType = WC_HASH_TYPE_SHA384;
wolfSSL 13:f67a6c6013ca 2213 break;
wolfSSL 13:f67a6c6013ca 2214 #endif
wolfSSL 13:f67a6c6013ca 2215 #ifdef WOLFSSL_SHA512
wolfSSL 13:f67a6c6013ca 2216 case dhSinglePass_stdDH_sha512kdf_scheme:
wolfSSL 13:f67a6c6013ca 2217 kdfType = WC_HASH_TYPE_SHA512;
wolfSSL 13:f67a6c6013ca 2218 break;
wolfSSL 13:f67a6c6013ca 2219 #endif
wolfSSL 13:f67a6c6013ca 2220 default:
wolfSSL 13:f67a6c6013ca 2221 WOLFSSL_MSG("Unsupported key agreement algorithm");
wolfSSL 13:f67a6c6013ca 2222 XFREE(secret, kari->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 2223 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 2224 };
wolfSSL 13:f67a6c6013ca 2225
wolfSSL 13:f67a6c6013ca 2226 ret = wc_X963_KDF(kdfType, secret, secretSz, kari->sharedInfo,
wolfSSL 13:f67a6c6013ca 2227 kari->sharedInfoSz, kari->kek, kari->kekSz);
wolfSSL 13:f67a6c6013ca 2228 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 2229 XFREE(secret, kari->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 2230 return ret;
wolfSSL 13:f67a6c6013ca 2231 }
wolfSSL 13:f67a6c6013ca 2232
wolfSSL 13:f67a6c6013ca 2233 XFREE(secret, kari->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 2234
wolfSSL 13:f67a6c6013ca 2235 return 0;
wolfSSL 13:f67a6c6013ca 2236 }
wolfSSL 13:f67a6c6013ca 2237
wolfSSL 13:f67a6c6013ca 2238
wolfSSL 13:f67a6c6013ca 2239 /* create ASN.1 formatted KeyAgreeRecipientInfo (kari) for use with ECDH,
wolfSSL 13:f67a6c6013ca 2240 * return sequence size or negative on error */
wolfSSL 13:f67a6c6013ca 2241 static int wc_CreateKeyAgreeRecipientInfo(PKCS7* pkcs7, const byte* cert,
wolfSSL 13:f67a6c6013ca 2242 word32 certSz, int keyAgreeAlgo, int blockKeySz,
wolfSSL 13:f67a6c6013ca 2243 int keyWrapAlgo, int keyEncAlgo, WC_RNG* rng,
wolfSSL 13:f67a6c6013ca 2244 byte* contentKeyPlain, byte* contentKeyEnc,
wolfSSL 13:f67a6c6013ca 2245 int* keyEncSz, byte* out, word32 outSz)
wolfSSL 13:f67a6c6013ca 2246 {
wolfSSL 13:f67a6c6013ca 2247 int ret = 0, idx = 0;
wolfSSL 13:f67a6c6013ca 2248 int keySz, direction = 0;
wolfSSL 13:f67a6c6013ca 2249
wolfSSL 13:f67a6c6013ca 2250 /* ASN.1 layout */
wolfSSL 13:f67a6c6013ca 2251 int totalSz = 0;
wolfSSL 13:f67a6c6013ca 2252 int kariSeqSz = 0;
wolfSSL 13:f67a6c6013ca 2253 byte kariSeq[MAX_SEQ_SZ]; /* IMPLICIT [1] */
wolfSSL 13:f67a6c6013ca 2254 int verSz = 0;
wolfSSL 13:f67a6c6013ca 2255 byte ver[MAX_VERSION_SZ];
wolfSSL 13:f67a6c6013ca 2256
wolfSSL 13:f67a6c6013ca 2257 int origIdOrKeySeqSz = 0;
wolfSSL 13:f67a6c6013ca 2258 byte origIdOrKeySeq[MAX_SEQ_SZ]; /* IMPLICIT [0] */
wolfSSL 13:f67a6c6013ca 2259 int origPubKeySeqSz = 0;
wolfSSL 13:f67a6c6013ca 2260 byte origPubKeySeq[MAX_SEQ_SZ]; /* IMPLICIT [1] */
wolfSSL 13:f67a6c6013ca 2261 int origAlgIdSz = 0;
wolfSSL 13:f67a6c6013ca 2262 byte origAlgId[MAX_ALGO_SZ];
wolfSSL 13:f67a6c6013ca 2263 int origPubKeyStrSz = 0;
wolfSSL 13:f67a6c6013ca 2264 byte origPubKeyStr[MAX_OCTET_STR_SZ];
wolfSSL 13:f67a6c6013ca 2265
wolfSSL 13:f67a6c6013ca 2266 /* optional user keying material */
wolfSSL 13:f67a6c6013ca 2267 int ukmOctetSz = 0;
wolfSSL 13:f67a6c6013ca 2268 byte ukmOctetStr[MAX_OCTET_STR_SZ];
wolfSSL 13:f67a6c6013ca 2269 int ukmExplicitSz = 0;
wolfSSL 13:f67a6c6013ca 2270 byte ukmExplicitSeq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 2271
wolfSSL 13:f67a6c6013ca 2272 int keyEncryptAlgoIdSz = 0;
wolfSSL 13:f67a6c6013ca 2273 byte keyEncryptAlgoId[MAX_ALGO_SZ];
wolfSSL 13:f67a6c6013ca 2274 int keyWrapAlgSz = 0;
wolfSSL 13:f67a6c6013ca 2275 byte keyWrapAlg[MAX_ALGO_SZ];
wolfSSL 13:f67a6c6013ca 2276
wolfSSL 13:f67a6c6013ca 2277 int recipEncKeysSeqSz = 0;
wolfSSL 13:f67a6c6013ca 2278 byte recipEncKeysSeq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 2279 int recipEncKeySeqSz = 0;
wolfSSL 13:f67a6c6013ca 2280 byte recipEncKeySeq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 2281 int recipKeyIdSeqSz = 0;
wolfSSL 13:f67a6c6013ca 2282 byte recipKeyIdSeq[MAX_SEQ_SZ]; /* IMPLICIT [0] */
wolfSSL 13:f67a6c6013ca 2283 int subjKeyIdOctetSz = 0;
wolfSSL 13:f67a6c6013ca 2284 byte subjKeyIdOctet[MAX_OCTET_STR_SZ];
wolfSSL 13:f67a6c6013ca 2285 int encryptedKeyOctetSz = 0;
wolfSSL 13:f67a6c6013ca 2286 byte encryptedKeyOctet[MAX_OCTET_STR_SZ];
wolfSSL 13:f67a6c6013ca 2287
wolfSSL 13:f67a6c6013ca 2288 WC_PKCS7_KARI* kari;
wolfSSL 13:f67a6c6013ca 2289
wolfSSL 13:f67a6c6013ca 2290 /* only supports ECDSA for now */
wolfSSL 13:f67a6c6013ca 2291 if (keyAgreeAlgo != ECDSAk)
wolfSSL 13:f67a6c6013ca 2292 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 2293
wolfSSL 13:f67a6c6013ca 2294 /* set direction based on keyWrapAlgo */
wolfSSL 13:f67a6c6013ca 2295 switch (keyWrapAlgo) {
wolfSSL 13:f67a6c6013ca 2296 #ifndef NO_AES
wolfSSL 13:f67a6c6013ca 2297 case AES128_WRAP:
wolfSSL 13:f67a6c6013ca 2298 case AES192_WRAP:
wolfSSL 13:f67a6c6013ca 2299 case AES256_WRAP:
wolfSSL 13:f67a6c6013ca 2300 direction = AES_ENCRYPTION;
wolfSSL 13:f67a6c6013ca 2301 break;
wolfSSL 13:f67a6c6013ca 2302 #endif
wolfSSL 13:f67a6c6013ca 2303 default:
wolfSSL 13:f67a6c6013ca 2304 WOLFSSL_MSG("Unsupported key wrap algorithm");
wolfSSL 13:f67a6c6013ca 2305 return BAD_KEYWRAP_ALG_E;
wolfSSL 13:f67a6c6013ca 2306 }
wolfSSL 13:f67a6c6013ca 2307
wolfSSL 13:f67a6c6013ca 2308 kari = wc_PKCS7_KariNew(pkcs7, WC_PKCS7_ENCODE);
wolfSSL 13:f67a6c6013ca 2309 if (kari == NULL)
wolfSSL 13:f67a6c6013ca 2310 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 2311
wolfSSL 13:f67a6c6013ca 2312 /* set user keying material if available */
wolfSSL 13:f67a6c6013ca 2313 if ((pkcs7->ukmSz > 0) && (pkcs7->ukm != NULL)) {
wolfSSL 13:f67a6c6013ca 2314 kari->ukm = pkcs7->ukm;
wolfSSL 13:f67a6c6013ca 2315 kari->ukmSz = pkcs7->ukmSz;
wolfSSL 13:f67a6c6013ca 2316 kari->ukmOwner = 0;
wolfSSL 13:f67a6c6013ca 2317 }
wolfSSL 13:f67a6c6013ca 2318
wolfSSL 13:f67a6c6013ca 2319 /* parse recipient cert, get public key */
wolfSSL 13:f67a6c6013ca 2320 ret = wc_PKCS7_KariParseRecipCert(kari, cert, certSz, NULL, 0);
wolfSSL 13:f67a6c6013ca 2321 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 2322 wc_PKCS7_KariFree(kari);
wolfSSL 13:f67a6c6013ca 2323 return ret;
wolfSSL 13:f67a6c6013ca 2324 }
wolfSSL 13:f67a6c6013ca 2325
wolfSSL 13:f67a6c6013ca 2326 /* generate sender ephemeral ECC key */
wolfSSL 13:f67a6c6013ca 2327 ret = wc_PKCS7_KariGenerateEphemeralKey(kari, rng);
wolfSSL 13:f67a6c6013ca 2328 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 2329 wc_PKCS7_KariFree(kari);
wolfSSL 13:f67a6c6013ca 2330 return ret;
wolfSSL 13:f67a6c6013ca 2331 }
wolfSSL 13:f67a6c6013ca 2332
wolfSSL 13:f67a6c6013ca 2333 /* generate KEK (key encryption key) */
wolfSSL 13:f67a6c6013ca 2334 ret = wc_PKCS7_KariGenerateKEK(kari, keyWrapAlgo, keyEncAlgo);
wolfSSL 13:f67a6c6013ca 2335 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 2336 wc_PKCS7_KariFree(kari);
wolfSSL 13:f67a6c6013ca 2337 return ret;
wolfSSL 13:f67a6c6013ca 2338 }
wolfSSL 13:f67a6c6013ca 2339
wolfSSL 13:f67a6c6013ca 2340 /* encrypt CEK with KEK */
wolfSSL 13:f67a6c6013ca 2341 keySz = wc_PKCS7_KariKeyWrap(contentKeyPlain, blockKeySz, kari->kek,
wolfSSL 13:f67a6c6013ca 2342 kari->kekSz, contentKeyEnc, *keyEncSz, keyWrapAlgo,
wolfSSL 13:f67a6c6013ca 2343 direction);
wolfSSL 13:f67a6c6013ca 2344 if (keySz <= 0) {
wolfSSL 13:f67a6c6013ca 2345 wc_PKCS7_KariFree(kari);
wolfSSL 13:f67a6c6013ca 2346 return ret;
wolfSSL 13:f67a6c6013ca 2347 }
wolfSSL 13:f67a6c6013ca 2348 *keyEncSz = (word32)keySz;
wolfSSL 13:f67a6c6013ca 2349
wolfSSL 13:f67a6c6013ca 2350 /* Start of RecipientEncryptedKeys */
wolfSSL 13:f67a6c6013ca 2351
wolfSSL 13:f67a6c6013ca 2352 /* EncryptedKey */
wolfSSL 13:f67a6c6013ca 2353 encryptedKeyOctetSz = SetOctetString(*keyEncSz, encryptedKeyOctet);
wolfSSL 13:f67a6c6013ca 2354 totalSz += (encryptedKeyOctetSz + *keyEncSz);
wolfSSL 13:f67a6c6013ca 2355
wolfSSL 13:f67a6c6013ca 2356 /* SubjectKeyIdentifier */
wolfSSL 13:f67a6c6013ca 2357 subjKeyIdOctetSz = SetOctetString(KEYID_SIZE, subjKeyIdOctet);
wolfSSL 13:f67a6c6013ca 2358 totalSz += (subjKeyIdOctetSz + KEYID_SIZE);
wolfSSL 13:f67a6c6013ca 2359
wolfSSL 13:f67a6c6013ca 2360 /* RecipientKeyIdentifier IMPLICIT [0] */
wolfSSL 13:f67a6c6013ca 2361 recipKeyIdSeqSz = SetImplicit(ASN_SEQUENCE, 0, subjKeyIdOctetSz +
wolfSSL 13:f67a6c6013ca 2362 KEYID_SIZE, recipKeyIdSeq);
wolfSSL 13:f67a6c6013ca 2363 totalSz += recipKeyIdSeqSz;
wolfSSL 13:f67a6c6013ca 2364
wolfSSL 13:f67a6c6013ca 2365 /* RecipientEncryptedKey */
wolfSSL 13:f67a6c6013ca 2366 recipEncKeySeqSz = SetSequence(totalSz, recipEncKeySeq);
wolfSSL 13:f67a6c6013ca 2367 totalSz += recipEncKeySeqSz;
wolfSSL 13:f67a6c6013ca 2368
wolfSSL 13:f67a6c6013ca 2369 /* RecipientEncryptedKeys */
wolfSSL 13:f67a6c6013ca 2370 recipEncKeysSeqSz = SetSequence(totalSz, recipEncKeysSeq);
wolfSSL 13:f67a6c6013ca 2371 totalSz += recipEncKeysSeqSz;
wolfSSL 13:f67a6c6013ca 2372
wolfSSL 13:f67a6c6013ca 2373 /* Start of optional UserKeyingMaterial */
wolfSSL 13:f67a6c6013ca 2374
wolfSSL 13:f67a6c6013ca 2375 if (kari->ukmSz > 0) {
wolfSSL 13:f67a6c6013ca 2376 ukmOctetSz = SetOctetString(kari->ukmSz, ukmOctetStr);
wolfSSL 13:f67a6c6013ca 2377 totalSz += (ukmOctetSz + kari->ukmSz);
wolfSSL 13:f67a6c6013ca 2378
wolfSSL 13:f67a6c6013ca 2379 ukmExplicitSz = SetExplicit(1, ukmOctetSz + kari->ukmSz,
wolfSSL 13:f67a6c6013ca 2380 ukmExplicitSeq);
wolfSSL 13:f67a6c6013ca 2381 totalSz += ukmExplicitSz;
wolfSSL 13:f67a6c6013ca 2382 }
wolfSSL 13:f67a6c6013ca 2383
wolfSSL 13:f67a6c6013ca 2384 /* Start of KeyEncryptionAlgorithmIdentifier */
wolfSSL 13:f67a6c6013ca 2385
wolfSSL 13:f67a6c6013ca 2386 /* KeyWrapAlgorithm */
wolfSSL 13:f67a6c6013ca 2387 keyWrapAlgSz = SetAlgoID(keyWrapAlgo, keyWrapAlg, oidKeyWrapType, 0);
wolfSSL 13:f67a6c6013ca 2388 totalSz += keyWrapAlgSz;
wolfSSL 13:f67a6c6013ca 2389
wolfSSL 13:f67a6c6013ca 2390 /* KeyEncryptionAlgorithmIdentifier */
wolfSSL 13:f67a6c6013ca 2391 keyEncryptAlgoIdSz = SetAlgoID(keyEncAlgo, keyEncryptAlgoId,
wolfSSL 13:f67a6c6013ca 2392 oidCmsKeyAgreeType, keyWrapAlgSz);
wolfSSL 13:f67a6c6013ca 2393 totalSz += keyEncryptAlgoIdSz;
wolfSSL 13:f67a6c6013ca 2394
wolfSSL 13:f67a6c6013ca 2395 /* Start of OriginatorIdentifierOrKey */
wolfSSL 13:f67a6c6013ca 2396
wolfSSL 13:f67a6c6013ca 2397 /* recipient ECPoint, public key */
wolfSSL 13:f67a6c6013ca 2398 XMEMSET(origPubKeyStr, 0, sizeof(origPubKeyStr)); /* no unused bits */
wolfSSL 13:f67a6c6013ca 2399 origPubKeyStr[0] = ASN_BIT_STRING;
wolfSSL 13:f67a6c6013ca 2400 origPubKeyStrSz = SetLength(kari->senderKeyExportSz + 1,
wolfSSL 13:f67a6c6013ca 2401 origPubKeyStr + 1) + 2;
wolfSSL 13:f67a6c6013ca 2402 totalSz += (origPubKeyStrSz + kari->senderKeyExportSz);
wolfSSL 13:f67a6c6013ca 2403
wolfSSL 13:f67a6c6013ca 2404 /* Originator AlgorithmIdentifier */
wolfSSL 13:f67a6c6013ca 2405 origAlgIdSz = SetAlgoID(ECDSAk, origAlgId, oidKeyType, 0);
wolfSSL 13:f67a6c6013ca 2406 totalSz += origAlgIdSz;
wolfSSL 13:f67a6c6013ca 2407
wolfSSL 13:f67a6c6013ca 2408 /* outer OriginatorPublicKey IMPLICIT [1] */
wolfSSL 13:f67a6c6013ca 2409 origPubKeySeqSz = SetImplicit(ASN_SEQUENCE, 1,
wolfSSL 13:f67a6c6013ca 2410 origAlgIdSz + origPubKeyStrSz +
wolfSSL 13:f67a6c6013ca 2411 kari->senderKeyExportSz, origPubKeySeq);
wolfSSL 13:f67a6c6013ca 2412 totalSz += origPubKeySeqSz;
wolfSSL 13:f67a6c6013ca 2413
wolfSSL 13:f67a6c6013ca 2414 /* outer OriginatorIdentiferOrKey IMPLICIT [0] */
wolfSSL 13:f67a6c6013ca 2415 origIdOrKeySeqSz = SetImplicit(ASN_SEQUENCE, 0,
wolfSSL 13:f67a6c6013ca 2416 origPubKeySeqSz + origAlgIdSz +
wolfSSL 13:f67a6c6013ca 2417 origPubKeyStrSz + kari->senderKeyExportSz,
wolfSSL 13:f67a6c6013ca 2418 origIdOrKeySeq);
wolfSSL 13:f67a6c6013ca 2419 totalSz += origIdOrKeySeqSz;
wolfSSL 13:f67a6c6013ca 2420
wolfSSL 13:f67a6c6013ca 2421 /* version, always 3 */
wolfSSL 13:f67a6c6013ca 2422 verSz = SetMyVersion(3, ver, 0);
wolfSSL 13:f67a6c6013ca 2423 totalSz += verSz;
wolfSSL 13:f67a6c6013ca 2424
wolfSSL 13:f67a6c6013ca 2425 /* outer IMPLICIT [1] kari */
wolfSSL 13:f67a6c6013ca 2426 kariSeqSz = SetImplicit(ASN_SEQUENCE, 1, totalSz, kariSeq);
wolfSSL 13:f67a6c6013ca 2427 totalSz += kariSeqSz;
wolfSSL 13:f67a6c6013ca 2428
wolfSSL 13:f67a6c6013ca 2429 if ((word32)totalSz > outSz) {
wolfSSL 13:f67a6c6013ca 2430 WOLFSSL_MSG("KeyAgreeRecipientInfo output buffer too small");
wolfSSL 13:f67a6c6013ca 2431 wc_PKCS7_KariFree(kari);
wolfSSL 13:f67a6c6013ca 2432
wolfSSL 13:f67a6c6013ca 2433 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 2434 }
wolfSSL 13:f67a6c6013ca 2435
wolfSSL 13:f67a6c6013ca 2436 XMEMCPY(out + idx, kariSeq, kariSeqSz);
wolfSSL 13:f67a6c6013ca 2437 idx += kariSeqSz;
wolfSSL 13:f67a6c6013ca 2438 XMEMCPY(out + idx, ver, verSz);
wolfSSL 13:f67a6c6013ca 2439 idx += verSz;
wolfSSL 13:f67a6c6013ca 2440
wolfSSL 13:f67a6c6013ca 2441 XMEMCPY(out + idx, origIdOrKeySeq, origIdOrKeySeqSz);
wolfSSL 13:f67a6c6013ca 2442 idx += origIdOrKeySeqSz;
wolfSSL 13:f67a6c6013ca 2443 XMEMCPY(out + idx, origPubKeySeq, origPubKeySeqSz);
wolfSSL 13:f67a6c6013ca 2444 idx += origPubKeySeqSz;
wolfSSL 13:f67a6c6013ca 2445 XMEMCPY(out + idx, origAlgId, origAlgIdSz);
wolfSSL 13:f67a6c6013ca 2446 idx += origAlgIdSz;
wolfSSL 13:f67a6c6013ca 2447 XMEMCPY(out + idx, origPubKeyStr, origPubKeyStrSz);
wolfSSL 13:f67a6c6013ca 2448 idx += origPubKeyStrSz;
wolfSSL 13:f67a6c6013ca 2449 /* ephemeral public key */
wolfSSL 13:f67a6c6013ca 2450 XMEMCPY(out + idx, kari->senderKeyExport, kari->senderKeyExportSz);
wolfSSL 13:f67a6c6013ca 2451 idx += kari->senderKeyExportSz;
wolfSSL 13:f67a6c6013ca 2452
wolfSSL 13:f67a6c6013ca 2453 if (kari->ukmSz > 0) {
wolfSSL 13:f67a6c6013ca 2454 XMEMCPY(out + idx, ukmExplicitSeq, ukmExplicitSz);
wolfSSL 13:f67a6c6013ca 2455 idx += ukmExplicitSz;
wolfSSL 13:f67a6c6013ca 2456 XMEMCPY(out + idx, ukmOctetStr, ukmOctetSz);
wolfSSL 13:f67a6c6013ca 2457 idx += ukmOctetSz;
wolfSSL 13:f67a6c6013ca 2458 XMEMCPY(out + idx, kari->ukm, kari->ukmSz);
wolfSSL 13:f67a6c6013ca 2459 idx += kari->ukmSz;
wolfSSL 13:f67a6c6013ca 2460 }
wolfSSL 13:f67a6c6013ca 2461
wolfSSL 13:f67a6c6013ca 2462 XMEMCPY(out + idx, keyEncryptAlgoId, keyEncryptAlgoIdSz);
wolfSSL 13:f67a6c6013ca 2463 idx += keyEncryptAlgoIdSz;
wolfSSL 13:f67a6c6013ca 2464 XMEMCPY(out + idx, keyWrapAlg, keyWrapAlgSz);
wolfSSL 13:f67a6c6013ca 2465 idx += keyWrapAlgSz;
wolfSSL 13:f67a6c6013ca 2466
wolfSSL 13:f67a6c6013ca 2467 XMEMCPY(out + idx, recipEncKeysSeq, recipEncKeysSeqSz);
wolfSSL 13:f67a6c6013ca 2468 idx += recipEncKeysSeqSz;
wolfSSL 13:f67a6c6013ca 2469 XMEMCPY(out + idx, recipEncKeySeq, recipEncKeySeqSz);
wolfSSL 13:f67a6c6013ca 2470 idx += recipEncKeySeqSz;
wolfSSL 13:f67a6c6013ca 2471 XMEMCPY(out + idx, recipKeyIdSeq, recipKeyIdSeqSz);
wolfSSL 13:f67a6c6013ca 2472 idx += recipKeyIdSeqSz;
wolfSSL 13:f67a6c6013ca 2473 XMEMCPY(out + idx, subjKeyIdOctet, subjKeyIdOctetSz);
wolfSSL 13:f67a6c6013ca 2474 idx += subjKeyIdOctetSz;
wolfSSL 13:f67a6c6013ca 2475 /* subject key id */
wolfSSL 13:f67a6c6013ca 2476 XMEMCPY(out + idx, kari->decoded->extSubjKeyId, KEYID_SIZE);
wolfSSL 13:f67a6c6013ca 2477 idx += KEYID_SIZE;
wolfSSL 13:f67a6c6013ca 2478 XMEMCPY(out + idx, encryptedKeyOctet, encryptedKeyOctetSz);
wolfSSL 13:f67a6c6013ca 2479 idx += encryptedKeyOctetSz;
wolfSSL 13:f67a6c6013ca 2480 /* encrypted CEK */
wolfSSL 13:f67a6c6013ca 2481 XMEMCPY(out + idx, contentKeyEnc, *keyEncSz);
wolfSSL 13:f67a6c6013ca 2482 idx += *keyEncSz;
wolfSSL 13:f67a6c6013ca 2483
wolfSSL 13:f67a6c6013ca 2484 wc_PKCS7_KariFree(kari);
wolfSSL 13:f67a6c6013ca 2485
wolfSSL 13:f67a6c6013ca 2486 return idx;
wolfSSL 13:f67a6c6013ca 2487 }
wolfSSL 13:f67a6c6013ca 2488
wolfSSL 13:f67a6c6013ca 2489 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 2490
wolfSSL 13:f67a6c6013ca 2491
wolfSSL 13:f67a6c6013ca 2492 /* create ASN.1 formatted RecipientInfo structure, returns sequence size */
wolfSSL 13:f67a6c6013ca 2493 static int wc_CreateRecipientInfo(const byte* cert, word32 certSz,
wolfSSL 13:f67a6c6013ca 2494 int keyEncAlgo, int blockKeySz,
wolfSSL 13:f67a6c6013ca 2495 WC_RNG* rng, byte* contentKeyPlain,
wolfSSL 13:f67a6c6013ca 2496 byte* contentKeyEnc, int* keyEncSz,
wolfSSL 13:f67a6c6013ca 2497 byte* out, word32 outSz, void* heap)
wolfSSL 13:f67a6c6013ca 2498 {
wolfSSL 13:f67a6c6013ca 2499 word32 idx = 0;
wolfSSL 13:f67a6c6013ca 2500 int ret = 0, totalSz = 0;
wolfSSL 13:f67a6c6013ca 2501 int verSz, issuerSz, snSz, keyEncAlgSz;
wolfSSL 13:f67a6c6013ca 2502 int issuerSeqSz, recipSeqSz, issuerSerialSeqSz;
wolfSSL 13:f67a6c6013ca 2503 int encKeyOctetStrSz;
wolfSSL 13:f67a6c6013ca 2504
wolfSSL 13:f67a6c6013ca 2505 byte ver[MAX_VERSION_SZ];
wolfSSL 13:f67a6c6013ca 2506 byte issuerSerialSeq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 2507 byte recipSeq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 2508 byte issuerSeq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 2509 byte encKeyOctetStr[MAX_OCTET_STR_SZ];
wolfSSL 13:f67a6c6013ca 2510
wolfSSL 13:f67a6c6013ca 2511 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 2512 byte *serial;
wolfSSL 13:f67a6c6013ca 2513 byte *keyAlgArray;
wolfSSL 13:f67a6c6013ca 2514
wolfSSL 13:f67a6c6013ca 2515 RsaKey* pubKey;
wolfSSL 13:f67a6c6013ca 2516 DecodedCert* decoded;
wolfSSL 13:f67a6c6013ca 2517
wolfSSL 13:f67a6c6013ca 2518 serial = (byte*)XMALLOC(MAX_SN_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2519 keyAlgArray = (byte*)XMALLOC(MAX_SN_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2520 decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 13:f67a6c6013ca 2521 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2522
wolfSSL 13:f67a6c6013ca 2523 if (decoded == NULL || serial == NULL || keyAlgArray == NULL) {
wolfSSL 13:f67a6c6013ca 2524 if (serial) XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2525 if (keyAlgArray) XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2526 if (decoded) XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2527 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 2528 }
wolfSSL 13:f67a6c6013ca 2529
wolfSSL 13:f67a6c6013ca 2530 #else
wolfSSL 13:f67a6c6013ca 2531 byte serial[MAX_SN_SZ];
wolfSSL 13:f67a6c6013ca 2532 byte keyAlgArray[MAX_ALGO_SZ];
wolfSSL 13:f67a6c6013ca 2533
wolfSSL 13:f67a6c6013ca 2534 RsaKey stack_pubKey;
wolfSSL 13:f67a6c6013ca 2535 RsaKey* pubKey = &stack_pubKey;
wolfSSL 13:f67a6c6013ca 2536 DecodedCert stack_decoded;
wolfSSL 13:f67a6c6013ca 2537 DecodedCert* decoded = &stack_decoded;
wolfSSL 13:f67a6c6013ca 2538 #endif
wolfSSL 13:f67a6c6013ca 2539
wolfSSL 13:f67a6c6013ca 2540 InitDecodedCert(decoded, (byte*)cert, certSz, heap);
wolfSSL 13:f67a6c6013ca 2541 ret = ParseCert(decoded, CA_TYPE, NO_VERIFY, 0);
wolfSSL 13:f67a6c6013ca 2542 if (ret < 0) {
wolfSSL 13:f67a6c6013ca 2543 FreeDecodedCert(decoded);
wolfSSL 13:f67a6c6013ca 2544 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 2545 XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2546 XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2547 XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2548 #endif
wolfSSL 13:f67a6c6013ca 2549 return ret;
wolfSSL 13:f67a6c6013ca 2550 }
wolfSSL 13:f67a6c6013ca 2551
wolfSSL 13:f67a6c6013ca 2552 /* version */
wolfSSL 13:f67a6c6013ca 2553 verSz = SetMyVersion(0, ver, 0);
wolfSSL 13:f67a6c6013ca 2554
wolfSSL 13:f67a6c6013ca 2555 /* IssuerAndSerialNumber */
wolfSSL 13:f67a6c6013ca 2556 if (decoded->issuerRaw == NULL || decoded->issuerRawLen == 0) {
wolfSSL 13:f67a6c6013ca 2557 WOLFSSL_MSG("DecodedCert lacks raw issuer pointer and length");
wolfSSL 13:f67a6c6013ca 2558 FreeDecodedCert(decoded);
wolfSSL 13:f67a6c6013ca 2559 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 2560 XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2561 XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2562 XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2563 #endif
wolfSSL 13:f67a6c6013ca 2564 return -1;
wolfSSL 13:f67a6c6013ca 2565 }
wolfSSL 13:f67a6c6013ca 2566 issuerSz = decoded->issuerRawLen;
wolfSSL 13:f67a6c6013ca 2567 issuerSeqSz = SetSequence(issuerSz, issuerSeq);
wolfSSL 13:f67a6c6013ca 2568
wolfSSL 13:f67a6c6013ca 2569 if (decoded->serialSz == 0) {
wolfSSL 13:f67a6c6013ca 2570 WOLFSSL_MSG("DecodedCert missing serial number");
wolfSSL 13:f67a6c6013ca 2571 FreeDecodedCert(decoded);
wolfSSL 13:f67a6c6013ca 2572 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 2573 XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2574 XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2575 XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2576 #endif
wolfSSL 13:f67a6c6013ca 2577 return -1;
wolfSSL 13:f67a6c6013ca 2578 }
wolfSSL 13:f67a6c6013ca 2579 snSz = SetSerialNumber(decoded->serial, decoded->serialSz, serial);
wolfSSL 13:f67a6c6013ca 2580
wolfSSL 13:f67a6c6013ca 2581 issuerSerialSeqSz = SetSequence(issuerSeqSz + issuerSz + snSz,
wolfSSL 13:f67a6c6013ca 2582 issuerSerialSeq);
wolfSSL 13:f67a6c6013ca 2583
wolfSSL 13:f67a6c6013ca 2584 /* KeyEncryptionAlgorithmIdentifier, only support RSA now */
wolfSSL 13:f67a6c6013ca 2585 if (keyEncAlgo != RSAk) {
wolfSSL 13:f67a6c6013ca 2586 FreeDecodedCert(decoded);
wolfSSL 13:f67a6c6013ca 2587 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 2588 XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2589 XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2590 XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2591 #endif
wolfSSL 13:f67a6c6013ca 2592 return ALGO_ID_E;
wolfSSL 13:f67a6c6013ca 2593 }
wolfSSL 13:f67a6c6013ca 2594
wolfSSL 13:f67a6c6013ca 2595 keyEncAlgSz = SetAlgoID(keyEncAlgo, keyAlgArray, oidKeyType, 0);
wolfSSL 13:f67a6c6013ca 2596 if (keyEncAlgSz == 0) {
wolfSSL 13:f67a6c6013ca 2597 FreeDecodedCert(decoded);
wolfSSL 13:f67a6c6013ca 2598 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 2599 XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2600 XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2601 XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2602 #endif
wolfSSL 13:f67a6c6013ca 2603 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 2604 }
wolfSSL 13:f67a6c6013ca 2605
wolfSSL 13:f67a6c6013ca 2606 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 2607 pubKey = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2608 if (pubKey == NULL) {
wolfSSL 13:f67a6c6013ca 2609 FreeDecodedCert(decoded);
wolfSSL 13:f67a6c6013ca 2610 XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2611 XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2612 XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2613 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 2614 }
wolfSSL 13:f67a6c6013ca 2615 #endif
wolfSSL 13:f67a6c6013ca 2616
wolfSSL 13:f67a6c6013ca 2617 /* EncryptedKey */
wolfSSL 13:f67a6c6013ca 2618 ret = wc_InitRsaKey(pubKey, 0);
wolfSSL 13:f67a6c6013ca 2619 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 2620 FreeDecodedCert(decoded);
wolfSSL 13:f67a6c6013ca 2621 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 2622 XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2623 XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2624 XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2625 XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2626 #endif
wolfSSL 13:f67a6c6013ca 2627 return ret;
wolfSSL 13:f67a6c6013ca 2628 }
wolfSSL 13:f67a6c6013ca 2629
wolfSSL 13:f67a6c6013ca 2630 if (wc_RsaPublicKeyDecode(decoded->publicKey, &idx, pubKey,
wolfSSL 13:f67a6c6013ca 2631 decoded->pubKeySize) < 0) {
wolfSSL 13:f67a6c6013ca 2632 WOLFSSL_MSG("ASN RSA key decode error");
wolfSSL 13:f67a6c6013ca 2633 wc_FreeRsaKey(pubKey);
wolfSSL 13:f67a6c6013ca 2634 FreeDecodedCert(decoded);
wolfSSL 13:f67a6c6013ca 2635 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 2636 XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2637 XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2638 XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2639 XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2640 #endif
wolfSSL 13:f67a6c6013ca 2641 return PUBLIC_KEY_E;
wolfSSL 13:f67a6c6013ca 2642 }
wolfSSL 13:f67a6c6013ca 2643
wolfSSL 13:f67a6c6013ca 2644 *keyEncSz = wc_RsaPublicEncrypt(contentKeyPlain, blockKeySz, contentKeyEnc,
wolfSSL 13:f67a6c6013ca 2645 MAX_ENCRYPTED_KEY_SZ, pubKey, rng);
wolfSSL 13:f67a6c6013ca 2646 wc_FreeRsaKey(pubKey);
wolfSSL 13:f67a6c6013ca 2647
wolfSSL 13:f67a6c6013ca 2648 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 2649 XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2650 #endif
wolfSSL 13:f67a6c6013ca 2651
wolfSSL 13:f67a6c6013ca 2652 if (*keyEncSz < 0) {
wolfSSL 13:f67a6c6013ca 2653 WOLFSSL_MSG("RSA Public Encrypt failed");
wolfSSL 13:f67a6c6013ca 2654 FreeDecodedCert(decoded);
wolfSSL 13:f67a6c6013ca 2655 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 2656 XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2657 XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2658 XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2659 #endif
wolfSSL 13:f67a6c6013ca 2660 return *keyEncSz;
wolfSSL 13:f67a6c6013ca 2661 }
wolfSSL 13:f67a6c6013ca 2662
wolfSSL 13:f67a6c6013ca 2663 encKeyOctetStrSz = SetOctetString(*keyEncSz, encKeyOctetStr);
wolfSSL 13:f67a6c6013ca 2664
wolfSSL 13:f67a6c6013ca 2665 /* RecipientInfo */
wolfSSL 13:f67a6c6013ca 2666 recipSeqSz = SetSequence(verSz + issuerSerialSeqSz + issuerSeqSz +
wolfSSL 13:f67a6c6013ca 2667 issuerSz + snSz + keyEncAlgSz + encKeyOctetStrSz +
wolfSSL 13:f67a6c6013ca 2668 *keyEncSz, recipSeq);
wolfSSL 13:f67a6c6013ca 2669
wolfSSL 13:f67a6c6013ca 2670 if (recipSeqSz + verSz + issuerSerialSeqSz + issuerSeqSz + snSz +
wolfSSL 13:f67a6c6013ca 2671 keyEncAlgSz + encKeyOctetStrSz + *keyEncSz > (int)outSz) {
wolfSSL 13:f67a6c6013ca 2672 WOLFSSL_MSG("RecipientInfo output buffer too small");
wolfSSL 13:f67a6c6013ca 2673 FreeDecodedCert(decoded);
wolfSSL 13:f67a6c6013ca 2674 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 2675 XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2676 XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2677 XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2678 #endif
wolfSSL 13:f67a6c6013ca 2679 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 2680 }
wolfSSL 13:f67a6c6013ca 2681
wolfSSL 13:f67a6c6013ca 2682 XMEMCPY(out + totalSz, recipSeq, recipSeqSz);
wolfSSL 13:f67a6c6013ca 2683 totalSz += recipSeqSz;
wolfSSL 13:f67a6c6013ca 2684 XMEMCPY(out + totalSz, ver, verSz);
wolfSSL 13:f67a6c6013ca 2685 totalSz += verSz;
wolfSSL 13:f67a6c6013ca 2686 XMEMCPY(out + totalSz, issuerSerialSeq, issuerSerialSeqSz);
wolfSSL 13:f67a6c6013ca 2687 totalSz += issuerSerialSeqSz;
wolfSSL 13:f67a6c6013ca 2688 XMEMCPY(out + totalSz, issuerSeq, issuerSeqSz);
wolfSSL 13:f67a6c6013ca 2689 totalSz += issuerSeqSz;
wolfSSL 13:f67a6c6013ca 2690 XMEMCPY(out + totalSz, decoded->issuerRaw, issuerSz);
wolfSSL 13:f67a6c6013ca 2691 totalSz += issuerSz;
wolfSSL 13:f67a6c6013ca 2692 XMEMCPY(out + totalSz, serial, snSz);
wolfSSL 13:f67a6c6013ca 2693 totalSz += snSz;
wolfSSL 13:f67a6c6013ca 2694 XMEMCPY(out + totalSz, keyAlgArray, keyEncAlgSz);
wolfSSL 13:f67a6c6013ca 2695 totalSz += keyEncAlgSz;
wolfSSL 13:f67a6c6013ca 2696 XMEMCPY(out + totalSz, encKeyOctetStr, encKeyOctetStrSz);
wolfSSL 13:f67a6c6013ca 2697 totalSz += encKeyOctetStrSz;
wolfSSL 13:f67a6c6013ca 2698 XMEMCPY(out + totalSz, contentKeyEnc, *keyEncSz);
wolfSSL 13:f67a6c6013ca 2699 totalSz += *keyEncSz;
wolfSSL 13:f67a6c6013ca 2700
wolfSSL 13:f67a6c6013ca 2701 FreeDecodedCert(decoded);
wolfSSL 13:f67a6c6013ca 2702
wolfSSL 13:f67a6c6013ca 2703 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 2704 XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2705 XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2706 XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 2707 #endif
wolfSSL 13:f67a6c6013ca 2708
wolfSSL 13:f67a6c6013ca 2709 return totalSz;
wolfSSL 13:f67a6c6013ca 2710 }
wolfSSL 13:f67a6c6013ca 2711
wolfSSL 13:f67a6c6013ca 2712
wolfSSL 13:f67a6c6013ca 2713 /* encrypt content using encryptOID algo */
wolfSSL 13:f67a6c6013ca 2714 static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
wolfSSL 13:f67a6c6013ca 2715 byte* iv, int ivSz, byte* in, int inSz,
wolfSSL 13:f67a6c6013ca 2716 byte* out)
wolfSSL 13:f67a6c6013ca 2717 {
wolfSSL 13:f67a6c6013ca 2718 int ret;
wolfSSL 13:f67a6c6013ca 2719 #ifndef NO_AES
wolfSSL 13:f67a6c6013ca 2720 Aes aes;
wolfSSL 13:f67a6c6013ca 2721 #endif
wolfSSL 13:f67a6c6013ca 2722 #ifndef NO_DES3
wolfSSL 13:f67a6c6013ca 2723 Des des;
wolfSSL 13:f67a6c6013ca 2724 Des3 des3;
wolfSSL 13:f67a6c6013ca 2725 #endif
wolfSSL 13:f67a6c6013ca 2726
wolfSSL 13:f67a6c6013ca 2727 if (key == NULL || iv == NULL || in == NULL || out == NULL)
wolfSSL 13:f67a6c6013ca 2728 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 2729
wolfSSL 13:f67a6c6013ca 2730 switch (encryptOID) {
wolfSSL 13:f67a6c6013ca 2731 #ifndef NO_AES
wolfSSL 13:f67a6c6013ca 2732 case AES128CBCb:
wolfSSL 13:f67a6c6013ca 2733 case AES192CBCb:
wolfSSL 13:f67a6c6013ca 2734 case AES256CBCb:
wolfSSL 13:f67a6c6013ca 2735 if ( (encryptOID == AES128CBCb && keySz != 16 ) ||
wolfSSL 13:f67a6c6013ca 2736 (encryptOID == AES192CBCb && keySz != 24 ) ||
wolfSSL 13:f67a6c6013ca 2737 (encryptOID == AES256CBCb && keySz != 32 ) ||
wolfSSL 13:f67a6c6013ca 2738 (ivSz != AES_BLOCK_SIZE) )
wolfSSL 13:f67a6c6013ca 2739 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 2740
wolfSSL 13:f67a6c6013ca 2741 ret = wc_AesSetKey(&aes, key, keySz, iv, AES_ENCRYPTION);
wolfSSL 13:f67a6c6013ca 2742 if (ret == 0)
wolfSSL 13:f67a6c6013ca 2743 ret = wc_AesCbcEncrypt(&aes, out, in, inSz);
wolfSSL 13:f67a6c6013ca 2744
wolfSSL 13:f67a6c6013ca 2745 break;
wolfSSL 13:f67a6c6013ca 2746 #endif
wolfSSL 13:f67a6c6013ca 2747 #ifndef NO_DES3
wolfSSL 13:f67a6c6013ca 2748 case DESb:
wolfSSL 13:f67a6c6013ca 2749 if (keySz != DES_KEYLEN || ivSz != DES_BLOCK_SIZE)
wolfSSL 13:f67a6c6013ca 2750 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 2751
wolfSSL 13:f67a6c6013ca 2752 ret = wc_Des_SetKey(&des, key, iv, DES_ENCRYPTION);
wolfSSL 13:f67a6c6013ca 2753 if (ret == 0)
wolfSSL 13:f67a6c6013ca 2754 ret = wc_Des_CbcEncrypt(&des, out, in, inSz);
wolfSSL 13:f67a6c6013ca 2755
wolfSSL 13:f67a6c6013ca 2756 break;
wolfSSL 13:f67a6c6013ca 2757
wolfSSL 13:f67a6c6013ca 2758 case DES3b:
wolfSSL 13:f67a6c6013ca 2759 if (keySz != DES3_KEYLEN || ivSz != DES_BLOCK_SIZE)
wolfSSL 13:f67a6c6013ca 2760 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 2761
wolfSSL 13:f67a6c6013ca 2762 ret = wc_Des3_SetKey(&des3, key, iv, DES_ENCRYPTION);
wolfSSL 13:f67a6c6013ca 2763 if (ret == 0)
wolfSSL 13:f67a6c6013ca 2764 ret = wc_Des3_CbcEncrypt(&des3, out, in, inSz);
wolfSSL 13:f67a6c6013ca 2765
wolfSSL 13:f67a6c6013ca 2766 break;
wolfSSL 13:f67a6c6013ca 2767 #endif
wolfSSL 13:f67a6c6013ca 2768 default:
wolfSSL 13:f67a6c6013ca 2769 WOLFSSL_MSG("Unsupported content cipher type");
wolfSSL 13:f67a6c6013ca 2770 return ALGO_ID_E;
wolfSSL 13:f67a6c6013ca 2771 };
wolfSSL 13:f67a6c6013ca 2772
wolfSSL 13:f67a6c6013ca 2773 return ret;
wolfSSL 13:f67a6c6013ca 2774 }
wolfSSL 13:f67a6c6013ca 2775
wolfSSL 13:f67a6c6013ca 2776
wolfSSL 13:f67a6c6013ca 2777 /* decrypt content using encryptOID algo */
wolfSSL 13:f67a6c6013ca 2778 static int wc_PKCS7_DecryptContent(int encryptOID, byte* key, int keySz,
wolfSSL 13:f67a6c6013ca 2779 byte* iv, int ivSz, byte* in, int inSz,
wolfSSL 13:f67a6c6013ca 2780 byte* out)
wolfSSL 13:f67a6c6013ca 2781 {
wolfSSL 13:f67a6c6013ca 2782 int ret;
wolfSSL 13:f67a6c6013ca 2783 #ifndef NO_AES
wolfSSL 13:f67a6c6013ca 2784 Aes aes;
wolfSSL 13:f67a6c6013ca 2785 #endif
wolfSSL 13:f67a6c6013ca 2786 #ifndef NO_DES3
wolfSSL 13:f67a6c6013ca 2787 Des des;
wolfSSL 13:f67a6c6013ca 2788 Des3 des3;
wolfSSL 13:f67a6c6013ca 2789 #endif
wolfSSL 13:f67a6c6013ca 2790
wolfSSL 13:f67a6c6013ca 2791 if (key == NULL || iv == NULL || in == NULL || out == NULL)
wolfSSL 13:f67a6c6013ca 2792 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 2793
wolfSSL 13:f67a6c6013ca 2794 switch (encryptOID) {
wolfSSL 13:f67a6c6013ca 2795 #ifndef NO_AES
wolfSSL 13:f67a6c6013ca 2796 case AES128CBCb:
wolfSSL 13:f67a6c6013ca 2797 case AES192CBCb:
wolfSSL 13:f67a6c6013ca 2798 case AES256CBCb:
wolfSSL 13:f67a6c6013ca 2799 if ( (encryptOID == AES128CBCb && keySz != 16 ) ||
wolfSSL 13:f67a6c6013ca 2800 (encryptOID == AES192CBCb && keySz != 24 ) ||
wolfSSL 13:f67a6c6013ca 2801 (encryptOID == AES256CBCb && keySz != 32 ) ||
wolfSSL 13:f67a6c6013ca 2802 (ivSz != AES_BLOCK_SIZE) )
wolfSSL 13:f67a6c6013ca 2803 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 2804
wolfSSL 13:f67a6c6013ca 2805 ret = wc_AesSetKey(&aes, key, keySz, iv, AES_DECRYPTION);
wolfSSL 13:f67a6c6013ca 2806 if (ret == 0)
wolfSSL 13:f67a6c6013ca 2807 ret = wc_AesCbcDecrypt(&aes, out, in, inSz);
wolfSSL 13:f67a6c6013ca 2808
wolfSSL 13:f67a6c6013ca 2809 break;
wolfSSL 13:f67a6c6013ca 2810 #endif
wolfSSL 13:f67a6c6013ca 2811 #ifndef NO_DES3
wolfSSL 13:f67a6c6013ca 2812 case DESb:
wolfSSL 13:f67a6c6013ca 2813 if (keySz != DES_KEYLEN || ivSz != DES_BLOCK_SIZE)
wolfSSL 13:f67a6c6013ca 2814 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 2815
wolfSSL 13:f67a6c6013ca 2816 ret = wc_Des_SetKey(&des, key, iv, DES_DECRYPTION);
wolfSSL 13:f67a6c6013ca 2817 if (ret == 0)
wolfSSL 13:f67a6c6013ca 2818 ret = wc_Des_CbcDecrypt(&des, out, in, inSz);
wolfSSL 13:f67a6c6013ca 2819
wolfSSL 13:f67a6c6013ca 2820 break;
wolfSSL 13:f67a6c6013ca 2821 case DES3b:
wolfSSL 13:f67a6c6013ca 2822 if (keySz != DES3_KEYLEN || ivSz != DES_BLOCK_SIZE)
wolfSSL 13:f67a6c6013ca 2823 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 2824
wolfSSL 13:f67a6c6013ca 2825 ret = wc_Des3_SetKey(&des3, key, iv, DES_DECRYPTION);
wolfSSL 13:f67a6c6013ca 2826 if (ret == 0)
wolfSSL 13:f67a6c6013ca 2827 ret = wc_Des3_CbcDecrypt(&des3, out, in, inSz);
wolfSSL 13:f67a6c6013ca 2828
wolfSSL 13:f67a6c6013ca 2829 break;
wolfSSL 13:f67a6c6013ca 2830 #endif
wolfSSL 13:f67a6c6013ca 2831 default:
wolfSSL 13:f67a6c6013ca 2832 WOLFSSL_MSG("Unsupported content cipher type");
wolfSSL 13:f67a6c6013ca 2833 return ALGO_ID_E;
wolfSSL 13:f67a6c6013ca 2834 };
wolfSSL 13:f67a6c6013ca 2835
wolfSSL 13:f67a6c6013ca 2836 return ret;
wolfSSL 13:f67a6c6013ca 2837 }
wolfSSL 13:f67a6c6013ca 2838
wolfSSL 13:f67a6c6013ca 2839
wolfSSL 13:f67a6c6013ca 2840 /* generate random IV, place in iv, return 0 on success negative on error */
wolfSSL 13:f67a6c6013ca 2841 static int wc_PKCS7_GenerateIV(PKCS7* pkcs7, WC_RNG* rng, byte* iv, word32 ivSz)
wolfSSL 13:f67a6c6013ca 2842 {
wolfSSL 13:f67a6c6013ca 2843 int ret;
wolfSSL 13:f67a6c6013ca 2844 WC_RNG* rnd = NULL;
wolfSSL 13:f67a6c6013ca 2845
wolfSSL 13:f67a6c6013ca 2846 if (iv == NULL || ivSz == 0)
wolfSSL 13:f67a6c6013ca 2847 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 2848
wolfSSL 13:f67a6c6013ca 2849 /* input RNG is optional, init local one if input rng is NULL */
wolfSSL 13:f67a6c6013ca 2850 if (rng == NULL) {
wolfSSL 13:f67a6c6013ca 2851 rnd = (WC_RNG*)XMALLOC(sizeof(WC_RNG), pkcs7->heap, DYNAMIC_TYPE_RNG);
wolfSSL 13:f67a6c6013ca 2852 if (rnd == NULL)
wolfSSL 13:f67a6c6013ca 2853 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 2854
wolfSSL 13:f67a6c6013ca 2855 ret = wc_InitRng_ex(rnd, pkcs7->heap, INVALID_DEVID);
wolfSSL 13:f67a6c6013ca 2856 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 2857 XFREE(rnd, pkcs7->heap, DYNAMIC_TYPE_RNG);
wolfSSL 13:f67a6c6013ca 2858 return ret;
wolfSSL 13:f67a6c6013ca 2859 }
wolfSSL 13:f67a6c6013ca 2860
wolfSSL 13:f67a6c6013ca 2861 } else {
wolfSSL 13:f67a6c6013ca 2862 rnd = rng;
wolfSSL 13:f67a6c6013ca 2863 }
wolfSSL 13:f67a6c6013ca 2864
wolfSSL 13:f67a6c6013ca 2865 ret = wc_RNG_GenerateBlock(rnd, iv, ivSz);
wolfSSL 13:f67a6c6013ca 2866
wolfSSL 13:f67a6c6013ca 2867 if (rng == NULL) {
wolfSSL 13:f67a6c6013ca 2868 wc_FreeRng(rnd);
wolfSSL 13:f67a6c6013ca 2869 XFREE(rnd, pkcs7->heap, DYNAMIC_TYPE_RNG);
wolfSSL 13:f67a6c6013ca 2870 }
wolfSSL 13:f67a6c6013ca 2871
wolfSSL 13:f67a6c6013ca 2872 return ret;
wolfSSL 13:f67a6c6013ca 2873 }
wolfSSL 13:f67a6c6013ca 2874
wolfSSL 13:f67a6c6013ca 2875
wolfSSL 13:f67a6c6013ca 2876 /* return size of padded data, padded to blockSz chunks, or negative on error */
wolfSSL 13:f67a6c6013ca 2877 static int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz)
wolfSSL 13:f67a6c6013ca 2878 {
wolfSSL 13:f67a6c6013ca 2879 int padSz;
wolfSSL 13:f67a6c6013ca 2880
wolfSSL 13:f67a6c6013ca 2881 if (blockSz == 0)
wolfSSL 13:f67a6c6013ca 2882 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 2883
wolfSSL 13:f67a6c6013ca 2884 padSz = blockSz - (inputSz % blockSz);
wolfSSL 13:f67a6c6013ca 2885
wolfSSL 13:f67a6c6013ca 2886 return padSz;
wolfSSL 13:f67a6c6013ca 2887 }
wolfSSL 13:f67a6c6013ca 2888
wolfSSL 13:f67a6c6013ca 2889
wolfSSL 13:f67a6c6013ca 2890 /* pad input data to blockSz chunk, place in outSz. out must be big enough
wolfSSL 13:f67a6c6013ca 2891 * for input + pad bytes. See wc_PKCS7_GetPadLength() helper. */
wolfSSL 13:f67a6c6013ca 2892 static int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz,
wolfSSL 13:f67a6c6013ca 2893 word32 blockSz)
wolfSSL 13:f67a6c6013ca 2894 {
wolfSSL 13:f67a6c6013ca 2895 int i, padSz;
wolfSSL 13:f67a6c6013ca 2896
wolfSSL 13:f67a6c6013ca 2897 if (in == NULL || inSz == 0 ||
wolfSSL 13:f67a6c6013ca 2898 out == NULL || outSz == 0)
wolfSSL 13:f67a6c6013ca 2899 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 2900
wolfSSL 13:f67a6c6013ca 2901 padSz = blockSz - (inSz % blockSz);
wolfSSL 13:f67a6c6013ca 2902
wolfSSL 13:f67a6c6013ca 2903 if (outSz < (inSz + padSz))
wolfSSL 13:f67a6c6013ca 2904 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 2905
wolfSSL 13:f67a6c6013ca 2906 XMEMCPY(out, in, inSz);
wolfSSL 13:f67a6c6013ca 2907
wolfSSL 13:f67a6c6013ca 2908 for (i = 0; i < padSz; i++) {
wolfSSL 13:f67a6c6013ca 2909 out[inSz + i] = (byte)padSz;
wolfSSL 13:f67a6c6013ca 2910 }
wolfSSL 13:f67a6c6013ca 2911
wolfSSL 13:f67a6c6013ca 2912 return inSz + padSz;
wolfSSL 13:f67a6c6013ca 2913 }
wolfSSL 13:f67a6c6013ca 2914
wolfSSL 13:f67a6c6013ca 2915
wolfSSL 13:f67a6c6013ca 2916 /* build PKCS#7 envelopedData content type, return enveloped size */
wolfSSL 13:f67a6c6013ca 2917 int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
wolfSSL 13:f67a6c6013ca 2918 {
wolfSSL 13:f67a6c6013ca 2919 int ret, idx = 0;
wolfSSL 13:f67a6c6013ca 2920 int totalSz, padSz, encryptedOutSz;
wolfSSL 13:f67a6c6013ca 2921
wolfSSL 13:f67a6c6013ca 2922 int contentInfoSeqSz, outerContentTypeSz, outerContentSz;
wolfSSL 13:f67a6c6013ca 2923 byte contentInfoSeq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 2924 byte outerContentType[MAX_ALGO_SZ];
wolfSSL 13:f67a6c6013ca 2925 byte outerContent[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 2926
wolfSSL 13:f67a6c6013ca 2927 int envDataSeqSz, verSz;
wolfSSL 13:f67a6c6013ca 2928 byte envDataSeq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 2929 byte ver[MAX_VERSION_SZ];
wolfSSL 13:f67a6c6013ca 2930
wolfSSL 13:f67a6c6013ca 2931 WC_RNG rng;
wolfSSL 13:f67a6c6013ca 2932 int contentKeyEncSz, blockSz, blockKeySz;
wolfSSL 13:f67a6c6013ca 2933 byte contentKeyPlain[MAX_CONTENT_KEY_LEN];
wolfSSL 13:f67a6c6013ca 2934 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 2935 byte* contentKeyEnc;
wolfSSL 13:f67a6c6013ca 2936 #else
wolfSSL 13:f67a6c6013ca 2937 byte contentKeyEnc[MAX_ENCRYPTED_KEY_SZ];
wolfSSL 13:f67a6c6013ca 2938 #endif
wolfSSL 13:f67a6c6013ca 2939 byte* plain;
wolfSSL 13:f67a6c6013ca 2940 byte* encryptedContent;
wolfSSL 13:f67a6c6013ca 2941
wolfSSL 13:f67a6c6013ca 2942 int recipSz, recipSetSz;
wolfSSL 13:f67a6c6013ca 2943 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 2944 byte* recip;
wolfSSL 13:f67a6c6013ca 2945 #else
wolfSSL 13:f67a6c6013ca 2946 byte recip[MAX_RECIP_SZ];
wolfSSL 13:f67a6c6013ca 2947 #endif
wolfSSL 13:f67a6c6013ca 2948 byte recipSet[MAX_SET_SZ];
wolfSSL 13:f67a6c6013ca 2949
wolfSSL 13:f67a6c6013ca 2950 int encContentOctetSz, encContentSeqSz, contentTypeSz;
wolfSSL 13:f67a6c6013ca 2951 int contentEncAlgoSz, ivOctetStringSz;
wolfSSL 13:f67a6c6013ca 2952 byte encContentSeq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 2953 byte contentType[MAX_ALGO_SZ];
wolfSSL 13:f67a6c6013ca 2954 byte contentEncAlgo[MAX_ALGO_SZ];
wolfSSL 13:f67a6c6013ca 2955 byte tmpIv[MAX_CONTENT_IV_SIZE];
wolfSSL 13:f67a6c6013ca 2956 byte ivOctetString[MAX_OCTET_STR_SZ];
wolfSSL 13:f67a6c6013ca 2957 byte encContentOctet[MAX_OCTET_STR_SZ];
wolfSSL 13:f67a6c6013ca 2958
wolfSSL 13:f67a6c6013ca 2959 if (pkcs7 == NULL || pkcs7->content == NULL || pkcs7->contentSz == 0 ||
wolfSSL 13:f67a6c6013ca 2960 pkcs7->encryptOID == 0 || pkcs7->singleCert == NULL ||
wolfSSL 13:f67a6c6013ca 2961 pkcs7->publicKeyOID == 0)
wolfSSL 13:f67a6c6013ca 2962 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 2963
wolfSSL 13:f67a6c6013ca 2964 if (output == NULL || outputSz == 0)
wolfSSL 13:f67a6c6013ca 2965 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 2966
wolfSSL 13:f67a6c6013ca 2967 blockKeySz = wc_PKCS7_GetOIDKeySize(pkcs7->encryptOID);
wolfSSL 13:f67a6c6013ca 2968 if (blockKeySz < 0)
wolfSSL 13:f67a6c6013ca 2969 return blockKeySz;
wolfSSL 13:f67a6c6013ca 2970
wolfSSL 13:f67a6c6013ca 2971 blockSz = wc_PKCS7_GetOIDBlockSize(pkcs7->encryptOID);
wolfSSL 13:f67a6c6013ca 2972 if (blockSz < 0)
wolfSSL 13:f67a6c6013ca 2973 return blockSz;
wolfSSL 13:f67a6c6013ca 2974
wolfSSL 13:f67a6c6013ca 2975 /* outer content type */
wolfSSL 13:f67a6c6013ca 2976 outerContentTypeSz = wc_SetContentType(ENVELOPED_DATA, outerContentType);
wolfSSL 13:f67a6c6013ca 2977
wolfSSL 13:f67a6c6013ca 2978 /* version, defined as 0 in RFC 2315 */
wolfSSL 13:f67a6c6013ca 2979 if (pkcs7->publicKeyOID == ECDSAk) {
wolfSSL 13:f67a6c6013ca 2980 verSz = SetMyVersion(2, ver, 0);
wolfSSL 13:f67a6c6013ca 2981 } else {
wolfSSL 13:f67a6c6013ca 2982 verSz = SetMyVersion(0, ver, 0);
wolfSSL 13:f67a6c6013ca 2983 }
wolfSSL 13:f67a6c6013ca 2984
wolfSSL 13:f67a6c6013ca 2985 /* generate random content encryption key */
wolfSSL 13:f67a6c6013ca 2986 ret = wc_InitRng_ex(&rng, pkcs7->heap, INVALID_DEVID);
wolfSSL 13:f67a6c6013ca 2987 if (ret != 0)
wolfSSL 13:f67a6c6013ca 2988 return ret;
wolfSSL 13:f67a6c6013ca 2989
wolfSSL 13:f67a6c6013ca 2990 ret = wc_RNG_GenerateBlock(&rng, contentKeyPlain, blockKeySz);
wolfSSL 13:f67a6c6013ca 2991 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 2992 wc_FreeRng(&rng);
wolfSSL 13:f67a6c6013ca 2993 return ret;
wolfSSL 13:f67a6c6013ca 2994 }
wolfSSL 13:f67a6c6013ca 2995
wolfSSL 13:f67a6c6013ca 2996 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 2997 recip = (byte*)XMALLOC(MAX_RECIP_SZ, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 2998 contentKeyEnc = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, NULL,
wolfSSL 13:f67a6c6013ca 2999 DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3000 if (contentKeyEnc == NULL || recip == NULL) {
wolfSSL 13:f67a6c6013ca 3001 if (recip) XFREE(recip, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3002 if (contentKeyEnc) XFREE(contentKeyEnc, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3003 wc_FreeRng(&rng);
wolfSSL 13:f67a6c6013ca 3004 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 3005 }
wolfSSL 13:f67a6c6013ca 3006 #endif
wolfSSL 13:f67a6c6013ca 3007 contentKeyEncSz = MAX_ENCRYPTED_KEY_SZ;
wolfSSL 13:f67a6c6013ca 3008
wolfSSL 13:f67a6c6013ca 3009 /* build RecipientInfo, only handle 1 for now */
wolfSSL 13:f67a6c6013ca 3010 switch (pkcs7->publicKeyOID) {
wolfSSL 13:f67a6c6013ca 3011
wolfSSL 13:f67a6c6013ca 3012 case RSAk:
wolfSSL 13:f67a6c6013ca 3013 recipSz = wc_CreateRecipientInfo(pkcs7->singleCert,
wolfSSL 13:f67a6c6013ca 3014 pkcs7->singleCertSz,
wolfSSL 13:f67a6c6013ca 3015 pkcs7->publicKeyOID,
wolfSSL 13:f67a6c6013ca 3016 blockKeySz, &rng, contentKeyPlain,
wolfSSL 13:f67a6c6013ca 3017 contentKeyEnc, &contentKeyEncSz, recip,
wolfSSL 13:f67a6c6013ca 3018 MAX_RECIP_SZ, pkcs7->heap);
wolfSSL 13:f67a6c6013ca 3019 break;
wolfSSL 13:f67a6c6013ca 3020
wolfSSL 13:f67a6c6013ca 3021 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 3022 case ECDSAk:
wolfSSL 13:f67a6c6013ca 3023 recipSz = wc_CreateKeyAgreeRecipientInfo(pkcs7, pkcs7->singleCert,
wolfSSL 13:f67a6c6013ca 3024 pkcs7->singleCertSz,
wolfSSL 13:f67a6c6013ca 3025 pkcs7->publicKeyOID,
wolfSSL 13:f67a6c6013ca 3026 blockKeySz, pkcs7->keyWrapOID,
wolfSSL 13:f67a6c6013ca 3027 pkcs7->keyAgreeOID, &rng,
wolfSSL 13:f67a6c6013ca 3028 contentKeyPlain, contentKeyEnc,
wolfSSL 13:f67a6c6013ca 3029 &contentKeyEncSz, recip, MAX_RECIP_SZ);
wolfSSL 13:f67a6c6013ca 3030 break;
wolfSSL 13:f67a6c6013ca 3031 #endif
wolfSSL 13:f67a6c6013ca 3032
wolfSSL 13:f67a6c6013ca 3033 default:
wolfSSL 13:f67a6c6013ca 3034 WOLFSSL_MSG("Unsupported RecipientInfo public key type");
wolfSSL 13:f67a6c6013ca 3035 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 3036 };
wolfSSL 13:f67a6c6013ca 3037
wolfSSL 13:f67a6c6013ca 3038 ForceZero(contentKeyEnc, MAX_ENCRYPTED_KEY_SZ);
wolfSSL 13:f67a6c6013ca 3039
wolfSSL 13:f67a6c6013ca 3040 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3041 XFREE(contentKeyEnc, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3042 #endif
wolfSSL 13:f67a6c6013ca 3043
wolfSSL 13:f67a6c6013ca 3044 if (recipSz < 0) {
wolfSSL 13:f67a6c6013ca 3045 WOLFSSL_MSG("Failed to create RecipientInfo");
wolfSSL 13:f67a6c6013ca 3046 wc_FreeRng(&rng);
wolfSSL 13:f67a6c6013ca 3047 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3048 XFREE(recip, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3049 #endif
wolfSSL 13:f67a6c6013ca 3050 return recipSz;
wolfSSL 13:f67a6c6013ca 3051 }
wolfSSL 13:f67a6c6013ca 3052 recipSetSz = SetSet(recipSz, recipSet);
wolfSSL 13:f67a6c6013ca 3053
wolfSSL 13:f67a6c6013ca 3054 /* generate IV for block cipher */
wolfSSL 13:f67a6c6013ca 3055 ret = wc_PKCS7_GenerateIV(pkcs7, &rng, tmpIv, blockSz);
wolfSSL 13:f67a6c6013ca 3056 wc_FreeRng(&rng);
wolfSSL 13:f67a6c6013ca 3057 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 3058 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3059 XFREE(recip, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3060 #endif
wolfSSL 13:f67a6c6013ca 3061 return ret;
wolfSSL 13:f67a6c6013ca 3062 }
wolfSSL 13:f67a6c6013ca 3063
wolfSSL 13:f67a6c6013ca 3064 /* EncryptedContentInfo */
wolfSSL 13:f67a6c6013ca 3065 contentTypeSz = wc_SetContentType(pkcs7->contentOID, contentType);
wolfSSL 13:f67a6c6013ca 3066 if (contentTypeSz == 0) {
wolfSSL 13:f67a6c6013ca 3067 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3068 XFREE(recip, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3069 #endif
wolfSSL 13:f67a6c6013ca 3070 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 3071 }
wolfSSL 13:f67a6c6013ca 3072
wolfSSL 13:f67a6c6013ca 3073 /* allocate encrypted content buffer and PKCS#7 padding */
wolfSSL 13:f67a6c6013ca 3074 padSz = wc_PKCS7_GetPadSize(pkcs7->contentSz, blockSz);
wolfSSL 13:f67a6c6013ca 3075 if (padSz < 0)
wolfSSL 13:f67a6c6013ca 3076 return padSz;
wolfSSL 13:f67a6c6013ca 3077
wolfSSL 13:f67a6c6013ca 3078 encryptedOutSz = pkcs7->contentSz + padSz;
wolfSSL 13:f67a6c6013ca 3079
wolfSSL 13:f67a6c6013ca 3080 plain = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap,
wolfSSL 13:f67a6c6013ca 3081 DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3082 if (plain == NULL)
wolfSSL 13:f67a6c6013ca 3083 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 3084
wolfSSL 13:f67a6c6013ca 3085 ret = wc_PKCS7_PadData(pkcs7->content, pkcs7->contentSz, plain,
wolfSSL 13:f67a6c6013ca 3086 encryptedOutSz, blockSz);
wolfSSL 13:f67a6c6013ca 3087 if (ret < 0) {
wolfSSL 13:f67a6c6013ca 3088 XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3089 return ret;
wolfSSL 13:f67a6c6013ca 3090 }
wolfSSL 13:f67a6c6013ca 3091
wolfSSL 13:f67a6c6013ca 3092 encryptedContent = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap,
wolfSSL 13:f67a6c6013ca 3093 DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3094 if (encryptedContent == NULL) {
wolfSSL 13:f67a6c6013ca 3095 XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3096 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3097 XFREE(recip, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3098 #endif
wolfSSL 13:f67a6c6013ca 3099 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 3100 }
wolfSSL 13:f67a6c6013ca 3101
wolfSSL 13:f67a6c6013ca 3102 /* put together IV OCTET STRING */
wolfSSL 13:f67a6c6013ca 3103 ivOctetStringSz = SetOctetString(blockSz, ivOctetString);
wolfSSL 13:f67a6c6013ca 3104
wolfSSL 13:f67a6c6013ca 3105 /* build up our ContentEncryptionAlgorithmIdentifier sequence,
wolfSSL 13:f67a6c6013ca 3106 * adding (ivOctetStringSz + blockSz) for IV OCTET STRING */
wolfSSL 13:f67a6c6013ca 3107 contentEncAlgoSz = SetAlgoID(pkcs7->encryptOID, contentEncAlgo,
wolfSSL 13:f67a6c6013ca 3108 oidBlkType, ivOctetStringSz + blockSz);
wolfSSL 13:f67a6c6013ca 3109
wolfSSL 13:f67a6c6013ca 3110 if (contentEncAlgoSz == 0) {
wolfSSL 13:f67a6c6013ca 3111 XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3112 XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3113 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3114 XFREE(recip, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3115 #endif
wolfSSL 13:f67a6c6013ca 3116 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 3117 }
wolfSSL 13:f67a6c6013ca 3118
wolfSSL 13:f67a6c6013ca 3119 /* encrypt content */
wolfSSL 13:f67a6c6013ca 3120 ret = wc_PKCS7_EncryptContent(pkcs7->encryptOID, contentKeyPlain,
wolfSSL 13:f67a6c6013ca 3121 blockKeySz, tmpIv, blockSz, plain, encryptedOutSz,
wolfSSL 13:f67a6c6013ca 3122 encryptedContent);
wolfSSL 13:f67a6c6013ca 3123
wolfSSL 13:f67a6c6013ca 3124 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 3125 XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3126 XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3127 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3128 XFREE(recip, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3129 #endif
wolfSSL 13:f67a6c6013ca 3130 return ret;
wolfSSL 13:f67a6c6013ca 3131 }
wolfSSL 13:f67a6c6013ca 3132
wolfSSL 13:f67a6c6013ca 3133 encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0, encryptedOutSz,
wolfSSL 13:f67a6c6013ca 3134 encContentOctet);
wolfSSL 13:f67a6c6013ca 3135
wolfSSL 13:f67a6c6013ca 3136 encContentSeqSz = SetSequence(contentTypeSz + contentEncAlgoSz +
wolfSSL 13:f67a6c6013ca 3137 ivOctetStringSz + blockSz +
wolfSSL 13:f67a6c6013ca 3138 encContentOctetSz + encryptedOutSz,
wolfSSL 13:f67a6c6013ca 3139 encContentSeq);
wolfSSL 13:f67a6c6013ca 3140
wolfSSL 13:f67a6c6013ca 3141 /* keep track of sizes for outer wrapper layering */
wolfSSL 13:f67a6c6013ca 3142 totalSz = verSz + recipSetSz + recipSz + encContentSeqSz + contentTypeSz +
wolfSSL 13:f67a6c6013ca 3143 contentEncAlgoSz + ivOctetStringSz + blockSz +
wolfSSL 13:f67a6c6013ca 3144 encContentOctetSz + encryptedOutSz;
wolfSSL 13:f67a6c6013ca 3145
wolfSSL 13:f67a6c6013ca 3146 /* EnvelopedData */
wolfSSL 13:f67a6c6013ca 3147 envDataSeqSz = SetSequence(totalSz, envDataSeq);
wolfSSL 13:f67a6c6013ca 3148 totalSz += envDataSeqSz;
wolfSSL 13:f67a6c6013ca 3149
wolfSSL 13:f67a6c6013ca 3150 /* outer content */
wolfSSL 13:f67a6c6013ca 3151 outerContentSz = SetExplicit(0, totalSz, outerContent);
wolfSSL 13:f67a6c6013ca 3152 totalSz += outerContentTypeSz;
wolfSSL 13:f67a6c6013ca 3153 totalSz += outerContentSz;
wolfSSL 13:f67a6c6013ca 3154
wolfSSL 13:f67a6c6013ca 3155 /* ContentInfo */
wolfSSL 13:f67a6c6013ca 3156 contentInfoSeqSz = SetSequence(totalSz, contentInfoSeq);
wolfSSL 13:f67a6c6013ca 3157 totalSz += contentInfoSeqSz;
wolfSSL 13:f67a6c6013ca 3158
wolfSSL 13:f67a6c6013ca 3159 if (totalSz > (int)outputSz) {
wolfSSL 13:f67a6c6013ca 3160 WOLFSSL_MSG("Pkcs7_encrypt output buffer too small");
wolfSSL 13:f67a6c6013ca 3161 XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3162 XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3163 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3164 XFREE(recip, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3165 #endif
wolfSSL 13:f67a6c6013ca 3166 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 3167 }
wolfSSL 13:f67a6c6013ca 3168
wolfSSL 13:f67a6c6013ca 3169 XMEMCPY(output + idx, contentInfoSeq, contentInfoSeqSz);
wolfSSL 13:f67a6c6013ca 3170 idx += contentInfoSeqSz;
wolfSSL 13:f67a6c6013ca 3171 XMEMCPY(output + idx, outerContentType, outerContentTypeSz);
wolfSSL 13:f67a6c6013ca 3172 idx += outerContentTypeSz;
wolfSSL 13:f67a6c6013ca 3173 XMEMCPY(output + idx, outerContent, outerContentSz);
wolfSSL 13:f67a6c6013ca 3174 idx += outerContentSz;
wolfSSL 13:f67a6c6013ca 3175 XMEMCPY(output + idx, envDataSeq, envDataSeqSz);
wolfSSL 13:f67a6c6013ca 3176 idx += envDataSeqSz;
wolfSSL 13:f67a6c6013ca 3177 XMEMCPY(output + idx, ver, verSz);
wolfSSL 13:f67a6c6013ca 3178 idx += verSz;
wolfSSL 13:f67a6c6013ca 3179 XMEMCPY(output + idx, recipSet, recipSetSz);
wolfSSL 13:f67a6c6013ca 3180 idx += recipSetSz;
wolfSSL 13:f67a6c6013ca 3181 XMEMCPY(output + idx, recip, recipSz);
wolfSSL 13:f67a6c6013ca 3182 idx += recipSz;
wolfSSL 13:f67a6c6013ca 3183 XMEMCPY(output + idx, encContentSeq, encContentSeqSz);
wolfSSL 13:f67a6c6013ca 3184 idx += encContentSeqSz;
wolfSSL 13:f67a6c6013ca 3185 XMEMCPY(output + idx, contentType, contentTypeSz);
wolfSSL 13:f67a6c6013ca 3186 idx += contentTypeSz;
wolfSSL 13:f67a6c6013ca 3187 XMEMCPY(output + idx, contentEncAlgo, contentEncAlgoSz);
wolfSSL 13:f67a6c6013ca 3188 idx += contentEncAlgoSz;
wolfSSL 13:f67a6c6013ca 3189 XMEMCPY(output + idx, ivOctetString, ivOctetStringSz);
wolfSSL 13:f67a6c6013ca 3190 idx += ivOctetStringSz;
wolfSSL 13:f67a6c6013ca 3191 XMEMCPY(output + idx, tmpIv, blockSz);
wolfSSL 13:f67a6c6013ca 3192 idx += blockSz;
wolfSSL 13:f67a6c6013ca 3193 XMEMCPY(output + idx, encContentOctet, encContentOctetSz);
wolfSSL 13:f67a6c6013ca 3194 idx += encContentOctetSz;
wolfSSL 13:f67a6c6013ca 3195 XMEMCPY(output + idx, encryptedContent, encryptedOutSz);
wolfSSL 13:f67a6c6013ca 3196 idx += encryptedOutSz;
wolfSSL 13:f67a6c6013ca 3197
wolfSSL 13:f67a6c6013ca 3198 ForceZero(contentKeyPlain, MAX_CONTENT_KEY_LEN);
wolfSSL 13:f67a6c6013ca 3199
wolfSSL 13:f67a6c6013ca 3200 XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3201 XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3202
wolfSSL 13:f67a6c6013ca 3203 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3204 XFREE(recip, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3205 #endif
wolfSSL 13:f67a6c6013ca 3206
wolfSSL 13:f67a6c6013ca 3207 return idx;
wolfSSL 13:f67a6c6013ca 3208 }
wolfSSL 13:f67a6c6013ca 3209
wolfSSL 13:f67a6c6013ca 3210
wolfSSL 13:f67a6c6013ca 3211 /* decode KeyTransRecipientInfo (ktri), return 0 on success, <0 on error */
wolfSSL 13:f67a6c6013ca 3212 static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
wolfSSL 13:f67a6c6013ca 3213 word32* idx, byte* decryptedKey,
wolfSSL 13:f67a6c6013ca 3214 word32* decryptedKeySz, int* recipFound)
wolfSSL 13:f67a6c6013ca 3215 {
wolfSSL 13:f67a6c6013ca 3216 int length, encryptedKeySz, ret;
wolfSSL 13:f67a6c6013ca 3217 int keySz;
wolfSSL 13:f67a6c6013ca 3218 word32 encOID;
wolfSSL 13:f67a6c6013ca 3219 word32 keyIdx;
wolfSSL 13:f67a6c6013ca 3220 byte issuerHash[SHA_DIGEST_SIZE];
wolfSSL 13:f67a6c6013ca 3221 byte* outKey = NULL;
wolfSSL 13:f67a6c6013ca 3222
wolfSSL 13:f67a6c6013ca 3223 #ifdef WC_RSA_BLINDING
wolfSSL 13:f67a6c6013ca 3224 WC_RNG rng;
wolfSSL 13:f67a6c6013ca 3225 #endif
wolfSSL 13:f67a6c6013ca 3226
wolfSSL 13:f67a6c6013ca 3227 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3228 mp_int* serialNum;
wolfSSL 13:f67a6c6013ca 3229 byte* encryptedKey;
wolfSSL 13:f67a6c6013ca 3230 RsaKey* privKey;
wolfSSL 13:f67a6c6013ca 3231 #else
wolfSSL 13:f67a6c6013ca 3232 mp_int stack_serialNum;
wolfSSL 13:f67a6c6013ca 3233 mp_int* serialNum = &stack_serialNum;
wolfSSL 13:f67a6c6013ca 3234 byte encryptedKey[MAX_ENCRYPTED_KEY_SZ];
wolfSSL 13:f67a6c6013ca 3235
wolfSSL 13:f67a6c6013ca 3236 RsaKey stack_privKey;
wolfSSL 13:f67a6c6013ca 3237 RsaKey* privKey = &stack_privKey;
wolfSSL 13:f67a6c6013ca 3238 #endif
wolfSSL 13:f67a6c6013ca 3239
wolfSSL 13:f67a6c6013ca 3240 /* remove IssuerAndSerialNumber */
wolfSSL 13:f67a6c6013ca 3241 if (GetSequence(pkiMsg, idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 3242 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3243
wolfSSL 13:f67a6c6013ca 3244 if (GetNameHash(pkiMsg, idx, issuerHash, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 3245 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3246
wolfSSL 13:f67a6c6013ca 3247 /* if we found correct recipient, issuer hashes will match */
wolfSSL 13:f67a6c6013ca 3248 if (XMEMCMP(issuerHash, pkcs7->issuerHash, SHA_DIGEST_SIZE) == 0) {
wolfSSL 13:f67a6c6013ca 3249 *recipFound = 1;
wolfSSL 13:f67a6c6013ca 3250 }
wolfSSL 13:f67a6c6013ca 3251
wolfSSL 13:f67a6c6013ca 3252 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3253 serialNum = (mp_int*)XMALLOC(sizeof(mp_int), NULL,
wolfSSL 13:f67a6c6013ca 3254 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3255 if (serialNum == NULL)
wolfSSL 13:f67a6c6013ca 3256 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 3257 #endif
wolfSSL 13:f67a6c6013ca 3258
wolfSSL 13:f67a6c6013ca 3259 if (GetInt(serialNum, pkiMsg, idx, pkiMsgSz) < 0) {
wolfSSL 13:f67a6c6013ca 3260 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3261 XFREE(serialNum, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3262 #endif
wolfSSL 13:f67a6c6013ca 3263 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3264 }
wolfSSL 13:f67a6c6013ca 3265
wolfSSL 13:f67a6c6013ca 3266 mp_clear(serialNum);
wolfSSL 13:f67a6c6013ca 3267
wolfSSL 13:f67a6c6013ca 3268 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3269 XFREE(serialNum, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3270 #endif
wolfSSL 13:f67a6c6013ca 3271
wolfSSL 13:f67a6c6013ca 3272 if (GetAlgoId(pkiMsg, idx, &encOID, oidKeyType, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 3273 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3274
wolfSSL 13:f67a6c6013ca 3275 /* key encryption algorithm must be RSA for now */
wolfSSL 13:f67a6c6013ca 3276 if (encOID != RSAk)
wolfSSL 13:f67a6c6013ca 3277 return ALGO_ID_E;
wolfSSL 13:f67a6c6013ca 3278
wolfSSL 13:f67a6c6013ca 3279 /* read encryptedKey */
wolfSSL 13:f67a6c6013ca 3280 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3281 encryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, NULL,
wolfSSL 13:f67a6c6013ca 3282 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3283 if (encryptedKey == NULL)
wolfSSL 13:f67a6c6013ca 3284 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 3285 #endif
wolfSSL 13:f67a6c6013ca 3286
wolfSSL 13:f67a6c6013ca 3287 if (pkiMsg[(*idx)++] != ASN_OCTET_STRING) {
wolfSSL 13:f67a6c6013ca 3288 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3289 XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3290 #endif
wolfSSL 13:f67a6c6013ca 3291 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3292 }
wolfSSL 13:f67a6c6013ca 3293
wolfSSL 13:f67a6c6013ca 3294 if (GetLength(pkiMsg, idx, &encryptedKeySz, pkiMsgSz) < 0) {
wolfSSL 13:f67a6c6013ca 3295 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3296 XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3297 #endif
wolfSSL 13:f67a6c6013ca 3298 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3299 }
wolfSSL 13:f67a6c6013ca 3300
wolfSSL 13:f67a6c6013ca 3301 if (*recipFound == 1)
wolfSSL 13:f67a6c6013ca 3302 XMEMCPY(encryptedKey, &pkiMsg[*idx], encryptedKeySz);
wolfSSL 13:f67a6c6013ca 3303 *idx += encryptedKeySz;
wolfSSL 13:f67a6c6013ca 3304
wolfSSL 13:f67a6c6013ca 3305 /* load private key */
wolfSSL 13:f67a6c6013ca 3306 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3307 privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3308 if (privKey == NULL) {
wolfSSL 13:f67a6c6013ca 3309 XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3310 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 3311 }
wolfSSL 13:f67a6c6013ca 3312 #endif
wolfSSL 13:f67a6c6013ca 3313
wolfSSL 13:f67a6c6013ca 3314 ret = wc_InitRsaKey(privKey, 0);
wolfSSL 13:f67a6c6013ca 3315 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 3316 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3317 XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3318 XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3319 #endif
wolfSSL 13:f67a6c6013ca 3320 return ret;
wolfSSL 13:f67a6c6013ca 3321 }
wolfSSL 13:f67a6c6013ca 3322
wolfSSL 13:f67a6c6013ca 3323 keyIdx = 0;
wolfSSL 13:f67a6c6013ca 3324 ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &keyIdx, privKey,
wolfSSL 13:f67a6c6013ca 3325 pkcs7->privateKeySz);
wolfSSL 13:f67a6c6013ca 3326 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 3327 WOLFSSL_MSG("Failed to decode RSA private key");
wolfSSL 13:f67a6c6013ca 3328 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3329 XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3330 XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3331 #endif
wolfSSL 13:f67a6c6013ca 3332 return ret;
wolfSSL 13:f67a6c6013ca 3333 }
wolfSSL 13:f67a6c6013ca 3334
wolfSSL 13:f67a6c6013ca 3335 /* decrypt encryptedKey */
wolfSSL 13:f67a6c6013ca 3336 #ifdef WC_RSA_BLINDING
wolfSSL 13:f67a6c6013ca 3337 ret = wc_InitRng_ex(&rng, pkcs7->heap, INVALID_DEVID);
wolfSSL 13:f67a6c6013ca 3338 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 3339 ret = wc_RsaSetRNG(privKey, &rng);
wolfSSL 13:f67a6c6013ca 3340 }
wolfSSL 13:f67a6c6013ca 3341 #endif
wolfSSL 13:f67a6c6013ca 3342 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 3343 keySz = wc_RsaPrivateDecryptInline(encryptedKey, encryptedKeySz,
wolfSSL 13:f67a6c6013ca 3344 &outKey, privKey);
wolfSSL 13:f67a6c6013ca 3345 #ifdef WC_RSA_BLINDING
wolfSSL 13:f67a6c6013ca 3346 wc_FreeRng(&rng);
wolfSSL 13:f67a6c6013ca 3347 #endif
wolfSSL 13:f67a6c6013ca 3348 } else {
wolfSSL 13:f67a6c6013ca 3349 keySz = ret;
wolfSSL 13:f67a6c6013ca 3350 }
wolfSSL 13:f67a6c6013ca 3351 wc_FreeRsaKey(privKey);
wolfSSL 13:f67a6c6013ca 3352
wolfSSL 13:f67a6c6013ca 3353 if (keySz <= 0 || outKey == NULL) {
wolfSSL 13:f67a6c6013ca 3354 ForceZero(encryptedKey, MAX_ENCRYPTED_KEY_SZ);
wolfSSL 13:f67a6c6013ca 3355 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3356 XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3357 XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3358 #endif
wolfSSL 13:f67a6c6013ca 3359 return keySz;
wolfSSL 13:f67a6c6013ca 3360 } else {
wolfSSL 13:f67a6c6013ca 3361 *decryptedKeySz = keySz;
wolfSSL 13:f67a6c6013ca 3362 XMEMCPY(decryptedKey, outKey, keySz);
wolfSSL 13:f67a6c6013ca 3363 ForceZero(encryptedKey, MAX_ENCRYPTED_KEY_SZ);
wolfSSL 13:f67a6c6013ca 3364 }
wolfSSL 13:f67a6c6013ca 3365
wolfSSL 13:f67a6c6013ca 3366 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3367 XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3368 XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3369 #endif
wolfSSL 13:f67a6c6013ca 3370
wolfSSL 13:f67a6c6013ca 3371 return 0;
wolfSSL 13:f67a6c6013ca 3372 }
wolfSSL 13:f67a6c6013ca 3373
wolfSSL 13:f67a6c6013ca 3374
wolfSSL 13:f67a6c6013ca 3375 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 3376
wolfSSL 13:f67a6c6013ca 3377 /* remove ASN.1 OriginatorIdentifierOrKey, return 0 on success, <0 on error */
wolfSSL 13:f67a6c6013ca 3378 static int wc_PKCS7_KariGetOriginatorIdentifierOrKey(WC_PKCS7_KARI* kari,
wolfSSL 13:f67a6c6013ca 3379 byte* pkiMsg, word32 pkiMsgSz, word32* idx)
wolfSSL 13:f67a6c6013ca 3380 {
wolfSSL 13:f67a6c6013ca 3381 int ret, length;
wolfSSL 13:f67a6c6013ca 3382 word32 keyOID;
wolfSSL 13:f67a6c6013ca 3383
wolfSSL 13:f67a6c6013ca 3384 if (kari == NULL || pkiMsg == NULL || idx == NULL)
wolfSSL 13:f67a6c6013ca 3385 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 3386
wolfSSL 13:f67a6c6013ca 3387 /* remove OriginatorIdentifierOrKey */
wolfSSL 13:f67a6c6013ca 3388 if (pkiMsg[*idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) {
wolfSSL 13:f67a6c6013ca 3389 (*idx)++;
wolfSSL 13:f67a6c6013ca 3390 if (GetLength(pkiMsg, idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 3391 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3392
wolfSSL 13:f67a6c6013ca 3393 } else {
wolfSSL 13:f67a6c6013ca 3394 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3395 }
wolfSSL 13:f67a6c6013ca 3396
wolfSSL 13:f67a6c6013ca 3397 /* remove OriginatorPublicKey */
wolfSSL 13:f67a6c6013ca 3398 if (pkiMsg[*idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)) {
wolfSSL 13:f67a6c6013ca 3399 (*idx)++;
wolfSSL 13:f67a6c6013ca 3400 if (GetLength(pkiMsg, idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 3401 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3402
wolfSSL 13:f67a6c6013ca 3403 } else {
wolfSSL 13:f67a6c6013ca 3404 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3405 }
wolfSSL 13:f67a6c6013ca 3406
wolfSSL 13:f67a6c6013ca 3407 /* remove AlgorithmIdentifier */
wolfSSL 13:f67a6c6013ca 3408 if (GetAlgoId(pkiMsg, idx, &keyOID, oidKeyType, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 3409 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3410
wolfSSL 13:f67a6c6013ca 3411 if (keyOID != ECDSAk)
wolfSSL 13:f67a6c6013ca 3412 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3413
wolfSSL 13:f67a6c6013ca 3414 /* remove ECPoint BIT STRING */
wolfSSL 13:f67a6c6013ca 3415 if ((pkiMsgSz > (*idx + 1)) && (pkiMsg[(*idx)++] != ASN_BIT_STRING))
wolfSSL 13:f67a6c6013ca 3416 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3417
wolfSSL 13:f67a6c6013ca 3418 if (GetLength(pkiMsg, idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 3419 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3420
wolfSSL 13:f67a6c6013ca 3421 if ((pkiMsgSz < (*idx + 1)) || (pkiMsg[(*idx)++] != 0x00))
wolfSSL 13:f67a6c6013ca 3422 return ASN_EXPECT_0_E;
wolfSSL 13:f67a6c6013ca 3423
wolfSSL 13:f67a6c6013ca 3424 /* get sender ephemeral public ECDSA key */
wolfSSL 13:f67a6c6013ca 3425 ret = wc_ecc_init_ex(kari->senderKey, kari->heap, INVALID_DEVID);
wolfSSL 13:f67a6c6013ca 3426 if (ret != 0)
wolfSSL 13:f67a6c6013ca 3427 return ret;
wolfSSL 13:f67a6c6013ca 3428
wolfSSL 13:f67a6c6013ca 3429 /* length-1 for unused bits counter */
wolfSSL 13:f67a6c6013ca 3430 ret = wc_ecc_import_x963(pkiMsg + (*idx), length - 1, kari->senderKey);
wolfSSL 13:f67a6c6013ca 3431 if (ret != 0)
wolfSSL 13:f67a6c6013ca 3432 return ret;
wolfSSL 13:f67a6c6013ca 3433
wolfSSL 13:f67a6c6013ca 3434 (*idx) += length - 1;
wolfSSL 13:f67a6c6013ca 3435
wolfSSL 13:f67a6c6013ca 3436 return 0;
wolfSSL 13:f67a6c6013ca 3437 }
wolfSSL 13:f67a6c6013ca 3438
wolfSSL 13:f67a6c6013ca 3439
wolfSSL 13:f67a6c6013ca 3440 /* remove optional UserKeyingMaterial if available, return 0 on success,
wolfSSL 13:f67a6c6013ca 3441 * < 0 on error */
wolfSSL 13:f67a6c6013ca 3442 static int wc_PKCS7_KariGetUserKeyingMaterial(WC_PKCS7_KARI* kari,
wolfSSL 13:f67a6c6013ca 3443 byte* pkiMsg, word32 pkiMsgSz, word32* idx)
wolfSSL 13:f67a6c6013ca 3444 {
wolfSSL 13:f67a6c6013ca 3445 int length;
wolfSSL 13:f67a6c6013ca 3446 word32 savedIdx;
wolfSSL 13:f67a6c6013ca 3447
wolfSSL 13:f67a6c6013ca 3448 if (kari == NULL || pkiMsg == NULL || idx == NULL)
wolfSSL 13:f67a6c6013ca 3449 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 3450
wolfSSL 13:f67a6c6013ca 3451 savedIdx = *idx;
wolfSSL 13:f67a6c6013ca 3452
wolfSSL 13:f67a6c6013ca 3453 /* starts with EXPLICIT [1] */
wolfSSL 13:f67a6c6013ca 3454 if (pkiMsg[(*idx)++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)) {
wolfSSL 13:f67a6c6013ca 3455 *idx = savedIdx;
wolfSSL 13:f67a6c6013ca 3456 return 0;
wolfSSL 13:f67a6c6013ca 3457 }
wolfSSL 13:f67a6c6013ca 3458
wolfSSL 13:f67a6c6013ca 3459 if (GetLength(pkiMsg, idx, &length, pkiMsgSz) < 0) {
wolfSSL 13:f67a6c6013ca 3460 *idx = savedIdx;
wolfSSL 13:f67a6c6013ca 3461 return 0;
wolfSSL 13:f67a6c6013ca 3462 }
wolfSSL 13:f67a6c6013ca 3463
wolfSSL 13:f67a6c6013ca 3464 /* get OCTET STRING */
wolfSSL 13:f67a6c6013ca 3465 if ( (pkiMsgSz > ((*idx) + 1)) &&
wolfSSL 13:f67a6c6013ca 3466 (pkiMsg[(*idx)++] != ASN_OCTET_STRING) ) {
wolfSSL 13:f67a6c6013ca 3467 *idx = savedIdx;
wolfSSL 13:f67a6c6013ca 3468 return 0;
wolfSSL 13:f67a6c6013ca 3469 }
wolfSSL 13:f67a6c6013ca 3470
wolfSSL 13:f67a6c6013ca 3471 if (GetLength(pkiMsg, idx, &length, pkiMsgSz) < 0) {
wolfSSL 13:f67a6c6013ca 3472 *idx = savedIdx;
wolfSSL 13:f67a6c6013ca 3473 return 0;
wolfSSL 13:f67a6c6013ca 3474 }
wolfSSL 13:f67a6c6013ca 3475
wolfSSL 13:f67a6c6013ca 3476 kari->ukm = NULL;
wolfSSL 13:f67a6c6013ca 3477 if (length > 0) {
wolfSSL 13:f67a6c6013ca 3478 kari->ukm = (byte*)XMALLOC(length, kari->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3479 if (kari->ukm == NULL)
wolfSSL 13:f67a6c6013ca 3480 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 3481
wolfSSL 13:f67a6c6013ca 3482 XMEMCPY(kari->ukm, pkiMsg + (*idx), length);
wolfSSL 13:f67a6c6013ca 3483 kari->ukmOwner = 1;
wolfSSL 13:f67a6c6013ca 3484 }
wolfSSL 13:f67a6c6013ca 3485
wolfSSL 13:f67a6c6013ca 3486 (*idx) += length;
wolfSSL 13:f67a6c6013ca 3487 kari->ukmSz = length;
wolfSSL 13:f67a6c6013ca 3488
wolfSSL 13:f67a6c6013ca 3489 return 0;
wolfSSL 13:f67a6c6013ca 3490 }
wolfSSL 13:f67a6c6013ca 3491
wolfSSL 13:f67a6c6013ca 3492
wolfSSL 13:f67a6c6013ca 3493 /* remove ASN.1 KeyEncryptionAlgorithmIdentifier, return 0 on success,
wolfSSL 13:f67a6c6013ca 3494 * < 0 on error */
wolfSSL 13:f67a6c6013ca 3495 static int wc_PKCS7_KariGetKeyEncryptionAlgorithmId(WC_PKCS7_KARI* kari,
wolfSSL 13:f67a6c6013ca 3496 byte* pkiMsg, word32 pkiMsgSz, word32* idx,
wolfSSL 13:f67a6c6013ca 3497 word32* keyAgreeOID, word32* keyWrapOID)
wolfSSL 13:f67a6c6013ca 3498 {
wolfSSL 13:f67a6c6013ca 3499 if (kari == NULL || pkiMsg == NULL || idx == NULL ||
wolfSSL 13:f67a6c6013ca 3500 keyAgreeOID == NULL || keyWrapOID == NULL)
wolfSSL 13:f67a6c6013ca 3501 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 3502
wolfSSL 13:f67a6c6013ca 3503 /* remove KeyEncryptionAlgorithmIdentifier */
wolfSSL 13:f67a6c6013ca 3504 if (GetAlgoId(pkiMsg, idx, keyAgreeOID, oidCmsKeyAgreeType,
wolfSSL 13:f67a6c6013ca 3505 pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 3506 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3507
wolfSSL 13:f67a6c6013ca 3508 /* remove KeyWrapAlgorithm, stored in parameter of KeyEncAlgoId */
wolfSSL 13:f67a6c6013ca 3509 if (GetAlgoId(pkiMsg, idx, keyWrapOID, oidKeyWrapType, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 3510 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3511
wolfSSL 13:f67a6c6013ca 3512 return 0;
wolfSSL 13:f67a6c6013ca 3513 }
wolfSSL 13:f67a6c6013ca 3514
wolfSSL 13:f67a6c6013ca 3515
wolfSSL 13:f67a6c6013ca 3516 /* remove ASN.1 SubjectKeyIdentifier, return 0 on success, < 0 on error
wolfSSL 13:f67a6c6013ca 3517 * if subject key ID matches, recipFound is set to 1 */
wolfSSL 13:f67a6c6013ca 3518 static int wc_PKCS7_KariGetSubjectKeyIdentifier(WC_PKCS7_KARI* kari,
wolfSSL 13:f67a6c6013ca 3519 byte* pkiMsg, word32 pkiMsgSz, word32* idx,
wolfSSL 13:f67a6c6013ca 3520 int* recipFound)
wolfSSL 13:f67a6c6013ca 3521 {
wolfSSL 13:f67a6c6013ca 3522 int length;
wolfSSL 13:f67a6c6013ca 3523 byte subjKeyId[KEYID_SIZE];
wolfSSL 13:f67a6c6013ca 3524
wolfSSL 13:f67a6c6013ca 3525 if (kari == NULL || pkiMsg == NULL || idx == NULL || recipFound == NULL)
wolfSSL 13:f67a6c6013ca 3526 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 3527
wolfSSL 13:f67a6c6013ca 3528 /* remove RecipientKeyIdentifier IMPLICIT [0] */
wolfSSL 13:f67a6c6013ca 3529 if ( (pkiMsgSz > (*idx + 1)) &&
wolfSSL 13:f67a6c6013ca 3530 (pkiMsg[(*idx)++] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) ) {
wolfSSL 13:f67a6c6013ca 3531
wolfSSL 13:f67a6c6013ca 3532 if (GetLength(pkiMsg, idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 3533 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3534
wolfSSL 13:f67a6c6013ca 3535 } else {
wolfSSL 13:f67a6c6013ca 3536 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3537 }
wolfSSL 13:f67a6c6013ca 3538
wolfSSL 13:f67a6c6013ca 3539 /* remove SubjectKeyIdentifier */
wolfSSL 13:f67a6c6013ca 3540 if ( (pkiMsgSz > (*idx + 1)) &&
wolfSSL 13:f67a6c6013ca 3541 (pkiMsg[(*idx)++] != ASN_OCTET_STRING) )
wolfSSL 13:f67a6c6013ca 3542 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3543
wolfSSL 13:f67a6c6013ca 3544 if (GetLength(pkiMsg, idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 3545 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3546
wolfSSL 13:f67a6c6013ca 3547 if (length != KEYID_SIZE)
wolfSSL 13:f67a6c6013ca 3548 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3549
wolfSSL 13:f67a6c6013ca 3550 XMEMCPY(subjKeyId, pkiMsg + (*idx), KEYID_SIZE);
wolfSSL 13:f67a6c6013ca 3551 (*idx) += length;
wolfSSL 13:f67a6c6013ca 3552
wolfSSL 13:f67a6c6013ca 3553 /* subject key id should match if recipient found */
wolfSSL 13:f67a6c6013ca 3554 if (XMEMCMP(subjKeyId, kari->decoded->extSubjKeyId, KEYID_SIZE) == 0) {
wolfSSL 13:f67a6c6013ca 3555 *recipFound = 1;
wolfSSL 13:f67a6c6013ca 3556 }
wolfSSL 13:f67a6c6013ca 3557
wolfSSL 13:f67a6c6013ca 3558 return 0;
wolfSSL 13:f67a6c6013ca 3559 }
wolfSSL 13:f67a6c6013ca 3560
wolfSSL 13:f67a6c6013ca 3561
wolfSSL 13:f67a6c6013ca 3562 /* remove ASN.1 IssuerAndSerialNumber, return 0 on success, < 0 on error
wolfSSL 13:f67a6c6013ca 3563 * if issuer and serial number match, recipFound is set to 1 */
wolfSSL 13:f67a6c6013ca 3564 static int wc_PKCS7_KariGetIssuerAndSerialNumber(WC_PKCS7_KARI* kari,
wolfSSL 13:f67a6c6013ca 3565 byte* pkiMsg, word32 pkiMsgSz, word32* idx,
wolfSSL 13:f67a6c6013ca 3566 int* recipFound)
wolfSSL 13:f67a6c6013ca 3567 {
wolfSSL 13:f67a6c6013ca 3568 int length, ret;
wolfSSL 13:f67a6c6013ca 3569 byte issuerHash[KEYID_SIZE];
wolfSSL 13:f67a6c6013ca 3570 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3571 mp_int* serial;
wolfSSL 13:f67a6c6013ca 3572 mp_int* recipSerial;
wolfSSL 13:f67a6c6013ca 3573 #else
wolfSSL 13:f67a6c6013ca 3574 mp_int stack_serial;
wolfSSL 13:f67a6c6013ca 3575 mp_int* serial = &stack_serial;
wolfSSL 13:f67a6c6013ca 3576
wolfSSL 13:f67a6c6013ca 3577 mp_int stack_recipSerial;
wolfSSL 13:f67a6c6013ca 3578 mp_int* recipSerial = &stack_recipSerial;
wolfSSL 13:f67a6c6013ca 3579 #endif
wolfSSL 13:f67a6c6013ca 3580
wolfSSL 13:f67a6c6013ca 3581 /* remove IssuerAndSerialNumber */
wolfSSL 13:f67a6c6013ca 3582 if (GetSequence(pkiMsg, idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 3583 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3584
wolfSSL 13:f67a6c6013ca 3585 if (GetNameHash(pkiMsg, idx, issuerHash, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 3586 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3587
wolfSSL 13:f67a6c6013ca 3588 /* if we found correct recipient, issuer hashes will match */
wolfSSL 13:f67a6c6013ca 3589 if (XMEMCMP(issuerHash, kari->decoded->issuerHash, KEYID_SIZE) == 0) {
wolfSSL 13:f67a6c6013ca 3590 *recipFound = 1;
wolfSSL 13:f67a6c6013ca 3591 }
wolfSSL 13:f67a6c6013ca 3592
wolfSSL 13:f67a6c6013ca 3593 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3594 serial = (mp_int*)XMALLOC(sizeof(mp_int), NULL,
wolfSSL 13:f67a6c6013ca 3595 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3596 if (serial == NULL)
wolfSSL 13:f67a6c6013ca 3597 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 3598
wolfSSL 13:f67a6c6013ca 3599 recipSerial = (mp_int*)XMALLOC(sizeof(mp_int), NULL,
wolfSSL 13:f67a6c6013ca 3600 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3601 if (recipSerial == NULL) {
wolfSSL 13:f67a6c6013ca 3602 XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3603 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 3604 }
wolfSSL 13:f67a6c6013ca 3605 #endif
wolfSSL 13:f67a6c6013ca 3606
wolfSSL 13:f67a6c6013ca 3607 if (GetInt(serial, pkiMsg, idx, pkiMsgSz) < 0) {
wolfSSL 13:f67a6c6013ca 3608 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3609 XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3610 XFREE(recipSerial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3611 #endif
wolfSSL 13:f67a6c6013ca 3612 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3613 }
wolfSSL 13:f67a6c6013ca 3614
wolfSSL 13:f67a6c6013ca 3615 ret = mp_read_unsigned_bin(recipSerial, kari->decoded->serial,
wolfSSL 13:f67a6c6013ca 3616 kari->decoded->serialSz);
wolfSSL 13:f67a6c6013ca 3617 if (ret != MP_OKAY) {
wolfSSL 13:f67a6c6013ca 3618 mp_clear(serial);
wolfSSL 13:f67a6c6013ca 3619 WOLFSSL_MSG("Failed to parse CMS recipient serial number");
wolfSSL 13:f67a6c6013ca 3620 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3621 XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3622 XFREE(recipSerial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3623 #endif
wolfSSL 13:f67a6c6013ca 3624 return ret;
wolfSSL 13:f67a6c6013ca 3625 }
wolfSSL 13:f67a6c6013ca 3626
wolfSSL 13:f67a6c6013ca 3627 if (mp_cmp(recipSerial, serial) != MP_EQ) {
wolfSSL 13:f67a6c6013ca 3628 mp_clear(serial);
wolfSSL 13:f67a6c6013ca 3629 mp_clear(recipSerial);
wolfSSL 13:f67a6c6013ca 3630 WOLFSSL_MSG("CMS serial number does not match recipient");
wolfSSL 13:f67a6c6013ca 3631 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3632 XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3633 XFREE(recipSerial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3634 #endif
wolfSSL 13:f67a6c6013ca 3635 return PKCS7_RECIP_E;
wolfSSL 13:f67a6c6013ca 3636 }
wolfSSL 13:f67a6c6013ca 3637
wolfSSL 13:f67a6c6013ca 3638 mp_clear(serial);
wolfSSL 13:f67a6c6013ca 3639 mp_clear(recipSerial);
wolfSSL 13:f67a6c6013ca 3640
wolfSSL 13:f67a6c6013ca 3641 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3642 XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3643 XFREE(recipSerial, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 3644 #endif
wolfSSL 13:f67a6c6013ca 3645
wolfSSL 13:f67a6c6013ca 3646 return 0;
wolfSSL 13:f67a6c6013ca 3647 }
wolfSSL 13:f67a6c6013ca 3648
wolfSSL 13:f67a6c6013ca 3649
wolfSSL 13:f67a6c6013ca 3650 /* remove ASN.1 RecipientEncryptedKeys, return 0 on success, < 0 on error */
wolfSSL 13:f67a6c6013ca 3651 static int wc_PKCS7_KariGetRecipientEncryptedKeys(WC_PKCS7_KARI* kari,
wolfSSL 13:f67a6c6013ca 3652 byte* pkiMsg, word32 pkiMsgSz, word32* idx,
wolfSSL 13:f67a6c6013ca 3653 int* recipFound, byte* encryptedKey,
wolfSSL 13:f67a6c6013ca 3654 int* encryptedKeySz)
wolfSSL 13:f67a6c6013ca 3655 {
wolfSSL 13:f67a6c6013ca 3656 int length;
wolfSSL 13:f67a6c6013ca 3657 int ret = 0;
wolfSSL 13:f67a6c6013ca 3658
wolfSSL 13:f67a6c6013ca 3659 if (kari == NULL || pkiMsg == NULL || idx == NULL ||
wolfSSL 13:f67a6c6013ca 3660 recipFound == NULL || encryptedKey == NULL)
wolfSSL 13:f67a6c6013ca 3661 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 3662
wolfSSL 13:f67a6c6013ca 3663 /* remove RecipientEncryptedKeys */
wolfSSL 13:f67a6c6013ca 3664 if (GetSequence(pkiMsg, idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 3665 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3666
wolfSSL 13:f67a6c6013ca 3667 /* remove RecipientEncryptedKeys */
wolfSSL 13:f67a6c6013ca 3668 if (GetSequence(pkiMsg, idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 3669 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3670
wolfSSL 13:f67a6c6013ca 3671 /* KeyAgreeRecipientIdentifier is CHOICE of IssuerAndSerialNumber
wolfSSL 13:f67a6c6013ca 3672 * or [0] IMMPLICIT RecipientKeyIdentifier */
wolfSSL 13:f67a6c6013ca 3673 if ( (pkiMsgSz > (*idx + 1)) &&
wolfSSL 13:f67a6c6013ca 3674 (pkiMsg[*idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) ) {
wolfSSL 13:f67a6c6013ca 3675
wolfSSL 13:f67a6c6013ca 3676 /* try to get RecipientKeyIdentifier */
wolfSSL 13:f67a6c6013ca 3677 ret = wc_PKCS7_KariGetSubjectKeyIdentifier(kari, pkiMsg, pkiMsgSz,
wolfSSL 13:f67a6c6013ca 3678 idx, recipFound);
wolfSSL 13:f67a6c6013ca 3679 } else {
wolfSSL 13:f67a6c6013ca 3680 /* try to get IssuerAndSerialNumber */
wolfSSL 13:f67a6c6013ca 3681 ret = wc_PKCS7_KariGetIssuerAndSerialNumber(kari, pkiMsg, pkiMsgSz,
wolfSSL 13:f67a6c6013ca 3682 idx, recipFound);
wolfSSL 13:f67a6c6013ca 3683 }
wolfSSL 13:f67a6c6013ca 3684
wolfSSL 13:f67a6c6013ca 3685 /* if we don't have either option, malformed CMS */
wolfSSL 13:f67a6c6013ca 3686 if (ret != 0)
wolfSSL 13:f67a6c6013ca 3687 return ret;
wolfSSL 13:f67a6c6013ca 3688
wolfSSL 13:f67a6c6013ca 3689 /* remove EncryptedKey */
wolfSSL 13:f67a6c6013ca 3690 if ( (pkiMsgSz > (*idx + 1)) &&
wolfSSL 13:f67a6c6013ca 3691 (pkiMsg[(*idx)++] != ASN_OCTET_STRING) )
wolfSSL 13:f67a6c6013ca 3692 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3693
wolfSSL 13:f67a6c6013ca 3694 if (GetLength(pkiMsg, idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 3695 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3696
wolfSSL 13:f67a6c6013ca 3697 /* put encrypted CEK in decryptedKey buffer for now, decrypt later */
wolfSSL 13:f67a6c6013ca 3698 if (length > *encryptedKeySz)
wolfSSL 13:f67a6c6013ca 3699 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 3700
wolfSSL 13:f67a6c6013ca 3701 XMEMCPY(encryptedKey, pkiMsg + (*idx), length);
wolfSSL 13:f67a6c6013ca 3702 *encryptedKeySz = length;
wolfSSL 13:f67a6c6013ca 3703 (*idx) += length;
wolfSSL 13:f67a6c6013ca 3704
wolfSSL 13:f67a6c6013ca 3705 return 0;
wolfSSL 13:f67a6c6013ca 3706 }
wolfSSL 13:f67a6c6013ca 3707
wolfSSL 13:f67a6c6013ca 3708 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 3709
wolfSSL 13:f67a6c6013ca 3710
wolfSSL 13:f67a6c6013ca 3711 /* decode ASN.1 KeyAgreeRecipientInfo (kari), return 0 on success,
wolfSSL 13:f67a6c6013ca 3712 * < 0 on error */
wolfSSL 13:f67a6c6013ca 3713 static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
wolfSSL 13:f67a6c6013ca 3714 word32* idx, byte* decryptedKey,
wolfSSL 13:f67a6c6013ca 3715 word32* decryptedKeySz, int* recipFound)
wolfSSL 13:f67a6c6013ca 3716 {
wolfSSL 13:f67a6c6013ca 3717 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 3718 int ret, keySz;
wolfSSL 13:f67a6c6013ca 3719 int encryptedKeySz;
wolfSSL 13:f67a6c6013ca 3720 int direction = 0;
wolfSSL 13:f67a6c6013ca 3721 word32 keyAgreeOID, keyWrapOID;
wolfSSL 13:f67a6c6013ca 3722
wolfSSL 13:f67a6c6013ca 3723 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3724 byte* encryptedKey;
wolfSSL 13:f67a6c6013ca 3725 #else
wolfSSL 13:f67a6c6013ca 3726 byte encryptedKey[MAX_ENCRYPTED_KEY_SZ];
wolfSSL 13:f67a6c6013ca 3727 #endif
wolfSSL 13:f67a6c6013ca 3728
wolfSSL 13:f67a6c6013ca 3729 WC_PKCS7_KARI* kari;
wolfSSL 13:f67a6c6013ca 3730
wolfSSL 13:f67a6c6013ca 3731 if (pkcs7 == NULL || pkcs7->singleCert == NULL ||
wolfSSL 13:f67a6c6013ca 3732 pkcs7->singleCertSz == 0 || pkiMsg == NULL ||
wolfSSL 13:f67a6c6013ca 3733 idx == NULL || decryptedKey == NULL || decryptedKeySz == NULL) {
wolfSSL 13:f67a6c6013ca 3734 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 3735 }
wolfSSL 13:f67a6c6013ca 3736
wolfSSL 13:f67a6c6013ca 3737 kari = wc_PKCS7_KariNew(pkcs7, WC_PKCS7_DECODE);
wolfSSL 13:f67a6c6013ca 3738 if (kari == NULL)
wolfSSL 13:f67a6c6013ca 3739 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 3740
wolfSSL 13:f67a6c6013ca 3741 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3742 encryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, NULL,
wolfSSL 13:f67a6c6013ca 3743 DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3744 if (encryptedKey == NULL) {
wolfSSL 13:f67a6c6013ca 3745 wc_PKCS7_KariFree(kari);
wolfSSL 13:f67a6c6013ca 3746 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 3747 }
wolfSSL 13:f67a6c6013ca 3748 #endif
wolfSSL 13:f67a6c6013ca 3749 encryptedKeySz = MAX_ENCRYPTED_KEY_SZ;
wolfSSL 13:f67a6c6013ca 3750
wolfSSL 13:f67a6c6013ca 3751 /* parse cert and key */
wolfSSL 13:f67a6c6013ca 3752 ret = wc_PKCS7_KariParseRecipCert(kari, (byte*)pkcs7->singleCert,
wolfSSL 13:f67a6c6013ca 3753 pkcs7->singleCertSz, pkcs7->privateKey,
wolfSSL 13:f67a6c6013ca 3754 pkcs7->privateKeySz);
wolfSSL 13:f67a6c6013ca 3755 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 3756 wc_PKCS7_KariFree(kari);
wolfSSL 13:f67a6c6013ca 3757 return ret;
wolfSSL 13:f67a6c6013ca 3758 }
wolfSSL 13:f67a6c6013ca 3759
wolfSSL 13:f67a6c6013ca 3760 /* remove OriginatorIdentifierOrKey */
wolfSSL 13:f67a6c6013ca 3761 ret = wc_PKCS7_KariGetOriginatorIdentifierOrKey(kari, pkiMsg,
wolfSSL 13:f67a6c6013ca 3762 pkiMsgSz, idx);
wolfSSL 13:f67a6c6013ca 3763 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 3764 wc_PKCS7_KariFree(kari);
wolfSSL 13:f67a6c6013ca 3765 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3766 XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3767 #endif
wolfSSL 13:f67a6c6013ca 3768 return ret;
wolfSSL 13:f67a6c6013ca 3769 }
wolfSSL 13:f67a6c6013ca 3770
wolfSSL 13:f67a6c6013ca 3771 /* try and remove optional UserKeyingMaterial */
wolfSSL 13:f67a6c6013ca 3772 ret = wc_PKCS7_KariGetUserKeyingMaterial(kari, pkiMsg, pkiMsgSz, idx);
wolfSSL 13:f67a6c6013ca 3773 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 3774 wc_PKCS7_KariFree(kari);
wolfSSL 13:f67a6c6013ca 3775 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3776 XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3777 #endif
wolfSSL 13:f67a6c6013ca 3778 return ret;
wolfSSL 13:f67a6c6013ca 3779 }
wolfSSL 13:f67a6c6013ca 3780
wolfSSL 13:f67a6c6013ca 3781 /* remove KeyEncryptionAlgorithmIdentifier */
wolfSSL 13:f67a6c6013ca 3782 ret = wc_PKCS7_KariGetKeyEncryptionAlgorithmId(kari, pkiMsg, pkiMsgSz,
wolfSSL 13:f67a6c6013ca 3783 idx, &keyAgreeOID,
wolfSSL 13:f67a6c6013ca 3784 &keyWrapOID);
wolfSSL 13:f67a6c6013ca 3785 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 3786 wc_PKCS7_KariFree(kari);
wolfSSL 13:f67a6c6013ca 3787 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3788 XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3789 #endif
wolfSSL 13:f67a6c6013ca 3790 return ret;
wolfSSL 13:f67a6c6013ca 3791 }
wolfSSL 13:f67a6c6013ca 3792
wolfSSL 13:f67a6c6013ca 3793 /* set direction based on key wrap algorithm */
wolfSSL 13:f67a6c6013ca 3794 switch (keyWrapOID) {
wolfSSL 13:f67a6c6013ca 3795 #ifndef NO_AES
wolfSSL 13:f67a6c6013ca 3796 case AES128_WRAP:
wolfSSL 13:f67a6c6013ca 3797 case AES192_WRAP:
wolfSSL 13:f67a6c6013ca 3798 case AES256_WRAP:
wolfSSL 13:f67a6c6013ca 3799 direction = AES_DECRYPTION;
wolfSSL 13:f67a6c6013ca 3800 break;
wolfSSL 13:f67a6c6013ca 3801 #endif
wolfSSL 13:f67a6c6013ca 3802 default:
wolfSSL 13:f67a6c6013ca 3803 wc_PKCS7_KariFree(kari);
wolfSSL 13:f67a6c6013ca 3804 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3805 XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3806 #endif
wolfSSL 13:f67a6c6013ca 3807 WOLFSSL_MSG("AES key wrap algorithm unsupported");
wolfSSL 13:f67a6c6013ca 3808 return BAD_KEYWRAP_ALG_E;
wolfSSL 13:f67a6c6013ca 3809 }
wolfSSL 13:f67a6c6013ca 3810
wolfSSL 13:f67a6c6013ca 3811 /* remove RecipientEncryptedKeys */
wolfSSL 13:f67a6c6013ca 3812 ret = wc_PKCS7_KariGetRecipientEncryptedKeys(kari, pkiMsg, pkiMsgSz,
wolfSSL 13:f67a6c6013ca 3813 idx, recipFound, encryptedKey, &encryptedKeySz);
wolfSSL 13:f67a6c6013ca 3814 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 3815 wc_PKCS7_KariFree(kari);
wolfSSL 13:f67a6c6013ca 3816 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3817 XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3818 #endif
wolfSSL 13:f67a6c6013ca 3819 return ret;
wolfSSL 13:f67a6c6013ca 3820 }
wolfSSL 13:f67a6c6013ca 3821
wolfSSL 13:f67a6c6013ca 3822 /* create KEK */
wolfSSL 13:f67a6c6013ca 3823 ret = wc_PKCS7_KariGenerateKEK(kari, keyWrapOID, pkcs7->keyAgreeOID);
wolfSSL 13:f67a6c6013ca 3824 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 3825 wc_PKCS7_KariFree(kari);
wolfSSL 13:f67a6c6013ca 3826 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3827 XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3828 #endif
wolfSSL 13:f67a6c6013ca 3829 return ret;
wolfSSL 13:f67a6c6013ca 3830 }
wolfSSL 13:f67a6c6013ca 3831
wolfSSL 13:f67a6c6013ca 3832 /* decrypt CEK with KEK */
wolfSSL 13:f67a6c6013ca 3833 keySz = wc_PKCS7_KariKeyWrap(encryptedKey, encryptedKeySz, kari->kek,
wolfSSL 13:f67a6c6013ca 3834 kari->kekSz, decryptedKey, *decryptedKeySz,
wolfSSL 13:f67a6c6013ca 3835 keyWrapOID, direction);
wolfSSL 13:f67a6c6013ca 3836 if (keySz <= 0) {
wolfSSL 13:f67a6c6013ca 3837 wc_PKCS7_KariFree(kari);
wolfSSL 13:f67a6c6013ca 3838 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3839 XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3840 #endif
wolfSSL 13:f67a6c6013ca 3841 return keySz;
wolfSSL 13:f67a6c6013ca 3842 }
wolfSSL 13:f67a6c6013ca 3843 *decryptedKeySz = (word32)keySz;
wolfSSL 13:f67a6c6013ca 3844
wolfSSL 13:f67a6c6013ca 3845 wc_PKCS7_KariFree(kari);
wolfSSL 13:f67a6c6013ca 3846 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3847 XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 3848 #endif
wolfSSL 13:f67a6c6013ca 3849
wolfSSL 13:f67a6c6013ca 3850 return 0;
wolfSSL 13:f67a6c6013ca 3851 #else
wolfSSL 13:f67a6c6013ca 3852 (void)pkcs7;
wolfSSL 13:f67a6c6013ca 3853 (void)pkiMsg;
wolfSSL 13:f67a6c6013ca 3854 (void)pkiMsgSz;
wolfSSL 13:f67a6c6013ca 3855 (void)idx;
wolfSSL 13:f67a6c6013ca 3856 (void)decryptedKey;
wolfSSL 13:f67a6c6013ca 3857 (void)decryptedKeySz;
wolfSSL 13:f67a6c6013ca 3858 (void)recipFound;
wolfSSL 13:f67a6c6013ca 3859
wolfSSL 13:f67a6c6013ca 3860 return NOT_COMPILED_IN;
wolfSSL 13:f67a6c6013ca 3861 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 3862 }
wolfSSL 13:f67a6c6013ca 3863
wolfSSL 13:f67a6c6013ca 3864
wolfSSL 13:f67a6c6013ca 3865 /* decode ASN.1 RecipientInfos SET, return 0 on success, < 0 on error */
wolfSSL 13:f67a6c6013ca 3866 static int wc_PKCS7_DecodeRecipientInfos(PKCS7* pkcs7, byte* pkiMsg,
wolfSSL 13:f67a6c6013ca 3867 word32 pkiMsgSz, word32* idx, byte* decryptedKey,
wolfSSL 13:f67a6c6013ca 3868 word32* decryptedKeySz, int* recipFound)
wolfSSL 13:f67a6c6013ca 3869 {
wolfSSL 13:f67a6c6013ca 3870 word32 savedIdx;
wolfSSL 13:f67a6c6013ca 3871 int version, ret, length;
wolfSSL 13:f67a6c6013ca 3872
wolfSSL 13:f67a6c6013ca 3873 if (pkcs7 == NULL || pkiMsg == NULL || idx == NULL ||
wolfSSL 13:f67a6c6013ca 3874 decryptedKey == NULL || decryptedKeySz == NULL ||
wolfSSL 13:f67a6c6013ca 3875 recipFound == NULL) {
wolfSSL 13:f67a6c6013ca 3876 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 3877 }
wolfSSL 13:f67a6c6013ca 3878
wolfSSL 13:f67a6c6013ca 3879 savedIdx = *idx;
wolfSSL 13:f67a6c6013ca 3880
wolfSSL 13:f67a6c6013ca 3881 /* when looking for next recipient, use first sequence and version to
wolfSSL 13:f67a6c6013ca 3882 * indicate there is another, if not, move on */
wolfSSL 13:f67a6c6013ca 3883 while(*recipFound == 0) {
wolfSSL 13:f67a6c6013ca 3884
wolfSSL 13:f67a6c6013ca 3885 /* remove RecipientInfo, if we don't have a SEQUENCE, back up idx to
wolfSSL 13:f67a6c6013ca 3886 * last good saved one */
wolfSSL 13:f67a6c6013ca 3887 if (GetSequence(pkiMsg, idx, &length, pkiMsgSz) > 0) {
wolfSSL 13:f67a6c6013ca 3888
wolfSSL 13:f67a6c6013ca 3889 if (GetMyVersion(pkiMsg, idx, &version, pkiMsgSz) < 0) {
wolfSSL 13:f67a6c6013ca 3890 *idx = savedIdx;
wolfSSL 13:f67a6c6013ca 3891 break;
wolfSSL 13:f67a6c6013ca 3892 }
wolfSSL 13:f67a6c6013ca 3893
wolfSSL 13:f67a6c6013ca 3894 if (version != 0)
wolfSSL 13:f67a6c6013ca 3895 return ASN_VERSION_E;
wolfSSL 13:f67a6c6013ca 3896
wolfSSL 13:f67a6c6013ca 3897 /* found ktri */
wolfSSL 13:f67a6c6013ca 3898 ret = wc_PKCS7_DecodeKtri(pkcs7, pkiMsg, pkiMsgSz, idx,
wolfSSL 13:f67a6c6013ca 3899 decryptedKey, decryptedKeySz,
wolfSSL 13:f67a6c6013ca 3900 recipFound);
wolfSSL 13:f67a6c6013ca 3901 if (ret != 0)
wolfSSL 13:f67a6c6013ca 3902 return ret;
wolfSSL 13:f67a6c6013ca 3903 }
wolfSSL 13:f67a6c6013ca 3904 else {
wolfSSL 13:f67a6c6013ca 3905 /* kari is IMPLICIT[1] */
wolfSSL 13:f67a6c6013ca 3906 *idx = savedIdx;
wolfSSL 13:f67a6c6013ca 3907 if (pkiMsg[*idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)) {
wolfSSL 13:f67a6c6013ca 3908 (*idx)++;
wolfSSL 13:f67a6c6013ca 3909
wolfSSL 13:f67a6c6013ca 3910 if (GetLength(pkiMsg, idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 3911 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3912
wolfSSL 13:f67a6c6013ca 3913 if (GetMyVersion(pkiMsg, idx, &version, pkiMsgSz) < 0) {
wolfSSL 13:f67a6c6013ca 3914 *idx = savedIdx;
wolfSSL 13:f67a6c6013ca 3915 break;
wolfSSL 13:f67a6c6013ca 3916 }
wolfSSL 13:f67a6c6013ca 3917
wolfSSL 13:f67a6c6013ca 3918 if (version != 3)
wolfSSL 13:f67a6c6013ca 3919 return ASN_VERSION_E;
wolfSSL 13:f67a6c6013ca 3920
wolfSSL 13:f67a6c6013ca 3921 /* found kari */
wolfSSL 13:f67a6c6013ca 3922 ret = wc_PKCS7_DecodeKari(pkcs7, pkiMsg, pkiMsgSz, idx,
wolfSSL 13:f67a6c6013ca 3923 decryptedKey, decryptedKeySz,
wolfSSL 13:f67a6c6013ca 3924 recipFound);
wolfSSL 13:f67a6c6013ca 3925 if (ret != 0)
wolfSSL 13:f67a6c6013ca 3926 return ret;
wolfSSL 13:f67a6c6013ca 3927 }
wolfSSL 13:f67a6c6013ca 3928 else {
wolfSSL 13:f67a6c6013ca 3929 /* failed to find RecipientInfo, restore idx and continue */
wolfSSL 13:f67a6c6013ca 3930 *idx = savedIdx;
wolfSSL 13:f67a6c6013ca 3931 break;
wolfSSL 13:f67a6c6013ca 3932 }
wolfSSL 13:f67a6c6013ca 3933 }
wolfSSL 13:f67a6c6013ca 3934
wolfSSL 13:f67a6c6013ca 3935 /* update good idx */
wolfSSL 13:f67a6c6013ca 3936 savedIdx = *idx;
wolfSSL 13:f67a6c6013ca 3937 }
wolfSSL 13:f67a6c6013ca 3938
wolfSSL 13:f67a6c6013ca 3939 return 0;
wolfSSL 13:f67a6c6013ca 3940 }
wolfSSL 13:f67a6c6013ca 3941
wolfSSL 13:f67a6c6013ca 3942
wolfSSL 13:f67a6c6013ca 3943 /* unwrap and decrypt PKCS#7 envelopedData object, return decoded size */
wolfSSL 13:f67a6c6013ca 3944 WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
wolfSSL 13:f67a6c6013ca 3945 word32 pkiMsgSz, byte* output,
wolfSSL 13:f67a6c6013ca 3946 word32 outputSz)
wolfSSL 13:f67a6c6013ca 3947 {
wolfSSL 13:f67a6c6013ca 3948 int recipFound = 0;
wolfSSL 13:f67a6c6013ca 3949 int ret, version, length;
wolfSSL 13:f67a6c6013ca 3950 word32 idx = 0;
wolfSSL 13:f67a6c6013ca 3951 word32 contentType, encOID;
wolfSSL 13:f67a6c6013ca 3952 word32 decryptedKeySz;
wolfSSL 13:f67a6c6013ca 3953
wolfSSL 13:f67a6c6013ca 3954 int expBlockSz, blockKeySz;
wolfSSL 13:f67a6c6013ca 3955 byte tmpIv[MAX_CONTENT_IV_SIZE];
wolfSSL 13:f67a6c6013ca 3956
wolfSSL 13:f67a6c6013ca 3957 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 3958 byte* decryptedKey;
wolfSSL 13:f67a6c6013ca 3959 #else
wolfSSL 13:f67a6c6013ca 3960 byte decryptedKey[MAX_ENCRYPTED_KEY_SZ];
wolfSSL 13:f67a6c6013ca 3961 #endif
wolfSSL 13:f67a6c6013ca 3962 int encryptedContentSz;
wolfSSL 13:f67a6c6013ca 3963 byte padLen;
wolfSSL 13:f67a6c6013ca 3964 byte* encryptedContent = NULL;
wolfSSL 13:f67a6c6013ca 3965
wolfSSL 13:f67a6c6013ca 3966 if (pkcs7 == NULL || pkcs7->singleCert == NULL ||
wolfSSL 13:f67a6c6013ca 3967 pkcs7->singleCertSz == 0 || pkcs7->privateKey == NULL ||
wolfSSL 13:f67a6c6013ca 3968 pkcs7->privateKeySz == 0)
wolfSSL 13:f67a6c6013ca 3969 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 3970
wolfSSL 13:f67a6c6013ca 3971 if (pkiMsg == NULL || pkiMsgSz == 0 ||
wolfSSL 13:f67a6c6013ca 3972 output == NULL || outputSz == 0)
wolfSSL 13:f67a6c6013ca 3973 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 3974
wolfSSL 13:f67a6c6013ca 3975 /* read past ContentInfo, verify type is envelopedData */
wolfSSL 13:f67a6c6013ca 3976 if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 3977 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3978
wolfSSL 13:f67a6c6013ca 3979 if (wc_GetContentType(pkiMsg, &idx, &contentType, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 3980 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3981
wolfSSL 13:f67a6c6013ca 3982 if (contentType != ENVELOPED_DATA) {
wolfSSL 13:f67a6c6013ca 3983 WOLFSSL_MSG("PKCS#7 input not of type EnvelopedData");
wolfSSL 13:f67a6c6013ca 3984 return PKCS7_OID_E;
wolfSSL 13:f67a6c6013ca 3985 }
wolfSSL 13:f67a6c6013ca 3986
wolfSSL 13:f67a6c6013ca 3987 if (pkiMsg[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0))
wolfSSL 13:f67a6c6013ca 3988 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3989
wolfSSL 13:f67a6c6013ca 3990 if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 3991 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3992
wolfSSL 13:f67a6c6013ca 3993 /* remove EnvelopedData and version */
wolfSSL 13:f67a6c6013ca 3994 if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 3995 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3996
wolfSSL 13:f67a6c6013ca 3997 if (GetMyVersion(pkiMsg, &idx, &version, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 3998 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 3999
wolfSSL 13:f67a6c6013ca 4000 /* TODO :: make this more accurate */
wolfSSL 13:f67a6c6013ca 4001 if ((pkcs7->publicKeyOID == RSAk && version != 0) ||
wolfSSL 13:f67a6c6013ca 4002 (pkcs7->publicKeyOID == ECDSAk && version != 2)) {
wolfSSL 13:f67a6c6013ca 4003 WOLFSSL_MSG("PKCS#7 envelopedData needs to be of version 0");
wolfSSL 13:f67a6c6013ca 4004 return ASN_VERSION_E;
wolfSSL 13:f67a6c6013ca 4005 }
wolfSSL 13:f67a6c6013ca 4006
wolfSSL 13:f67a6c6013ca 4007 /* walk through RecipientInfo set, find correct recipient */
wolfSSL 13:f67a6c6013ca 4008 if (GetSet(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 4009 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4010
wolfSSL 13:f67a6c6013ca 4011 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 4012 decryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, NULL,
wolfSSL 13:f67a6c6013ca 4013 DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4014 if (decryptedKey == NULL)
wolfSSL 13:f67a6c6013ca 4015 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 4016 #endif
wolfSSL 13:f67a6c6013ca 4017 decryptedKeySz = MAX_ENCRYPTED_KEY_SZ;
wolfSSL 13:f67a6c6013ca 4018
wolfSSL 13:f67a6c6013ca 4019 ret = wc_PKCS7_DecodeRecipientInfos(pkcs7, pkiMsg, pkiMsgSz, &idx,
wolfSSL 13:f67a6c6013ca 4020 decryptedKey, &decryptedKeySz,
wolfSSL 13:f67a6c6013ca 4021 &recipFound);
wolfSSL 13:f67a6c6013ca 4022 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 4023 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 4024 XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4025 #endif
wolfSSL 13:f67a6c6013ca 4026 return ret;
wolfSSL 13:f67a6c6013ca 4027 }
wolfSSL 13:f67a6c6013ca 4028
wolfSSL 13:f67a6c6013ca 4029 if (recipFound == 0) {
wolfSSL 13:f67a6c6013ca 4030 WOLFSSL_MSG("No recipient found in envelopedData that matches input");
wolfSSL 13:f67a6c6013ca 4031 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 4032 XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4033 #endif
wolfSSL 13:f67a6c6013ca 4034 return PKCS7_RECIP_E;
wolfSSL 13:f67a6c6013ca 4035 }
wolfSSL 13:f67a6c6013ca 4036
wolfSSL 13:f67a6c6013ca 4037 /* remove EncryptedContentInfo */
wolfSSL 13:f67a6c6013ca 4038 if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) {
wolfSSL 13:f67a6c6013ca 4039 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 4040 XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4041 #endif
wolfSSL 13:f67a6c6013ca 4042 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4043 }
wolfSSL 13:f67a6c6013ca 4044
wolfSSL 13:f67a6c6013ca 4045 if (wc_GetContentType(pkiMsg, &idx, &contentType, pkiMsgSz) < 0) {
wolfSSL 13:f67a6c6013ca 4046 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 4047 XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4048 #endif
wolfSSL 13:f67a6c6013ca 4049 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4050 }
wolfSSL 13:f67a6c6013ca 4051
wolfSSL 13:f67a6c6013ca 4052 if (GetAlgoId(pkiMsg, &idx, &encOID, oidBlkType, pkiMsgSz) < 0) {
wolfSSL 13:f67a6c6013ca 4053 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 4054 XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4055 #endif
wolfSSL 13:f67a6c6013ca 4056 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4057 }
wolfSSL 13:f67a6c6013ca 4058
wolfSSL 13:f67a6c6013ca 4059 blockKeySz = wc_PKCS7_GetOIDKeySize(encOID);
wolfSSL 13:f67a6c6013ca 4060 if (blockKeySz < 0) {
wolfSSL 13:f67a6c6013ca 4061 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 4062 XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4063 #endif
wolfSSL 13:f67a6c6013ca 4064 return blockKeySz;
wolfSSL 13:f67a6c6013ca 4065 }
wolfSSL 13:f67a6c6013ca 4066
wolfSSL 13:f67a6c6013ca 4067 expBlockSz = wc_PKCS7_GetOIDBlockSize(encOID);
wolfSSL 13:f67a6c6013ca 4068 if (expBlockSz < 0) {
wolfSSL 13:f67a6c6013ca 4069 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 4070 XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4071 #endif
wolfSSL 13:f67a6c6013ca 4072 return expBlockSz;
wolfSSL 13:f67a6c6013ca 4073 }
wolfSSL 13:f67a6c6013ca 4074
wolfSSL 13:f67a6c6013ca 4075 /* get block cipher IV, stored in OPTIONAL parameter of AlgoID */
wolfSSL 13:f67a6c6013ca 4076 if (pkiMsg[idx++] != ASN_OCTET_STRING) {
wolfSSL 13:f67a6c6013ca 4077 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 4078 XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4079 #endif
wolfSSL 13:f67a6c6013ca 4080 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4081 }
wolfSSL 13:f67a6c6013ca 4082
wolfSSL 13:f67a6c6013ca 4083 if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0) {
wolfSSL 13:f67a6c6013ca 4084 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 4085 XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4086 #endif
wolfSSL 13:f67a6c6013ca 4087 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4088 }
wolfSSL 13:f67a6c6013ca 4089
wolfSSL 13:f67a6c6013ca 4090 if (length != expBlockSz) {
wolfSSL 13:f67a6c6013ca 4091 WOLFSSL_MSG("Incorrect IV length, must be of content alg block size");
wolfSSL 13:f67a6c6013ca 4092 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 4093 XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4094 #endif
wolfSSL 13:f67a6c6013ca 4095 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4096 }
wolfSSL 13:f67a6c6013ca 4097
wolfSSL 13:f67a6c6013ca 4098 XMEMCPY(tmpIv, &pkiMsg[idx], length);
wolfSSL 13:f67a6c6013ca 4099 idx += length;
wolfSSL 13:f67a6c6013ca 4100
wolfSSL 13:f67a6c6013ca 4101 /* read encryptedContent, cont[0] */
wolfSSL 13:f67a6c6013ca 4102 if (pkiMsg[idx++] != (ASN_CONTEXT_SPECIFIC | 0)) {
wolfSSL 13:f67a6c6013ca 4103 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 4104 XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4105 #endif
wolfSSL 13:f67a6c6013ca 4106 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4107 }
wolfSSL 13:f67a6c6013ca 4108
wolfSSL 13:f67a6c6013ca 4109 if (GetLength(pkiMsg, &idx, &encryptedContentSz, pkiMsgSz) <= 0) {
wolfSSL 13:f67a6c6013ca 4110 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 4111 XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4112 #endif
wolfSSL 13:f67a6c6013ca 4113 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4114 }
wolfSSL 13:f67a6c6013ca 4115
wolfSSL 13:f67a6c6013ca 4116 encryptedContent = (byte*)XMALLOC(encryptedContentSz, pkcs7->heap,
wolfSSL 13:f67a6c6013ca 4117 DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4118 if (encryptedContent == NULL) {
wolfSSL 13:f67a6c6013ca 4119 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 4120 XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4121 #endif
wolfSSL 13:f67a6c6013ca 4122 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 4123 }
wolfSSL 13:f67a6c6013ca 4124
wolfSSL 13:f67a6c6013ca 4125 XMEMCPY(encryptedContent, &pkiMsg[idx], encryptedContentSz);
wolfSSL 13:f67a6c6013ca 4126
wolfSSL 13:f67a6c6013ca 4127 /* decrypt encryptedContent */
wolfSSL 13:f67a6c6013ca 4128 ret = wc_PKCS7_DecryptContent(encOID, decryptedKey, blockKeySz,
wolfSSL 13:f67a6c6013ca 4129 tmpIv, expBlockSz, encryptedContent,
wolfSSL 13:f67a6c6013ca 4130 encryptedContentSz, encryptedContent);
wolfSSL 13:f67a6c6013ca 4131 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 4132 XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4133 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 4134 XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4135 #endif
wolfSSL 13:f67a6c6013ca 4136 return ret;
wolfSSL 13:f67a6c6013ca 4137 }
wolfSSL 13:f67a6c6013ca 4138
wolfSSL 13:f67a6c6013ca 4139 padLen = encryptedContent[encryptedContentSz-1];
wolfSSL 13:f67a6c6013ca 4140
wolfSSL 13:f67a6c6013ca 4141 /* copy plaintext to output */
wolfSSL 13:f67a6c6013ca 4142 XMEMCPY(output, encryptedContent, encryptedContentSz - padLen);
wolfSSL 13:f67a6c6013ca 4143
wolfSSL 13:f67a6c6013ca 4144 /* free memory, zero out keys */
wolfSSL 13:f67a6c6013ca 4145 ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ);
wolfSSL 13:f67a6c6013ca 4146 ForceZero(encryptedContent, encryptedContentSz);
wolfSSL 13:f67a6c6013ca 4147 XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4148 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 4149 XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4150 #endif
wolfSSL 13:f67a6c6013ca 4151
wolfSSL 13:f67a6c6013ca 4152 return encryptedContentSz - padLen;
wolfSSL 13:f67a6c6013ca 4153 }
wolfSSL 13:f67a6c6013ca 4154
wolfSSL 13:f67a6c6013ca 4155
wolfSSL 13:f67a6c6013ca 4156 /* build PKCS#7 encryptedData content type, return encrypted size */
wolfSSL 13:f67a6c6013ca 4157 int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
wolfSSL 13:f67a6c6013ca 4158 {
wolfSSL 13:f67a6c6013ca 4159 int ret, idx = 0;
wolfSSL 13:f67a6c6013ca 4160 int totalSz, padSz, encryptedOutSz;
wolfSSL 13:f67a6c6013ca 4161
wolfSSL 13:f67a6c6013ca 4162 int contentInfoSeqSz, outerContentTypeSz, outerContentSz;
wolfSSL 13:f67a6c6013ca 4163 byte contentInfoSeq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 4164 byte outerContentType[MAX_ALGO_SZ];
wolfSSL 13:f67a6c6013ca 4165 byte outerContent[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 4166
wolfSSL 13:f67a6c6013ca 4167 int encDataSeqSz, verSz, blockSz;
wolfSSL 13:f67a6c6013ca 4168 byte encDataSeq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 4169 byte ver[MAX_VERSION_SZ];
wolfSSL 13:f67a6c6013ca 4170
wolfSSL 13:f67a6c6013ca 4171 byte* plain = NULL;
wolfSSL 13:f67a6c6013ca 4172 byte* encryptedContent = NULL;
wolfSSL 13:f67a6c6013ca 4173
wolfSSL 13:f67a6c6013ca 4174 int encContentOctetSz, encContentSeqSz, contentTypeSz;
wolfSSL 13:f67a6c6013ca 4175 int contentEncAlgoSz, ivOctetStringSz;
wolfSSL 13:f67a6c6013ca 4176 byte encContentSeq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 4177 byte contentType[MAX_ALGO_SZ];
wolfSSL 13:f67a6c6013ca 4178 byte contentEncAlgo[MAX_ALGO_SZ];
wolfSSL 13:f67a6c6013ca 4179 byte tmpIv[MAX_CONTENT_IV_SIZE];
wolfSSL 13:f67a6c6013ca 4180 byte ivOctetString[MAX_OCTET_STR_SZ];
wolfSSL 13:f67a6c6013ca 4181 byte encContentOctet[MAX_OCTET_STR_SZ];
wolfSSL 13:f67a6c6013ca 4182
wolfSSL 13:f67a6c6013ca 4183 byte attribSet[MAX_SET_SZ];
wolfSSL 13:f67a6c6013ca 4184 EncodedAttrib* attribs = NULL;
wolfSSL 13:f67a6c6013ca 4185 word32 attribsSz;
wolfSSL 13:f67a6c6013ca 4186 word32 attribsCount;
wolfSSL 13:f67a6c6013ca 4187 word32 attribsSetSz;
wolfSSL 13:f67a6c6013ca 4188
wolfSSL 13:f67a6c6013ca 4189 byte* flatAttribs = NULL;
wolfSSL 13:f67a6c6013ca 4190
wolfSSL 13:f67a6c6013ca 4191 if (pkcs7 == NULL || pkcs7->content == NULL || pkcs7->contentSz == 0 ||
wolfSSL 13:f67a6c6013ca 4192 pkcs7->encryptOID == 0 || pkcs7->encryptionKey == NULL ||
wolfSSL 13:f67a6c6013ca 4193 pkcs7->encryptionKeySz == 0)
wolfSSL 13:f67a6c6013ca 4194 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 4195
wolfSSL 13:f67a6c6013ca 4196 if (output == NULL || outputSz == 0)
wolfSSL 13:f67a6c6013ca 4197 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 4198
wolfSSL 13:f67a6c6013ca 4199 /* outer content type */
wolfSSL 13:f67a6c6013ca 4200 outerContentTypeSz = wc_SetContentType(ENCRYPTED_DATA, outerContentType);
wolfSSL 13:f67a6c6013ca 4201
wolfSSL 13:f67a6c6013ca 4202 /* version, 2 if unprotectedAttrs present, 0 if absent */
wolfSSL 13:f67a6c6013ca 4203 if (pkcs7->unprotectedAttribsSz > 0) {
wolfSSL 13:f67a6c6013ca 4204 verSz = SetMyVersion(2, ver, 0);
wolfSSL 13:f67a6c6013ca 4205 } else {
wolfSSL 13:f67a6c6013ca 4206 verSz = SetMyVersion(0, ver, 0);
wolfSSL 13:f67a6c6013ca 4207 }
wolfSSL 13:f67a6c6013ca 4208
wolfSSL 13:f67a6c6013ca 4209 /* EncryptedContentInfo */
wolfSSL 13:f67a6c6013ca 4210 contentTypeSz = wc_SetContentType(pkcs7->contentOID, contentType);
wolfSSL 13:f67a6c6013ca 4211 if (contentTypeSz == 0)
wolfSSL 13:f67a6c6013ca 4212 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 4213
wolfSSL 13:f67a6c6013ca 4214 /* allocate encrypted content buffer, do PKCS#7 padding */
wolfSSL 13:f67a6c6013ca 4215 blockSz = wc_PKCS7_GetOIDBlockSize(pkcs7->encryptOID);
wolfSSL 13:f67a6c6013ca 4216 if (blockSz < 0)
wolfSSL 13:f67a6c6013ca 4217 return blockSz;
wolfSSL 13:f67a6c6013ca 4218
wolfSSL 13:f67a6c6013ca 4219 padSz = wc_PKCS7_GetPadSize(pkcs7->contentSz, blockSz);
wolfSSL 13:f67a6c6013ca 4220 if (padSz < 0)
wolfSSL 13:f67a6c6013ca 4221 return padSz;
wolfSSL 13:f67a6c6013ca 4222
wolfSSL 13:f67a6c6013ca 4223 encryptedOutSz = pkcs7->contentSz + padSz;
wolfSSL 13:f67a6c6013ca 4224
wolfSSL 13:f67a6c6013ca 4225 plain = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap,
wolfSSL 13:f67a6c6013ca 4226 DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4227 if (plain == NULL)
wolfSSL 13:f67a6c6013ca 4228 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 4229
wolfSSL 13:f67a6c6013ca 4230 ret = wc_PKCS7_PadData(pkcs7->content, pkcs7->contentSz, plain,
wolfSSL 13:f67a6c6013ca 4231 encryptedOutSz, blockSz);
wolfSSL 13:f67a6c6013ca 4232 if (ret < 0) {
wolfSSL 13:f67a6c6013ca 4233 XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4234 return ret;
wolfSSL 13:f67a6c6013ca 4235 }
wolfSSL 13:f67a6c6013ca 4236
wolfSSL 13:f67a6c6013ca 4237 encryptedContent = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap,
wolfSSL 13:f67a6c6013ca 4238 DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4239 if (encryptedContent == NULL) {
wolfSSL 13:f67a6c6013ca 4240 XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4241 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 4242 }
wolfSSL 13:f67a6c6013ca 4243
wolfSSL 13:f67a6c6013ca 4244 /* put together IV OCTET STRING */
wolfSSL 13:f67a6c6013ca 4245 ivOctetStringSz = SetOctetString(blockSz, ivOctetString);
wolfSSL 13:f67a6c6013ca 4246
wolfSSL 13:f67a6c6013ca 4247 /* build up ContentEncryptionAlgorithmIdentifier sequence,
wolfSSL 13:f67a6c6013ca 4248 adding (ivOctetStringSz + blockSz) for IV OCTET STRING */
wolfSSL 13:f67a6c6013ca 4249 contentEncAlgoSz = SetAlgoID(pkcs7->encryptOID, contentEncAlgo,
wolfSSL 13:f67a6c6013ca 4250 oidBlkType, ivOctetStringSz + blockSz);
wolfSSL 13:f67a6c6013ca 4251 if (contentEncAlgoSz == 0) {
wolfSSL 13:f67a6c6013ca 4252 XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4253 XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4254 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 4255 }
wolfSSL 13:f67a6c6013ca 4256
wolfSSL 13:f67a6c6013ca 4257 /* encrypt content */
wolfSSL 13:f67a6c6013ca 4258 ret = wc_PKCS7_GenerateIV(pkcs7, NULL, tmpIv, blockSz);
wolfSSL 13:f67a6c6013ca 4259 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 4260 XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4261 XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4262 return ret;
wolfSSL 13:f67a6c6013ca 4263 }
wolfSSL 13:f67a6c6013ca 4264
wolfSSL 13:f67a6c6013ca 4265 ret = wc_PKCS7_EncryptContent(pkcs7->encryptOID, pkcs7->encryptionKey,
wolfSSL 13:f67a6c6013ca 4266 pkcs7->encryptionKeySz, tmpIv, blockSz, plain, encryptedOutSz,
wolfSSL 13:f67a6c6013ca 4267 encryptedContent);
wolfSSL 13:f67a6c6013ca 4268 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 4269 XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4270 XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4271 return ret;
wolfSSL 13:f67a6c6013ca 4272 }
wolfSSL 13:f67a6c6013ca 4273
wolfSSL 13:f67a6c6013ca 4274 encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0,
wolfSSL 13:f67a6c6013ca 4275 encryptedOutSz, encContentOctet);
wolfSSL 13:f67a6c6013ca 4276
wolfSSL 13:f67a6c6013ca 4277 encContentSeqSz = SetSequence(contentTypeSz + contentEncAlgoSz +
wolfSSL 13:f67a6c6013ca 4278 ivOctetStringSz + blockSz +
wolfSSL 13:f67a6c6013ca 4279 encContentOctetSz + encryptedOutSz,
wolfSSL 13:f67a6c6013ca 4280 encContentSeq);
wolfSSL 13:f67a6c6013ca 4281
wolfSSL 13:f67a6c6013ca 4282 /* optional UnprotectedAttributes */
wolfSSL 13:f67a6c6013ca 4283 if (pkcs7->unprotectedAttribsSz != 0) {
wolfSSL 13:f67a6c6013ca 4284
wolfSSL 13:f67a6c6013ca 4285 if (pkcs7->unprotectedAttribs == NULL) {
wolfSSL 13:f67a6c6013ca 4286 XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4287 XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4288 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 4289 }
wolfSSL 13:f67a6c6013ca 4290
wolfSSL 13:f67a6c6013ca 4291 attribs = (EncodedAttrib*)XMALLOC(
wolfSSL 13:f67a6c6013ca 4292 sizeof(EncodedAttrib) * pkcs7->unprotectedAttribsSz,
wolfSSL 13:f67a6c6013ca 4293 pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4294 if (attribs == NULL) {
wolfSSL 13:f67a6c6013ca 4295 XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4296 XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4297 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 4298 }
wolfSSL 13:f67a6c6013ca 4299
wolfSSL 13:f67a6c6013ca 4300 attribsCount = pkcs7->unprotectedAttribsSz;
wolfSSL 13:f67a6c6013ca 4301 attribsSz = EncodeAttributes(attribs, pkcs7->unprotectedAttribsSz,
wolfSSL 13:f67a6c6013ca 4302 pkcs7->unprotectedAttribs,
wolfSSL 13:f67a6c6013ca 4303 pkcs7->unprotectedAttribsSz);
wolfSSL 13:f67a6c6013ca 4304
wolfSSL 13:f67a6c6013ca 4305 flatAttribs = (byte*)XMALLOC(attribsSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4306 if (flatAttribs == NULL) {
wolfSSL 13:f67a6c6013ca 4307 XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4308 XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4309 XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4310 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 4311 }
wolfSSL 13:f67a6c6013ca 4312
wolfSSL 13:f67a6c6013ca 4313 FlattenAttributes(flatAttribs, attribs, attribsCount);
wolfSSL 13:f67a6c6013ca 4314 attribsSetSz = SetImplicit(ASN_SET, 1, attribsSz, attribSet);
wolfSSL 13:f67a6c6013ca 4315
wolfSSL 13:f67a6c6013ca 4316 } else {
wolfSSL 13:f67a6c6013ca 4317 attribsSz = 0;
wolfSSL 13:f67a6c6013ca 4318 attribsSetSz = 0;
wolfSSL 13:f67a6c6013ca 4319 }
wolfSSL 13:f67a6c6013ca 4320
wolfSSL 13:f67a6c6013ca 4321 /* keep track of sizes for outer wrapper layering */
wolfSSL 13:f67a6c6013ca 4322 totalSz = verSz + encContentSeqSz + contentTypeSz + contentEncAlgoSz +
wolfSSL 13:f67a6c6013ca 4323 ivOctetStringSz + blockSz + encContentOctetSz + encryptedOutSz +
wolfSSL 13:f67a6c6013ca 4324 attribsSz + attribsSetSz;;
wolfSSL 13:f67a6c6013ca 4325
wolfSSL 13:f67a6c6013ca 4326 /* EncryptedData */
wolfSSL 13:f67a6c6013ca 4327 encDataSeqSz = SetSequence(totalSz, encDataSeq);
wolfSSL 13:f67a6c6013ca 4328 totalSz += encDataSeqSz;
wolfSSL 13:f67a6c6013ca 4329
wolfSSL 13:f67a6c6013ca 4330 /* outer content */
wolfSSL 13:f67a6c6013ca 4331 outerContentSz = SetExplicit(0, totalSz, outerContent);
wolfSSL 13:f67a6c6013ca 4332 totalSz += outerContentTypeSz;
wolfSSL 13:f67a6c6013ca 4333 totalSz += outerContentSz;
wolfSSL 13:f67a6c6013ca 4334
wolfSSL 13:f67a6c6013ca 4335 /* ContentInfo */
wolfSSL 13:f67a6c6013ca 4336 contentInfoSeqSz = SetSequence(totalSz, contentInfoSeq);
wolfSSL 13:f67a6c6013ca 4337 totalSz += contentInfoSeqSz;
wolfSSL 13:f67a6c6013ca 4338
wolfSSL 13:f67a6c6013ca 4339 if (totalSz > (int)outputSz) {
wolfSSL 13:f67a6c6013ca 4340 WOLFSSL_MSG("PKCS#7 output buffer too small");
wolfSSL 13:f67a6c6013ca 4341 if (pkcs7->unprotectedAttribsSz != 0) {
wolfSSL 13:f67a6c6013ca 4342 XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4343 XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4344 }
wolfSSL 13:f67a6c6013ca 4345 XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4346 XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4347 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 4348 }
wolfSSL 13:f67a6c6013ca 4349
wolfSSL 13:f67a6c6013ca 4350 XMEMCPY(output + idx, contentInfoSeq, contentInfoSeqSz);
wolfSSL 13:f67a6c6013ca 4351 idx += contentInfoSeqSz;
wolfSSL 13:f67a6c6013ca 4352 XMEMCPY(output + idx, outerContentType, outerContentTypeSz);
wolfSSL 13:f67a6c6013ca 4353 idx += outerContentTypeSz;
wolfSSL 13:f67a6c6013ca 4354 XMEMCPY(output + idx, outerContent, outerContentSz);
wolfSSL 13:f67a6c6013ca 4355 idx += outerContentSz;
wolfSSL 13:f67a6c6013ca 4356 XMEMCPY(output + idx, encDataSeq, encDataSeqSz);
wolfSSL 13:f67a6c6013ca 4357 idx += encDataSeqSz;
wolfSSL 13:f67a6c6013ca 4358 XMEMCPY(output + idx, ver, verSz);
wolfSSL 13:f67a6c6013ca 4359 idx += verSz;
wolfSSL 13:f67a6c6013ca 4360 XMEMCPY(output + idx, encContentSeq, encContentSeqSz);
wolfSSL 13:f67a6c6013ca 4361 idx += encContentSeqSz;
wolfSSL 13:f67a6c6013ca 4362 XMEMCPY(output + idx, contentType, contentTypeSz);
wolfSSL 13:f67a6c6013ca 4363 idx += contentTypeSz;
wolfSSL 13:f67a6c6013ca 4364 XMEMCPY(output + idx, contentEncAlgo, contentEncAlgoSz);
wolfSSL 13:f67a6c6013ca 4365 idx += contentEncAlgoSz;
wolfSSL 13:f67a6c6013ca 4366 XMEMCPY(output + idx, ivOctetString, ivOctetStringSz);
wolfSSL 13:f67a6c6013ca 4367 idx += ivOctetStringSz;
wolfSSL 13:f67a6c6013ca 4368 XMEMCPY(output + idx, tmpIv, blockSz);
wolfSSL 13:f67a6c6013ca 4369 idx += blockSz;
wolfSSL 13:f67a6c6013ca 4370 XMEMCPY(output + idx, encContentOctet, encContentOctetSz);
wolfSSL 13:f67a6c6013ca 4371 idx += encContentOctetSz;
wolfSSL 13:f67a6c6013ca 4372 XMEMCPY(output + idx, encryptedContent, encryptedOutSz);
wolfSSL 13:f67a6c6013ca 4373 idx += encryptedOutSz;
wolfSSL 13:f67a6c6013ca 4374
wolfSSL 13:f67a6c6013ca 4375 if (pkcs7->unprotectedAttribsSz != 0) {
wolfSSL 13:f67a6c6013ca 4376 XMEMCPY(output + idx, attribSet, attribsSetSz);
wolfSSL 13:f67a6c6013ca 4377 idx += attribsSetSz;
wolfSSL 13:f67a6c6013ca 4378 XMEMCPY(output + idx, flatAttribs, attribsSz);
wolfSSL 13:f67a6c6013ca 4379 idx += attribsSz;
wolfSSL 13:f67a6c6013ca 4380 XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4381 XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4382 }
wolfSSL 13:f67a6c6013ca 4383
wolfSSL 13:f67a6c6013ca 4384 XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4385 XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4386
wolfSSL 13:f67a6c6013ca 4387 return idx;
wolfSSL 13:f67a6c6013ca 4388 }
wolfSSL 13:f67a6c6013ca 4389
wolfSSL 13:f67a6c6013ca 4390
wolfSSL 13:f67a6c6013ca 4391 /* decode and store unprotected attributes in PKCS7->decodedAttrib. Return
wolfSSL 13:f67a6c6013ca 4392 * 0 on success, negative on error. User must call wc_PKCS7_Free(). */
wolfSSL 13:f67a6c6013ca 4393 static int wc_PKCS7_DecodeUnprotectedAttributes(PKCS7* pkcs7, byte* pkiMsg,
wolfSSL 13:f67a6c6013ca 4394 word32 pkiMsgSz, word32* inOutIdx)
wolfSSL 13:f67a6c6013ca 4395 {
wolfSSL 13:f67a6c6013ca 4396 int length, attribLen;
wolfSSL 13:f67a6c6013ca 4397 word32 oid, savedIdx, idx;
wolfSSL 13:f67a6c6013ca 4398 PKCS7DecodedAttrib* attrib = NULL;
wolfSSL 13:f67a6c6013ca 4399
wolfSSL 13:f67a6c6013ca 4400 if (pkcs7 == NULL || pkiMsg == NULL ||
wolfSSL 13:f67a6c6013ca 4401 pkiMsgSz == 0 || inOutIdx == NULL)
wolfSSL 13:f67a6c6013ca 4402 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 4403
wolfSSL 13:f67a6c6013ca 4404 idx = *inOutIdx;
wolfSSL 13:f67a6c6013ca 4405
wolfSSL 13:f67a6c6013ca 4406 if (pkiMsg[idx] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1))
wolfSSL 13:f67a6c6013ca 4407 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4408 idx++;
wolfSSL 13:f67a6c6013ca 4409
wolfSSL 13:f67a6c6013ca 4410 if (GetLength(pkiMsg, &idx, &attribLen, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 4411 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4412
wolfSSL 13:f67a6c6013ca 4413 /* loop through attributes */
wolfSSL 13:f67a6c6013ca 4414 while (attribLen > 0) {
wolfSSL 13:f67a6c6013ca 4415
wolfSSL 13:f67a6c6013ca 4416 if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 4417 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4418
wolfSSL 13:f67a6c6013ca 4419 attribLen -= (length + 2); /* TAG + LENGTH + DATA */
wolfSSL 13:f67a6c6013ca 4420 savedIdx = idx;
wolfSSL 13:f67a6c6013ca 4421
wolfSSL 13:f67a6c6013ca 4422 attrib = (PKCS7DecodedAttrib*)XMALLOC(sizeof(PKCS7DecodedAttrib),
wolfSSL 13:f67a6c6013ca 4423 pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4424 if (attrib == NULL) {
wolfSSL 13:f67a6c6013ca 4425 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 4426 }
wolfSSL 13:f67a6c6013ca 4427 XMEMSET(attrib, 0, sizeof(PKCS7DecodedAttrib));
wolfSSL 13:f67a6c6013ca 4428
wolfSSL 13:f67a6c6013ca 4429 /* save attribute OID bytes and size */
wolfSSL 13:f67a6c6013ca 4430 if (GetObjectId(pkiMsg, &idx, &oid, oidIgnoreType, pkiMsgSz) < 0) {
wolfSSL 13:f67a6c6013ca 4431 XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4432 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4433 }
wolfSSL 13:f67a6c6013ca 4434
wolfSSL 13:f67a6c6013ca 4435 attrib->oidSz = idx - savedIdx;
wolfSSL 13:f67a6c6013ca 4436 attrib->oid = (byte*)XMALLOC(attrib->oidSz, pkcs7->heap,
wolfSSL 13:f67a6c6013ca 4437 DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4438 if (attrib->oid == NULL) {
wolfSSL 13:f67a6c6013ca 4439 XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4440 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 4441 }
wolfSSL 13:f67a6c6013ca 4442 XMEMCPY(attrib->oid, pkiMsg + savedIdx, attrib->oidSz);
wolfSSL 13:f67a6c6013ca 4443
wolfSSL 13:f67a6c6013ca 4444 /* save attribute value bytes and size */
wolfSSL 13:f67a6c6013ca 4445 if (GetSet(pkiMsg, &idx, &length, pkiMsgSz) < 0) {
wolfSSL 13:f67a6c6013ca 4446 XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4447 XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4448 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4449 }
wolfSSL 13:f67a6c6013ca 4450
wolfSSL 13:f67a6c6013ca 4451 if ((pkiMsgSz - idx) < (word32)length) {
wolfSSL 13:f67a6c6013ca 4452 XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4453 XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4454 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4455 }
wolfSSL 13:f67a6c6013ca 4456
wolfSSL 13:f67a6c6013ca 4457 attrib->valueSz = (word32)length;
wolfSSL 13:f67a6c6013ca 4458 attrib->value = (byte*)XMALLOC(attrib->valueSz, pkcs7->heap,
wolfSSL 13:f67a6c6013ca 4459 DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4460 if (attrib->value == NULL) {
wolfSSL 13:f67a6c6013ca 4461 XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4462 XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4463 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 4464 }
wolfSSL 13:f67a6c6013ca 4465 XMEMCPY(attrib->value, pkiMsg + idx, attrib->valueSz);
wolfSSL 13:f67a6c6013ca 4466 idx += length;
wolfSSL 13:f67a6c6013ca 4467
wolfSSL 13:f67a6c6013ca 4468 /* store attribute in linked list */
wolfSSL 13:f67a6c6013ca 4469 if (pkcs7->decodedAttrib != NULL) {
wolfSSL 13:f67a6c6013ca 4470 attrib->next = pkcs7->decodedAttrib;
wolfSSL 13:f67a6c6013ca 4471 pkcs7->decodedAttrib = attrib;
wolfSSL 13:f67a6c6013ca 4472 } else {
wolfSSL 13:f67a6c6013ca 4473 pkcs7->decodedAttrib = attrib;
wolfSSL 13:f67a6c6013ca 4474 }
wolfSSL 13:f67a6c6013ca 4475 }
wolfSSL 13:f67a6c6013ca 4476
wolfSSL 13:f67a6c6013ca 4477 *inOutIdx = idx;
wolfSSL 13:f67a6c6013ca 4478
wolfSSL 13:f67a6c6013ca 4479 return 0;
wolfSSL 13:f67a6c6013ca 4480 }
wolfSSL 13:f67a6c6013ca 4481
wolfSSL 13:f67a6c6013ca 4482
wolfSSL 13:f67a6c6013ca 4483 /* unwrap and decrypt PKCS#7/CMS encrypted-data object, returned decoded size */
wolfSSL 13:f67a6c6013ca 4484 int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
wolfSSL 13:f67a6c6013ca 4485 byte* output, word32 outputSz)
wolfSSL 13:f67a6c6013ca 4486 {
wolfSSL 13:f67a6c6013ca 4487 int ret, version, length, haveAttribs;
wolfSSL 13:f67a6c6013ca 4488 word32 idx = 0;
wolfSSL 13:f67a6c6013ca 4489 word32 contentType, encOID;
wolfSSL 13:f67a6c6013ca 4490
wolfSSL 13:f67a6c6013ca 4491 int expBlockSz;
wolfSSL 13:f67a6c6013ca 4492 byte tmpIv[MAX_CONTENT_IV_SIZE];
wolfSSL 13:f67a6c6013ca 4493
wolfSSL 13:f67a6c6013ca 4494 int encryptedContentSz;
wolfSSL 13:f67a6c6013ca 4495 byte padLen;
wolfSSL 13:f67a6c6013ca 4496 byte* encryptedContent = NULL;
wolfSSL 13:f67a6c6013ca 4497
wolfSSL 13:f67a6c6013ca 4498 if (pkcs7 == NULL || pkcs7->encryptionKey == NULL ||
wolfSSL 13:f67a6c6013ca 4499 pkcs7->encryptionKeySz == 0)
wolfSSL 13:f67a6c6013ca 4500 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 4501
wolfSSL 13:f67a6c6013ca 4502 if (pkiMsg == NULL || pkiMsgSz == 0 ||
wolfSSL 13:f67a6c6013ca 4503 output == NULL || outputSz == 0)
wolfSSL 13:f67a6c6013ca 4504 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 4505
wolfSSL 13:f67a6c6013ca 4506 /* read past ContentInfo, verify type is encrypted-data */
wolfSSL 13:f67a6c6013ca 4507 if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 4508 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4509
wolfSSL 13:f67a6c6013ca 4510 if (wc_GetContentType(pkiMsg, &idx, &contentType, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 4511 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4512
wolfSSL 13:f67a6c6013ca 4513 if (contentType != ENCRYPTED_DATA) {
wolfSSL 13:f67a6c6013ca 4514 WOLFSSL_MSG("PKCS#7 input not of type EncryptedData");
wolfSSL 13:f67a6c6013ca 4515 return PKCS7_OID_E;
wolfSSL 13:f67a6c6013ca 4516 }
wolfSSL 13:f67a6c6013ca 4517
wolfSSL 13:f67a6c6013ca 4518 if (pkiMsg[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0))
wolfSSL 13:f67a6c6013ca 4519 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4520
wolfSSL 13:f67a6c6013ca 4521 if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 4522 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4523
wolfSSL 13:f67a6c6013ca 4524 /* remove EncryptedData and version */
wolfSSL 13:f67a6c6013ca 4525 if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 4526 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4527
wolfSSL 13:f67a6c6013ca 4528 /* get version, check later */
wolfSSL 13:f67a6c6013ca 4529 haveAttribs = 0;
wolfSSL 13:f67a6c6013ca 4530 if (GetMyVersion(pkiMsg, &idx, &version, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 4531 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4532
wolfSSL 13:f67a6c6013ca 4533 /* remove EncryptedContentInfo */
wolfSSL 13:f67a6c6013ca 4534 if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 4535 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4536
wolfSSL 13:f67a6c6013ca 4537 if (wc_GetContentType(pkiMsg, &idx, &contentType, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 4538 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4539
wolfSSL 13:f67a6c6013ca 4540 if (GetAlgoId(pkiMsg, &idx, &encOID, oidBlkType, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 4541 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4542
wolfSSL 13:f67a6c6013ca 4543 expBlockSz = wc_PKCS7_GetOIDBlockSize(encOID);
wolfSSL 13:f67a6c6013ca 4544 if (expBlockSz < 0)
wolfSSL 13:f67a6c6013ca 4545 return expBlockSz;
wolfSSL 13:f67a6c6013ca 4546
wolfSSL 13:f67a6c6013ca 4547 /* get block cipher IV, stored in OPTIONAL parameter of AlgoID */
wolfSSL 13:f67a6c6013ca 4548 if (pkiMsg[idx++] != ASN_OCTET_STRING)
wolfSSL 13:f67a6c6013ca 4549 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4550
wolfSSL 13:f67a6c6013ca 4551 if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0)
wolfSSL 13:f67a6c6013ca 4552 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4553
wolfSSL 13:f67a6c6013ca 4554 if (length != expBlockSz) {
wolfSSL 13:f67a6c6013ca 4555 WOLFSSL_MSG("Incorrect IV length, must be of content alg block size");
wolfSSL 13:f67a6c6013ca 4556 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4557 }
wolfSSL 13:f67a6c6013ca 4558
wolfSSL 13:f67a6c6013ca 4559 XMEMCPY(tmpIv, &pkiMsg[idx], length);
wolfSSL 13:f67a6c6013ca 4560 idx += length;
wolfSSL 13:f67a6c6013ca 4561
wolfSSL 13:f67a6c6013ca 4562 /* read encryptedContent, cont[0] */
wolfSSL 13:f67a6c6013ca 4563 if (pkiMsg[idx++] != (ASN_CONTEXT_SPECIFIC | 0))
wolfSSL 13:f67a6c6013ca 4564 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4565
wolfSSL 13:f67a6c6013ca 4566 if (GetLength(pkiMsg, &idx, &encryptedContentSz, pkiMsgSz) <= 0)
wolfSSL 13:f67a6c6013ca 4567 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4568
wolfSSL 13:f67a6c6013ca 4569 encryptedContent = (byte*)XMALLOC(encryptedContentSz, pkcs7->heap,
wolfSSL 13:f67a6c6013ca 4570 DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4571 if (encryptedContent == NULL)
wolfSSL 13:f67a6c6013ca 4572 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 4573
wolfSSL 13:f67a6c6013ca 4574 XMEMCPY(encryptedContent, &pkiMsg[idx], encryptedContentSz);
wolfSSL 13:f67a6c6013ca 4575 idx += encryptedContentSz;
wolfSSL 13:f67a6c6013ca 4576
wolfSSL 13:f67a6c6013ca 4577 /* decrypt encryptedContent */
wolfSSL 13:f67a6c6013ca 4578 ret = wc_PKCS7_DecryptContent(encOID, pkcs7->encryptionKey,
wolfSSL 13:f67a6c6013ca 4579 pkcs7->encryptionKeySz, tmpIv, expBlockSz,
wolfSSL 13:f67a6c6013ca 4580 encryptedContent, encryptedContentSz,
wolfSSL 13:f67a6c6013ca 4581 encryptedContent);
wolfSSL 13:f67a6c6013ca 4582 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 4583 XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4584 return ret;
wolfSSL 13:f67a6c6013ca 4585 }
wolfSSL 13:f67a6c6013ca 4586
wolfSSL 13:f67a6c6013ca 4587 padLen = encryptedContent[encryptedContentSz-1];
wolfSSL 13:f67a6c6013ca 4588
wolfSSL 13:f67a6c6013ca 4589 /* copy plaintext to output */
wolfSSL 13:f67a6c6013ca 4590 XMEMCPY(output, encryptedContent, encryptedContentSz - padLen);
wolfSSL 13:f67a6c6013ca 4591
wolfSSL 13:f67a6c6013ca 4592 /* get implicit[1] unprotected attributes, optional */
wolfSSL 13:f67a6c6013ca 4593 pkcs7->decodedAttrib = NULL;
wolfSSL 13:f67a6c6013ca 4594 if (idx < pkiMsgSz) {
wolfSSL 13:f67a6c6013ca 4595
wolfSSL 13:f67a6c6013ca 4596 haveAttribs = 1;
wolfSSL 13:f67a6c6013ca 4597
wolfSSL 13:f67a6c6013ca 4598 ret = wc_PKCS7_DecodeUnprotectedAttributes(pkcs7, pkiMsg,
wolfSSL 13:f67a6c6013ca 4599 pkiMsgSz, &idx);
wolfSSL 13:f67a6c6013ca 4600 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 4601 ForceZero(encryptedContent, encryptedContentSz);
wolfSSL 13:f67a6c6013ca 4602 XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4603 return ASN_PARSE_E;
wolfSSL 13:f67a6c6013ca 4604 }
wolfSSL 13:f67a6c6013ca 4605 }
wolfSSL 13:f67a6c6013ca 4606
wolfSSL 13:f67a6c6013ca 4607 /* go back and check the version now that attribs have been processed */
wolfSSL 13:f67a6c6013ca 4608 if ((haveAttribs == 0 && version != 0) ||
wolfSSL 13:f67a6c6013ca 4609 (haveAttribs == 1 && version != 2) ) {
wolfSSL 13:f67a6c6013ca 4610 WOLFSSL_MSG("Wrong PKCS#7 EncryptedData version");
wolfSSL 13:f67a6c6013ca 4611 return ASN_VERSION_E;
wolfSSL 13:f67a6c6013ca 4612 }
wolfSSL 13:f67a6c6013ca 4613
wolfSSL 13:f67a6c6013ca 4614 ForceZero(encryptedContent, encryptedContentSz);
wolfSSL 13:f67a6c6013ca 4615 XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
wolfSSL 13:f67a6c6013ca 4616
wolfSSL 13:f67a6c6013ca 4617 return encryptedContentSz - padLen;
wolfSSL 13:f67a6c6013ca 4618 }
wolfSSL 13:f67a6c6013ca 4619
wolfSSL 13:f67a6c6013ca 4620 #else /* HAVE_PKCS7 */
wolfSSL 13:f67a6c6013ca 4621
wolfSSL 13:f67a6c6013ca 4622
wolfSSL 13:f67a6c6013ca 4623 #ifdef _MSC_VER
wolfSSL 13:f67a6c6013ca 4624 /* 4206 warning for blank file */
wolfSSL 13:f67a6c6013ca 4625 #pragma warning(disable: 4206)
wolfSSL 13:f67a6c6013ca 4626 #endif
wolfSSL 13:f67a6c6013ca 4627
wolfSSL 13:f67a6c6013ca 4628
wolfSSL 13:f67a6c6013ca 4629 #endif /* HAVE_PKCS7 */
wolfSSL 13:f67a6c6013ca 4630
wolfSSL 13:f67a6c6013ca 4631