mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:cyassl/cyassl

Browse Source
This commit is contained in:
John Safranek 2014-01-16 16:19:34 -08:00
commit cf22e49117
3 changed files with 26 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ctaocrypt/src/asn.c
View File

@ -1618,8 +1618,10 @@ static int GetName(DecodedCert* cert, int nameType)
#ifdef HAVE_PKCS7
/* store pointer to raw issuer */
cert->issuerRaw = &cert->source[cert->srcIdx];
cert->issuerRawLen = length - cert->srcIdx;
if (nameType == ISSUER) {
cert->issuerRaw = &cert->source[cert->srcIdx];
cert->issuerRawLen = length - cert->srcIdx;
}
#endif
while (cert->srcIdx < (word32)length) {

23
ctaocrypt/src/pkcs7.c
View File

@ -38,9 +38,12 @@
}
#endif
/* placed ASN.1 contentType OID into *output, return idx on success,
* 0 upon failure */
CYASSL_LOCAL int SetContentType(int pkcs7TypeOID, byte* output)
{
/* PKCS#7 content types */
/* PKCS#7 content types, RFC 2315, section 14 */
static const byte pkcs7[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7,
0x0D, 0x01, 0x07 };
static const byte data[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7,
@ -113,6 +116,8 @@ CYASSL_LOCAL int SetContentType(int pkcs7TypeOID, byte* output)
}
/* get ASN.1 contentType OID sum, return 0 on success, <0 on failure */
int GetContentType(const byte* input, word32* inOutIdx, word32* oid,
word32 maxIdx)
{
@ -141,6 +146,7 @@ int GetContentType(const byte* input, word32* inOutIdx, word32* oid,
}
/* init PKCS7 struct with recipient cert, decode into DecodedCert */
int PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz)
{
int ret = 0;
@ -171,6 +177,7 @@ int PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz)
}
/* build PKCS#7 data content type */
int PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz)
{
static const byte oid[] =
@ -300,6 +307,7 @@ static int FlattenAttributes(byte* output, EncodedAttrib* ea, int eaSz)
}
/* build PKCS#7 signedData content type */
int PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
{
static const byte outerOid[] =
@ -640,6 +648,7 @@ CYASSL_LOCAL int CreateRecipientInfo(const byte* cert, word32 certSz,
}
/* build PKCS#7 envelopedData content type, return enveloped size */
int PKCS7_EncodeEnvelopeData(PKCS7* pkcs7, byte* output, word32 outputSz)
{
int i, idx = 0;
@ -679,6 +688,7 @@ int PKCS7_EncodeEnvelopeData(PKCS7* pkcs7, byte* output, word32 outputSz)
if (output == NULL || outputSz == 0)
return BAD_FUNC_ARG;
/* PKCS#7 only supports DES, 3DES for now */
switch (pkcs7->encryptOID) {
case DESb:
blockKeySz = DES_KEYLEN;
@ -696,7 +706,7 @@ int PKCS7_EncodeEnvelopeData(PKCS7* pkcs7, byte* output, word32 outputSz)
/* outer content type */
outerContentTypeSz = SetContentType(ENVELOPED_DATA, outerContentType);
/* version */
/* version, defined as 0 in RFC 2315 */
verSz = SetMyVersion(0, ver, 0);
/* generate random content encryption key */
@ -725,7 +735,7 @@ int PKCS7_EncodeEnvelopeData(PKCS7* pkcs7, byte* output, word32 outputSz)
if (contentEncAlgoSz == 0)
return BAD_FUNC_ARG;
/* allocate memory for encrypted content, pad if necessary */
/* allocate encrypted content buffer, pad if necessary, PKCS#7 padding */
padSz = DES_BLOCK_SIZE - (pkcs7->contentSz % DES_BLOCK_SIZE);
desOutSz = pkcs7->contentSz + padSz;
@ -838,6 +848,7 @@ int PKCS7_EncodeEnvelopeData(PKCS7* pkcs7, byte* output, word32 outputSz)
return idx;
}
/* unwrap and decrypt PKCS#7 envelopedData object, return decoded size */
CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
word32 pkiMsgSz, byte* output,
word32 outputSz)
@ -889,7 +900,7 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
idx = 0;
/* read past ContentInfo, verify type */
/* read past ContentInfo, verify type is envelopedData */
if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
return ASN_PARSE_E;
@ -907,7 +918,7 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0)
return ASN_PARSE_E;
/* remove EnvelopedData */
/* remove EnvelopedData and version */
if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
return ASN_PARSE_E;
@ -959,6 +970,7 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
if (GetNameHash(pkiMsg, &idx, issuerHash, pkiMsgSz) < 0)
return ASN_PARSE_E;
/* if we found correct recipient, issuer hashes will match */
if (XMEMCMP(issuerHash, decoded.issuerHash, SHA_DIGEST_SIZE) == 0) {
recipFound = 1;
}
@ -969,6 +981,7 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
if (GetAlgoId(pkiMsg, &idx, &encOID, pkiMsgSz) < 0)
return ASN_PARSE_E;
/* key encryption algorithm must be RSA for now */
if (encOID != RSAk)
return ALGO_ID_E;

7
cyassl/ctaocrypt/pkcs7.h
View File

@ -35,8 +35,9 @@
extern "C" {
#endif
/* PKCS#7 content types, ref RFC 2315 (Section 14) */
enum PKCS7_TYPES {
PKCS7_MSG = 650, /* 1.2.840.113549.1.7 */
PKCS7_MSG = 650, /* 1.2.840.113549.1.7 */
DATA = 651, /* 1.2.840.113549.1.7.1 */
SIGNED_DATA = 652, /* 1.2.840.113549.1.7.2 */
ENVELOPED_DATA = 653, /* 1.2.840.113549.1.7.3 */
@ -46,8 +47,8 @@ enum PKCS7_TYPES {
};
enum Pkcs7_Misc {
MAX_ENCRYPTED_KEY_SZ = 512, /* max enc. key size, RSA <= 4096 */
MAX_CONTENT_KEY_LEN = DES3_KEYLEN,
MAX_ENCRYPTED_KEY_SZ = 512, /* max enc. key size, RSA <= 4096 */
MAX_CONTENT_KEY_LEN = DES3_KEYLEN, /* highest current cipher is 3DES */
MAX_RECIP_SZ = MAX_VERSION_SZ +
MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ +
MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ