mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

PKCS5 Fixes

Browse Source 
1. Fix issue where optional and default items in the ASN.1 blob were not getting "parsed" correctly.
2. Added OIDs for the SHA based HMACs.
3. Removed some redundant constants from key decryption.
4. Updated the DecryptKey() function to handle AES256-CBC.
5. Updated the DecryptContent() function to act like DecryptKey().
This commit is contained in:
John Safranek 2017-12-15 15:23:56 -08:00
parent ddae61afbd
commit e6334fdaf8
2 changed files with 119 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
wolfcrypt/src/asn.c
View File

@ -71,6 +71,9 @@ ASN Options:
#include <wolfcrypt/src/misc.c>
#endif
#ifndef NO_PWDBASED
#include <wolfssl/wolfcrypt/aes.h>
#endif
#ifndef NO_RC4
#include <wolfssl/wolfcrypt/arc4.h>
#endif
@ -717,6 +720,12 @@ static const byte hashSha256hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 1};
static const byte hashSha384hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 2};
static const byte hashSha512hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 3};
/* hmacType */
static const byte hmacSha224Oid[] = {42, 134, 72, 134, 247, 13, 2, 8};
static const byte hmacSha256Oid[] = {42, 134, 72, 134, 247, 13, 2, 9};
static const byte hmacSha384Oid[] = {42, 134, 72, 134, 247, 13, 2, 10};
static const byte hmacSha512Oid[] = {42, 134, 72, 134, 247, 13, 2, 11};
/* sigType */
#ifndef NO_DSA
static const byte sigSha1wDsaOid[] = {42, 134, 72, 206, 56, 4, 3};
@ -1185,6 +1194,27 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz)
}
break;
case oidHmacType:
switch (id) {
case HMAC_SHA224_OID:
oid = hmacSha224Oid;
*oidSz = sizeof(hmacSha224Oid);
break;
case HMAC_SHA256_OID:
oid = hmacSha256Oid;
*oidSz = sizeof(hmacSha256Oid);
break;
case HMAC_SHA384_OID:
oid = hmacSha384Oid;
*oidSz = sizeof(hmacSha384Oid);
break;
case HMAC_SHA512_OID:
oid = hmacSha512Oid;
*oidSz = sizeof(hmacSha512Oid);
break;
}
break;
case oidIgnoreType:
default:
break;
@ -1394,7 +1424,7 @@ int GetObjectId(const byte* input, word32* inOutIdx, word32* oid,
const byte* checkOid = NULL;
word32 checkOidSz;
#ifdef ASN_DUMP_OID
int i;
word32 i;
#endif
if (oidType != oidIgnoreType) {
@ -1871,12 +1901,15 @@ static int CheckAlgo(int first, int second, int* id, int* version)
static int CheckAlgoV2(int oid, int* id)
{
switch (oid) {
case 69:
case DESb:
*id = PBE_SHA1_DES;
return 0;
case 652:
case DES3b:
*id = PBE_SHA1_DES3;
return 0;
case AES256CBCb:
*id = PBE_AES256_CBC;
return 0;
default:
return ALGO_ID_E;
@ -1891,7 +1924,6 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
{
int typeH;
int derivedLen;
int decryptionType;
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK
byte* key;
@ -1906,25 +1938,26 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
case PBE_MD5_DES:
typeH = WC_MD5;
derivedLen = 16; /* may need iv for v1.5 */
decryptionType = DES_TYPE;
break;
case PBE_SHA1_DES:
typeH = WC_SHA;
derivedLen = 16; /* may need iv for v1.5 */
decryptionType = DES_TYPE;
break;
case PBE_SHA1_DES3:
typeH = WC_SHA;
derivedLen = 32; /* may need iv for v1.5 */
decryptionType = DES3_TYPE;
break;
case PBE_SHA1_RC4_128:
typeH = WC_SHA;
derivedLen = 16;
decryptionType = RC4_TYPE;
break;
case PBE_AES256_CBC:
typeH = WC_SHA256;
derivedLen = 32;
break;
default:
@ -1966,7 +1999,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
ret = wc_PKCS12_PBKDF(key, unicodePasswd, idx, salt, saltSz,
iterations, derivedLen, typeH, 1);
if (decryptionType != RC4_TYPE)
if (id != PBE_SHA1_RC4_128)
ret += wc_PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt, saltSz,
iterations, 8, typeH, 2);
}
@ -1984,9 +2017,10 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
return ret;
}
switch (decryptionType) {
switch (id) {
#ifndef NO_DES3
case DES_TYPE:
case PBE_MD5_DES:
case PBE_SHA1_DES:
{
Des dec;
byte* desIv = key + 8;
@ -2006,7 +2040,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
break;
}
case DES3_TYPE:
case PBE_SHA1_DES3:
{
Des3 dec;
byte* desIv = key + 24;
@ -2039,7 +2073,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
}
#endif
#ifndef NO_RC4
case RC4_TYPE:
case PBE_SHA1_RC4_128:
{
Arc4 dec;
@ -2048,6 +2082,26 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
break;
}
#endif
#ifndef NO_AES
case PBE_AES256_CBC:
{
Aes dec;
ret = wc_AesInit(&dec, NULL, INVALID_DEVID);
if (ret == 0)
ret = wc_AesSetKey(&dec, key, derivedLen,
cbcIv, AES_DECRYPTION);
if (ret == 0)
ret = wc_AesCbcDecrypt(&dec, input, input, length);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
ForceZero(&dec, sizeof(Aes));
break;
}
#endif
default:
#ifdef WOLFSSL_SMALL_STACK
@ -2164,9 +2218,9 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
of input */
int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz)
{
word32 inOutIdx = 0, oid;
word32 inOutIdx = 0, seqEnd, oid;
int ret = 0, first, second, length = 0, version, saltSz, id;
int iterations = 0;
int iterations = 0, keySz = 0;
#ifdef WOLFSSL_SMALL_STACK
byte* salt = NULL;
byte* cbcIv = NULL;
@ -2207,6 +2261,9 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz)
if (GetSequence(input, &inOutIdx, &length, sz) <= 0) {
ERROR_OUT(ASN_PARSE_E, exit_tte);
}
/* Find the end of this SEQUENCE so we can check for the OPTIONAL and
* DEFAULT items. */
seqEnd = inOutIdx + length;
ret = GetOctetString(input, &inOutIdx, &saltSz, sz);
if (ret < 0)
@ -2230,6 +2287,20 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz)
ERROR_OUT(ASN_PARSE_E, exit_tte);
}
/* OPTIONAL key length */
if (seqEnd > inOutIdx && input[inOutIdx] == ASN_INTEGER) {
if (GetShortInt(input, &inOutIdx, &keySz, sz) < 0) {
ERROR_OUT(ASN_PARSE_E, exit_tte);
}
}
/* DEFAULT HMAC is SHA-1 */
if (seqEnd > inOutIdx) {
if (GetAlgoId(input, &inOutIdx, &oid, oidHmacType, sz) < 0) {
ERROR_OUT(ASN_PARSE_E, exit_tte);
}
}
#ifdef WOLFSSL_SMALL_STACK
cbcIv = (byte*)XMALLOC(MAX_IV_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (cbcIv == NULL) {
@ -2239,7 +2310,6 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz)
if (version == PKCS5v2) {
/* get encryption algo */
/* JOHN: New type. Need a little more research. */
if (GetAlgoId(input, &inOutIdx, &oid, oidBlkType, sz) < 0) {
ERROR_OUT(ASN_PARSE_E, exit_tte);
}
@ -2284,10 +2354,10 @@ exit_tte:
/* decrypt PKCS */
int DecryptContent(byte* input, word32 sz,const char* password,int passwordSz)
{
word32 inOutIdx = 0, oid;
word32 inOutIdx = 0, seqEnd, oid;
int ret = 0;
int first, second, length = 0, version, saltSz, id;
int iterations = 0;
int iterations = 0, keySz = 0;
#ifdef WOLFSSL_SMALL_STACK
byte* salt = NULL;
byte* cbcIv = NULL;
@ -2324,6 +2394,9 @@ int DecryptContent(byte* input, word32 sz,const char* password,int passwordSz)
if (GetSequence(input, &inOutIdx, &length, sz) <= 0) {
ERROR_OUT(ASN_PARSE_E, exit_dc);
}
/* Find the end of this SEQUENCE so we can check for the OPTIONAL and
* DEFAULT items. */
seqEnd = inOutIdx + length;
ret = GetOctetString(input, &inOutIdx, &saltSz, sz);
if (ret < 0)
@ -2347,6 +2420,20 @@ int DecryptContent(byte* input, word32 sz,const char* password,int passwordSz)
ERROR_OUT(ASN_PARSE_E, exit_dc);
}
/* OPTIONAL key length */
if (seqEnd > inOutIdx && input[inOutIdx] == ASN_INTEGER) {
if (GetShortInt(input, &inOutIdx, &keySz, sz) < 0) {
ERROR_OUT(ASN_PARSE_E, exit_dc);
}
}
/* DEFAULT HMAC is SHA-1 */
if (seqEnd > inOutIdx) {
if (GetAlgoId(input, &inOutIdx, &oid, oidHmacType, sz) < 0) {
ERROR_OUT(ASN_PARSE_E, exit_dc);
}
}
#ifdef WOLFSSL_SMALL_STACK
cbcIv = (byte*)XMALLOC(MAX_IV_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (cbcIv == NULL) {
@ -2356,7 +2443,6 @@ int DecryptContent(byte* input, word32 sz,const char* password,int passwordSz)
if (version == PKCS5v2) {
/* get encryption algo */
/* JOHN: New type. Need a little more research. */
if (GetAlgoId(input, &inOutIdx, &oid, oidBlkType, sz) < 0) {
ERROR_OUT(ASN_PARSE_E, exit_dc);
}
@ -2369,6 +2455,10 @@ int DecryptContent(byte* input, word32 sz,const char* password,int passwordSz)
if (ret < 0)
goto exit_dc;
if (length > MAX_IV_SIZE) {
ERROR_OUT(ASN_PARSE_E, exit_dc);
}
XMEMCPY(cbcIv, &input[inOutIdx], length);
inOutIdx += length;
}

16
wolfssl/wolfcrypt/asn.h
View File

@ -111,15 +111,10 @@ enum PBES {
PBE_SHA1_DES = 1,
PBE_SHA1_DES3 = 2,
PBE_SHA1_RC4_128 = 3,
PBE_AES256_CBC = 4,
PBES2 = 13 /* algo ID */
};
enum ENCRYPTION_TYPES {
DES_TYPE = 0,
DES3_TYPE = 1,
RC4_TYPE = 2
};
enum ECC_TYPES {
ECC_PREFIX_0 = 160,
ECC_PREFIX_1 = 161
@ -219,6 +214,7 @@ enum Oid_Types {
oidKdfType = 11,
oidKeyWrapType = 12,
oidCmsKeyAgreeType = 13,
oidHmacType = 14,
oidIgnoreType
};
@ -306,6 +302,14 @@ enum KDF_Sum {
};
enum HMAC_Sum {
HMAC_SHA224_OID = 652,
HMAC_SHA256_OID = 653,
HMAC_SHA384_OID = 654,
HMAC_SHA512_OID = 655
};
enum Extensions_Sum {
BASIC_CA_OID = 133,
ALT_NAMES_OID = 131,