mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added new `wc_OidGetHash` API for getting the hash type from a hash OID. Refactor PKCS7 and PKCS12 to use new API and reduce duplicate ocde. Updated `wc_GetCTC_HashOID` to use `wc_HashGetOID` and maintain back compat.

This commit is contained in:
David Garske 2018-03-16 09:08:37 -07:00
parent d85580691b
commit ee5d78f84f
5 changed files with 77 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
wolfcrypt/src/asn.c
View File

@ -4897,38 +4897,14 @@ word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz,
int wc_GetCTC_HashOID(int type)
{
switch (type) {
#ifdef WOLFSSL_MD2
case MD2:
return MD2h;
#endif
#ifndef NO_MD5
case WC_MD5:
return MD5h;
#endif
#ifndef NO_SHA
case WC_SHA:
return SHAh;
#endif
#ifdef WOLFSSL_SHA224
case WC_SHA224:
return SHA224h;
#endif
#ifndef NO_SHA256
case WC_SHA256:
return SHA256h;
#endif
#ifdef WOLFSSL_SHA384
case WC_SHA384:
return SHA384h;
#endif
#ifdef WOLFSSL_SHA512
case WC_SHA512:
return SHA512h;
#endif
default:
return 0;
};
int ret;
/* hash type is same as enum HashType (ex WC_SHA is WC_HASH_TYPE_SHA) */
ret = wc_HashGetOID((enum wc_HashType)type);
if (ret < 0)
ret = 0; /* backwards compatibility */
return ret;
}
void InitSignatureCtx(SignatureCtx* sigCtx, void* heap, int devId)

50
wolfcrypt/src/hash.c
View File

@ -126,7 +126,7 @@ int wc_HashGetOID(enum wc_HashType hash_type)
#endif
break;
case WC_HASH_TYPE_SHA224:
#if defined(WOLFSSL_SHA224)
#ifdef WOLFSSL_SHA224
oid = SHA224h;
#endif
break;
@ -136,7 +136,7 @@ int wc_HashGetOID(enum wc_HashType hash_type)
#endif
break;
case WC_HASH_TYPE_SHA384:
#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_SHA384)
#ifdef WOLFSSL_SHA384
oid = SHA384h;
#endif
break;
@ -160,6 +160,52 @@ int wc_HashGetOID(enum wc_HashType hash_type)
}
return oid;
}
enum wc_HashType wc_OidGetHash(int oid)
{
enum wc_HashType hash_type = WC_HASH_TYPE_NONE;
switch (oid)
{
case MD2h:
#ifdef WOLFSSL_MD2
hash_type = WC_HASH_TYPE_MD2;
#endif
break;
case MD5h:
#ifndef NO_MD5
hash_type = WC_HASH_TYPE_MD5;
#endif
break;
case SHAh:
#ifndef NO_SHA
hash_type = WC_HASH_TYPE_SHA;
#endif
break;
case SHA224h:
#if defined(WOLFSSL_SHA224)
hash_type = WC_HASH_TYPE_SHA224;
#endif
break;
case SHA256h:
#ifndef NO_SHA256
hash_type = WC_HASH_TYPE_SHA256;
#endif
break;
case SHA384h:
#ifdef WOLFSSL_SHA384
hash_type = WC_HASH_TYPE_SHA384;
#endif
break;
case SHA512h:
#ifdef WOLFSSL_SHA512
hash_type = WC_HASH_TYPE_SHA512;
#endif
break;
default:
break;
}
return hash_type;
}
#endif /* !NO_ASN || !NO_DH || HAVE_ECC */

41
wolfcrypt/src/pkcs12.c
View File

@ -41,6 +41,7 @@
#endif
#include <wolfssl/wolfcrypt/pkcs12.h>
#include <wolfssl/wolfcrypt/pwdbased.h>
#include <wolfssl/wolfcrypt/hash.h>
#define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; }
@ -480,7 +481,8 @@ static int wc_PKCS12_create_mac(WC_PKCS12* pkcs12, byte* data, word32 dataSz,
{
Hmac hmac;
MacData* mac;
int ret, typeH, kLen;
int ret, kLen;
enum wc_HashType hashT;
int idx = 0;
int id = 3; /* value from RFC 7292 indicating key is used for MAC */
word32 i;
@ -509,35 +511,12 @@ static int wc_PKCS12_create_mac(WC_PKCS12* pkcs12, byte* data, word32 dataSz,
unicodePasswd[idx++] = 0x00;
/* get hash type used and resulting size of HMAC key */
switch (mac->oid) {
#ifndef NO_SHA
case SHAh: /* 88 */
typeH = WC_SHA;
kLen = WC_SHA_DIGEST_SIZE;
break;
#endif
#ifndef NO_SHA256
case SHA256h: /* 414 */
typeH = WC_SHA256;
kLen = WC_SHA256_DIGEST_SIZE;
break;
#endif
#ifdef WOLFSSL_SHA384
case SHA384h: /* 415 */
typeH = WC_SHA384;
kLen = WC_SHA384_DIGEST_SIZE;
break;
#endif
#ifdef WOLFSSL_SHA512
case SHA512h: /* 416 */
typeH = WC_SHA512;
kLen = WC_SHA512_DIGEST_SIZE;
break;
#endif
default: /* May be SHA224 or was just not built in */
WOLFSSL_MSG("Unsupported hash used");
return BAD_FUNC_ARG;
hashT = wc_OidGetHash(mac->oid);
if (hashT == WC_HASH_TYPE_NONE) {
WOLFSSL_MSG("Unsupported hash used");
return BAD_FUNC_ARG;
}
kLen = wc_HashGetDigestSize(hashT);
/* check out buffer is large enough */
if (kLen < 0 || outSz < (word32)kLen) {
@ -546,7 +525,7 @@ static int wc_PKCS12_create_mac(WC_PKCS12* pkcs12, byte* data, word32 dataSz,
/* idx contains size of unicodePasswd */
if ((ret = wc_PKCS12_PBKDF_ex(key, unicodePasswd, idx, mac->salt,
mac->saltSz, mac->itt, kLen, typeH, id, pkcs12->heap)) < 0) {
mac->saltSz, mac->itt, kLen, (int)hashT, id, pkcs12->heap)) < 0) {
return ret;
}
@ -554,7 +533,7 @@ static int wc_PKCS12_create_mac(WC_PKCS12* pkcs12, byte* data, word32 dataSz,
if ((ret = wc_HmacInit(&hmac, pkcs12->heap, INVALID_DEVID)) != 0) {
return ret;
}
ret = wc_HmacSetKey(&hmac, typeH, key, kLen);
ret = wc_HmacSetKey(&hmac, (int)hashT, key, kLen);
if (ret == 0)
ret = wc_HmacUpdate(&hmac, data, dataSz);
if (ret == 0)

68
wolfcrypt/src/pkcs7.c
View File

@ -994,58 +994,6 @@ static int wc_PKCS7_SignedDataBuildSignature(PKCS7* pkcs7,
return ret;
}
/* sets the wc_HashType in ESD struct based on pkcs7->hashOID
*
* pkcs7 - pointer to initialized PKCS7 struct
* type - [OUT] pointer to wc_HashType for output
*
* returns hash digest size on success, negative on error */
static int wc_PKCS7_SetHashType(PKCS7* pkcs7, enum wc_HashType* type)
{
if (pkcs7 == NULL || type == NULL)
return BAD_FUNC_ARG;
switch (pkcs7->hashOID) {
#ifndef NO_MD5
case MD5h:
*type = WC_HASH_TYPE_MD5;
break;
#endif
#ifndef NO_SHA
case SHAh:
*type = WC_HASH_TYPE_SHA;
break;
#endif
#ifdef WOLFSSL_SHA224
case SHA224h:
*type = WC_HASH_TYPE_SHA224;
break;
#endif
#ifndef NO_SHA256
case SHA256h:
*type = WC_HASH_TYPE_SHA256;
break;
#endif
#ifdef WOLFSSL_SHA384
case SHA384h:
*type = WC_HASH_TYPE_SHA384;
break;
#endif
#ifdef WOLFSSL_SHA512
case SHA512h:
*type = WC_HASH_TYPE_SHA512;
break;
#endif
default:
return BAD_FUNC_ARG;
}
return wc_HashGetDigestSize(*type);
}
/* build PKCS#7 signedData content type */
int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
{
@ -1097,13 +1045,15 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
XMEMSET(esd, 0, sizeof(ESD));
hashSz = wc_PKCS7_SetHashType(pkcs7, &esd->hashType);
if (hashSz < 0) {
esd->hashType = wc_OidGetHash(pkcs7->hashOID);
ret = wc_HashGetDigestSize(esd->hashType);
if (ret < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return hashSz;
return ret;
}
hashSz = ret;
ret = wc_HashInit(&esd->hash, esd->hashType);
if (ret != 0) {
@ -1521,13 +1471,15 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib,
XMEMSET(digest, 0, WC_MAX_DIGEST_SIZE);
XMEMSET(digestInfo, 0, MAX_PKCS7_DIGEST_SZ);
hashSz = wc_PKCS7_SetHashType(pkcs7, &hashType);
if (hashSz < 0) {
hashType = wc_OidGetHash(pkcs7->hashOID);
ret = wc_HashGetDigestSize(hashType);
if (ret < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return hashSz;
return ret;
}
hashSz = ret;
/* calculate digest */
ret = wc_HashInit(&hash, hashType);

1
wolfssl/wolfcrypt/hash.h
View File

@ -117,6 +117,7 @@ typedef union {
#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
WOLFSSL_API int wc_HashGetOID(enum wc_HashType hash_type);
WOLFSSL_API enum wc_HashType wc_OidGetHash(int oid);
#endif
WOLFSSL_API enum wc_HashType wc_HashTypeConvert(int hashType);