- Timestamp:
- Feb 7, 2019, 8:36:33 AM (5 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
asp3_tinet_ecnl_arm/trunk/wolfssl-3.12.2/wolfcrypt/src/wc_encrypt.c
r352 r372 28 28 #include <wolfssl/wolfcrypt/aes.h> 29 29 #include <wolfssl/wolfcrypt/des3.h> 30 #include <wolfssl/wolfcrypt/hash.h> 31 #include <wolfssl/wolfcrypt/arc4.h> 30 32 #include <wolfssl/wolfcrypt/wc_encrypt.h> 31 33 #include <wolfssl/wolfcrypt/error-crypt.h> 32 34 #include <wolfssl/wolfcrypt/asn.h> 35 #include <wolfssl/wolfcrypt/coding.h> 36 #include <wolfssl/wolfcrypt/pwdbased.h> 37 #include <wolfssl/wolfcrypt/logging.h> 38 39 #ifdef NO_INLINE 40 #include <wolfssl/wolfcrypt/misc.h> 41 #else 42 #define WOLFSSL_MISC_INCLUDED 43 #include <wolfcrypt/src/misc.c> 44 #endif 33 45 34 46 #if !defined(NO_AES) && defined(HAVE_AES_CBC) … … 225 237 226 238 #endif /* !NO_DES3 */ 239 240 241 #ifdef WOLFSSL_ENCRYPTED_KEYS 242 243 int wc_BufferKeyDecrypt(EncryptedInfo* info, byte* der, word32 derSz, 244 const byte* password, int passwordSz, int hashType) 245 { 246 int ret = NOT_COMPILED_IN; 247 #ifdef WOLFSSL_SMALL_STACK 248 byte* key = NULL; 249 #else 250 byte key[WC_MAX_SYM_KEY_SIZE]; 251 #endif 252 253 (void)derSz; 254 (void)passwordSz; 255 (void)hashType; 256 257 if (der == NULL || password == NULL || info == NULL || info->keySz == 0) { 258 return BAD_FUNC_ARG; 259 } 260 261 /* use file's salt for key derivation, hex decode first */ 262 if (Base16_Decode(info->iv, info->ivSz, info->iv, &info->ivSz) != 0) { 263 return BUFFER_E; 264 } 265 if (info->ivSz < PKCS5_SALT_SZ) 266 return BUFFER_E; 267 268 #ifdef WOLFSSL_SMALL_STACK 269 key = (byte*)XMALLOC(WC_MAX_SYM_KEY_SIZE, NULL, DYNAMIC_TYPE_SYMMETRIC_KEY); 270 if (key == NULL) { 271 return MEMORY_E; 272 } 273 #endif 274 275 #ifndef NO_PWDBASED 276 if ((ret = wc_PBKDF1(key, password, passwordSz, info->iv, PKCS5_SALT_SZ, 1, 277 info->keySz, hashType)) != 0) { 278 #ifdef WOLFSSL_SMALL_STACK 279 XFREE(key, NULL, DYNAMIC_TYPE_SYMMETRIC_KEY); 280 #endif 281 return ret; 282 } 283 #endif 284 285 #ifndef NO_DES3 286 if (info->cipherType == WC_CIPHER_DES) 287 ret = wc_Des_CbcDecryptWithKey(der, der, derSz, key, info->iv); 288 if (info->cipherType == WC_CIPHER_DES3) 289 ret = wc_Des3_CbcDecryptWithKey(der, der, derSz, key, info->iv); 290 #endif /* NO_DES3 */ 291 #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT) 292 if (info->cipherType == WC_CIPHER_AES_CBC) 293 ret = wc_AesCbcDecryptWithKey(der, der, derSz, key, info->keySz, 294 info->iv); 295 #endif /* !NO_AES && HAVE_AES_CBC && HAVE_AES_DECRYPT */ 296 297 #ifdef WOLFSSL_SMALL_STACK 298 XFREE(key, NULL, DYNAMIC_TYPE_SYMMETRIC_KEY); 299 #endif 300 301 return ret; 302 } 303 304 int wc_BufferKeyEncrypt(EncryptedInfo* info, byte* der, word32 derSz, 305 const byte* password, int passwordSz, int hashType) 306 { 307 int ret = NOT_COMPILED_IN; 308 #ifdef WOLFSSL_SMALL_STACK 309 byte* key = NULL; 310 #else 311 byte key[WC_MAX_SYM_KEY_SIZE]; 312 #endif 313 314 (void)derSz; 315 (void)passwordSz; 316 (void)hashType; 317 318 if (der == NULL || password == NULL || info == NULL || info->keySz == 0 || 319 info->ivSz < PKCS5_SALT_SZ) { 320 return BAD_FUNC_ARG; 321 } 322 323 #ifdef WOLFSSL_SMALL_STACK 324 key = (byte*)XMALLOC(WC_MAX_SYM_KEY_SIZE, NULL, DYNAMIC_TYPE_SYMMETRIC_KEY); 325 if (key == NULL) { 326 return MEMORY_E; 327 } 328 #endif /* WOLFSSL_SMALL_STACK */ 329 330 #ifndef NO_PWDBASED 331 if ((ret = wc_PBKDF1(key, password, passwordSz, info->iv, PKCS5_SALT_SZ, 1, 332 info->keySz, hashType)) != 0) { 333 #ifdef WOLFSSL_SMALL_STACK 334 XFREE(key, NULL, DYNAMIC_TYPE_SYMMETRIC_KEY); 335 #endif 336 return ret; 337 } 338 #endif 339 340 #ifndef NO_DES3 341 if (info->cipherType == WC_CIPHER_DES) 342 ret = wc_Des_CbcEncryptWithKey(der, der, derSz, key, info->iv); 343 if (info->cipherType == WC_CIPHER_DES3) 344 ret = wc_Des3_CbcEncryptWithKey(der, der, derSz, key, info->iv); 345 #endif /* NO_DES3 */ 346 #if !defined(NO_AES) && defined(HAVE_AES_CBC) 347 if (info->cipherType == WC_CIPHER_AES_CBC) 348 ret = wc_AesCbcEncryptWithKey(der, der, derSz, key, info->keySz, 349 info->iv); 350 #endif /* !NO_AES && HAVE_AES_CBC */ 351 352 #ifdef WOLFSSL_SMALL_STACK 353 XFREE(key, NULL, DYNAMIC_TYPE_SYMMETRIC_KEY); 354 #endif 355 356 return ret; 357 } 358 359 #endif /* WOLFSSL_ENCRYPTED_KEYS */ 360 361 362 #ifndef NO_PWDBASED 363 364 /* Decrypt/Encrypt input in place from parameters based on id 365 * 366 * returns a negative value on fail case 367 */ 368 int wc_CryptKey(const char* password, int passwordSz, byte* salt, 369 int saltSz, int iterations, int id, byte* input, 370 int length, int version, byte* cbcIv, int enc) 371 { 372 int typeH; 373 int derivedLen; 374 int ret = 0; 375 #ifdef WOLFSSL_SMALL_STACK 376 byte* key; 377 #else 378 byte key[MAX_KEY_SIZE]; 379 #endif 380 381 (void)input; 382 (void)length; 383 (void)enc; 384 385 WOLFSSL_ENTER("wc_CryptKey"); 386 387 switch (id) { 388 #ifndef NO_DES3 389 #ifndef NO_MD5 390 case PBE_MD5_DES: 391 typeH = WC_MD5; 392 derivedLen = 16; /* may need iv for v1.5 */ 393 break; 394 #endif 395 #ifndef NO_SHA 396 case PBE_SHA1_DES: 397 typeH = WC_SHA; 398 derivedLen = 16; /* may need iv for v1.5 */ 399 break; 400 401 case PBE_SHA1_DES3: 402 typeH = WC_SHA; 403 derivedLen = 32; /* may need iv for v1.5 */ 404 break; 405 #endif /* !NO_SHA */ 406 #endif /* !NO_DES3 */ 407 #if !defined(NO_SHA) && !defined(NO_RC4) 408 case PBE_SHA1_RC4_128: 409 typeH = WC_SHA; 410 derivedLen = 16; 411 break; 412 #endif 413 #ifdef WOLFSSL_AES_256 414 case PBE_AES256_CBC: 415 typeH = WC_SHA256; 416 derivedLen = 32; 417 break; 418 #endif 419 default: 420 WOLFSSL_MSG("Unknown/Unsupported encrypt/decrypt id"); 421 return ALGO_ID_E; 422 } 423 424 #ifdef WOLFSSL_SMALL_STACK 425 key = (byte*)XMALLOC(MAX_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); 426 if (key == NULL) 427 return MEMORY_E; 428 #endif 429 430 if (version == PKCS5v2) 431 ret = wc_PBKDF2(key, (byte*)password, passwordSz, 432 salt, saltSz, iterations, derivedLen, typeH); 433 #ifndef NO_SHA 434 else if (version == PKCS5) 435 ret = wc_PBKDF1(key, (byte*)password, passwordSz, 436 salt, saltSz, iterations, derivedLen, typeH); 437 #endif 438 else if (version == PKCS12v1) { 439 int i, idx = 0; 440 byte unicodePasswd[MAX_UNICODE_SZ]; 441 442 if ( (passwordSz * 2 + 2) > (int)sizeof(unicodePasswd)) { 443 #ifdef WOLFSSL_SMALL_STACK 444 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); 445 #endif 446 return UNICODE_SIZE_E; 447 } 448 449 for (i = 0; i < passwordSz; i++) { 450 unicodePasswd[idx++] = 0x00; 451 unicodePasswd[idx++] = (byte)password[i]; 452 } 453 /* add trailing NULL */ 454 unicodePasswd[idx++] = 0x00; 455 unicodePasswd[idx++] = 0x00; 456 457 ret = wc_PKCS12_PBKDF(key, unicodePasswd, idx, salt, saltSz, 458 iterations, derivedLen, typeH, 1); 459 if (id != PBE_SHA1_RC4_128) 460 ret += wc_PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt, saltSz, 461 iterations, 8, typeH, 2); 462 } 463 else { 464 #ifdef WOLFSSL_SMALL_STACK 465 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); 466 #endif 467 WOLFSSL_MSG("Unknown/Unsupported PKCS version"); 468 return ALGO_ID_E; 469 } 470 471 if (ret != 0) { 472 #ifdef WOLFSSL_SMALL_STACK 473 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); 474 #endif 475 return ret; 476 } 477 478 switch (id) { 479 #ifndef NO_DES3 480 #if !defined(NO_SHA) || !defined(NO_MD5) 481 case PBE_MD5_DES: 482 case PBE_SHA1_DES: 483 { 484 Des des; 485 byte* desIv = key + 8; 486 487 if (version == PKCS5v2 || version == PKCS12v1) 488 desIv = cbcIv; 489 490 if (enc) { 491 ret = wc_Des_SetKey(&des, key, desIv, DES_ENCRYPTION); 492 } 493 else { 494 ret = wc_Des_SetKey(&des, key, desIv, DES_DECRYPTION); 495 } 496 if (ret != 0) { 497 #ifdef WOLFSSL_SMALL_STACK 498 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); 499 #endif 500 return ret; 501 } 502 503 if (enc) { 504 wc_Des_CbcEncrypt(&des, input, input, length); 505 } 506 else { 507 wc_Des_CbcDecrypt(&des, input, input, length); 508 } 509 break; 510 } 511 #endif /* !NO_SHA || !NO_MD5 */ 512 513 #ifndef NO_SHA 514 case PBE_SHA1_DES3: 515 { 516 Des3 des; 517 byte* desIv = key + 24; 518 519 if (version == PKCS5v2 || version == PKCS12v1) 520 desIv = cbcIv; 521 522 ret = wc_Des3Init(&des, NULL, INVALID_DEVID); 523 if (ret != 0) { 524 #ifdef WOLFSSL_SMALL_STACK 525 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); 526 #endif 527 return ret; 528 } 529 if (enc) { 530 ret = wc_Des3_SetKey(&des, key, desIv, DES_ENCRYPTION); 531 } 532 else { 533 ret = wc_Des3_SetKey(&des, key, desIv, DES_DECRYPTION); 534 } 535 if (ret != 0) { 536 #ifdef WOLFSSL_SMALL_STACK 537 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); 538 #endif 539 return ret; 540 } 541 if (enc) { 542 ret = wc_Des3_CbcEncrypt(&des, input, input, length); 543 } 544 else { 545 ret = wc_Des3_CbcDecrypt(&des, input, input, length); 546 } 547 if (ret != 0) { 548 #ifdef WOLFSSL_SMALL_STACK 549 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); 550 #endif 551 return ret; 552 } 553 break; 554 } 555 #endif /* !NO_SHA */ 556 #endif 557 #if !defined(NO_RC4) && !defined(NO_SHA) 558 case PBE_SHA1_RC4_128: 559 { 560 Arc4 dec; 561 562 wc_Arc4SetKey(&dec, key, derivedLen); 563 wc_Arc4Process(&dec, input, input, length); 564 break; 565 } 566 #endif 567 #if !defined(NO_AES) && defined(HAVE_AES_CBC) 568 #ifdef WOLFSSL_AES_256 569 case PBE_AES256_CBC: 570 { 571 Aes aes; 572 ret = wc_AesInit(&aes, NULL, INVALID_DEVID); 573 if (ret == 0) { 574 if (enc) { 575 ret = wc_AesSetKey(&aes, key, derivedLen, cbcIv, 576 AES_ENCRYPTION); 577 } 578 else { 579 ret = wc_AesSetKey(&aes, key, derivedLen, cbcIv, 580 AES_DECRYPTION); 581 } 582 } 583 if (ret == 0) { 584 if (enc) 585 ret = wc_AesCbcEncrypt(&aes, input, input, length); 586 else 587 ret = wc_AesCbcDecrypt(&aes, input, input, length); 588 } 589 if (ret != 0) { 590 #ifdef WOLFSSL_SMALL_STACK 591 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); 592 #endif 593 return ret; 594 } 595 ForceZero(&aes, sizeof(Aes)); 596 break; 597 } 598 #endif /* WOLFSSL_AES_256 */ 599 #endif /* !NO_AES && HAVE_AES_CBC */ 600 601 default: 602 #ifdef WOLFSSL_SMALL_STACK 603 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); 604 #endif 605 WOLFSSL_MSG("Unknown/Unsupported encrypt/decryption algorithm"); 606 return ALGO_ID_E; 607 } 608 609 #ifdef WOLFSSL_SMALL_STACK 610 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); 611 #endif 612 613 return ret; 614 } 615 616 #endif /* !NO_PWDBASED */
Note:
See TracChangeset
for help on using the changeset viewer.