wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
wolfcrypt/src/wc_encrypt.c@17:a5f916481144, 2020-06-05 (annotated)
- Committer:
- wolfSSL
- Date:
- Fri Jun 05 00:11:07 2020 +0000
- Revision:
- 17:a5f916481144
- Parent:
- 16:8e0d178b1d1e
wolfSSL 4.4.0
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wolfSSL | 15:117db924cf7c | 1 | /* wc_encrypt.c |
wolfSSL | 15:117db924cf7c | 2 | * |
wolfSSL | 16:8e0d178b1d1e | 3 | * Copyright (C) 2006-2020 wolfSSL Inc. |
wolfSSL | 15:117db924cf7c | 4 | * |
wolfSSL | 15:117db924cf7c | 5 | * This file is part of wolfSSL. |
wolfSSL | 15:117db924cf7c | 6 | * |
wolfSSL | 15:117db924cf7c | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
wolfSSL | 15:117db924cf7c | 8 | * it under the terms of the GNU General Public License as published by |
wolfSSL | 15:117db924cf7c | 9 | * the Free Software Foundation; either version 2 of the License, or |
wolfSSL | 15:117db924cf7c | 10 | * (at your option) any later version. |
wolfSSL | 15:117db924cf7c | 11 | * |
wolfSSL | 15:117db924cf7c | 12 | * wolfSSL is distributed in the hope that it will be useful, |
wolfSSL | 15:117db924cf7c | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
wolfSSL | 15:117db924cf7c | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
wolfSSL | 15:117db924cf7c | 15 | * GNU General Public License for more details. |
wolfSSL | 15:117db924cf7c | 16 | * |
wolfSSL | 15:117db924cf7c | 17 | * You should have received a copy of the GNU General Public License |
wolfSSL | 15:117db924cf7c | 18 | * along with this program; if not, write to the Free Software |
wolfSSL | 15:117db924cf7c | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
wolfSSL | 15:117db924cf7c | 20 | */ |
wolfSSL | 15:117db924cf7c | 21 | |
wolfSSL | 15:117db924cf7c | 22 | |
wolfSSL | 15:117db924cf7c | 23 | #ifdef HAVE_CONFIG_H |
wolfSSL | 15:117db924cf7c | 24 | #include <config.h> |
wolfSSL | 15:117db924cf7c | 25 | #endif |
wolfSSL | 15:117db924cf7c | 26 | |
wolfSSL | 15:117db924cf7c | 27 | #include <wolfssl/wolfcrypt/settings.h> |
wolfSSL | 15:117db924cf7c | 28 | #include <wolfssl/wolfcrypt/aes.h> |
wolfSSL | 15:117db924cf7c | 29 | #include <wolfssl/wolfcrypt/des3.h> |
wolfSSL | 15:117db924cf7c | 30 | #include <wolfssl/wolfcrypt/hash.h> |
wolfSSL | 15:117db924cf7c | 31 | #include <wolfssl/wolfcrypt/arc4.h> |
wolfSSL | 15:117db924cf7c | 32 | #include <wolfssl/wolfcrypt/wc_encrypt.h> |
wolfSSL | 15:117db924cf7c | 33 | #include <wolfssl/wolfcrypt/error-crypt.h> |
wolfSSL | 15:117db924cf7c | 34 | #include <wolfssl/wolfcrypt/asn.h> |
wolfSSL | 15:117db924cf7c | 35 | #include <wolfssl/wolfcrypt/coding.h> |
wolfSSL | 15:117db924cf7c | 36 | #include <wolfssl/wolfcrypt/pwdbased.h> |
wolfSSL | 15:117db924cf7c | 37 | #include <wolfssl/wolfcrypt/logging.h> |
wolfSSL | 15:117db924cf7c | 38 | |
wolfSSL | 15:117db924cf7c | 39 | #ifdef NO_INLINE |
wolfSSL | 15:117db924cf7c | 40 | #include <wolfssl/wolfcrypt/misc.h> |
wolfSSL | 15:117db924cf7c | 41 | #else |
wolfSSL | 15:117db924cf7c | 42 | #define WOLFSSL_MISC_INCLUDED |
wolfSSL | 15:117db924cf7c | 43 | #include <wolfcrypt/src/misc.c> |
wolfSSL | 15:117db924cf7c | 44 | #endif |
wolfSSL | 15:117db924cf7c | 45 | |
wolfSSL | 15:117db924cf7c | 46 | #if !defined(NO_AES) && defined(HAVE_AES_CBC) |
wolfSSL | 15:117db924cf7c | 47 | #ifdef HAVE_AES_DECRYPT |
wolfSSL | 15:117db924cf7c | 48 | int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz, |
wolfSSL | 15:117db924cf7c | 49 | const byte* key, word32 keySz, const byte* iv) |
wolfSSL | 15:117db924cf7c | 50 | { |
wolfSSL | 15:117db924cf7c | 51 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 52 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 53 | Aes* aes = NULL; |
wolfSSL | 15:117db924cf7c | 54 | #else |
wolfSSL | 15:117db924cf7c | 55 | Aes aes[1]; |
wolfSSL | 15:117db924cf7c | 56 | #endif |
wolfSSL | 15:117db924cf7c | 57 | |
wolfSSL | 15:117db924cf7c | 58 | if (out == NULL || in == NULL || key == NULL || iv == NULL) { |
wolfSSL | 15:117db924cf7c | 59 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 60 | } |
wolfSSL | 15:117db924cf7c | 61 | |
wolfSSL | 15:117db924cf7c | 62 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 63 | aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 64 | if (aes == NULL) |
wolfSSL | 15:117db924cf7c | 65 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 66 | #endif |
wolfSSL | 15:117db924cf7c | 67 | |
wolfSSL | 15:117db924cf7c | 68 | ret = wc_AesInit(aes, NULL, INVALID_DEVID); |
wolfSSL | 15:117db924cf7c | 69 | if (ret == 0) { |
wolfSSL | 15:117db924cf7c | 70 | ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION); |
wolfSSL | 15:117db924cf7c | 71 | if (ret == 0) |
wolfSSL | 15:117db924cf7c | 72 | ret = wc_AesCbcDecrypt(aes, out, in, inSz); |
wolfSSL | 15:117db924cf7c | 73 | |
wolfSSL | 15:117db924cf7c | 74 | wc_AesFree(aes); |
wolfSSL | 15:117db924cf7c | 75 | } |
wolfSSL | 15:117db924cf7c | 76 | |
wolfSSL | 15:117db924cf7c | 77 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 78 | XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 79 | #endif |
wolfSSL | 15:117db924cf7c | 80 | |
wolfSSL | 15:117db924cf7c | 81 | return ret; |
wolfSSL | 15:117db924cf7c | 82 | } |
wolfSSL | 15:117db924cf7c | 83 | #endif /* HAVE_AES_DECRYPT */ |
wolfSSL | 15:117db924cf7c | 84 | |
wolfSSL | 15:117db924cf7c | 85 | int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz, |
wolfSSL | 15:117db924cf7c | 86 | const byte* key, word32 keySz, const byte* iv) |
wolfSSL | 15:117db924cf7c | 87 | { |
wolfSSL | 15:117db924cf7c | 88 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 89 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 90 | Aes* aes; |
wolfSSL | 15:117db924cf7c | 91 | #else |
wolfSSL | 15:117db924cf7c | 92 | Aes aes[1]; |
wolfSSL | 15:117db924cf7c | 93 | #endif |
wolfSSL | 15:117db924cf7c | 94 | |
wolfSSL | 15:117db924cf7c | 95 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 96 | aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 97 | if (aes == NULL) |
wolfSSL | 15:117db924cf7c | 98 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 99 | #endif |
wolfSSL | 15:117db924cf7c | 100 | |
wolfSSL | 15:117db924cf7c | 101 | ret = wc_AesInit(aes, NULL, INVALID_DEVID); |
wolfSSL | 15:117db924cf7c | 102 | if (ret == 0) { |
wolfSSL | 15:117db924cf7c | 103 | ret = wc_AesSetKey(aes, key, keySz, iv, AES_ENCRYPTION); |
wolfSSL | 15:117db924cf7c | 104 | if (ret == 0) |
wolfSSL | 15:117db924cf7c | 105 | ret = wc_AesCbcEncrypt(aes, out, in, inSz); |
wolfSSL | 15:117db924cf7c | 106 | |
wolfSSL | 15:117db924cf7c | 107 | wc_AesFree(aes); |
wolfSSL | 15:117db924cf7c | 108 | } |
wolfSSL | 15:117db924cf7c | 109 | |
wolfSSL | 15:117db924cf7c | 110 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 111 | XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 112 | #endif |
wolfSSL | 15:117db924cf7c | 113 | |
wolfSSL | 15:117db924cf7c | 114 | return ret; |
wolfSSL | 15:117db924cf7c | 115 | } |
wolfSSL | 15:117db924cf7c | 116 | #endif /* !NO_AES && HAVE_AES_CBC */ |
wolfSSL | 15:117db924cf7c | 117 | |
wolfSSL | 15:117db924cf7c | 118 | |
wolfSSL | 16:8e0d178b1d1e | 119 | #if !defined(NO_DES3) && !defined(WOLFSSL_TI_CRYPT) |
wolfSSL | 15:117db924cf7c | 120 | int wc_Des_CbcEncryptWithKey(byte* out, const byte* in, word32 sz, |
wolfSSL | 15:117db924cf7c | 121 | const byte* key, const byte* iv) |
wolfSSL | 15:117db924cf7c | 122 | { |
wolfSSL | 15:117db924cf7c | 123 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 124 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 125 | Des* des; |
wolfSSL | 15:117db924cf7c | 126 | #else |
wolfSSL | 15:117db924cf7c | 127 | Des des[1]; |
wolfSSL | 15:117db924cf7c | 128 | #endif |
wolfSSL | 15:117db924cf7c | 129 | |
wolfSSL | 15:117db924cf7c | 130 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 131 | des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 132 | if (des == NULL) |
wolfSSL | 15:117db924cf7c | 133 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 134 | #endif |
wolfSSL | 15:117db924cf7c | 135 | |
wolfSSL | 15:117db924cf7c | 136 | ret = wc_Des_SetKey(des, key, iv, DES_ENCRYPTION); |
wolfSSL | 15:117db924cf7c | 137 | if (ret == 0) |
wolfSSL | 15:117db924cf7c | 138 | ret = wc_Des_CbcEncrypt(des, out, in, sz); |
wolfSSL | 15:117db924cf7c | 139 | |
wolfSSL | 15:117db924cf7c | 140 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 141 | XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 142 | #endif |
wolfSSL | 15:117db924cf7c | 143 | |
wolfSSL | 15:117db924cf7c | 144 | return ret; |
wolfSSL | 15:117db924cf7c | 145 | } |
wolfSSL | 15:117db924cf7c | 146 | |
wolfSSL | 15:117db924cf7c | 147 | int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz, |
wolfSSL | 15:117db924cf7c | 148 | const byte* key, const byte* iv) |
wolfSSL | 15:117db924cf7c | 149 | { |
wolfSSL | 15:117db924cf7c | 150 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 151 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 152 | Des* des; |
wolfSSL | 15:117db924cf7c | 153 | #else |
wolfSSL | 15:117db924cf7c | 154 | Des des[1]; |
wolfSSL | 15:117db924cf7c | 155 | #endif |
wolfSSL | 15:117db924cf7c | 156 | |
wolfSSL | 15:117db924cf7c | 157 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 158 | des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 159 | if (des == NULL) |
wolfSSL | 15:117db924cf7c | 160 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 161 | #endif |
wolfSSL | 15:117db924cf7c | 162 | |
wolfSSL | 15:117db924cf7c | 163 | ret = wc_Des_SetKey(des, key, iv, DES_DECRYPTION); |
wolfSSL | 15:117db924cf7c | 164 | if (ret == 0) |
wolfSSL | 15:117db924cf7c | 165 | ret = wc_Des_CbcDecrypt(des, out, in, sz); |
wolfSSL | 15:117db924cf7c | 166 | |
wolfSSL | 15:117db924cf7c | 167 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 168 | XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 169 | #endif |
wolfSSL | 15:117db924cf7c | 170 | |
wolfSSL | 15:117db924cf7c | 171 | return ret; |
wolfSSL | 15:117db924cf7c | 172 | } |
wolfSSL | 15:117db924cf7c | 173 | |
wolfSSL | 15:117db924cf7c | 174 | |
wolfSSL | 15:117db924cf7c | 175 | int wc_Des3_CbcEncryptWithKey(byte* out, const byte* in, word32 sz, |
wolfSSL | 15:117db924cf7c | 176 | const byte* key, const byte* iv) |
wolfSSL | 15:117db924cf7c | 177 | { |
wolfSSL | 15:117db924cf7c | 178 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 179 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 180 | Des3* des3; |
wolfSSL | 15:117db924cf7c | 181 | #else |
wolfSSL | 15:117db924cf7c | 182 | Des3 des3[1]; |
wolfSSL | 15:117db924cf7c | 183 | #endif |
wolfSSL | 15:117db924cf7c | 184 | |
wolfSSL | 15:117db924cf7c | 185 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 186 | des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 187 | if (des3 == NULL) |
wolfSSL | 15:117db924cf7c | 188 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 189 | #endif |
wolfSSL | 15:117db924cf7c | 190 | |
wolfSSL | 15:117db924cf7c | 191 | ret = wc_Des3Init(des3, NULL, INVALID_DEVID); |
wolfSSL | 15:117db924cf7c | 192 | if (ret == 0) { |
wolfSSL | 15:117db924cf7c | 193 | ret = wc_Des3_SetKey(des3, key, iv, DES_ENCRYPTION); |
wolfSSL | 15:117db924cf7c | 194 | if (ret == 0) |
wolfSSL | 15:117db924cf7c | 195 | ret = wc_Des3_CbcEncrypt(des3, out, in, sz); |
wolfSSL | 15:117db924cf7c | 196 | wc_Des3Free(des3); |
wolfSSL | 15:117db924cf7c | 197 | } |
wolfSSL | 15:117db924cf7c | 198 | |
wolfSSL | 15:117db924cf7c | 199 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 200 | XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 201 | #endif |
wolfSSL | 15:117db924cf7c | 202 | |
wolfSSL | 15:117db924cf7c | 203 | return ret; |
wolfSSL | 15:117db924cf7c | 204 | } |
wolfSSL | 15:117db924cf7c | 205 | |
wolfSSL | 15:117db924cf7c | 206 | |
wolfSSL | 15:117db924cf7c | 207 | int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz, |
wolfSSL | 15:117db924cf7c | 208 | const byte* key, const byte* iv) |
wolfSSL | 15:117db924cf7c | 209 | { |
wolfSSL | 15:117db924cf7c | 210 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 211 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 212 | Des3* des3; |
wolfSSL | 15:117db924cf7c | 213 | #else |
wolfSSL | 15:117db924cf7c | 214 | Des3 des3[1]; |
wolfSSL | 15:117db924cf7c | 215 | #endif |
wolfSSL | 15:117db924cf7c | 216 | |
wolfSSL | 15:117db924cf7c | 217 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 218 | des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 219 | if (des3 == NULL) |
wolfSSL | 15:117db924cf7c | 220 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 221 | #endif |
wolfSSL | 15:117db924cf7c | 222 | |
wolfSSL | 15:117db924cf7c | 223 | ret = wc_Des3Init(des3, NULL, INVALID_DEVID); |
wolfSSL | 15:117db924cf7c | 224 | if (ret == 0) { |
wolfSSL | 15:117db924cf7c | 225 | ret = wc_Des3_SetKey(des3, key, iv, DES_DECRYPTION); |
wolfSSL | 15:117db924cf7c | 226 | if (ret == 0) |
wolfSSL | 15:117db924cf7c | 227 | ret = wc_Des3_CbcDecrypt(des3, out, in, sz); |
wolfSSL | 15:117db924cf7c | 228 | wc_Des3Free(des3); |
wolfSSL | 15:117db924cf7c | 229 | } |
wolfSSL | 15:117db924cf7c | 230 | |
wolfSSL | 15:117db924cf7c | 231 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 232 | XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 233 | #endif |
wolfSSL | 15:117db924cf7c | 234 | |
wolfSSL | 15:117db924cf7c | 235 | return ret; |
wolfSSL | 15:117db924cf7c | 236 | } |
wolfSSL | 15:117db924cf7c | 237 | |
wolfSSL | 15:117db924cf7c | 238 | #endif /* !NO_DES3 */ |
wolfSSL | 15:117db924cf7c | 239 | |
wolfSSL | 15:117db924cf7c | 240 | |
wolfSSL | 15:117db924cf7c | 241 | #ifdef WOLFSSL_ENCRYPTED_KEYS |
wolfSSL | 15:117db924cf7c | 242 | |
wolfSSL | 15:117db924cf7c | 243 | int wc_BufferKeyDecrypt(EncryptedInfo* info, byte* der, word32 derSz, |
wolfSSL | 15:117db924cf7c | 244 | const byte* password, int passwordSz, int hashType) |
wolfSSL | 15:117db924cf7c | 245 | { |
wolfSSL | 15:117db924cf7c | 246 | int ret = NOT_COMPILED_IN; |
wolfSSL | 15:117db924cf7c | 247 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 248 | byte* key = NULL; |
wolfSSL | 15:117db924cf7c | 249 | #else |
wolfSSL | 15:117db924cf7c | 250 | byte key[WC_MAX_SYM_KEY_SIZE]; |
wolfSSL | 15:117db924cf7c | 251 | #endif |
wolfSSL | 15:117db924cf7c | 252 | |
wolfSSL | 15:117db924cf7c | 253 | (void)derSz; |
wolfSSL | 15:117db924cf7c | 254 | (void)passwordSz; |
wolfSSL | 15:117db924cf7c | 255 | (void)hashType; |
wolfSSL | 15:117db924cf7c | 256 | |
wolfSSL | 15:117db924cf7c | 257 | if (der == NULL || password == NULL || info == NULL || info->keySz == 0) { |
wolfSSL | 15:117db924cf7c | 258 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 259 | } |
wolfSSL | 15:117db924cf7c | 260 | |
wolfSSL | 15:117db924cf7c | 261 | /* use file's salt for key derivation, hex decode first */ |
wolfSSL | 15:117db924cf7c | 262 | if (Base16_Decode(info->iv, info->ivSz, info->iv, &info->ivSz) != 0) { |
wolfSSL | 15:117db924cf7c | 263 | return BUFFER_E; |
wolfSSL | 15:117db924cf7c | 264 | } |
wolfSSL | 15:117db924cf7c | 265 | if (info->ivSz < PKCS5_SALT_SZ) |
wolfSSL | 15:117db924cf7c | 266 | return BUFFER_E; |
wolfSSL | 15:117db924cf7c | 267 | |
wolfSSL | 15:117db924cf7c | 268 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 269 | key = (byte*)XMALLOC(WC_MAX_SYM_KEY_SIZE, NULL, DYNAMIC_TYPE_SYMMETRIC_KEY); |
wolfSSL | 15:117db924cf7c | 270 | if (key == NULL) { |
wolfSSL | 15:117db924cf7c | 271 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 272 | } |
wolfSSL | 15:117db924cf7c | 273 | #endif |
wolfSSL | 15:117db924cf7c | 274 | |
wolfSSL | 16:8e0d178b1d1e | 275 | (void)XMEMSET(key, 0, WC_MAX_SYM_KEY_SIZE); |
wolfSSL | 16:8e0d178b1d1e | 276 | |
wolfSSL | 15:117db924cf7c | 277 | #ifndef NO_PWDBASED |
wolfSSL | 15:117db924cf7c | 278 | if ((ret = wc_PBKDF1(key, password, passwordSz, info->iv, PKCS5_SALT_SZ, 1, |
wolfSSL | 15:117db924cf7c | 279 | info->keySz, hashType)) != 0) { |
wolfSSL | 15:117db924cf7c | 280 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 281 | XFREE(key, NULL, DYNAMIC_TYPE_SYMMETRIC_KEY); |
wolfSSL | 15:117db924cf7c | 282 | #endif |
wolfSSL | 15:117db924cf7c | 283 | return ret; |
wolfSSL | 15:117db924cf7c | 284 | } |
wolfSSL | 15:117db924cf7c | 285 | #endif |
wolfSSL | 15:117db924cf7c | 286 | |
wolfSSL | 15:117db924cf7c | 287 | #ifndef NO_DES3 |
wolfSSL | 15:117db924cf7c | 288 | if (info->cipherType == WC_CIPHER_DES) |
wolfSSL | 15:117db924cf7c | 289 | ret = wc_Des_CbcDecryptWithKey(der, der, derSz, key, info->iv); |
wolfSSL | 15:117db924cf7c | 290 | if (info->cipherType == WC_CIPHER_DES3) |
wolfSSL | 15:117db924cf7c | 291 | ret = wc_Des3_CbcDecryptWithKey(der, der, derSz, key, info->iv); |
wolfSSL | 15:117db924cf7c | 292 | #endif /* NO_DES3 */ |
wolfSSL | 15:117db924cf7c | 293 | #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT) |
wolfSSL | 15:117db924cf7c | 294 | if (info->cipherType == WC_CIPHER_AES_CBC) |
wolfSSL | 15:117db924cf7c | 295 | ret = wc_AesCbcDecryptWithKey(der, der, derSz, key, info->keySz, |
wolfSSL | 15:117db924cf7c | 296 | info->iv); |
wolfSSL | 15:117db924cf7c | 297 | #endif /* !NO_AES && HAVE_AES_CBC && HAVE_AES_DECRYPT */ |
wolfSSL | 15:117db924cf7c | 298 | |
wolfSSL | 15:117db924cf7c | 299 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 300 | XFREE(key, NULL, DYNAMIC_TYPE_SYMMETRIC_KEY); |
wolfSSL | 15:117db924cf7c | 301 | #endif |
wolfSSL | 15:117db924cf7c | 302 | |
wolfSSL | 15:117db924cf7c | 303 | return ret; |
wolfSSL | 15:117db924cf7c | 304 | } |
wolfSSL | 15:117db924cf7c | 305 | |
wolfSSL | 15:117db924cf7c | 306 | int wc_BufferKeyEncrypt(EncryptedInfo* info, byte* der, word32 derSz, |
wolfSSL | 15:117db924cf7c | 307 | const byte* password, int passwordSz, int hashType) |
wolfSSL | 15:117db924cf7c | 308 | { |
wolfSSL | 15:117db924cf7c | 309 | int ret = NOT_COMPILED_IN; |
wolfSSL | 15:117db924cf7c | 310 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 311 | byte* key = NULL; |
wolfSSL | 15:117db924cf7c | 312 | #else |
wolfSSL | 15:117db924cf7c | 313 | byte key[WC_MAX_SYM_KEY_SIZE]; |
wolfSSL | 15:117db924cf7c | 314 | #endif |
wolfSSL | 15:117db924cf7c | 315 | |
wolfSSL | 15:117db924cf7c | 316 | (void)derSz; |
wolfSSL | 15:117db924cf7c | 317 | (void)passwordSz; |
wolfSSL | 15:117db924cf7c | 318 | (void)hashType; |
wolfSSL | 15:117db924cf7c | 319 | |
wolfSSL | 15:117db924cf7c | 320 | if (der == NULL || password == NULL || info == NULL || info->keySz == 0 || |
wolfSSL | 15:117db924cf7c | 321 | info->ivSz < PKCS5_SALT_SZ) { |
wolfSSL | 15:117db924cf7c | 322 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 323 | } |
wolfSSL | 15:117db924cf7c | 324 | |
wolfSSL | 15:117db924cf7c | 325 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 326 | key = (byte*)XMALLOC(WC_MAX_SYM_KEY_SIZE, NULL, DYNAMIC_TYPE_SYMMETRIC_KEY); |
wolfSSL | 15:117db924cf7c | 327 | if (key == NULL) { |
wolfSSL | 15:117db924cf7c | 328 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 329 | } |
wolfSSL | 15:117db924cf7c | 330 | #endif /* WOLFSSL_SMALL_STACK */ |
wolfSSL | 15:117db924cf7c | 331 | |
wolfSSL | 16:8e0d178b1d1e | 332 | (void)XMEMSET(key, 0, WC_MAX_SYM_KEY_SIZE); |
wolfSSL | 16:8e0d178b1d1e | 333 | |
wolfSSL | 15:117db924cf7c | 334 | #ifndef NO_PWDBASED |
wolfSSL | 15:117db924cf7c | 335 | if ((ret = wc_PBKDF1(key, password, passwordSz, info->iv, PKCS5_SALT_SZ, 1, |
wolfSSL | 15:117db924cf7c | 336 | info->keySz, hashType)) != 0) { |
wolfSSL | 15:117db924cf7c | 337 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 338 | XFREE(key, NULL, DYNAMIC_TYPE_SYMMETRIC_KEY); |
wolfSSL | 15:117db924cf7c | 339 | #endif |
wolfSSL | 15:117db924cf7c | 340 | return ret; |
wolfSSL | 15:117db924cf7c | 341 | } |
wolfSSL | 15:117db924cf7c | 342 | #endif |
wolfSSL | 15:117db924cf7c | 343 | |
wolfSSL | 15:117db924cf7c | 344 | #ifndef NO_DES3 |
wolfSSL | 15:117db924cf7c | 345 | if (info->cipherType == WC_CIPHER_DES) |
wolfSSL | 15:117db924cf7c | 346 | ret = wc_Des_CbcEncryptWithKey(der, der, derSz, key, info->iv); |
wolfSSL | 15:117db924cf7c | 347 | if (info->cipherType == WC_CIPHER_DES3) |
wolfSSL | 15:117db924cf7c | 348 | ret = wc_Des3_CbcEncryptWithKey(der, der, derSz, key, info->iv); |
wolfSSL | 15:117db924cf7c | 349 | #endif /* NO_DES3 */ |
wolfSSL | 16:8e0d178b1d1e | 350 | #if !defined(NO_AES) && defined(HAVE_AES_CBC) |
wolfSSL | 15:117db924cf7c | 351 | if (info->cipherType == WC_CIPHER_AES_CBC) |
wolfSSL | 15:117db924cf7c | 352 | ret = wc_AesCbcEncryptWithKey(der, der, derSz, key, info->keySz, |
wolfSSL | 15:117db924cf7c | 353 | info->iv); |
wolfSSL | 16:8e0d178b1d1e | 354 | #endif /* !NO_AES && HAVE_AES_CBC */ |
wolfSSL | 15:117db924cf7c | 355 | |
wolfSSL | 15:117db924cf7c | 356 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 357 | XFREE(key, NULL, DYNAMIC_TYPE_SYMMETRIC_KEY); |
wolfSSL | 15:117db924cf7c | 358 | #endif |
wolfSSL | 15:117db924cf7c | 359 | |
wolfSSL | 15:117db924cf7c | 360 | return ret; |
wolfSSL | 15:117db924cf7c | 361 | } |
wolfSSL | 15:117db924cf7c | 362 | |
wolfSSL | 15:117db924cf7c | 363 | #endif /* WOLFSSL_ENCRYPTED_KEYS */ |
wolfSSL | 15:117db924cf7c | 364 | |
wolfSSL | 15:117db924cf7c | 365 | |
wolfSSL | 16:8e0d178b1d1e | 366 | #if !defined(NO_PWDBASED) && !defined(NO_ASN) |
wolfSSL | 15:117db924cf7c | 367 | |
wolfSSL | 16:8e0d178b1d1e | 368 | #if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) |
wolfSSL | 15:117db924cf7c | 369 | /* Decrypt/Encrypt input in place from parameters based on id |
wolfSSL | 15:117db924cf7c | 370 | * |
wolfSSL | 15:117db924cf7c | 371 | * returns a negative value on fail case |
wolfSSL | 15:117db924cf7c | 372 | */ |
wolfSSL | 15:117db924cf7c | 373 | int wc_CryptKey(const char* password, int passwordSz, byte* salt, |
wolfSSL | 15:117db924cf7c | 374 | int saltSz, int iterations, int id, byte* input, |
wolfSSL | 16:8e0d178b1d1e | 375 | int length, int version, byte* cbcIv, int enc, int shaOid) |
wolfSSL | 15:117db924cf7c | 376 | { |
wolfSSL | 15:117db924cf7c | 377 | int typeH; |
wolfSSL | 16:8e0d178b1d1e | 378 | int derivedLen = 0; |
wolfSSL | 15:117db924cf7c | 379 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 380 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 381 | byte* key; |
wolfSSL | 15:117db924cf7c | 382 | #else |
wolfSSL | 15:117db924cf7c | 383 | byte key[MAX_KEY_SIZE]; |
wolfSSL | 15:117db924cf7c | 384 | #endif |
wolfSSL | 15:117db924cf7c | 385 | |
wolfSSL | 15:117db924cf7c | 386 | (void)input; |
wolfSSL | 15:117db924cf7c | 387 | (void)length; |
wolfSSL | 15:117db924cf7c | 388 | (void)enc; |
wolfSSL | 15:117db924cf7c | 389 | |
wolfSSL | 15:117db924cf7c | 390 | WOLFSSL_ENTER("wc_CryptKey"); |
wolfSSL | 15:117db924cf7c | 391 | |
wolfSSL | 15:117db924cf7c | 392 | switch (id) { |
wolfSSL | 15:117db924cf7c | 393 | #ifndef NO_DES3 |
wolfSSL | 15:117db924cf7c | 394 | #ifndef NO_MD5 |
wolfSSL | 15:117db924cf7c | 395 | case PBE_MD5_DES: |
wolfSSL | 15:117db924cf7c | 396 | typeH = WC_MD5; |
wolfSSL | 15:117db924cf7c | 397 | derivedLen = 16; /* may need iv for v1.5 */ |
wolfSSL | 15:117db924cf7c | 398 | break; |
wolfSSL | 15:117db924cf7c | 399 | #endif |
wolfSSL | 15:117db924cf7c | 400 | #ifndef NO_SHA |
wolfSSL | 15:117db924cf7c | 401 | case PBE_SHA1_DES: |
wolfSSL | 15:117db924cf7c | 402 | typeH = WC_SHA; |
wolfSSL | 15:117db924cf7c | 403 | derivedLen = 16; /* may need iv for v1.5 */ |
wolfSSL | 15:117db924cf7c | 404 | break; |
wolfSSL | 15:117db924cf7c | 405 | |
wolfSSL | 15:117db924cf7c | 406 | case PBE_SHA1_DES3: |
wolfSSL | 16:8e0d178b1d1e | 407 | switch(shaOid) { |
wolfSSL | 16:8e0d178b1d1e | 408 | case HMAC_SHA256_OID: |
wolfSSL | 16:8e0d178b1d1e | 409 | typeH = WC_SHA256; |
wolfSSL | 16:8e0d178b1d1e | 410 | derivedLen = 32; |
wolfSSL | 16:8e0d178b1d1e | 411 | break; |
wolfSSL | 16:8e0d178b1d1e | 412 | default: |
wolfSSL | 16:8e0d178b1d1e | 413 | typeH = WC_SHA; |
wolfSSL | 16:8e0d178b1d1e | 414 | derivedLen = 32; /* may need iv for v1.5 */ |
wolfSSL | 16:8e0d178b1d1e | 415 | break; |
wolfSSL | 16:8e0d178b1d1e | 416 | } |
wolfSSL | 16:8e0d178b1d1e | 417 | break; |
wolfSSL | 15:117db924cf7c | 418 | #endif /* !NO_SHA */ |
wolfSSL | 15:117db924cf7c | 419 | #endif /* !NO_DES3 */ |
wolfSSL | 15:117db924cf7c | 420 | #if !defined(NO_SHA) && !defined(NO_RC4) |
wolfSSL | 15:117db924cf7c | 421 | case PBE_SHA1_RC4_128: |
wolfSSL | 15:117db924cf7c | 422 | typeH = WC_SHA; |
wolfSSL | 15:117db924cf7c | 423 | derivedLen = 16; |
wolfSSL | 15:117db924cf7c | 424 | break; |
wolfSSL | 15:117db924cf7c | 425 | #endif |
wolfSSL | 16:8e0d178b1d1e | 426 | #if defined(WOLFSSL_AES_256) |
wolfSSL | 15:117db924cf7c | 427 | case PBE_AES256_CBC: |
wolfSSL | 16:8e0d178b1d1e | 428 | switch(shaOid) { |
wolfSSL | 16:8e0d178b1d1e | 429 | case HMAC_SHA256_OID: |
wolfSSL | 16:8e0d178b1d1e | 430 | typeH = WC_SHA256; |
wolfSSL | 16:8e0d178b1d1e | 431 | derivedLen = 32; |
wolfSSL | 16:8e0d178b1d1e | 432 | break; |
wolfSSL | 16:8e0d178b1d1e | 433 | #ifndef NO_SHA |
wolfSSL | 16:8e0d178b1d1e | 434 | default: |
wolfSSL | 16:8e0d178b1d1e | 435 | typeH = WC_SHA; |
wolfSSL | 16:8e0d178b1d1e | 436 | derivedLen = 32; |
wolfSSL | 16:8e0d178b1d1e | 437 | break; |
wolfSSL | 16:8e0d178b1d1e | 438 | #endif |
wolfSSL | 16:8e0d178b1d1e | 439 | } |
wolfSSL | 15:117db924cf7c | 440 | break; |
wolfSSL | 16:8e0d178b1d1e | 441 | #endif /* WOLFSSL_AES_256 && !NO_SHA */ |
wolfSSL | 16:8e0d178b1d1e | 442 | #if defined(WOLFSSL_AES_128) |
wolfSSL | 16:8e0d178b1d1e | 443 | case PBE_AES128_CBC: |
wolfSSL | 16:8e0d178b1d1e | 444 | switch(shaOid) { |
wolfSSL | 16:8e0d178b1d1e | 445 | case HMAC_SHA256_OID: |
wolfSSL | 16:8e0d178b1d1e | 446 | typeH = WC_SHA256; |
wolfSSL | 16:8e0d178b1d1e | 447 | derivedLen = 16; |
wolfSSL | 16:8e0d178b1d1e | 448 | break; |
wolfSSL | 16:8e0d178b1d1e | 449 | #ifndef NO_SHA |
wolfSSL | 16:8e0d178b1d1e | 450 | default: |
wolfSSL | 16:8e0d178b1d1e | 451 | typeH = WC_SHA; |
wolfSSL | 16:8e0d178b1d1e | 452 | derivedLen = 16; |
wolfSSL | 16:8e0d178b1d1e | 453 | break; |
wolfSSL | 16:8e0d178b1d1e | 454 | #endif |
wolfSSL | 16:8e0d178b1d1e | 455 | } |
wolfSSL | 16:8e0d178b1d1e | 456 | break; |
wolfSSL | 16:8e0d178b1d1e | 457 | #endif /* WOLFSSL_AES_128 && !NO_SHA */ |
wolfSSL | 15:117db924cf7c | 458 | default: |
wolfSSL | 15:117db924cf7c | 459 | WOLFSSL_MSG("Unknown/Unsupported encrypt/decrypt id"); |
wolfSSL | 16:8e0d178b1d1e | 460 | (void)shaOid; |
wolfSSL | 15:117db924cf7c | 461 | return ALGO_ID_E; |
wolfSSL | 15:117db924cf7c | 462 | } |
wolfSSL | 15:117db924cf7c | 463 | |
wolfSSL | 15:117db924cf7c | 464 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 465 | key = (byte*)XMALLOC(MAX_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 466 | if (key == NULL) |
wolfSSL | 15:117db924cf7c | 467 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 468 | #endif |
wolfSSL | 15:117db924cf7c | 469 | |
wolfSSL | 15:117db924cf7c | 470 | if (version == PKCS5v2) |
wolfSSL | 15:117db924cf7c | 471 | ret = wc_PBKDF2(key, (byte*)password, passwordSz, |
wolfSSL | 15:117db924cf7c | 472 | salt, saltSz, iterations, derivedLen, typeH); |
wolfSSL | 15:117db924cf7c | 473 | #ifndef NO_SHA |
wolfSSL | 15:117db924cf7c | 474 | else if (version == PKCS5) |
wolfSSL | 15:117db924cf7c | 475 | ret = wc_PBKDF1(key, (byte*)password, passwordSz, |
wolfSSL | 15:117db924cf7c | 476 | salt, saltSz, iterations, derivedLen, typeH); |
wolfSSL | 15:117db924cf7c | 477 | #endif |
wolfSSL | 16:8e0d178b1d1e | 478 | #ifdef HAVE_PKCS12 |
wolfSSL | 15:117db924cf7c | 479 | else if (version == PKCS12v1) { |
wolfSSL | 15:117db924cf7c | 480 | int i, idx = 0; |
wolfSSL | 15:117db924cf7c | 481 | byte unicodePasswd[MAX_UNICODE_SZ]; |
wolfSSL | 15:117db924cf7c | 482 | |
wolfSSL | 15:117db924cf7c | 483 | if ( (passwordSz * 2 + 2) > (int)sizeof(unicodePasswd)) { |
wolfSSL | 15:117db924cf7c | 484 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 485 | XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 486 | #endif |
wolfSSL | 15:117db924cf7c | 487 | return UNICODE_SIZE_E; |
wolfSSL | 15:117db924cf7c | 488 | } |
wolfSSL | 15:117db924cf7c | 489 | |
wolfSSL | 15:117db924cf7c | 490 | for (i = 0; i < passwordSz; i++) { |
wolfSSL | 15:117db924cf7c | 491 | unicodePasswd[idx++] = 0x00; |
wolfSSL | 15:117db924cf7c | 492 | unicodePasswd[idx++] = (byte)password[i]; |
wolfSSL | 15:117db924cf7c | 493 | } |
wolfSSL | 15:117db924cf7c | 494 | /* add trailing NULL */ |
wolfSSL | 15:117db924cf7c | 495 | unicodePasswd[idx++] = 0x00; |
wolfSSL | 15:117db924cf7c | 496 | unicodePasswd[idx++] = 0x00; |
wolfSSL | 15:117db924cf7c | 497 | |
wolfSSL | 15:117db924cf7c | 498 | ret = wc_PKCS12_PBKDF(key, unicodePasswd, idx, salt, saltSz, |
wolfSSL | 15:117db924cf7c | 499 | iterations, derivedLen, typeH, 1); |
wolfSSL | 15:117db924cf7c | 500 | if (id != PBE_SHA1_RC4_128) |
wolfSSL | 15:117db924cf7c | 501 | ret += wc_PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt, saltSz, |
wolfSSL | 15:117db924cf7c | 502 | iterations, 8, typeH, 2); |
wolfSSL | 15:117db924cf7c | 503 | } |
wolfSSL | 16:8e0d178b1d1e | 504 | #endif /* HAVE_PKCS12 */ |
wolfSSL | 15:117db924cf7c | 505 | else { |
wolfSSL | 15:117db924cf7c | 506 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 507 | XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 508 | #endif |
wolfSSL | 15:117db924cf7c | 509 | WOLFSSL_MSG("Unknown/Unsupported PKCS version"); |
wolfSSL | 15:117db924cf7c | 510 | return ALGO_ID_E; |
wolfSSL | 15:117db924cf7c | 511 | } |
wolfSSL | 15:117db924cf7c | 512 | |
wolfSSL | 15:117db924cf7c | 513 | if (ret != 0) { |
wolfSSL | 15:117db924cf7c | 514 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 515 | XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 516 | #endif |
wolfSSL | 15:117db924cf7c | 517 | return ret; |
wolfSSL | 15:117db924cf7c | 518 | } |
wolfSSL | 15:117db924cf7c | 519 | |
wolfSSL | 15:117db924cf7c | 520 | switch (id) { |
wolfSSL | 15:117db924cf7c | 521 | #ifndef NO_DES3 |
wolfSSL | 15:117db924cf7c | 522 | #if !defined(NO_SHA) || !defined(NO_MD5) |
wolfSSL | 15:117db924cf7c | 523 | case PBE_MD5_DES: |
wolfSSL | 15:117db924cf7c | 524 | case PBE_SHA1_DES: |
wolfSSL | 15:117db924cf7c | 525 | { |
wolfSSL | 15:117db924cf7c | 526 | Des des; |
wolfSSL | 15:117db924cf7c | 527 | byte* desIv = key + 8; |
wolfSSL | 15:117db924cf7c | 528 | |
wolfSSL | 15:117db924cf7c | 529 | if (version == PKCS5v2 || version == PKCS12v1) |
wolfSSL | 15:117db924cf7c | 530 | desIv = cbcIv; |
wolfSSL | 15:117db924cf7c | 531 | |
wolfSSL | 15:117db924cf7c | 532 | if (enc) { |
wolfSSL | 15:117db924cf7c | 533 | ret = wc_Des_SetKey(&des, key, desIv, DES_ENCRYPTION); |
wolfSSL | 15:117db924cf7c | 534 | } |
wolfSSL | 15:117db924cf7c | 535 | else { |
wolfSSL | 15:117db924cf7c | 536 | ret = wc_Des_SetKey(&des, key, desIv, DES_DECRYPTION); |
wolfSSL | 15:117db924cf7c | 537 | } |
wolfSSL | 15:117db924cf7c | 538 | if (ret != 0) { |
wolfSSL | 15:117db924cf7c | 539 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 540 | XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 541 | #endif |
wolfSSL | 15:117db924cf7c | 542 | return ret; |
wolfSSL | 15:117db924cf7c | 543 | } |
wolfSSL | 15:117db924cf7c | 544 | |
wolfSSL | 15:117db924cf7c | 545 | if (enc) { |
wolfSSL | 15:117db924cf7c | 546 | wc_Des_CbcEncrypt(&des, input, input, length); |
wolfSSL | 15:117db924cf7c | 547 | } |
wolfSSL | 15:117db924cf7c | 548 | else { |
wolfSSL | 15:117db924cf7c | 549 | wc_Des_CbcDecrypt(&des, input, input, length); |
wolfSSL | 15:117db924cf7c | 550 | } |
wolfSSL | 15:117db924cf7c | 551 | break; |
wolfSSL | 15:117db924cf7c | 552 | } |
wolfSSL | 15:117db924cf7c | 553 | #endif /* !NO_SHA || !NO_MD5 */ |
wolfSSL | 15:117db924cf7c | 554 | |
wolfSSL | 15:117db924cf7c | 555 | #ifndef NO_SHA |
wolfSSL | 15:117db924cf7c | 556 | case PBE_SHA1_DES3: |
wolfSSL | 15:117db924cf7c | 557 | { |
wolfSSL | 15:117db924cf7c | 558 | Des3 des; |
wolfSSL | 15:117db924cf7c | 559 | byte* desIv = key + 24; |
wolfSSL | 15:117db924cf7c | 560 | |
wolfSSL | 15:117db924cf7c | 561 | if (version == PKCS5v2 || version == PKCS12v1) |
wolfSSL | 15:117db924cf7c | 562 | desIv = cbcIv; |
wolfSSL | 15:117db924cf7c | 563 | |
wolfSSL | 15:117db924cf7c | 564 | ret = wc_Des3Init(&des, NULL, INVALID_DEVID); |
wolfSSL | 15:117db924cf7c | 565 | if (ret != 0) { |
wolfSSL | 15:117db924cf7c | 566 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 567 | XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 568 | #endif |
wolfSSL | 15:117db924cf7c | 569 | return ret; |
wolfSSL | 15:117db924cf7c | 570 | } |
wolfSSL | 15:117db924cf7c | 571 | if (enc) { |
wolfSSL | 15:117db924cf7c | 572 | ret = wc_Des3_SetKey(&des, key, desIv, DES_ENCRYPTION); |
wolfSSL | 15:117db924cf7c | 573 | } |
wolfSSL | 15:117db924cf7c | 574 | else { |
wolfSSL | 15:117db924cf7c | 575 | ret = wc_Des3_SetKey(&des, key, desIv, DES_DECRYPTION); |
wolfSSL | 15:117db924cf7c | 576 | } |
wolfSSL | 15:117db924cf7c | 577 | if (ret != 0) { |
wolfSSL | 15:117db924cf7c | 578 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 579 | XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 580 | #endif |
wolfSSL | 15:117db924cf7c | 581 | return ret; |
wolfSSL | 15:117db924cf7c | 582 | } |
wolfSSL | 15:117db924cf7c | 583 | if (enc) { |
wolfSSL | 15:117db924cf7c | 584 | ret = wc_Des3_CbcEncrypt(&des, input, input, length); |
wolfSSL | 15:117db924cf7c | 585 | } |
wolfSSL | 15:117db924cf7c | 586 | else { |
wolfSSL | 15:117db924cf7c | 587 | ret = wc_Des3_CbcDecrypt(&des, input, input, length); |
wolfSSL | 15:117db924cf7c | 588 | } |
wolfSSL | 15:117db924cf7c | 589 | if (ret != 0) { |
wolfSSL | 15:117db924cf7c | 590 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 591 | XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 592 | #endif |
wolfSSL | 15:117db924cf7c | 593 | return ret; |
wolfSSL | 15:117db924cf7c | 594 | } |
wolfSSL | 15:117db924cf7c | 595 | break; |
wolfSSL | 15:117db924cf7c | 596 | } |
wolfSSL | 15:117db924cf7c | 597 | #endif /* !NO_SHA */ |
wolfSSL | 15:117db924cf7c | 598 | #endif |
wolfSSL | 15:117db924cf7c | 599 | #if !defined(NO_RC4) && !defined(NO_SHA) |
wolfSSL | 15:117db924cf7c | 600 | case PBE_SHA1_RC4_128: |
wolfSSL | 15:117db924cf7c | 601 | { |
wolfSSL | 15:117db924cf7c | 602 | Arc4 dec; |
wolfSSL | 15:117db924cf7c | 603 | |
wolfSSL | 15:117db924cf7c | 604 | wc_Arc4SetKey(&dec, key, derivedLen); |
wolfSSL | 15:117db924cf7c | 605 | wc_Arc4Process(&dec, input, input, length); |
wolfSSL | 15:117db924cf7c | 606 | break; |
wolfSSL | 15:117db924cf7c | 607 | } |
wolfSSL | 15:117db924cf7c | 608 | #endif |
wolfSSL | 16:8e0d178b1d1e | 609 | #if !defined(NO_AES) && defined(HAVE_AES_CBC) |
wolfSSL | 15:117db924cf7c | 610 | #ifdef WOLFSSL_AES_256 |
wolfSSL | 15:117db924cf7c | 611 | case PBE_AES256_CBC: |
wolfSSL | 16:8e0d178b1d1e | 612 | case PBE_AES128_CBC: |
wolfSSL | 15:117db924cf7c | 613 | { |
wolfSSL | 16:8e0d178b1d1e | 614 | Aes aes; |
wolfSSL | 16:8e0d178b1d1e | 615 | ret = wc_AesInit(&aes, NULL, INVALID_DEVID); |
wolfSSL | 16:8e0d178b1d1e | 616 | if (ret == 0) { |
wolfSSL | 16:8e0d178b1d1e | 617 | if (enc) { |
wolfSSL | 16:8e0d178b1d1e | 618 | ret = wc_AesSetKey(&aes, key, derivedLen, cbcIv, |
wolfSSL | 16:8e0d178b1d1e | 619 | AES_ENCRYPTION); |
wolfSSL | 16:8e0d178b1d1e | 620 | } |
wolfSSL | 16:8e0d178b1d1e | 621 | else { |
wolfSSL | 16:8e0d178b1d1e | 622 | ret = wc_AesSetKey(&aes, key, derivedLen, cbcIv, |
wolfSSL | 16:8e0d178b1d1e | 623 | AES_DECRYPTION); |
wolfSSL | 16:8e0d178b1d1e | 624 | } |
wolfSSL | 16:8e0d178b1d1e | 625 | } |
wolfSSL | 16:8e0d178b1d1e | 626 | if (ret == 0) { |
wolfSSL | 16:8e0d178b1d1e | 627 | if (enc) |
wolfSSL | 16:8e0d178b1d1e | 628 | ret = wc_AesCbcEncrypt(&aes, input, input, length); |
wolfSSL | 16:8e0d178b1d1e | 629 | else |
wolfSSL | 16:8e0d178b1d1e | 630 | ret = wc_AesCbcDecrypt(&aes, input, input, length); |
wolfSSL | 16:8e0d178b1d1e | 631 | } |
wolfSSL | 15:117db924cf7c | 632 | if (ret != 0) { |
wolfSSL | 15:117db924cf7c | 633 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 634 | XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 635 | #endif |
wolfSSL | 15:117db924cf7c | 636 | return ret; |
wolfSSL | 15:117db924cf7c | 637 | } |
wolfSSL | 16:8e0d178b1d1e | 638 | ForceZero(&aes, sizeof(Aes)); |
wolfSSL | 15:117db924cf7c | 639 | break; |
wolfSSL | 15:117db924cf7c | 640 | } |
wolfSSL | 15:117db924cf7c | 641 | #endif /* WOLFSSL_AES_256 */ |
wolfSSL | 16:8e0d178b1d1e | 642 | #endif /* !NO_AES && HAVE_AES_CBC */ |
wolfSSL | 15:117db924cf7c | 643 | |
wolfSSL | 15:117db924cf7c | 644 | default: |
wolfSSL | 15:117db924cf7c | 645 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 646 | XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 647 | #endif |
wolfSSL | 15:117db924cf7c | 648 | WOLFSSL_MSG("Unknown/Unsupported encrypt/decryption algorithm"); |
wolfSSL | 15:117db924cf7c | 649 | return ALGO_ID_E; |
wolfSSL | 15:117db924cf7c | 650 | } |
wolfSSL | 15:117db924cf7c | 651 | |
wolfSSL | 15:117db924cf7c | 652 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 653 | XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 654 | #endif |
wolfSSL | 15:117db924cf7c | 655 | |
wolfSSL | 15:117db924cf7c | 656 | return ret; |
wolfSSL | 15:117db924cf7c | 657 | } |
wolfSSL | 15:117db924cf7c | 658 | |
wolfSSL | 16:8e0d178b1d1e | 659 | #endif /* HAVE_PKCS8 || HAVE_PKCS12 */ |
wolfSSL | 15:117db924cf7c | 660 | #endif /* !NO_PWDBASED */ |
wolfSSL | 15:117db924cf7c | 661 |