byte RNG_GenerateByte(RNG* rng)
{
byte b;
RNG_GenerateBlock(rng, &b, 1);
return b;
}
static void RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
word32 pkcsBlockLen, byte padValue, RNG* rng)
{
if (inputLen == 0) return;
pkcsBlock[0] = 0x0; /* set first byte to zero and advance */
pkcsBlock++; pkcsBlockLen--;
pkcsBlock[0] = padValue; /* insert padValue */
if (padValue == RSA_BLOCK_TYPE_1)
/* pad with 0xff bytes */
XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2);
else {
/* pad with non-zero random bytes */
word32 padLen = pkcsBlockLen - inputLen - 1, i;
RNG_GenerateBlock(rng, &pkcsBlock[1], padLen);
/* remove zeros */
for (i = 1; i < padLen; i++)
if (pkcsBlock[i] == 0) pkcsBlock[i] = 0x01;
}
pkcsBlock[pkcsBlockLen-inputLen-1] = 0; /* separator */
XMEMCPY(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen);
}
/* RNG Block Generation of sz bytes, < 0 on error */
int CRYPT_RNG_BlockGenerate(CRYPT_RNG_CTX* rng, unsigned char* b,
unsigned int sz)
{
if (rng == NULL || b == NULL)
return BAD_FUNC_ARG;
return RNG_GenerateBlock((WC_RNG*)rng, b, sz);
}
static void GeneratePrivate(DhKey* key, RNG* rng, byte* priv, word32* privSz)
{
word32 sz = mp_unsigned_bin_size(&key->p);
sz = min(sz, 2 * DiscreteLogWorkFactor(sz * BIT_SIZE) / BIT_SIZE + 1);
RNG_GenerateBlock(rng, priv, sz);
priv[0] |= 0x0C;
*privSz = sz;
}
static void GeneratePrivate(DhKey* key, RNG* rng, byte* priv, word32* privSz)
{
word32 sz = mp_unsigned_bin_size(&key->p);
/* Disabled on request for WPS in WMSDK. Seems that this is not required */
/* sz = min(sz, 2 * DiscreteLogWorkFactor(sz * CYASSL_BIT_SIZE) /
CYASSL_BIT_SIZE + 1); */
RNG_GenerateBlock(rng, priv, sz);
priv[0] |= 0x0C;
*privSz = sz;
}
int random_test()
{
RNG rng;
byte block[32];
int ret = InitRng(&rng);
if (ret != 0) return -39;
RNG_GenerateBlock(&rng, block, sizeof(block));
return 0;
}
int Curl_cyassl_random(struct SessionHandle *data,
unsigned char *entropy,
size_t length)
{
RNG rng;
(void)data;
if(InitRng(&rng))
return 1;
if(RNG_GenerateBlock(&rng, entropy, length))
return 1;
return 0;
}
/* Get seed and key cipher */
int InitRng(RNG* rng)
{
byte key[32];
byte junk[256];
int ret = GenerateSeed(&rng->seed, key, sizeof(key));
if (ret == 0) {
Arc4SetKey(&rng->cipher, key, sizeof(key));
RNG_GenerateBlock(rng, junk, sizeof(junk)); /* rid initial state */
}
return ret;
}
static CURLcode Curl_cyassl_random(struct Curl_easy *data,
unsigned char *entropy, size_t length)
{
RNG rng;
(void)data;
if(InitRng(&rng))
return CURLE_FAILED_INIT;
if(length > UINT_MAX)
return CURLE_FAILED_INIT;
if(RNG_GenerateBlock(&rng, entropy, (unsigned)length))
return CURLE_FAILED_INIT;
return CURLE_OK;
}
static void CleanPreMaster(SSL* ssl)
{
int i, sz = ssl->arrays.preMasterSz;
for (i = 0; i < sz; i++)
ssl->arrays.preMasterSecret[i] = 0;
RNG_GenerateBlock(&ssl->rng, ssl->arrays.preMasterSecret, sz);
for (i = 0; i < sz; i++)
ssl->arrays.preMasterSecret[i] = 0;
}
bool
tr_rand_buffer (void * buffer,
size_t length)
{
bool ret;
tr_lock * rng_lock = get_rng_lock ();
assert (buffer != NULL);
tr_lockLock (rng_lock);
ret = check_result (RNG_GenerateBlock (get_rng (), buffer, length));
tr_lockUnlock (rng_lock);
return ret;
}
byte GetEntropy(ENTROPY_CMD cmd, byte* out)
{
if (cmd == INIT)
return (InitRng(&rng) == 0) ? 1 : 0;
if (out == NULL)
return 0;
if (cmd == GET_BYTE_OF_ENTROPY)
return (RNG_GenerateBlock(&rng, out, 1) == 0) ? 1 : 0;
if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) {
*out = 1;
return 1;
}
return 0;
}
/*
* Makes a cyptographically secure key by stretMDMching a user entered key
*/
int GenerateKey(RNG* rng, byte* key, int size, byte* salt, int pad)
{
int ret;
ret = RNG_GenerateBlock(rng, salt, SALT_SIZE-1);
if (ret != 0)
return -1020;
if (pad == 0) /* sets first value of salt to check if the */
salt[0] = 0; /* message is padded */
/* stretches key */
ret = PBKDF2(key, key, strlen((const char*)key), salt, SALT_SIZE, 4096,
size, SHA256);
if (ret != 0)
return -1030;
return 0;
}
int ecc25519_make_key(RNG* rng, int keysize, ecc25519_key* key)
{
unsigned char basepoint[ECC25519_KEYSIZE] = {9};
unsigned char n[ECC25519_KEYSIZE];
unsigned char p[ECC25519_KEYSIZE];
int i;
int err;
if (key == NULL || rng == NULL)
return ECC_BAD_ARG_E;
/* currently only a key size of 32 bytes is used */
if (keysize != ECC25519_KEYSIZE)
return ECC_BAD_ARG_E;
/* get random number from RNG */
err = RNG_GenerateBlock(rng, n, keysize);
if (err != 0)
return err;
for (i = 0; i < keysize; ++i) key->k.point[i] = n[i];
key->k.point[ 0] &= 248;
key->k.point[31] &= 127;
key->k.point[31] |= 64;
/*compute public key*/
err = curve25519(p, key->k.point, basepoint);
/* store keys in big endian format */
for (i = 0; i < keysize; ++i) n[i] = key->k.point[i];
for (i = 0; i < keysize; ++i) {
key->p.point[keysize - i - 1] = p[i];
key->k.point[keysize - i - 1] = n[i];
}
XMEMSET(n, 0, keysize);
return err;
}
int DsaSign(const byte* digest, byte* out, DsaKey* key, RNG* rng)
{
mp_int k, kInv, r, s, H;
int ret = 0, sz;
byte buffer[DSA_HALF_SIZE];
if (mp_init_multi(&k, &kInv, &r, &s, &H, 0) != MP_OKAY)
return MP_INIT_E;
sz = min(sizeof(buffer), mp_unsigned_bin_size(&key->q));
/* generate k */
RNG_GenerateBlock(rng, buffer, sz);
buffer[0] |= 0x0C;
if (mp_read_unsigned_bin(&k, buffer, sz) != MP_OKAY)
ret = MP_READ_E;
if (mp_cmp_d(&k, 1) != MP_GT)
ret = MP_CMP_E;
/* inverse k mod q */
if (ret == 0 && mp_invmod(&k, &key->q, &kInv) != MP_OKAY)
ret = MP_INVMOD_E;
/* generate r, r = (g exp k mod p) mod q */
if (ret == 0 && mp_exptmod(&key->g, &k, &key->p, &r) != MP_OKAY)
ret = MP_EXPTMOD_E;
if (ret == 0 && mp_mod(&r, &key->q, &r) != MP_OKAY)
ret = MP_MOD_E;
/* generate H from sha digest */
if (ret == 0 && mp_read_unsigned_bin(&H, digest,SHA_DIGEST_SIZE) != MP_OKAY)
ret = MP_READ_E;
/* generate s, s = (kInv * (H + x*r)) % q */
if (ret == 0 && mp_mul(&key->x, &r, &s) != MP_OKAY)
ret = MP_MUL_E;
if (ret == 0 && mp_add(&s, &H, &s) != MP_OKAY)
ret = MP_ADD_E;
if (ret == 0 && mp_mulmod(&s, &kInv, &key->q, &s) != MP_OKAY)
ret = MP_MULMOD_E;
/* write out */
if (ret == 0) {
int rSz = mp_unsigned_bin_size(&r);
int sSz = mp_unsigned_bin_size(&s);
if (rSz == DSA_HALF_SIZE - 1) {
out[0] = 0;
out++;
}
if (mp_to_unsigned_bin(&r, out) != MP_OKAY)
ret = MP_TO_E;
else {
if (sSz == DSA_HALF_SIZE - 1) {
out[rSz] = 0;
out++;
}
ret = mp_to_unsigned_bin(&s, out + rSz);
}
}
mp_clear(&H);
mp_clear(&s);
mp_clear(&r);
mp_clear(&kInv);
mp_clear(&k);
return ret;
}
/*
* Encrypts a file using Camellia
*/
int CamelliaEncrypt(Camellia* cam, byte* key, int size, FILE* inFile,
FILE* outFile)
{
RNG rng;
byte iv[CAMELLIA_BLOCK_SIZE];
byte* input;
byte* output;
byte salt[SALT_SIZE] = {0};
int i = 0;
int ret = 0;
int inputLength;
int length;
int padCounter = 0;
fseek(inFile, 0, SEEK_END);
inputLength = ftell(inFile);
fseek(inFile, 0, SEEK_SET);
length = inputLength;
/* pads the length until it evenly matches a block / increases pad number*/
while (length % CAMELLIA_BLOCK_SIZE != 0) {
length++;
padCounter++;
}
input = malloc(length);
output = malloc(length);
ret = InitRng(&rng);
if (ret != 0) {
printf("Failed to initialize random number generator\n");
return -1030;
}
/* reads from inFile and wrties whatever is there to the input array */
ret = fread(input, 1, inputLength, inFile);
if (ret == 0) {
printf("Input file does not exist.\n");
return -1010;
}
for (i = inputLength; i < length; i++) {
/* padds the added characters with the number of pads */
input[i] = padCounter;
}
ret = RNG_GenerateBlock(&rng, iv, CAMELLIA_BLOCK_SIZE);
if (ret != 0)
return -1020;
/* stretches key to fit size */
ret = GenerateKey(&rng, key, size, salt, padCounter);
if (ret != 0)
return -1040;
/* sets key */
ret = CamelliaSetKey(cam, key, CAMELLIA_BLOCK_SIZE, iv);
if (ret != 0)
return -1001;
/* encrypts the message to the ouput based on input length + padding */
CamelliaCbcEncrypt(cam, output, input, length);
/* writes to outFile */
fwrite(salt, 1, SALT_SIZE, outFile);
fwrite(iv, 1, CAMELLIA_BLOCK_SIZE, outFile);
fwrite(output, 1, length, outFile);
/* closes the opened files and frees the memory*/
memset(input, 0, length);
memset(output, 0, length);
memset(key, 0, size);
free(input);
free(output);
free(key);
fclose(inFile);
fclose(outFile);
return 0;
}
static int rand_prime(mp_int* N, int len, RNG* rng, void* heap)
{
int err, res, type;
byte* buf;
(void)heap;
if (N == NULL || rng == NULL)
return BAD_FUNC_ARG;
/* get type */
if (len < 0) {
type = USE_BBS;
len = -len;
} else {
type = 0;
}
/* allow sizes between 2 and 512 bytes for a prime size */
if (len < 2 || len > 512) {
return BAD_FUNC_ARG;
}
/* allocate buffer to work with */
buf = XMALLOC(len, heap, DYNAMIC_TYPE_RSA);
if (buf == NULL) {
return MEMORY_E;
}
XMEMSET(buf, 0, len);
do {
#ifdef SHOW_GEN
printf(".");
fflush(stdout);
#endif
/* generate value */
RNG_GenerateBlock(rng, buf, len);
/* munge bits */
buf[0] |= 0x80 | 0x40;
buf[len-1] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00);
/* load value */
if ((err = mp_read_unsigned_bin(N, buf, len)) != MP_OKAY) {
XFREE(buf, heap, DYNAMIC_TYPE_RSA);
return err;
}
/* test */
if ((err = mp_prime_is_prime(N, 8, &res)) != MP_OKAY) {
XFREE(buf, heap, DYNAMIC_TYPE_RSA);
return err;
}
} while (res == MP_NO);
#ifdef LTC_CLEAN_STACK
XMEMSET(buf, 0, len);
#endif
XFREE(buf, heap, DYNAMIC_TYPE_RSA);
return 0;
}
static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
byte side, void* heap, RNG* rng)
{
#ifdef BUILD_ARC4
word32 sz = specs->key_size;
if (specs->bulk_cipher_algorithm == rc4) {
enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
if (enc->arc4 == NULL)
return MEMORY_E;
dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
if (dec->arc4 == NULL)
return MEMORY_E;
if (side == CLIENT_END) {
Arc4SetKey(enc->arc4, keys->client_write_key, sz);
Arc4SetKey(dec->arc4, keys->server_write_key, sz);
}
else {
Arc4SetKey(enc->arc4, keys->server_write_key, sz);
Arc4SetKey(dec->arc4, keys->client_write_key, sz);
}
}
#endif
#ifdef HAVE_HC128
if (specs->bulk_cipher_algorithm == hc128) {
enc->hc128 = (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
if (enc->hc128 == NULL)
return MEMORY_E;
dec->hc128 = (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
if (dec->hc128 == NULL)
return MEMORY_E;
if (side == CLIENT_END) {
Hc128_SetKey(enc->hc128, keys->client_write_key,
keys->client_write_IV);
Hc128_SetKey(dec->hc128, keys->server_write_key,
keys->server_write_IV);
}
else {
Hc128_SetKey(enc->hc128, keys->server_write_key,
keys->server_write_IV);
Hc128_SetKey(dec->hc128, keys->client_write_key,
keys->client_write_IV);
}
}
#endif
#ifdef BUILD_RABBIT
if (specs->bulk_cipher_algorithm == rabbit) {
enc->rabbit = (Rabbit*)XMALLOC(sizeof(Rabbit),heap,DYNAMIC_TYPE_CIPHER);
if (enc->rabbit == NULL)
return MEMORY_E;
dec->rabbit = (Rabbit*)XMALLOC(sizeof(Rabbit),heap,DYNAMIC_TYPE_CIPHER);
if (dec->rabbit == NULL)
return MEMORY_E;
if (side == CLIENT_END) {
RabbitSetKey(enc->rabbit, keys->client_write_key,
keys->client_write_IV);
RabbitSetKey(dec->rabbit, keys->server_write_key,
keys->server_write_IV);
}
else {
RabbitSetKey(enc->rabbit, keys->server_write_key,
keys->server_write_IV);
RabbitSetKey(dec->rabbit, keys->client_write_key,
keys->client_write_IV);
}
}
#endif
#ifdef BUILD_DES3
if (specs->bulk_cipher_algorithm == triple_des) {
enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
if (enc->des3 == NULL)
return MEMORY_E;
dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
if (dec->des3 == NULL)
return MEMORY_E;
if (side == CLIENT_END) {
Des3_SetKey(enc->des3, keys->client_write_key,
keys->client_write_IV, DES_ENCRYPTION);
Des3_SetKey(dec->des3, keys->server_write_key,
keys->server_write_IV, DES_DECRYPTION);
}
else {
Des3_SetKey(enc->des3, keys->server_write_key,
keys->server_write_IV, DES_ENCRYPTION);
Des3_SetKey(dec->des3, keys->client_write_key,
keys->client_write_IV, DES_DECRYPTION);
}
}
#endif
#ifdef BUILD_AES
if (specs->bulk_cipher_algorithm == aes) {
enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
if (enc->aes == NULL)
return MEMORY_E;
dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
if (dec->aes == NULL)
return MEMORY_E;
if (side == CLIENT_END) {
AesSetKey(enc->aes, keys->client_write_key,
specs->key_size, keys->client_write_IV,
AES_ENCRYPTION);
AesSetKey(dec->aes, keys->server_write_key,
specs->key_size, keys->server_write_IV,
AES_DECRYPTION);
}
else {
AesSetKey(enc->aes, keys->server_write_key,
specs->key_size, keys->server_write_IV,
AES_ENCRYPTION);
AesSetKey(dec->aes, keys->client_write_key,
specs->key_size, keys->client_write_IV,
AES_DECRYPTION);
}
}
#endif
#ifdef BUILD_AESGCM
if (specs->bulk_cipher_algorithm == aes_gcm) {
byte iv[AES_GCM_EXP_IV_SZ];
enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
if (enc->aes == NULL)
return MEMORY_E;
dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
if (dec->aes == NULL)
return MEMORY_E;
/* Initialize the AES-GCM explicit IV to a random number. */
RNG_GenerateBlock(rng, iv, sizeof(iv));
AesGcmSetExpIV(enc->aes, iv);
if (side == CLIENT_END) {
AesGcmSetKey(enc->aes, keys->client_write_key, specs->key_size,
keys->client_write_IV);
AesGcmSetKey(dec->aes, keys->server_write_key, specs->key_size,
keys->server_write_IV);
}
else {
AesGcmSetKey(enc->aes, keys->server_write_key, specs->key_size,
keys->server_write_IV);
AesGcmSetKey(dec->aes, keys->client_write_key, specs->key_size,
keys->client_write_IV);
}
}
#endif
keys->sequence_number = 0;
keys->peer_sequence_number = 0;
keys->encryptionOn = 0;
(void)rng;
return 0;
}
/* build PKCS#7 envelopedData content type, return enveloped size */
int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
{
int i, ret = 0, idx = 0;
int totalSz = 0, padSz = 0, desOutSz = 0;
int contentInfoSeqSz, outerContentTypeSz, outerContentSz;
byte contentInfoSeq[MAX_SEQ_SZ];
byte outerContentType[MAX_ALGO_SZ];
byte outerContent[MAX_SEQ_SZ];
int envDataSeqSz, verSz;
byte envDataSeq[MAX_SEQ_SZ];
byte ver[MAX_VERSION_SZ];
RNG rng;
int contentKeyEncSz, blockKeySz;
int dynamicFlag = 0;
byte contentKeyPlain[MAX_CONTENT_KEY_LEN];
byte contentKeyEnc[MAX_ENCRYPTED_KEY_SZ];
byte* plain;
byte* encryptedContent;
int recipSz, recipSetSz;
byte recip[MAX_RECIP_SZ];
byte recipSet[MAX_SET_SZ];
int encContentOctetSz, encContentSeqSz, contentTypeSz;
int contentEncAlgoSz, ivOctetStringSz;
byte encContentSeq[MAX_SEQ_SZ];
byte contentType[MAX_ALGO_SZ];
byte contentEncAlgo[MAX_ALGO_SZ];
byte tmpIv[DES_BLOCK_SIZE];
byte ivOctetString[MAX_OCTET_STR_SZ];
byte encContentOctet[MAX_OCTET_STR_SZ];
if (pkcs7 == NULL || pkcs7->content == NULL || pkcs7->contentSz == 0 ||
pkcs7->encryptOID == 0 || pkcs7->singleCert == NULL)
return BAD_FUNC_ARG;
if (output == NULL || outputSz == 0)
return BAD_FUNC_ARG;
/* PKCS#7 only supports DES, 3DES for now */
switch (pkcs7->encryptOID) {
case DESb:
blockKeySz = DES_KEYLEN;
break;
case DES3b:
blockKeySz = DES3_KEYLEN;
break;
default:
CYASSL_MSG("Unsupported content cipher type");
return ALGO_ID_E;
};
/* outer content type */
outerContentTypeSz = SetContentType(ENVELOPED_DATA, outerContentType);
/* version, defined as 0 in RFC 2315 */
verSz = SetMyVersion(0, ver, 0);
/* generate random content encryption key */
ret = InitRng(&rng);
if (ret != 0)
return ret;
ret = RNG_GenerateBlock(&rng, contentKeyPlain, blockKeySz);
if (ret != 0)
return ret;
/* build RecipientInfo, only handle 1 for now */
recipSz = CreateRecipientInfo(pkcs7->singleCert, pkcs7->singleCertSz, RSAk,
blockKeySz, &rng, contentKeyPlain,
contentKeyEnc, &contentKeyEncSz, recip,
MAX_RECIP_SZ);
if (recipSz < 0) {
CYASSL_MSG("Failed to create RecipientInfo");
return recipSz;
}
recipSetSz = SetSet(recipSz, recipSet);
/* generate IV for block cipher */
ret = RNG_GenerateBlock(&rng, tmpIv, DES_BLOCK_SIZE);
if (ret != 0)
return ret;
/* EncryptedContentInfo */
contentTypeSz = SetContentType(pkcs7->contentOID, contentType);
if (contentTypeSz == 0)
return BAD_FUNC_ARG;
/* allocate encrypted content buffer, pad if necessary, PKCS#7 padding */
padSz = DES_BLOCK_SIZE - (pkcs7->contentSz % DES_BLOCK_SIZE);
desOutSz = pkcs7->contentSz + padSz;
if (padSz != 0) {
plain = XMALLOC(desOutSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
return MEMORY_E;
}
XMEMCPY(plain, pkcs7->content, pkcs7->contentSz);
dynamicFlag = 1;
for (i = 0; i < padSz; i++) {
plain[pkcs7->contentSz + i] = padSz;
}
} else {
plain = pkcs7->content;
desOutSz = pkcs7->contentSz;
}
encryptedContent = XMALLOC(desOutSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (encryptedContent == NULL) {
if (dynamicFlag)
XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return MEMORY_E;
}
/* put together IV OCTET STRING */
ivOctetStringSz = SetOctetString(DES_BLOCK_SIZE, ivOctetString);
/* build up our ContentEncryptionAlgorithmIdentifier sequence,
* adding (ivOctetStringSz + DES_BLOCK_SIZE) for IV OCTET STRING */
contentEncAlgoSz = SetAlgoID(pkcs7->encryptOID, contentEncAlgo,
blkType, ivOctetStringSz + DES_BLOCK_SIZE);
if (contentEncAlgoSz == 0)
return BAD_FUNC_ARG;
/* encrypt content */
if (pkcs7->encryptOID == DESb) {
Des des;
ret = Des_SetKey(&des, contentKeyPlain, tmpIv, DES_ENCRYPTION);
if (ret == 0)
Des_CbcEncrypt(&des, encryptedContent, plain, desOutSz);
if (ret != 0) {
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (dynamicFlag)
XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
}
else if (pkcs7->encryptOID == DES3b) {
Des3 des3;
ret = Des3_SetKey(&des3, contentKeyPlain, tmpIv, DES_ENCRYPTION);
if (ret == 0)
ret = Des3_CbcEncrypt(&des3, encryptedContent, plain, desOutSz);
if (ret != 0) {
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (dynamicFlag)
XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
}
encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0,
desOutSz, encContentOctet);
encContentSeqSz = SetSequence(contentTypeSz + contentEncAlgoSz +
ivOctetStringSz + DES_BLOCK_SIZE +
encContentOctetSz + desOutSz, encContentSeq);
/* keep track of sizes for outer wrapper layering */
totalSz = verSz + recipSetSz + recipSz + encContentSeqSz + contentTypeSz +
contentEncAlgoSz + ivOctetStringSz + DES_BLOCK_SIZE +
encContentOctetSz + desOutSz;
/* EnvelopedData */
envDataSeqSz = SetSequence(totalSz, envDataSeq);
totalSz += envDataSeqSz;
/* outer content */
outerContentSz = SetExplicit(0, totalSz, outerContent);
totalSz += outerContentTypeSz;
totalSz += outerContentSz;
/* ContentInfo */
contentInfoSeqSz = SetSequence(totalSz, contentInfoSeq);
totalSz += contentInfoSeqSz;
if (totalSz > (int)outputSz) {
CYASSL_MSG("Pkcs7_encrypt output buffer too small");
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (dynamicFlag)
XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return BUFFER_E;
}
XMEMCPY(output + idx, contentInfoSeq, contentInfoSeqSz);
idx += contentInfoSeqSz;
XMEMCPY(output + idx, outerContentType, outerContentTypeSz);
idx += outerContentTypeSz;
XMEMCPY(output + idx, outerContent, outerContentSz);
idx += outerContentSz;
XMEMCPY(output + idx, envDataSeq, envDataSeqSz);
idx += envDataSeqSz;
XMEMCPY(output + idx, ver, verSz);
idx += verSz;
XMEMCPY(output + idx, recipSet, recipSetSz);
idx += recipSetSz;
XMEMCPY(output + idx, recip, recipSz);
idx += recipSz;
XMEMCPY(output + idx, encContentSeq, encContentSeqSz);
idx += encContentSeqSz;
XMEMCPY(output + idx, contentType, contentTypeSz);
idx += contentTypeSz;
XMEMCPY(output + idx, contentEncAlgo, contentEncAlgoSz);
idx += contentEncAlgoSz;
XMEMCPY(output + idx, ivOctetString, ivOctetStringSz);
idx += ivOctetStringSz;
XMEMCPY(output + idx, tmpIv, DES_BLOCK_SIZE);
idx += DES_BLOCK_SIZE;
XMEMCPY(output + idx, encContentOctet, encContentOctetSz);
idx += encContentOctetSz;
XMEMCPY(output + idx, encryptedContent, desOutSz);
idx += desOutSz;
#ifdef NO_RC4
FreeRng(&rng);
#endif
XMEMSET(contentKeyPlain, 0, MAX_CONTENT_KEY_LEN);
XMEMSET(contentKeyEnc, 0, MAX_ENCRYPTED_KEY_SZ);
if (dynamicFlag)
XFREE(plain, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return idx;
}
