bool AES_KW_Encrypt(COSE_RecipientInfo * pcose, const byte * pbKeyIn, int cbitKey, const byte * pbContent, int cbContent, cose_errback * perr)
{
byte *pbOut = NULL;
AES_KEY key;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pcose->m_encrypt.m_message.m_allocContext;
#endif
cn_cbor * cnTmp = NULL;
pbOut = COSE_CALLOC(cbContent + 8, 1, context);
CHECK_CONDITION(AES_set_encrypt_key(pbKeyIn, cbitKey, &key) == 0, COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(AES_wrap_key(&key, NULL, pbOut, pbContent, cbContent), COSE_ERR_CRYPTO_FAIL);
cnTmp = cn_cbor_data_create(pbOut, (int)cbContent + 8, CBOR_CONTEXT_PARAM_COMMA NULL);
CHECK_CONDITION(cnTmp != NULL, COSE_ERR_CBOR);
pbOut = NULL;
CHECK_CONDITION(_COSE_array_replace(&pcose->m_encrypt.m_message, cnTmp, INDEX_BODY, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR);
cnTmp = NULL;
return true;
errorReturn:
COSE_FREE(cnTmp, context);
if (pbOut != NULL) COSE_FREE(pbOut, context);
return false;
}
static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
CMS_RecipientInfo *ri)
{
CMS_EncryptedContentInfo *ec;
CMS_KEKRecipientInfo *kekri;
AES_KEY actx;
unsigned char *wkey = NULL;
int wkeylen;
int r = 0;
ec = cms->d.envelopedData->encryptedContentInfo;
kekri = ri->d.kekri;
if (!kekri->key)
{
CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY);
return 0;
}
if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx))
{
CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
CMS_R_ERROR_SETTING_KEY);
goto err;
}
wkey = OPENSSL_malloc(ec->keylen + 8);
if (!wkey)
{
CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
ERR_R_MALLOC_FAILURE);
goto err;
}
wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
if (wkeylen <= 0)
{
CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
goto err;
}
ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
r = 1;
err:
if (!r && wkey)
OPENSSL_free(wkey);
OPENSSL_cleanse(&actx, sizeof(actx));
return r;
}