diff --git a/Makefile.am b/Makefile.am index 6c1f3827d..b9d60b6da 100644 --- a/Makefile.am +++ b/Makefile.am @@ -59,12 +59,14 @@ CLEANFILES+= cert.der \ pkcs7signedData_RSA_SHA_noattr.der \ pkcs7signedData_RSA_SHA224.der \ pkcs7signedData_RSA_SHA256.der \ + pkcs7signedData_RSA_SHA256_custom_contentType.der \ pkcs7signedData_RSA_SHA384.der \ pkcs7signedData_RSA_SHA512.der \ pkcs7signedData_ECDSA_SHA.der \ pkcs7signedData_ECDSA_SHA_noattr.der \ pkcs7signedData_ECDSA_SHA224.der \ pkcs7signedData_ECDSA_SHA256.der \ + pkcs7signedData_ECDSA_SHA256_custom_contentType.der \ pkcs7signedData_ECDSA_SHA384.der \ pkcs7signedData_ECDSA_SHA512.der diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index b02733c0e..8743e7ecb 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -1938,7 +1938,7 @@ int DecodeObjectId(const byte* in, word32 inSz, word16* out, word32* outSz) * ASN_PARSE_E when length is invalid. * Otherwise, 0 to indicate success. */ -static int GetASNObjectId(const byte* input, word32* inOutIdx, int* len, +int GetASNObjectId(const byte* input, word32* inOutIdx, int* len, word32 maxIdx) { word32 idx = *inOutIdx; diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index c478225b7..2d4f2cc45 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -383,6 +383,8 @@ void wc_PKCS7_Free(PKCS7* pkcs7) pkcs7->isDynamic = 0; XFREE(pkcs7, pkcs7->heap, DYNAMIC_TYPE_PKCS7); } + + pkcs7->contentTypeSz = 0; } @@ -1030,19 +1032,22 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd, const byte* hashBuf, word32 hashSz, byte* output, word32* outputSz, byte* output2, word32* output2Sz) { - const byte outerOid[] = - { ASN_OBJECT_ID, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, - 0x07, 0x02 }; + /* id-signedData (1.2.840.113549.1.7.2) */ + static const byte outerOid[] = + { ASN_OBJECT_ID, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x07, 0x02 }; + + /* default id-data OID (1.2.840.113549.1.7.1), user can override */ const byte innerOid[] = - { ASN_OBJECT_ID, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01 }; + /* contentType OID (1.2.840.113549.1.9.3) */ const byte contentTypeOid[] = { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xF7, 0x0d, 0x01, 0x09, 0x03 }; - const byte contentType[] = - { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x07, 0x01 }; + + /* messageDigest OID (1.2.840.113549.1.9.4) */ const byte messageDigestOid[] = { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x04 }; @@ -1053,7 +1058,6 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd, int digEncAlgoId, digEncAlgoType; byte* flatSignedAttribs = NULL; word32 flatSignedAttribsSz = 0; - word32 innerOidSz = sizeof(innerOid); word32 outerOidSz = sizeof(outerOid); if (pkcs7 == NULL || pkcs7->contentSz == 0 || @@ -1065,6 +1069,20 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd, } /* verify the hash size matches */ +#ifdef WOLFSSL_SMALL_STACK + esd = (ESD*)XMALLOC(sizeof(ESD), pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (esd == NULL) + return MEMORY_E; +#endif + + XMEMSET(esd, 0, sizeof(ESD)); + + /* use default DATA contentType if not set by user */ + if (pkcs7->contentTypeSz == 0) { + XMEMCPY(pkcs7->contentType, innerOid, sizeof(innerOid)); + pkcs7->contentTypeSz = sizeof(innerOid); + } + esd->hashType = wc_OidGetHash(pkcs7->hashOID); if (wc_HashGetDigestSize(esd->hashType) != (int)hashSz) { WOLFSSL_MSG("hashSz did not match hashOID"); @@ -1080,8 +1098,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd, esd->innerContSeqSz = SetExplicit(0, esd->innerOctetsSz + pkcs7->contentSz, esd->innerContSeq); esd->contentInfoSeqSz = SetSequence(pkcs7->contentSz + esd->innerOctetsSz + - innerOidSz + esd->innerContSeqSz, - esd->contentInfoSeq); + pkcs7->contentTypeSz + esd->innerContSeqSz, + esd->contentInfoSeq); esd->issuerSnSz = SetSerialNumber(pkcs7->issuerSn, pkcs7->issuerSnSz, esd->issuerSn, MAX_SN_SZ); @@ -1111,7 +1129,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd, /* build up signed attributes */ ret = wc_PKCS7_BuildSignedAttributes(pkcs7, esd, contentTypeOid, sizeof(contentTypeOid), - contentType, sizeof(contentType), + pkcs7->contentType, pkcs7->contentTypeSz, messageDigestOid, sizeof(messageDigestOid)); if (ret < 0) { return MEMORY_E; @@ -1205,8 +1223,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd, idx += esd->singleDigAlgoIdSz; XMEMCPY(output + idx, esd->contentInfoSeq, esd->contentInfoSeqSz); idx += esd->contentInfoSeqSz; - XMEMCPY(output + idx, innerOid, innerOidSz); - idx += innerOidSz; + XMEMCPY(output + idx, pkcs7->contentType, pkcs7->contentTypeSz); + idx += pkcs7->contentTypeSz; XMEMCPY(output + idx, esd->innerContSeq, esd->innerContSeqSz); idx += esd->innerContSeqSz; XMEMCPY(output + idx, esd->innerOctets, esd->innerOctetsSz); @@ -1928,13 +1946,14 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, word32 hashSz, byte* pkiMsg, word32 pkiMsgSz, byte* pkiMsg2, word32 pkiMsg2Sz) { - word32 idx, contentType, hashOID, sigOID, totalSz; + word32 idx, outerContentType, hashOID, sigOID, contentTypeSz, totalSz; int length, version, ret; byte* content = NULL; byte* contentDynamic = NULL; byte* sig = NULL; byte* cert = NULL; byte* signedAttrib = NULL; + byte* contentType = NULL; int contentSz = 0, sigSz = 0, certSz = 0, signedAttribSz = 0; word32 localIdx, start; byte degenerate; @@ -1984,10 +2003,10 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, } /* Get the contentInfo contentType */ - if (wc_GetContentType(pkiMsg, &idx, &contentType, pkiMsgSz) < 0) + if (wc_GetContentType(pkiMsg, &idx, &outerContentType, pkiMsgSz) < 0) return ASN_PARSE_E; - if (contentType != SIGNED_DATA) { + if (outerContentType != SIGNED_DATA) { WOLFSSL_MSG("PKCS#7 input not of type SignedData"); return PKCS7_OID_E; } @@ -2028,12 +2047,16 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, return ASN_PARSE_E; /* Get the inner ContentInfo contentType */ - if (wc_GetContentType(pkiMsg, &idx, &contentType, pkiMsgSz) < 0) - return ASN_PARSE_E; + { + word32 localIdx = idx; - if (contentType != DATA) { - WOLFSSL_MSG("PKCS#7 inner input not of type Data"); - return PKCS7_OID_E; + if (GetASNObjectId(pkiMsg, &idx, &length, pkiMsgSz) != 0) + return ASN_PARSE_E; + + contentType = pkiMsg + localIdx; + contentTypeSz = length + (idx - localIdx); + + idx += length; } /* Check for content info, it could be omitted when degenerate */ @@ -2240,6 +2263,10 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, pkcs7->content = content; pkcs7->contentSz = contentSz; + /* set contentType and size after init of PKCS7 structure */ + if (wc_PKCS7_SetContentType(pkcs7, contentType, contentTypeSz) < 0) + return ASN_PARSE_E; + /* Get the implicit[1] set of crls */ if (pkiMsg2[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)) { idx++; @@ -3532,6 +3559,30 @@ static int wc_PKCS7_GenerateIV(PKCS7* pkcs7, WC_RNG* rng, byte* iv, word32 ivSz) } +/* Set custom contentType, currently supported with SignedData type + * + * pkcs7 - pointer to initialized PKCS7 structure + * contentType - pointer to array with ASN.1 encoded OID value + * sz - length of contentType array, octets + * + * return 0 on success, negative upon error */ +int wc_PKCS7_SetContentType(PKCS7* pkcs7, byte* contentType, word32 sz) +{ + if (pkcs7 == NULL || contentType == NULL || sz == 0) + return BAD_FUNC_ARG; + + if (sz > MAX_OID_SZ) { + WOLFSSL_MSG("input array too large, bounded by MAX_OID_SZ"); + return BAD_FUNC_ARG; + } + + XMEMCPY(pkcs7->contentType, contentType, sz); + pkcs7->contentTypeSz = sz; + + return 0; +} + + /* return size of padded data, padded to blockSz chunks, or negative on error */ int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz) { diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 879e6e848..ff72d3f27 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -19298,6 +19298,8 @@ typedef struct { PKCS7Attrib* signedAttribs; word32 signedAttribsSz; const char* outFileName; + byte* contentType; + word32 contentTypeSz; } pkcs7SignedVector; @@ -19348,6 +19350,11 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, sizeof(senderNonce) } }; + /* for testing custom contentType, FirmwarePkgData */ + byte customContentType[] = { 0x06, 0x0B, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x10, 0x01, 0x10 }; + const pkcs7SignedVector testVectors[] = { #ifndef NO_RSA @@ -19355,36 +19362,42 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, /* RSA with SHA */ {data, (word32)sizeof(data), SHAh, RSAk, rsaPrivKey, rsaPrivKeySz, rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA.der"}, + "pkcs7signedData_RSA_SHA.der", NULL, 0}, /* RSA with SHA, no signed attributes */ {data, (word32)sizeof(data), SHAh, RSAk, rsaPrivKey, rsaPrivKeySz, rsaCert, rsaCertSz, NULL, 0, - "pkcs7signedData_RSA_SHA_noattr.der"}, + "pkcs7signedData_RSA_SHA_noattr.der", NULL, 0}, #endif #ifdef WOLFSSL_SHA224 /* RSA with SHA224 */ {data, (word32)sizeof(data), SHA224h, RSAk, rsaPrivKey, rsaPrivKeySz, rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA224.der"}, + "pkcs7signedData_RSA_SHA224.der", NULL, 0}, #endif #ifndef NO_SHA256 /* RSA with SHA256 */ {data, (word32)sizeof(data), SHA256h, RSAk, rsaPrivKey, rsaPrivKeySz, rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA256.der"}, + "pkcs7signedData_RSA_SHA256.der", NULL, 0}, + + /* RSA with SHA256 and custom contentType */ + {data, (word32)sizeof(data), SHA256h, RSAk, rsaPrivKey, rsaPrivKeySz, + rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_RSA_SHA256_custom_contentType.der", customContentType, + sizeof(customContentType)}, #endif #if defined(WOLFSSL_SHA384) /* RSA with SHA384 */ {data, (word32)sizeof(data), SHA384h, RSAk, rsaPrivKey, rsaPrivKeySz, rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA384.der"}, + "pkcs7signedData_RSA_SHA384.der", NULL, 0}, #endif #if defined(WOLFSSL_SHA512) /* RSA with SHA512 */ {data, (word32)sizeof(data), SHA512h, RSAk, rsaPrivKey, rsaPrivKeySz, rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA512.der"}, + "pkcs7signedData_RSA_SHA512.der", NULL, 0}, #endif #endif /* NO_RSA */ @@ -19393,36 +19406,42 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, /* ECDSA with SHA */ {data, (word32)sizeof(data), SHAh, ECDSAk, eccPrivKey, eccPrivKeySz, eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_ECDSA_SHA.der"}, + "pkcs7signedData_ECDSA_SHA.der", NULL, 0}, /* ECDSA with SHA, no signed attributes */ {data, (word32)sizeof(data), SHAh, ECDSAk, eccPrivKey, eccPrivKeySz, eccCert, eccCertSz, NULL, 0, - "pkcs7signedData_ECDSA_SHA_noattr.der"}, + "pkcs7signedData_ECDSA_SHA_noattr.der", NULL, 0}, #endif #ifdef WOLFSSL_SHA224 /* ECDSA with SHA224 */ {data, (word32)sizeof(data), SHA224h, ECDSAk, eccPrivKey, eccPrivKeySz, eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_ECDSA_SHA224.der"}, + "pkcs7signedData_ECDSA_SHA224.der", NULL, 0}, #endif #ifndef NO_SHA256 /* ECDSA with SHA256 */ {data, (word32)sizeof(data), SHA256h, ECDSAk, eccPrivKey, eccPrivKeySz, eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_ECDSA_SHA256.der"}, + "pkcs7signedData_ECDSA_SHA256.der", NULL, 0}, + + /* ECDSA with SHA256 and custom contentType */ + {data, (word32)sizeof(data), SHA256h, ECDSAk, eccPrivKey, eccPrivKeySz, + eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_ECDSA_SHA256_custom_contentType.der", + customContentType, sizeof(customContentType)}, #endif #ifdef WOLFSSL_SHA384 /* ECDSA with SHA384 */ {data, (word32)sizeof(data), SHA384h, ECDSAk, eccPrivKey, eccPrivKeySz, eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_ECDSA_SHA384.der"}, + "pkcs7signedData_ECDSA_SHA384.der", NULL, 0}, #endif #ifdef WOLFSSL_SHA512 /* ECDSA with SHA512 */ {data, (word32)sizeof(data), SHA512h, ECDSAk, eccPrivKey, eccPrivKeySz, eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_ECDSA_SHA512.der"}, + "pkcs7signedData_ECDSA_SHA512.der", NULL, 0}, #endif #endif /* HAVE_ECC */ }; @@ -19476,6 +19495,17 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, pkcs7->signedAttribs = testVectors[i].signedAttribs; pkcs7->signedAttribsSz = testVectors[i].signedAttribsSz; + /* optional custom contentType, default is DATA */ + if (testVectors[i].contentType != NULL) { + ret = wc_PKCS7_SetContentType(pkcs7, testVectors[i].contentType, + testVectors[i].contentTypeSz); + if (ret != 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -9411; + } + } + /* generate senderNonce */ { senderNonce[0] = 0x04; @@ -19485,7 +19515,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, if (ret != 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(pkcs7); - return -9411; + return -9412; } } @@ -19508,7 +19538,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, if (ret != 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(pkcs7); - return -9412; + return -9413; } wc_ShaUpdate(&sha, pkcs7->publicKey, pkcs7->publicKeySz); wc_ShaFinal(&sha, digest); @@ -19518,7 +19548,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, if (ret != 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(pkcs7); - return -9413; + return -9414; } wc_Sha256Update(&sha, pkcs7->publicKey, pkcs7->publicKeySz); wc_Sha256Final(&sha, digest); @@ -19534,7 +19564,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, if (encodedSz < 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(pkcs7); - return -9414; + return -9415; } #ifdef PKCS7_OUTPUT_TEST_BUNDLES @@ -19543,14 +19573,14 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, if (!file) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(pkcs7); - return -9415; + return -9416; } ret = (int)fwrite(out, 1, encodedSz, file); fclose(file); if (ret != (int)encodedSz) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(pkcs7); - return -9416; + return -9417; } #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ @@ -19558,20 +19588,31 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID); if (pkcs7 == NULL) - return -9410; + return -9418; wc_PKCS7_InitWithCert(pkcs7, NULL, 0); ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz); if (ret < 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(pkcs7); - return -9417; + return -9419; } + /* verify contentType extracted successfully for custom content types */ + if (testVectors[i].contentTypeSz > 0) { + if (pkcs7->contentTypeSz != testVectors[i].contentTypeSz) { + return -9420; + } else if (XMEMCMP(pkcs7->contentType, testVectors[i].contentType, + pkcs7->contentTypeSz) != 0) { + return -9421; + } + } + + if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(pkcs7); - return -9418; + return -9422; } { @@ -19590,13 +19631,13 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, NULL, (word32*)&bufSz) != LENGTH_ONLY_E) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(pkcs7); - return -9419; + return -9423; } if (bufSz > (int)sizeof(buf)) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(pkcs7); - return -9420; + return -9424; } bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz, @@ -19605,7 +19646,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, (testVectors[i].signedAttribs == NULL && bufSz > 0)) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(pkcs7); - return -9421; + return -9425; } } @@ -19614,7 +19655,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, if (!file) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(pkcs7); - return -9422; + return -9426; } ret = (int)fwrite(pkcs7->singleCert, 1, pkcs7->singleCertSz, file); fclose(file); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 382698d75..4eeea1ceb 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -276,7 +276,7 @@ enum Misc_ASN { #endif /* Max total extensions, id + len + others */ #endif -#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) +#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7) MAX_OID_SZ = 32, /* Max DER length of OID*/ MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/ #endif @@ -285,7 +285,8 @@ enum Misc_ASN { MAX_KEYUSAGE_SZ = 18, /* Max encoded Key Usage length */ MAX_EXTKEYUSAGE_SZ = 12 + (6 * (8 + 2)) + CTC_MAX_EKU_OID_SZ, /* Max encoded ExtKeyUsage - (SEQ/LEN + OBJID + OCTSTR/LEN + SEQ + (6 * (SEQ + OID))) */ + (SEQ/LEN + OBJID + OCTSTR/LEN + SEQ + + (6 * (SEQ + OID))) */ MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */ MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ, #endif @@ -303,8 +304,8 @@ enum Misc_ASN { #endif TRAILING_ZERO = 1, /* Used for size of zero pad */ MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */ -#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) MAX_TIME_STRING_SZ = 25, /* Max length of formatted time string */ #endif @@ -1012,6 +1013,8 @@ WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, WOLFSSL_LOCAL int DecodeObjectId(const byte* in, word32 inSz, word16* out, word32* outSz); #endif +WOLFSSL_LOCAL int GetASNObjectId(const byte* input, word32* inOutIdx, int* len, + word32 maxIdx); WOLFSSL_LOCAL int GetObjectId(const byte* input, word32* inOutIdx, word32* oid, word32 oidType, word32 maxIdx); WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index 41a39e757..43f7a22ad 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -147,6 +147,9 @@ typedef struct PKCS7 { word16 isDynamic:1; word16 noDegenerate:1; /* allow degenerate case in verify function */ + byte contentType[MAX_OID_SZ]; /* custom contentType byte array */ + word32 contentTypeSz; /* size of contentType, bytes */ + /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */ } PKCS7; @@ -177,6 +180,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, byte* output, word32 outputSz); +WOLFSSL_API int wc_PKCS7_SetContentType(PKCS7* pkcs7, byte* contentType, + word32 sz); WOLFSSL_API int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz); WOLFSSL_API int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz, word32 blockSz);