forked from wolfSSL/wolfssl
add CMS AuthEnvelopedData content type support
This commit is contained in:
committed by
David Garske
parent
a4da14f4b0
commit
bc94cdc11b
12
.gitignore
vendored
12
.gitignore
vendored
@@ -101,6 +101,18 @@ ecc-key.pem
|
|||||||
certreq.der
|
certreq.der
|
||||||
certreq.pem
|
certreq.pem
|
||||||
pkcs7cert.der
|
pkcs7cert.der
|
||||||
|
pkcs7authEnvelopedDataAES128GCM.der
|
||||||
|
pkcs7authEnvelopedDataAES128GCM_ECDH_SHA1KDF.der
|
||||||
|
pkcs7authEnvelopedDataAES128GCM_KEKRI.der
|
||||||
|
pkcs7authEnvelopedDataAES128GCM_ORI.der
|
||||||
|
pkcs7authEnvelopedDataAES128GCM_PWRI.der
|
||||||
|
pkcs7authEnvelopedDataAES192GCM.der
|
||||||
|
pkcs7authEnvelopedDataAES256GCM.der
|
||||||
|
pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF.der
|
||||||
|
pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF.der
|
||||||
|
pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der
|
||||||
|
pkcs7authEnvelopedDataAES256GCM_IANDS.der
|
||||||
|
pkcs7authEnvelopedDataAES256GCM_SKID.der
|
||||||
pkcs7compressedData_data_zlib.der
|
pkcs7compressedData_data_zlib.der
|
||||||
pkcs7compressedData_firmwarePkgData_zlib.der
|
pkcs7compressedData_firmwarePkgData_zlib.der
|
||||||
pkcs7encryptedDataAES128CBC.der
|
pkcs7encryptedDataAES128CBC.der
|
||||||
|
12
Makefile.am
12
Makefile.am
@@ -39,6 +39,18 @@ CLEANFILES+= cert.der \
|
|||||||
othercert.der \
|
othercert.der \
|
||||||
othercert.pem \
|
othercert.pem \
|
||||||
pkcs7cert.der \
|
pkcs7cert.der \
|
||||||
|
pkcs7authEnvelopedDataAES128GCM.der \
|
||||||
|
pkcs7authEnvelopedDataAES128GCM_ECDH_SHA1KDF.der \
|
||||||
|
pkcs7authEnvelopedDataAES128GCM_KEKRI.der \
|
||||||
|
pkcs7authEnvelopedDataAES128GCM_ORI.der \
|
||||||
|
pkcs7authEnvelopedDataAES128GCM_PWRI.der \
|
||||||
|
pkcs7authEnvelopedDataAES192GCM.der \
|
||||||
|
pkcs7authEnvelopedDataAES256GCM.der \
|
||||||
|
pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF.der \
|
||||||
|
pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF.der \
|
||||||
|
pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der \
|
||||||
|
pkcs7authEnvelopedDataAES256GCM_IANDS.der \
|
||||||
|
pkcs7authEnvelopedDataAES256GCM_SKID.der \
|
||||||
pkcs7compressedData_data_zlib.der \
|
pkcs7compressedData_data_zlib.der \
|
||||||
pkcs7compressedData_firmwarePkgData_zlib.der \
|
pkcs7compressedData_firmwarePkgData_zlib.der \
|
||||||
pkcs7encryptedDataAES128CBC.der \
|
pkcs7encryptedDataAES128CBC.der \
|
||||||
|
@@ -1226,6 +1226,28 @@ static word32 SetBitString16Bit(word16 val, byte* output)
|
|||||||
static const byte blkAes256CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 42};
|
static const byte blkAes256CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 42};
|
||||||
#endif
|
#endif
|
||||||
#endif /* HAVE_AES_CBC */
|
#endif /* HAVE_AES_CBC */
|
||||||
|
#ifdef HAVE_AESGCM
|
||||||
|
#ifdef WOLFSSL_AES_128
|
||||||
|
static const byte blkAes128GcmOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 6};
|
||||||
|
#endif
|
||||||
|
#ifdef WOLFSSL_AES_192
|
||||||
|
static const byte blkAes192GcmOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 26};
|
||||||
|
#endif
|
||||||
|
#ifdef WOLFSSL_AES_256
|
||||||
|
static const byte blkAes256GcmOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 46};
|
||||||
|
#endif
|
||||||
|
#endif /* HAVE_AESGCM */
|
||||||
|
#ifdef HAVE_AESCCM
|
||||||
|
#ifdef WOLFSSL_AES_128
|
||||||
|
static const byte blkAes128CcmOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 7};
|
||||||
|
#endif
|
||||||
|
#ifdef WOLFSSL_AES_192
|
||||||
|
static const byte blkAes192CcmOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 27};
|
||||||
|
#endif
|
||||||
|
#ifdef WOLFSSL_AES_256
|
||||||
|
static const byte blkAes256CcmOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 47};
|
||||||
|
#endif
|
||||||
|
#endif /* HAVE_AESCCM */
|
||||||
|
|
||||||
#ifndef NO_DES3
|
#ifndef NO_DES3
|
||||||
static const byte blkDesCbcOid[] = {43, 14, 3, 2, 7};
|
static const byte blkDesCbcOid[] = {43, 14, 3, 2, 7};
|
||||||
@@ -1547,6 +1569,46 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
|
|||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#endif /* HAVE_AES_CBC */
|
#endif /* HAVE_AES_CBC */
|
||||||
|
#ifdef HAVE_AESGCM
|
||||||
|
#ifdef WOLFSSL_AES_128
|
||||||
|
case AES128GCMb:
|
||||||
|
oid = blkAes128GcmOid;
|
||||||
|
*oidSz = sizeof(blkAes128GcmOid);
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
#ifdef WOLFSSL_AES_192
|
||||||
|
case AES192GCMb:
|
||||||
|
oid = blkAes192GcmOid;
|
||||||
|
*oidSz = sizeof(blkAes192GcmOid);
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
#ifdef WOLFSSL_AES_256
|
||||||
|
case AES256GCMb:
|
||||||
|
oid = blkAes256GcmOid;
|
||||||
|
*oidSz = sizeof(blkAes256GcmOid);
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
#endif /* HAVE_AESGCM */
|
||||||
|
#ifdef HAVE_AESCCM
|
||||||
|
#ifdef WOLFSSL_AES_128
|
||||||
|
case AES128CCMb:
|
||||||
|
oid = blkAes128CcmOid;
|
||||||
|
*oidSz = sizeof(blkAes128CcmOid);
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
#ifdef WOLFSSL_AES_192
|
||||||
|
case AES192CCMb:
|
||||||
|
oid = blkAes192CcmOid;
|
||||||
|
*oidSz = sizeof(blkAes192CcmOid);
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
#ifdef WOLFSSL_AES_256
|
||||||
|
case AES256CCMb:
|
||||||
|
oid = blkAes256CcmOid;
|
||||||
|
*oidSz = sizeof(blkAes256CcmOid);
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
#endif /* HAVE_AESCCM */
|
||||||
#ifndef NO_DES3
|
#ifndef NO_DES3
|
||||||
case DESb:
|
case DESb:
|
||||||
oid = blkDesCbcOid;
|
oid = blkDesCbcOid;
|
||||||
|
File diff suppressed because it is too large
Load Diff
@@ -322,6 +322,7 @@ int scrypt_test(void);
|
|||||||
#endif
|
#endif
|
||||||
#ifdef HAVE_PKCS7
|
#ifdef HAVE_PKCS7
|
||||||
int pkcs7enveloped_test(void);
|
int pkcs7enveloped_test(void);
|
||||||
|
int pkcs7authenveloped_test(void);
|
||||||
int pkcs7signed_test(void);
|
int pkcs7signed_test(void);
|
||||||
#ifndef NO_PKCS7_ENCRYPTED_DATA
|
#ifndef NO_PKCS7_ENCRYPTED_DATA
|
||||||
int pkcs7encrypted_test(void);
|
int pkcs7encrypted_test(void);
|
||||||
@@ -956,6 +957,11 @@ initDefaultName();
|
|||||||
else
|
else
|
||||||
printf( "PKCS7enveloped test passed!\n");
|
printf( "PKCS7enveloped test passed!\n");
|
||||||
|
|
||||||
|
if ( (ret = pkcs7authenveloped_test()) != 0)
|
||||||
|
return err_sys("PKCS7authenveloped test failed!\n", ret);
|
||||||
|
else
|
||||||
|
printf( "PKCS7authenveloped test passed!\n");
|
||||||
|
|
||||||
if ( (ret = pkcs7signed_test()) != 0)
|
if ( (ret = pkcs7signed_test()) != 0)
|
||||||
return err_sys("PKCS7signed test failed!\n", ret);
|
return err_sys("PKCS7signed test failed!\n", ret);
|
||||||
else
|
else
|
||||||
@@ -19512,6 +19518,519 @@ int pkcs7enveloped_test(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
const byte* content;
|
||||||
|
word32 contentSz;
|
||||||
|
int contentOID;
|
||||||
|
int encryptOID;
|
||||||
|
int keyWrapOID;
|
||||||
|
int keyAgreeOID;
|
||||||
|
byte* cert;
|
||||||
|
size_t certSz;
|
||||||
|
byte* privateKey;
|
||||||
|
word32 privateKeySz;
|
||||||
|
PKCS7Attrib* signedAttribs;
|
||||||
|
word32 signedAttribsSz;
|
||||||
|
|
||||||
|
/* KARI / KTRI specific */
|
||||||
|
byte* optionalUkm;
|
||||||
|
word32 optionalUkmSz;
|
||||||
|
int ktriOptions; /* KTRI options flags */
|
||||||
|
int kariOptions; /* KARI options flags */
|
||||||
|
|
||||||
|
/* KEKRI specific */
|
||||||
|
byte* secretKey; /* key, only for kekri RecipientInfo types */
|
||||||
|
word32 secretKeySz; /* size of secretKey, bytes */
|
||||||
|
byte* secretKeyId; /* key identifier */
|
||||||
|
word32 secretKeyIdSz; /* size of key identifier, bytes */
|
||||||
|
void* timePtr; /* time_t pointer */
|
||||||
|
byte* otherAttrOID; /* OPTIONAL, other attribute OID */
|
||||||
|
word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */
|
||||||
|
byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */
|
||||||
|
word32 otherAttrSz; /* size of otherAttr, bytes */
|
||||||
|
int kekriOptions; /* KEKRI options flags */
|
||||||
|
|
||||||
|
/* PWRI specific */
|
||||||
|
char* password; /* password */
|
||||||
|
word32 passwordSz; /* password size, bytes */
|
||||||
|
byte* salt; /* KDF salt */
|
||||||
|
word32 saltSz; /* KDF salt size, bytes */
|
||||||
|
int kdfOID; /* KDF OID */
|
||||||
|
int hashOID; /* KDF hash algorithm OID */
|
||||||
|
int kdfIterations; /* KDF iterations */
|
||||||
|
int kekEncryptOID; /* KEK encryption algorithm OID */
|
||||||
|
int pwriOptions; /* PWRI options flags */
|
||||||
|
|
||||||
|
/* ORI specific */
|
||||||
|
int isOri;
|
||||||
|
int oriOptions; /* ORI options flags */
|
||||||
|
|
||||||
|
const char* outFileName;
|
||||||
|
} pkcs7AuthEnvelopedVector;
|
||||||
|
|
||||||
|
|
||||||
|
static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
|
||||||
|
byte* rsaPrivKey, word32 rsaPrivKeySz,
|
||||||
|
byte* eccCert, word32 eccCertSz,
|
||||||
|
byte* eccPrivKey, word32 eccPrivKeySz)
|
||||||
|
{
|
||||||
|
int ret, testSz, i;
|
||||||
|
int envelopedSz, decodedSz;
|
||||||
|
|
||||||
|
byte enveloped[2048];
|
||||||
|
byte decoded[2048];
|
||||||
|
PKCS7* pkcs7;
|
||||||
|
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
|
||||||
|
FILE* pkcs7File;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
const byte data[] = { /* Hello World */
|
||||||
|
0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
|
||||||
|
0x72,0x6c,0x64
|
||||||
|
};
|
||||||
|
|
||||||
|
#if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \
|
||||||
|
defined(WOLFSSL_SHA512)
|
||||||
|
byte optionalUkm[] = {
|
||||||
|
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
|
||||||
|
};
|
||||||
|
#endif /* NO_AES */
|
||||||
|
|
||||||
|
#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
|
||||||
|
/* encryption key for kekri recipient types */
|
||||||
|
byte secretKey[] = {
|
||||||
|
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
|
||||||
|
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
|
||||||
|
};
|
||||||
|
|
||||||
|
/* encryption key identifier */
|
||||||
|
byte secretKeyId[] = {
|
||||||
|
0x02,0x02,0x03,0x04
|
||||||
|
};
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if !defined(NO_PWDBASED)
|
||||||
|
char password[] = "password";
|
||||||
|
|
||||||
|
byte salt[] = {
|
||||||
|
0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12
|
||||||
|
};
|
||||||
|
#endif
|
||||||
|
|
||||||
|
const pkcs7AuthEnvelopedVector testVectors[] =
|
||||||
|
{
|
||||||
|
/* key transport key encryption technique */
|
||||||
|
#ifndef NO_RSA
|
||||||
|
#if !defined(NO_AES) && defined(HAVE_AESGCM)
|
||||||
|
#ifdef WOLFSSL_AES_128
|
||||||
|
{data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, rsaCert, rsaCertSz,
|
||||||
|
rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0,
|
||||||
|
NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||||
|
"pkcs7authEnvelopedDataAES128GCM.der"},
|
||||||
|
#endif
|
||||||
|
#ifdef WOLFSSL_AES_192
|
||||||
|
{data, (word32)sizeof(data), DATA, AES192GCMb, 0, 0, rsaCert, rsaCertSz,
|
||||||
|
rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0,
|
||||||
|
NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||||
|
"pkcs7authEnvelopedDataAES192GCM.der"},
|
||||||
|
#endif
|
||||||
|
#ifdef WOLFSSL_AES_256
|
||||||
|
{data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
|
||||||
|
rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0,
|
||||||
|
NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||||
|
"pkcs7authEnvelopedDataAES256GCM.der"},
|
||||||
|
|
||||||
|
/* explicitly using SKID for SubjectKeyIdentifier */
|
||||||
|
{data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
|
||||||
|
rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, CMS_SKID, 0, NULL, 0,
|
||||||
|
NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
|
||||||
|
0, 0, "pkcs7authEnvelopedDataAES256GCM_SKID.der"},
|
||||||
|
|
||||||
|
/* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */
|
||||||
|
{data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
|
||||||
|
rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0,
|
||||||
|
CMS_ISSUER_AND_SERIAL_NUMBER, 0, NULL, 0, NULL, 0, NULL, NULL, 0,
|
||||||
|
NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||||
|
"pkcs7authEnvelopedDataAES256GCM_IANDS.der"},
|
||||||
|
#endif
|
||||||
|
#endif /* NO_AES */
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* key agreement key encryption technique*/
|
||||||
|
#ifdef HAVE_ECC
|
||||||
|
#if !defined(NO_AES) && defined(HAVE_AESGCM)
|
||||||
|
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
|
||||||
|
{data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP,
|
||||||
|
dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey,
|
||||||
|
eccPrivKeySz, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
|
||||||
|
0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||||
|
"pkcs7authEnvelopedDataAES128GCM_ECDH_SHA1KDF.der"},
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
|
||||||
|
{data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
|
||||||
|
dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
|
||||||
|
eccPrivKeySz, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0,
|
||||||
|
NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||||
|
"pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF.der"},
|
||||||
|
#endif /* NO_SHA256 && WOLFSSL_AES_256 */
|
||||||
|
|
||||||
|
#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256)
|
||||||
|
{data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
|
||||||
|
dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
|
||||||
|
eccPrivKeySz, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0,
|
||||||
|
NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||||
|
"pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF.der"},
|
||||||
|
|
||||||
|
/* with optional user keying material (ukm) */
|
||||||
|
{data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
|
||||||
|
dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
|
||||||
|
eccPrivKeySz, NULL, 0, optionalUkm, sizeof(optionalUkm), 0, 0, NULL, 0,
|
||||||
|
NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
|
||||||
|
0, 0, "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der"},
|
||||||
|
#endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
|
||||||
|
#endif /* NO_AES */
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* kekri (KEKRecipientInfo) recipient types */
|
||||||
|
#if !defined(NO_AES) && defined(HAVE_AESGCM)
|
||||||
|
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
|
||||||
|
{data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, 0,
|
||||||
|
NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, secretKey, sizeof(secretKey),
|
||||||
|
secretKeyId, sizeof(secretKeyId), NULL, NULL, 0, NULL, 0,
|
||||||
|
0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||||
|
"pkcs7authEnvelopedDataAES128GCM_KEKRI.der"},
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* pwri (PasswordRecipientInfo) recipient types */
|
||||||
|
#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM)
|
||||||
|
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
|
||||||
|
{data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0,
|
||||||
|
NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
|
||||||
|
NULL, 0, NULL, NULL, 0, NULL, 0, 0, password,
|
||||||
|
(word32)XSTRLEN(password), salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5,
|
||||||
|
AES128CBCb, 0, 0, 0, "pkcs7authEnvelopedDataAES128GCM_PWRI.der"},
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if !defined(NO_AES) && defined(HAVE_AESGCM)
|
||||||
|
#ifdef WOLFSSL_AES_128
|
||||||
|
/* ori (OtherRecipientInfo) recipient types */
|
||||||
|
{data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, NULL, 0, NULL, 0,
|
||||||
|
NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0,
|
||||||
|
NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 1, 0,
|
||||||
|
"pkcs7authEnvelopedDataAES128GCM_ORI.der"},
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
|
};
|
||||||
|
|
||||||
|
testSz = sizeof(testVectors) / sizeof(pkcs7AuthEnvelopedVector);
|
||||||
|
|
||||||
|
for (i = 0; i < testSz; i++) {
|
||||||
|
pkcs7 = wc_PKCS7_New(HEAP_HINT,
|
||||||
|
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||||
|
INVALID_DEVID /* async PKCS7 is not supported */
|
||||||
|
#else
|
||||||
|
devId
|
||||||
|
#endif
|
||||||
|
);
|
||||||
|
if (pkcs7 == NULL)
|
||||||
|
return -9214;
|
||||||
|
|
||||||
|
if (testVectors[i].secretKey != NULL) {
|
||||||
|
/* KEKRI recipient type */
|
||||||
|
|
||||||
|
ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
|
||||||
|
if (ret != 0) {
|
||||||
|
return -9215;
|
||||||
|
}
|
||||||
|
|
||||||
|
pkcs7->content = (byte*)testVectors[i].content;
|
||||||
|
pkcs7->contentSz = testVectors[i].contentSz;
|
||||||
|
pkcs7->contentOID = testVectors[i].contentOID;
|
||||||
|
pkcs7->encryptOID = testVectors[i].encryptOID;
|
||||||
|
pkcs7->ukm = testVectors[i].optionalUkm;
|
||||||
|
pkcs7->ukmSz = testVectors[i].optionalUkmSz;
|
||||||
|
|
||||||
|
ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID,
|
||||||
|
testVectors[i].secretKey, testVectors[i].secretKeySz,
|
||||||
|
testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz,
|
||||||
|
testVectors[i].timePtr, testVectors[i].otherAttrOID,
|
||||||
|
testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr,
|
||||||
|
testVectors[i].otherAttrSz, testVectors[i].kekriOptions);
|
||||||
|
|
||||||
|
if (ret < 0) {
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
return -9216;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* set key, for decryption */
|
||||||
|
ret = wc_PKCS7_SetKey(pkcs7, testVectors[i].secretKey,
|
||||||
|
testVectors[i].secretKeySz);
|
||||||
|
|
||||||
|
if (ret != 0) {
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
return -9217;
|
||||||
|
}
|
||||||
|
|
||||||
|
} else if (testVectors[i].password != NULL) {
|
||||||
|
/* PWRI recipient type */
|
||||||
|
|
||||||
|
ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
|
||||||
|
if (ret != 0) {
|
||||||
|
return -9218;
|
||||||
|
}
|
||||||
|
|
||||||
|
pkcs7->content = (byte*)testVectors[i].content;
|
||||||
|
pkcs7->contentSz = testVectors[i].contentSz;
|
||||||
|
pkcs7->contentOID = testVectors[i].contentOID;
|
||||||
|
pkcs7->encryptOID = testVectors[i].encryptOID;
|
||||||
|
pkcs7->ukm = testVectors[i].optionalUkm;
|
||||||
|
pkcs7->ukmSz = testVectors[i].optionalUkmSz;
|
||||||
|
|
||||||
|
ret = wc_PKCS7_AddRecipient_PWRI(pkcs7,
|
||||||
|
(byte*)testVectors[i].password,
|
||||||
|
testVectors[i].passwordSz, testVectors[i].salt,
|
||||||
|
testVectors[i].saltSz, testVectors[i].kdfOID,
|
||||||
|
testVectors[i].hashOID, testVectors[i].kdfIterations,
|
||||||
|
testVectors[i].kekEncryptOID, testVectors[i].pwriOptions);
|
||||||
|
|
||||||
|
if (ret < 0) {
|
||||||
|
printf("CHRIS: ret = %d\n", ret);
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
return -9219;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* set password, for decryption */
|
||||||
|
ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password,
|
||||||
|
testVectors[i].passwordSz);
|
||||||
|
|
||||||
|
if (ret < 0) {
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
return -9220;
|
||||||
|
}
|
||||||
|
|
||||||
|
} else if (testVectors[i].isOri == 1) {
|
||||||
|
/* ORI recipient type */
|
||||||
|
|
||||||
|
ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
|
||||||
|
if (ret != 0) {
|
||||||
|
return -9221;
|
||||||
|
}
|
||||||
|
|
||||||
|
pkcs7->content = (byte*)testVectors[i].content;
|
||||||
|
pkcs7->contentSz = testVectors[i].contentSz;
|
||||||
|
pkcs7->contentOID = testVectors[i].contentOID;
|
||||||
|
pkcs7->encryptOID = testVectors[i].encryptOID;
|
||||||
|
|
||||||
|
ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb,
|
||||||
|
testVectors[i].oriOptions);
|
||||||
|
|
||||||
|
if (ret < 0) {
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
return -9222;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* set decrypt callback for decryption */
|
||||||
|
ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb);
|
||||||
|
|
||||||
|
if (ret < 0) {
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
return -9223;
|
||||||
|
}
|
||||||
|
|
||||||
|
} else {
|
||||||
|
/* KTRI or KARI recipient types */
|
||||||
|
|
||||||
|
ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
|
||||||
|
(word32)testVectors[i].certSz);
|
||||||
|
if (ret != 0) {
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
return -9224;
|
||||||
|
}
|
||||||
|
|
||||||
|
pkcs7->keyWrapOID = testVectors[i].keyWrapOID;
|
||||||
|
pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID;
|
||||||
|
pkcs7->privateKey = testVectors[i].privateKey;
|
||||||
|
pkcs7->privateKeySz = testVectors[i].privateKeySz;
|
||||||
|
pkcs7->content = (byte*)testVectors[i].content;
|
||||||
|
pkcs7->contentSz = testVectors[i].contentSz;
|
||||||
|
pkcs7->contentOID = testVectors[i].contentOID;
|
||||||
|
pkcs7->encryptOID = testVectors[i].encryptOID;
|
||||||
|
pkcs7->ukm = testVectors[i].optionalUkm;
|
||||||
|
pkcs7->ukmSz = testVectors[i].optionalUkmSz;
|
||||||
|
|
||||||
|
/* set SubjectIdentifier type for KTRI types */
|
||||||
|
if (testVectors[i].ktriOptions & CMS_SKID) {
|
||||||
|
|
||||||
|
ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
|
||||||
|
if (ret != 0) {
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
return -9225;
|
||||||
|
}
|
||||||
|
} else if (testVectors[i].ktriOptions &
|
||||||
|
CMS_ISSUER_AND_SERIAL_NUMBER) {
|
||||||
|
|
||||||
|
ret = wc_PKCS7_SetSignerIdentifierType(pkcs7,
|
||||||
|
CMS_ISSUER_AND_SERIAL_NUMBER);
|
||||||
|
if (ret != 0) {
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
return -9225;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* encode envelopedData */
|
||||||
|
envelopedSz = wc_PKCS7_EncodeAuthEnvelopedData(pkcs7, enveloped,
|
||||||
|
sizeof(enveloped));
|
||||||
|
if (envelopedSz <= 0) {
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
return -9226;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* decode envelopedData */
|
||||||
|
decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7, enveloped,
|
||||||
|
envelopedSz, decoded,
|
||||||
|
sizeof(decoded));
|
||||||
|
if (decodedSz <= 0) {
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
return -9226;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* test decode result */
|
||||||
|
if (XMEMCMP(decoded, data, sizeof(data)) != 0){
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
return -9227;
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
|
||||||
|
/* output pkcs7 envelopedData for external testing */
|
||||||
|
pkcs7File = fopen(testVectors[i].outFileName, "wb");
|
||||||
|
if (!pkcs7File) {
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
return -9228;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = (int)fwrite(enveloped, 1, envelopedSz, pkcs7File);
|
||||||
|
fclose(pkcs7File);
|
||||||
|
if (ret != envelopedSz) {
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
return -9229;
|
||||||
|
}
|
||||||
|
#endif /* PKCS7_OUTPUT_TEST_BUNDLES */
|
||||||
|
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
pkcs7 = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
#if !defined(HAVE_ECC) || defined(NO_AES)
|
||||||
|
(void)eccCert;
|
||||||
|
(void)eccCertSz;
|
||||||
|
(void)eccPrivKey;
|
||||||
|
(void)eccPrivKeySz;
|
||||||
|
(void)secretKey;
|
||||||
|
(void)secretKeyId;
|
||||||
|
#endif
|
||||||
|
#ifdef NO_RSA
|
||||||
|
(void)rsaCert;
|
||||||
|
(void)rsaCertSz;
|
||||||
|
(void)rsaPrivKey;
|
||||||
|
(void)rsaPrivKeySz;
|
||||||
|
#endif
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int pkcs7authenveloped_test(void)
|
||||||
|
{
|
||||||
|
int ret = 0;
|
||||||
|
|
||||||
|
byte* rsaCert = NULL;
|
||||||
|
byte* rsaPrivKey = NULL;
|
||||||
|
word32 rsaCertSz = 0;
|
||||||
|
word32 rsaPrivKeySz = 0;
|
||||||
|
|
||||||
|
byte* eccCert = NULL;
|
||||||
|
byte* eccPrivKey = NULL;
|
||||||
|
word32 eccCertSz = 0;
|
||||||
|
word32 eccPrivKeySz = 0;
|
||||||
|
|
||||||
|
#ifndef NO_RSA
|
||||||
|
/* read client RSA cert and key in DER format */
|
||||||
|
rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
if (rsaCert == NULL)
|
||||||
|
return -9300;
|
||||||
|
|
||||||
|
rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
if (rsaPrivKey == NULL) {
|
||||||
|
XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
return -9301;
|
||||||
|
}
|
||||||
|
|
||||||
|
rsaCertSz = FOURK_BUF;
|
||||||
|
rsaPrivKeySz = FOURK_BUF;
|
||||||
|
#endif /* NO_RSA */
|
||||||
|
|
||||||
|
#ifdef HAVE_ECC
|
||||||
|
/* read client ECC cert and key in DER format */
|
||||||
|
eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
if (eccCert == NULL) {
|
||||||
|
#ifndef NO_RSA
|
||||||
|
XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
#endif
|
||||||
|
return -9302;
|
||||||
|
}
|
||||||
|
|
||||||
|
eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
if (eccPrivKey == NULL) {
|
||||||
|
#ifndef NO_RSA
|
||||||
|
XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
#endif
|
||||||
|
XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
return -9303;
|
||||||
|
}
|
||||||
|
|
||||||
|
eccCertSz = FOURK_BUF;
|
||||||
|
eccPrivKeySz = FOURK_BUF;
|
||||||
|
#endif /* HAVE_ECC */
|
||||||
|
|
||||||
|
ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey,
|
||||||
|
&rsaPrivKeySz, NULL, NULL, NULL, NULL,
|
||||||
|
NULL, NULL, NULL, NULL, eccCert, &eccCertSz,
|
||||||
|
eccPrivKey, &eccPrivKeySz);
|
||||||
|
if (ret < 0) {
|
||||||
|
#ifndef NO_RSA
|
||||||
|
XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
#endif
|
||||||
|
#ifdef HAVE_ECC
|
||||||
|
XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
#endif
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = pkcs7authenveloped_run_vectors(rsaCert, (word32)rsaCertSz,
|
||||||
|
rsaPrivKey, (word32)rsaPrivKeySz,
|
||||||
|
eccCert, (word32)eccCertSz,
|
||||||
|
eccPrivKey, (word32)eccPrivKeySz);
|
||||||
|
|
||||||
|
#ifndef NO_RSA
|
||||||
|
XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
#endif
|
||||||
|
#ifdef HAVE_ECC
|
||||||
|
XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
#ifndef NO_PKCS7_ENCRYPTED_DATA
|
#ifndef NO_PKCS7_ENCRYPTED_DATA
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
@@ -20119,9 +20638,9 @@ static int pkcs7signed_run_vectors(
|
|||||||
pkcs7->rng = &rng;
|
pkcs7->rng = &rng;
|
||||||
pkcs7->content = (byte*)testVectors[i].content;
|
pkcs7->content = (byte*)testVectors[i].content;
|
||||||
pkcs7->contentSz = testVectors[i].contentSz;
|
pkcs7->contentSz = testVectors[i].contentSz;
|
||||||
|
pkcs7->contentOID = testVectors[i].contentOID;
|
||||||
pkcs7->hashOID = testVectors[i].hashOID;
|
pkcs7->hashOID = testVectors[i].hashOID;
|
||||||
pkcs7->encryptOID = testVectors[i].encryptOID;
|
pkcs7->encryptOID = testVectors[i].encryptOID;
|
||||||
pkcs7->contentOID = testVectors[i].contentOID;
|
|
||||||
pkcs7->privateKey = testVectors[i].privateKey;
|
pkcs7->privateKey = testVectors[i].privateKey;
|
||||||
pkcs7->privateKeySz = testVectors[i].privateKeySz;
|
pkcs7->privateKeySz = testVectors[i].privateKeySz;
|
||||||
pkcs7->signedAttribs = testVectors[i].signedAttribs;
|
pkcs7->signedAttribs = testVectors[i].signedAttribs;
|
||||||
@@ -20252,7 +20771,6 @@ static int pkcs7signed_run_vectors(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) {
|
if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) {
|
||||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
wc_PKCS7_Free(pkcs7);
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
@@ -353,12 +353,18 @@ enum Hash_Sum {
|
|||||||
enum Block_Sum {
|
enum Block_Sum {
|
||||||
#ifdef WOLFSSL_AES_128
|
#ifdef WOLFSSL_AES_128
|
||||||
AES128CBCb = 414,
|
AES128CBCb = 414,
|
||||||
|
AES128GCMb = 418,
|
||||||
|
AES128CCMb = 419,
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_AES_192
|
#ifdef WOLFSSL_AES_192
|
||||||
AES192CBCb = 434,
|
AES192CBCb = 434,
|
||||||
|
AES192GCMb = 438,
|
||||||
|
AES192CCMb = 439,
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_AES_256
|
#ifdef WOLFSSL_AES_256
|
||||||
AES256CBCb = 454,
|
AES256CBCb = 454,
|
||||||
|
AES256GCMb = 458,
|
||||||
|
AES256CCMb = 459,
|
||||||
#endif
|
#endif
|
||||||
#ifndef NO_DES3
|
#ifndef NO_DES3
|
||||||
DESb = 69,
|
DESb = 69,
|
||||||
|
@@ -70,7 +70,8 @@ enum PKCS7_TYPES {
|
|||||||
#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
|
#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
|
||||||
COMPRESSED_DATA = 678, /* 1.2.840.113549.1.9.16.1.9, RFC 3274 */
|
COMPRESSED_DATA = 678, /* 1.2.840.113549.1.9.16.1.9, RFC 3274 */
|
||||||
#endif
|
#endif
|
||||||
FIRMWARE_PKG_DATA = 685 /* 1.2.840.113549.1.9.16.1.16, RFC 4108 */
|
FIRMWARE_PKG_DATA = 685, /* 1.2.840.113549.1.9.16.1.16, RFC 4108 */
|
||||||
|
AUTH_ENVELOPED_DATA = 692 /* 1.2.840.113549.1.9.16.1.23, RFC 5083 */
|
||||||
};
|
};
|
||||||
|
|
||||||
enum Pkcs7_Misc {
|
enum Pkcs7_Misc {
|
||||||
@@ -197,6 +198,7 @@ typedef struct PKCS7 {
|
|||||||
word32 cekSz; /* size of cek, bytes */
|
word32 cekSz; /* size of cek, bytes */
|
||||||
byte* pass; /* password, for PWRI decryption */
|
byte* pass; /* password, for PWRI decryption */
|
||||||
word32 passSz; /* size of pass, bytes */
|
word32 passSz; /* size of pass, bytes */
|
||||||
|
int kekEncryptOID; /* KEK encryption algorithm OID */
|
||||||
|
|
||||||
CallbackOriEncrypt oriEncryptCb; /* ORI encrypt callback */
|
CallbackOriEncrypt oriEncryptCb; /* ORI encrypt callback */
|
||||||
CallbackOriDecrypt oriDecryptCb; /* ORI decrypt callback */
|
CallbackOriDecrypt oriDecryptCb; /* ORI decrypt callback */
|
||||||
@@ -240,7 +242,7 @@ WOLFSSL_API int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
|
|||||||
word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot,
|
word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot,
|
||||||
word32 pkiMsgFootSz);
|
word32 pkiMsgFootSz);
|
||||||
|
|
||||||
/* CMS/PKCS#7 EnvelopedData */
|
/* EnvelopedData and AuthEnvelopedData RecipientInfo functions */
|
||||||
WOLFSSL_API int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert,
|
WOLFSSL_API int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert,
|
||||||
word32 certSz, int options);
|
word32 certSz, int options);
|
||||||
WOLFSSL_API int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert,
|
WOLFSSL_API int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert,
|
||||||
@@ -261,19 +263,27 @@ WOLFSSL_API int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd,
|
|||||||
word32 pLen, byte* salt,
|
word32 pLen, byte* salt,
|
||||||
word32 saltSz, int kdfOID,
|
word32 saltSz, int kdfOID,
|
||||||
int prfOID, int iterations,
|
int prfOID, int iterations,
|
||||||
int encryptOID, int options);
|
int kekEncryptOID, int options);
|
||||||
WOLFSSL_API int wc_PKCS7_SetOriEncryptCtx(PKCS7* pkcs7, void* ctx);
|
WOLFSSL_API int wc_PKCS7_SetOriEncryptCtx(PKCS7* pkcs7, void* ctx);
|
||||||
WOLFSSL_API int wc_PKCS7_SetOriDecryptCtx(PKCS7* pkcs7, void* ctx);
|
WOLFSSL_API int wc_PKCS7_SetOriDecryptCtx(PKCS7* pkcs7, void* ctx);
|
||||||
WOLFSSL_API int wc_PKCS7_SetOriDecryptCb(PKCS7* pkcs7, CallbackOriDecrypt cb);
|
WOLFSSL_API int wc_PKCS7_SetOriDecryptCb(PKCS7* pkcs7, CallbackOriDecrypt cb);
|
||||||
WOLFSSL_API int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt cb,
|
WOLFSSL_API int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt cb,
|
||||||
int options);
|
int options);
|
||||||
|
|
||||||
|
/* CMS/PKCS#7 EnvelopedData */
|
||||||
WOLFSSL_API int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
|
WOLFSSL_API int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
|
||||||
byte* output, word32 outputSz);
|
byte* output, word32 outputSz);
|
||||||
WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
|
WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
|
||||||
word32 pkiMsgSz, byte* output,
|
word32 pkiMsgSz, byte* output,
|
||||||
word32 outputSz);
|
word32 outputSz);
|
||||||
|
|
||||||
|
/* CMS/PKCS#7 AuthEnvelopedData */
|
||||||
|
WOLFSSL_API int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7,
|
||||||
|
byte* output, word32 outputSz);
|
||||||
|
WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
|
||||||
|
word32 pkiMsgSz, byte* output,
|
||||||
|
word32 outputSz);
|
||||||
|
|
||||||
/* CMS/PKCS#7 EncryptedData */
|
/* CMS/PKCS#7 EncryptedData */
|
||||||
#ifndef NO_PKCS7_ENCRYPTED_DATA
|
#ifndef NO_PKCS7_ENCRYPTED_DATA
|
||||||
WOLFSSL_API int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7,
|
WOLFSSL_API int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7,
|
||||||
|
Reference in New Issue
Block a user