From cc05c4631809ab4b5b6f518f9f87badd39f2c9c9 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Tue, 9 Oct 2018 10:23:47 -0600
Subject: [PATCH] add single-shot API for generating CMS Signed FirmwarePkgData

---
 wolfcrypt/src/pkcs7.c     | 15 +++++++++++++++
 wolfssl/wolfcrypt/pkcs7.h | 17 +++++++++++------
 2 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index ea8b76828..b1ea4c831 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -1873,6 +1873,21 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 }
 
 
+/* build PKCS#7 signedData content type with inner type set to FirmwarePkgData,
+   return size of generated bundle on success, negative upon error */
+int wc_PKCS7_EncodeSignedFirmwarePkgData(PKCS7* pkcs7, byte* output,
+                                         word32 outputSz)
+{
+    if (pkcs7 == NULL || output == NULL || outputSz == 0)
+        return BAD_FUNC_ARG;
+
+    /* force content type to FirmwarePkgData */
+    pkcs7->contentOID = FIRMWARE_PKG_DATA;
+
+    return wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz);
+}
+
+
 #ifndef NO_RSA
 
 /* returns size of signature put into out, negative on error */
diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h
index 8999c4455..f7cfde6be 100644
--- a/wolfssl/wolfcrypt/pkcs7.h
+++ b/wolfssl/wolfcrypt/pkcs7.h
@@ -263,16 +263,21 @@ WOLFSSL_API int  wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output,
 
 /* CMS/PKCS#7 SignedData */
 WOLFSSL_API int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
-                                       byte* output, word32 outputSz);
+                                          byte* output, word32 outputSz);
 WOLFSSL_API int  wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf, 
-    word32 hashSz, byte* outputHead, word32* outputHeadSz, byte* outputFoot, 
-    word32* outputFootSz);
+                                          word32 hashSz, byte* outputHead,
+                                          word32* outputHeadSz,
+                                          byte* outputFoot,
+                                          word32* outputFootSz);
+WOLFSSL_API int  wc_PKCS7_EncodeSignedFirmwarePkgData(PKCS7* pkcs7,
+                                          byte* output, word32 outputSz);
 WOLFSSL_API void wc_PKCS7_AllowDegenerate(PKCS7* pkcs7, word16 flag);
 WOLFSSL_API int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
-                                       byte* pkiMsg, word32 pkiMsgSz);
+                                          byte* pkiMsg, word32 pkiMsgSz);
 WOLFSSL_API int  wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf, 
-    word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot, 
-    word32 pkiMsgFootSz);
+                                          word32 hashSz, byte* pkiMsgHead,
+                                          word32 pkiMsgHeadSz, byte* pkiMsgFoot,
+                                          word32 pkiMsgFootSz);
 
 /* EnvelopedData and AuthEnvelopedData RecipientInfo functions */
 WOLFSSL_API int  wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert,