feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #1651 from dgarske/pkcs7_dynamic

Browse Source 
Added PKCS7 dynamic allocation support
This commit is contained in:
toddouska
2018-07-02 16:26:03 -07:00
committed by GitHub
parent fbd5a4f67f 2bd4fb110c
commit f809a6a17b
4 changed files with 399 additions and 305 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
tests/api.c
View File

@@ -14185,6 +14185,25 @@ static int test_wc_ecc_is_valid_idx (void)
} /* END test_wc_ecc_is_valid_idx */ } /* END test_wc_ecc_is_valid_idx */
/*
* Testing wc_PKCS7_New()
*/
static void test_wc_PKCS7_New (void)
{
#if defined(HAVE_PKCS7)
PKCS7* pkcs7;
void* heap = NULL;
printf(testingFmt, "wc_PKCS7_New()");
pkcs7 = wc_PKCS7_New(heap, devId);
AssertNotNull(pkcs7);
printf(resultFmt, passed);
wc_PKCS7_Free(pkcs7);
#endif
} /* END test-wc_PKCS7_New */
/* /*
* Testing wc_PKCS7_Init() * Testing wc_PKCS7_Init()
*/ */
@@ -14259,6 +14278,7 @@ static void test_wc_PKCS7_InitWithCert (void)
#endif #endif
printf(testingFmt, "wc_PKCS7_InitWithCert()"); printf(testingFmt, "wc_PKCS7_InitWithCert()");
/* If initialization is not successful, it's free'd in init func. */ /* If initialization is not successful, it's free'd in init func. */
pkcs7.isDynamic = 0;
AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, (byte*)cert, (word32)certSz), 0); AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, (byte*)cert, (word32)certSz), 0);
wc_PKCS7_Free(&pkcs7); wc_PKCS7_Free(&pkcs7);
@@ -14356,6 +14376,8 @@ static void test_wc_PKCS7_EncodeData (void)
XMEMSET(output, 0, sizeof(output)); XMEMSET(output, 0, sizeof(output));
AssertIntEQ(wc_PKCS7_Init(&pkcs7, HEAP_HINT, INVALID_DEVID), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, (byte*)cert, certSz), 0); AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, (byte*)cert, certSz), 0);
printf(testingFmt, "wc_PKCS7_EncodeData()"); printf(testingFmt, "wc_PKCS7_EncodeData()");
@@ -14461,6 +14483,8 @@ static void test_wc_PKCS7_EncodeSignedData (void)
XMEMSET(output, 0, outputSz); XMEMSET(output, 0, outputSz);
AssertIntEQ(wc_InitRng(&rng), 0); AssertIntEQ(wc_InitRng(&rng), 0);
AssertIntEQ(wc_PKCS7_Init(&pkcs7, HEAP_HINT, INVALID_DEVID), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, cert, certSz), 0); AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, cert, certSz), 0);
printf(testingFmt, "wc_PKCS7_EncodeSignedData()"); printf(testingFmt, "wc_PKCS7_EncodeSignedData()");
@@ -14472,7 +14496,6 @@ static void test_wc_PKCS7_EncodeSignedData (void)
pkcs7.encryptOID = RSAk; pkcs7.encryptOID = RSAk;
pkcs7.hashOID = SHAh; pkcs7.hashOID = SHAh;
pkcs7.rng = &rng; pkcs7.rng = &rng;
pkcs7.devId = INVALID_DEVID;
AssertIntGT(wc_PKCS7_EncodeSignedData(&pkcs7, output, outputSz), 0); AssertIntGT(wc_PKCS7_EncodeSignedData(&pkcs7, output, outputSz), 0);
@@ -14576,6 +14599,8 @@ static void test_wc_PKCS7_VerifySignedData(void)
XMEMSET(output, 0, outputSz); XMEMSET(output, 0, outputSz);
AssertIntEQ(wc_InitRng(&rng), 0); AssertIntEQ(wc_InitRng(&rng), 0);
AssertIntEQ(wc_PKCS7_Init(&pkcs7, HEAP_HINT, INVALID_DEVID), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, cert, certSz), 0); AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, cert, certSz), 0);
printf(testingFmt, "wc_PKCS7_VerifySignedData()"); printf(testingFmt, "wc_PKCS7_VerifySignedData()");
@@ -20176,6 +20201,7 @@ void ApiTest(void)
AssertIntEQ(test_wc_ecc_mulmod(), 0); AssertIntEQ(test_wc_ecc_mulmod(), 0);
AssertIntEQ(test_wc_ecc_is_valid_idx(), 0); AssertIntEQ(test_wc_ecc_is_valid_idx(), 0);
test_wc_PKCS7_New();
test_wc_PKCS7_Init(); test_wc_PKCS7_Init();
test_wc_PKCS7_InitWithCert(); test_wc_PKCS7_InitWithCert();
test_wc_PKCS7_EncodeData(); test_wc_PKCS7_EncodeData();

385
wolfcrypt/src/pkcs7.c
View File

File diff suppressed because it is too large Load Diff

194
wolfcrypt/test/test.c
View File

@@ -18054,7 +18054,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
byte enveloped[2048]; byte enveloped[2048];
byte decoded[2048]; byte decoded[2048];
PKCS7 pkcs7; PKCS7* pkcs7;
#ifdef PKCS7_OUTPUT_TEST_BUNDLES #ifdef PKCS7_OUTPUT_TEST_BUNDLES
FILE* pkcs7File; FILE* pkcs7File;
#endif #endif
@@ -18132,64 +18132,75 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
testSz = sizeof(testVectors) / sizeof(pkcs7EnvelopedVector); testSz = sizeof(testVectors) / sizeof(pkcs7EnvelopedVector);
for (i = 0; i < testSz; i++) { for (i = 0; i < testSz; i++) {
ret = wc_PKCS7_Init(&pkcs7, HEAP_HINT, pkcs7 = wc_PKCS7_New(HEAP_HINT,
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
INVALID_DEVID /* async PKCS7 is not supported */ INVALID_DEVID /* async PKCS7 is not supported */
#else #else
devId devId
#endif #endif
); );
if (ret != 0) if (pkcs7 == NULL)
return -9214; return -9214;
ret = wc_PKCS7_InitWithCert(&pkcs7, testVectors[i].cert, ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
(word32)testVectors[i].certSz); (word32)testVectors[i].certSz);
if (ret != 0) if (ret != 0) {
wc_PKCS7_Free(pkcs7);
return -9215; return -9215;
}
pkcs7.content = (byte*)testVectors[i].content; pkcs7->content = (byte*)testVectors[i].content;
pkcs7.contentSz = testVectors[i].contentSz; pkcs7->contentSz = testVectors[i].contentSz;
pkcs7.contentOID = testVectors[i].contentOID; pkcs7->contentOID = testVectors[i].contentOID;
pkcs7.encryptOID = testVectors[i].encryptOID; pkcs7->encryptOID = testVectors[i].encryptOID;
pkcs7.keyWrapOID = testVectors[i].keyWrapOID; pkcs7->keyWrapOID = testVectors[i].keyWrapOID;
pkcs7.keyAgreeOID = testVectors[i].keyAgreeOID; pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID;
pkcs7.privateKey = testVectors[i].privateKey; pkcs7->privateKey = testVectors[i].privateKey;
pkcs7.privateKeySz = testVectors[i].privateKeySz; pkcs7->privateKeySz = testVectors[i].privateKeySz;
pkcs7.ukm = testVectors[i].optionalUkm; pkcs7->ukm = testVectors[i].optionalUkm;
pkcs7.ukmSz = testVectors[i].optionalUkmSz; pkcs7->ukmSz = testVectors[i].optionalUkmSz;
/* encode envelopedData */ /* encode envelopedData */
envelopedSz = wc_PKCS7_EncodeEnvelopedData(&pkcs7, enveloped, envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, enveloped,
sizeof(enveloped)); sizeof(enveloped));
if (envelopedSz <= 0) { if (envelopedSz <= 0) {
printf("DEBUG: i = %d, envelopedSz = %d\n", i, envelopedSz); printf("DEBUG: i = %d, envelopedSz = %d\n", i, envelopedSz);
wc_PKCS7_Free(pkcs7);
return -9216; return -9216;
} }
/* decode envelopedData */ /* decode envelopedData */
decodedSz = wc_PKCS7_DecodeEnvelopedData(&pkcs7, enveloped, envelopedSz, decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped, envelopedSz,
decoded, sizeof(decoded)); decoded, sizeof(decoded));
if (decodedSz <= 0) if (decodedSz <= 0) {
wc_PKCS7_Free(pkcs7);
return -9217; return -9217;
}
/* test decode result */ /* test decode result */
if (XMEMCMP(decoded, data, sizeof(data)) != 0) if (XMEMCMP(decoded, data, sizeof(data)) != 0){
wc_PKCS7_Free(pkcs7);
return -9218; return -9218;
}
#ifdef PKCS7_OUTPUT_TEST_BUNDLES #ifdef PKCS7_OUTPUT_TEST_BUNDLES
/* output pkcs7 envelopedData for external testing */ /* output pkcs7 envelopedData for external testing */
pkcs7File = fopen(testVectors[i].outFileName, "wb"); pkcs7File = fopen(testVectors[i].outFileName, "wb");
if (!pkcs7File) if (!pkcs7File) {
wc_PKCS7_Free(pkcs7);
return -9219; return -9219;
}
ret = (int)fwrite(enveloped, 1, envelopedSz, pkcs7File); ret = (int)fwrite(enveloped, 1, envelopedSz, pkcs7File);
fclose(pkcs7File); fclose(pkcs7File);
if (ret != envelopedSz) { if (ret != envelopedSz) {
wc_PKCS7_Free(pkcs7);
return -9220; return -9220;
} }
#endif /* PKCS7_OUTPUT_TEST_BUNDLES */ #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
wc_PKCS7_Free(&pkcs7); wc_PKCS7_Free(pkcs7);
pkcs7 = NULL;
} }
#if !defined(HAVE_ECC) || defined(NO_AES) #if !defined(HAVE_ECC) || defined(NO_AES)
@@ -18317,7 +18328,7 @@ int pkcs7encrypted_test(void)
int ret = 0; int ret = 0;
int i, testSz; int i, testSz;
int encryptedSz, decodedSz, attribIdx; int encryptedSz, decodedSz, attribIdx;
PKCS7 pkcs7; PKCS7* pkcs7;
byte encrypted[2048]; byte encrypted[2048];
byte decoded[2048]; byte decoded[2048];
#ifdef PKCS7_OUTPUT_TEST_BUNDLES #ifdef PKCS7_OUTPUT_TEST_BUNDLES
@@ -18441,55 +18452,65 @@ int pkcs7encrypted_test(void)
testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector); testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
for (i = 0; i < testSz; i++) { for (i = 0; i < testSz; i++) {
ret = wc_PKCS7_Init(&pkcs7, HEAP_HINT, devId); pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
if (ret != 0) if (pkcs7 == NULL)
return -9400; return -9400;
pkcs7.content = (byte*)testVectors[i].content; pkcs7->content = (byte*)testVectors[i].content;
pkcs7.contentSz = testVectors[i].contentSz; pkcs7->contentSz = testVectors[i].contentSz;
pkcs7.contentOID = testVectors[i].contentOID; pkcs7->contentOID = testVectors[i].contentOID;
pkcs7.encryptOID = testVectors[i].encryptOID; pkcs7->encryptOID = testVectors[i].encryptOID;
pkcs7.encryptionKey = testVectors[i].encryptionKey; pkcs7->encryptionKey = testVectors[i].encryptionKey;
pkcs7.encryptionKeySz = testVectors[i].encryptionKeySz; pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz;
pkcs7.unprotectedAttribs = testVectors[i].attribs; pkcs7->unprotectedAttribs = testVectors[i].attribs;
pkcs7.unprotectedAttribsSz = testVectors[i].attribsSz; pkcs7->unprotectedAttribsSz = testVectors[i].attribsSz;
/* encode encryptedData */ /* encode encryptedData */
encryptedSz = wc_PKCS7_EncodeEncryptedData(&pkcs7, encrypted, encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
sizeof(encrypted)); sizeof(encrypted));
if (encryptedSz <= 0) if (encryptedSz <= 0) {
wc_PKCS7_Free(pkcs7);
return -9401; return -9401;
}
/* decode encryptedData */ /* decode encryptedData */
decodedSz = wc_PKCS7_DecodeEncryptedData(&pkcs7, encrypted, encryptedSz, decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
decoded, sizeof(decoded)); decoded, sizeof(decoded));
if (decodedSz <= 0) if (decodedSz <= 0){
wc_PKCS7_Free(pkcs7);
return -9402; return -9402;
}
/* test decode result */ /* test decode result */
if (XMEMCMP(decoded, data, sizeof(data)) != 0) if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
wc_PKCS7_Free(pkcs7);
return -9403; return -9403;
}
/* verify decoded unprotected attributes */ /* verify decoded unprotected attributes */
if (pkcs7.decodedAttrib != NULL) { if (pkcs7->decodedAttrib != NULL) {
decodedAttrib = pkcs7.decodedAttrib; decodedAttrib = pkcs7->decodedAttrib;
attribIdx = 1; attribIdx = 1;
while (decodedAttrib != NULL) { while (decodedAttrib != NULL) {
/* expected attribute, stored list is reversed */ /* expected attribute, stored list is reversed */
expectedAttrib = &(pkcs7.unprotectedAttribs expectedAttrib = &(pkcs7->unprotectedAttribs
[pkcs7.unprotectedAttribsSz - attribIdx]); [pkcs7->unprotectedAttribsSz - attribIdx]);
/* verify oid */ /* verify oid */
if (XMEMCMP(decodedAttrib->oid, expectedAttrib->oid, if (XMEMCMP(decodedAttrib->oid, expectedAttrib->oid,
decodedAttrib->oidSz) != 0) decodedAttrib->oidSz) != 0) {
wc_PKCS7_Free(pkcs7);
return -9404; return -9404;
}
/* verify value */ /* verify value */
if (XMEMCMP(decodedAttrib->value, expectedAttrib->value, if (XMEMCMP(decodedAttrib->value, expectedAttrib->value,
decodedAttrib->valueSz) != 0) decodedAttrib->valueSz) != 0) {
wc_PKCS7_Free(pkcs7);
return -9405; return -9405;
}
decodedAttrib = decodedAttrib->next; decodedAttrib = decodedAttrib->next;
attribIdx++; attribIdx++;
@@ -18499,8 +18520,10 @@ int pkcs7encrypted_test(void)
#ifdef PKCS7_OUTPUT_TEST_BUNDLES #ifdef PKCS7_OUTPUT_TEST_BUNDLES
/* output pkcs7 envelopedData for external testing */ /* output pkcs7 envelopedData for external testing */
pkcs7File = fopen(testVectors[i].outFileName, "wb"); pkcs7File = fopen(testVectors[i].outFileName, "wb");
if (!pkcs7File) if (!pkcs7File) {
wc_PKCS7_Free(pkcs7);
return -9406; return -9406;
}
ret = (int)fwrite(encrypted, encryptedSz, 1, pkcs7File); ret = (int)fwrite(encrypted, encryptedSz, 1, pkcs7File);
fclose(pkcs7File); fclose(pkcs7File);
@@ -18509,7 +18532,7 @@ int pkcs7encrypted_test(void)
ret = 0; ret = 0;
#endif #endif
wc_PKCS7_Free(&pkcs7); wc_PKCS7_Free(pkcs7);
} }
return ret; return ret;
@@ -18543,7 +18566,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
byte* out; byte* out;
word32 outSz; word32 outSz;
WC_RNG rng; WC_RNG rng;
PKCS7 pkcs7; PKCS7* pkcs7;
#ifdef PKCS7_OUTPUT_TEST_BUNDLES #ifdef PKCS7_OUTPUT_TEST_BUNDLES
FILE* file; FILE* file;
#endif #endif
@@ -18683,26 +18706,30 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
} }
for (i = 0; i < testSz; i++) { for (i = 0; i < testSz; i++) {
pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID);
if (pkcs7 == NULL)
return -9410;
pkcs7.heap = HEAP_HINT; pkcs7->heap = HEAP_HINT;
pkcs7.devId = INVALID_DEVID; pkcs7->devId = INVALID_DEVID;
ret = wc_PKCS7_InitWithCert(&pkcs7, testVectors[i].cert, ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
(word32)testVectors[i].certSz); (word32)testVectors[i].certSz);
if (ret != 0) { if (ret != 0) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9410; return -9410;
} }
pkcs7.rng = &rng; pkcs7->rng = &rng;
pkcs7.content = (byte*)testVectors[i].content; pkcs7->content = (byte*)testVectors[i].content;
pkcs7.contentSz = testVectors[i].contentSz; pkcs7->contentSz = testVectors[i].contentSz;
pkcs7.hashOID = testVectors[i].hashOID; pkcs7->hashOID = testVectors[i].hashOID;
pkcs7.encryptOID = testVectors[i].encryptOID; pkcs7->encryptOID = testVectors[i].encryptOID;
pkcs7.privateKey = testVectors[i].privateKey; pkcs7->privateKey = testVectors[i].privateKey;
pkcs7.privateKeySz = testVectors[i].privateKeySz; pkcs7->privateKeySz = testVectors[i].privateKeySz;
pkcs7.signedAttribs = testVectors[i].signedAttribs; pkcs7->signedAttribs = testVectors[i].signedAttribs;
pkcs7.signedAttribsSz = testVectors[i].signedAttribsSz; pkcs7->signedAttribsSz = testVectors[i].signedAttribsSz;
/* generate senderNonce */ /* generate senderNonce */
{ {
@@ -18712,7 +18739,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ); ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
if (ret != 0) { if (ret != 0) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(&pkcs7); wc_PKCS7_Free(pkcs7);
return -9411; return -9411;
} }
} }
@@ -18735,20 +18762,20 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
if (ret != 0) { if (ret != 0) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(&pkcs7); wc_PKCS7_Free(pkcs7);
return -9412; return -9412;
} }
wc_ShaUpdate(&sha, pkcs7.publicKey, pkcs7.publicKeySz); wc_ShaUpdate(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
wc_ShaFinal(&sha, digest); wc_ShaFinal(&sha, digest);
wc_ShaFree(&sha); wc_ShaFree(&sha);
#else #else
ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId); ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
if (ret != 0) { if (ret != 0) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(&pkcs7); wc_PKCS7_Free(pkcs7);
return -9413; return -9413;
} }
wc_Sha256Update(&sha, pkcs7.publicKey, pkcs7.publicKeySz); wc_Sha256Update(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
wc_Sha256Final(&sha, digest); wc_Sha256Final(&sha, digest);
wc_Sha256Free(&sha); wc_Sha256Free(&sha);
#endif #endif
@@ -18758,10 +18785,10 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
} }
} }
encodedSz = wc_PKCS7_EncodeSignedData(&pkcs7, out, outSz); encodedSz = wc_PKCS7_EncodeSignedData(pkcs7, out, outSz);
if (encodedSz < 0) { if (encodedSz < 0) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(&pkcs7); wc_PKCS7_Free(pkcs7);
return -9414; return -9414;
} }
@@ -18770,35 +18797,38 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
file = fopen(testVectors[i].outFileName, "wb"); file = fopen(testVectors[i].outFileName, "wb");
if (!file) { if (!file) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(&pkcs7); wc_PKCS7_Free(pkcs7);
return -9415; return -9415;
} }
ret = (int)fwrite(out, 1, encodedSz, file); ret = (int)fwrite(out, 1, encodedSz, file);
fclose(file); fclose(file);
if (ret != (int)encodedSz) { if (ret != (int)encodedSz) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(&pkcs7); wc_PKCS7_Free(pkcs7);
return -9416; return -9416;
} }
#endif /* PKCS7_OUTPUT_TEST_BUNDLES */ #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
wc_PKCS7_Free(&pkcs7); wc_PKCS7_Free(pkcs7);
wc_PKCS7_InitWithCert(&pkcs7, NULL, 0);
ret = wc_PKCS7_VerifySignedData(&pkcs7, out, outSz); pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID);
if (pkcs7 == NULL)
return -9410;
wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
if (ret < 0) { if (ret < 0) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(&pkcs7); wc_PKCS7_Free(pkcs7);
return -9417; return -9417;
} }
if (pkcs7.singleCert == NULL || pkcs7.singleCertSz == 0) { if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(&pkcs7); wc_PKCS7_Free(pkcs7);
return -9418; return -9418;
} }
{ {
/* check getting signed attributes */ /* check getting signed attributes */
#ifndef NO_SHA #ifndef NO_SHA
@@ -18811,25 +18841,25 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
int bufSz = 0; int bufSz = 0;
if (testVectors[i].signedAttribs != NULL && if (testVectors[i].signedAttribs != NULL &&
wc_PKCS7_GetAttributeValue(&pkcs7, oidPt, oidSz, wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
NULL, (word32*)&bufSz) != LENGTH_ONLY_E) { NULL, (word32*)&bufSz) != LENGTH_ONLY_E) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(&pkcs7); wc_PKCS7_Free(pkcs7);
return -9419; return -9419;
} }
if (bufSz > (int)sizeof(buf)) { if (bufSz > (int)sizeof(buf)) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(&pkcs7); wc_PKCS7_Free(pkcs7);
return -9420; return -9420;
} }
bufSz = wc_PKCS7_GetAttributeValue(&pkcs7, oidPt, oidSz, bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
buf, (word32*)&bufSz); buf, (word32*)&bufSz);
if ((testVectors[i].signedAttribs != NULL && bufSz < 0) || if ((testVectors[i].signedAttribs != NULL && bufSz < 0) ||
(testVectors[i].signedAttribs == NULL && bufSz > 0)) { (testVectors[i].signedAttribs == NULL && bufSz > 0)) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(&pkcs7); wc_PKCS7_Free(pkcs7);
return -9421; return -9421;
} }
} }
@@ -18838,14 +18868,14 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
file = fopen("./pkcs7cert.der", "wb"); file = fopen("./pkcs7cert.der", "wb");
if (!file) { if (!file) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(&pkcs7); wc_PKCS7_Free(pkcs7);
return -9422; return -9422;
} }
ret = (int)fwrite(pkcs7.singleCert, 1, pkcs7.singleCertSz, file); ret = (int)fwrite(pkcs7->singleCert, 1, pkcs7->singleCertSz, file);
fclose(file); fclose(file);
#endif /* PKCS7_OUTPUT_TEST_BUNDLES */ #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
wc_PKCS7_Free(&pkcs7); wc_PKCS7_Free(pkcs7);
} }
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);

9
wolfssl/wolfcrypt/pkcs7.h
View File

@@ -95,6 +95,9 @@ typedef struct PKCS7DecodedAttrib {
} PKCS7DecodedAttrib; } PKCS7DecodedAttrib;
/* Public Structure Warning:
* Existing members must not be changed to maintain backwards compatibility!
*/
typedef struct PKCS7 { typedef struct PKCS7 {
WC_RNG* rng; WC_RNG* rng;
PKCS7Attrib* signedAttribs; PKCS7Attrib* signedAttribs;
@@ -138,9 +141,15 @@ typedef struct PKCS7 {
byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */ byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */
byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ]; /* MAX RSA key size (m + e)*/ byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ]; /* MAX RSA key size (m + e)*/
word32 certSz[MAX_PKCS7_CERTS]; word32 certSz[MAX_PKCS7_CERTS];
/* flags - up to 16-bits */
word16 isDynamic:1;
/* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
} PKCS7; } PKCS7;
WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId);
WOLFSSL_API int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId); WOLFSSL_API int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId);
WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz); WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz);
WOLFSSL_API void wc_PKCS7_Free(PKCS7* pkcs7); WOLFSSL_API void wc_PKCS7_Free(PKCS7* pkcs7);