wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2164 from JacobBarthelmeh/PKCS7

Browse Source 
adjust location of where PKCS7 content is saved
This commit is contained in:
John Safranek
2019-03-15 09:40:17 -07:00
committed by GitHub
parent 6ff2039b1f 45b6a3b67d
commit 0ef4b7e933
2 changed files with 63 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
tests/api.c
View File

@ -16639,17 +16639,20 @@ static void test_PKCS7_signed_enveloped(void)
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
XFILE f; XFILE f;
PKCS7* pkcs7; PKCS7* pkcs7;
PKCS7* inner;
void* pt; void* pt;
WC_RNG rng; WC_RNG rng;
unsigned char key[FOURK_BUF/2]; unsigned char key[FOURK_BUF/2];
unsigned char cert[FOURK_BUF/2]; unsigned char cert[FOURK_BUF/2];
unsigned char env[FOURK_BUF/2]; unsigned char env[FOURK_BUF];
int envSz = FOURK_BUF/2; int envSz = FOURK_BUF;
int keySz; int keySz;
int certSz; int certSz;
unsigned char sig[FOURK_BUF]; unsigned char sig[FOURK_BUF * 2];
int sigSz = FOURK_BUF; int sigSz = FOURK_BUF * 2;
unsigned char decoded[FOURK_BUF];
int decodedSz = FOURK_BUF;
printf(testingFmt, "PKCS7_signed_enveloped"); printf(testingFmt, "PKCS7_signed_enveloped");
@ -16664,11 +16667,27 @@ static void test_PKCS7_signed_enveloped(void)
XFCLOSE(f); XFCLOSE(f);
keySz = wolfSSL_KeyPemToDer(key, keySz, key, keySz, NULL); keySz = wolfSSL_KeyPemToDer(key, keySz, key, keySz, NULL);
/* sign cert for envelope */
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_InitRng(&rng), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
pkcs7->content = cert;
pkcs7->contentSz = certSz;
pkcs7->contentOID = DATA;
pkcs7->privateKey = key;
pkcs7->privateKeySz = keySz;
pkcs7->encryptOID = RSAk;
pkcs7->hashOID = SHA256h;
pkcs7->rng = &rng;
AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
wc_PKCS7_Free(pkcs7);
wc_FreeRng(&rng);
/* create envelope */ /* create envelope */
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
pkcs7->content = cert; pkcs7->content = sig;
pkcs7->contentSz = certSz; pkcs7->contentSz = sigSz;
pkcs7->contentOID = DATA; pkcs7->contentOID = DATA;
pkcs7->encryptOID = AES256CBCb; pkcs7->encryptOID = AES256CBCb;
pkcs7->privateKey = key; pkcs7->privateKey = key;
@ -16677,13 +16696,13 @@ static void test_PKCS7_signed_enveloped(void)
wc_PKCS7_Free(pkcs7); wc_PKCS7_Free(pkcs7);
/* create signed enveloped data */ /* create signed enveloped data */
sigSz = FOURK_BUF * 2;
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_InitRng(&rng), 0); AssertIntEQ(wc_InitRng(&rng), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
pkcs7->content = env; pkcs7->content = env;
pkcs7->contentSz = envSz; pkcs7->contentSz = envSz;
pkcs7->contentOID = DATA; pkcs7->contentOID = DATA;
pkcs7->encryptOID = AES256CBCb;
pkcs7->privateKey = key; pkcs7->privateKey = key;
pkcs7->privateKeySz = keySz; pkcs7->privateKeySz = keySz;
pkcs7->encryptOID = RSAk; pkcs7->encryptOID = RSAk;
@ -16703,7 +16722,26 @@ static void test_PKCS7_signed_enveloped(void)
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
AssertNotNull(pkcs7->content);
/* check decode */
AssertNotNull(inner = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(inner, cert, certSz), 0);
inner->privateKey = key;
inner->privateKeySz = keySz;
AssertIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(inner, pkcs7->content,
pkcs7->contentSz, decoded, decodedSz)), 0);
wc_PKCS7_Free(inner);
wc_PKCS7_Free(pkcs7); wc_PKCS7_Free(pkcs7);
/* check cert set */
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, decoded, decodedSz), 0);
AssertNotNull(pkcs7->singleCert);
AssertIntNE(pkcs7->singleCertSz, 0);
wc_PKCS7_Free(pkcs7);
printf(resultFmt, passed); printf(resultFmt, passed);
#endif #endif

30
wolfcrypt/src/pkcs7.c
View File

@ -3884,20 +3884,6 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
ret = 0; /* reset ret state on degenerate case */ ret = 0; /* reset ret state on degenerate case */
} }
/* Get the implicit[0] set of certificates */
if (ret == 0 && idx >= pkiMsg2Sz)
ret = BUFFER_E;
length = 0; /* set length to 0 to check if reading in any certs */
if (ret == 0 && pkiMsg2[idx] ==
(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) {
idx++;
if (GetLength(pkiMsg2, &idx, &length, pkiMsg2Sz) < 0)
ret = ASN_PARSE_E;
if (ret != 0) {
break;
}
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
/* save content */ /* save content */
if (detached == 1) { if (detached == 1) {
@ -3919,7 +3905,23 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
pkcs7->stream->contentSz = contentSz; pkcs7->stream->contentSz = contentSz;
} }
} }
#endif /* !NO_PKCS7_STREAM */
/* Get the implicit[0] set of certificates */
if (ret == 0 && idx >= pkiMsg2Sz)
ret = BUFFER_E;
length = 0; /* set length to 0 to check if reading in any certs */
if (ret == 0 && pkiMsg2[idx] ==
(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) {
idx++;
if (GetLength(pkiMsg2, &idx, &length, pkiMsg2Sz) < 0)
ret = ASN_PARSE_E;
if (ret != 0) {
break;
}
#ifndef NO_PKCS7_STREAM
if (content != NULL && pkcs7->stream->flagOne) { if (content != NULL && pkcs7->stream->flagOne) {
stateIdx = idx; /* case where all data was read from in2 */ stateIdx = idx; /* case where all data was read from in2 */
} }