wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 20:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

add CMS RSA sign callback for raw digest

Browse Source
This commit is contained in:
Chris Conlon
2019-10-30 17:27:38 -06:00
parent 7e45ae2ec6
commit 2063fa502f
2 changed files with 62 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
wolfcrypt/src/pkcs7.c
View File

@@ -1982,8 +1982,12 @@ static int wc_PKCS7_SignedDataBuildSignature(PKCS7* pkcs7,
ESD* esd) ESD* esd)
{ {
int ret = 0; int ret = 0;
#ifdef HAVE_ECC #if defined(HAVE_ECC) || \
(defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA))
int hashSz = 0; int hashSz = 0;
#endif
#if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
int hashOID;
#endif #endif
word32 digestInfoSz = MAX_PKCS7_DIGEST_SZ; word32 digestInfoSz = MAX_PKCS7_DIGEST_SZ;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@@ -2014,11 +2018,37 @@ static int wc_PKCS7_SignedDataBuildSignature(PKCS7* pkcs7,
return ret; return ret;
} }
#if defined(HAVE_ECC) || \
(defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA))
/* get digest size from hash type */
hashSz = wc_HashGetDigestSize(esd->hashType);
if (hashSz < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(digestInfo, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return hashSz;
}
#endif
/* sign digestInfo */ /* sign digestInfo */
switch (pkcs7->publicKeyOID) { switch (pkcs7->publicKeyOID) {
#ifndef NO_RSA #ifndef NO_RSA
case RSAk: case RSAk:
#ifdef HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK
if (pkcs7->rsaSignRawDigestCb != NULL) {
/* get hash OID */
hashOID = wc_HashGetOID(esd->hashType);
/* user signing plain digest, build DigestInfo themselves */
ret = pkcs7->rsaSignRawDigestCb(pkcs7,
esd->contentAttribsDigest, hashSz,
esd->encContentDigest, sizeof(esd->encContentDigest),
pkcs7->privateKey, pkcs7->privateKeySz, pkcs7->devId,
hashOID);
break;
}
#endif
ret = wc_PKCS7_RsaSign(pkcs7, digestInfo, digestInfoSz, esd); ret = wc_PKCS7_RsaSign(pkcs7, digestInfo, digestInfoSz, esd);
break; break;
#endif #endif
@@ -2027,14 +2057,6 @@ static int wc_PKCS7_SignedDataBuildSignature(PKCS7* pkcs7,
case ECDSAk: case ECDSAk:
/* CMS with ECDSA does not sign DigestInfo structure /* CMS with ECDSA does not sign DigestInfo structure
* like PKCS#7 with RSA does */ * like PKCS#7 with RSA does */
hashSz = wc_HashGetDigestSize(esd->hashType);
if (hashSz < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(digestInfo, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return hashSz;
}
ret = wc_PKCS7_EcdsaSign(pkcs7, esd->contentAttribsDigest, ret = wc_PKCS7_EcdsaSign(pkcs7, esd->contentAttribsDigest,
hashSz, esd); hashSz, esd);
break; break;
@@ -3032,6 +3054,20 @@ int wc_PKCS7_EncodeSignedEncryptedCompressedFPD(PKCS7* pkcs7, byte* encryptKey,
#ifndef NO_RSA #ifndef NO_RSA
#ifdef HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK
/* register raw RSA sign digest callback */
int wc_PKCS7_SetRsaSignRawDigestCb(PKCS7* pkcs7, CallbackRsaSignRawDigest cb)
{
if (pkcs7 == NULL || cb == NULL) {
return BAD_FUNC_ARG;
}
pkcs7->rsaSignRawDigestCb = cb;
return 0;
}
#endif
/* returns size of signature put into out, negative on error */ /* returns size of signature put into out, negative on error */
static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
byte* hash, word32 hashSz) byte* hash, word32 hashSz)

17
wolfssl/wolfcrypt/pkcs7.h
View File

@@ -220,6 +220,14 @@ typedef int (*CallbackWrapCEK)(PKCS7* pkcs7, byte* cek, word32 cekSz,
byte* out, word32 outSz, byte* out, word32 outSz,
int keyWrapAlgo, int type, int dir); int keyWrapAlgo, int type, int dir);
#if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
/* RSA sign raw digest callback, user builds DigestInfo */
typedef int (*CallbackRsaSignRawDigest)(PKCS7* pkcs7, byte* digest,
word32 digestSz, byte* out, word32 outSz,
byte* privateKey, word32 privateKeySz,
int devId, int hashOID);
#endif
/* Public Structure Warning: /* Public Structure Warning:
* Existing members must not be changed to maintain backwards compatibility! * Existing members must not be changed to maintain backwards compatibility!
*/ */
@@ -318,6 +326,10 @@ struct PKCS7 {
word32 signatureSz; word32 signatureSz;
word32 plainDigestSz; word32 plainDigestSz;
word32 pkcs7DigestSz; word32 pkcs7DigestSz;
#if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
CallbackRsaSignRawDigest rsaSignRawDigestCb;
#endif
/* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */ /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
}; };
@@ -439,6 +451,11 @@ WOLFSSL_API int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt cb,
WOLFSSL_API int wc_PKCS7_SetWrapCEKCb(PKCS7* pkcs7, WOLFSSL_API int wc_PKCS7_SetWrapCEKCb(PKCS7* pkcs7,
CallbackWrapCEK wrapCEKCb); CallbackWrapCEK wrapCEKCb);
#if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
WOLFSSL_API int wc_PKCS7_SetRsaSignRawDigestCb(PKCS7* pkcs7,
CallbackRsaSignRawDigest cb);
#endif
/* CMS/PKCS#7 EnvelopedData */ /* CMS/PKCS#7 EnvelopedData */
WOLFSSL_API int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, WOLFSSL_API int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
byte* output, word32 outputSz); byte* output, word32 outputSz);