wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

add support for SubjectKeyIdentifier in CMS SignedData SignerInfo

Browse Source
This commit is contained in:
Chris Conlon
2018-08-14 15:28:25 -06:00
committed by David Garske
parent 70ca95b357
commit 2a60fbd766
4 changed files with 188 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile.am
View File

@ -60,6 +60,7 @@ CLEANFILES+= cert.der \
pkcs7signedData_RSA_SHA224.der \
pkcs7signedData_RSA_SHA256.der \
pkcs7signedData_RSA_SHA256_custom_contentType.der \
pkcs7signedData_RSA_SHA256_SKID.der \
pkcs7signedData_RSA_SHA384.der \
pkcs7signedData_RSA_SHA512.der \
pkcs7signedData_ECDSA_SHA.der \
@ -67,6 +68,7 @@ CLEANFILES+= cert.der \
pkcs7signedData_ECDSA_SHA224.der \
pkcs7signedData_ECDSA_SHA256.der \
pkcs7signedData_ECDSA_SHA256_custom_contentType.der \
pkcs7signedData_ECDSA_SHA256_SKID.der \
pkcs7signedData_ECDSA_SHA384.der \
pkcs7signedData_ECDSA_SHA512.der

143
wolfcrypt/src/pkcs7.c
View File

@ -327,6 +327,11 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz)
pkcs7->issuerSz = dCert->issuerRawLen;
XMEMCPY(pkcs7->issuerSn, dCert->serial, dCert->serialSz);
pkcs7->issuerSnSz = dCert->serialSz;
XMEMCPY(pkcs7->issuerSubjKeyId, dCert->extSubjKeyId, KEYID_SIZE);
/* default to IssuerAndSerialNumber for SignerIdentifier */
pkcs7->sidType = SID_ISSUER_AND_SERIAL_NUMBER;
FreeDecodedCert(dCert);
#ifdef WOLFSSL_SMALL_STACK
@ -537,9 +542,13 @@ typedef struct ESD {
byte signerInfoSet[MAX_SET_SZ];
byte signerInfoSeq[MAX_SEQ_SZ];
byte signerVersion[MAX_VERSION_SZ];
/* issuerAndSerialNumber ...*/
byte issuerSnSeq[MAX_SEQ_SZ];
byte issuerName[MAX_SEQ_SZ];
byte issuerSn[MAX_SN_SZ];
/* OR subjectKeyIdentifier */
byte issuerSKIDSeq[MAX_SEQ_SZ];
byte issuerSKID[MAX_OCTET_STR_SZ];
byte signerDigAlgoId[MAX_ALGO_SZ];
byte digEncAlgoId[MAX_ALGO_SZ];
byte signedAttribSet[MAX_SET_SZ];
@ -549,8 +558,8 @@ typedef struct ESD {
word32 outerSeqSz, outerContentSz, innerSeqSz, versionSz, digAlgoIdSetSz,
singleDigAlgoIdSz, certsSetSz;
word32 signerInfoSetSz, signerInfoSeqSz, signerVersionSz,
issuerSnSeqSz, issuerNameSz, issuerSnSz,
signerDigAlgoIdSz, digEncAlgoIdSz, signerDigestSz;
issuerSnSeqSz, issuerNameSz, issuerSnSz, issuerSKIDSz,
issuerSKIDSeqSz, signerDigAlgoIdSz, digEncAlgoIdSz, signerDigestSz;
word32 encContentDigestSz, signedAttribsSz, signedAttribsCount,
signedAttribSetSz;
} ESD;
@ -1058,6 +1067,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
int digEncAlgoId, digEncAlgoType;
byte* flatSignedAttribs = NULL;
word32 flatSignedAttribsSz = 0;
word32 innerOidSz = sizeof(innerOid);
word32 outerOidSz = sizeof(outerOid);
if (pkcs7 == NULL || pkcs7->contentSz == 0 ||
@ -1101,14 +1111,34 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
pkcs7->contentTypeSz + esd->innerContSeqSz,
esd->contentInfoSeq);
esd->issuerSnSz = SetSerialNumber(pkcs7->issuerSn, pkcs7->issuerSnSz,
esd->issuerSn, MAX_SN_SZ);
signerInfoSz += esd->issuerSnSz;
esd->issuerNameSz = SetSequence(pkcs7->issuerSz, esd->issuerName);
signerInfoSz += esd->issuerNameSz + pkcs7->issuerSz;
esd->issuerSnSeqSz = SetSequence(signerInfoSz, esd->issuerSnSeq);
signerInfoSz += esd->issuerSnSeqSz;
esd->signerVersionSz = SetMyVersion(1, esd->signerVersion, 0);
/* SignerIdentifier */
if (pkcs7->sidType == SID_ISSUER_AND_SERIAL_NUMBER) {
/* IssuerAndSerialNumber */
esd->issuerSnSz = SetSerialNumber(pkcs7->issuerSn, pkcs7->issuerSnSz,
esd->issuerSn, MAX_SN_SZ);
signerInfoSz += esd->issuerSnSz;
esd->issuerNameSz = SetSequence(pkcs7->issuerSz, esd->issuerName);
signerInfoSz += esd->issuerNameSz + pkcs7->issuerSz;
esd->issuerSnSeqSz = SetSequence(signerInfoSz, esd->issuerSnSeq);
signerInfoSz += esd->issuerSnSeqSz;
/* version MUST be 1 */
esd->signerVersionSz = SetMyVersion(1, esd->signerVersion, 0);
} else if (pkcs7->sidType == SID_SUBJECT_KEY_IDENTIFIER) {
/* SubjectKeyIdentifier */
esd->issuerSKIDSz = SetOctetString(KEYID_SIZE, esd->issuerSKID);
esd->issuerSKIDSeqSz = SetExplicit(0, esd->issuerSKIDSz + KEYID_SIZE,
esd->issuerSKIDSeq);
signerInfoSz += (esd->issuerSKIDSz + esd->issuerSKIDSeqSz +
KEYID_SIZE);
/* version MUST be 3 */
esd->signerVersionSz = SetMyVersion(3, esd->signerVersion, 0);
} else {
return SKID_E;
}
signerInfoSz += esd->signerVersionSz;
esd->signerDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->signerDigAlgoId,
oidHashType, 0);
@ -1250,14 +1280,28 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
idx += esd->signerInfoSeqSz;
XMEMCPY(output2 + idx, esd->signerVersion, esd->signerVersionSz);
idx += esd->signerVersionSz;
XMEMCPY(output2 + idx, esd->issuerSnSeq, esd->issuerSnSeqSz);
idx += esd->issuerSnSeqSz;
XMEMCPY(output2 + idx, esd->issuerName, esd->issuerNameSz);
idx += esd->issuerNameSz;
XMEMCPY(output2 + idx, pkcs7->issuer, pkcs7->issuerSz);
idx += pkcs7->issuerSz;
XMEMCPY(output2 + idx, esd->issuerSn, esd->issuerSnSz);
idx += esd->issuerSnSz;
/* SignerIdentifier */
if (pkcs7->sidType == SID_ISSUER_AND_SERIAL_NUMBER) {
/* IssuerAndSerialNumber */
XMEMCPY(output2 + idx, esd->issuerSnSeq, esd->issuerSnSeqSz);
idx += esd->issuerSnSeqSz;
XMEMCPY(output2 + idx, esd->issuerName, esd->issuerNameSz);
idx += esd->issuerNameSz;
XMEMCPY(output2 + idx, pkcs7->issuer, pkcs7->issuerSz);
idx += pkcs7->issuerSz;
XMEMCPY(output2 + idx, esd->issuerSn, esd->issuerSnSz);
idx += esd->issuerSnSz;
} else if (pkcs7->sidType == SID_SUBJECT_KEY_IDENTIFIER) {
/* SubjectKeyIdentifier */
XMEMCPY(output2 + idx, esd->issuerSKIDSeq, esd->issuerSKIDSeqSz);
idx += esd->issuerSKIDSeqSz;
XMEMCPY(output2 + idx, esd->issuerSKID, esd->issuerSKIDSz);
idx += esd->issuerSKIDSz;
XMEMCPY(output2 + idx, pkcs7->issuerSubjKeyId, KEYID_SIZE);
idx += KEYID_SIZE;
} else {
return SKID_E;
}
XMEMCPY(output2 + idx, esd->signerDigAlgoId, esd->signerDigAlgoIdSz);
idx += esd->signerDigAlgoIdSz;
@ -2048,7 +2092,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
/* Get the inner ContentInfo contentType */
{
word32 localIdx = idx;
localIdx = idx;
if (GetASNObjectId(pkiMsg, &idx, &length, pkiMsgSz) != 0)
return ASN_PARSE_E;
@ -2299,11 +2343,44 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
if (GetMyVersion(pkiMsg2, &idx, &version, pkiMsg2Sz) < 0)
return ASN_PARSE_E;
if (version != 1) {
WOLFSSL_MSG("PKCS#7 signerInfo needs to be of version 1");
if (version == 1) {
/* Get the sequence of IssuerAndSerialNumber */
if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
return ASN_PARSE_E;
/* Skip it */
idx += length;
} else if (version == 3) {
/* Get the sequence of SubjectKeyIdentifier */
if (pkiMsg[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) {
ret = ASN_PARSE_E;
}
if (ret == 0 && GetLength(pkiMsg, &idx, &length, pkiMsgSz) <= 0) {
ret = ASN_PARSE_E;
}
if (ret == 0 && pkiMsg[idx++] != ASN_OCTET_STRING)
ret = ASN_PARSE_E;
if (ret == 0 && GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0)
ret = ASN_PARSE_E;
/* Skip it */
idx += length;
} else {
WOLFSSL_MSG("PKCS#7 signerInfo version must be 1 or 3");
return ASN_VERSION_E;
}
/* Get the sequence of digestAlgorithm */
if (GetAlgoId(pkiMsg2, &idx, &hashOID, oidHashType, pkiMsg2Sz) < 0) {
return ASN_PARSE_E;
}
pkcs7->hashOID = (int)hashOID;
/* Get the sequence of IssuerAndSerialNumber */
if (GetSequence(pkiMsg2, &idx, &length, pkiMsg2Sz) < 0)
return ASN_PARSE_E;
@ -3559,6 +3636,30 @@ static int wc_PKCS7_GenerateIV(PKCS7* pkcs7, WC_RNG* rng, byte* iv, word32 ivSz)
}
/* Set SignerIdentifier type to be used in SignedData encoding. Is either
* IssuerAndSerialNumber or SubjectKeyIdentifier. SignedData encoding
* defaults to using IssuerAndSerialNumber unless set with this function.
*
* pkcs7 - pointer to initialized PKCS7 structure
* type - either SID_ISSUER_AND_SERIAL_NUMBER or SID_SUBJECT_KEY_IDENTIFIER
*
* return 0 on success, negative upon error */
int wc_PKCS7_SetSignerIdentifierType(PKCS7* pkcs7, int type)
{
if (pkcs7 == NULL)
return BAD_FUNC_ARG;
if (type != SID_ISSUER_AND_SERIAL_NUMBER &&
type != SID_SUBJECT_KEY_IDENTIFIER) {
return BAD_FUNC_ARG;
}
pkcs7->sidType = type;
return 0;
}
/* Set custom contentType, currently supported with SignedData type
*
* pkcs7 - pointer to initialized PKCS7 structure

83
wolfcrypt/test/test.c
View File

@ -19300,6 +19300,7 @@ typedef struct {
const char* outFileName;
byte* contentType;
word32 contentTypeSz;
int sidType;
} pkcs7SignedVector;
@ -19362,42 +19363,48 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
/* RSA with SHA */
{data, (word32)sizeof(data), SHAh, RSAk, rsaPrivKey, rsaPrivKeySz,
rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_RSA_SHA.der", NULL, 0},
"pkcs7signedData_RSA_SHA.der", NULL, 0, 0},
/* RSA with SHA, no signed attributes */
{data, (word32)sizeof(data), SHAh, RSAk, rsaPrivKey, rsaPrivKeySz,
rsaCert, rsaCertSz, NULL, 0,
"pkcs7signedData_RSA_SHA_noattr.der", NULL, 0},
"pkcs7signedData_RSA_SHA_noattr.der", NULL, 0, 0},
#endif
#ifdef WOLFSSL_SHA224
/* RSA with SHA224 */
{data, (word32)sizeof(data), SHA224h, RSAk, rsaPrivKey, rsaPrivKeySz,
rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_RSA_SHA224.der", NULL, 0},
"pkcs7signedData_RSA_SHA224.der", NULL, 0, 0},
#endif
#ifndef NO_SHA256
/* RSA with SHA256 */
{data, (word32)sizeof(data), SHA256h, RSAk, rsaPrivKey, rsaPrivKeySz,
rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_RSA_SHA256.der", NULL, 0},
"pkcs7signedData_RSA_SHA256.der", NULL, 0, 0},
/* RSA with SHA256 and SubjectKeyIdentifier in SignerIdentifier */
{data, (word32)sizeof(data), SHA256h, RSAk, rsaPrivKey, rsaPrivKeySz,
rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_RSA_SHA256_SKID.der", NULL, 0,
SID_SUBJECT_KEY_IDENTIFIER},
/* RSA with SHA256 and custom contentType */
{data, (word32)sizeof(data), SHA256h, RSAk, rsaPrivKey, rsaPrivKeySz,
rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_RSA_SHA256_custom_contentType.der", customContentType,
sizeof(customContentType)},
sizeof(customContentType), 0},
#endif
#if defined(WOLFSSL_SHA384)
/* RSA with SHA384 */
{data, (word32)sizeof(data), SHA384h, RSAk, rsaPrivKey, rsaPrivKeySz,
rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_RSA_SHA384.der", NULL, 0},
"pkcs7signedData_RSA_SHA384.der", NULL, 0, 0},
#endif
#if defined(WOLFSSL_SHA512)
/* RSA with SHA512 */
{data, (word32)sizeof(data), SHA512h, RSAk, rsaPrivKey, rsaPrivKeySz,
rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_RSA_SHA512.der", NULL, 0},
"pkcs7signedData_RSA_SHA512.der", NULL, 0, 0},
#endif
#endif /* NO_RSA */
@ -19406,42 +19413,48 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
/* ECDSA with SHA */
{data, (word32)sizeof(data), SHAh, ECDSAk, eccPrivKey, eccPrivKeySz,
eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_ECDSA_SHA.der", NULL, 0},
"pkcs7signedData_ECDSA_SHA.der", NULL, 0, 0},
/* ECDSA with SHA, no signed attributes */
{data, (word32)sizeof(data), SHAh, ECDSAk, eccPrivKey, eccPrivKeySz,
eccCert, eccCertSz, NULL, 0,
"pkcs7signedData_ECDSA_SHA_noattr.der", NULL, 0},
"pkcs7signedData_ECDSA_SHA_noattr.der", NULL, 0, 0},
#endif
#ifdef WOLFSSL_SHA224
/* ECDSA with SHA224 */
{data, (word32)sizeof(data), SHA224h, ECDSAk, eccPrivKey, eccPrivKeySz,
eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_ECDSA_SHA224.der", NULL, 0},
"pkcs7signedData_ECDSA_SHA224.der", NULL, 0, 0},
#endif
#ifndef NO_SHA256
/* ECDSA with SHA256 */
{data, (word32)sizeof(data), SHA256h, ECDSAk, eccPrivKey, eccPrivKeySz,
eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_ECDSA_SHA256.der", NULL, 0},
"pkcs7signedData_ECDSA_SHA256.der", NULL, 0, 0},
/* ECDSA with SHA256 and SubjectKeyIdentifier in SigherIdentifier */
{data, (word32)sizeof(data), SHA256h, ECDSAk, eccPrivKey, eccPrivKeySz,
eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_ECDSA_SHA256_SKID.der", NULL, 0,
SID_SUBJECT_KEY_IDENTIFIER},
/* ECDSA with SHA256 and custom contentType */
{data, (word32)sizeof(data), SHA256h, ECDSAk, eccPrivKey, eccPrivKeySz,
eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_ECDSA_SHA256_custom_contentType.der",
customContentType, sizeof(customContentType)},
customContentType, sizeof(customContentType), 0},
#endif
#ifdef WOLFSSL_SHA384
/* ECDSA with SHA384 */
{data, (word32)sizeof(data), SHA384h, ECDSAk, eccPrivKey, eccPrivKeySz,
eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_ECDSA_SHA384.der", NULL, 0},
"pkcs7signedData_ECDSA_SHA384.der", NULL, 0, 0},
#endif
#ifdef WOLFSSL_SHA512
/* ECDSA with SHA512 */
{data, (word32)sizeof(data), SHA512h, ECDSAk, eccPrivKey, eccPrivKeySz,
eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_ECDSA_SHA512.der", NULL, 0},
"pkcs7signedData_ECDSA_SHA512.der", NULL, 0, 0},
#endif
#endif /* HAVE_ECC */
};
@ -19506,6 +19519,18 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
}
}
/* set SignerIdentifier to use SubjectKeyIdentifier if desired,
default is IssuerAndSerialNumber */
if (testVectors[i].sidType == SID_SUBJECT_KEY_IDENTIFIER) {
ret = wc_PKCS7_SetSignerIdentifierType(pkcs7,
SID_SUBJECT_KEY_IDENTIFIER);
if (ret != 0) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9412;
}
}
/* generate senderNonce */
{
senderNonce[0] = 0x04;
@ -19515,7 +19540,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
if (ret != 0) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9412;
return -9413;
}
}
@ -19538,7 +19563,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
if (ret != 0) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9413;
return -9414;
}
wc_ShaUpdate(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
wc_ShaFinal(&sha, digest);
@ -19548,7 +19573,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
if (ret != 0) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9414;
return -9415;
}
wc_Sha256Update(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
wc_Sha256Final(&sha, digest);
@ -19564,7 +19589,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
if (encodedSz < 0) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9415;
return -9416;
}
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
@ -19573,14 +19598,14 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
if (!file) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9416;
return -9417;
}
ret = (int)fwrite(out, 1, encodedSz, file);
fclose(file);
if (ret != (int)encodedSz) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9417;
return -9418;
}
#endif /* PKCS7_OUTPUT_TEST_BUNDLES */
@ -19588,23 +19613,23 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID);
if (pkcs7 == NULL)
return -9418;
return -9419;
wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
if (ret < 0) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9419;
return -9420;
}
/* verify contentType extracted successfully for custom content types */
if (testVectors[i].contentTypeSz > 0) {
if (pkcs7->contentTypeSz != testVectors[i].contentTypeSz) {
return -9420;
return -9421;
} else if (XMEMCMP(pkcs7->contentType, testVectors[i].contentType,
pkcs7->contentTypeSz) != 0) {
return -9421;
return -9422;
}
}
@ -19612,7 +19637,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9422;
return -9423;
}
{
@ -19631,13 +19656,13 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
NULL, (word32*)&bufSz) != LENGTH_ONLY_E) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9423;
return -9424;
}
if (bufSz > (int)sizeof(buf)) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9424;
return -9425;
}
bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
@ -19646,7 +19671,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
(testVectors[i].signedAttribs == NULL && bufSz > 0)) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9425;
return -9426;
}
}
@ -19655,7 +19680,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
if (!file) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9426;
return -9427;
}
ret = (int)fwrite(pkcs7->singleCert, 1, pkcs7->singleCertSz, file);
fclose(file);

10
wolfssl/wolfcrypt/pkcs7.h
View File

@ -77,6 +77,10 @@ enum Pkcs7_Misc {
MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ
};
enum Pkcs7_SignerIdentifier_Types {
SID_ISSUER_AND_SERIAL_NUMBER = 0,
SID_SUBJECT_KEY_IDENTIFIER = 1
};
typedef struct PKCS7Attrib {
const byte* oid;
@ -150,6 +154,11 @@ typedef struct PKCS7 {
byte contentType[MAX_OID_SZ]; /* custom contentType byte array */
word32 contentTypeSz; /* size of contentType, bytes */
int sidType; /* SignerIdentifier type to use, of type
Pkcs7_SignerIdentifier_Types, default to
SID_ISSUER_AND_SERIAL_NUMBER */
byte issuerSubjKeyId[KEYID_SIZE]; /* SubjectKeyIdentifier of singleCert */
/* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
} PKCS7;
@ -180,6 +189,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
word32 pkiMsgSz, byte* output,
word32 outputSz);
WOLFSSL_API int wc_PKCS7_SetSignerIdentifierType(PKCS7* pkcs7, int type);
WOLFSSL_API int wc_PKCS7_SetContentType(PKCS7* pkcs7, byte* contentType,
word32 sz);
WOLFSSL_API int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz);