mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-08-03 12:44:45 +02:00
Merge pull request #1926 from cconlon/cms2
CMS expansion, SignedData detached signature support
This commit is contained in:
toddouska
GitHub
1
.gitignore
vendored
1
.gitignore
vendored
@@ -156,6 +156,7 @@ pkcs7signedData_RSA_SHA256.der
|
|||||||
pkcs7signedData_RSA_SHA256_firmwarePkgData.der
|
pkcs7signedData_RSA_SHA256_firmwarePkgData.der
|
||||||
pkcs7signedData_RSA_SHA256_SKID.der
|
pkcs7signedData_RSA_SHA256_SKID.der
|
||||||
pkcs7signedData_RSA_SHA256_with_ca_cert.der
|
pkcs7signedData_RSA_SHA256_with_ca_cert.der
|
||||||
|
pkcs7signedData_RSA_SHA256_detachedSig.der
|
||||||
pkcs7signedData_RSA_SHA384.der
|
pkcs7signedData_RSA_SHA384.der
|
||||||
pkcs7signedData_RSA_SHA512.der
|
pkcs7signedData_RSA_SHA512.der
|
||||||
pkcs7signedData_RSA_SHA.der
|
pkcs7signedData_RSA_SHA.der
|
||||||
|
|||||||
@@ -88,6 +88,7 @@ CLEANFILES+= cert.der \
|
|||||||
pkcs7signedData_RSA_SHA256_custom_contentType.der \
|
pkcs7signedData_RSA_SHA256_custom_contentType.der \
|
||||||
pkcs7signedData_RSA_SHA256_with_ca_cert.der \
|
pkcs7signedData_RSA_SHA256_with_ca_cert.der \
|
||||||
pkcs7signedData_RSA_SHA256_SKID.der \
|
pkcs7signedData_RSA_SHA256_SKID.der \
|
||||||
|
pkcs7signedData_RSA_SHA256_detachedSig.der \
|
||||||
pkcs7signedData_RSA_SHA384.der \
|
pkcs7signedData_RSA_SHA384.der \
|
||||||
pkcs7signedData_RSA_SHA512.der \
|
pkcs7signedData_RSA_SHA512.der \
|
||||||
pkcs7signedData_ECDSA_SHA.der \
|
pkcs7signedData_ECDSA_SHA.der \
|
||||||
|
|||||||
@@ -102,6 +102,7 @@ struct PKCS7State {
|
|||||||
#endif
|
#endif
|
||||||
byte multi:1; /* flag for if content is in multiple parts */
|
byte multi:1; /* flag for if content is in multiple parts */
|
||||||
byte flagOne:1;
|
byte flagOne:1;
|
||||||
|
byte detached:1; /* flag to indicate detached signature is present */
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
@@ -177,6 +178,7 @@ static void wc_PKCS7_ResetStream(PKCS7* pkcs7)
|
|||||||
|
|
||||||
pkcs7->stream->multi = 0;
|
pkcs7->stream->multi = 0;
|
||||||
pkcs7->stream->flagOne = 0;
|
pkcs7->stream->flagOne = 0;
|
||||||
|
pkcs7->stream->detached = 0;
|
||||||
pkcs7->stream->varOne = 0;
|
pkcs7->stream->varOne = 0;
|
||||||
pkcs7->stream->varTwo = 0;
|
pkcs7->stream->varTwo = 0;
|
||||||
pkcs7->stream->varThree = 0;
|
pkcs7->stream->varThree = 0;
|
||||||
@@ -1860,12 +1862,20 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
|
|||||||
esd->contentDigest[1] = (byte)hashSz;
|
esd->contentDigest[1] = (byte)hashSz;
|
||||||
XMEMCPY(&esd->contentDigest[2], hashBuf, hashSz);
|
XMEMCPY(&esd->contentDigest[2], hashBuf, hashSz);
|
||||||
|
|
||||||
esd->innerOctetsSz = SetOctetString(pkcs7->contentSz, esd->innerOctets);
|
if (pkcs7->detached == 1) {
|
||||||
esd->innerContSeqSz = SetExplicit(0, esd->innerOctetsSz + pkcs7->contentSz,
|
/* do not include content if generating detached signature */
|
||||||
esd->innerContSeq);
|
esd->innerOctetsSz = 0;
|
||||||
esd->contentInfoSeqSz = SetSequence(pkcs7->contentSz + esd->innerOctetsSz +
|
esd->innerContSeqSz = 0;
|
||||||
pkcs7->contentTypeSz + esd->innerContSeqSz,
|
esd->contentInfoSeqSz = SetSequence(pkcs7->contentTypeSz,
|
||||||
esd->contentInfoSeq);
|
esd->contentInfoSeq);
|
||||||
|
} else {
|
||||||
|
esd->innerOctetsSz = SetOctetString(pkcs7->contentSz, esd->innerOctets);
|
||||||
|
esd->innerContSeqSz = SetExplicit(0, esd->innerOctetsSz +
|
||||||
|
pkcs7->contentSz, esd->innerContSeq);
|
||||||
|
esd->contentInfoSeqSz = SetSequence(pkcs7->contentSz +
|
||||||
|
esd->innerOctetsSz + pkcs7->contentTypeSz +
|
||||||
|
esd->innerContSeqSz, esd->contentInfoSeq);
|
||||||
|
}
|
||||||
|
|
||||||
/* SignerIdentifier */
|
/* SignerIdentifier */
|
||||||
if (pkcs7->sidType == CMS_ISSUER_AND_SERIAL_NUMBER) {
|
if (pkcs7->sidType == CMS_ISSUER_AND_SERIAL_NUMBER) {
|
||||||
@@ -1994,6 +2004,10 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
|
|||||||
esd->innerContSeqSz + esd->innerOctetsSz + pkcs7->contentSz;
|
esd->innerContSeqSz + esd->innerOctetsSz + pkcs7->contentSz;
|
||||||
total2Sz = esd->certsSetSz + certSetSz + signerInfoSz;
|
total2Sz = esd->certsSetSz + certSetSz + signerInfoSz;
|
||||||
|
|
||||||
|
if (pkcs7->detached) {
|
||||||
|
totalSz -= pkcs7->contentSz;
|
||||||
|
}
|
||||||
|
|
||||||
esd->innerSeqSz = SetSequence(totalSz + total2Sz, esd->innerSeq);
|
esd->innerSeqSz = SetSequence(totalSz + total2Sz, esd->innerSeq);
|
||||||
totalSz += esd->innerSeqSz;
|
totalSz += esd->innerSeqSz;
|
||||||
esd->outerContentSz = SetExplicit(0, totalSz + total2Sz, esd->outerContent);
|
esd->outerContentSz = SetExplicit(0, totalSz + total2Sz, esd->outerContent);
|
||||||
@@ -2011,8 +2025,11 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
|
|||||||
#endif
|
#endif
|
||||||
return BUFFER_E;
|
return BUFFER_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!pkcs7->detached) {
|
||||||
totalSz -= pkcs7->contentSz;
|
totalSz -= pkcs7->contentSz;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (totalSz > *outputSz) {
|
if (totalSz > *outputSz) {
|
||||||
if (pkcs7->signedAttribsSz != 0)
|
if (pkcs7->signedAttribsSz != 0)
|
||||||
@@ -2053,8 +2070,10 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
|
|||||||
idx = 0;
|
idx = 0;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
if (!pkcs7->detached) {
|
||||||
XMEMCPY(output + idx, pkcs7->content, pkcs7->contentSz);
|
XMEMCPY(output + idx, pkcs7->content, pkcs7->contentSz);
|
||||||
idx += pkcs7->contentSz;
|
idx += pkcs7->contentSz;
|
||||||
|
}
|
||||||
output2 = output;
|
output2 = output;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -2174,6 +2193,29 @@ int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf, word32 hashS
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Toggle detached signature mode on/off for PKCS#7/CMS SignedData content type.
|
||||||
|
* By default wolfCrypt includes the data to be signed in the SignedData
|
||||||
|
* bundle. This data can be ommited in the case when a detached signature is
|
||||||
|
* being created. To enable generation of detached signatures, set flag to "1",
|
||||||
|
* otherwise set to "0":
|
||||||
|
*
|
||||||
|
* flag 1 turns on support
|
||||||
|
* flag 0 turns off support
|
||||||
|
*
|
||||||
|
* pkcs7 - pointer to initialized PKCS7 structure
|
||||||
|
* flag - turn on/off detached signature generation (1 or 0)
|
||||||
|
*
|
||||||
|
* Returns 0 on success, negative upon error. */
|
||||||
|
int wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag)
|
||||||
|
{
|
||||||
|
if (pkcs7 == NULL || (flag != 0 && flag != 1))
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
|
pkcs7->detached = flag;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/* return codes: >0: Size of signed PKCS7 output buffer, negative: error */
|
/* return codes: >0: Size of signed PKCS7 output buffer, negative: error */
|
||||||
int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
|
int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
|
||||||
{
|
{
|
||||||
@@ -3293,6 +3335,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
|
|||||||
int contentSz = 0, sigSz = 0, certSz = 0, signedAttribSz = 0;
|
int contentSz = 0, sigSz = 0, certSz = 0, signedAttribSz = 0;
|
||||||
word32 localIdx, start;
|
word32 localIdx, start;
|
||||||
byte degenerate = 0;
|
byte degenerate = 0;
|
||||||
|
byte detached = 0;
|
||||||
#ifdef ASN_BER_TO_DER
|
#ifdef ASN_BER_TO_DER
|
||||||
byte* der;
|
byte* der;
|
||||||
#endif
|
#endif
|
||||||
@@ -3528,8 +3571,8 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
|
|||||||
if (pkiMsg[localIdx++] != ASN_OCTET_STRING)
|
if (pkiMsg[localIdx++] != ASN_OCTET_STRING)
|
||||||
ret = ASN_PARSE_E;
|
ret = ASN_PARSE_E;
|
||||||
|
|
||||||
if (ret == 0 && GetLength_ex(pkiMsg, &localIdx, &length, pkiMsgSz,
|
if (ret == 0 && GetLength_ex(pkiMsg, &localIdx,
|
||||||
NO_USER_CHECK) < 0)
|
&length, pkiMsgSz, NO_USER_CHECK) < 0)
|
||||||
ret = ASN_PARSE_E;
|
ret = ASN_PARSE_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -3542,14 +3585,26 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
|
|||||||
idx = localIdx;
|
idx = localIdx;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if (!degenerate && ret != 0)
|
|
||||||
|
/* if pkcs7->content and pkcs7->contentSz are set, try to
|
||||||
|
process as a detached signature */
|
||||||
|
if (!degenerate &&
|
||||||
|
(pkcs7->content != NULL && pkcs7->contentSz != 0)) {
|
||||||
|
detached = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!degenerate && !detached && ret != 0)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
length = 0; /* no content to read */
|
length = 0; /* no content to read */
|
||||||
pkiMsg2 = pkiMsg;
|
pkiMsg2 = pkiMsg;
|
||||||
pkiMsg2Sz = pkiMsgSz;
|
pkiMsg2Sz = pkiMsgSz;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
/* save detached flag value */
|
||||||
|
pkcs7->stream->detached = detached;
|
||||||
|
|
||||||
/* save contentType */
|
/* save contentType */
|
||||||
pkcs7->stream->nonce = (byte*)XMALLOC(contentTypeSz, pkcs7->heap,
|
pkcs7->stream->nonce = (byte*)XMALLOC(contentTypeSz, pkcs7->heap,
|
||||||
DYNAMIC_TYPE_PKCS7);
|
DYNAMIC_TYPE_PKCS7);
|
||||||
@@ -3608,11 +3663,12 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
|
|||||||
localIdx = 0;
|
localIdx = 0;
|
||||||
}
|
}
|
||||||
multiPart = pkcs7->stream->multi;
|
multiPart = pkcs7->stream->multi;
|
||||||
|
detached = pkcs7->stream->detached;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Break out before content because it can be optional in degenerate
|
/* Break out before content because it can be optional in degenerate
|
||||||
* cases. */
|
* cases. */
|
||||||
if (ret != 0)
|
if (ret != 0 && !detached)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
/* get parts of content */
|
/* get parts of content */
|
||||||
@@ -3701,7 +3757,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
|
|||||||
/* If getting the content info failed with non degenerate then return the
|
/* If getting the content info failed with non degenerate then return the
|
||||||
* error case. Otherwise with a degenerate it is ok if the content
|
* error case. Otherwise with a degenerate it is ok if the content
|
||||||
* info was omitted */
|
* info was omitted */
|
||||||
if (!degenerate && ret != 0) {
|
if (!degenerate && !detached && ret != 0) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
@@ -3723,6 +3779,12 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
|
|||||||
}
|
}
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
/* save content */
|
/* save content */
|
||||||
|
if (detached == 1) {
|
||||||
|
/* if detached, use content from user in pkcs7 struct */
|
||||||
|
content = pkcs7->content;
|
||||||
|
contentSz = pkcs7->contentSz;
|
||||||
|
}
|
||||||
|
|
||||||
if (content != NULL) {
|
if (content != NULL) {
|
||||||
XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||||
pkcs7->stream->content = (byte*)XMALLOC(contentSz, pkcs7->heap,
|
pkcs7->stream->content = (byte*)XMALLOC(contentSz, pkcs7->heap,
|
||||||
@@ -3771,6 +3833,9 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
|
|||||||
content = pkcs7->stream->content;
|
content = pkcs7->stream->content;
|
||||||
contentSz = pkcs7->stream->contentSz;
|
contentSz = pkcs7->stream->contentSz;
|
||||||
|
|
||||||
|
/* restore detached flag */
|
||||||
|
detached = pkcs7->stream->detached;
|
||||||
|
|
||||||
/* store certificate if needed */
|
/* store certificate if needed */
|
||||||
if (length > 0 && in2Sz == 0) {
|
if (length > 0 && in2Sz == 0) {
|
||||||
/* free tmpCert if not NULL */
|
/* free tmpCert if not NULL */
|
||||||
@@ -3867,9 +3932,32 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
|
|||||||
idx += length;
|
idx += length;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!detached) {
|
||||||
/* set content and size after init of PKCS7 structure */
|
/* set content and size after init of PKCS7 structure */
|
||||||
pkcs7->content = content;
|
pkcs7->content = content;
|
||||||
pkcs7->contentSz = contentSz;
|
pkcs7->contentSz = contentSz;
|
||||||
|
}
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
else {
|
||||||
|
/* save content if detached and using streaming API */
|
||||||
|
if (pkcs7->content != NULL) {
|
||||||
|
XFREE(pkcs7->stream->content, pkcs7->heap,
|
||||||
|
DYNAMIC_TYPE_PKCS7);
|
||||||
|
pkcs7->stream->content = (byte*)XMALLOC(pkcs7->contentSz,
|
||||||
|
pkcs7->heap,
|
||||||
|
DYNAMIC_TYPE_PKCS7);
|
||||||
|
if (pkcs7->stream->content == NULL) {
|
||||||
|
ret = MEMORY_E;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
XMEMCPY(pkcs7->stream->content, pkcs7->content,
|
||||||
|
contentSz);
|
||||||
|
pkcs7->stream->contentSz = pkcs7->contentSz;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
break;
|
break;
|
||||||
@@ -8881,7 +8969,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
|
|||||||
byte* pkiMsg = in;
|
byte* pkiMsg = in;
|
||||||
word32 pkiMsgSz = inSz;
|
word32 pkiMsgSz = inSz;
|
||||||
byte* decryptedKey = NULL;
|
byte* decryptedKey = NULL;
|
||||||
int encryptedContentSz;
|
int encryptedContentSz = 0;
|
||||||
byte padLen;
|
byte padLen;
|
||||||
byte* encryptedContent = NULL;
|
byte* encryptedContent = NULL;
|
||||||
int explicitOctet;
|
int explicitOctet;
|
||||||
@@ -9720,7 +9808,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
|
|||||||
#else
|
#else
|
||||||
byte decryptedKey[MAX_ENCRYPTED_KEY_SZ];
|
byte decryptedKey[MAX_ENCRYPTED_KEY_SZ];
|
||||||
#endif
|
#endif
|
||||||
int encryptedContentSz;
|
int encryptedContentSz = 0;
|
||||||
byte* encryptedContent = NULL;
|
byte* encryptedContent = NULL;
|
||||||
int explicitOctet = 0;
|
int explicitOctet = 0;
|
||||||
|
|
||||||
@@ -10565,7 +10653,7 @@ static int wc_PKCS7_DecodeUnprotectedAttributes(PKCS7* pkcs7, byte* pkiMsg,
|
|||||||
int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
|
int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
|
||||||
byte* output, word32 outputSz)
|
byte* output, word32 outputSz)
|
||||||
{
|
{
|
||||||
int ret = 0, version, length, haveAttribs = 0;
|
int ret = 0, version, length = 0, haveAttribs = 0;
|
||||||
word32 idx = 0;
|
word32 idx = 0;
|
||||||
|
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
|||||||
@@ -20595,6 +20595,7 @@ typedef struct {
|
|||||||
word32 encryptKeySz; /* for single-shot, encryptedData */
|
word32 encryptKeySz; /* for single-shot, encryptedData */
|
||||||
PKCS7Attrib* unprotectedAttribs; /* for single-shot, encryptedData */
|
PKCS7Attrib* unprotectedAttribs; /* for single-shot, encryptedData */
|
||||||
word32 unprotectedAttribsSz; /* for single-shot, encryptedData */
|
word32 unprotectedAttribsSz; /* for single-shot, encryptedData */
|
||||||
|
word16 detachedSignature; /* generate detached signature (0:1) */
|
||||||
} pkcs7SignedVector;
|
} pkcs7SignedVector;
|
||||||
|
|
||||||
|
|
||||||
@@ -20663,14 +20664,15 @@ static int pkcs7signed_run_vectors(
|
|||||||
{data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf,
|
{data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf,
|
||||||
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedData_RSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0},
|
"pkcs7signedData_RSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0, NULL,
|
||||||
|
0, 0},
|
||||||
|
|
||||||
/* RSA with SHA, no signed attributes */
|
/* RSA with SHA, no signed attributes */
|
||||||
{data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf,
|
{data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf,
|
||||||
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz,
|
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz,
|
||||||
NULL, 0, NULL, 0,
|
NULL, 0, NULL, 0,
|
||||||
"pkcs7signedData_RSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
|
"pkcs7signedData_RSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
|
||||||
NULL, 0},
|
NULL, 0, 0},
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_SHA224
|
#ifdef WOLFSSL_SHA224
|
||||||
/* RSA with SHA224 */
|
/* RSA with SHA224 */
|
||||||
@@ -20678,7 +20680,7 @@ static int pkcs7signed_run_vectors(
|
|||||||
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedData_RSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
|
"pkcs7signedData_RSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
|
||||||
NULL, 0},
|
NULL, 0, 0},
|
||||||
#endif
|
#endif
|
||||||
#ifndef NO_SHA256
|
#ifndef NO_SHA256
|
||||||
/* RSA with SHA256 */
|
/* RSA with SHA256 */
|
||||||
@@ -20686,14 +20688,21 @@ static int pkcs7signed_run_vectors(
|
|||||||
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
|
"pkcs7signedData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
|
||||||
NULL, 0},
|
NULL, 0, 0},
|
||||||
|
|
||||||
|
/* RSA with SHA256, detached signature */
|
||||||
|
{data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
|
||||||
|
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
||||||
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
|
"pkcs7signedData_RSA_SHA256_detachedSig.der", 0, NULL, 0, 0, 0, 0,
|
||||||
|
NULL, 0, NULL, 0, 1},
|
||||||
|
|
||||||
/* RSA with SHA256 and SubjectKeyIdentifier in SignerIdentifier */
|
/* RSA with SHA256 and SubjectKeyIdentifier in SignerIdentifier */
|
||||||
{data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
|
{data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
|
||||||
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedData_RSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0,
|
"pkcs7signedData_RSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0,
|
||||||
NULL, 0, NULL, 0},
|
NULL, 0, NULL, 0, 0},
|
||||||
|
|
||||||
/* RSA with SHA256 and custom contentType */
|
/* RSA with SHA256 and custom contentType */
|
||||||
{data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
|
{data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
|
||||||
@@ -20701,14 +20710,14 @@ static int pkcs7signed_run_vectors(
|
|||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedData_RSA_SHA256_custom_contentType.der", 0,
|
"pkcs7signedData_RSA_SHA256_custom_contentType.der", 0,
|
||||||
customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0,
|
customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0,
|
||||||
NULL, 0},
|
NULL, 0, 0},
|
||||||
|
|
||||||
/* RSA with SHA256 and FirmwarePkgData contentType */
|
/* RSA with SHA256 and FirmwarePkgData contentType */
|
||||||
{data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
|
{data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
|
||||||
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedData_RSA_SHA256_firmwarePkgData.der",
|
"pkcs7signedData_RSA_SHA256_firmwarePkgData.der",
|
||||||
FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0},
|
FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0},
|
||||||
|
|
||||||
/* RSA with SHA256 using server cert and ca cert */
|
/* RSA with SHA256 using server cert and ca cert */
|
||||||
{data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf,
|
{data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf,
|
||||||
@@ -20716,7 +20725,7 @@ static int pkcs7signed_run_vectors(
|
|||||||
rsaCaCertBuf, rsaCaCertBufSz,
|
rsaCaCertBuf, rsaCaCertBufSz,
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedData_RSA_SHA256_with_ca_cert.der", 0, NULL, 0, 0, 0, 0,
|
"pkcs7signedData_RSA_SHA256_with_ca_cert.der", 0, NULL, 0, 0, 0, 0,
|
||||||
NULL, 0, NULL, 0},
|
NULL, 0, NULL, 0, 0},
|
||||||
#endif
|
#endif
|
||||||
#if defined(WOLFSSL_SHA384)
|
#if defined(WOLFSSL_SHA384)
|
||||||
/* RSA with SHA384 */
|
/* RSA with SHA384 */
|
||||||
@@ -20724,7 +20733,7 @@ static int pkcs7signed_run_vectors(
|
|||||||
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedData_RSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
|
"pkcs7signedData_RSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
|
||||||
NULL, 0},
|
NULL, 0, 0},
|
||||||
#endif
|
#endif
|
||||||
#if defined(WOLFSSL_SHA512)
|
#if defined(WOLFSSL_SHA512)
|
||||||
/* RSA with SHA512 */
|
/* RSA with SHA512 */
|
||||||
@@ -20732,7 +20741,7 @@ static int pkcs7signed_run_vectors(
|
|||||||
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedData_RSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
|
"pkcs7signedData_RSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
|
||||||
NULL, 0},
|
NULL, 0, 0},
|
||||||
#endif
|
#endif
|
||||||
#endif /* NO_RSA */
|
#endif /* NO_RSA */
|
||||||
|
|
||||||
@@ -20743,14 +20752,14 @@ static int pkcs7signed_run_vectors(
|
|||||||
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedData_ECDSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
|
"pkcs7signedData_ECDSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
|
||||||
NULL, 0},
|
NULL, 0, 0},
|
||||||
|
|
||||||
/* ECDSA with SHA, no signed attributes */
|
/* ECDSA with SHA, no signed attributes */
|
||||||
{data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf,
|
{data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf,
|
||||||
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz,
|
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz,
|
||||||
NULL, 0, NULL, 0,
|
NULL, 0, NULL, 0,
|
||||||
"pkcs7signedData_ECDSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
|
"pkcs7signedData_ECDSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
|
||||||
NULL, 0},
|
NULL, 0, 0},
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_SHA224
|
#ifdef WOLFSSL_SHA224
|
||||||
/* ECDSA with SHA224 */
|
/* ECDSA with SHA224 */
|
||||||
@@ -20758,7 +20767,7 @@ static int pkcs7signed_run_vectors(
|
|||||||
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedData_ECDSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
|
"pkcs7signedData_ECDSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
|
||||||
NULL, 0},
|
NULL, 0, 0},
|
||||||
#endif
|
#endif
|
||||||
#ifndef NO_SHA256
|
#ifndef NO_SHA256
|
||||||
/* ECDSA with SHA256 */
|
/* ECDSA with SHA256 */
|
||||||
@@ -20766,14 +20775,14 @@ static int pkcs7signed_run_vectors(
|
|||||||
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedData_ECDSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
|
"pkcs7signedData_ECDSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
|
||||||
NULL, 0},
|
NULL, 0, 0},
|
||||||
|
|
||||||
/* ECDSA with SHA256 and SubjectKeyIdentifier in SigherIdentifier */
|
/* ECDSA with SHA256 and SubjectKeyIdentifier in SigherIdentifier */
|
||||||
{data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
|
{data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
|
||||||
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedData_ECDSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0,
|
"pkcs7signedData_ECDSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0,
|
||||||
NULL, 0, NULL, 0},
|
NULL, 0, NULL, 0, 0},
|
||||||
|
|
||||||
/* ECDSA with SHA256 and custom contentType */
|
/* ECDSA with SHA256 and custom contentType */
|
||||||
{data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
|
{data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
|
||||||
@@ -20781,14 +20790,14 @@ static int pkcs7signed_run_vectors(
|
|||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedData_ECDSA_SHA256_custom_contentType.der", 0,
|
"pkcs7signedData_ECDSA_SHA256_custom_contentType.der", 0,
|
||||||
customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0,
|
customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0,
|
||||||
NULL, 0},
|
NULL, 0, 0},
|
||||||
|
|
||||||
/* ECDSA with SHA256 and FirmwarePkgData contentType */
|
/* ECDSA with SHA256 and FirmwarePkgData contentType */
|
||||||
{data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
|
{data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
|
||||||
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedData_ECDSA_SHA256_firmwarePkgData.der",
|
"pkcs7signedData_ECDSA_SHA256_firmwarePkgData.der",
|
||||||
FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0},
|
FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0},
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_SHA384
|
#ifdef WOLFSSL_SHA384
|
||||||
/* ECDSA with SHA384 */
|
/* ECDSA with SHA384 */
|
||||||
@@ -20796,7 +20805,7 @@ static int pkcs7signed_run_vectors(
|
|||||||
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedData_ECDSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
|
"pkcs7signedData_ECDSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
|
||||||
NULL, 0},
|
NULL, 0, 0},
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_SHA512
|
#ifdef WOLFSSL_SHA512
|
||||||
/* ECDSA with SHA512 */
|
/* ECDSA with SHA512 */
|
||||||
@@ -20804,7 +20813,7 @@ static int pkcs7signed_run_vectors(
|
|||||||
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedData_ECDSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
|
"pkcs7signedData_ECDSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
|
||||||
NULL, 0},
|
NULL, 0, 0},
|
||||||
#endif
|
#endif
|
||||||
#endif /* HAVE_ECC */
|
#endif /* HAVE_ECC */
|
||||||
};
|
};
|
||||||
@@ -20835,12 +20844,10 @@ static int pkcs7signed_run_vectors(
|
|||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < testSz; i++) {
|
for (i = 0; i < testSz; i++) {
|
||||||
pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID);
|
pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
|
||||||
if (pkcs7 == NULL)
|
if (pkcs7 == NULL)
|
||||||
return -9513;
|
return -9513;
|
||||||
|
|
||||||
pkcs7->heap = HEAP_HINT;
|
|
||||||
pkcs7->devId = INVALID_DEVID;
|
|
||||||
ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
|
ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
|
||||||
(word32)testVectors[i].certSz);
|
(word32)testVectors[i].certSz);
|
||||||
|
|
||||||
@@ -20949,11 +20956,21 @@ static int pkcs7signed_run_vectors(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* enable detached signature generation, if set */
|
||||||
|
if (testVectors[i].detachedSignature == 1) {
|
||||||
|
ret = wc_PKCS7_SetDetached(pkcs7, 1);
|
||||||
|
if (ret != 0) {
|
||||||
|
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
return -9521;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
encodedSz = wc_PKCS7_EncodeSignedData(pkcs7, out, outSz);
|
encodedSz = wc_PKCS7_EncodeSignedData(pkcs7, out, outSz);
|
||||||
if (encodedSz < 0) {
|
if (encodedSz < 0) {
|
||||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
wc_PKCS7_Free(pkcs7);
|
wc_PKCS7_Free(pkcs7);
|
||||||
return -9521;
|
return -9522;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
|
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
|
||||||
@@ -20962,45 +20979,51 @@ static int pkcs7signed_run_vectors(
|
|||||||
if (!file) {
|
if (!file) {
|
||||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
wc_PKCS7_Free(pkcs7);
|
wc_PKCS7_Free(pkcs7);
|
||||||
return -9522;
|
return -9523;
|
||||||
}
|
}
|
||||||
ret = (int)fwrite(out, 1, encodedSz, file);
|
ret = (int)fwrite(out, 1, encodedSz, file);
|
||||||
fclose(file);
|
fclose(file);
|
||||||
if (ret != (int)encodedSz) {
|
if (ret != (int)encodedSz) {
|
||||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
wc_PKCS7_Free(pkcs7);
|
wc_PKCS7_Free(pkcs7);
|
||||||
return -9526;
|
return -9524;
|
||||||
}
|
}
|
||||||
#endif /* PKCS7_OUTPUT_TEST_BUNDLES */
|
#endif /* PKCS7_OUTPUT_TEST_BUNDLES */
|
||||||
|
|
||||||
wc_PKCS7_Free(pkcs7);
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
|
||||||
pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID);
|
pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
|
||||||
if (pkcs7 == NULL)
|
if (pkcs7 == NULL)
|
||||||
return -9527;
|
return -9525;
|
||||||
wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
|
wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
|
||||||
|
|
||||||
|
if (testVectors[i].detachedSignature == 1) {
|
||||||
|
/* set content for verifying detached signatures */
|
||||||
|
pkcs7->content = (byte*)testVectors[i].content;
|
||||||
|
pkcs7->contentSz = testVectors[i].contentSz;
|
||||||
|
}
|
||||||
|
|
||||||
ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
|
ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
wc_PKCS7_Free(pkcs7);
|
wc_PKCS7_Free(pkcs7);
|
||||||
return -9528;
|
return -9526;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* verify contentType extracted successfully for custom content types */
|
/* verify contentType extracted successfully for custom content types */
|
||||||
if (testVectors[i].contentTypeSz > 0) {
|
if (testVectors[i].contentTypeSz > 0) {
|
||||||
if (pkcs7->contentTypeSz != testVectors[i].contentTypeSz) {
|
if (pkcs7->contentTypeSz != testVectors[i].contentTypeSz) {
|
||||||
return -9529;
|
return -9527;
|
||||||
} else if (XMEMCMP(pkcs7->contentType, testVectors[i].contentType,
|
} else if (XMEMCMP(pkcs7->contentType, testVectors[i].contentType,
|
||||||
pkcs7->contentTypeSz) != 0) {
|
pkcs7->contentTypeSz) != 0) {
|
||||||
return -9530;
|
return -9528;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) {
|
if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) {
|
||||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
wc_PKCS7_Free(pkcs7);
|
wc_PKCS7_Free(pkcs7);
|
||||||
return -9531;
|
return -9529;
|
||||||
}
|
}
|
||||||
|
|
||||||
{
|
{
|
||||||
@@ -21019,13 +21042,13 @@ static int pkcs7signed_run_vectors(
|
|||||||
NULL, (word32*)&bufSz) != LENGTH_ONLY_E) {
|
NULL, (word32*)&bufSz) != LENGTH_ONLY_E) {
|
||||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
wc_PKCS7_Free(pkcs7);
|
wc_PKCS7_Free(pkcs7);
|
||||||
return -9532;
|
return -9530;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (bufSz > (int)sizeof(buf)) {
|
if (bufSz > (int)sizeof(buf)) {
|
||||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
wc_PKCS7_Free(pkcs7);
|
wc_PKCS7_Free(pkcs7);
|
||||||
return -9533;
|
return -9531;
|
||||||
}
|
}
|
||||||
|
|
||||||
bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
|
bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
|
||||||
@@ -21034,7 +21057,7 @@ static int pkcs7signed_run_vectors(
|
|||||||
(testVectors[i].signedAttribs == NULL && bufSz > 0)) {
|
(testVectors[i].signedAttribs == NULL && bufSz > 0)) {
|
||||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
wc_PKCS7_Free(pkcs7);
|
wc_PKCS7_Free(pkcs7);
|
||||||
return -9534;
|
return -9532;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -21043,7 +21066,7 @@ static int pkcs7signed_run_vectors(
|
|||||||
if (!file) {
|
if (!file) {
|
||||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
wc_PKCS7_Free(pkcs7);
|
wc_PKCS7_Free(pkcs7);
|
||||||
return -9535;
|
return -9533;
|
||||||
}
|
}
|
||||||
ret = (int)fwrite(pkcs7->singleCert, 1, pkcs7->singleCertSz, file);
|
ret = (int)fwrite(pkcs7->singleCert, 1, pkcs7->singleCertSz, file);
|
||||||
fclose(file);
|
fclose(file);
|
||||||
@@ -21133,21 +21156,21 @@ static int pkcs7signed_run_SingleShotVectors(
|
|||||||
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
||||||
NULL, 0,
|
NULL, 0,
|
||||||
"pkcs7signedFirmwarePkgData_RSA_SHA256_noattr.der", 0, NULL, 0, 0,
|
"pkcs7signedFirmwarePkgData_RSA_SHA256_noattr.der", 0, NULL, 0, 0,
|
||||||
0, 0, NULL, 0, NULL, 0},
|
0, 0, NULL, 0, NULL, 0, 0},
|
||||||
|
|
||||||
/* Signed FirmwarePkgData, RSA, SHA256, attrs */
|
/* Signed FirmwarePkgData, RSA, SHA256, attrs */
|
||||||
{data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
|
{data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
|
||||||
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedFirmwarePkgData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0,
|
"pkcs7signedFirmwarePkgData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0,
|
||||||
NULL, 0, NULL, 0},
|
NULL, 0, NULL, 0, 0},
|
||||||
|
|
||||||
/* Signed FirmwarePkgData, RSA, SHA256, SubjectKeyIdentifier, attrs */
|
/* Signed FirmwarePkgData, RSA, SHA256, SubjectKeyIdentifier, attrs */
|
||||||
{data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
|
{data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
|
||||||
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedFirmwarePkgData_RSA_SHA256_SKID.der", 0, NULL,
|
"pkcs7signedFirmwarePkgData_RSA_SHA256_SKID.der", 0, NULL,
|
||||||
0, CMS_SKID, 0, 0, NULL, 0, NULL, 0},
|
0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0},
|
||||||
|
|
||||||
/* Signed FirmwraePkgData, RSA, SHA256, server cert and ca cert, attr */
|
/* Signed FirmwraePkgData, RSA, SHA256, server cert and ca cert, attr */
|
||||||
{data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf,
|
{data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf,
|
||||||
@@ -21155,7 +21178,7 @@ static int pkcs7signed_run_SingleShotVectors(
|
|||||||
rsaCaCertBuf, rsaCaCertBufSz,
|
rsaCaCertBuf, rsaCaCertBufSz,
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedFirmwarePkgData_RSA_SHA256_with_ca_cert.der", 0, NULL,
|
"pkcs7signedFirmwarePkgData_RSA_SHA256_with_ca_cert.der", 0, NULL,
|
||||||
0, 0, 0, 0, NULL, 0, NULL, 0},
|
0, 0, 0, 0, NULL, 0, NULL, 0, 0},
|
||||||
|
|
||||||
#if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA)
|
#if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA)
|
||||||
/* Signed Encrypted FirmwarePkgData, RSA, SHA256, no attribs */
|
/* Signed Encrypted FirmwarePkgData, RSA, SHA256, no attribs */
|
||||||
@@ -21163,7 +21186,7 @@ static int pkcs7signed_run_SingleShotVectors(
|
|||||||
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
||||||
NULL, 0,
|
NULL, 0,
|
||||||
"pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256_noattr.der", 0,
|
"pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256_noattr.der", 0,
|
||||||
NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0},
|
NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0},
|
||||||
|
|
||||||
/* Signed Encrypted FirmwarePkgData, RSA, SHA256, attribs */
|
/* Signed Encrypted FirmwarePkgData, RSA, SHA256, attribs */
|
||||||
{data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
|
{data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
|
||||||
@@ -21171,7 +21194,7 @@ static int pkcs7signed_run_SingleShotVectors(
|
|||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256.der", 0,
|
"pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256.der", 0,
|
||||||
NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key),
|
NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key),
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib))},
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0},
|
||||||
#endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */
|
#endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */
|
||||||
|
|
||||||
#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
|
#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
|
||||||
@@ -21180,14 +21203,14 @@ static int pkcs7signed_run_SingleShotVectors(
|
|||||||
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
||||||
NULL, 0,
|
NULL, 0,
|
||||||
"pkcs7signedCompressedFirmwarePkgData_RSA_SHA256_noattr.der", 0,
|
"pkcs7signedCompressedFirmwarePkgData_RSA_SHA256_noattr.der", 0,
|
||||||
NULL, 0, 0, 0, 2, NULL, 0, NULL, 0},
|
NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0},
|
||||||
|
|
||||||
/* Signed Compressed FirmwarePkgData, RSA, SHA256, attribs */
|
/* Signed Compressed FirmwarePkgData, RSA, SHA256, attribs */
|
||||||
{data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
|
{data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
|
||||||
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedCompressedFirmwarePkgData_RSA_SHA256.der", 0,
|
"pkcs7signedCompressedFirmwarePkgData_RSA_SHA256.der", 0,
|
||||||
NULL, 0, 0, 0, 2, NULL, 0, NULL, 0},
|
NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0},
|
||||||
|
|
||||||
#ifndef NO_PKCS7_ENCRYPTED_DATA
|
#ifndef NO_PKCS7_ENCRYPTED_DATA
|
||||||
/* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256,
|
/* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256,
|
||||||
@@ -21196,7 +21219,8 @@ static int pkcs7signed_run_SingleShotVectors(
|
|||||||
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
|
||||||
NULL, 0,
|
NULL, 0,
|
||||||
"pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256_noattr.der",
|
"pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256_noattr.der",
|
||||||
0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL, 0},
|
0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL,
|
||||||
|
0, 0},
|
||||||
|
|
||||||
/* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256,
|
/* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256,
|
||||||
attribs */
|
attribs */
|
||||||
@@ -21205,7 +21229,7 @@ static int pkcs7signed_run_SingleShotVectors(
|
|||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256.der",
|
"pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256.der",
|
||||||
0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key),
|
0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key),
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib))},
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0},
|
||||||
#endif /* !NO_PKCS7_ENCRYPTED_DATA */
|
#endif /* !NO_PKCS7_ENCRYPTED_DATA */
|
||||||
|
|
||||||
#endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
|
#endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
|
||||||
@@ -21220,21 +21244,21 @@ static int pkcs7signed_run_SingleShotVectors(
|
|||||||
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
||||||
NULL, 0,
|
NULL, 0,
|
||||||
"pkcs7signedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
|
"pkcs7signedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
|
||||||
0, 0, 0, 0, NULL, 0, NULL, 0},
|
0, 0, 0, 0, NULL, 0, NULL, 0, 0},
|
||||||
|
|
||||||
/* Signed FirmwarePkgData, ECDSA, SHA256, attribs */
|
/* Signed FirmwarePkgData, ECDSA, SHA256, attribs */
|
||||||
{data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
|
{data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
|
||||||
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
|
"pkcs7signedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
|
||||||
0, 0, 0, 0, NULL, 0, NULL, 0},
|
0, 0, 0, 0, NULL, 0, NULL, 0, 0},
|
||||||
|
|
||||||
/* Signed FirmwarePkgData, ECDSA, SHA256, SubjectKeyIdentifier, attr */
|
/* Signed FirmwarePkgData, ECDSA, SHA256, SubjectKeyIdentifier, attr */
|
||||||
{data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
|
{data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
|
||||||
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedFirmwarePkgData_ECDSA_SHA256_SKID.der", 0, NULL,
|
"pkcs7signedFirmwarePkgData_ECDSA_SHA256_SKID.der", 0, NULL,
|
||||||
0, CMS_SKID, 0, 0, NULL, 0, NULL, 0},
|
0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0},
|
||||||
|
|
||||||
#if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA)
|
#if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA)
|
||||||
/* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, no attribs */
|
/* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, no attribs */
|
||||||
@@ -21242,7 +21266,7 @@ static int pkcs7signed_run_SingleShotVectors(
|
|||||||
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
||||||
NULL, 0,
|
NULL, 0,
|
||||||
"pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
|
"pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
|
||||||
0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0},
|
0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0},
|
||||||
|
|
||||||
/* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, attribs */
|
/* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, attribs */
|
||||||
{data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
|
{data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
|
||||||
@@ -21250,7 +21274,7 @@ static int pkcs7signed_run_SingleShotVectors(
|
|||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
|
"pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
|
||||||
0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key),
|
0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key),
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib))},
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0},
|
||||||
#endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */
|
#endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */
|
||||||
|
|
||||||
#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
|
#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
|
||||||
@@ -21259,14 +21283,14 @@ static int pkcs7signed_run_SingleShotVectors(
|
|||||||
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
||||||
NULL, 0,
|
NULL, 0,
|
||||||
"pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
|
"pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
|
||||||
0, 0, 0, 2, NULL, 0, NULL, 0},
|
0, 0, 0, 2, NULL, 0, NULL, 0, 0},
|
||||||
|
|
||||||
/* Signed Compressed FirmwarePkgData, ECDSA, SHA256, attrib */
|
/* Signed Compressed FirmwarePkgData, ECDSA, SHA256, attrib */
|
||||||
{data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
|
{data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
|
||||||
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
|
"pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
|
||||||
0, 0, 0, 2, NULL, 0, NULL, 0},
|
0, 0, 0, 2, NULL, 0, NULL, 0, 0},
|
||||||
|
|
||||||
#ifndef NO_PKCS7_ENCRYPTED_DATA
|
#ifndef NO_PKCS7_ENCRYPTED_DATA
|
||||||
/* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256,
|
/* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256,
|
||||||
@@ -21275,7 +21299,8 @@ static int pkcs7signed_run_SingleShotVectors(
|
|||||||
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
|
||||||
NULL, 0,
|
NULL, 0,
|
||||||
"pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der",
|
"pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der",
|
||||||
0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL, 0},
|
0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL,
|
||||||
|
0, 0},
|
||||||
|
|
||||||
/* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256,
|
/* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256,
|
||||||
attribs */
|
attribs */
|
||||||
@@ -21284,7 +21309,7 @@ static int pkcs7signed_run_SingleShotVectors(
|
|||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
|
||||||
"pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256.der",
|
"pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256.der",
|
||||||
0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key),
|
0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key),
|
||||||
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib))},
|
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0},
|
||||||
#endif /* !NO_PKCS7_ENCRYPTED_DATA */
|
#endif /* !NO_PKCS7_ENCRYPTED_DATA */
|
||||||
|
|
||||||
#endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
|
#endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
|
||||||
@@ -21319,12 +21344,10 @@ static int pkcs7signed_run_SingleShotVectors(
|
|||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < testSz; i++) {
|
for (i = 0; i < testSz; i++) {
|
||||||
pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID);
|
pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
|
||||||
if (pkcs7 == NULL)
|
if (pkcs7 == NULL)
|
||||||
return -9553;
|
return -9553;
|
||||||
|
|
||||||
pkcs7->heap = HEAP_HINT;
|
|
||||||
pkcs7->devId = INVALID_DEVID;
|
|
||||||
ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
|
ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
|
||||||
(word32)testVectors[i].certSz);
|
(word32)testVectors[i].certSz);
|
||||||
|
|
||||||
@@ -21460,7 +21483,7 @@ static int pkcs7signed_run_SingleShotVectors(
|
|||||||
|
|
||||||
wc_PKCS7_Free(pkcs7);
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
|
||||||
pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID);
|
pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
|
||||||
if (pkcs7 == NULL)
|
if (pkcs7 == NULL)
|
||||||
return -9564;
|
return -9564;
|
||||||
wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
|
wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
|
||||||
@@ -21757,7 +21780,7 @@ int pkcs7signed_test(void)
|
|||||||
XFREE(rsaClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(rsaClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
XFREE(eccClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(eccClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
XFREE(eccClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(eccClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
return -9509;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = pkcs7signed_run_SingleShotVectors(
|
ret = pkcs7signed_run_SingleShotVectors(
|
||||||
|
|||||||
@@ -251,6 +251,7 @@ struct PKCS7 {
|
|||||||
/* flags - up to 16-bits */
|
/* flags - up to 16-bits */
|
||||||
word16 isDynamic:1;
|
word16 isDynamic:1;
|
||||||
word16 noDegenerate:1; /* allow degenerate case in verify function */
|
word16 noDegenerate:1; /* allow degenerate case in verify function */
|
||||||
|
word16 detached:1; /* generate detached SignedData signature bundles */
|
||||||
|
|
||||||
byte contentType[MAX_OID_SZ]; /* custom contentType byte array */
|
byte contentType[MAX_OID_SZ]; /* custom contentType byte array */
|
||||||
word32 contentTypeSz; /* size of contentType, bytes */
|
word32 contentTypeSz; /* size of contentType, bytes */
|
||||||
@@ -307,6 +308,7 @@ WOLFSSL_API int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output,
|
|||||||
word32 outputSz);
|
word32 outputSz);
|
||||||
|
|
||||||
/* CMS/PKCS#7 SignedData */
|
/* CMS/PKCS#7 SignedData */
|
||||||
|
WOLFSSL_API int wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag);
|
||||||
WOLFSSL_API int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
|
WOLFSSL_API int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
|
||||||
byte* output, word32 outputSz);
|
byte* output, word32 outputSz);
|
||||||
WOLFSSL_API int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
|
WOLFSSL_API int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
|
||||||
|
|||||||
Reference in New Issue
Block a user