Commit Graph

6 Commits

Author SHA1 Message Date
Sameeh Jubran 441bcbb680 Add RSA-PSS certificate support for PKCS7 EnvelopedData KTRI
RSA-PSS signed certificates contain a valid RSA public key that can be
used for key transport, but wc_PKCS7_AddRecipient_KTRI and the
EnvelopedData/AuthEnvelopedData encode paths rejected them because they
only checked for RSAk. Allow RSAPSSk to fall through to the RSAk key
transport path, and always use RSAk as the KeyEncryptionAlgorithmIdentifier
since the operation is RSA encryption, not RSA-PSS signing.

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-03-04 12:24:08 +02:00
Sameeh Jubran deb668ca4b pkcs7: add RSA-PSS support for SignedData
Add full RSA-PSS (RSASSA-PSS) support to PKCS#7 SignedData
encoding and verification.

This change enables SignerInfo.signatureAlgorithm to use
id-RSASSA-PSS with explicit RSASSA-PSS-params (hash, MGF1,
salt length), as required by RFC 4055 and CMS profiles.

Key changes:
- Add RSA-PSS encode and verify paths for PKCS7 SignedData
- Encode full RSASSA-PSS AlgorithmIdentifier parameters
- Decode RSA-PSS parameters from SignerInfo for verification
- Treat RSA-PSS like ECDSA (sign raw digest, not DigestInfo)
- Fix certificate signatureAlgorithm parameter length handling
- Add API test coverage for RSA-PSS SignedData

This resolves failures when using RSA-PSS signer certificates
(e.g. -173 invalid signature algorithm) and maintains backward
compatibility with RSA PKCS#1 v1.5 and ECDSA.

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-02-25 11:02:47 +02:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
Chris Conlon 5eef52c6fa Add test for PKCS#7 SignedData with non-OCTET_STRING content 2025-12-18 15:02:02 -07:00
JacobBarthelmeh 328f505702 add pkcs7 test with multiple recipients 2025-10-03 13:51:15 -06:00
Sean Parkinson b40e3d479f api.c: split out more tests into separate files
wolfCrypt PKCS7
wolfCrypt PKCS12
OpenSSL compat ASN.1
OpenSSL compat BN
OpenSSL comppat BIO
OpenSSL comppat Digest
OpenSSL comppat MAC
OpenSSL comppat Cipher
OpenSSL comppat RSA
OpenSSL comppat DH
OpenSSL comppat EC
OpenSSL comppat ECX
OpenSSL comppat DSA
2025-08-05 19:32:56 +10:00