Commit Graph

23 Commits

Author SHA1 Message Date
Sameeh Jubran deb668ca4b pkcs7: add RSA-PSS support for SignedData
Add full RSA-PSS (RSASSA-PSS) support to PKCS#7 SignedData
encoding and verification.

This change enables SignerInfo.signatureAlgorithm to use
id-RSASSA-PSS with explicit RSASSA-PSS-params (hash, MGF1,
salt length), as required by RFC 4055 and CMS profiles.

Key changes:
- Add RSA-PSS encode and verify paths for PKCS7 SignedData
- Encode full RSASSA-PSS AlgorithmIdentifier parameters
- Decode RSA-PSS parameters from SignerInfo for verification
- Treat RSA-PSS like ECDSA (sign raw digest, not DigestInfo)
- Fix certificate signatureAlgorithm parameter length handling
- Add API test coverage for RSA-PSS SignedData

This resolves failures when using RSA-PSS signer certificates
(e.g. -173 invalid signature algorithm) and maintains backward
compatibility with RSA PKCS#1 v1.5 and ECDSA.

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-02-25 11:02:47 +02:00
David Garske 77d9410aa0 Add missing API documentation for Doxygen:
This PR adds Doxygen documentation for native wolfSSL API functions that were previously undocumented. It includes documentation notes for APIs gated on specific preprocessor macros:

- WOLF_PRIVATE_KEY_ID: _Id and _Label init helpers (wc_AesInit_Id, wc_AesInit_Label, wc_ecc_init_id, wc_ecc_init_label, wc_InitRsaKey_Id, wc_InitRsaKey_Label) require this for PKCS11 support

- WC_NO_CONSTRUCTORS: New/Delete constructor functions (wc_AesNew/Delete, wc_curve25519_new/delete, wc_ed25519_new/delete, wc_NewRsaKey/DeleteRsaKey) are only available when this is not defined. WC_NO_CONSTRUCTORS is automatically defined when WOLFSSL_NO_MALLOC is defined.

- WOLFSSL_PUBLIC_ASN: ASN functions marked with WOLFSSL_ASN_API include  notes indicating they are not public by default

- WOLFSSL_DUAL_ALG_CERTS: wc_GeneratePreTBS and wc_MakeSigWithBitStr for Post-Quantum dual algorithm certificate signing

The New/Delete functions are documented as being exposed to support allocation of structures using dynamic memory to provide better ABI compatibility.
2025-12-26 08:41:56 -08:00
Andrew Hutchings 026fa2dd4e Fix issues with the API documentation 2025-11-21 17:43:55 +00:00
Josh Holtrop df7e105fb7 Allow building with HAVE_PKCS7 set and HAVE_X963_KDF unset 2025-07-29 11:46:44 -04:00
Josh Holtrop 26a4ea93eb Allow building with HAVE_PKCS7 set and HAVE_AES_KEYWRAP unset 2025-07-28 12:40:35 -04:00
Josh Holtrop cf843c8b82 Add wc_PKCS7_GetEnvelopedDataKariRid()
Allow access to recipient ID before attempting to decrypt content.
2025-07-24 11:15:30 -04:00
David Garske 6aabc73845 Merge pull request #9018 from holtrop/decode-skp
Add API to decode SymmetricKeyPackage and OneSymmetricKey CMS objects
2025-07-23 16:01:58 -07:00
Josh Holtrop 27f0ef8789 Combine AES key wrap/unwrap callbacks 2025-07-22 16:34:37 -04:00
Josh Holtrop 77bace5010 Update style per code review comments 2025-07-22 14:47:22 -04:00
Josh Holtrop e03fc6858b Update Doxygen comment style per code review comments 2025-07-22 08:24:22 -04:00
Josh Holtrop 525f1cc39e Update style per code review comments 2025-07-22 08:19:01 -04:00
Josh Holtrop 06d86af67c Add API to decode SymmetricKeyPackage and OneSymmetricKey CMS objects 2025-07-19 18:28:06 -04:00
Josh Holtrop 429ccd5456 Add callback functions for custom AES key wrap/unwrap operations 2025-07-14 15:58:14 -04:00
Josh Holtrop 3f65846e67 Document BAD_FUNC_ARG return value for wc_PKCS7_DecodeEncryptedKeyPackage() 2025-07-10 08:07:32 -04:00
Josh Holtrop d2ab6edbab Add wc_PKCS7_DecodeEncryptedKeyPackage() 2025-07-09 13:38:11 -04:00
Daniel Pouzzner a3fb5029f8 clean up trailing whitespace and misplaced CRLFs, add missing final newlines, remove stray UTF8 nonprintables (BOMs) and ASCIIfy stray homoglyphs (spaces and apostrophes), guided by expanded coverage in wolfssl-multi-test check-source-text. 2024-09-05 14:52:18 -05:00
Andrew Hutchings 5ea9d11295 Minor documentation cleanup
Fixes two things across all the Doxygen:

1. Remove WOLFSSL_API from each definition
2. Add missing parameter names from functions
2022-04-06 16:17:36 +01:00
Anthony Hu 33cb823148 Remove legacy NTRU and OQS (#4418)
* Remove NTRU and OQS

* Keep the DTLS serialization format backwards compatible.

* Remove n from mygetopt_long() call.

* Fix over-zealous deletion.

* Resolve problems found by @SparkiDev
2021-09-24 08:37:53 +10:00
David Garske d0d28c82cd Added new PKCS7 ex API's for supporting signing and validation of large data blobs. New API's are wc_PKCS7_EncodeSignedData_ex and wc_PKCS7_VerifySignedData_ex. Includes header docx and unit tests for new API's. Cleanup for the PKCS7 small stack and const oid's. 2018-08-22 15:46:37 -07:00
abrahamsonn 765d97ae01 1. Trailing whitespace removal 2018-06-27 16:22:12 -06:00
connerwolfssl 13b7dad0fa documentation clean up, added check for asn generalized time 2018-06-27 10:22:47 -07:00
connerWolfSSL e45f0efc3f Documentation Fixes (#1520)
* Fixed documentation errors found by check_api script
* Formatting changes so that comments/API pairs are more obvious
2018-04-27 09:50:34 -07:00
connerwolfssl 17e88b47f6 Migrated documentation directory to doc. README updated. Error fixes. Moved make options to doc/include.am 2018-02-08 10:05:30 -07:00