pkcs7.h
Go to the documentation of this file.
1 /* pkcs7.h
2  *
3  * Copyright (C) 2006-2020 wolfSSL Inc.
4  *
5  * This file is part of wolfSSL.
6  *
7  * wolfSSL is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  *
12  * wolfSSL is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20  */
21 
26 #ifndef WOLF_CRYPT_PKCS7_H
27 #define WOLF_CRYPT_PKCS7_H
28 
29 #include <wolfssl/wolfcrypt/types.h>
30 
31 #ifdef HAVE_PKCS7
32 
33 #ifndef NO_ASN
34  #include <wolfssl/wolfcrypt/asn.h>
35 #endif
36 #include <wolfssl/wolfcrypt/asn_public.h>
37 #include <wolfssl/wolfcrypt/random.h>
38 #ifndef NO_AES
39  #include <wolfssl/wolfcrypt/aes.h>
40 #endif
41 #ifndef NO_DES3
42  #include <wolfssl/wolfcrypt/des3.h>
43 #endif
44 
45 #ifdef __cplusplus
46  extern "C" {
47 #endif
48 
49 /* Max number of certificates that PKCS7 structure can parse */
50 #ifndef MAX_PKCS7_CERTS
51  #define MAX_PKCS7_CERTS 4
52 #endif
53 
54 #ifndef MAX_ORI_TYPE_SZ
55  #define MAX_ORI_TYPE_SZ MAX_OID_SZ
56 #endif
57 #ifndef MAX_ORI_VALUE_SZ
58  #define MAX_ORI_VALUE_SZ 512
59 #endif
60 
61 #ifndef MAX_SIGNED_ATTRIBS_SZ
62  #define MAX_SIGNED_ATTRIBS_SZ 7
63 #endif
64 
65 #ifndef MAX_AUTH_ATTRIBS_SZ
66  #define MAX_AUTH_ATTRIBS_SZ 7
67 #endif
68 
69 #ifndef MAX_UNAUTH_ATTRIBS_SZ
70  #define MAX_UNAUTH_ATTRIBS_SZ 7
71 #endif
72 
73 /* PKCS#7 content types, ref RFC 2315 (Section 14) */
74 enum PKCS7_TYPES {
75  PKCS7_MSG = 650, /* 1.2.840.113549.1.7 */
76  DATA = 651, /* 1.2.840.113549.1.7.1 */
77  SIGNED_DATA = 652, /* 1.2.840.113549.1.7.2 */
78  ENVELOPED_DATA = 653, /* 1.2.840.113549.1.7.3 */
79  SIGNED_AND_ENVELOPED_DATA = 654, /* 1.2.840.113549.1.7.4 */
80  DIGESTED_DATA = 655, /* 1.2.840.113549.1.7.5 */
81  ENCRYPTED_DATA = 656, /* 1.2.840.113549.1.7.6 */
82 #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
83  COMPRESSED_DATA = 678, /* 1.2.840.113549.1.9.16.1.9, RFC 3274 */
84 #endif
85  FIRMWARE_PKG_DATA = 685, /* 1.2.840.113549.1.9.16.1.16, RFC 4108 */
86  AUTH_ENVELOPED_DATA = 692 /* 1.2.840.113549.1.9.16.1.23, RFC 5083 */
87 };
88 
89 enum PKCS7_STATE {
90  WC_PKCS7_START = 0,
91 
92  /* decode encrypted */
93  WC_PKCS7_STAGE2,
94  WC_PKCS7_STAGE3,
95  WC_PKCS7_STAGE4,
96  WC_PKCS7_STAGE5,
97  WC_PKCS7_STAGE6,
98 
99  WC_PKCS7_VERIFY_STAGE2,
100  WC_PKCS7_VERIFY_STAGE3,
101  WC_PKCS7_VERIFY_STAGE4,
102  WC_PKCS7_VERIFY_STAGE5,
103  WC_PKCS7_VERIFY_STAGE6,
104 
105  /* parse info set */
106  WC_PKCS7_INFOSET_START,
107  WC_PKCS7_INFOSET_BER,
108  WC_PKCS7_INFOSET_STAGE1,
109  WC_PKCS7_INFOSET_STAGE2,
110  WC_PKCS7_INFOSET_END,
111 
112  /* decode enveloped data */
113  WC_PKCS7_ENV_2,
114  WC_PKCS7_ENV_3,
115  WC_PKCS7_ENV_4,
116  WC_PKCS7_ENV_5,
117 
118  /* decode auth enveloped */
119  WC_PKCS7_AUTHENV_2,
120  WC_PKCS7_AUTHENV_3,
121  WC_PKCS7_AUTHENV_4,
122  WC_PKCS7_AUTHENV_5,
123  WC_PKCS7_AUTHENV_6,
124  WC_PKCS7_AUTHENV_ATRB,
125  WC_PKCS7_AUTHENV_ATRBEND,
126  WC_PKCS7_AUTHENV_7,
127 
128  /* decryption state types */
129  WC_PKCS7_DECRYPT_KTRI,
130  WC_PKCS7_DECRYPT_KTRI_2,
131  WC_PKCS7_DECRYPT_KTRI_3,
132 
133 
134  WC_PKCS7_DECRYPT_KARI,
135  WC_PKCS7_DECRYPT_KEKRI,
136  WC_PKCS7_DECRYPT_PWRI,
137  WC_PKCS7_DECRYPT_ORI,
138 
139  WC_PKCS7_DECRYPT_DONE,
140 
141 };
142 
143 enum Pkcs7_Misc {
144  PKCS7_NONCE_SZ = 16,
145  MAX_ENCRYPTED_KEY_SZ = 512, /* max enc. key size, RSA <= 4096 */
146  MAX_CONTENT_KEY_LEN = 32, /* highest current cipher is AES-256-CBC */
147  MAX_CONTENT_IV_SIZE = 16, /* highest current is AES128 */
148 #ifndef NO_AES
149  MAX_CONTENT_BLOCK_LEN = AES_BLOCK_SIZE,
150 #else
151  MAX_CONTENT_BLOCK_LEN = DES_BLOCK_SIZE,
152 #endif
153  MAX_RECIP_SZ = MAX_VERSION_SZ +
154  MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ +
155  MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ,
156 #if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
157  (HAVE_FIPS_VERSION >= 2)) || defined(HAVE_SELFTEST)
158  /* In the event of fips cert 3389 or CAVP selftest build, these enums are
159  * not in aes.h for use with pkcs7 so enumerate it here outside the fips
160  * boundary */
161  GCM_NONCE_MID_SZ = 12, /* The usual default nonce size for AES-GCM. */
162  CCM_NONCE_MIN_SZ = 7,
163 #endif
164 };
165 
166 enum Cms_Options {
167  CMS_SKID = 1,
168  CMS_ISSUER_AND_SERIAL_NUMBER = 2,
169 };
170 #define DEGENERATE_SID 3
171 
172 /* CMS/PKCS#7 RecipientInfo types, RFC 5652, Section 6.2 */
173 enum Pkcs7_RecipientInfo_Types {
174  PKCS7_KTRI = 0,
175  PKCS7_KARI = 1,
176  PKCS7_KEKRI = 2,
177  PKCS7_PWRI = 3,
178  PKCS7_ORI = 4
179 };
180 
181 typedef struct PKCS7Attrib {
182  const byte* oid;
183  word32 oidSz;
184  const byte* value;
185  word32 valueSz;
186 } PKCS7Attrib;
187 
188 
189 typedef struct PKCS7DecodedAttrib {
190  struct PKCS7DecodedAttrib* next;
191  byte* oid;
192  word32 oidSz;
193  byte* value;
194  word32 valueSz;
195 } PKCS7DecodedAttrib;
196 
197 typedef struct PKCS7State PKCS7State;
198 typedef struct Pkcs7Cert Pkcs7Cert;
199 typedef struct Pkcs7EncodedRecip Pkcs7EncodedRecip;
200 typedef struct PKCS7 PKCS7;
201 typedef struct PKCS7 PKCS7_SIGNED;
202 typedef struct PKCS7SignerInfo PKCS7SignerInfo;
203 
204 /* OtherRecipientInfo decrypt callback prototype */
205 typedef int (*CallbackOriDecrypt)(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
206  byte* oriValue, word32 oriValueSz,
207  byte* decryptedKey, word32* decryptedKeySz,
208  void* ctx);
209 typedef int (*CallbackOriEncrypt)(PKCS7* pkcs7, byte* cek, word32 cekSz,
210  byte* oriType, word32* oriTypeSz,
211  byte* oriValue, word32* oriValueSz,
212  void* ctx);
213 typedef int (*CallbackDecryptContent)(PKCS7* pkcs7, int encryptOID,
214  byte* iv, int ivSz, byte* aad, word32 aadSz,
215  byte* authTag, word32 authTagSz, byte* in,
216  int inSz, byte* out, void* ctx);
217 typedef int (*CallbackWrapCEK)(PKCS7* pkcs7, byte* cek, word32 cekSz,
218  byte* keyId, word32 keyIdSz,
219  byte* originKey, word32 originKeySz,
220  byte* out, word32 outSz,
221  int keyWrapAlgo, int type, int dir);
222 
223 #if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
224 /* RSA sign raw digest callback, user builds DigestInfo */
225 typedef int (*CallbackRsaSignRawDigest)(PKCS7* pkcs7, byte* digest,
226  word32 digestSz, byte* out, word32 outSz,
227  byte* privateKey, word32 privateKeySz,
228  int devId, int hashOID);
229 #endif
230 
231 /* Public Structure Warning:
232  * Existing members must not be changed to maintain backwards compatibility!
233  */
234 struct PKCS7 {
235  WC_RNG* rng;
236  PKCS7Attrib* signedAttribs;
237  byte* content; /* inner content, not owner */
238  byte* contentDynamic; /* content if constructed OCTET_STRING */
239  byte* singleCert; /* recipient cert, DER, not owner */
240  const byte* issuer; /* issuer name of singleCert */
241  byte* privateKey; /* private key, DER, not owner */
242  void* heap; /* heap hint for dynamic memory */
243 #ifdef ASN_BER_TO_DER
244  byte* der; /* DER encoded version of message */
245  word32 derSz;
246 #endif
247  byte* cert[MAX_PKCS7_CERTS];
248 
249  /* Encrypted-data Content Type */
250  byte* encryptionKey; /* block cipher encryption key */
251  PKCS7Attrib* unprotectedAttribs; /* optional */
252  PKCS7DecodedAttrib* decodedAttrib; /* linked list of decoded attribs */
253 
254  /* Enveloped-data optional ukm, not owner */
255  byte* ukm;
256  word32 ukmSz;
257 
258  word32 encryptionKeySz; /* size of key buffer, bytes */
259  word32 unprotectedAttribsSz;
260  word32 contentSz; /* content size */
261  word32 singleCertSz; /* size of recipient cert buffer, bytes */
262  word32 issuerSz; /* length of issuer name */
263  word32 issuerSnSz; /* length of serial number */
264 
265  word32 publicKeySz;
266  word32 publicKeyOID; /* key OID (RSAk, ECDSAk, etc) */
267  word32 privateKeySz; /* size of private key buffer, bytes */
268  word32 signedAttribsSz;
269  int contentOID; /* PKCS#7 content type OID sum */
270  int hashOID;
271  int encryptOID; /* key encryption algorithm OID */
272  int keyWrapOID; /* key wrap algorithm OID */
273  int keyAgreeOID; /* key agreement algorithm OID */
274  int devId; /* device ID for HW based private key */
275  byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */
276  byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */
277  byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ]; /* MAX RSA key size (m + e)*/
278  word32 certSz[MAX_PKCS7_CERTS];
279 
280  /* flags - up to 16-bits */
281  word16 isDynamic:1;
282  word16 noDegenerate:1; /* allow degenerate case in verify function */
283  word16 detached:1; /* generate detached SignedData signature bundles */
284 
285  byte contentType[MAX_OID_SZ]; /* custom contentType byte array */
286  word32 contentTypeSz; /* size of contentType, bytes */
287 
288  int sidType; /* SignerIdentifier type to use, of type
289  Pkcs7_SignerIdentifier_Types, default to
290  SID_ISSUER_AND_SERIAL_NUMBER */
291  byte issuerSubjKeyId[KEYID_SIZE]; /* SubjectKeyIdentifier of singleCert */
292  Pkcs7Cert* certList; /* certificates list for SignedData set */
293  Pkcs7EncodedRecip* recipList; /* recipients list */
294  byte* cek; /* content encryption key, random, dynamic */
295  word32 cekSz; /* size of cek, bytes */
296  byte* pass; /* password, for PWRI decryption */
297  word32 passSz; /* size of pass, bytes */
298  int kekEncryptOID; /* KEK encryption algorithm OID */
299 
300  CallbackOriEncrypt oriEncryptCb; /* ORI encrypt callback */
301  CallbackOriDecrypt oriDecryptCb; /* ORI decrypt callback */
302  void* oriEncryptCtx; /* ORI encrypt user context ptr */
303  void* oriDecryptCtx; /* ORI decrypt user context ptr */
304 
305  PKCS7Attrib* authAttribs; /* authenticated attribs */
306  word32 authAttribsSz;
307  PKCS7Attrib* unauthAttribs; /* unauthenticated attribs */
308  word32 unauthAttribsSz;
309 
310 #ifndef NO_PKCS7_STREAM
311  PKCS7State* stream;
312 #endif
313  word32 state;
314 
315  word16 skipDefaultSignedAttribs:1; /* skip adding default signed attribs */
316 
317  byte version; /* 1 for RFC 2315 and 3 for RFC 4108 */
318  PKCS7SignerInfo* signerInfo;
319  CallbackDecryptContent decryptionCb;
320  CallbackWrapCEK wrapCEKCb;
321  void* decryptionCtx;
322 
323  byte* signature;
324  byte* plainDigest;
325  byte* pkcs7Digest;
326  word32 signatureSz;
327  word32 plainDigestSz;
328  word32 pkcs7DigestSz;
329 
330 #if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
331  CallbackRsaSignRawDigest rsaSignRawDigestCb;
332 #endif
333 
334  /* used by DecodeEnvelopedData with multiple encrypted contents */
335  byte* cachedEncryptedContent;
336  word32 cachedEncryptedContentSz;
337  /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
338 };
339 
340 WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId);
341 WOLFSSL_API int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId);
342 WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* der, word32 derSz);
343 WOLFSSL_API int wc_PKCS7_AddCertificate(PKCS7* pkcs7, byte* der, word32 derSz);
344 WOLFSSL_API void wc_PKCS7_Free(PKCS7* pkcs7);
345 
346 WOLFSSL_API int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid,
347  word32 oidSz, byte* out, word32* outSz);
348 
349 WOLFSSL_API int wc_PKCS7_SetSignerIdentifierType(PKCS7* pkcs7, int type);
350 WOLFSSL_API int wc_PKCS7_SetContentType(PKCS7* pkcs7, byte* contentType,
351  word32 sz);
352 WOLFSSL_API int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz);
353 WOLFSSL_API int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz,
354  word32 blockSz);
355 
356 /* CMS/PKCS#7 Data */
357 WOLFSSL_API int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output,
358  word32 outputSz);
359 
360 /* CMS/PKCS#7 SignedData */
361 WOLFSSL_API int wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag);
362 WOLFSSL_API int wc_PKCS7_NoDefaultSignedAttribs(PKCS7* pkcs7);
363 WOLFSSL_API int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
364  byte* output, word32 outputSz);
365 WOLFSSL_API int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
366  word32 hashSz, byte* outputHead,
367  word32* outputHeadSz,
368  byte* outputFoot,
369  word32* outputFootSz);
370 WOLFSSL_API void wc_PKCS7_AllowDegenerate(PKCS7* pkcs7, word16 flag);
371 WOLFSSL_API int wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
372  byte* pkiMsg, word32 pkiMsgSz);
373 WOLFSSL_API int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
374  word32 hashSz, byte* pkiMsgHead,
375  word32 pkiMsgHeadSz, byte* pkiMsgFoot,
376  word32 pkiMsgFootSz);
377 
378 WOLFSSL_API int wc_PKCS7_GetSignerSID(PKCS7* pkcs7, byte* out, word32* outSz);
379 
380 /* CMS single-shot API for Signed FirmwarePkgData */
381 WOLFSSL_API int wc_PKCS7_EncodeSignedFPD(PKCS7* pkcs7, byte* privateKey,
382  word32 privateKeySz, int signOID,
383  int hashOID, byte* content,
384  word32 contentSz,
385  PKCS7Attrib* signedAttribs,
386  word32 signedAttribsSz, byte* output,
387  word32 outputSz);
388 #ifndef NO_PKCS7_ENCRYPTED_DATA
389 /* CMS single-shot API for Signed Encrypted FirmwarePkgData */
390 WOLFSSL_API int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7,
391  byte* encryptKey, word32 encryptKeySz,
392  byte* privateKey, word32 privateKeySz,
393  int encryptOID, int signOID,
394  int hashOID, byte* content,
395  word32 contentSz,
396  PKCS7Attrib* unprotectedAttribs,
397  word32 unprotectedAttribsSz,
398  PKCS7Attrib* signedAttribs,
399  word32 signedAttribsSz,
400  byte* output, word32 outputSz);
401 #endif /* NO_PKCS7_ENCRYPTED_DATA */
402 #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
403 /* CMS single-shot API for Signed Compressed FirmwarePkgData */
404 WOLFSSL_API int wc_PKCS7_EncodeSignedCompressedFPD(PKCS7* pkcs7,
405  byte* privateKey, word32 privateKeySz,
406  int signOID, int hashOID,
407  byte* content, word32 contentSz,
408  PKCS7Attrib* signedAttribs,
409  word32 signedAttribsSz, byte* output,
410  word32 outputSz);
411 
412 #ifndef NO_PKCS7_ENCRYPTED_DATA
413 /* CMS single-shot API for Signed Encrypted Compressed FirmwarePkgData */
414 WOLFSSL_API int wc_PKCS7_EncodeSignedEncryptedCompressedFPD(PKCS7* pkcs7,
415  byte* encryptKey, word32 encryptKeySz,
416  byte* privateKey, word32 privateKeySz,
417  int encryptOID, int signOID,
418  int hashOID, byte* content,
419  word32 contentSz,
420  PKCS7Attrib* unprotectedAttribs,
421  word32 unprotectedAttribsSz,
422  PKCS7Attrib* signedAttribs,
423  word32 signedAttribsSz,
424  byte* output, word32 outputSz);
425 #endif /* !NO_PKCS7_ENCRYPTED_DATA */
426 #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
427 
428 /* EnvelopedData and AuthEnvelopedData RecipientInfo functions */
429 WOLFSSL_API int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert,
430  word32 certSz, int options);
431 WOLFSSL_API int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert,
432  word32 certSz, int keyWrapOID,
433  int keyAgreeOID, byte* ukm,
434  word32 ukmSz, int options);
435 
436 WOLFSSL_API int wc_PKCS7_SetKey(PKCS7* pkcs7, byte* key, word32 keySz);
437 WOLFSSL_API int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID,
438  byte* kek, word32 kekSz,
439  byte* keyID, word32 keyIdSz,
440  void* timePtr, byte* otherOID,
441  word32 otherOIDSz, byte* other,
442  word32 otherSz, int options);
443 
444 WOLFSSL_API int wc_PKCS7_SetPassword(PKCS7* pkcs7, byte* passwd, word32 pLen);
445 WOLFSSL_API int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd,
446  word32 pLen, byte* salt,
447  word32 saltSz, int kdfOID,
448  int prfOID, int iterations,
449  int kekEncryptOID, int options);
450 WOLFSSL_API int wc_PKCS7_SetOriEncryptCtx(PKCS7* pkcs7, void* ctx);
451 WOLFSSL_API int wc_PKCS7_SetOriDecryptCtx(PKCS7* pkcs7, void* ctx);
452 WOLFSSL_API int wc_PKCS7_SetOriDecryptCb(PKCS7* pkcs7, CallbackOriDecrypt cb);
453 WOLFSSL_API int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt cb,
454  int options);
455 WOLFSSL_API int wc_PKCS7_SetWrapCEKCb(PKCS7* pkcs7,
456  CallbackWrapCEK wrapCEKCb);
457 
458 #if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
459 WOLFSSL_API int wc_PKCS7_SetRsaSignRawDigestCb(PKCS7* pkcs7,
460  CallbackRsaSignRawDigest cb);
461 #endif
462 
463 /* CMS/PKCS#7 EnvelopedData */
464 WOLFSSL_API int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
465  byte* output, word32 outputSz);
466 WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
467  word32 pkiMsgSz, byte* output,
468  word32 outputSz);
469 
470 /* CMS/PKCS#7 AuthEnvelopedData */
471 WOLFSSL_API int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7,
472  byte* output, word32 outputSz);
473 WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
474  word32 pkiMsgSz, byte* output,
475  word32 outputSz);
476 
477 /* CMS/PKCS#7 EncryptedData */
478 #ifndef NO_PKCS7_ENCRYPTED_DATA
479 WOLFSSL_API int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7,
480  byte* output, word32 outputSz);
481 WOLFSSL_API int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg,
482  word32 pkiMsgSz, byte* output,
483  word32 outputSz);
484 WOLFSSL_API int wc_PKCS7_SetDecodeEncryptedCb(PKCS7* pkcs7,
485  CallbackDecryptContent decryptionCb);
486 WOLFSSL_API int wc_PKCS7_SetDecodeEncryptedCtx(PKCS7* pkcs7, void* ctx);
487 #endif /* NO_PKCS7_ENCRYPTED_DATA */
488 
489 /* CMS/PKCS#7 CompressedData */
490 #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
491 WOLFSSL_API int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output,
492  word32 outputSz);
493 WOLFSSL_API int wc_PKCS7_DecodeCompressedData(PKCS7* pkcs7, byte* pkiMsg,
494  word32 pkiMsgSz, byte* output,
495  word32 outputSz);
496 #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
497 
498 #ifdef __cplusplus
499  } /* extern "C" */
500 #endif
501 
502 #endif /* HAVE_PKCS7 */
503 #endif /* WOLF_CRYPT_PKCS7_H */
504 
wc_PKCS7_EncodeSignedData_ex
WOLFSSL_API int wc_PKCS7_EncodeSignedData_ex(PKCS7 *pkcs7, const byte *hashBuf, word32 hashSz, byte *outputHead, word32 *outputHeadSz, byte *outputFoot, word32 *outputFootSz)
This function builds the PKCS7 signed data content type, encoding the PKCS7 structure into a header a...
Definition: pkcs7.c:2510
wc_PKCS7_InitWithCert
WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7 *pkcs7, byte *cert, word32 certSz)
This function initializes a PKCS7 structure with a DER-formatted certificate. To initialize an empty ...
Definition: pkcs7.c:915
asn_public.h
wc_PKCS7_EncodeEnvelopedData
WOLFSSL_API int wc_PKCS7_EncodeEnvelopedData(PKCS7 *pkcs7, byte *output, word32 outputSz)
This function builds the PKCS7 enveloped data content type, encoding the PKCS7 structure into a buffe...
Definition: pkcs7.c:7691
wc_PKCS7_DecodeEnvelopedData
WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7 *pkcs7, byte *pkiMsg, word32 pkiMsgSz, byte *output, word32 outputSz)
This function unwraps and decrypts a PKCS7 enveloped data content type, decoding the message into out...
Definition: pkcs7.c:10022
PKCS7
Definition: pkcs7.h:234
PKCS7Attrib
Definition: pkcs7.h:181
wc_PKCS7_Free
WOLFSSL_API void wc_PKCS7_Free(PKCS7 *pkcs7)
This function releases any memory allocated by a PKCS7 initializer.
Definition: pkcs7.c:1133
wc_PKCS7_EncodeSignedData
WOLFSSL_API int wc_PKCS7_EncodeSignedData(PKCS7 *pkcs7, byte *output, word32 outputSz)
This function builds the PKCS7 signed data content type, encoding the PKCS7 structure into a buffer c...
Definition: pkcs7.c:2589
WC_RNG
Definition: random.h:153
wc_PKCS7_EncodeData
WOLFSSL_API int wc_PKCS7_EncodeData(PKCS7 *pkcs7, byte *output, word32 outputSz)
This function builds the PKCS7 data content type, encoding the PKCS7 structure into a buffer containi...
Definition: pkcs7.c:1274
PKCS7DecodedAttrib
Definition: pkcs7.h:189
wc_PKCS7_VerifySignedData_ex
WOLFSSL_API int wc_PKCS7_VerifySignedData_ex(PKCS7 *pkcs7, const byte *hashBuf, word32 hashSz, byte *pkiMsgHead, word32 pkiMsgHeadSz, byte *pkiMsgFoot, word32 pkiMsgFootSz)
This function takes in a transmitted PKCS7 signed data message as hash/header/footer, then extracts the certificate list and certificate revocation list, and then verifies the signature. It stores the extracted content in the given PKCS7 structure.
Definition: pkcs7.c:5046
wc_PKCS7_VerifySignedData
WOLFSSL_API int wc_PKCS7_VerifySignedData(PKCS7 *pkcs7, byte *pkiMsg, word32 pkiMsgSz)
This function takes in a transmitted PKCS7 signed data message, extracts the certificate list and cer...
Definition: pkcs7.c:5054