Xuyi Wang / wolfSSL

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependents:   OS

wolfssl/wolfcrypt/pkcs7.h@15:117db924cf7c, 2018-08-18 (annotated)

Committer:
wolfSSL
Date:
Sat Aug 18 22:20:43 2018 +0000
Revision:
15:117db924cf7c
wolfSSL 3.15.3

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 15:117db924cf7c 1 /* pkcs7.h
wolfSSL 15:117db924cf7c 2 *
wolfSSL 15:117db924cf7c 3 * Copyright (C) 2006-2017 wolfSSL Inc.
wolfSSL 15:117db924cf7c 4 *
wolfSSL 15:117db924cf7c 5 * This file is part of wolfSSL.
wolfSSL 15:117db924cf7c 6 *
wolfSSL 15:117db924cf7c 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 15:117db924cf7c 8 * it under the terms of the GNU General Public License as published by
wolfSSL 15:117db924cf7c 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 15:117db924cf7c 10 * (at your option) any later version.
wolfSSL 15:117db924cf7c 11 *
wolfSSL 15:117db924cf7c 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 15:117db924cf7c 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 15:117db924cf7c 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 15:117db924cf7c 15 * GNU General Public License for more details.
wolfSSL 15:117db924cf7c 16 *
wolfSSL 15:117db924cf7c 17 * You should have received a copy of the GNU General Public License
wolfSSL 15:117db924cf7c 18 * along with this program; if not, write to the Free Software
wolfSSL 15:117db924cf7c 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 15:117db924cf7c 20 */
wolfSSL 15:117db924cf7c 21
wolfSSL 15:117db924cf7c 22 /*!
wolfSSL 15:117db924cf7c 23 \file wolfssl/wolfcrypt/pkcs7.h
wolfSSL 15:117db924cf7c 24 */
wolfSSL 15:117db924cf7c 25
wolfSSL 15:117db924cf7c 26 #ifndef WOLF_CRYPT_PKCS7_H
wolfSSL 15:117db924cf7c 27 #define WOLF_CRYPT_PKCS7_H
wolfSSL 15:117db924cf7c 28
wolfSSL 15:117db924cf7c 29 #include <wolfssl/wolfcrypt/types.h>
wolfSSL 15:117db924cf7c 30
wolfSSL 15:117db924cf7c 31 #ifdef HAVE_PKCS7
wolfSSL 15:117db924cf7c 32
wolfSSL 15:117db924cf7c 33 #ifndef NO_ASN
wolfSSL 15:117db924cf7c 34 #include <wolfssl/wolfcrypt/asn.h>
wolfSSL 15:117db924cf7c 35 #endif
wolfSSL 15:117db924cf7c 36 #include <wolfssl/wolfcrypt/asn_public.h>
wolfSSL 15:117db924cf7c 37 #include <wolfssl/wolfcrypt/random.h>
wolfSSL 15:117db924cf7c 38 #ifndef NO_AES
wolfSSL 15:117db924cf7c 39 #include <wolfssl/wolfcrypt/aes.h>
wolfSSL 15:117db924cf7c 40 #endif
wolfSSL 15:117db924cf7c 41 #ifndef NO_DES3
wolfSSL 15:117db924cf7c 42 #include <wolfssl/wolfcrypt/des3.h>
wolfSSL 15:117db924cf7c 43 #endif
wolfSSL 15:117db924cf7c 44
wolfSSL 15:117db924cf7c 45 #ifdef __cplusplus
wolfSSL 15:117db924cf7c 46 extern "C" {
wolfSSL 15:117db924cf7c 47 #endif
wolfSSL 15:117db924cf7c 48
wolfSSL 15:117db924cf7c 49 /* Max number of certificates that PKCS7 structure can parse */
wolfSSL 15:117db924cf7c 50 #ifndef MAX_PKCS7_CERTS
wolfSSL 15:117db924cf7c 51 #define MAX_PKCS7_CERTS 4
wolfSSL 15:117db924cf7c 52 #endif
wolfSSL 15:117db924cf7c 53
wolfSSL 15:117db924cf7c 54 /* PKCS#7 content types, ref RFC 2315 (Section 14) */
wolfSSL 15:117db924cf7c 55 enum PKCS7_TYPES {
wolfSSL 15:117db924cf7c 56 PKCS7_MSG = 650, /* 1.2.840.113549.1.7 */
wolfSSL 15:117db924cf7c 57 DATA = 651, /* 1.2.840.113549.1.7.1 */
wolfSSL 15:117db924cf7c 58 SIGNED_DATA = 652, /* 1.2.840.113549.1.7.2 */
wolfSSL 15:117db924cf7c 59 ENVELOPED_DATA = 653, /* 1.2.840.113549.1.7.3 */
wolfSSL 15:117db924cf7c 60 SIGNED_AND_ENVELOPED_DATA = 654, /* 1.2.840.113549.1.7.4 */
wolfSSL 15:117db924cf7c 61 DIGESTED_DATA = 655, /* 1.2.840.113549.1.7.5 */
wolfSSL 15:117db924cf7c 62 ENCRYPTED_DATA = 656 /* 1.2.840.113549.1.7.6 */
wolfSSL 15:117db924cf7c 63 };
wolfSSL 15:117db924cf7c 64
wolfSSL 15:117db924cf7c 65 enum Pkcs7_Misc {
wolfSSL 15:117db924cf7c 66 PKCS7_NONCE_SZ = 16,
wolfSSL 15:117db924cf7c 67 MAX_ENCRYPTED_KEY_SZ = 512, /* max enc. key size, RSA <= 4096 */
wolfSSL 15:117db924cf7c 68 MAX_CONTENT_KEY_LEN = 32, /* highest current cipher is AES-256-CBC */
wolfSSL 15:117db924cf7c 69 MAX_CONTENT_IV_SIZE = 16, /* highest current is AES128 */
wolfSSL 15:117db924cf7c 70 #ifndef NO_AES
wolfSSL 15:117db924cf7c 71 MAX_CONTENT_BLOCK_LEN = AES_BLOCK_SIZE,
wolfSSL 15:117db924cf7c 72 #else
wolfSSL 15:117db924cf7c 73 MAX_CONTENT_BLOCK_LEN = DES_BLOCK_SIZE,
wolfSSL 15:117db924cf7c 74 #endif
wolfSSL 15:117db924cf7c 75 MAX_RECIP_SZ = MAX_VERSION_SZ +
wolfSSL 15:117db924cf7c 76 MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ +
wolfSSL 15:117db924cf7c 77 MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ
wolfSSL 15:117db924cf7c 78 };
wolfSSL 15:117db924cf7c 79
wolfSSL 15:117db924cf7c 80
wolfSSL 15:117db924cf7c 81 typedef struct PKCS7Attrib {
wolfSSL 15:117db924cf7c 82 byte* oid;
wolfSSL 15:117db924cf7c 83 word32 oidSz;
wolfSSL 15:117db924cf7c 84 byte* value;
wolfSSL 15:117db924cf7c 85 word32 valueSz;
wolfSSL 15:117db924cf7c 86 } PKCS7Attrib;
wolfSSL 15:117db924cf7c 87
wolfSSL 15:117db924cf7c 88
wolfSSL 15:117db924cf7c 89 typedef struct PKCS7DecodedAttrib {
wolfSSL 15:117db924cf7c 90 struct PKCS7DecodedAttrib* next;
wolfSSL 15:117db924cf7c 91 byte* oid;
wolfSSL 15:117db924cf7c 92 word32 oidSz;
wolfSSL 15:117db924cf7c 93 byte* value;
wolfSSL 15:117db924cf7c 94 word32 valueSz;
wolfSSL 15:117db924cf7c 95 } PKCS7DecodedAttrib;
wolfSSL 15:117db924cf7c 96
wolfSSL 15:117db924cf7c 97
wolfSSL 15:117db924cf7c 98 /* Public Structure Warning:
wolfSSL 15:117db924cf7c 99 * Existing members must not be changed to maintain backwards compatibility!
wolfSSL 15:117db924cf7c 100 */
wolfSSL 15:117db924cf7c 101 typedef struct PKCS7 {
wolfSSL 15:117db924cf7c 102 WC_RNG* rng;
wolfSSL 15:117db924cf7c 103 PKCS7Attrib* signedAttribs;
wolfSSL 15:117db924cf7c 104 byte* content; /* inner content, not owner */
wolfSSL 15:117db924cf7c 105 byte* singleCert; /* recipient cert, DER, not owner */
wolfSSL 15:117db924cf7c 106 byte* issuer; /* issuer name of singleCert */
wolfSSL 15:117db924cf7c 107 byte* privateKey; /* private key, DER, not owner */
wolfSSL 15:117db924cf7c 108 void* heap; /* heap hint for dynamic memory */
wolfSSL 15:117db924cf7c 109 #ifdef ASN_BER_TO_DER
wolfSSL 15:117db924cf7c 110 byte* der; /* DER encoded version of message */
wolfSSL 15:117db924cf7c 111 #endif
wolfSSL 15:117db924cf7c 112 byte* cert[MAX_PKCS7_CERTS];
wolfSSL 15:117db924cf7c 113
wolfSSL 15:117db924cf7c 114 /* Encrypted-data Content Type */
wolfSSL 15:117db924cf7c 115 byte* encryptionKey; /* block cipher encryption key */
wolfSSL 15:117db924cf7c 116 PKCS7Attrib* unprotectedAttribs; /* optional */
wolfSSL 15:117db924cf7c 117 PKCS7DecodedAttrib* decodedAttrib; /* linked list of decoded attribs */
wolfSSL 15:117db924cf7c 118
wolfSSL 15:117db924cf7c 119 /* Enveloped-data optional ukm, not owner */
wolfSSL 15:117db924cf7c 120 byte* ukm;
wolfSSL 15:117db924cf7c 121 word32 ukmSz;
wolfSSL 15:117db924cf7c 122
wolfSSL 15:117db924cf7c 123 word32 encryptionKeySz; /* size of key buffer, bytes */
wolfSSL 15:117db924cf7c 124 word32 unprotectedAttribsSz;
wolfSSL 15:117db924cf7c 125 word32 contentSz; /* content size */
wolfSSL 15:117db924cf7c 126 word32 singleCertSz; /* size of recipient cert buffer, bytes */
wolfSSL 15:117db924cf7c 127 word32 issuerSz; /* length of issuer name */
wolfSSL 15:117db924cf7c 128 word32 issuerSnSz; /* length of serial number */
wolfSSL 15:117db924cf7c 129
wolfSSL 15:117db924cf7c 130 word32 publicKeySz;
wolfSSL 15:117db924cf7c 131 word32 publicKeyOID; /* key OID (RSAk, ECDSAk, etc) */
wolfSSL 15:117db924cf7c 132 word32 privateKeySz; /* size of private key buffer, bytes */
wolfSSL 15:117db924cf7c 133 word32 signedAttribsSz;
wolfSSL 15:117db924cf7c 134 int contentOID; /* PKCS#7 content type OID sum */
wolfSSL 15:117db924cf7c 135 int hashOID;
wolfSSL 15:117db924cf7c 136 int encryptOID; /* key encryption algorithm OID */
wolfSSL 15:117db924cf7c 137 int keyWrapOID; /* key wrap algorithm OID */
wolfSSL 15:117db924cf7c 138 int keyAgreeOID; /* key agreement algorithm OID */
wolfSSL 15:117db924cf7c 139 int devId; /* device ID for HW based private key */
wolfSSL 15:117db924cf7c 140 byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */
wolfSSL 15:117db924cf7c 141 byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */
wolfSSL 15:117db924cf7c 142 byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ]; /* MAX RSA key size (m + e)*/
wolfSSL 15:117db924cf7c 143 word32 certSz[MAX_PKCS7_CERTS];
wolfSSL 15:117db924cf7c 144
wolfSSL 15:117db924cf7c 145 /* flags - up to 16-bits */
wolfSSL 15:117db924cf7c 146 word16 isDynamic:1;
wolfSSL 15:117db924cf7c 147
wolfSSL 15:117db924cf7c 148 /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
wolfSSL 15:117db924cf7c 149 } PKCS7;
wolfSSL 15:117db924cf7c 150
wolfSSL 15:117db924cf7c 151
wolfSSL 15:117db924cf7c 152 WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId);
wolfSSL 15:117db924cf7c 153 WOLFSSL_API int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId);
wolfSSL 15:117db924cf7c 154 WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz);
wolfSSL 15:117db924cf7c 155 WOLFSSL_API void wc_PKCS7_Free(PKCS7* pkcs7);
wolfSSL 15:117db924cf7c 156
wolfSSL 15:117db924cf7c 157 WOLFSSL_API int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid,
wolfSSL 15:117db924cf7c 158 word32 oidSz, byte* out, word32* outSz);
wolfSSL 15:117db924cf7c 159 WOLFSSL_API int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output,
wolfSSL 15:117db924cf7c 160 word32 outputSz);
wolfSSL 15:117db924cf7c 161 WOLFSSL_API int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
wolfSSL 15:117db924cf7c 162 byte* output, word32 outputSz);
wolfSSL 15:117db924cf7c 163 WOLFSSL_API int wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
wolfSSL 15:117db924cf7c 164 byte* pkiMsg, word32 pkiMsgSz);
wolfSSL 15:117db924cf7c 165 WOLFSSL_API int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
wolfSSL 15:117db924cf7c 166 byte* output, word32 outputSz);
wolfSSL 15:117db924cf7c 167 WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
wolfSSL 15:117db924cf7c 168 word32 pkiMsgSz, byte* output,
wolfSSL 15:117db924cf7c 169 word32 outputSz);
wolfSSL 15:117db924cf7c 170
wolfSSL 15:117db924cf7c 171 WOLFSSL_API int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz);
wolfSSL 15:117db924cf7c 172 WOLFSSL_API int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz,
wolfSSL 15:117db924cf7c 173 word32 blockSz);
wolfSSL 15:117db924cf7c 174
wolfSSL 15:117db924cf7c 175 #ifndef NO_PKCS7_ENCRYPTED_DATA
wolfSSL 15:117db924cf7c 176 WOLFSSL_API int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7,
wolfSSL 15:117db924cf7c 177 byte* output, word32 outputSz);
wolfSSL 15:117db924cf7c 178 WOLFSSL_API int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg,
wolfSSL 15:117db924cf7c 179 word32 pkiMsgSz, byte* output,
wolfSSL 15:117db924cf7c 180 word32 outputSz);
wolfSSL 15:117db924cf7c 181 #endif /* NO_PKCS7_ENCRYPTED_DATA */
wolfSSL 15:117db924cf7c 182
wolfSSL 15:117db924cf7c 183 #ifdef __cplusplus
wolfSSL 15:117db924cf7c 184 } /* extern "C" */
wolfSSL 15:117db924cf7c 185 #endif
wolfSSL 15:117db924cf7c 186
wolfSSL 15:117db924cf7c 187 #endif /* HAVE_PKCS7 */
wolfSSL 15:117db924cf7c 188 #endif /* WOLF_CRYPT_PKCS7_H */
wolfSSL 15:117db924cf7c 189
wolfSSL 15:117db924cf7c 190