add example of no certs bundle and stream mode
JacobBarthelmeh
parent
5a7c32742a
commit
81827df470
|
|
@ -79,7 +79,8 @@ static int write_file_buffer(const char* fileName, byte* in, word32 inSz)
|
|||
}
|
||||
|
||||
static int envelopedData_encrypt(byte* cert, word32 certSz, byte* key,
|
||||
word32 keySz, byte* out, word32 outSz)
|
||||
word32 keySz, byte* out, word32 outSz,
|
||||
byte useStreamMode)
|
||||
{
|
||||
int ret;
|
||||
PKCS7* pkcs7;
|
||||
|
|
@ -93,6 +94,10 @@ static int envelopedData_encrypt(byte* cert, word32 certSz, byte* key,
|
|||
pkcs7->contentOID = DATA;
|
||||
pkcs7->encryptOID = AES256CBCb;
|
||||
|
||||
if (useStreamMode) {
|
||||
wc_PKCS7_SetStreamMode(pkcs7, 1);
|
||||
}
|
||||
|
||||
/* add recipient using RSA certificate (KTRI type) */
|
||||
ret = wc_PKCS7_AddRecipient_KTRI(pkcs7, cert, certSz, 0);
|
||||
if (ret < 0) {
|
||||
|
|
@ -109,8 +114,8 @@ static int envelopedData_encrypt(byte* cert, word32 certSz, byte* key,
|
|||
return -1;
|
||||
|
||||
} else {
|
||||
printf("Successfully encoded EnvelopedData bundle (%s)\n",
|
||||
encodedFileKTRI);
|
||||
printf("Successfully encoded EnvelopedData bundle (%s), stream mode"
|
||||
" %d\n", encodedFileKTRI, useStreamMode);
|
||||
|
||||
if (write_file_buffer(encodedFileKTRI, out, ret) != 0) {
|
||||
printf("ERROR: error writing encoded to output file\n");
|
||||
|
|
@ -177,7 +182,7 @@ int main(int argc, char** argv)
|
|||
byte key[2048];
|
||||
byte encrypted[1024];
|
||||
byte decrypted[1024];
|
||||
|
||||
|
||||
#ifdef DEBUG_WOLFSSL
|
||||
wolfSSL_Debugging_ON();
|
||||
#endif
|
||||
|
|
@ -189,10 +194,18 @@ int main(int argc, char** argv)
|
|||
return -1;
|
||||
|
||||
encryptedSz = envelopedData_encrypt(cert, certSz, key, keySz,
|
||||
encrypted, sizeof(encrypted));
|
||||
encrypted, sizeof(encrypted), 0);
|
||||
if (encryptedSz < 0)
|
||||
return -1;
|
||||
|
||||
#ifdef ASN_BER_TO_DER
|
||||
/* recreate the bundle with BER encoding */
|
||||
encryptedSz = envelopedData_encrypt(cert, certSz, key, keySz,
|
||||
encrypted, sizeof(encrypted), 1);
|
||||
if (encryptedSz < 0)
|
||||
return -1;
|
||||
#endif
|
||||
|
||||
#ifdef DEBUG_WOLFSSL
|
||||
printf("EnvelopedData DER (%d byte):\n", encryptedSz);
|
||||
WOLFSSL_BUFFER(encrypted, encryptedSz);
|
||||
|
|
|
|||
|
|
@ -79,7 +79,8 @@ static int write_file_buffer(const char* fileName, byte* in, word32 inSz)
|
|||
}
|
||||
|
||||
static int signedData_sign_noattrs(byte* cert, word32 certSz, byte* key,
|
||||
word32 keySz, byte* out, word32 outSz)
|
||||
word32 keySz, byte* out, word32 outSz,
|
||||
byte streamMode, byte noCerts)
|
||||
{
|
||||
int ret;
|
||||
PKCS7* pkcs7;
|
||||
|
|
@ -118,6 +119,14 @@ static int signedData_sign_noattrs(byte* cert, word32 certSz, byte* key,
|
|||
pkcs7->signedAttribs = NULL;
|
||||
pkcs7->signedAttribsSz = 0;
|
||||
|
||||
if (streamMode) {
|
||||
wc_PKCS7_SetStreamMode(pkcs7, 1);
|
||||
}
|
||||
|
||||
if (noCerts) {
|
||||
wc_PKCS7_SetNoCerts(pkcs7, 1);
|
||||
}
|
||||
|
||||
/* encode signedData, returns size */
|
||||
ret = wc_PKCS7_EncodeSignedData(pkcs7, out, outSz);
|
||||
if (ret <= 0) {
|
||||
|
|
@ -127,8 +136,8 @@ static int signedData_sign_noattrs(byte* cert, word32 certSz, byte* key,
|
|||
return -1;
|
||||
|
||||
} else {
|
||||
printf("Successfully encoded SignedData bundle (%s)\n",
|
||||
encodedFileNoAttrs);
|
||||
printf("Successfully encoded SignedData bundle (%s) %s\n",
|
||||
encodedFileNoAttrs, (noCerts)? "No Certs Added":"");
|
||||
|
||||
#ifdef DEBUG_WOLFSSL
|
||||
printf("Encoded DER (%d bytes):\n", ret);
|
||||
|
|
@ -244,10 +253,14 @@ static int signedData_verify(byte* in, word32 inSz, byte* cert,
|
|||
|
||||
if (ret < 0 || (pkcs7->contentSz != sizeof(data)) ||
|
||||
(XMEMCMP(pkcs7->content, data, pkcs7->contentSz) != 0)) {
|
||||
printf("ERROR: Failed to verify SignedData bundle, ret = %d\n", ret);
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -1;
|
||||
|
||||
if (ret == PKCS7_SIGNEEDS_CHECK) {
|
||||
printf("WARNING: Parsed through bundle but no certificates found to"
|
||||
" verify signature with\n");
|
||||
}
|
||||
else {
|
||||
printf("ERROR: Failed to verify SignedData bundle, ret = %d\n",
|
||||
ret);
|
||||
}
|
||||
} else {
|
||||
printf("Successfully verified SignedData bundle.\n");
|
||||
|
||||
|
|
@ -287,7 +300,7 @@ int main(int argc, char** argv)
|
|||
|
||||
/* no attributes */
|
||||
encryptedSz = signedData_sign_noattrs(cert, certSz, key, keySz,
|
||||
encrypted, sizeof(encrypted));
|
||||
encrypted, sizeof(encrypted), 0, 0);
|
||||
if (encryptedSz < 0)
|
||||
return -1;
|
||||
|
||||
|
|
@ -297,6 +310,19 @@ int main(int argc, char** argv)
|
|||
if (decryptedSz < 0)
|
||||
return -1;
|
||||
|
||||
/* no attributes, stream mode, and no certs */
|
||||
encryptedSz = signedData_sign_noattrs(cert, certSz, key, keySz,
|
||||
encrypted, sizeof(encrypted), 1, 1);
|
||||
if (encryptedSz < 0)
|
||||
return -1;
|
||||
|
||||
decryptedSz = signedData_verify(encrypted, encryptedSz,
|
||||
cert, certSz, key, keySz,
|
||||
decrypted, sizeof(decrypted));
|
||||
/* should be error to warn that the signature needs checked */
|
||||
if (decryptedSz != PKCS7_SIGNEEDS_CHECK)
|
||||
return -1;
|
||||
|
||||
/* default attributes + messageType attribute */
|
||||
encryptedSz = signedData_sign_attrs(cert, certSz, key, keySz,
|
||||
encrypted, sizeof(encrypted));
|
||||
|
|
|
|||
Loading…
Reference in New Issue