From aa7a8cb51f3baf2df0f6ddbfefec4e22545079d4 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Tue, 23 Oct 2018 10:05:14 -0600 Subject: [PATCH] update PKCS7/CMS README, add license header to pkcs7-verify.c --- pkcs7/README.md | 100 +++++++++++++++++- pkcs7/pkcs7-verify.c | 20 ++++ pkcs7/signedData-CompressedFirmwarePkgData.c | 17 ++- ...dData-EncryptedCompressedFirmwarePkgData.c | 16 ++- pkcs7/signedData-EncryptedFirmwarePkgData.c | 17 ++- pkcs7/signedData-FirmwarePkgData.c | 17 ++- pkcs7/signedData.c | 15 ++- 7 files changed, 186 insertions(+), 16 deletions(-) diff --git a/pkcs7/README.md b/pkcs7/README.md index 0c813585..880b3c6b 100644 --- a/pkcs7/README.md +++ b/pkcs7/README.md @@ -56,10 +56,10 @@ Successfully encoded EncryptedData bundle (encryptedData.der) ### EnvelopedData using KTRI RecipientInfo -Example file: `envelopedData-ktri.c +Example file: `envelopedData-ktri.c` ``` -./envelopedData-ktri +./envelopedData-ktri Successfully encoded EnvelopedData bundle (envelopedDataKTRI.der) ``` @@ -90,3 +90,99 @@ Example file: `envelopedData-ori.c` Successfully encoded EnvelopedData bundle (envelopedDataORI.der) ``` +### AuthEnvelopedData using KTRI RecipientInfo + +Example file: `authEnvelopedData-ktri.c` + +``` +./authEnvelopedData-ktri +Successfully encoded AuthEnvelopedData bundle (authEnvelopedDataKTRI.der) +``` + +### AuthEnvelopedData using KARI RecipientInfo + +Example file: `authEnvelopedData-kari.c` + +``` +./authEnvelopedData-kari +Successfully encoded AuthEnvelopedData bundle (authEnvelopedDataKARI.der) +``` + +### AuthEnvelopedData using PWRI RecipientInfo + +Example file: `authEnvelopedData-pwri.c` + +``` +./authEnvelopedData-pwri +Successfully encoded AuthEnvelopedData bundle (authEnvelopedDataPWRI.der) +``` + +### AuthEnvelopedData using ORI RecipientInfo + +Example file: `authEnvelopedData-ori.c` + +``` +./authEnvelopedData-ori +Successfully encoded AuthEnvelopedData bundle (authEnvelopedDataORI.der) +``` + +### SignedData + +Example file: `signedData.c` + +``` +./signedData +Successfully encoded SignedData bundle (signedData_noattrs.der) +Successfully verified SignedData bundle. +Successfully encoded SignedData bundle (signedData_attrs.der) +Successfully verified SignedData bundle. +``` + +### SignedData encapsulating FirmwarePkgData + +Example file: `signedData-FirmwarePkgData.c` + +``` +./signedData-FirmwarePkgData +Successfully encoded Signed FirmwarePkgData bundle (signedFirmwarePkgData_noattrs.der) +Successfully verified SignedData bundle. +Successfully encoded Signed FirmwarePkgData bundle (signedFirmwarePkgData_attrs.der) +Successfully verified SignedData bundle. +``` + +### SignedData encapsulating Encrypted FirmwarePkgData + +Example file: `signedData-EncryptedFirmwarePkgData.c` + +``` +./signedData-EncryptedFirmwarePkgData +Successfully encoded Signed Encrypted FirmwarePkgData (signedEncryptedFPD_noattrs.der) +Successfully extracted and verified bundle contents +Successfully encoded Signed Encrypted FirmwarePkgData (signedEncryptedFPD_attrs.der) +Successfully extracted and verified bundle contents +``` + +### SignedData encapsulating Compressed FirmwarePkgData + +Example file: `signedData-CompressedFirmwarePkgData.c` + +``` +./signedData-CommpressedFirmwarePkgData +Successfully encoded Signed Compressed FirmwarePkgData (signedCompressedFPD_noattrs.der) +Successfully extracted and verified bundle contents +Successfully encoded Signed Compressed FirmwarePkgData (signedCompressedFPD_attrs.der) +Successfully extracted and verified bundle contents +``` + +### SignedData encapsulating Encrypted Compressed FirmwarePkgData + +Example file: `signedData-EncryptedCompressedFirmwarePkgData.c` + +``` +./signedData-EncryptedCommpressedFirmwarePkgData +Successfully encoded Signed Encrypted Compressed FirmwarePkgData (signedEncryptedCompressedFPD_noattrs.der) +Successfully extracted and verified bundle contents +Successfully encoded Signed Encrypted Compressed FirmwarePkgData (signedEncryptedCompressedFPD_attrs.der) +Successfully extracted and verified bundle contents +``` + diff --git a/pkcs7/pkcs7-verify.c b/pkcs7/pkcs7-verify.c index 864d25ef..5d56425f 100644 --- a/pkcs7/pkcs7-verify.c +++ b/pkcs7/pkcs7-verify.c @@ -1,3 +1,23 @@ +/* pkcs7-verify.c + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ #include #include #include diff --git a/pkcs7/signedData-CompressedFirmwarePkgData.c b/pkcs7/signedData-CompressedFirmwarePkgData.c index 605c99c9..d9ddb86e 100644 --- a/pkcs7/signedData-CompressedFirmwarePkgData.c +++ b/pkcs7/signedData-CompressedFirmwarePkgData.c @@ -1,4 +1,4 @@ -/* signedCompressedFirmwarePkgData.c +/* signedData-CompressedFirmwarePkgData.c * * Copyright (C) 2006-2018 wolfSSL Inc. * @@ -119,9 +119,13 @@ static int signedData_sign_noattrs(byte* cert, word32 certSz, byte* privateKey, return -1; } else { - printf("Successfully encoded Signed Compressed FirmwarePkgData.\n"); + printf("Successfully encoded Signed Compressed FirmwarePkgData (%s)\n", + encodedFileNoAttrs); + +#ifdef DEBUG_WOLFSSL printf("Encoded DER (%d bytes):\n", ret); WOLFSSL_BUFFER(out, ret); +#endif if (write_file_buffer(encodedFileNoAttrs, out, ret) != 0) { printf("ERROR: error writing encoded to output file\n"); @@ -177,9 +181,13 @@ static int signedData_sign_attrs(byte* cert, word32 certSz, byte* privateKey, return -1; } else { - printf("Successfully encoded Signed Compressed FirmwarePkgData.\n"); + printf("Successfully encoded Signed Compressed FirmwarePkgData (%s)\n", + encodedFileAttrs); + +#ifdef DEBUG_WOLFSSL printf("Encoded DER (%d bytes):\n", ret); WOLFSSL_BUFFER(out, ret); +#endif if (write_file_buffer(encodedFileAttrs, out, ret) != 0) { printf("ERROR: error writing encoded to output file\n"); @@ -231,8 +239,11 @@ static int signedData_verify(byte* in, word32 inSz, byte* cert, } else { printf("Successfully extracted and verified bundle contents\n"); + +#ifdef DEBUG_WOLFSSL printf("Decoded content (%d bytes):\n", ret); WOLFSSL_BUFFER(out, ret); +#endif } wc_PKCS7_Free(pkcs7); diff --git a/pkcs7/signedData-EncryptedCompressedFirmwarePkgData.c b/pkcs7/signedData-EncryptedCompressedFirmwarePkgData.c index 21c3943b..d0caecf2 100644 --- a/pkcs7/signedData-EncryptedCompressedFirmwarePkgData.c +++ b/pkcs7/signedData-EncryptedCompressedFirmwarePkgData.c @@ -1,4 +1,4 @@ -/* signedEncryptedCompressedFirmwarePkgData.c +/* signedData-EncryptedCompressedFirmwarePkgData.c * * Copyright (C) 2006-2018 wolfSSL Inc. * @@ -134,9 +134,13 @@ static int signedData_sign_noattrs(byte* cert, word32 certSz, byte* privateKey, } else { printf("Successfully encoded Signed Encrypted Compressed " - "FirmwarePkgData.\n"); + "FirmwarePkgData (%s)\n", + encodedFileNoAttrs); + +#ifdef DEBUG_WOLFSSL printf("Encoded DER (%d bytes):\n", ret); WOLFSSL_BUFFER(out, ret); +#endif if (write_file_buffer(encodedFileNoAttrs, out, ret) != 0) { printf("ERROR: error writing encoded to output file\n"); @@ -198,9 +202,12 @@ static int signedData_sign_attrs(byte* cert, word32 certSz, byte* privateKey, } else { printf("Successfully encoded Signed Encrypted Compressed " - "FirmwarePkgData.\n"); + "FirmwarePkgData (%s)\n", encodedFileAttrs); + +#ifdef DEBUG_WOLFSSL printf("Encoded DER (%d bytes):\n", ret); WOLFSSL_BUFFER(out, ret); +#endif if (write_file_buffer(encodedFileAttrs, out, ret) != 0) { printf("ERROR: error writing encoded to output file\n"); @@ -272,8 +279,11 @@ static int signedData_verify(byte* in, word32 inSz, byte* cert, } else { printf("Successfully extracted and verified bundle contents\n"); + +#ifdef DEBUG_WOLFSSL printf("Decoded content (%d bytes):\n", ret); WOLFSSL_BUFFER(out, ret); +#endif } wc_PKCS7_Free(pkcs7); diff --git a/pkcs7/signedData-EncryptedFirmwarePkgData.c b/pkcs7/signedData-EncryptedFirmwarePkgData.c index 836cdce0..0e8fb309 100644 --- a/pkcs7/signedData-EncryptedFirmwarePkgData.c +++ b/pkcs7/signedData-EncryptedFirmwarePkgData.c @@ -1,4 +1,4 @@ -/* signedEncryptedFirmwarePkgData.c +/* signedData-EncryptedFirmwarePkgData.c * * Copyright (C) 2006-2018 wolfSSL Inc. * @@ -130,9 +130,13 @@ static int signedData_sign_noattrs(byte* cert, word32 certSz, byte* privateKey, return -1; } else { - printf("Successfully encoded Signed Encrypted FirmwarePkgData.\n"); + printf("Successfully encoded Signed Encrypted FirmwarePkgData (%s)\n", + encodedFileNoAttrs); + +#ifdef DEBUG_WOLFSSL printf("Encoded DER (%d bytes):\n", ret); WOLFSSL_BUFFER(out, ret); +#endif if (write_file_buffer(encodedFileNoAttrs, out, ret) != 0) { printf("ERROR: error writing encoded to output file\n"); @@ -193,9 +197,13 @@ static int signedData_sign_attrs(byte* cert, word32 certSz, byte* privateKey, return -1; } else { - printf("Successfully encoded Signed Encrypted FirmwarePkgData.\n"); + printf("Successfully encoded Signed Encrypted FirmwarePkgData (%s)\n", + encodedFileAttrs); + +#ifdef DEBUG_WOLFSSL printf("Encoded DER (%d bytes):\n", ret); WOLFSSL_BUFFER(out, ret); +#endif if (write_file_buffer(encodedFileAttrs, out, ret) != 0) { printf("ERROR: error writing encoded to output file\n"); @@ -251,8 +259,11 @@ static int signedData_verify(byte* in, word32 inSz, byte* cert, } else { printf("Successfully extracted and verified bundle contents\n"); + +#ifdef DEBUG_WOLFSSL printf("Decoded content (%d bytes):\n", ret); WOLFSSL_BUFFER(out, ret); +#endif } wc_PKCS7_Free(pkcs7); diff --git a/pkcs7/signedData-FirmwarePkgData.c b/pkcs7/signedData-FirmwarePkgData.c index 570479be..b58fc0fd 100644 --- a/pkcs7/signedData-FirmwarePkgData.c +++ b/pkcs7/signedData-FirmwarePkgData.c @@ -1,4 +1,4 @@ -/* signedData_firmwarePkgData.c +/* signedData-firmwarePkgData.c * * Copyright (C) 2006-2018 wolfSSL Inc. * @@ -115,9 +115,13 @@ static int signedData_sign_noattrs(byte* cert, word32 certSz, byte* key, return -1; } else { - printf("Successfully encoded Signed FirmwarePkgData bundle.\n"); + printf("Successfully encoded Signed FirmwarePkgData bundle (%s)\n", + encodedFileNoAttrs); + +#ifdef DEBUG_WOLFSSL printf("Encoded DER (%d bytes):\n", ret); WOLFSSL_BUFFER(out, ret); +#endif if (write_file_buffer(encodedFileNoAttrs, out, ret) != 0) { printf("ERROR: error writing encoded to output file\n"); @@ -172,9 +176,13 @@ static int signedData_sign_attrs(byte* cert, word32 certSz, byte* key, return -1; } else { - printf("Successfully encoded Signed FirmwarePkgData bundle.\n"); + printf("Successfully encoded Signed FirmwarePkgData bundle (%s)\n", + encodedFileAttrs); + +#ifdef DEBUG_WOLFSSL printf("Encoded DER (%d bytes):\n", ret); WOLFSSL_BUFFER(out, ret); +#endif if (write_file_buffer(encodedFileAttrs, out, ret) != 0) { printf("ERROR: error writing encoded to output file\n"); @@ -208,8 +216,11 @@ static int signedData_verify(byte* in, word32 inSz, byte* cert, return -1; } else { printf("Successfully verified SignedData bundle.\n"); + +#ifdef DEBUG_WOLFSSL printf("Decoded content (%d bytes):\n", pkcs7->contentSz); WOLFSSL_BUFFER(pkcs7->content, pkcs7->contentSz); +#endif } wc_PKCS7_Free(pkcs7); diff --git a/pkcs7/signedData.c b/pkcs7/signedData.c index e4b6be6b..2de50673 100644 --- a/pkcs7/signedData.c +++ b/pkcs7/signedData.c @@ -127,9 +127,13 @@ static int signedData_sign_noattrs(byte* cert, word32 certSz, byte* key, return -1; } else { - printf("Successfully encoded SignedData bundle.\n"); + printf("Successfully encoded SignedData bundle (%s)\n", + encodedFileNoAttrs); + +#ifdef DEBUG_WOLFSSL printf("Encoded DER (%d bytes):\n", ret); WOLFSSL_BUFFER(out, ret); +#endif if (write_file_buffer(encodedFileNoAttrs, out, ret) != 0) { printf("ERROR: error writing encoded to output file\n"); @@ -203,9 +207,13 @@ static int signedData_sign_attrs(byte* cert, word32 certSz, byte* key, return -1; } else { - printf("Successfully encoded SignedData bundle.\n"); + printf("Successfully encoded SignedData bundle (%s)\n", + encodedFileAttrs); + +#ifdef DEBUG_WOLFSSL printf("Encoded DER (%d bytes):\n", ret); WOLFSSL_BUFFER(out, ret); +#endif if (write_file_buffer(encodedFileAttrs, out, ret) != 0) { printf("ERROR: error writing encoded to output file\n"); @@ -240,8 +248,11 @@ static int signedData_verify(byte* in, word32 inSz, byte* cert, return -1; } else { printf("Successfully verified SignedData bundle.\n"); + +#ifdef DEBUG_WOLFSSL printf("Decoded content (%d bytes):\n", pkcs7->contentSz); WOLFSSL_BUFFER(pkcs7->content, pkcs7->contentSz); +#endif } wc_PKCS7_Free(pkcs7);