2
0

pkcs7.h 23 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613
  1. /*!
  2. \ingroup PKCS7
  3. \brief This function initializes a PKCS7 structure with a DER-formatted
  4. certificate. To initialize an empty PKCS7 structure, one can pass in a NULL
  5. cert and 0 for certSz.
  6. \return 0 Returned on successfully initializing the PKCS7 structure
  7. \return MEMORY_E Returned if there is an error allocating memory
  8. with XMALLOC
  9. \return ASN_PARSE_E Returned if there is an error parsing the cert header
  10. \return ASN_OBJECT_ID_E Returned if there is an error parsing the
  11. encryption type from the cert
  12. \return ASN_EXPECT_0_E Returned if there is a formatting error in the
  13. encryption specification of the cert file
  14. \return ASN_BEFORE_DATE_E Returned if the date is before the certificate
  15. start date
  16. \return ASN_AFTER_DATE_E Returned if the date is after the certificate
  17. expiration date
  18. \return ASN_BITSTR_E Returned if there is an error parsing a bit string
  19. from the certificate
  20. \return ECC_CURVE_OID_E Returned if there is an error parsing the ECC
  21. key from the certificate
  22. \return ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown
  23. key object id
  24. \return ASN_VERSION_E Returned if the ALLOW_V1_EXTENSIONS option is not
  25. defined and the certificate is a V1 or V2 certificate
  26. \return BAD_FUNC_ARG Returned if there is an error processing the
  27. certificate extension
  28. \return ASN_CRIT_EXT_E Returned if an unfamiliar critical extension is
  29. encountered in processing the certificate
  30. \return ASN_SIG_OID_E Returned if the signature encryption type is not
  31. the same as the encryption type of the certificate in the provided file
  32. \return ASN_SIG_CONFIRM_E Returned if confirming the certification
  33. signature fails
  34. \return ASN_NAME_INVALID_E Returned if the certificate’s name is not
  35. permitted by the CA name constraints
  36. \return ASN_NO_SIGNER_E Returned if there is no CA signer to verify
  37. the certificate’s authenticity
  38. \param pkcs7 pointer to the PKCS7 structure in which to
  39. store the decoded cert
  40. \param cert pointer to a buffer containing a DER formatted ASN.1
  41. certificate with which to initialize the PKCS7 structure
  42. \param certSz size of the certificate buffer
  43. _Example_
  44. \code
  45. PKCS7 pkcs7;
  46. byte derBuff[] = { }; // initialize with DER-encoded certificate
  47. if ( wc_PKCS7_InitWithCert(&pkcs7, derBuff, sizeof(derBuff)) != 0 ) {
  48. // error parsing certificate into pkcs7 format
  49. }
  50. \endcode
  51. \sa wc_PKCS7_Free
  52. */
  53. int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz);
  54. /*!
  55. \ingroup PKCS7
  56. \brief This function releases any memory allocated by a PKCS7 initializer.
  57. \return none No returns.
  58. \param pkcs7 pointer to the PKCS7 structure to free
  59. _Example_
  60. \code
  61. PKCS7 pkcs7;
  62. // initialize and use PKCS7 object
  63. wc_PKCS7_Free(pkcs7);
  64. \endcode
  65. \sa wc_PKCS7_InitWithCert
  66. */
  67. void wc_PKCS7_Free(PKCS7* pkcs7);
  68. /*!
  69. \ingroup PKCS7
  70. \brief This function builds the PKCS7 data content type, encoding the
  71. PKCS7 structure into a buffer containing a parsable PKCS7 data packet.
  72. \return Success On successfully encoding the PKCS7 data into the buffer,
  73. returns the index parsed up to in the PKCS7 structure. This index also
  74. corresponds to the bytes written to the output buffer.
  75. \return BUFFER_E Returned if the given buffer is not large enough to hold
  76. the encoded certificate
  77. \param pkcs7 pointer to the PKCS7 structure to encode
  78. \param output pointer to the buffer in which to store the encoded
  79. certificate
  80. \param outputSz size available in the output buffer
  81. _Example_
  82. \code
  83. PKCS7 pkcs7;
  84. int ret;
  85. byte derBuff[] = { }; // initialize with DER-encoded certificate
  86. byte pkcs7Buff[FOURK_BUF];
  87. wc_PKCS7_InitWithCert(&pkcs7, derBuff, sizeof(derBuff));
  88. // update message and data to encode
  89. pkcs7.privateKey = key;
  90. pkcs7.privateKeySz = keySz;
  91. pkcs7.content = data;
  92. pkcs7.contentSz = dataSz;
  93. ... etc.
  94. ret = wc_PKCS7_EncodeData(&pkcs7, pkcs7Buff, sizeof(pkcs7Buff));
  95. if ( ret != 0 ) {
  96. // error encoding into output buffer
  97. }
  98. \endcode
  99. \sa wc_PKCS7_InitWithCert
  100. */
  101. int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output,
  102. word32 outputSz);
  103. /*!
  104. \ingroup PKCS7
  105. \brief This function builds the PKCS7 signed data content type, encoding
  106. the PKCS7 structure into a buffer containing a parsable PKCS7
  107. signed data packet.
  108. \return Success On successfully encoding the PKCS7 data into the buffer,
  109. returns the index parsed up to in the PKCS7 structure. This index also
  110. corresponds to the bytes written to the output buffer.
  111. \return BAD_FUNC_ARG Returned if the PKCS7 structure is missing one or
  112. more required elements to generate a signed data packet
  113. \return MEMORY_E Returned if there is an error allocating memory
  114. \return PUBLIC_KEY_E Returned if there is an error parsing the public key
  115. \return RSA_BUFFER_E Returned if buffer error, output too small or input
  116. too large
  117. \return BUFFER_E Returned if the given buffer is not large enough to hold
  118. the encoded certificate
  119. \return MP_INIT_E may be returned if there is an error generating
  120. the signature
  121. \return MP_READ_E may be returned if there is an error generating
  122. the signature
  123. \return MP_CMP_E may be returned if there is an error generating
  124. the signature
  125. \return MP_INVMOD_E may be returned if there is an error generating
  126. the signature
  127. \return MP_EXPTMOD_E may be returned if there is an error generating
  128. the signature
  129. \return MP_MOD_E may be returned if there is an error generating
  130. the signature
  131. \return MP_MUL_E may be returned if there is an error generating
  132. the signature
  133. \return MP_ADD_E may be returned if there is an error generating
  134. the signature
  135. \return MP_MULMOD_E may be returned if there is an error generating
  136. the signature
  137. \return MP_TO_E may be returned if there is an error generating
  138. the signature
  139. \return MP_MEM may be returned if there is an error generating the signature
  140. \param pkcs7 pointer to the PKCS7 structure to encode
  141. \param output pointer to the buffer in which to store the
  142. encoded certificate
  143. \param outputSz size available in the output buffer
  144. _Example_
  145. \code
  146. PKCS7 pkcs7;
  147. int ret;
  148. byte data[] = {}; // initialize with data to sign
  149. byte derBuff[] = { }; // initialize with DER-encoded certificate
  150. byte pkcs7Buff[FOURK_BUF];
  151. wc_PKCS7_InitWithCert(&pkcs7, derBuff, sizeof(derBuff));
  152. // update message and data to encode
  153. pkcs7.privateKey = key;
  154. pkcs7.privateKeySz = keySz;
  155. pkcs7.content = data;
  156. pkcs7.contentSz = dataSz;
  157. pkcs7.hashOID = SHAh;
  158. pkcs7.rng = &rng;
  159. ... etc.
  160. ret = wc_PKCS7_EncodeSignedData(&pkcs7, pkcs7Buff, sizeof(pkcs7Buff));
  161. if ( ret != 0 ) {
  162. // error encoding into output buffer
  163. }
  164. wc_PKCS7_Free(&pkcs7);
  165. \endcode
  166. \sa wc_PKCS7_InitWithCert
  167. \sa wc_PKCS7_VerifySignedData
  168. */
  169. int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
  170. byte* output, word32 outputSz);
  171. /*!
  172. \ingroup PKCS7
  173. \brief This function builds the PKCS7 signed data content type, encoding
  174. the PKCS7 structure into a header and footer buffer containing a parsable PKCS7
  175. signed data packet. This does not include the content.
  176. A hash must be computed and provided for the data
  177. \return 0=Success
  178. \return BAD_FUNC_ARG Returned if the PKCS7 structure is missing one or
  179. more required elements to generate a signed data packet
  180. \return MEMORY_E Returned if there is an error allocating memory
  181. \return PUBLIC_KEY_E Returned if there is an error parsing the public key
  182. \return RSA_BUFFER_E Returned if buffer error, output too small or input
  183. too large
  184. \return BUFFER_E Returned if the given buffer is not large enough to hold
  185. the encoded certificate
  186. \return MP_INIT_E may be returned if there is an error generating
  187. the signature
  188. \return MP_READ_E may be returned if there is an error generating
  189. the signature
  190. \return MP_CMP_E may be returned if there is an error generating
  191. the signature
  192. \return MP_INVMOD_E may be returned if there is an error generating
  193. the signature
  194. \return MP_EXPTMOD_E may be returned if there is an error generating
  195. the signature
  196. \return MP_MOD_E may be returned if there is an error generating
  197. the signature
  198. \return MP_MUL_E may be returned if there is an error generating
  199. the signature
  200. \return MP_ADD_E may be returned if there is an error generating
  201. the signature
  202. \return MP_MULMOD_E may be returned if there is an error generating
  203. the signature
  204. \return MP_TO_E may be returned if there is an error generating
  205. the signature
  206. \return MP_MEM may be returned if there is an error generating the signature
  207. \param pkcs7 pointer to the PKCS7 structure to encode
  208. \param hashBuf pointer to computed hash for the content data
  209. \param hashSz size of the digest
  210. \param outputHead pointer to the buffer in which to store the
  211. encoded certificate header
  212. \param outputHeadSz pointer populated with size of output header buffer
  213. and returns actual size
  214. \param outputFoot pointer to the buffer in which to store the
  215. encoded certificate footer
  216. \param outputFootSz pointer populated with size of output footer buffer
  217. and returns actual size
  218. _Example_
  219. \code
  220. PKCS7 pkcs7;
  221. int ret;
  222. byte derBuff[] = { }; // initialize with DER-encoded certificate
  223. byte data[] = {}; // initialize with data to sign
  224. byte pkcs7HeadBuff[FOURK_BUF/2];
  225. byte pkcs7FootBuff[FOURK_BUF/2];
  226. word32 pkcs7HeadSz = (word32)sizeof(pkcs7HeadBuff);
  227. word32 pkcs7FootSz = (word32)sizeof(pkcs7HeadBuff);
  228. enum wc_HashType hashType = WC_HASH_TYPE_SHA;
  229. byte hashBuf[WC_MAX_DIGEST_SIZE];
  230. word32 hashSz = wc_HashGetDigestSize(hashType);
  231. wc_PKCS7_InitWithCert(&pkcs7, derBuff, sizeof(derBuff));
  232. // update message and data to encode
  233. pkcs7.privateKey = key;
  234. pkcs7.privateKeySz = keySz;
  235. pkcs7.content = NULL;
  236. pkcs7.contentSz = dataSz;
  237. pkcs7.hashOID = SHAh;
  238. pkcs7.rng = &rng;
  239. ... etc.
  240. // calculate hash for content
  241. ret = wc_HashInit(&hash, hashType);
  242. if (ret == 0) {
  243. ret = wc_HashUpdate(&hash, hashType, data, sizeof(data));
  244. if (ret == 0) {
  245. ret = wc_HashFinal(&hash, hashType, hashBuf);
  246. }
  247. wc_HashFree(&hash, hashType);
  248. }
  249. ret = wc_PKCS7_EncodeSignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff,
  250. &pkcs7HeadSz, pkcs7FootBuff, &pkcs7FootSz);
  251. if ( ret != 0 ) {
  252. // error encoding into output buffer
  253. }
  254. wc_PKCS7_Free(&pkcs7);
  255. \endcode
  256. \sa wc_PKCS7_InitWithCert
  257. \sa wc_PKCS7_VerifySignedData_ex
  258. */
  259. int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
  260. word32 hashSz, byte* outputHead, word32* outputHeadSz, byte* outputFoot,
  261. word32* outputFootSz);
  262. /*!
  263. \ingroup PKCS7
  264. \brief This function takes in a transmitted PKCS7 signed data message,
  265. extracts the certificate list and certificate revocation list, and then
  266. verifies the signature. It stores the extracted content in the given
  267. PKCS7 structure.
  268. \return 0 Returned on successfully extracting the information
  269. from the message
  270. \return BAD_FUNC_ARG Returned if one of the input parameters is invalid
  271. \return ASN_PARSE_E Returned if there is an error parsing from the
  272. given pkiMsg
  273. \return PKCS7_OID_E Returned if the given pkiMsg is not a signed data type
  274. \return ASN_VERSION_E Returned if the PKCS7 signer info is not version 1
  275. \return MEMORY_E Returned if there is an error allocating memory
  276. \return PUBLIC_KEY_E Returned if there is an error parsing the public key
  277. \return RSA_BUFFER_E Returned if buffer error, output too small or
  278. input too large
  279. \return BUFFER_E Returned if the given buffer is not large enough to
  280. hold the encoded certificate
  281. \return MP_INIT_E may be returned if there is an error generating
  282. the signature
  283. \return MP_READ_E may be returned if there is an error generating
  284. the signature
  285. \return MP_CMP_E may be returned if there is an error generating
  286. the signature
  287. \return MP_INVMOD_E may be returned if there is an error generating
  288. the signature
  289. \return MP_EXPTMOD_E may be returned if there is an error generating
  290. the signature
  291. \return MP_MOD_E may be returned if there is an error generating
  292. the signature
  293. \return MP_MUL_E may be returned if there is an error generating
  294. the signature
  295. \return MP_ADD_E may be returned if there is an error generating
  296. the signature
  297. \return MP_MULMOD_E may be returned if there is an error generating
  298. the signature
  299. \return MP_TO_E may be returned if there is an error generating
  300. the signature
  301. \return MP_MEM may be returned if there is an error generating the signature
  302. \param pkcs7 pointer to the PKCS7 structure in which to store the parsed
  303. certificates
  304. \param pkiMsg pointer to the buffer containing the signed message to verify
  305. and decode
  306. \param pkiMsgSz size of the signed message
  307. _Example_
  308. \code
  309. PKCS7 pkcs7;
  310. int ret;
  311. byte pkcs7Buff[] = {}; // the PKCS7 signature
  312. wc_PKCS7_InitWithCert(&pkcs7, NULL, 0);
  313. // update message and data to encode
  314. pkcs7.privateKey = key;
  315. pkcs7.privateKeySz = keySz;
  316. pkcs7.content = data;
  317. pkcs7.contentSz = dataSz;
  318. ... etc.
  319. ret = wc_PKCS7_VerifySignedData(&pkcs7, pkcs7Buff, sizeof(pkcs7Buff));
  320. if ( ret != 0 ) {
  321. // error encoding into output buffer
  322. }
  323. wc_PKCS7_Free(&pkcs7);
  324. \endcode
  325. \sa wc_PKCS7_InitWithCert
  326. \sa wc_PKCS7_EncodeSignedData
  327. */
  328. int wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
  329. byte* pkiMsg, word32 pkiMsgSz);
  330. /*!
  331. \ingroup PKCS7
  332. \brief This function takes in a transmitted PKCS7 signed data message as
  333. hash/header/footer, then extracts the certificate list and certificate
  334. revocation list, and then verifies the signature. It stores the extracted
  335. content in the given PKCS7 structure.
  336. \return 0 Returned on successfully extracting the information
  337. from the message
  338. \return BAD_FUNC_ARG Returned if one of the input parameters is invalid
  339. \return ASN_PARSE_E Returned if there is an error parsing from the
  340. given pkiMsg
  341. \return PKCS7_OID_E Returned if the given pkiMsg is not a signed data type
  342. \return ASN_VERSION_E Returned if the PKCS7 signer info is not version 1
  343. \return MEMORY_E Returned if there is an error allocating memory
  344. \return PUBLIC_KEY_E Returned if there is an error parsing the public key
  345. \return RSA_BUFFER_E Returned if buffer error, output too small or
  346. input too large
  347. \return BUFFER_E Returned if the given buffer is not large enough to
  348. hold the encoded certificate
  349. \return MP_INIT_E may be returned if there is an error generating
  350. the signature
  351. \return MP_READ_E may be returned if there is an error generating
  352. the signature
  353. \return MP_CMP_E may be returned if there is an error generating
  354. the signature
  355. \return MP_INVMOD_E may be returned if there is an error generating
  356. the signature
  357. \return MP_EXPTMOD_E may be returned if there is an error generating
  358. the signature
  359. \return MP_MOD_E may be returned if there is an error generating
  360. the signature
  361. \return MP_MUL_E may be returned if there is an error generating
  362. the signature
  363. \return MP_ADD_E may be returned if there is an error generating
  364. the signature
  365. \return MP_MULMOD_E may be returned if there is an error generating
  366. the signature
  367. \return MP_TO_E may be returned if there is an error generating
  368. the signature
  369. \return MP_MEM may be returned if there is an error generating the signature
  370. \param pkcs7 pointer to the PKCS7 structure in which to store the parsed
  371. certificates
  372. \param hashBuf pointer to computed hash for the content data
  373. \param hashSz size of the digest
  374. \param pkiMsgHead pointer to the buffer containing the signed message header
  375. to verify and decode
  376. \param pkiMsgHeadSz size of the signed message header
  377. \param pkiMsgFoot pointer to the buffer containing the signed message footer
  378. to verify and decode
  379. \param pkiMsgFootSz size of the signed message footer
  380. _Example_
  381. \code
  382. PKCS7 pkcs7;
  383. int ret;
  384. byte data[] = {}; // initialize with data to sign
  385. byte pkcs7HeadBuff[] = {}; // initialize with PKCS7 header
  386. byte pkcs7FootBuff[] = {}; // initialize with PKCS7 footer
  387. enum wc_HashType hashType = WC_HASH_TYPE_SHA;
  388. byte hashBuf[WC_MAX_DIGEST_SIZE];
  389. word32 hashSz = wc_HashGetDigestSize(hashType);
  390. wc_PKCS7_InitWithCert(&pkcs7, NULL, 0);
  391. // update message and data to encode
  392. pkcs7.privateKey = key;
  393. pkcs7.privateKeySz = keySz;
  394. pkcs7.content = NULL;
  395. pkcs7.contentSz = dataSz;
  396. pkcs7.rng = &rng;
  397. ... etc.
  398. // calculate hash for content
  399. ret = wc_HashInit(&hash, hashType);
  400. if (ret == 0) {
  401. ret = wc_HashUpdate(&hash, hashType, data, sizeof(data));
  402. if (ret == 0) {
  403. ret = wc_HashFinal(&hash, hashType, hashBuf);
  404. }
  405. wc_HashFree(&hash, hashType);
  406. }
  407. ret = wc_PKCS7_VerifySignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff,
  408. sizeof(pkcs7HeadBuff), pkcs7FootBuff, sizeof(pkcs7FootBuff));
  409. if ( ret != 0 ) {
  410. // error encoding into output buffer
  411. }
  412. wc_PKCS7_Free(&pkcs7);
  413. \endcode
  414. \sa wc_PKCS7_InitWithCert
  415. \sa wc_PKCS7_EncodeSignedData_ex
  416. */
  417. int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
  418. word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot,
  419. word32 pkiMsgFootSz);
  420. /*!
  421. \ingroup PKCS7
  422. \brief This function builds the PKCS7 enveloped data content type, encoding
  423. the PKCS7 structure into a buffer containing a parsable PKCS7 enveloped
  424. data packet.
  425. \return Success Returned on successfully encoding the message in enveloped
  426. data format, returns the size written to the output buffer
  427. \return BAD_FUNC_ARG: Returned if one of the input parameters is invalid,
  428. or if the PKCS7 structure is missing required elements
  429. \return ALGO_ID_E Returned if the PKCS7 structure is using an unsupported
  430. algorithm type. Currently, only DESb and DES3b are supported
  431. \return BUFFER_E Returned if the given output buffer is too small to store
  432. the output data
  433. \return MEMORY_E Returned if there is an error allocating memory
  434. \return RNG_FAILURE_E Returned if there is an error initializing the random
  435. number generator for encryption
  436. \return DRBG_FAILED Returned if there is an error generating numbers with
  437. the random number generator used for encryption
  438. \param pkcs7 pointer to the PKCS7 structure to encode
  439. \param output pointer to the buffer in which to store the encoded
  440. certificate
  441. \param outputSz size available in the output buffer
  442. _Example_
  443. \code
  444. PKCS7 pkcs7;
  445. int ret;
  446. byte derBuff[] = { }; // initialize with DER-encoded certificate
  447. byte pkcs7Buff[FOURK_BUF];
  448. wc_PKCS7_InitWithCert(&pkcs7, derBuff, sizeof(derBuff));
  449. // update message and data to encode
  450. pkcs7.privateKey = key;
  451. pkcs7.privateKeySz = keySz;
  452. pkcs7.content = data;
  453. pkcs7.contentSz = dataSz;
  454. ... etc.
  455. ret = wc_PKCS7_EncodeEnvelopedData(&pkcs7, pkcs7Buff, sizeof(pkcs7Buff));
  456. if ( ret != 0 ) {
  457. // error encoding into output buffer
  458. }
  459. \endcode
  460. \sa wc_PKCS7_InitWithCert
  461. \sa wc_PKCS7_DecodeEnvelopedData
  462. */
  463. int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
  464. byte* output, word32 outputSz);
  465. /*!
  466. \ingroup PKCS7
  467. \brief This function unwraps and decrypts a PKCS7 enveloped data content
  468. type, decoding the message into output. It uses the private key of the
  469. PKCS7 object passed in to decrypt the message.
  470. \return On successfully extracting the information from the message,
  471. returns the bytes written to output
  472. \return BAD_FUNC_ARG Returned if one of the input parameters is invalid
  473. \return ASN_PARSE_E Returned if there is an error parsing from the
  474. given pkiMsg
  475. \return PKCS7_OID_E Returned if the given pkiMsg is not an enveloped
  476. data type
  477. \return ASN_VERSION_E Returned if the PKCS7 signer info is not version 0
  478. \return MEMORY_E Returned if there is an error allocating memory
  479. \return ALGO_ID_E Returned if the PKCS7 structure is using an unsupported
  480. algorithm type. Currently, only DESb and DES3b are supported for
  481. encryption, with RSAk for signature generation
  482. \return PKCS7_RECIP_E Returned if there is no recipient found in the
  483. enveloped data that matches the recipient provided
  484. \return RSA_BUFFER_E Returned if there is an error during RSA signature
  485. verification due to buffer error, output too small or input too large.
  486. \return MP_INIT_E may be returned if there is an error during signature
  487. verification
  488. \return MP_READ_E may be returned if there is an error during signature
  489. verification
  490. \return MP_CMP_E may be returned if there is an error during signature
  491. verification
  492. \return MP_INVMOD_E may be returned if there is an error during signature
  493. verification
  494. \return MP_EXPTMOD_E may be returned if there is an error during signature
  495. verification
  496. \return MP_MOD_E may be returned if there is an error during signature
  497. verification
  498. \return MP_MUL_E may be returned if there is an error during signature
  499. verification
  500. \return MP_ADD_E may be returned if there is an error during signature
  501. verification
  502. \return MP_MULMOD_E may be returned if there is an error during signature
  503. verification
  504. \return MP_TO_E may be returned if there is an error during signature
  505. verification
  506. \return MP_MEM may be returned if there is an error during signature
  507. verification
  508. \param pkcs7 pointer to the PKCS7 structure containing the private key with
  509. which to decode the enveloped data package
  510. \param pkiMsg pointer to the buffer containing the enveloped data package
  511. \param pkiMsgSz size of the enveloped data package
  512. \param output pointer to the buffer in which to store the decoded message
  513. \param outputSz size available in the output buffer
  514. _Example_
  515. \code
  516. PKCS7 pkcs7;
  517. byte received[] = { }; // initialize with received enveloped message
  518. byte decoded[FOURK_BUF];
  519. int decodedSz;
  520. // initialize pkcs7 with certificate
  521. // update key
  522. pkcs7.privateKey = key;
  523. pkcs7.privateKeySz = keySz;
  524. decodedSz = wc_PKCS7_DecodeEnvelopedData(&pkcs7, received,
  525. sizeof(received),decoded, sizeof(decoded));
  526. if ( decodedSz != 0 ) {
  527. // error decoding message
  528. }
  529. \endcode
  530. \sa wc_PKCS7_InitWithCert
  531. \sa wc_PKCS7_EncodeEnvelopedData
  532. */
  533. int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
  534. word32 pkiMsgSz, byte* output,
  535. word32 outputSz);