pkcs7_parse.c
Go to the documentation of this file.
1 /**
2  * @file pkcs7_parse.c
3  * @brief PKCS #7 message parsing
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2025 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.5.2
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
33 
34 //Dependencies
35 #include "core/crypto.h"
36 #include "pkcs7/pkcs7_parse.h"
37 #include "pkix/x509_cert_parse.h"
38 #include "pkix/x509_sign_parse.h"
39 #include "encoding/asn1.h"
40 #include "encoding/oid.h"
41 #include "debug.h"
42 
43 //Check crypto library configuration
44 #if (PKCS7_SUPPORT == ENABLED)
45 
46 
47 /**
48  * @brief Parse contentInfo structure
49  * @param[in] data Pointer to the ASN.1 structure to parse
50  * @param[in] length Length of the ASN.1 structure
51  * @param[out] totalLength Number of bytes that have been parsed
52  * @param[out] contentInfo Information resulting from the parsing process
53  * @return Error code
54  **/
55 
56 error_t pkcs7ParseContentInfo(const uint8_t *data, size_t length,
57  size_t *totalLength, Pkcs7ContentInfo *contentInfo)
58 {
59  error_t error;
60  Asn1Tag tag;
61 
62  //Check parameters
63  if(data == NULL || contentInfo == NULL)
64  return ERROR_INVALID_PARAMETER;
65 
66  //Clear the contentInfo structure
67  osMemset(contentInfo, 0, sizeof(Pkcs7ContentInfo));
68 
69  //The contentInfo structure is encapsulated within a sequence
70  error = asn1ReadSequence(data, length, &tag);
71  //Failed to decode ASN.1 tag?
72  if(error)
73  return error;
74 
75  //Save the total length of the sequence
76  *totalLength = tag.totalLength;
77 
78  //Point to the very first field
79  data = tag.value;
80  length = tag.length;
81 
82  //Parse contentType field
83  error = asn1ReadOid(data, length, &tag);
84  //Failed to decode ASN.1 tag?
85  if(error)
86  return error;
87 
88  //Save the object identifier
89  contentInfo->contentType.value = tag.value;
90  contentInfo->contentType.length = tag.length;
91 
92  //Next item
93  data += tag.totalLength;
94  length -= tag.totalLength;
95 
96  //The content field is optional, and if the field is not present, its
97  //intended value must be supplied by other means (refer to RFC 2315,
98  //section 7)
99  if(length > 0)
100  {
101  //Parse content field
102  error = asn1ReadTag(data, length, &tag);
103  //Failed to decode ASN.1 tag?
104  if(error)
105  return error;
106 
107  //Enforce encoding, class and type
108  error = asn1CheckTag(&tag, TRUE, ASN1_CLASS_CONTEXT_SPECIFIC, 0);
109  //Invalid tag?
110  if(error)
111  return error;
112 
113  //Save the inner content
114  contentInfo->content.value = tag.value;
115  contentInfo->content.length = tag.length;
116  }
117 
118  //No error to report
119  return NO_ERROR;
120 }
121 
122 
123 /**
124  * @brief Parse signed-data content
125  * @param[in] data Pointer to the ASN.1 structure to parse
126  * @param[in] length Length of the ASN.1 structure
127  * @param[out] signedData Information resulting from the parsing process
128  * @return Error code
129  **/
130 
131 error_t pkcs7ParseSignedData(const uint8_t *data, size_t length,
132  Pkcs7SignedData *signedData)
133 {
134  error_t error;
135  size_t n;
136  Asn1Tag tag;
137 
138  //Check parameters
139  if(data == NULL || signedData == NULL)
140  return ERROR_INVALID_PARAMETER;
141 
142  //Clear the SignedData structure
143  osMemset(signedData, 0, sizeof(Pkcs7SignedData));
144 
145  //The SignedData structure is encapsulated within a sequence
146  error = asn1ReadSequence(data, length, &tag);
147  //Failed to decode ASN.1 tag?
148  if(error)
149  return error;
150 
151  //Point to the very first field
152  data = tag.value;
153  length = tag.length;
154 
155  //Parse version field
156  error = asn1ReadInt32(data, length, &tag, &signedData->version);
157  //Failed to decode ASN.1 tag?
158  if(error)
159  return error;
160 
161  //Next item
162  data += tag.totalLength;
163  length -= tag.totalLength;
164 
165  //Parse digestAlgorithms field
166  error = pkcs7ParseDigestAlgos(data, length, &n, &signedData->digestAlgos);
167  //Failed to decode ASN.1 tag?
168  if(error)
169  return error;
170 
171  //Next item
172  data += n;
173  length -= n;
174 
175  //Parse contentInfo field
176  error = pkcs7ParseContentInfo(data, length, &n, &signedData->contentInfo);
177  //Failed to decode ASN.1 tag?
178  if(error)
179  return error;
180 
181  //Next item
182  data += n;
183  length -= n;
184 
185  //Parse certificates field
186  error = pkcs7ParseCertificates(data, length, &n, &signedData->certificates);
187  //Failed to decode ASN.1 tag?
188  if(error)
189  return error;
190 
191  //Next item
192  data += n;
193  length -= n;
194 
195  //Parse crls field
196  error = pkcs7ParseCrls(data, length, &n, &signedData->crls);
197  //Failed to decode ASN.1 tag?
198  if(error)
199  return error;
200 
201  //Next item
202  data += n;
203  length -= n;
204 
205  //Parse signerInfos field
206  error = pkcs7ParseSignerInfos(data, length, &n, &signedData->signerInfos);
207  //Failed to decode ASN.1 tag?
208  if(error)
209  return error;
210 
211  //No error to report
212  return NO_ERROR;
213 }
214 
215 
216 /**
217  * @brief Parse enveloped-data content
218  * @param[in] data Pointer to the ASN.1 structure to parse
219  * @param[in] length Length of the ASN.1 structure
220  * @param[out] envelopedData Information resulting from the parsing process
221  * @return Error code
222  **/
223 
224 error_t pkcs7ParseEnvelopedData(const uint8_t *data, size_t length,
225  Pkcs7EnvelopedData *envelopedData)
226 {
227  error_t error;
228  size_t n;
229  Asn1Tag tag;
230 
231  //Check parameters
232  if(data == NULL || envelopedData == NULL)
233  return ERROR_INVALID_PARAMETER;
234 
235  //Clear the EnvelopedData structure
236  osMemset(envelopedData, 0, sizeof(Pkcs7EnvelopedData));
237 
238  //The EnvelopedData structure is encapsulated within a sequence
239  error = asn1ReadSequence(data, length, &tag);
240  //Failed to decode ASN.1 tag?
241  if(error)
242  return error;
243 
244  //Point to the very first field
245  data = tag.value;
246  length = tag.length;
247 
248  //Parse version field
249  error = asn1ReadInt32(data, length, &tag, &envelopedData->version);
250  //Failed to decode ASN.1 tag?
251  if(error)
252  return error;
253 
254  //Next item
255  data += tag.totalLength;
256  length -= tag.totalLength;
257 
258  //Parse recipientInfos field
259  error = pkcs7ParseRecipientInfos(data, length, &n, &envelopedData->recipientInfos);
260  //Failed to decode ASN.1 tag?
261  if(error)
262  return error;
263 
264  //Next item
265  data += n;
266  length -= n;
267 
268  //Parse encryptedContentInfo field
269  error = pkcs7ParseEncryptedContentInfo(data, length, &n,
270  &envelopedData->encryptedContentInfo);
271  //Failed to decode ASN.1 tag?
272  if(error)
273  return error;
274 
275  //No error to report
276  return NO_ERROR;
277 }
278 
279 
280 /**
281  * @brief Parse digestAlgorithms structure
282  * @param[in] data Pointer to the ASN.1 structure to parse
283  * @param[in] length Length of the ASN.1 structure
284  * @param[out] totalLength Number of bytes that have been parsed
285  * @param[out] digestAlgos Information resulting from the parsing process
286  * @return Error code
287  **/
288 
289 error_t pkcs7ParseDigestAlgos(const uint8_t *data, size_t length,
290  size_t *totalLength, Pkcs7DigestAlgos *digestAlgos)
291 {
292  error_t error;
293  uint_t i;
294  size_t n;
295  Asn1Tag tag;
296  X509AlgoId identifier;
297 
298  //The digestAlgorithms structure is encapsulated within a set
299  error = asn1ReadTag(data, length, &tag);
300  //Failed to decode ASN.1 tag?
301  if(error)
302  return error;
303 
304  //Enforce encoding, class and type
305  error = asn1CheckTag(&tag, TRUE, ASN1_CLASS_UNIVERSAL, ASN1_TYPE_SET);
306  //Invalid tag?
307  if(error)
308  return error;
309 
310  //Save the total length of the set
311  *totalLength = tag.totalLength;
312 
313  //Point to the very first field
314  data = tag.value;
315  length = tag.length;
316 
317  //digestAlgorithms is a collection of message-digest algorithm identifiers.
318  //There may be any number of elements in the collection, including zero
319  //(refer to RFC 2315, section 9.1)
320  for(i = 0; length > 0; i++)
321  {
322  //Parse current entry
323  error = pkcs7ParseAlgoId(data, length, &n, &identifier);
324  //Any error to report?
325  if(error)
326  return error;
327 
328  //Save digest algorithm identifier
329  if(i < PKCS7_MAX_DIGEST_ALGO_IDENTIFIERS)
330  {
331  digestAlgos->identifiers[i] = identifier;
332  }
333 
334  //Next field
335  data += n;
336  length -= n;
337  }
338 
339  //Save the number of digest algorithm identifiers
340  digestAlgos->numIdentifiers = MIN(i, PKCS7_MAX_DIGEST_ALGO_IDENTIFIERS);
341 
342  //No error to report
343  return NO_ERROR;
344 }
345 
346 
347 /**
348  * @brief Parse certificates
349  * @param[in] data Pointer to the ASN.1 structure to parse
350  * @param[in] length Length of the ASN.1 structure
351  * @param[out] totalLength Number of bytes that have been parsed
352  * @param[out] certificates Information resulting from the parsing process
353  * @return Error code
354  **/
355 
356 error_t pkcs7ParseCertificates(const uint8_t *data, size_t length,
357  size_t *totalLength, Pkcs7Certificates *certificates)
358 {
359  error_t error;
360  uint_t i;
361  Asn1Tag tag;
362 
363  //Implicit tagging is used to encode the certificates field
364  error = asn1ReadTag(data, length, &tag);
365  //Failed to decode ASN.1 tag?
366  if(error)
367  return error;
368 
369  //Enforce encoding, class and type
370  error = asn1CheckTag(&tag, TRUE, ASN1_CLASS_CONTEXT_SPECIFIC, 0);
371  //Invalid tag?
372  if(error)
373  {
374  //The certificates field is optional
375  *totalLength = 0;
376  //Exit immediately
377  return NO_ERROR;
378  }
379 
380  //Save the total length of the structure
381  *totalLength = tag.totalLength;
382 
383  //Raw contents of the ASN.1 structure
384  certificates->raw.value = tag.value;
385  certificates->raw.length = tag.length;
386 
387  //Point to the very first field
388  data = tag.value;
389  length = tag.length;
390 
391  //The ExtendedCertificatesAndCertificates type gives a set of extended
392  //certificates and X.509 certificates (refer to RFC 2315, section 6.6)
393  for(i = 0; length > 0; i++)
394  {
395  //The ExtendedCertificateOrCertificate type gives either a PKCS #6
396  //extended certificate or an X.509 certificate
397  error = asn1ReadSequence(data, length, &tag);
398  //Failed to decode ASN.1 tag?
399  if(error)
400  return error;
401 
402  //Save certificate
403  if(i < PKCS7_MAX_CERTIFICATES)
404  {
405  certificates->certificates[i].value = data;
406  certificates->certificates[i].length = tag.totalLength;
407  }
408 
409  //Next field
410  data += tag.totalLength;
411  length -= tag.totalLength;
412  }
413 
414  //Save the number of certificates
415  certificates->numCertificates = MIN(i, PKCS7_MAX_CERTIFICATES);
416 
417  //Exit immediately
418  return NO_ERROR;
419 }
420 
421 
422 /**
423  * @brief Parse CRLs
424  * @param[in] data Pointer to the ASN.1 structure to parse
425  * @param[in] length Length of the ASN.1 structure
426  * @param[out] totalLength Number of bytes that have been parsed
427  * @param[out] crls Information resulting from the parsing process
428  * @return Error code
429  **/
430 
431 error_t pkcs7ParseCrls(const uint8_t *data, size_t length,
432  size_t *totalLength, Pkcs7Crls *crls)
433 {
434  error_t error;
435  uint_t i;
436  Asn1Tag tag;
437 
438  //Implicit tagging is used to encode the crls field
439  error = asn1ReadTag(data, length, &tag);
440  //Failed to decode ASN.1 tag?
441  if(error)
442  return error;
443 
444  //Enforce encoding, class and type
445  error = asn1CheckTag(&tag, TRUE, ASN1_CLASS_CONTEXT_SPECIFIC, 1);
446  //Invalid tag?
447  if(error)
448  {
449  //The crls field is optional
450  *totalLength = 0;
451  //Exit immediately
452  return NO_ERROR;
453  }
454 
455  //Save the total length of the structure
456  *totalLength = tag.totalLength;
457 
458  //Raw contents of the ASN.1 structure
459  crls->raw.value = tag.value;
460  crls->raw.length = tag.length;
461 
462  //Point to the very first field
463  data = tag.value;
464  length = tag.length;
465 
466  //The CertificateRevocationLists type gives a set of certificate-revocation
467  //lists (refer to RFC 2315, section 6.1)
468  for(i = 0; length > 0; i++)
469  {
470  //The CertificateRevocationList type contains information about
471  //certificates whose validity an issuer has prematurely revoked
472  error = asn1ReadSequence(data, length, &tag);
473  //Failed to decode ASN.1 tag?
474  if(error)
475  return error;
476 
477  //Save CRL
478  if(i < PKCS7_MAX_CRLS)
479  {
480  crls->crls[i].value = data;
481  crls->crls[i].length = tag.totalLength;
482  }
483 
484  //Next field
485  data += tag.totalLength;
486  length -= tag.totalLength;
487  }
488 
489  //Save the number of CRLs
490  crls->numCrls = MIN(i, PKCS7_MAX_CRLS);
491 
492  //Exit immediately
493  return NO_ERROR;
494 }
495 
496 
497 /**
498  * @brief Parse signerInfos structure
499  * @param[in] data Pointer to the ASN.1 structure to parse
500  * @param[in] length Length of the ASN.1 structure
501  * @param[out] totalLength Number of bytes that have been parsed
502  * @param[out] signerInfos Information resulting from the parsing process
503  * @return Error code
504  **/
505 
506 error_t pkcs7ParseSignerInfos(const uint8_t *data, size_t length,
507  size_t *totalLength, Pkcs7SignerInfos *signerInfos)
508 {
509  error_t error;
510  uint_t i;
511  size_t n;
512  Asn1Tag tag;
513  Pkcs7SignerInfo signerInfo;
514 
515  //The signerInfos structure is encapsulated within a set
516  error = asn1ReadTag(data, length, &tag);
517  //Failed to decode ASN.1 tag?
518  if(error)
519  return error;
520 
521  //Enforce encoding, class and type
522  error = asn1CheckTag(&tag, TRUE, ASN1_CLASS_UNIVERSAL, ASN1_TYPE_SET);
523  //Invalid tag?
524  if(error)
525  return error;
526 
527  //Save the total length of the set
528  *totalLength = tag.totalLength;
529 
530  //Raw contents of the ASN.1 structure
531  signerInfos->raw.value = tag.value;
532  signerInfos->raw.length = tag.length;
533 
534  //Point to the very first field
535  data = tag.value;
536  length = tag.length;
537 
538  //signerInfos is a collection of per-signer information. There may be any
539  //number of elements in the collection, including zero (refer to RFC 2315,
540  //section 9.1)
541  for(i = 0; length > 0; i++)
542  {
543  //Per-signer information is represented in the type SignerInfo
544  error = pkcs7ParseSignerInfo(data, length, &n, &signerInfo);
545  //Failed to decode ASN.1 tag?
546  if(error)
547  return error;
548 
549  //Save signer info
550  if(i < PKCS7_MAX_SIGNER_INFOS)
551  {
552  signerInfos->signerInfos[i] = signerInfo;
553  }
554 
555  //Next field
556  data += n;
557  length -= n;
558  }
559 
560  //Save the number of signer infos
561  signerInfos->numSignerInfos = MIN(i, PKCS7_MAX_SIGNER_INFOS);
562 
563  //No error to report
564  return NO_ERROR;
565 }
566 
567 
568 /**
569  * @brief Parse SignerInfo structure
570  * @param[in] data Pointer to the ASN.1 structure to parse
571  * @param[in] length Length of the ASN.1 structure
572  * @param[out] totalLength Number of bytes that have been parsed
573  * @param[out] signerInfo Information resulting from the parsing process
574  * @return Error code
575  **/
576 
577 error_t pkcs7ParseSignerInfo(const uint8_t *data, size_t length,
578  size_t *totalLength, Pkcs7SignerInfo *signerInfo)
579 {
580  error_t error;
581  size_t n;
582  Asn1Tag tag;
583 
584  //The SignerInfo structure is encapsulated within a sequence
585  error = asn1ReadSequence(data, length, &tag);
586  //Failed to decode ASN.1 tag?
587  if(error)
588  return error;
589 
590  //Save the total length of the sequence
591  *totalLength = tag.totalLength;
592 
593  //Point to the very first field
594  data = tag.value;
595  length = tag.length;
596 
597  //Parse version field
598  error = asn1ReadInt32(data, length, &tag, &signerInfo->version);
599  //Failed to decode ASN.1 tag?
600  if(error)
601  return error;
602 
603  //Next item
604  data += tag.totalLength;
605  length -= tag.totalLength;
606 
607  //Parse issuerAndSerialNumber field
608  error = pkcs7ParseIssuerAndSerialNumber(data, length, &n,
609  &signerInfo->issuerAndSerialNumber);
610  //Failed to decode ASN.1 tag?
611  if(error)
612  return error;
613 
614  //Next item
615  data += n;
616  length -= n;
617 
618  //Parse digestAlgorithm field
619  error = pkcs7ParseAlgoId(data, length, &n, &signerInfo->digestAlgo);
620  //Failed to decode ASN.1 tag?
621  if(error)
622  return error;
623 
624  //Next item
625  data += n;
626  length -= n;
627 
628  //Parse authenticatedAttributes field
629  error = pkcs7ParseAuthenticatedAttributes(data, length, &n,
630  &signerInfo->authenticatedAttributes);
631  //Failed to decode ASN.1 tag?
632  if(error)
633  return error;
634 
635  //Next item
636  data += n;
637  length -= n;
638 
639  //Parse digestEncryptionAlgorithm field
640  error = pkcs7ParseDigestEncryptionAlgo(data, length, &n,
641  &signerInfo->digestEncryptionAlgo);
642  //Failed to decode ASN.1 tag?
643  if(error)
644  return error;
645 
646  //Next item
647  data += n;
648  length -= n;
649 
650  //Parse encryptedDigest field
651  error = pkcs7ParseEncryptedDigest(data, length, &n,
652  &signerInfo->encryptedDigest);
653  //Failed to decode ASN.1 tag?
654  if(error)
655  return error;
656 
657  //Next item
658  data += n;
659  length -= n;
660 
661  //The unauthenticatedAttributes field is optional
662  if(length > 0)
663  {
664  //Parse unauthenticatedAttributes field
665  error = pkcs7ParseUnauthenticatedAttributes(data, length, &n,
666  &signerInfo->unauthenticatedAttributes);
667  //Failed to decode ASN.1 tag?
668  if(error)
669  return error;
670  }
671 
672  //No error to report
673  return NO_ERROR;
674 }
675 
676 
677 /**
678  * @brief Parse IssuerAndSerialNumber structure
679  * @param[in] data Pointer to the ASN.1 structure to parse
680  * @param[in] length Length of the ASN.1 structure
681  * @param[out] totalLength Number of bytes that have been parsed
682  * @param[out] issuerAndSerialNumber Information resulting from the parsing process
683  * @return Error code
684  **/
685 
686 error_t pkcs7ParseIssuerAndSerialNumber(const uint8_t *data, size_t length,
687  size_t *totalLength, Pkcs7IssuerAndSerialNumber *issuerAndSerialNumber)
688 {
689  error_t error;
690  size_t n;
691  Asn1Tag tag;
692 
693  //The IssuerAndSerialNumber structure is encapsulated within a sequence
694  error = asn1ReadSequence(data, length, &tag);
695  //Failed to decode ASN.1 tag?
696  if(error)
697  return error;
698 
699  //Save the total length of the sequence
700  *totalLength = tag.totalLength;
701 
702  //Point to the very first field
703  data = tag.value;
704  length = tag.length;
705 
706  //Parse name field
707  error = x509ParseName(data, length, &n, &issuerAndSerialNumber->name);
708  //Failed to decode ASN.1 tag?
709  if(error)
710  return error;
711 
712  //Next item
713  data += n;
714  length -= n;
715 
716  //Parse serialNumber field
717  error = x509ParseSerialNumber(data, length, &n,
718  &issuerAndSerialNumber->serialNumber);
719  //Failed to decode ASN.1 tag?
720  if(error)
721  return error;
722 
723  //No error to report
724  return NO_ERROR;
725 }
726 
727 
728 /**
729  * @brief Parse authenticatedAttributes structure
730  * @param[in] data Pointer to the ASN.1 structure to parse
731  * @param[in] length Length of the ASN.1 structure
732  * @param[out] totalLength Number of bytes that have been parsed
733  * @param[out] authenticatedAttributes Information resulting from the parsing process
734  * @return Error code
735  **/
736 
737 error_t pkcs7ParseAuthenticatedAttributes(const uint8_t *data, size_t length,
738  size_t *totalLength, Pkcs7AuthenticatedAttributes *authenticatedAttributes)
739 {
740  error_t error;
741  size_t n;
742  Asn1Tag tag;
743  Pkcs7Attribute attribute;
744 
745  //Implicit tagging is used to encode the authenticatedAttributes field
746  error = asn1ReadTag(data, length, &tag);
747  //Failed to decode ASN.1 tag?
748  if(error)
749  return error;
750 
751  //Enforce encoding, class and type
752  error = asn1CheckTag(&tag, TRUE, ASN1_CLASS_CONTEXT_SPECIFIC, 0);
753  //Invalid tag?
754  if(error)
755  {
756  //The authenticatedAttributes field is optional
757  *totalLength = 0;
758  //Exit immediately
759  return NO_ERROR;
760  }
761 
762  //Save the total length of the structure
763  *totalLength = tag.totalLength;
764 
765  //Raw contents of the ASN.1 structure
766  authenticatedAttributes->raw.value = tag.value;
767  authenticatedAttributes->raw.length = tag.length;
768 
769  //Point to the very first attribute
770  data = tag.value;
771  length = tag.length;
772 
773  //authenticatedAttributes is a set of attributes that are signed by the
774  //signer (refer to RFC 2315, section 9.2)
775  while(length > 0)
776  {
777  //Read current attribute
778  error = pkcs7ParseAttribute(data, length, &n, &attribute);
779  //Any error to report?
780  if(error)
781  return error;
782 
783  //PKCS #9 Content Type attribute found?
784  if(OID_COMP(attribute.oid.value, attribute.oid.length,
785  PKCS9_CONTENT_TYPE_OID) == 0)
786  {
787  //This attribute type specifies the content type of the ContentInfo
788  //value being signed in PKCS #7 digitally signed data
789  if(attribute.type == ASN1_TYPE_OBJECT_IDENTIFIER)
790  {
791  authenticatedAttributes->contentType.value = attribute.data.value;
792  authenticatedAttributes->contentType.length = attribute.data.length;
793  }
794  }
795  //PKCS #9 Message Digest attribute found?
796  else if(OID_COMP(attribute.oid.value, attribute.oid.length,
797  PKCS9_MESSAGE_DIGEST_OID) == 0)
798  {
799  //This attribute type specifies the message digest of the contents
800  //octets of the DER-encoding of the content field of the ContentInfo
801  //value being signed in PKCS #7 digitally signed data, where the
802  //message digest is computed under the signer's message digest
803  //algorithm
804  if(attribute.type == ASN1_TYPE_OCTET_STRING)
805  {
806  authenticatedAttributes->messageDigest.value = attribute.data.value;
807  authenticatedAttributes->messageDigest.length = attribute.data.length;
808  }
809  }
810  //PKCS #9 Signing Time attribute found?
811  else if(OID_COMP(attribute.oid.value, attribute.oid.length,
812  PKCS9_SIGNING_TIME_OID) == 0)
813  {
814  //This attribute specifies the time at which the signer performed the
815  //signing process
816  if(attribute.type == ASN1_TYPE_UTC_TIME ||
817  attribute.type == ASN1_TYPE_GENERALIZED_TIME)
818  {
819  //The date may be encoded as UTCTime or GeneralizedTime
820  error = x509ParseTimeString(attribute.data.value,
821  attribute.data.length, attribute.type,
822  &authenticatedAttributes->signingTime);
823  }
824  }
825  //Unknown attribute?
826  else
827  {
828  //Discard current attribute
829  }
830 
831  //Next attribute
832  data += n;
833  length -= n;
834  }
835 
836  //No error to report
837  return NO_ERROR;
838 }
839 
840 
841 /**
842  * @brief Parse digestEncryptionAlgorithm structure
843  * @param[in] data Pointer to the ASN.1 structure to parse
844  * @param[in] length Length of the ASN.1 structure
845  * @param[out] totalLength Number of bytes that have been parsed
846  * @param[out] digestEncryptionAlgo Information resulting from the parsing process
847  * @return Error code
848  **/
849 
850 error_t pkcs7ParseDigestEncryptionAlgo(const uint8_t *data, size_t length,
851  size_t *totalLength, X509SignAlgoId *digestEncryptionAlgo)
852 {
853  error_t error;
854  Asn1Tag tag;
855 
856  //Read the contents of the digestEncryptionAlgorithm structure
857  error = asn1ReadSequence(data, length, &tag);
858  //Failed to decode ASN.1 tag?
859  if(error)
860  return error;
861 
862  //Save the total length of the field
863  *totalLength = tag.totalLength;
864 
865  //Point to the first field of the sequence
866  data = tag.value;
867  length = tag.length;
868 
869  //Read the signature algorithm identifier
870  error = asn1ReadOid(data, length, &tag);
871  //Failed to decode ASN.1 tag?
872  if(error)
873  return error;
874 
875  //Save the signature algorithm identifier
876  digestEncryptionAlgo->oid.value = tag.value;
877  digestEncryptionAlgo->oid.length = tag.length;
878 
879  //Point to the next field (if any)
880  data += tag.totalLength;
881  length -= tag.totalLength;
882 
883 #if (PKCS7_RSA_PSS_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
884  //RSASSA-PSS algorithm identifier?
885  if(!asn1CheckOid(&tag, RSASSA_PSS_OID, sizeof(RSASSA_PSS_OID)))
886  {
887  //Read RSASSA-PSS parameters
888  error = x509ParseRsaPssParameters(data, length,
889  &digestEncryptionAlgo->rsaPssParams);
890  }
891  else
892 #endif
893  //Unknown algorithm identifier?
894  {
895  //The parameters are optional
896  error = NO_ERROR;
897  }
898 
899  //Return status code
900  return error;
901 }
902 
903 
904 /**
905  * @brief Parse encryptedDigest structure
906  * @param[in] data Pointer to the ASN.1 structure to parse
907  * @param[in] length Length of the ASN.1 structure
908  * @param[out] totalLength Number of bytes that have been parsed
909  * @param[out] encryptedDigest Information resulting from the parsing process
910  * @return Error code
911  **/
912 
913 error_t pkcs7ParseEncryptedDigest(const uint8_t *data, size_t length,
914  size_t *totalLength, X509OctetString *encryptedDigest)
915 {
916  error_t error;
917  Asn1Tag tag;
918 
919  //The encryptedDigest structure is encapsulated within an octet string
920  error = asn1ReadOctetString(data, length, &tag);
921  //Failed to decode ASN.1 tag?
922  if(error)
923  return error;
924 
925  //Save the total length of the sequence
926  *totalLength = tag.totalLength;
927 
928  //Save encrypted digest
929  encryptedDigest->value = tag.value;
930  encryptedDigest->length = tag.length;
931 
932  //No error to report
933  return NO_ERROR;
934 }
935 
936 
937 /**
938  * @brief Parse unauthenticatedAttributes structure
939  * @param[in] data Pointer to the ASN.1 structure to parse
940  * @param[in] length Length of the ASN.1 structure
941  * @param[out] totalLength Number of bytes that have been parsed
942  * @param[out] unauthenticatedAttributes Information resulting from the parsing process
943  * @return Error code
944  **/
945 
946 error_t pkcs7ParseUnauthenticatedAttributes(const uint8_t *data, size_t length,
947  size_t *totalLength, Pkcs7UnauthenticatedAttributes *unauthenticatedAttributes)
948 {
949  error_t error;
950  size_t n;
951  Asn1Tag tag;
952  Pkcs7Attribute attribute;
953 
954  //Implicit tagging is used to encode the unauthenticatedAttributes field
955  error = asn1ReadTag(data, length, &tag);
956  //Failed to decode ASN.1 tag?
957  if(error)
958  return error;
959 
960  //Enforce encoding, class and type
961  error = asn1CheckTag(&tag, TRUE, ASN1_CLASS_CONTEXT_SPECIFIC, 1);
962  //Invalid tag?
963  if(error)
964  {
965  //The unauthenticatedAttributes field is optional
966  *totalLength = 0;
967  //Exit immediately
968  return NO_ERROR;
969  }
970 
971  //Save the total length of the structure
972  *totalLength = tag.totalLength;
973 
974  //Raw contents of the ASN.1 structure
975  unauthenticatedAttributes->raw.value = tag.value;
976  unauthenticatedAttributes->raw.length = tag.length;
977 
978  //Point to the very first attribute
979  data = tag.value;
980  length = tag.length;
981 
982  //unauthenticatedAttributes is a set of attributes that are not signed by the
983  //signer (refer to RFC 2315, section 9.2)
984  while(length > 0)
985  {
986  //Read current attribute
987  error = pkcs7ParseAttribute(data, length, &n, &attribute);
988  //Any error to report?
989  if(error)
990  return error;
991 
992  //Next attribute
993  data += n;
994  length -= n;
995  }
996 
997  //No error to report
998  return NO_ERROR;
999 }
1000 
1001 
1002 /**
1003  * @brief Parse attribute
1004  * @param[in] data Pointer to the ASN.1 structure to parse
1005  * @param[in] length Length of the ASN.1 structure
1006  * @param[out] totalLength Number of bytes that have been parsed
1007  * @param[out] attribute Information resulting from the parsing process
1008  * @return Error code
1009  **/
1010 
1011 error_t pkcs7ParseAttribute(const uint8_t *data, size_t length,
1012  size_t *totalLength, Pkcs7Attribute *attribute)
1013 {
1014  error_t error;
1015  Asn1Tag tag;
1016 
1017  //The attribute is encapsulated within a sequence
1018  error = asn1ReadSequence(data, length, &tag);
1019  //Failed to decode ASN.1 tag?
1020  if(error)
1021  return error;
1022 
1023  //Save the total length of the attribute
1024  *totalLength = tag.totalLength;
1025 
1026  //Point to the first field of the sequence
1027  data = tag.value;
1028  length = tag.length;
1029 
1030  //Parse attrType field
1031  error = asn1ReadOid(data, length, &tag);
1032  //Failed to decode ASN.1 tag?
1033  if(error)
1034  return error;
1035 
1036  //Save attribute type
1037  attribute->oid.value = tag.value;
1038  attribute->oid.length = tag.length;
1039 
1040  //Point to the next field
1041  data += tag.totalLength;
1042  length -= tag.totalLength;
1043 
1044  //Attribute values are encapsulated within a set
1045  error = asn1ReadTag(data, length, &tag);
1046  //Failed to decode ASN.1 tag?
1047  if(error)
1048  return error;
1049 
1050  //Enforce encoding, class and type
1051  error = asn1CheckTag(&tag, TRUE, ASN1_CLASS_UNIVERSAL, ASN1_TYPE_SET);
1052  //Invalid tag?
1053  if(error)
1054  return error;
1055 
1056  //Point to the first field of the set
1057  data = tag.value;
1058  length = tag.length;
1059 
1060  //Read AttributeValue field
1061  error = asn1ReadTag(data, length, &tag);
1062  //Failed to decode ASN.1 tag?
1063  if(error)
1064  return error;
1065 
1066  //Save ASN.1 string type
1067  attribute->type = tag.objType;
1068 
1069  //Save attribute value
1070  attribute->data.value = tag.value;
1071  attribute->data.length = tag.length;
1072 
1073  //Successful processing
1074  return NO_ERROR;
1075 }
1076 
1077 
1078 /**
1079  * @brief Search a set of attributes for a given attribute type
1080  * @param[in] data Pointer to the set of attributes
1081  * @param[in] length Length of the set of attributes, in bytes
1082  * @param[out] oid Object identifier that specified the attribute type
1083  * @param[out] oidLen Length of the object identifier
1084  * @param[out] attribute Pointer to the matching attribute, if any
1085  * @return Error code
1086  **/
1087 
1088 error_t pkcs7FindAttribute(const uint8_t *data, size_t length,
1089  const uint8_t *oid, size_t oidLen, Pkcs7Attribute *attribute)
1090 {
1091  error_t error;
1092  size_t n;
1093 
1094  //Loop through the collection of attributes
1095  while(length > 0)
1096  {
1097  //Read current attribute
1098  error = pkcs7ParseAttribute(data, length, &n, attribute);
1099  //Any error to report?
1100  if(error)
1101  return error;
1102 
1103  //Check attribute type
1104  if(oidComp(attribute->oid.value, attribute->oid.length, oid, oidLen) == 0)
1105  {
1106  //We are done
1107  return NO_ERROR;
1108  }
1109 
1110  //Next attribute
1111  data += n;
1112  length -= n;
1113  }
1114 
1115  //The specified attribute was not found
1116  return ERROR_NOT_FOUND;
1117 }
1118 
1119 
1120 /**
1121  * @brief Parse recipientInfos structure
1122  * @param[in] data Pointer to the ASN.1 structure to parse
1123  * @param[in] length Length of the ASN.1 structure
1124  * @param[out] totalLength Number of bytes that have been parsed
1125  * @param[out] recipientInfos Information resulting from the parsing process
1126  * @return Error code
1127  **/
1128 
1129 error_t pkcs7ParseRecipientInfos(const uint8_t *data, size_t length,
1130  size_t *totalLength, Pkcs7RecipientInfos *recipientInfos)
1131 {
1132  error_t error;
1133  uint_t i;
1134  size_t n;
1135  Asn1Tag tag;
1136  Pkcs7RecipientInfo recipientInfo;
1137 
1138  //The recipientInfos structure is encapsulated within a set
1139  error = asn1ReadTag(data, length, &tag);
1140  //Failed to decode ASN.1 tag?
1141  if(error)
1142  return error;
1143 
1144  //Enforce encoding, class and type
1145  error = asn1CheckTag(&tag, TRUE, ASN1_CLASS_UNIVERSAL, ASN1_TYPE_SET);
1146  //Invalid tag?
1147  if(error)
1148  return error;
1149 
1150  //Save the total length of the set
1151  *totalLength = tag.totalLength;
1152 
1153  //Raw contents of the ASN.1 structure
1154  recipientInfos->raw.value = tag.value;
1155  recipientInfos->raw.length = tag.length;
1156 
1157  //Point to the very first field
1158  data = tag.value;
1159  length = tag.length;
1160 
1161  //recipientInfos is a collection of per-recipient information. There must be
1162  //at least one element in the collection (refer to RFC 2315, section 10.1)
1163  if(length == 0)
1164  return ERROR_INVALID_SYNTAX;
1165 
1166  //Loop through the collection
1167  for(i = 0; length > 0; i++)
1168  {
1169  //Per-recipient information is represented in the type RecipientInfo
1170  error = pkcs7ParseRecipientInfo(data, length, &n, &recipientInfo);
1171  //Failed to decode ASN.1 tag?
1172  if(error)
1173  return error;
1174 
1175  //Save signer info
1176  if(i < PKCS7_MAX_RECIPIENT_INFOS)
1177  {
1178  recipientInfos->recipientInfos[i] = recipientInfo;
1179  }
1180 
1181  //Next field
1182  data += n;
1183  length -= n;
1184  }
1185 
1186  //Save the number of recipient infos
1187  recipientInfos->numRecipientInfos = MIN(i, PKCS7_MAX_RECIPIENT_INFOS);
1188 
1189  //No error to report
1190  return NO_ERROR;
1191 }
1192 
1193 
1194 /**
1195  * @brief Parse RecipientInfo structure
1196  * @param[in] data Pointer to the ASN.1 structure to parse
1197  * @param[in] length Length of the ASN.1 structure
1198  * @param[out] totalLength Number of bytes that have been parsed
1199  * @param[out] recipientInfo Information resulting from the parsing process
1200  * @return Error code
1201  **/
1202 
1203 error_t pkcs7ParseRecipientInfo(const uint8_t *data, size_t length,
1204  size_t *totalLength, Pkcs7RecipientInfo *recipientInfo)
1205 {
1206  error_t error;
1207  size_t n;
1208  Asn1Tag tag;
1209 
1210  //The RecipientInfo structure is encapsulated within a sequence
1211  error = asn1ReadSequence(data, length, &tag);
1212  //Failed to decode ASN.1 tag?
1213  if(error)
1214  return error;
1215 
1216  //Save the total length of the sequence
1217  *totalLength = tag.totalLength;
1218 
1219  //Point to the very first field
1220  data = tag.value;
1221  length = tag.length;
1222 
1223  //Parse version field
1224  error = asn1ReadInt32(data, length, &tag, &recipientInfo->version);
1225  //Failed to decode ASN.1 tag?
1226  if(error)
1227  return error;
1228 
1229  //Next item
1230  data += tag.totalLength;
1231  length -= tag.totalLength;
1232 
1233  //Parse issuerAndSerialNumber field
1234  error = pkcs7ParseIssuerAndSerialNumber(data, length, &n,
1235  &recipientInfo->issuerAndSerialNumber);
1236  //Failed to decode ASN.1 tag?
1237  if(error)
1238  return error;
1239 
1240  //Next item
1241  data += n;
1242  length -= n;
1243 
1244  //Parse keyEncryptionAlgorithm field
1245  error = pkcs7ParseAlgoId(data, length, &n,
1246  &recipientInfo->keyEncryptionAlgo);
1247  //Failed to decode ASN.1 tag?
1248  if(error)
1249  return error;
1250 
1251  //Next item
1252  data += n;
1253  length -= n;
1254 
1255  //Parse encryptedKey field
1256  error = pkcs7ParseEncryptedKey(data, length, &n,
1257  &recipientInfo->encryptedKey);
1258  //Failed to decode ASN.1 tag?
1259  if(error)
1260  return error;
1261 
1262  //No error to report
1263  return NO_ERROR;
1264 }
1265 
1266 
1267 /**
1268  * @brief Parse encryptedKey structure
1269  * @param[in] data Pointer to the ASN.1 structure to parse
1270  * @param[in] length Length of the ASN.1 structure
1271  * @param[out] totalLength Number of bytes that have been parsed
1272  * @param[out] encryptedKey Information resulting from the parsing process
1273  * @return Error code
1274  **/
1275 
1276 error_t pkcs7ParseEncryptedKey(const uint8_t *data, size_t length,
1277  size_t *totalLength, X509OctetString *encryptedKey)
1278 {
1279  error_t error;
1280  Asn1Tag tag;
1281 
1282  //The encryptedKey structure is encapsulated within an octet string
1283  error = asn1ReadOctetString(data, length, &tag);
1284  //Failed to decode ASN.1 tag?
1285  if(error)
1286  return error;
1287 
1288  //Save the total length of the sequence
1289  *totalLength = tag.totalLength;
1290 
1291  //Save encrypted key
1292  encryptedKey->value = tag.value;
1293  encryptedKey->length = tag.length;
1294 
1295  //No error to report
1296  return NO_ERROR;
1297 }
1298 
1299 
1300 /**
1301  * @brief Parse encryptedContentInfo structure
1302  * @param[in] data Pointer to the ASN.1 structure to parse
1303  * @param[in] length Length of the ASN.1 structure
1304  * @param[out] totalLength Number of bytes that have been parsed
1305  * @param[out] encryptedContentInfo Information resulting from the parsing process
1306  * @return Error code
1307  **/
1308 
1309 error_t pkcs7ParseEncryptedContentInfo(const uint8_t *data, size_t length,
1310  size_t *totalLength, Pkcs7EncryptedContentInfo *encryptedContentInfo)
1311 {
1312  error_t error;
1313  size_t n;
1314  Asn1Tag tag;
1315 
1316  //The encryptedContentInfo structure is encapsulated within a sequence
1317  error = asn1ReadSequence(data, length, &tag);
1318  //Failed to decode ASN.1 tag?
1319  if(error)
1320  return error;
1321 
1322  //Save the total length of the sequence
1323  *totalLength = tag.totalLength;
1324 
1325  //Point to the very first field
1326  data = tag.value;
1327  length = tag.length;
1328 
1329  //Parse contentType field
1330  error = asn1ReadOid(data, length, &tag);
1331  //Failed to decode ASN.1 tag?
1332  if(error)
1333  return error;
1334 
1335  //Save the object identifier
1336  encryptedContentInfo->contentType.value = tag.value;
1337  encryptedContentInfo->contentType.length = tag.length;
1338 
1339  //Next item
1340  data += tag.totalLength;
1341  length -= tag.totalLength;
1342 
1343  //Parse contentEncryptionAlgorithm field
1344  error = pkcs7ParseContentEncrAlgo(data, length, &n,
1345  &encryptedContentInfo->contentEncrAlgo);
1346  //Failed to decode ASN.1 tag?
1347  if(error)
1348  return error;
1349 
1350  //Next item
1351  data += n;
1352  length -= n;
1353 
1354  //The encryptedContent field is optional, and if the field is not present,
1355  //its intended value must be supplied by other means (refer to RFC 2315,
1356  //section 10.1)
1357  if(length > 0)
1358  {
1359  //Parse content field
1360  error = asn1ReadTag(data, length, &tag);
1361  //Failed to decode ASN.1 tag?
1362  if(error)
1363  return error;
1364 
1365  //Enforce encoding, class and type
1366  error = asn1CheckTag(&tag, FALSE, ASN1_CLASS_CONTEXT_SPECIFIC, 0);
1367  //Invalid tag?
1368  if(error)
1369  return error;
1370 
1371  //Save the inner content
1372  encryptedContentInfo->encryptedContent.value = tag.value;
1373  encryptedContentInfo->encryptedContent.length = tag.length;
1374  }
1375 
1376  //No error to report
1377  return NO_ERROR;
1378 }
1379 
1380 
1381 /**
1382  * @brief Parse contentEncryptionAlgorithm structure
1383  * @param[in] data Pointer to the ASN.1 structure to parse
1384  * @param[in] length Length of the ASN.1 structure
1385  * @param[out] totalLength Number of bytes that have been parsed
1386  * @param[out] contentEncrAlgo Information resulting from the parsing process
1387  * @return Error code
1388  **/
1389 
1390 error_t pkcs7ParseContentEncrAlgo(const uint8_t *data, size_t length,
1391  size_t *totalLength, Pkcs7ContentEncrAlgo *contentEncrAlgo)
1392 {
1393  error_t error;
1394  Asn1Tag tag;
1395 
1396  //Read the contents of the AlgorithmIdentifier structure
1397  error = asn1ReadSequence(data, length, &tag);
1398  //Failed to decode ASN.1 tag?
1399  if(error)
1400  return error;
1401 
1402  //Save the total length of the sequence
1403  *totalLength = tag.totalLength;
1404 
1405  //Point to the first field of the sequence
1406  data = tag.value;
1407  length = tag.length;
1408 
1409  //Parse algorithm field
1410  error = asn1ReadOid(data, length, &tag);
1411  //Failed to decode ASN.1 tag?
1412  if(error)
1413  return error;
1414 
1415  //Save the algorithm identifier
1416  contentEncrAlgo->oid.value = tag.value;
1417  contentEncrAlgo->oid.length = tag.length;
1418 
1419  //Point to the next field
1420  data += tag.totalLength;
1421  length -= tag.totalLength;
1422 
1423  //Parse CBCParameter field
1424  error = asn1ReadOctetString(data, length, &tag);
1425  //Failed to decode ASN.1 tag?
1426  if(error)
1427  return error;
1428 
1429  //Save initialization vector
1430  contentEncrAlgo->iv.value = tag.value;
1431  contentEncrAlgo->iv.length = tag.length;
1432 
1433  //Return status code
1434  return error;
1435 }
1436 
1437 
1438 /**
1439  * @brief Parse AlgorithmIdentifier structure
1440  * @param[in] data Pointer to the ASN.1 structure to parse
1441  * @param[in] length Length of the ASN.1 structure
1442  * @param[out] totalLength Number of bytes that have been parsed
1443  * @param[out] algoId Information resulting from the parsing process
1444  * @return Error code
1445  **/
1446 
1447 error_t pkcs7ParseAlgoId(const uint8_t *data, size_t length,
1448  size_t *totalLength, X509AlgoId *algoId)
1449 {
1450  error_t error;
1451  Asn1Tag tag;
1452 
1453  //Read the contents of the AlgorithmIdentifier structure
1454  error = asn1ReadSequence(data, length, &tag);
1455  //Failed to decode ASN.1 tag?
1456  if(error)
1457  return error;
1458 
1459  //Save the total length of the sequence
1460  *totalLength = tag.totalLength;
1461 
1462  //Point to the first field of the sequence
1463  data = tag.value;
1464  length = tag.length;
1465 
1466  //Read the encryption algorithm identifier
1467  error = asn1ReadOid(data, length, &tag);
1468  //Failed to decode ASN.1 tag?
1469  if(error)
1470  return error;
1471 
1472  //Save the algorithm identifier
1473  algoId->oid.value = tag.value;
1474  algoId->oid.length = tag.length;
1475 
1476  //Point to the next field (if any)
1477  data += tag.totalLength;
1478  length -= tag.totalLength;
1479 
1480  //The contents of the optional parameters field will vary according to the
1481  //algorithm identified
1482  algoId->params.value = data;
1483  algoId->params.length = length;
1484 
1485  //Return status code
1486  return error;
1487 }
1488 
1489 #endif
x509_cert_parse.h
X.509 certificate parsing.
ASN1_TYPE_UTC_TIME
@ ASN1_TYPE_UTC_TIME
Definition: asn1.h:90
ASN1_TYPE_GENERALIZED_TIME
@ ASN1_TYPE_GENERALIZED_TIME
Definition: asn1.h:91
Pkcs7Attribute::oid
X509OctetString oid
Definition: pkcs7_common.h:226
ERROR_NOT_FOUND
@ ERROR_NOT_FOUND
Definition: error.h:148
pkcs7ParseEncryptedKey
error_t pkcs7ParseEncryptedKey(const uint8_t *data, size_t length, size_t *totalLength, X509OctetString *encryptedKey)
Parse encryptedKey structure.
Definition: pkcs7_parse.c:1276
Pkcs7IssuerAndSerialNumber::serialNumber
X509SerialNumber serialNumber
Definition: pkcs7_common.h:216
Pkcs7SignedData::certificates
Pkcs7Certificates certificates
Definition: pkcs7_common.h:355
Pkcs7EncryptedContentInfo::encryptedContent
X509OctetString encryptedContent
Definition: pkcs7_common.h:342
pkcs7ParseAuthenticatedAttributes
error_t pkcs7ParseAuthenticatedAttributes(const uint8_t *data, size_t length, size_t *totalLength, Pkcs7AuthenticatedAttributes *authenticatedAttributes)
Parse authenticatedAttributes structure.
Definition: pkcs7_parse.c:737
oid.h
OID (Object Identifier)
x509ParseRsaPssParameters
error_t x509ParseRsaPssParameters(const uint8_t *data, size_t length, X509RsaPssParameters *rsaPssParams)
Parse RSASSA-PSS parameters.
Definition: x509_sign_parse.c:166
pkcs7ParseDigestAlgos
error_t pkcs7ParseDigestAlgos(const uint8_t *data, size_t length, size_t *totalLength, Pkcs7DigestAlgos *digestAlgos)
Parse digestAlgorithms structure.
Definition: pkcs7_parse.c:289
Pkcs7SignerInfo::authenticatedAttributes
Pkcs7AuthenticatedAttributes authenticatedAttributes
Definition: pkcs7_common.h:268
TRUE
#define TRUE
Definition: os_port.h:50
data
uint8_t data[]
Definition: ethernet.h:224
Pkcs7AuthenticatedAttributes::messageDigest
X509OctetString messageDigest
Definition: pkcs7_common.h:240
Pkcs7EncryptedContentInfo::contentType
X509OctetString contentType
Definition: pkcs7_common.h:340
Pkcs7Crls::raw
X509OctetString raw
Definition: pkcs7_common.h:203
Pkcs7SignedData::contentInfo
Pkcs7ContentInfo contentInfo
Definition: pkcs7_common.h:354
Pkcs7Certificates::certificates
X509OctetString certificates[PKCS7_MAX_CERTIFICATES]
Definition: pkcs7_common.h:193
pkcs7ParseIssuerAndSerialNumber
error_t pkcs7ParseIssuerAndSerialNumber(const uint8_t *data, size_t length, size_t *totalLength, Pkcs7IssuerAndSerialNumber *issuerAndSerialNumber)
Parse IssuerAndSerialNumber structure.
Definition: pkcs7_parse.c:686
Pkcs7ContentEncrAlgo::iv
X509OctetString iv
Definition: pkcs7_common.h:330
Pkcs7ContentInfo
Content information.
Definition: pkcs7_common.h:317
Pkcs7SignedData::crls
Pkcs7Crls crls
Definition: pkcs7_common.h:356
totalLength
uint16_t totalLength
Definition: ipv4.h:323
Pkcs7SignerInfo::unauthenticatedAttributes
Pkcs7UnauthenticatedAttributes unauthenticatedAttributes
Definition: pkcs7_common.h:271
x509ParseSerialNumber
error_t x509ParseSerialNumber(const uint8_t *data, size_t length, size_t *totalLength, X509SerialNumber *serialNumber)
Parse SerialNumber field.
Definition: x509_cert_parse.c:408
RSASSA_PSS_OID
const uint8_t RSASSA_PSS_OID[9]
Definition: rsa.c:85
asn1ReadTag
error_t asn1ReadTag(const uint8_t *data, size_t length, Asn1Tag *tag)
Read an ASN.1 tag from the input stream.
Definition: asn1.c:52
Pkcs7Crls::crls
X509OctetString crls[PKCS7_MAX_CRLS]
Definition: pkcs7_common.h:205
x509_sign_parse.h
oidComp
int_t oidComp(const uint8_t *oid1, size_t oidLen1, const uint8_t *oid2, size_t oidLen2)
Compare object identifiers.
Definition: oid.c:103
Pkcs7Attribute::data
X509OctetString data
Definition: pkcs7_common.h:228
oid
uint8_t oid[]
Definition: lldp_tlv.h:300
pkcs7ParseSignedData
error_t pkcs7ParseSignedData(const uint8_t *data, size_t length, Pkcs7SignedData *signedData)
Parse signed-data content.
Definition: pkcs7_parse.c:131
Pkcs7ContentEncrAlgo
Content encryption algorithm.
Definition: pkcs7_common.h:328
PKCS9_CONTENT_TYPE_OID
const uint8_t PKCS9_CONTENT_TYPE_OID[9]
Definition: pkcs7_common.c:63
asn1ReadOid
error_t asn1ReadOid(const uint8_t *data, size_t length, Asn1Tag *tag)
Read an object identifier from the input stream.
Definition: asn1.c:218
Asn1Tag::totalLength
size_t totalLength
Definition: asn1.h:111
Asn1Tag::length
size_t length
Definition: asn1.h:109
FALSE
#define FALSE
Definition: os_port.h:46
asn1ReadOctetString
error_t asn1ReadOctetString(const uint8_t *data, size_t length, Asn1Tag *tag)
Read an octet string from the input stream.
Definition: asn1.c:190
ERROR_INVALID_PARAMETER
@ ERROR_INVALID_PARAMETER
Invalid parameter.
Definition: error.h:47
Pkcs7EnvelopedData::recipientInfos
Pkcs7RecipientInfos recipientInfos
Definition: pkcs7_common.h:368
PKCS7_MAX_CERTIFICATES
#define PKCS7_MAX_CERTIFICATES
Definition: pkcs7_common.h:117
pkcs7ParseEncryptedContentInfo
error_t pkcs7ParseEncryptedContentInfo(const uint8_t *data, size_t length, size_t *totalLength, Pkcs7EncryptedContentInfo *encryptedContentInfo)
Parse encryptedContentInfo structure.
Definition: pkcs7_parse.c:1309
pkcs7_parse.h
PKCS #7 message parsing.
pkcs7ParseSignerInfo
error_t pkcs7ParseSignerInfo(const uint8_t *data, size_t length, size_t *totalLength, Pkcs7SignerInfo *signerInfo)
Parse SignerInfo structure.
Definition: pkcs7_parse.c:577
error_t
error_t
Error codes.
Definition: error.h:43
PKCS7_MAX_RECIPIENT_INFOS
#define PKCS7_MAX_RECIPIENT_INFOS
Definition: pkcs7_common.h:138
Pkcs7EncryptedContentInfo
Encrypted content information.
Definition: pkcs7_common.h:339
PKCS7_MAX_CRLS
#define PKCS7_MAX_CRLS
Definition: pkcs7_common.h:124
algoId
uint8_t algoId[]
Definition: ike.h:1537
Pkcs7SignerInfo
Signer information.
Definition: pkcs7_common.h:264
Pkcs7ContentInfo::contentType
X509OctetString contentType
Definition: pkcs7_common.h:318
Pkcs7RecipientInfo::keyEncryptionAlgo
X509AlgoId keyEncryptionAlgo
Definition: pkcs7_common.h:295
x509ParseName
error_t x509ParseName(const uint8_t *data, size_t length, size_t *totalLength, X509Name *name)
Parse Name structure.
Definition: x509_cert_parse.c:562
ASN1_CLASS_UNIVERSAL
#define ASN1_CLASS_UNIVERSAL
Definition: asn1.h:52
Pkcs7DigestAlgos::identifiers
X509AlgoId identifiers[PKCS7_MAX_DIGEST_ALGO_IDENTIFIERS]
Definition: pkcs7_common.h:181
Pkcs7RecipientInfo::encryptedKey
X509OctetString encryptedKey
Definition: pkcs7_common.h:296
Asn1Tag
ASN.1 tag.
Definition: asn1.h:105
Pkcs7SignerInfo::encryptedDigest
X509OctetString encryptedDigest
Definition: pkcs7_common.h:270
PKCS7_MAX_SIGNER_INFOS
#define PKCS7_MAX_SIGNER_INFOS
Definition: pkcs7_common.h:131
asn1ReadInt32
error_t asn1ReadInt32(const uint8_t *data, size_t length, Asn1Tag *tag, int32_t *value)
Read a 32-bit integer from the input stream.
Definition: asn1.c:285
PKCS9_MESSAGE_DIGEST_OID
const uint8_t PKCS9_MESSAGE_DIGEST_OID[9]
Definition: pkcs7_common.c:65
pkcs7ParseCrls
error_t pkcs7ParseCrls(const uint8_t *data, size_t length, size_t *totalLength, Pkcs7Crls *crls)
Parse CRLs.
Definition: pkcs7_parse.c:431
crypto.h
General definitions for cryptographic algorithms.
pkcs7ParseCertificates
error_t pkcs7ParseCertificates(const uint8_t *data, size_t length, size_t *totalLength, Pkcs7Certificates *certificates)
Parse certificates.
Definition: pkcs7_parse.c:356
Pkcs7Crls::numCrls
uint_t numCrls
Definition: pkcs7_common.h:204
PKCS7_MAX_DIGEST_ALGO_IDENTIFIERS
#define PKCS7_MAX_DIGEST_ALGO_IDENTIFIERS
Definition: pkcs7_common.h:110
pkcs7ParseEncryptedDigest
error_t pkcs7ParseEncryptedDigest(const uint8_t *data, size_t length, size_t *totalLength, X509OctetString *encryptedDigest)
Parse encryptedDigest structure.
Definition: pkcs7_parse.c:913
length
uint8_t length
Definition: tcp.h:375
Pkcs7SignedData::digestAlgos
Pkcs7DigestAlgos digestAlgos
Definition: pkcs7_common.h:353
X509SignAlgoId::oid
X509OctetString oid
Definition: x509_common.h:1089
Pkcs7RecipientInfo
Recipient information.
Definition: pkcs7_common.h:292
MIN
#define MIN(a, b)
Definition: os_port.h:63
Pkcs7DigestAlgos
Collection of digest algorithm identifiers.
Definition: pkcs7_common.h:179
Pkcs7EnvelopedData::encryptedContentInfo
Pkcs7EncryptedContentInfo encryptedContentInfo
Definition: pkcs7_common.h:369
pkcs7FindAttribute
error_t pkcs7FindAttribute(const uint8_t *data, size_t length, const uint8_t *oid, size_t oidLen, Pkcs7Attribute *attribute)
Search a set of attributes for a given attribute type.
Definition: pkcs7_parse.c:1088
asn1CheckOid
error_t asn1CheckOid(const Asn1Tag *tag, const uint8_t *oid, size_t length)
Check ASN.1 tag against a specified OID.
Definition: asn1.c:972
pkcs7ParseContentEncrAlgo
error_t pkcs7ParseContentEncrAlgo(const uint8_t *data, size_t length, size_t *totalLength, Pkcs7ContentEncrAlgo *contentEncrAlgo)
Parse contentEncryptionAlgorithm structure.
Definition: pkcs7_parse.c:1390
x509ParseTimeString
error_t x509ParseTimeString(const uint8_t *data, size_t length, uint_t type, DateTime *dateTime)
Parse UTCTime or GeneralizedTime string.
Definition: x509_cert_parse.c:1098
Pkcs7SignerInfo::issuerAndSerialNumber
Pkcs7IssuerAndSerialNumber issuerAndSerialNumber
Definition: pkcs7_common.h:266
Pkcs7RecipientInfos::raw
X509OctetString raw
Definition: pkcs7_common.h:306
Pkcs7EncryptedContentInfo::contentEncrAlgo
Pkcs7ContentEncrAlgo contentEncrAlgo
Definition: pkcs7_common.h:341
Pkcs7SignedData
Signed data content.
Definition: pkcs7_common.h:351
Pkcs7SignerInfos
Collection of signer informations.
Definition: pkcs7_common.h:280
pkcs7ParseRecipientInfo
error_t pkcs7ParseRecipientInfo(const uint8_t *data, size_t length, size_t *totalLength, Pkcs7RecipientInfo *recipientInfo)
Parse RecipientInfo structure.
Definition: pkcs7_parse.c:1203
ASN1_TYPE_OCTET_STRING
@ ASN1_TYPE_OCTET_STRING
Definition: asn1.h:75
pkcs7ParseAttribute
error_t pkcs7ParseAttribute(const uint8_t *data, size_t length, size_t *totalLength, Pkcs7Attribute *attribute)
Parse attribute.
Definition: pkcs7_parse.c:1011
Pkcs7IssuerAndSerialNumber
Issuer and serial number.
Definition: pkcs7_common.h:214
pkcs7ParseContentInfo
error_t pkcs7ParseContentInfo(const uint8_t *data, size_t length, size_t *totalLength, Pkcs7ContentInfo *contentInfo)
Parse contentInfo structure.
Definition: pkcs7_parse.c:56
Pkcs7ContentEncrAlgo::oid
X509OctetString oid
Definition: pkcs7_common.h:329
Pkcs7SignerInfo::digestAlgo
X509AlgoId digestAlgo
Definition: pkcs7_common.h:267
pkcs7ParseDigestEncryptionAlgo
error_t pkcs7ParseDigestEncryptionAlgo(const uint8_t *data, size_t length, size_t *totalLength, X509SignAlgoId *digestEncryptionAlgo)
Parse digestEncryptionAlgorithm structure.
Definition: pkcs7_parse.c:850
Pkcs7SignerInfo::digestEncryptionAlgo
X509SignAlgoId digestEncryptionAlgo
Definition: pkcs7_common.h:269
OID_COMP
#define OID_COMP(oid1, oidLen1, oid2)
Definition: oid.h:42
n
uint8_t n
Definition: dhcpv6_common.h:416
ASN1_CLASS_CONTEXT_SPECIFIC
#define ASN1_CLASS_CONTEXT_SPECIFIC
Definition: asn1.h:54
Pkcs7ContentInfo::content
X509OctetString content
Definition: pkcs7_common.h:319
Pkcs7UnauthenticatedAttributes
Unauthenticated attributes.
Definition: pkcs7_common.h:252
pkcs7ParseUnauthenticatedAttributes
error_t pkcs7ParseUnauthenticatedAttributes(const uint8_t *data, size_t length, size_t *totalLength, Pkcs7UnauthenticatedAttributes *unauthenticatedAttributes)
Parse unauthenticatedAttributes structure.
Definition: pkcs7_parse.c:946
PKCS9_SIGNING_TIME_OID
const uint8_t PKCS9_SIGNING_TIME_OID[9]
Definition: pkcs7_common.c:67
Pkcs7RecipientInfos::recipientInfos
Pkcs7RecipientInfo recipientInfos[PKCS7_MAX_RECIPIENT_INFOS]
Definition: pkcs7_common.h:308
oidLen
uint8_t oidLen
Definition: lldp_tlv.h:299
Pkcs7SignedData::signerInfos
Pkcs7SignerInfos signerInfos
Definition: pkcs7_common.h:357
Pkcs7Crls
Collection of CRLs.
Definition: pkcs7_common.h:202
Pkcs7SignerInfos::signerInfos
Pkcs7SignerInfo signerInfos[PKCS7_MAX_SIGNER_INFOS]
Definition: pkcs7_common.h:283
identifier
uint8_t identifier[]
Definition: dhcpv6_common.h:185
ERROR_INVALID_SYNTAX
@ ERROR_INVALID_SYNTAX
Definition: error.h:68
ASN1_TYPE_OBJECT_IDENTIFIER
@ ASN1_TYPE_OBJECT_IDENTIFIER
Definition: asn1.h:77
Pkcs7Certificates
Collection of certificates.
Definition: pkcs7_common.h:190
Pkcs7Certificates::raw
X509OctetString raw
Definition: pkcs7_common.h:191
X509OctetString::value
const uint8_t * value
Definition: x509_common.h:702
Pkcs7AuthenticatedAttributes
Authenticated attributes.
Definition: pkcs7_common.h:237
pkcs7ParseEnvelopedData
error_t pkcs7ParseEnvelopedData(const uint8_t *data, size_t length, Pkcs7EnvelopedData *envelopedData)
Parse enveloped-data content.
Definition: pkcs7_parse.c:224
X509OctetString
Octet string.
Definition: x509_common.h:701
uint_t
unsigned int uint_t
Definition: compiler_port.h:57
osMemset
#define osMemset(p, value, length)
Definition: os_port.h:138
pkcs7ParseSignerInfos
error_t pkcs7ParseSignerInfos(const uint8_t *data, size_t length, size_t *totalLength, Pkcs7SignerInfos *signerInfos)
Parse signerInfos structure.
Definition: pkcs7_parse.c:506
asn1ReadSequence
error_t asn1ReadSequence(const uint8_t *data, size_t length, Asn1Tag *tag)
Read an ASN.1 sequence from the input stream.
Definition: asn1.c:163
Pkcs7SignerInfos::raw
X509OctetString raw
Definition: pkcs7_common.h:281
Pkcs7RecipientInfos
Collection of recipient informations.
Definition: pkcs7_common.h:305
Pkcs7RecipientInfo::issuerAndSerialNumber
Pkcs7IssuerAndSerialNumber issuerAndSerialNumber
Definition: pkcs7_common.h:294
Pkcs7EnvelopedData
Enveloped data content.
Definition: pkcs7_common.h:366
X509SignAlgoId::rsaPssParams
X509RsaPssParameters rsaPssParams
Definition: x509_common.h:1091
pkcs7ParseAlgoId
error_t pkcs7ParseAlgoId(const uint8_t *data, size_t length, size_t *totalLength, X509AlgoId *algoId)
Parse AlgorithmIdentifier structure.
Definition: pkcs7_parse.c:1447
ASN1_TYPE_SET
@ ASN1_TYPE_SET
Definition: asn1.h:84
Asn1Tag::value
const uint8_t * value
Definition: asn1.h:110
asn1CheckTag
error_t asn1CheckTag(const Asn1Tag *tag, bool_t constructed, uint_t objClass, uint_t objType)
Enforce the type of a specified tag.
Definition: asn1.c:944
X509SignAlgoId
Signature algorithm identifier.
Definition: x509_common.h:1088
X509AlgoId
Algorithm identifier.
Definition: x509_common.h:774
NO_ERROR
@ NO_ERROR
Success.
Definition: error.h:44
pkcs7ParseRecipientInfos
error_t pkcs7ParseRecipientInfos(const uint8_t *data, size_t length, size_t *totalLength, Pkcs7RecipientInfos *recipientInfos)
Parse recipientInfos structure.
Definition: pkcs7_parse.c:1129
debug.h
Debugging facilities.
Asn1Tag::objType
uint_t objType
Definition: asn1.h:108
asn1.h
ASN.1 (Abstract Syntax Notation One)
Pkcs7Attribute
Attribute.
Definition: pkcs7_common.h:225