fix bind_wc_PKCS7_EncodeSignedData and implement wc_PKCS7_GetAttributeValue and wc_PKCS7_GetSignerSID

John Bland · John Bland · commit 5e611ed5c6a5 · 2022-08-11T17:34:17.000-04:00
bind_wc_PKCS7_EncodeSignedData required that the wc_PKCS7_SetSignerIdentifierType was called and that pkcs7-&gt;publicKeyOID was set to the same value as encryptOID, now it runs without error

implemented wc_PKCS7_GetAttributeValue and wc_PKCS7_GetSignerSID bindings
diff --git a/addon/wolfcrypt/h/pkcs7.h b/addon/wolfcrypt/h/pkcs7.h
@@ -19,8 +19,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 #include <napi.h>
-#include "wolfssl/options.h"
+#include <wolfssl/options.h>
 #include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/pkcs7.h>
 
 Napi::Number sizeof_PKCS7(const Napi::CallbackInfo& info);
@@ -32,4 +33,8 @@ Napi::Number bind_wc_PKCS7_AddCertificate(const Napi::CallbackInfo& info);
 Napi::Number bind_wc_PKCS7_EncodeData(const Napi::CallbackInfo& info);
 Napi::Number bind_wc_PKCS7_EncodeSignedData(const Napi::CallbackInfo& info);
 Napi::Number bind_wc_PKCS7_VerifySignedData(const Napi::CallbackInfo& info);
+Napi::Number sizeof_wc_PKCS7_GetAttributeValue(const Napi::CallbackInfo& info);
+Napi::Number bind_wc_PKCS7_GetAttributeValue(const Napi::CallbackInfo& info);
+Napi::Number sizeof_wc_PKCS7_GetSignerSID(const Napi::CallbackInfo& info);
+Napi::Number bind_wc_PKCS7_GetSignerSID(const Napi::CallbackInfo& info);
 void bind_wc_PKCS7_Free(const Napi::CallbackInfo& info);
diff --git a/addon/wolfcrypt/main.cpp b/addon/wolfcrypt/main.cpp
@@ -123,6 +123,10 @@ Napi::Object Init(Napi::Env env, Napi::Object exports)
   exports.Set(Napi::String::New(env, "wc_PKCS7_EncodeData"), Napi::Function::New(env, bind_wc_PKCS7_EncodeData));
   exports.Set(Napi::String::New(env, "wc_PKCS7_EncodeSignedData"), Napi::Function::New(env, bind_wc_PKCS7_EncodeSignedData));
   exports.Set(Napi::String::New(env, "wc_PKCS7_VerifySignedData"), Napi::Function::New(env, bind_wc_PKCS7_VerifySignedData));
+  exports.Set(Napi::String::New(env, "sizeof_wc_PKCS7_GetAttributeValue"), Napi::Function::New(env, sizeof_wc_PKCS7_GetAttributeValue));
+  exports.Set(Napi::String::New(env, "wc_PKCS7_GetAttributeValue"), Napi::Function::New(env, bind_wc_PKCS7_GetAttributeValue));
+  exports.Set(Napi::String::New(env, "sizeof_wc_PKCS7_GetSignerSID"), Napi::Function::New(env, sizeof_wc_PKCS7_GetSignerSID));
+  exports.Set(Napi::String::New(env, "wc_PKCS7_GetSignerSID"), Napi::Function::New(env, bind_wc_PKCS7_GetSignerSID));
   exports.Set(Napi::String::New(env, "wc_PKCS7_Free"), Napi::Function::New(env, bind_wc_PKCS7_Free));
 
   return exports;
diff --git a/addon/wolfcrypt/pkcs7.cpp b/addon/wolfcrypt/pkcs7.cpp
@@ -223,11 +223,19 @@ Napi::Number bind_wc_PKCS7_EncodeSignedData(const Napi::CallbackInfo& info)
 
   wc_InitRng( &rng );
 
+  ret = wc_PKCS7_SetSignerIdentifierType( pkcs7, CMS_SKID );
+
+  if ( ret != 0 )
+  {
+    return Napi::Number::New( env, ret );
+  }
+
   pkcs7->content = data;
   pkcs7->contentSz = data_size;
   pkcs7->privateKey = key;
   pkcs7->privateKeySz = key_size;
   pkcs7->encryptOID = key_sum;
+  pkcs7->publicKeyOID = key_sum;
   pkcs7->hashOID = hash_sum;
   pkcs7->rng = &rng;
 
@@ -251,6 +259,80 @@ Napi::Number bind_wc_PKCS7_VerifySignedData(const Napi::CallbackInfo& info)
   return Napi::Number::New( env, ret );
 }
 
+Napi::Number sizeof_wc_PKCS7_GetAttributeValue(const Napi::CallbackInfo& info)
+{
+  int ret;
+  Napi::Env env = info.Env();
+  PKCS7* pkcs7 = (PKCS7*)( info[0].As<Napi::Uint8Array>().Data() );
+  uint8_t* oid = info[1].As<Napi::Uint8Array>().Data();
+  unsigned int oid_size = info[2].As<Napi::Number>().Int32Value();
+  unsigned int out_size;
+
+  ret = wc_PKCS7_GetAttributeValue( pkcs7, oid, oid_size, NULL, &out_size );
+
+  if ( ret != LENGTH_ONLY_E )
+  {
+    return Napi::Number::New( env, ret );
+  }
+
+  return Napi::Number::New( env, out_size );
+}
+
+Napi::Number bind_wc_PKCS7_GetAttributeValue(const Napi::CallbackInfo& info)
+{
+  int ret;
+  Napi::Env env = info.Env();
+  PKCS7* pkcs7 = (PKCS7*)( info[0].As<Napi::Uint8Array>().Data() );
+  uint8_t* oid = info[1].As<Napi::Uint8Array>().Data();
+  unsigned int oid_size = info[2].As<Napi::Number>().Int32Value();
+  uint8_t* out = info[3].As<Napi::Uint8Array>().Data();
+  unsigned int out_size = info[4].As<Napi::Number>().Int32Value();
+
+  ret = wc_PKCS7_GetAttributeValue( pkcs7, oid, oid_size, out, &out_size );
+
+  if ( ret < 0 )
+  {
+    return Napi::Number::New( env, ret );
+  }
+
+  return Napi::Number::New( env, out_size );
+}
+
+Napi::Number sizeof_wc_PKCS7_GetSignerSID(const Napi::CallbackInfo& info)
+{
+  int ret;
+  Napi::Env env = info.Env();
+  PKCS7* pkcs7 = (PKCS7*)( info[0].As<Napi::Uint8Array>().Data() );
+  unsigned int out_size;
+
+  ret = wc_PKCS7_GetSignerSID( pkcs7, NULL, &out_size );
+
+  if ( ret != LENGTH_ONLY_E )
+  {
+    return Napi::Number::New( env, ret );
+  }
+
+  return Napi::Number::New( env, out_size );
+}
+
+Napi::Number bind_wc_PKCS7_GetSignerSID(const Napi::CallbackInfo& info)
+{
+  int ret;
+  Napi::Env env = info.Env();
+  PKCS7* pkcs7 = (PKCS7*)( info[0].As<Napi::Uint8Array>().Data() );
+  uint8_t* out = info[1].As<Napi::Uint8Array>().Data();
+  unsigned int out_size = info[2].As<Napi::Number>().Int32Value();
+
+  ret = wc_PKCS7_GetSignerSID( pkcs7, out, &out_size );
+
+  if ( ret < 0 )
+  {
+    return Napi::Number::New( env, ret );
+  }
+
+  return Napi::Number::New( env, out_size );
+}
+
 void bind_wc_PKCS7_Free(const Napi::CallbackInfo& info)
 {
   PKCS7* pkcs7 = (PKCS7*)( info[0].As<Napi::Uint8Array>().Data() );
diff --git a/interfaces/pkcs7.js b/interfaces/pkcs7.js
@@ -130,7 +130,7 @@ class WolfSSL_PKCS7
 
     let ret = wolfcrypt.wc_PKCS7_EncodeSignedData( this.pkcs7, data, data.length, key, key.length, keySumType, hashSumType, outBuf, outBuf.length )
 
-    if ( ret != 0 )
+    if ( ret <= 0 )
     {
       throw `Failed to wc_PKCS7_EncodeSignedData ${ ret }`
     }
@@ -160,6 +160,54 @@ class WolfSSL_PKCS7
     }
   }
 
+  GetAttributeValue( oid )
+  {
+    if ( this.pkcs7 == null )
+    {
+      throw 'Pkcs7 not allocated'
+    }
+
+    if ( typeof oid == 'string' )
+    {
+      oid = Buffer.from( oid )
+    }
+
+    if ( !Buffer.isBuffer( oid ) )
+    {
+      throw `oid must be a Buffer or string`
+    }
+
+    let outBuf = Buffer.alloc( wolfcrypt.sizeof_wc_PKCS7_GetAttributeValue( this.pkcs7, oid, oid.length ) )
+
+    let ret = wolfcrypt.wc_PKCS7_GetAttributeValue(  this.pkcs7, oid, oid.length, outBuf, outBuf.length )
+
+    if ( ret <= 0 )
+    {
+      throw `Failed to wc_PKCS7_GetAttributeValue ${ ret }`
+    }
+
+    return outBuf
+  }
+
+  GetSignerSID()
+  {
+    if ( this.pkcs7 == null )
+    {
+      throw 'Pkcs7 not allocated'
+    }
+
+    let outBuf = Buffer.alloc( wolfcrypt.sizeof_wc_PKCS7_GetSignerSID( this.pkcs7 ) )
+
+    let ret = wolfcrypt.wc_PKCS7_GetSignerSID( this.pkcs7, outBuf, outBuf.length )
+
+    if ( ret <= 0 )
+    {
+      throw `Failed to wc_PKCS7_GetSignerSID ${ ret }`
+    }
+
+    return outBuf
+  }
+
   free()
   {
     wolfcrypt.wc_PKCS7_Free( this.pkcs7 )
diff --git a/tests/pkcs7.js b/tests/pkcs7.js
@@ -47,8 +47,6 @@ const pkcs7_tests =
 
     const encoded = pkcs7.EncodeData( message, key )
 
-    console.log( encoded.toString() )
-
     pkcs7.free()
 
     console.log( 'PASS pkcs7 encodeData' )
@@ -64,11 +62,79 @@ const pkcs7_tests =
 
     const encoded = pkcs7.EncodeSignedData( message, key, 'RSA', 'SHA' )
 
-    console.log( encoded.toString() )
+    pkcs7.free()
+
+    pkcs7 = new WolfSSL_PKCS7()
+
+    pkcs7.VerifySignedData( encoded )
+
+    console.log( 'PASS pkcs7 signVerify' )
+  },
+
+  getAttribute: function()
+  {
+    const cert = fs.readFileSync( './client-cert.der' )
+    const key = fs.readFileSync( './client-key.der' )
+
+    let pkcs7 = new WolfSSL_PKCS7()
+    pkcs7.AddCertificate( cert )
+
+    const encoded = pkcs7.EncodeSignedData( message, key, 'RSA', 'SHA' )
 
     pkcs7.free()
 
-    console.log( 'PASS pkcs7 encodeData' )
+    pkcs7 = new WolfSSL_PKCS7()
+
+    pkcs7.VerifySignedData( encoded )
+
+    // oid identifier for data
+    const data = pkcs7.GetAttributeValue( Buffer.from( '2a864886f70d010904', 'hex' ) )
+
+    console.log( 'PASS pkcs7 getAttribute' )
+  },
+
+  getAttribute: function()
+  {
+    const cert = fs.readFileSync( './client-cert.der' )
+    const key = fs.readFileSync( './client-key.der' )
+
+    let pkcs7 = new WolfSSL_PKCS7()
+    pkcs7.AddCertificate( cert )
+
+    const encoded = pkcs7.EncodeSignedData( message, key, 'RSA', 'SHA' )
+
+    pkcs7.free()
+
+    pkcs7 = new WolfSSL_PKCS7()
+
+    pkcs7.VerifySignedData( encoded )
+
+    // oid identifier for data
+    const data = pkcs7.GetAttributeValue( Buffer.from( '2a864886f70d010904', 'hex' ) )
+
+    console.log( 'PASS pkcs7 getAttribute' )
+  },
+
+  getSid: function()
+  {
+    const cert = fs.readFileSync( './client-cert.der' )
+    const key = fs.readFileSync( './client-key.der' )
+
+    let pkcs7 = new WolfSSL_PKCS7()
+    pkcs7.AddCertificate( cert )
+
+    const encoded = pkcs7.EncodeSignedData( message, key, 'RSA', 'SHA' )
+
+    pkcs7.free()
+
+    pkcs7 = new WolfSSL_PKCS7()
+
+    pkcs7.VerifySignedData( encoded )
+
+    // oid identifier for data
+    const data = pkcs7.GetSignerSID()
+
+    console.log( 'PASS pkcs7 getSid' )
   },
 }
 
