[PATCH 0/2] Add PKCS#7 verification
33 views
Skip to first unread message
Bastian Germann
Mar 21, 2023, 9:07:27 AM3/21/23
to swup...@googlegroups.com, Bastian Germann
SWUpdate's wolfSSL crypto implementation lacks CMS support currently.
CMS is the same as PKCS#7 for the most part and wolfSSL supports
PKCS#7. Implement the signature verification based on the OpenSSL
compatibility layer and use some wolfSSL-specific data structures where
the current API situation does not provide the needed abstractions.
I had a hard time with getting the X.509 common name from the
certificate, so I have left this part for some other time (or person)
to implement.
By the way, mbedTLS also has some PKCS#7 support in the latest 3.3.0
release, so maybe it is possible to add support for it as well.
Bastian Germann (2):
Add PKCS#7 verification for wolfSSL
Hide forced-signer-name from non-CMS and wolfSSL
Kconfig | 13 +-
core/swupdate.c | 4 +
corelib/Makefile | 4 +-
corelib/swupdate_cms_verify.c | 2 +
corelib/swupdate_pkcs7_verify.c | 173 +++++++++++++++++++++++++
corelib/swupdate_verify_private.h | 2 +
corelib/verify_signature.c | 3 +
include/sslapi.h | 3 +-
scripts/acceptance-tests/CheckImage.mk | 2 +
9 files changed, 200 insertions(+), 6 deletions(-)
create mode 100644 corelib/swupdate_pkcs7_verify.c
--
2.39.2
CMS is the same as PKCS#7 for the most part and wolfSSL supports
PKCS#7. Implement the signature verification based on the OpenSSL
compatibility layer and use some wolfSSL-specific data structures where
the current API situation does not provide the needed abstractions.
I had a hard time with getting the X.509 common name from the
certificate, so I have left this part for some other time (or person)
to implement.
By the way, mbedTLS also has some PKCS#7 support in the latest 3.3.0
release, so maybe it is possible to add support for it as well.
Bastian Germann (2):
Add PKCS#7 verification for wolfSSL
Hide forced-signer-name from non-CMS and wolfSSL
Kconfig | 13 +-
core/swupdate.c | 4 +
corelib/Makefile | 4 +-
corelib/swupdate_cms_verify.c | 2 +
corelib/swupdate_pkcs7_verify.c | 173 +++++++++++++++++++++++++
corelib/swupdate_verify_private.h | 2 +
corelib/verify_signature.c | 3 +
include/sslapi.h | 3 +-
scripts/acceptance-tests/CheckImage.mk | 2 +
9 files changed, 200 insertions(+), 6 deletions(-)
create mode 100644 corelib/swupdate_pkcs7_verify.c
--
2.39.2
Reply all
Reply to author
Forward
0 new messages