Gitiles
Code Review Sign In
192.168.1.100 / R306 / 824eb0c6ade808c4501e62fbcf0025f4e694cd11 / . / ap / lib / libwolfssl / install / include / wolfssl / wolfcrypt / pkcs7.h
blob: 4f24e81836614fcf46f161961c813ece31fe170f [file] [log] [blame]
yuezonghe824eb0c2024-06-27 02:32:26 -0700[diff] [blame^]1/* pkcs7.h
2 *
3 * Copyright (C) 2006-2021 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22/*!
23 \file wolfssl/wolfcrypt/pkcs7.h
24*/
25
26#ifndef WOLF_CRYPT_PKCS7_H
27#define WOLF_CRYPT_PKCS7_H
28
29#include <wolfssl/wolfcrypt/types.h>
30
31#ifdef HAVE_PKCS7
32
33#ifndef NO_ASN
34 #include <wolfssl/wolfcrypt/asn.h>
35#endif
36#include <wolfssl/wolfcrypt/asn_public.h>
37#include <wolfssl/wolfcrypt/random.h>
38#ifndef NO_AES
39 #include <wolfssl/wolfcrypt/aes.h>
40#endif
41#ifndef NO_DES3
42 #include <wolfssl/wolfcrypt/des3.h>
43#endif
44#include <wolfssl/wolfcrypt/wc_encrypt.h>
45
46#ifdef __cplusplus
47 extern "C" {
48#endif
49
50/* Max number of certificates that PKCS7 structure can parse */
51#ifndef MAX_PKCS7_CERTS
52#ifdef OPENSSL_ALL
53 #define MAX_PKCS7_CERTS 15
54#else
55 #define MAX_PKCS7_CERTS 4
56#endif
57#endif
58
59#ifndef MAX_ORI_TYPE_SZ
60 #define MAX_ORI_TYPE_SZ MAX_OID_SZ
61#endif
62#ifndef MAX_ORI_VALUE_SZ
63 #define MAX_ORI_VALUE_SZ 512
64#endif
65
66#ifndef MAX_SIGNED_ATTRIBS_SZ
67 #define MAX_SIGNED_ATTRIBS_SZ 7
68#endif
69
70#ifndef MAX_AUTH_ATTRIBS_SZ
71 #define MAX_AUTH_ATTRIBS_SZ 7
72#endif
73
74#ifndef MAX_UNAUTH_ATTRIBS_SZ
75 #define MAX_UNAUTH_ATTRIBS_SZ 7
76#endif
77
78/* PKCS#7 content types, ref RFC 2315 (Section 14) */
79enum PKCS7_TYPES {
80 PKCS7_MSG = 650, /* 1.2.840.113549.1.7 */
81 DATA = 651, /* 1.2.840.113549.1.7.1 */
82 SIGNED_DATA = 652, /* 1.2.840.113549.1.7.2 */
83 ENVELOPED_DATA = 653, /* 1.2.840.113549.1.7.3 */
84 SIGNED_AND_ENVELOPED_DATA = 654, /* 1.2.840.113549.1.7.4 */
85 DIGESTED_DATA = 655, /* 1.2.840.113549.1.7.5 */
86 ENCRYPTED_DATA = 656, /* 1.2.840.113549.1.7.6 */
87#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
88 COMPRESSED_DATA = 678, /* 1.2.840.113549.1.9.16.1.9, RFC 3274 */
89#endif
90 FIRMWARE_PKG_DATA = 685, /* 1.2.840.113549.1.9.16.1.16, RFC 4108 */
91 AUTH_ENVELOPED_DATA = 692 /* 1.2.840.113549.1.9.16.1.23, RFC 5083 */
92};
93
94enum PKCS7_STATE {
95 WC_PKCS7_START = 0,
96
97 /* decode encrypted */
98 WC_PKCS7_STAGE2,
99 WC_PKCS7_STAGE3,
100 WC_PKCS7_STAGE4,
101 WC_PKCS7_STAGE5,
102 WC_PKCS7_STAGE6,
103
104 WC_PKCS7_VERIFY_STAGE2,
105 WC_PKCS7_VERIFY_STAGE3,
106 WC_PKCS7_VERIFY_STAGE4,
107 WC_PKCS7_VERIFY_STAGE5,
108 WC_PKCS7_VERIFY_STAGE6,
109
110 /* parse info set */
111 WC_PKCS7_INFOSET_START,
112 WC_PKCS7_INFOSET_BER,
113 WC_PKCS7_INFOSET_STAGE1,
114 WC_PKCS7_INFOSET_STAGE2,
115 WC_PKCS7_INFOSET_END,
116
117 /* decode enveloped data */
118 WC_PKCS7_ENV_2,
119 WC_PKCS7_ENV_3,
120 WC_PKCS7_ENV_4,
121 WC_PKCS7_ENV_5,
122
123 /* decode auth enveloped */
124 WC_PKCS7_AUTHENV_2,
125 WC_PKCS7_AUTHENV_3,
126 WC_PKCS7_AUTHENV_4,
127 WC_PKCS7_AUTHENV_5,
128 WC_PKCS7_AUTHENV_6,
129 WC_PKCS7_AUTHENV_ATRB,
130 WC_PKCS7_AUTHENV_ATRBEND,
131 WC_PKCS7_AUTHENV_7,
132
133 /* decryption state types */
134 WC_PKCS7_DECRYPT_KTRI,
135 WC_PKCS7_DECRYPT_KTRI_2,
136 WC_PKCS7_DECRYPT_KTRI_3,
137
138
139 WC_PKCS7_DECRYPT_KARI,
140 WC_PKCS7_DECRYPT_KEKRI,
141 WC_PKCS7_DECRYPT_PWRI,
142 WC_PKCS7_DECRYPT_ORI,
143
144 WC_PKCS7_DECRYPT_DONE,
145
146};
147
148enum Pkcs7_Misc {
149 PKCS7_NONCE_SZ = 16,
150 MAX_ENCRYPTED_KEY_SZ = 512, /* max enc. key size, RSA <= 4096 */
151 MAX_CONTENT_KEY_LEN = 32, /* highest current cipher is AES-256-CBC */
152 MAX_CONTENT_IV_SIZE = 16, /* highest current is AES128 */
153#ifndef NO_AES
154 MAX_CONTENT_BLOCK_LEN = AES_BLOCK_SIZE,
155#else
156 MAX_CONTENT_BLOCK_LEN = DES_BLOCK_SIZE,
157#endif
158 MAX_RECIP_SZ = MAX_VERSION_SZ +
159 MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ +
160 MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ,
161};
162
163enum Cms_Options {
164 CMS_SKID = 1,
165 CMS_ISSUER_AND_SERIAL_NUMBER = 2,
166};
167#define DEGENERATE_SID 3
168
169/* CMS/PKCS#7 RecipientInfo types, RFC 5652, Section 6.2 */
170enum Pkcs7_RecipientInfo_Types {
171 PKCS7_KTRI = 0,
172 PKCS7_KARI = 1,
173 PKCS7_KEKRI = 2,
174 PKCS7_PWRI = 3,
175 PKCS7_ORI = 4
176};
177
178typedef struct PKCS7Attrib {
179 const byte* oid;
180 word32 oidSz;
181 const byte* value;
182 word32 valueSz;
183} PKCS7Attrib;
184
185
186typedef struct PKCS7DecodedAttrib {
187 struct PKCS7DecodedAttrib* next;
188 byte* oid;
189 word32 oidSz;
190 byte* value;
191 word32 valueSz;
192} PKCS7DecodedAttrib;
193
194typedef struct PKCS7State PKCS7State;
195typedef struct Pkcs7Cert Pkcs7Cert;
196typedef struct Pkcs7EncodedRecip Pkcs7EncodedRecip;
197typedef struct PKCS7 PKCS7;
198typedef struct PKCS7 PKCS7_SIGNED;
199typedef struct PKCS7SignerInfo PKCS7SignerInfo;
200
201/* OtherRecipientInfo decrypt callback prototype */
202typedef int (*CallbackOriDecrypt)(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
203 byte* oriValue, word32 oriValueSz,
204 byte* decryptedKey, word32* decryptedKeySz,
205 void* ctx);
206typedef int (*CallbackOriEncrypt)(PKCS7* pkcs7, byte* cek, word32 cekSz,
207 byte* oriType, word32* oriTypeSz,
208 byte* oriValue, word32* oriValueSz,
209 void* ctx);
210typedef int (*CallbackDecryptContent)(PKCS7* pkcs7, int encryptOID,
211 byte* iv, int ivSz, byte* aad, word32 aadSz,
212 byte* authTag, word32 authTagSz, byte* in,
213 int inSz, byte* out, void* ctx);
214typedef int (*CallbackWrapCEK)(PKCS7* pkcs7, byte* cek, word32 cekSz,
215 byte* keyId, word32 keyIdSz,
216 byte* originKey, word32 originKeySz,
217 byte* out, word32 outSz,
218 int keyWrapAlgo, int type, int dir);
219
220#if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
221/* RSA sign raw digest callback, user builds DigestInfo */
222typedef int (*CallbackRsaSignRawDigest)(PKCS7* pkcs7, byte* digest,
223 word32 digestSz, byte* out, word32 outSz,
224 byte* privateKey, word32 privateKeySz,
225 int devId, int hashOID);
226#endif
227
228/* Public Structure Warning:
229 * Existing members must not be changed to maintain backwards compatibility!
230 */
231struct PKCS7 {
232 WC_RNG* rng;
233 PKCS7Attrib* signedAttribs;
234 byte* content; /* inner content, not owner */
235 byte* contentDynamic; /* content if constructed OCTET_STRING */
236 byte* singleCert; /* recipient cert, DER, not owner */
237 const byte* issuer; /* issuer name of singleCert */
238 byte* privateKey; /* private key, DER, not owner */
239 void* heap; /* heap hint for dynamic memory */
240#ifdef ASN_BER_TO_DER
241 byte* der; /* DER encoded version of message */
242 word32 derSz;
243#endif
244 byte* cert[MAX_PKCS7_CERTS];
245
246 /* Encrypted-data Content Type */
247 byte* encryptionKey; /* block cipher encryption key */
248 PKCS7Attrib* unprotectedAttribs; /* optional */
249 PKCS7DecodedAttrib* decodedAttrib; /* linked list of decoded attribs */
250
251 /* Enveloped-data optional ukm, not owner */
252 byte* ukm;
253 word32 ukmSz;
254
255 word32 encryptionKeySz; /* size of key buffer, bytes */
256 word32 unprotectedAttribsSz;
257 word32 contentSz; /* content size */
258 word32 singleCertSz; /* size of recipient cert buffer, bytes */
259 word32 issuerSz; /* length of issuer name */
260 word32 issuerSnSz; /* length of serial number */
261
262 word32 publicKeySz;
263 word32 publicKeyOID; /* key OID (RSAk, ECDSAk, etc) */
264 word32 privateKeySz; /* size of private key buffer, bytes */
265 word32 signedAttribsSz;
266 int contentOID; /* PKCS#7 content type OID sum */
267 int hashOID;
268 int encryptOID; /* key encryption algorithm OID */
269 int keyWrapOID; /* key wrap algorithm OID */
270 int keyAgreeOID; /* key agreement algorithm OID */
271 int devId; /* device ID for HW based private key */
272 byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */
273 byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */
274 byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ]; /* MAX RSA key size (m + e)*/
275 word32 certSz[MAX_PKCS7_CERTS];
276
277 /* flags - up to 16-bits */
278 word16 isDynamic:1;
279 word16 noDegenerate:1; /* allow degenerate case in verify function */
280 word16 detached:1; /* generate detached SignedData signature bundles */
281
282 byte contentType[MAX_OID_SZ]; /* custom contentType byte array */
283 word32 contentTypeSz; /* size of contentType, bytes */
284
285 int sidType; /* SignerIdentifier type to use, of type
286 Pkcs7_SignerIdentifier_Types, default to
287 SID_ISSUER_AND_SERIAL_NUMBER */
288 byte issuerSubjKeyId[KEYID_SIZE]; /* SubjectKeyIdentifier of singleCert */
289 Pkcs7Cert* certList; /* certificates list for SignedData set */
290 Pkcs7EncodedRecip* recipList; /* recipients list */
291 byte* cek; /* content encryption key, random, dynamic */
292 word32 cekSz; /* size of cek, bytes */
293 byte* pass; /* password, for PWRI decryption */
294 word32 passSz; /* size of pass, bytes */
295 int kekEncryptOID; /* KEK encryption algorithm OID */
296
297 CallbackOriEncrypt oriEncryptCb; /* ORI encrypt callback */
298 CallbackOriDecrypt oriDecryptCb; /* ORI decrypt callback */
299 void* oriEncryptCtx; /* ORI encrypt user context ptr */
300 void* oriDecryptCtx; /* ORI decrypt user context ptr */
301
302 PKCS7Attrib* authAttribs; /* authenticated attribs */
303 word32 authAttribsSz;
304 PKCS7Attrib* unauthAttribs; /* unauthenticated attribs */
305 word32 unauthAttribsSz;
306
307#ifndef NO_PKCS7_STREAM
308 PKCS7State* stream;
309#endif
310 word32 state;
311
312 word16 skipDefaultSignedAttribs:1; /* skip adding default signed attribs */
313
314 byte version; /* 1 for RFC 2315 and 3 for RFC 4108 */
315 PKCS7SignerInfo* signerInfo;
316 CallbackDecryptContent decryptionCb;
317 CallbackWrapCEK wrapCEKCb;
318 void* decryptionCtx;
319
320 byte* signature;
321 byte* plainDigest;
322 byte* pkcs7Digest;
323 word32 signatureSz;
324 word32 plainDigestSz;
325 word32 pkcs7DigestSz;
326
327#if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
328 CallbackRsaSignRawDigest rsaSignRawDigestCb;
329#endif
330
331 /* used by DecodeEnvelopedData with multiple encrypted contents */
332 byte* cachedEncryptedContent;
333 word32 cachedEncryptedContentSz;
334 /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
335};
336
337WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId);
338WOLFSSL_API int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId);
339WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* der, word32 derSz);
340WOLFSSL_API int wc_PKCS7_AddCertificate(PKCS7* pkcs7, byte* der, word32 derSz);
341WOLFSSL_API void wc_PKCS7_Free(PKCS7* pkcs7);
342
343WOLFSSL_API int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid,
344 word32 oidSz, byte* out, word32* outSz);
345
346WOLFSSL_API int wc_PKCS7_SetSignerIdentifierType(PKCS7* pkcs7, int type);
347WOLFSSL_API int wc_PKCS7_SetContentType(PKCS7* pkcs7, byte* contentType,
348 word32 sz);
349WOLFSSL_API int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz);
350WOLFSSL_API int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz,
351 word32 blockSz);
352
353/* CMS/PKCS#7 Data */
354WOLFSSL_API int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output,
355 word32 outputSz);
356
357/* CMS/PKCS#7 SignedData */
358WOLFSSL_API int wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag);
359WOLFSSL_API int wc_PKCS7_NoDefaultSignedAttribs(PKCS7* pkcs7);
360WOLFSSL_API int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
361 byte* output, word32 outputSz);
362WOLFSSL_API int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
363 word32 hashSz, byte* outputHead,
364 word32* outputHeadSz,
365 byte* outputFoot,
366 word32* outputFootSz);
367WOLFSSL_API void wc_PKCS7_AllowDegenerate(PKCS7* pkcs7, word16 flag);
368WOLFSSL_API int wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
369 byte* pkiMsg, word32 pkiMsgSz);
370WOLFSSL_API int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
371 word32 hashSz, byte* pkiMsgHead,
372 word32 pkiMsgHeadSz, byte* pkiMsgFoot,
373 word32 pkiMsgFootSz);
374
375WOLFSSL_API int wc_PKCS7_GetSignerSID(PKCS7* pkcs7, byte* out, word32* outSz);
376
377/* CMS single-shot API for Signed FirmwarePkgData */
378WOLFSSL_API int wc_PKCS7_EncodeSignedFPD(PKCS7* pkcs7, byte* privateKey,
379 word32 privateKeySz, int signOID,
380 int hashOID, byte* content,
381 word32 contentSz,
382 PKCS7Attrib* signedAttribs,
383 word32 signedAttribsSz, byte* output,
384 word32 outputSz);
385#ifndef NO_PKCS7_ENCRYPTED_DATA
386/* CMS single-shot API for Signed Encrypted FirmwarePkgData */
387WOLFSSL_API int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7,
388 byte* encryptKey, word32 encryptKeySz,
389 byte* privateKey, word32 privateKeySz,
390 int encryptOID, int signOID,
391 int hashOID, byte* content,
392 word32 contentSz,
393 PKCS7Attrib* unprotectedAttribs,
394 word32 unprotectedAttribsSz,
395 PKCS7Attrib* signedAttribs,
396 word32 signedAttribsSz,
397 byte* output, word32 outputSz);
398#endif /* NO_PKCS7_ENCRYPTED_DATA */
399#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
400/* CMS single-shot API for Signed Compressed FirmwarePkgData */
401WOLFSSL_API int wc_PKCS7_EncodeSignedCompressedFPD(PKCS7* pkcs7,
402 byte* privateKey, word32 privateKeySz,
403 int signOID, int hashOID,
404 byte* content, word32 contentSz,
405 PKCS7Attrib* signedAttribs,
406 word32 signedAttribsSz, byte* output,
407 word32 outputSz);
408
409#ifndef NO_PKCS7_ENCRYPTED_DATA
410/* CMS single-shot API for Signed Encrypted Compressed FirmwarePkgData */
411WOLFSSL_API int wc_PKCS7_EncodeSignedEncryptedCompressedFPD(PKCS7* pkcs7,
412 byte* encryptKey, word32 encryptKeySz,
413 byte* privateKey, word32 privateKeySz,
414 int encryptOID, int signOID,
415 int hashOID, byte* content,
416 word32 contentSz,
417 PKCS7Attrib* unprotectedAttribs,
418 word32 unprotectedAttribsSz,
419 PKCS7Attrib* signedAttribs,
420 word32 signedAttribsSz,
421 byte* output, word32 outputSz);
422#endif /* !NO_PKCS7_ENCRYPTED_DATA */
423#endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
424
425/* EnvelopedData and AuthEnvelopedData RecipientInfo functions */
426WOLFSSL_API int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert,
427 word32 certSz, int options);
428WOLFSSL_API int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert,
429 word32 certSz, int keyWrapOID,
430 int keyAgreeOID, byte* ukm,
431 word32 ukmSz, int options);
432
433WOLFSSL_API int wc_PKCS7_SetKey(PKCS7* pkcs7, byte* key, word32 keySz);
434WOLFSSL_API int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID,
435 byte* kek, word32 kekSz,
436 byte* keyID, word32 keyIdSz,
437 void* timePtr, byte* otherOID,
438 word32 otherOIDSz, byte* other,
439 word32 otherSz, int options);
440
441WOLFSSL_API int wc_PKCS7_SetPassword(PKCS7* pkcs7, byte* passwd, word32 pLen);
442WOLFSSL_API int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd,
443 word32 pLen, byte* salt,
444 word32 saltSz, int kdfOID,
445 int prfOID, int iterations,
446 int kekEncryptOID, int options);
447WOLFSSL_API int wc_PKCS7_SetOriEncryptCtx(PKCS7* pkcs7, void* ctx);
448WOLFSSL_API int wc_PKCS7_SetOriDecryptCtx(PKCS7* pkcs7, void* ctx);
449WOLFSSL_API int wc_PKCS7_SetOriDecryptCb(PKCS7* pkcs7, CallbackOriDecrypt cb);
450WOLFSSL_API int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt cb,
451 int options);
452WOLFSSL_API int wc_PKCS7_SetWrapCEKCb(PKCS7* pkcs7,
453 CallbackWrapCEK wrapCEKCb);
454
455#if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
456WOLFSSL_API int wc_PKCS7_SetRsaSignRawDigestCb(PKCS7* pkcs7,
457 CallbackRsaSignRawDigest cb);
458#endif
459
460/* CMS/PKCS#7 EnvelopedData */
461WOLFSSL_API int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
462 byte* output, word32 outputSz);
463WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
464 word32 pkiMsgSz, byte* output,
465 word32 outputSz);
466
467/* CMS/PKCS#7 AuthEnvelopedData */
468WOLFSSL_API int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7,
469 byte* output, word32 outputSz);
470WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
471 word32 pkiMsgSz, byte* output,
472 word32 outputSz);
473
474/* CMS/PKCS#7 EncryptedData */
475#ifndef NO_PKCS7_ENCRYPTED_DATA
476WOLFSSL_API int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7,
477 byte* output, word32 outputSz);
478WOLFSSL_API int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg,
479 word32 pkiMsgSz, byte* output,
480 word32 outputSz);
481WOLFSSL_API int wc_PKCS7_SetDecodeEncryptedCb(PKCS7* pkcs7,
482 CallbackDecryptContent decryptionCb);
483WOLFSSL_API int wc_PKCS7_SetDecodeEncryptedCtx(PKCS7* pkcs7, void* ctx);
484#endif /* NO_PKCS7_ENCRYPTED_DATA */
485
486/* CMS/PKCS#7 CompressedData */
487#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
488WOLFSSL_API int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output,
489 word32 outputSz);
490WOLFSSL_API int wc_PKCS7_DecodeCompressedData(PKCS7* pkcs7, byte* pkiMsg,
491 word32 pkiMsgSz, byte* output,
492 word32 outputSz);
493#endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
494
495#ifdef __cplusplus
496 } /* extern "C" */
497#endif
498
499#endif /* HAVE_PKCS7 */
500#endif /* WOLF_CRYPT_PKCS7_H */
501