Add streaming support for PKCS7_VerifySignedData.

[TakayukiMatsuo]

Description

Extend PKCS7_VerifySignedData streaming to support PKCS7 bundle which has multiple part octet.

Fixes zd#16606

Testing

Run an application and data provided in zd#16606.

Checklist

• added tests
• updated/added doxygen
• updated appropriate READMEs
• Updated manual and documentation

[TakayukiMatsuo]

Hi　@JacobBarthelmeh ,

In this PR, I made a small change to wc_PKCS7_AddDataToStream. This change resets pksc7->stream>idx to 0 after reading the input data that satisfies the argument expected. Without this modification, If pksc7->stream>idx is not reset to 0, the input data will be skipped in the next wc_PKCS7_AddDataToStream call.

I thought this was a bug, so made a change in this PR. However, this change caused errors in existing streaming test cases.
Am wondering if this change is wrong, or if I'm calling wc_PKCS7_AddDataToStream incorrectly. I would be happy to hear your opinions on the changes I have made.

Thanks,
Tak

[douzzer]

Hi Tak. Most of the change requests from my review are for reports from automated analysis.

The one bigger problem is regarding the change to wc_PKCS7_AddDataToStream(). In order to get the existing unit tests to pass, I had to comment that out.

I don't yet understand the problem you were addressing with that clause, but whatever it is, we need to include new test(s) in wolfcrypt/test/test.c and/or tests/api.c that test for it and fail without the fix.

[douzzer]

This needs to move up to avoid -Wdeclaration-after-statement.

[TakayukiMatsuo]

Moved that variable declaration up.

[douzzer]

line length

[TakayukiMatsuo]

fixed the length.

[douzzer]

line length

[TakayukiMatsuo]

fixed the length.

[douzzer]

line length

[TakayukiMatsuo]

fixed the length.

[douzzer]

line length

[TakayukiMatsuo]

fixed the length.

[douzzer]

With this clause added, there are numerous test failures, including testwolfcrypt:

 error L=43158 code=-140 (ASN parsing error, invalid input)

All tests pass with this commented out, but I assume that's creating other problems this was intended to address.

[TakayukiMatsuo]

removed the portion.

[douzzer]

These assignments are producing

wolfssl/wolfcrypt/src/pkcs7.c:5403:13: warning: Value stored to 'multiPart' is never read [clang-analyzer-deadcode.DeadStores]
wolfssl/wolfcrypt/src/pkcs7.c:5404:13: warning: Value stored to 'detached' is never read [clang-analyzer-deadcode.DeadStores]

[TakayukiMatsuo]

removed those two lines.

[dgarske]

@TakayukiMatsuo , I see PR review feedback that is not yet fixed. Can you provide an update on the status of this PR? Are you planning to push further fixes? Thanks, David Garske

[JacobBarthelmeh]

FYI for the current failing PRB master it looks to be a build when PKCS7 streaming mode is disabled (defining the macro NO_PKCS7_STREAM):

wolfcrypt/src/pkcs7.c:5273:18: error: ‘PKCS7’ has no member named ‘stream’
 5273 |         if (pkcs7->stream->content != NULL) {

      |                  ^~

In file included from ./wolfssl/wolfcrypt/pkcs7.h:29,

                 from wolfcrypt/src/pkcs7.c:31:

wolfcrypt/src/pkcs7.c:5274:24: error: ‘PKCS7’ has no member named ‘stream’
 5274 |             XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
      |                        ^~
./wolfssl/wolfcrypt/types.h:573:63: note: in definition of macro ‘XFREE’

Not as sure on the krb5 actions test, it would need farther investigation.

[TakayukiMatsuo]

@douzzer , @JacobBarthelmeh and @dgarske , thank you for your help. It's been a while, but I will adjust my time to complete this PR.

[bandi13]

retest this please

[cconlon]

@TakayukiMatsuo Is this ready for re-review?

Thanks,
Chris

[TakayukiMatsuo]

@cconlon , yes, it is ready.

[cconlon]

Thanks @TakayukiMatsuo, I'm assigning over to @JacobBarthelmeh for re-review. @JacobBarthelmeh, feel free to have @douzzer re-review his comments if you would like.

[JacobBarthelmeh]

There appears to be some issues when trying this out. Could you let me know if these tests are invalid?

Steps to recreate:

Create a test SMIME bundle

cd wolfssl-examples/pkcs7
openssl smime -sign -in ~/Documents/wolfssl/configure.ac -out test-signed -signer ../certs/ca-cert.pem -nodetach -nocerts -binary -outform DER -stream -inkey ../certs/ca-key.pem 

Alter the pkcs7-verify.c example to take in an argument and verify in chunks:

--- a/pkcs7/pkcs7-verify.c
+++ b/pkcs7/pkcs7-verify.c
@@ -42,7 +42,7 @@ int main(int argc, char** argv)
 #endif
 
     /* load DER PKCS7 */
-    derFile = fopen("signed.p7s", "rb");
+    derFile = fopen(argv[1], "rb");
     if (derFile) {
         fseek(derFile, 0, SEEK_END);
         derSz = (int)ftell(derFile);
@@ -70,9 +70,14 @@ int main(int argc, char** argv)
     if (rc != 0) goto exit;
     rc = wc_PKCS7_InitWithCert(&pkcs7, NULL, 0);
     if (rc != 0) goto exit;
-    rc = wc_PKCS7_VerifySignedData(&pkcs7, derBuf, derSz);
-    if (rc != 0) goto exit;
 
+    int z, chunkSz = 1;
+    for (z = 0; z < derSz;) {
+        int sz = (z + chunkSz > derSz)? derSz - z : chunkSz;
+        rc = wc_PKCS7_VerifySignedData(&pkcs7, derBuf+z, sz);
+        z+=sz;
+    }
+    if (rc != 0) goto exit;
     printf("PKCS7 Verify Success\n");
 
 exit:

With chunkSz set to 1 it fails out with -270 (want more data), but set to 10 it succeeds with -272 (needs sig verify) which is expected here since -nocerts was used when creating the test bundle.

Moving on to a bundle that has certificates in it:

openssl smime -sign -in ~/Documents/wolfssl/configure.ac -out test-signed -signer ../certs/ca-cert.pem -nodetach -binary -outform DER -stream -inkey ../certs/ca-key.pem 

The test application is getting -270 with chunkSz set to 10:

bash-3.2$ ./pkcs7-verify test-signed 
Der 318126
RC=-270

Upping chunkSz to 100 then saw it verify successfully.

[douzzer]

looks mostly good -- super-quick-check found one trivial defect.

[douzzer]

This is warning on C++:

[all-g++] [7 of 31] [2bce5fef9f]
    configure...   real 0m21.405s  user 0m8.403s  sys 0m14.967s
    build...In file included from ./wolfssl/wolfcrypt/pkcs7.h:29,
                 from wolfcrypt/src/pkcs7.c:31:
wolfcrypt/src/pkcs7.c: In function ‘int PKCS7_VerifySignedData(PKCS7*, const byte*, word32, byte*, word32, byte*, word32)’:
9386a882b9 (<juliusz@wolfssl.com> 2021-10-19 15:51:29 +0200 571)                 #define XMALLOC(s, h, t)     ((void)(h), (void)(t), wolfSSL_Malloc((s)))
./wolfssl/wolfcrypt/types.h:571:67: error: invalid conversion from ‘void*’ to ‘byte*’ {aka ‘unsigned char*’} [-fpermissive]
  571 |                 #define XMALLOC(s, h, t)     ((void)(h), (void)(t), wolfSSL_Malloc((s)))
      |                                              ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~
      |                                                                   |
      |                                                                   void*
2bce5fef9f (<tak@wolfssl.com> 2023-11-07 13:09:38 +0900 5363)                 pkcs7->contentDynamic   = XMALLOC(pkcs7->stream->contentSz,
wolfcrypt/src/pkcs7.c:5363:43: note: in expansion of macro ‘XMALLOC’
 5363 |                 pkcs7->contentDynamic   = XMALLOC(pkcs7->stream->contentSz,
      |                                           ^~~~~~~
make[2]: *** [Makefile:7251: wolfcrypt/src/src_libwolfssl_la-pkcs7.lo] Error 1
make[2]: *** Waiting for unfinished jobs....
make[1]: *** [Makefile:8064: all-recursive] Error 1
make: *** [Makefile:4782: all] Error 2
   real 0m14.125s  user 1m20.695s  sys 0m8.076s
    all-g++ fail_build
    failed config: '--enable-all' '--enable-testcert' '--enable-srtp' '--enable-sp-math-all' 'CC=g++' 'CPPFLAGS=-DNO_WOLFSSL_CIPHER_SUITE_TEST -DWOLFSSL_OLD_PRIME_CHECK'

[TakayukiMatsuo]

Added a cast to XMALLOC.

[TakayukiMatsuo]

Hi Jacob,

Probably need to modify the code fragment you use a bit to be able to handle the return code from wc_PKCS7_VerifySignedData, like this:

 for (z = 0; z < derSz;) {
        int sz = (z + chunkSz > derSz)? derSz - z : chunkSz;
        rc = wc_PKCS7_VerifySignedData(&pkcs7, derBuf + z, sz);
        if (rc < 0) {
            if (rc == WC_PKCS7_WANT_READ_E) {
                z += sz;
                continue;
            }
            printf("Error z:%d %d: %s\n", z, rc, wc_GetErrorString(rc));
            break;
        }
        else {
            break;
        }
    }

With this code, could get expected result with the test bundle file.
Tak

[JacobBarthelmeh]

Hi Jacob,

Probably need to modify the code fragment you use a bit to be able to handle the return code from wc_PKCS7_VerifySignedData, like this:

 for (z = 0; z < derSz;) {
        int sz = (z + chunkSz > derSz)? derSz - z : chunkSz;
        rc = wc_PKCS7_VerifySignedData(&pkcs7, derBuf + z, sz);
        if (rc < 0) {
            if (rc == WC_PKCS7_WANT_READ_E) {
                z += sz;
                continue;
            }
            printf("Error z:%d %d: %s\n", z, rc, wc_GetErrorString(rc));
            break;
        }
        else {
            break;
        }
    }

With this code, could get expected result with the test bundle file. Tak

Tak, adding an early bail on error case does succeed. This likely means that the last bytes of the bundle are not being parsed though and that it is reaching the (-272) error in this case early. With indef it should only be 0's but I think we should have it confirm that they are. Adding derBuf[derSz - 2] = derBuf[derSz - 2] + 1; before verifying the bundle seems to still return success.

[bandi13]

retest this please

[TakayukiMatsuo]

Hi Jacob, added trailing zero's check.

[JacobBarthelmeh]

Hi @TakayukiMatsuo , Please double check the case of altering the last bytes in the bundle before verification.

[TakayukiMatsuo]

Hi @JacobBarthelmeh , Confirmed ASN_PARSE_E(-140) is returned when the last byte of the bundle is altered by adding derBuf[derSz - 2] = derBuf[derSz - 2] + 1; to the sample code.

[JacobBarthelmeh]

Thanks @TakayukiMatsuo for all your hard work on this!

cast of XMALLOC return was addressed