• Registered: 2017-11-21
  • Posts: 10

Topic: Encode big files as PKCS7

Hi,

I have a requisite to write an XML file as PKCS7 file, signed but not encripted. After a bit of research/debug, I arranged to succesfully do this task with code around 'wc_PKCS7_EncodeSignedData'. It work pretty well and fast.

But my xml file could be very large (around 40mb). My board have an 8gb sdcard on which a filesystem is implemented, but the working ram is very limited (not more of 4mb free). So, I need to feed the data to 'EncodeSignedData' in small chunks, and your function must flush the asn through another function, in small chunks too.

Is this case  implemented in WolfSSL?
I'm crossing the fingers, waiting for a positive answer. But, if no, could you give some tips to implement this kind of functionallity by myself?

Thanks!!
Federico

Share

  • From: Bozeman, MT
  • Registered: 2010-10-20
  • Posts: 647

Re: Encode big files as PKCS7

Hi Federico,

wc_PKCS7_EncodeSignedData() cannot currently hash the input content in a loop of smaller chunks.  That function (in ./wolfcrypt/src/pkcs7.c) is currently set up to call wc_HashUpdate() on "pkcs7->content" in to hash one block of size "pkcs7->contentSz".

To modify this function to hash smaller chunks, you would need to implement a loop around wc_HashUpdate() that loops over smaller sizes before setting the "contentDigest" array offsets and calling wc_HashFinal().

Are you able to share more details about the project you are working on?

Best Regards,
Chris

https://www.wolfssl.com

chrisc's Website

Share

  • Registered: 2017-11-21
  • Posts: 10

Re: Encode big files as PKCS7

Hi Chris,

I'm working in the firmware of a new fiscal printer (for Argentina). It is including a crypto chip (vaultic 405) and I already modified wolf to delegate some rsa functions to that chip. (see https://www.wolfssl.com/forums/topic113 … hips.html)

Another requisite is to exchange some files with the authoritiy in argentina. Those files *must* be cms (pkcs7) signed but not encrypted. One of the files to send is an electronic journal of, possibly, several mb, and the hardware doesn't have so much ram.

I already fixed a bug in pkcs7 when data is extracted from cms file. (Handling the case of more than one bitstream of data - I'm not sure why I'm receiving files from argentina's authority in which the bitstreams are not larger than 1000 bytes and 2 or more consecutive bitstreams are pushed into ASN structure)

Coming back to my work, thanks for the points about hashing. Do you have any guide about how to stream out the asn?

Thanks for taking your time to answer my questions!
Federico

Share