• Registered: 2018-08-29
  • Posts: 16

Topic: Maximum file size that can be signed PKCS7 using wolfTPM

Hi,

what is the maximum file size that can be signed using wolfssl, wolfTPM and key in TPM2.0 device (SLB96670)?

From what I found the example in "wolfTPM/examples/pkcs/pkcs.c" is using "WOLFTPM2_BUFFER" for output https://github.com/wolfSSL/wolfTPM/blob … kcs7.c#L57 which is maximum 2048 as per https://github.com/wolfSSL/wolfTPM/blob … wrap.h#L52

#ifndef WOLFTPM2_MAX_BUFFER
    #define WOLFTPM2_MAX_BUFFER 2048
#endif

typedef struct WOLFTPM2_BUFFER {
    int size;
    byte buffer[WOLFTPM2_MAX_BUFFER];
} WOLFTPM2_BUFFER;

Thanks a lot,
Paul

Share

  • Registered: 2015-10-07
  • Posts: 415

Re: Maximum file size that can be signed PKCS7 using wolfTPM

Hi ePaul,

We recently enhanced PKCS7 to support signing a large file using a computed hash and known total size. The wolfSSL pull request is here: https://github.com/wolfSSL/wolfssl/pull/1780
This works by computing the hash and providing it to the new wc_PKCS7_EncodeSignedData_ex API. It returns a header and footer that surrounds the original data.

I will post a wolfTPM example for using this shortly.

Thanks,
David Garske, wolfSSL

Share

  • Registered: 2015-10-07
  • Posts: 415

Re: Maximum file size that can be signed PKCS7 using wolfTPM

Hi ePaul,

We've pushed an example for using large data with PKCS 7 sign/verify here:
https://github.com/wolfSSL/wolfTPM/pull/32

Thanks,
David Garske, wolfSSL

Share