1 /*! 2 \ingroup PKCS7 3 4 \brief This function initializes a PKCS7 structure with a DER-formatted 5 certificate. To initialize an empty PKCS7 structure, one can pass in a NULL 6 cert and 0 for certSz. 7 8 \return 0 Returned on successfully initializing the PKCS7 structure 9 \return MEMORY_E Returned if there is an error allocating memory 10 with XMALLOC 11 \return ASN_PARSE_E Returned if there is an error parsing the cert header 12 \return ASN_OBJECT_ID_E Returned if there is an error parsing the 13 encryption type from the cert 14 \return ASN_EXPECT_0_E Returned if there is a formatting error in the 15 encryption specification of the cert file 16 \return ASN_BEFORE_DATE_E Returned if the date is before the certificate 17 start date 18 \return ASN_AFTER_DATE_E Returned if the date is after the certificate 19 expiration date 20 \return ASN_BITSTR_E Returned if there is an error parsing a bit string 21 from the certificate 22 \return ECC_CURVE_OID_E Returned if there is an error parsing the ECC 23 key from the certificate 24 \return ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown 25 key object id 26 \return ASN_VERSION_E Returned if the ALLOW_V1_EXTENSIONS option is not 27 defined and the certificate is a V1 or V2 certificate 28 \return BAD_FUNC_ARG Returned if there is an error processing the 29 certificate extension 30 \return ASN_CRIT_EXT_E Returned if an unfamiliar critical extension is 31 encountered in processing the certificate 32 \return ASN_SIG_OID_E Returned if the signature encryption type is not 33 the same as the encryption type of the certificate in the provided file 34 \return ASN_SIG_CONFIRM_E Returned if confirming the certification 35 signature fails 36 \return ASN_NAME_INVALID_E Returned if the certificate’s name is not 37 permitted by the CA name constraints 38 \return ASN_NO_SIGNER_E Returned if there is no CA signer to verify 39 the certificate’s authenticity 40 41 \param pkcs7 pointer to the PKCS7 structure in which to 42 store the decoded cert 43 \param cert pointer to a buffer containing a DER formatted ASN.1 44 certificate with which to initialize the PKCS7 structure 45 \param certSz size of the certificate buffer 46 47 _Example_ 48 \code 49 PKCS7 pkcs7; 50 byte derBuff[] = { }; // initialize with DER-encoded certificate 51 if ( wc_PKCS7_InitWithCert(&pkcs7, derBuff, sizeof(derBuff)) != 0 ) { 52 // error parsing certificate into pkcs7 format 53 } 54 \endcode 55 56 \sa wc_PKCS7_Free 57 */ 58 WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz); 59 60 /*! 61 \ingroup PKCS7 62 63 \brief This function releases any memory allocated by a PKCS7 initializer. 64 65 \return none No returns. 66 67 \param pkcs7 pointer to the PKCS7 structure to free 68 69 _Example_ 70 \code 71 PKCS7 pkcs7; 72 // initialize and use PKCS7 object 73 74 wc_PKCS7_Free(pkcs7); 75 \endcode 76 77 \sa wc_PKCS7_InitWithCert 78 */ 79 WOLFSSL_API void wc_PKCS7_Free(PKCS7* pkcs7); 80 81 /*! 82 \ingroup PKCS7 83 84 \brief This function builds the PKCS7 data content type, encoding the 85 PKCS7 structure into a buffer containing a parsable PKCS7 data packet. 86 87 \return Success On successfully encoding the PKCS7 data into the buffer, 88 returns the index parsed up to in the PKCS7 structure. This index also 89 corresponds to the bytes written to the output buffer. 90 \return BUFFER_E Returned if the given buffer is not large enough to hold 91 the encoded certificate 92 93 \param pkcs7 pointer to the PKCS7 structure to encode 94 \param output pointer to the buffer in which to store the encoded 95 certificate 96 \param outputSz size available in the output buffer 97 98 _Example_ 99 \code 100 PKCS7 pkcs7; 101 int ret; 102 103 byte derBuff[] = { }; // initialize with DER-encoded certificate 104 byte pkcs7Buff[FOURK_BUF]; 105 106 wc_PKCS7_InitWithCert(&pkcs7, derBuff, sizeof(derBuff)); 107 // update message and data to encode 108 pkcs7.privateKey = key; 109 pkcs7.privateKeySz = keySz; 110 pkcs7.content = data; 111 pkcs7.contentSz = dataSz; 112 ... etc. 113 114 ret = wc_PKCS7_EncodeData(&pkcs7, pkcs7Buff, sizeof(pkcs7Buff)); 115 if ( ret != 0 ) { 116 // error encoding into output buffer 117 } 118 \endcode 119 120 \sa wc_PKCS7_InitWithCert 121 */ 122 WOLFSSL_API int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, 123 word32 outputSz); 124 125 /*! 126 \ingroup PKCS7 127 128 \brief This function builds the PKCS7 signed data content type, encoding 129 the PKCS7 structure into a buffer containing a parsable PKCS7 130 signed data packet. 131 132 \return Success On successfully encoding the PKCS7 data into the buffer, 133 returns the index parsed up to in the PKCS7 structure. This index also 134 corresponds to the bytes written to the output buffer. 135 \return BAD_FUNC_ARG Returned if the PKCS7 structure is missing one or 136 more required elements to generate a signed data packet 137 \return MEMORY_E Returned if there is an error allocating memory 138 \return PUBLIC_KEY_E Returned if there is an error parsing the public key 139 \return RSA_BUFFER_E Returned if buffer error, output too small or input 140 too large 141 \return BUFFER_E Returned if the given buffer is not large enough to hold 142 the encoded certificate 143 \return MP_INIT_E may be returned if there is an error generating 144 the signature 145 \return MP_READ_E may be returned if there is an error generating 146 the signature 147 \return MP_CMP_E may be returned if there is an error generating 148 the signature 149 \return MP_INVMOD_E may be returned if there is an error generating 150 the signature 151 \return MP_EXPTMOD_E may be returned if there is an error generating 152 the signature 153 \return MP_MOD_E may be returned if there is an error generating 154 the signature 155 \return MP_MUL_E may be returned if there is an error generating 156 the signature 157 \return MP_ADD_E may be returned if there is an error generating 158 the signature 159 \return MP_MULMOD_E may be returned if there is an error generating 160 the signature 161 \return MP_TO_E may be returned if there is an error generating 162 the signature 163 \return MP_MEM may be returned if there is an error generating the signature 164 165 \param pkcs7 pointer to the PKCS7 structure to encode 166 \param output pointer to the buffer in which to store the 167 encoded certificate 168 \param outputSz size available in the output buffer 169 170 _Example_ 171 \code 172 PKCS7 pkcs7; 173 int ret; 174 175 byte data[] = {}; // initialize with data to sign 176 byte derBuff[] = { }; // initialize with DER-encoded certificate 177 byte pkcs7Buff[FOURK_BUF]; 178 179 wc_PKCS7_InitWithCert(&pkcs7, derBuff, sizeof(derBuff)); 180 // update message and data to encode 181 pkcs7.privateKey = key; 182 pkcs7.privateKeySz = keySz; 183 pkcs7.content = data; 184 pkcs7.contentSz = dataSz; 185 pkcs7.hashOID = SHAh; 186 pkcs7.rng = &rng; 187 ... etc. 188 189 ret = wc_PKCS7_EncodeSignedData(&pkcs7, pkcs7Buff, sizeof(pkcs7Buff)); 190 if ( ret != 0 ) { 191 // error encoding into output buffer 192 } 193 194 wc_PKCS7_Free(&pkcs7); 195 \endcode 196 197 \sa wc_PKCS7_InitWithCert 198 \sa wc_PKCS7_VerifySignedData 199 */ 200 WOLFSSL_API int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, 201 byte* output, word32 outputSz); 202 203 /*! 204 \ingroup PKCS7 205 206 \brief This function builds the PKCS7 signed data content type, encoding 207 the PKCS7 structure into a header and footer buffer containing a parsable PKCS7 208 signed data packet. This does not include the content. 209 A hash must be computed and provided for the data 210 211 \return 0=Success 212 \return BAD_FUNC_ARG Returned if the PKCS7 structure is missing one or 213 more required elements to generate a signed data packet 214 \return MEMORY_E Returned if there is an error allocating memory 215 \return PUBLIC_KEY_E Returned if there is an error parsing the public key 216 \return RSA_BUFFER_E Returned if buffer error, output too small or input 217 too large 218 \return BUFFER_E Returned if the given buffer is not large enough to hold 219 the encoded certificate 220 \return MP_INIT_E may be returned if there is an error generating 221 the signature 222 \return MP_READ_E may be returned if there is an error generating 223 the signature 224 \return MP_CMP_E may be returned if there is an error generating 225 the signature 226 \return MP_INVMOD_E may be returned if there is an error generating 227 the signature 228 \return MP_EXPTMOD_E may be returned if there is an error generating 229 the signature 230 \return MP_MOD_E may be returned if there is an error generating 231 the signature 232 \return MP_MUL_E may be returned if there is an error generating 233 the signature 234 \return MP_ADD_E may be returned if there is an error generating 235 the signature 236 \return MP_MULMOD_E may be returned if there is an error generating 237 the signature 238 \return MP_TO_E may be returned if there is an error generating 239 the signature 240 \return MP_MEM may be returned if there is an error generating the signature 241 242 \param pkcs7 pointer to the PKCS7 structure to encode 243 \param hashBuf pointer to computed hash for the content data 244 \param hashSz size of the digest 245 \param outputHead pointer to the buffer in which to store the 246 encoded certificate header 247 \param outputHeadSz pointer populated with size of output header buffer 248 and returns actual size 249 \param outputFoot pointer to the buffer in which to store the 250 encoded certificate footer 251 \param outputFootSz pointer populated with size of output footer buffer 252 and returns actual size 253 254 _Example_ 255 \code 256 PKCS7 pkcs7; 257 int ret; 258 byte derBuff[] = { }; // initialize with DER-encoded certificate 259 byte data[] = {}; // initialize with data to sign 260 byte pkcs7HeadBuff[FOURK_BUF/2]; 261 byte pkcs7FootBuff[FOURK_BUF/2]; 262 word32 pkcs7HeadSz = (word32)sizeof(pkcs7HeadBuff); 263 word32 pkcs7FootSz = (word32)sizeof(pkcs7HeadBuff); 264 enum wc_HashType hashType = WC_HASH_TYPE_SHA; 265 byte hashBuf[WC_MAX_DIGEST_SIZE]; 266 word32 hashSz = wc_HashGetDigestSize(hashType); 267 268 wc_PKCS7_InitWithCert(&pkcs7, derBuff, sizeof(derBuff)); 269 // update message and data to encode 270 pkcs7.privateKey = key; 271 pkcs7.privateKeySz = keySz; 272 pkcs7.content = NULL; 273 pkcs7.contentSz = dataSz; 274 pkcs7.hashOID = SHAh; 275 pkcs7.rng = &rng; 276 ... etc. 277 278 // calculate hash for content 279 ret = wc_HashInit(&hash, hashType); 280 if (ret == 0) { 281 ret = wc_HashUpdate(&hash, hashType, data, sizeof(data)); 282 if (ret == 0) { 283 ret = wc_HashFinal(&hash, hashType, hashBuf); 284 } 285 wc_HashFree(&hash, hashType); 286 } 287 288 ret = wc_PKCS7_EncodeSignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff, 289 &pkcs7HeadSz, pkcs7FootBuff, &pkcs7FootSz); 290 if ( ret != 0 ) { 291 // error encoding into output buffer 292 } 293 294 wc_PKCS7_Free(&pkcs7); 295 \endcode 296 297 \sa wc_PKCS7_InitWithCert 298 \sa wc_PKCS7_VerifySignedData_ex 299 */ 300 WOLFSSL_API int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf, 301 word32 hashSz, byte* outputHead, word32* outputHeadSz, byte* outputFoot, 302 word32* outputFootSz); 303 304 /*! 305 \ingroup PKCS7 306 307 \brief This function takes in a transmitted PKCS7 signed data message, 308 extracts the certificate list and certificate revocation list, and then 309 verifies the signature. It stores the extracted content in the given 310 PKCS7 structure. 311 312 \return 0 Returned on successfully extracting the information 313 from the message 314 \return BAD_FUNC_ARG Returned if one of the input parameters is invalid 315 \return ASN_PARSE_E Returned if there is an error parsing from the 316 given pkiMsg 317 \return PKCS7_OID_E Returned if the given pkiMsg is not a signed data type 318 \return ASN_VERSION_E Returned if the PKCS7 signer info is not version 1 319 \return MEMORY_E Returned if there is an error allocating memory 320 \return PUBLIC_KEY_E Returned if there is an error parsing the public key 321 \return RSA_BUFFER_E Returned if buffer error, output too small or 322 input too large 323 \return BUFFER_E Returned if the given buffer is not large enough to 324 hold the encoded certificate 325 \return MP_INIT_E may be returned if there is an error generating 326 the signature 327 \return MP_READ_E may be returned if there is an error generating 328 the signature 329 \return MP_CMP_E may be returned if there is an error generating 330 the signature 331 \return MP_INVMOD_E may be returned if there is an error generating 332 the signature 333 \return MP_EXPTMOD_E may be returned if there is an error generating 334 the signature 335 \return MP_MOD_E may be returned if there is an error generating 336 the signature 337 \return MP_MUL_E may be returned if there is an error generating 338 the signature 339 \return MP_ADD_E may be returned if there is an error generating 340 the signature 341 \return MP_MULMOD_E may be returned if there is an error generating 342 the signature 343 \return MP_TO_E may be returned if there is an error generating 344 the signature 345 \return MP_MEM may be returned if there is an error generating the signature 346 347 \param pkcs7 pointer to the PKCS7 structure in which to store the parsed 348 certificates 349 \param pkiMsg pointer to the buffer containing the signed message to verify 350 and decode 351 \param pkiMsgSz size of the signed message 352 353 _Example_ 354 \code 355 PKCS7 pkcs7; 356 int ret; 357 byte pkcs7Buff[] = {}; // the PKCS7 signature 358 359 wc_PKCS7_InitWithCert(&pkcs7, NULL, 0); 360 // update message and data to encode 361 pkcs7.privateKey = key; 362 pkcs7.privateKeySz = keySz; 363 pkcs7.content = data; 364 pkcs7.contentSz = dataSz; 365 ... etc. 366 367 ret = wc_PKCS7_VerifySignedData(&pkcs7, pkcs7Buff, sizeof(pkcs7Buff)); 368 if ( ret != 0 ) { 369 // error encoding into output buffer 370 } 371 372 wc_PKCS7_Free(&pkcs7); 373 \endcode 374 375 \sa wc_PKCS7_InitWithCert 376 \sa wc_PKCS7_EncodeSignedData 377 */ 378 WOLFSSL_API int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, 379 byte* pkiMsg, word32 pkiMsgSz); 380 381 382 /*! 383 \ingroup PKCS7 384 385 \brief This function takes in a transmitted PKCS7 signed data message as 386 hash/header/footer, then extracts the certificate list and certificate 387 revocation list, and then verifies the signature. It stores the extracted 388 content in the given PKCS7 structure. 389 390 \return 0 Returned on successfully extracting the information 391 from the message 392 \return BAD_FUNC_ARG Returned if one of the input parameters is invalid 393 \return ASN_PARSE_E Returned if there is an error parsing from the 394 given pkiMsg 395 \return PKCS7_OID_E Returned if the given pkiMsg is not a signed data type 396 \return ASN_VERSION_E Returned if the PKCS7 signer info is not version 1 397 \return MEMORY_E Returned if there is an error allocating memory 398 \return PUBLIC_KEY_E Returned if there is an error parsing the public key 399 \return RSA_BUFFER_E Returned if buffer error, output too small or 400 input too large 401 \return BUFFER_E Returned if the given buffer is not large enough to 402 hold the encoded certificate 403 \return MP_INIT_E may be returned if there is an error generating 404 the signature 405 \return MP_READ_E may be returned if there is an error generating 406 the signature 407 \return MP_CMP_E may be returned if there is an error generating 408 the signature 409 \return MP_INVMOD_E may be returned if there is an error generating 410 the signature 411 \return MP_EXPTMOD_E may be returned if there is an error generating 412 the signature 413 \return MP_MOD_E may be returned if there is an error generating 414 the signature 415 \return MP_MUL_E may be returned if there is an error generating 416 the signature 417 \return MP_ADD_E may be returned if there is an error generating 418 the signature 419 \return MP_MULMOD_E may be returned if there is an error generating 420 the signature 421 \return MP_TO_E may be returned if there is an error generating 422 the signature 423 \return MP_MEM may be returned if there is an error generating the signature 424 425 \param pkcs7 pointer to the PKCS7 structure in which to store the parsed 426 certificates 427 \param hashBuf pointer to computed hash for the content data 428 \param hashSz size of the digest 429 \param pkiMsgHead pointer to the buffer containing the signed message header 430 to verify and decode 431 \param pkiMsgHeadSz size of the signed message header 432 \param pkiMsgFoot pointer to the buffer containing the signed message footer 433 to verify and decode 434 \param pkiMsgFootSz size of the signed message footer 435 436 _Example_ 437 \code 438 PKCS7 pkcs7; 439 int ret; 440 byte data[] = {}; // initialize with data to sign 441 byte pkcs7HeadBuff[] = {}; // initialize with PKCS7 header 442 byte pkcs7FootBuff[] = {}; // initialize with PKCS7 footer 443 enum wc_HashType hashType = WC_HASH_TYPE_SHA; 444 byte hashBuf[WC_MAX_DIGEST_SIZE]; 445 word32 hashSz = wc_HashGetDigestSize(hashType); 446 447 wc_PKCS7_InitWithCert(&pkcs7, NULL, 0); 448 // update message and data to encode 449 pkcs7.privateKey = key; 450 pkcs7.privateKeySz = keySz; 451 pkcs7.content = NULL; 452 pkcs7.contentSz = dataSz; 453 pkcs7.rng = &rng; 454 ... etc. 455 456 // calculate hash for content 457 ret = wc_HashInit(&hash, hashType); 458 if (ret == 0) { 459 ret = wc_HashUpdate(&hash, hashType, data, sizeof(data)); 460 if (ret == 0) { 461 ret = wc_HashFinal(&hash, hashType, hashBuf); 462 } 463 wc_HashFree(&hash, hashType); 464 } 465 466 ret = wc_PKCS7_VerifySignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff, 467 sizeof(pkcs7HeadBuff), pkcs7FootBuff, sizeof(pkcs7FootBuff)); 468 if ( ret != 0 ) { 469 // error encoding into output buffer 470 } 471 472 wc_PKCS7_Free(&pkcs7); 473 \endcode 474 475 \sa wc_PKCS7_InitWithCert 476 \sa wc_PKCS7_EncodeSignedData_ex 477 */ 478 WOLFSSL_API int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf, 479 word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot, 480 word32 pkiMsgFootSz); 481 482 /*! 483 \ingroup PKCS7 484 485 \brief This function builds the PKCS7 enveloped data content type, encoding 486 the PKCS7 structure into a buffer containing a parsable PKCS7 enveloped 487 data packet. 488 489 \return Success Returned on successfully encoding the message in enveloped 490 data format, returns the size written to the output buffer 491 \return BAD_FUNC_ARG: Returned if one of the input parameters is invalid, 492 or if the PKCS7 structure is missing required elements 493 \return ALGO_ID_E Returned if the PKCS7 structure is using an unsupported 494 algorithm type. Currently, only DESb and DES3b are supported 495 \return BUFFER_E Returned if the given output buffer is too small to store 496 the output data 497 \return MEMORY_E Returned if there is an error allocating memory 498 \return RNG_FAILURE_E Returned if there is an error initializing the random 499 number generator for encryption 500 \return DRBG_FAILED Returned if there is an error generating numbers with 501 the random number generator used for encryption 502 503 \param pkcs7 pointer to the PKCS7 structure to encode 504 \param output pointer to the buffer in which to store the encoded 505 certificate 506 \param outputSz size available in the output buffer 507 508 _Example_ 509 \code 510 PKCS7 pkcs7; 511 int ret; 512 513 byte derBuff[] = { }; // initialize with DER-encoded certificate 514 byte pkcs7Buff[FOURK_BUF]; 515 516 wc_PKCS7_InitWithCert(&pkcs7, derBuff, sizeof(derBuff)); 517 // update message and data to encode 518 pkcs7.privateKey = key; 519 pkcs7.privateKeySz = keySz; 520 pkcs7.content = data; 521 pkcs7.contentSz = dataSz; 522 ... etc. 523 524 ret = wc_PKCS7_EncodeEnvelopedData(&pkcs7, pkcs7Buff, sizeof(pkcs7Buff)); 525 if ( ret != 0 ) { 526 // error encoding into output buffer 527 } 528 \endcode 529 530 \sa wc_PKCS7_InitWithCert 531 \sa wc_PKCS7_DecodeEnvelopedData 532 */ 533 WOLFSSL_API int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, 534 byte* output, word32 outputSz); 535 536 /*! 537 \ingroup PKCS7 538 539 \brief This function unwraps and decrypts a PKCS7 enveloped data content 540 type, decoding the message into output. It uses the private key of the 541 PKCS7 object passed in to decrypt the message. 542 543 \return On successfully extracting the information from the message, 544 returns the bytes written to output 545 \return BAD_FUNC_ARG Returned if one of the input parameters is invalid 546 \return ASN_PARSE_E Returned if there is an error parsing from the 547 given pkiMsg 548 \return PKCS7_OID_E Returned if the given pkiMsg is not an enveloped 549 data type 550 \return ASN_VERSION_E Returned if the PKCS7 signer info is not version 0 551 \return MEMORY_E Returned if there is an error allocating memory 552 \return ALGO_ID_E Returned if the PKCS7 structure is using an unsupported 553 algorithm type. Currently, only DESb and DES3b are supported for 554 encryption, with RSAk for signature generation 555 \return PKCS7_RECIP_E Returned if there is no recipient found in the 556 enveloped data that matches the recipient provided 557 \return RSA_BUFFER_E Returned if there is an error during RSA signature 558 verification due to buffer error, output too small or input too large. 559 \return MP_INIT_E may be returned if there is an error during signature 560 verification 561 \return MP_READ_E may be returned if there is an error during signature 562 verification 563 \return MP_CMP_E may be returned if there is an error during signature 564 verification 565 \return MP_INVMOD_E may be returned if there is an error during signature 566 verification 567 \return MP_EXPTMOD_E may be returned if there is an error during signature 568 verification 569 \return MP_MOD_E may be returned if there is an error during signature 570 verification 571 \return MP_MUL_E may be returned if there is an error during signature 572 verification 573 \return MP_ADD_E may be returned if there is an error during signature 574 verification 575 \return MP_MULMOD_E may be returned if there is an error during signature 576 verification 577 \return MP_TO_E may be returned if there is an error during signature 578 verification 579 \return MP_MEM may be returned if there is an error during signature 580 verification 581 582 \param pkcs7 pointer to the PKCS7 structure containing the private key with 583 which to decode the enveloped data package 584 \param pkiMsg pointer to the buffer containing the enveloped data package 585 \param pkiMsgSz size of the enveloped data package 586 \param output pointer to the buffer in which to store the decoded message 587 \param outputSz size available in the output buffer 588 589 _Example_ 590 \code 591 PKCS7 pkcs7; 592 byte received[] = { }; // initialize with received enveloped message 593 byte decoded[FOURK_BUF]; 594 int decodedSz; 595 596 // initialize pkcs7 with certificate 597 // update key 598 pkcs7.privateKey = key; 599 pkcs7.privateKeySz = keySz; 600 601 decodedSz = wc_PKCS7_DecodeEnvelopedData(&pkcs7, received, 602 sizeof(received),decoded, sizeof(decoded)); 603 if ( decodedSz != 0 ) { 604 // error decoding message 605 } 606 \endcode 607 608 \sa wc_PKCS7_InitWithCert 609 \sa wc_PKCS7_EncodeEnvelopedData 610 */ 611 WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, 612 word32 pkiMsgSz, byte* output, 613 word32 outputSz); 614