VirtualBox

source: vbox/trunk/src/VBox/Runtime/common/crypto/pkcs7-core.cpp@ 67482

Last change on this file since 67482 was 64883, checked in by vboxsync, 8 years ago

IPRT/ASN.1: Refactored array handling (SET OF, SEQUENCE OF) to use a pointer array instead of an object instance array. The old approach would move objects around in memory after they'd be initialized/decoded, making certain core optimziations involving pointers to object members impossible, as well as causing potentially causing trouble when modifying structures that takes down pointers after decoding. Fixed validation bug in rtCrX509Name_CheckSanityExtra where it didn't check that the RDNs had subitems but instead checked the parent twice (slight risk).

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 7.3 KB
Line 
1/* $Id: pkcs7-core.cpp 64883 2016-12-15 15:26:20Z vboxsync $ */
2/** @file
3 * IPRT - Crypto - PKCS \#7, Core APIs.
4 */
5
6/*
7 * Copyright (C) 2006-2016 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27
28/*********************************************************************************************************************************
29* Header Files *
30*********************************************************************************************************************************/
31#include "internal/iprt.h"
32#include <iprt/crypto/pkcs7.h>
33
34#include <iprt/err.h>
35#include <iprt/string.h>
36#include <iprt/crypto/tsp.h>
37
38#include "pkcs7-internal.h"
39
40
41/*
42 * PCKS #7 SignerInfo
43 */
44
45RTDECL(PCRTASN1TIME) RTCrPkcs7SignerInfo_GetSigningTime(PCRTCRPKCS7SIGNERINFO pThis, PCRTCRPKCS7SIGNERINFO *ppSignerInfo)
46{
47 /*
48 * Check the immediate level, unless we're continuing a previous search.
49 * Note! We ASSUME a single signing time attribute, which simplifies the interface.
50 */
51 uint32_t cAttrsLeft;
52 PRTCRPKCS7ATTRIBUTE const *ppAttr;
53 if (!ppSignerInfo || *ppSignerInfo == NULL)
54 {
55 cAttrsLeft = pThis->AuthenticatedAttributes.cItems;
56 ppAttr = pThis->AuthenticatedAttributes.papItems;
57 while (cAttrsLeft-- > 0)
58 {
59 PCRTCRPKCS7ATTRIBUTE pAttr = *ppAttr;
60 if ( pAttr->enmType == RTCRPKCS7ATTRIBUTETYPE_SIGNING_TIME
61 && pAttr->uValues.pSigningTime->cItems > 0)
62 {
63 if (ppSignerInfo)
64 *ppSignerInfo = pThis;
65 return pAttr->uValues.pSigningTime->papItems[0];
66 }
67 ppAttr++;
68 }
69 }
70 else if (*ppSignerInfo == pThis)
71 *ppSignerInfo = NULL;
72
73 /*
74 * Check counter signatures.
75 */
76 cAttrsLeft = pThis->UnauthenticatedAttributes.cItems;
77 ppAttr = pThis->UnauthenticatedAttributes.papItems;
78 while (cAttrsLeft-- > 0)
79 {
80 PCRTCRPKCS7ATTRIBUTE pAttr = *ppAttr;
81 if (pAttr->enmType == RTCRPKCS7ATTRIBUTETYPE_COUNTER_SIGNATURES)
82 {
83 uint32_t cSignatures = pAttr->uValues.pCounterSignatures->cItems;
84 PRTCRPKCS7SIGNERINFO *ppSignature = pAttr->uValues.pCounterSignatures->papItems;
85
86 /* Skip past the previous counter signature. */
87 if (ppSignerInfo && *ppSignerInfo != NULL)
88 while (cSignatures > 0)
89 {
90 cSignatures--;
91 if (*ppSignature == *ppSignerInfo)
92 {
93 *ppSignerInfo = NULL;
94 ppSignature++;
95 break;
96 }
97 ppSignature++;
98 }
99
100 /* Search the counter signatures (if any remaining). */
101 while (cSignatures-- > 0)
102 {
103 PCRTCRPKCS7SIGNERINFO pSignature = *ppSignature;
104 uint32_t cCounterAttrsLeft = pSignature->AuthenticatedAttributes.cItems;
105 PRTCRPKCS7ATTRIBUTE const *ppCounterAttr = pSignature->AuthenticatedAttributes.papItems;
106 while (cCounterAttrsLeft-- > 0)
107 {
108 PCRTCRPKCS7ATTRIBUTE pCounterAttr = *ppCounterAttr;
109 if ( pCounterAttr->enmType == RTCRPKCS7ATTRIBUTETYPE_SIGNING_TIME
110 && pCounterAttr->uValues.pSigningTime->cItems > 0)
111 {
112 if (ppSignerInfo)
113 *ppSignerInfo = pSignature;
114 return pCounterAttr->uValues.pSigningTime->papItems[0];
115 }
116 ppCounterAttr++;
117 }
118 ppSignature++;
119 }
120 }
121 ppAttr++;
122 }
123
124 /*
125 * No signing timestamp found.
126 */
127 if (ppSignerInfo)
128 *ppSignerInfo = NULL;
129
130 return NULL;
131}
132
133
134RTDECL(PCRTASN1TIME) RTCrPkcs7SignerInfo_GetMsTimestamp(PCRTCRPKCS7SIGNERINFO pThis, PCRTCRPKCS7CONTENTINFO *ppContentInfoRet)
135{
136 /*
137 * Assume there is only one, so no need to enumerate anything here.
138 */
139 uint32_t cAttrsLeft = pThis->UnauthenticatedAttributes.cItems;
140 PRTCRPKCS7ATTRIBUTE const *ppAttr = pThis->UnauthenticatedAttributes.papItems;
141 while (cAttrsLeft-- > 0)
142 {
143 PCRTCRPKCS7ATTRIBUTE pAttr = *ppAttr;
144 if (pAttr->enmType == RTCRPKCS7ATTRIBUTETYPE_MS_TIMESTAMP)
145 {
146 uint32_t cLeft = pAttr->uValues.pContentInfos->cItems;
147 PRTCRPKCS7CONTENTINFO const *ppContentInfo = pAttr->uValues.pContentInfos->papItems;
148 while (cLeft-- > 0)
149 {
150 PCRTCRPKCS7CONTENTINFO pContentInfo = *ppContentInfo;
151 if (RTAsn1ObjId_CompareWithString(&pContentInfo->ContentType, RTCRPKCS7SIGNEDDATA_OID) == 0)
152 {
153 if (RTAsn1ObjId_CompareWithString(&pContentInfo->u.pSignedData->ContentInfo.ContentType,
154 RTCRTSPTSTINFO_OID) == 0)
155 {
156 if (ppContentInfoRet)
157 *ppContentInfoRet = pContentInfo;
158 return &pContentInfo->u.pSignedData->ContentInfo.u.pTstInfo->GenTime;
159 }
160 }
161
162 pContentInfo++;
163 }
164 }
165 ppAttr++;
166 }
167
168 /*
169 * No signature was found.
170 */
171 if (ppContentInfoRet)
172 *ppContentInfoRet = NULL;
173
174 return NULL;
175}
176
177
178/*
179 * PCKS #7 ContentInfo.
180 */
181
182RTDECL(bool) RTCrPkcs7ContentInfo_IsSignedData(PCRTCRPKCS7CONTENTINFO pThis)
183{
184 return RTAsn1ObjId_CompareWithString(&pThis->ContentType, RTCRPKCS7SIGNEDDATA_OID) == 0;
185}
186
187
188/*
189 * Set of some kind of certificate supported by PKCS #7 or CMS.
190 */
191
192RTDECL(PCRTCRX509CERTIFICATE)
193RTCrPkcs7SetOfCerts_FindX509ByIssuerAndSerialNumber(PCRTCRPKCS7SETOFCERTS pCertificates,
194 PCRTCRX509NAME pIssuer, PCRTASN1INTEGER pSerialNumber)
195{
196 for (uint32_t i = 0; i < pCertificates->cItems; i++)
197 {
198 PCRTCRPKCS7CERT pCert = pCertificates->papItems[i];
199 if ( pCert->enmChoice == RTCRPKCS7CERTCHOICE_X509
200 && RTCrX509Certificate_MatchIssuerAndSerialNumber(pCert->u.pX509Cert, pIssuer, pSerialNumber))
201 return pCert->u.pX509Cert;
202 }
203 return NULL;
204}
205
206
207/*
208 * Generate the standard core code.
209 */
210#include <iprt/asn1-generator-core.h>
211
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette