VirtualBox

source: vbox/trunk/src/VBox/Runtime/common/crypto/pkcs7-verify.cpp@ 52542

Last change on this file since 52542 was 52542, checked in by vboxsync, 11 years ago

fix it in the function being called instead.
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 33.8 KB
Line 
1/* $Id: pkcs7-verify.cpp 52542 2014-08-31 21:56:35Z vboxsync $ */
2/** @file
3 * IPRT - Crypto - PKCS \#7, Verification
4 */
5
6/*
7 * Copyright (C) 2006-2014 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27
28/*******************************************************************************
29* Header Files *
30*******************************************************************************/
31#include "internal/iprt.h"
32#include <iprt/crypto/pkcs7.h>
33
34#include <iprt/err.h>
35#include <iprt/string.h>
36#include <iprt/crypto/digest.h>
37#include <iprt/crypto/pkix.h>
38#include <iprt/crypto/store.h>
39#include <iprt/crypto/x509.h>
40
41#ifdef IPRT_WITH_OPENSSL
42# include "internal/iprt-openssl.h"
43# include <openssl/pkcs7.h>
44# include <openssl/x509.h>
45# include <openssl/err.h>
46#endif
47
48
49
50#ifdef IPRT_WITH_OPENSSL
51static int rtCrPkcs7VerifySignedDataUsingOpenSsl(PCRTCRPKCS7CONTENTINFO pContentInfo, uint32_t fFlags,
52 RTCRSTORE hAdditionalCerts, RTCRSTORE hTrustedCerts,
53 void const *pvContent, uint32_t cbContent, PRTERRINFO pErrInfo)
54{
55 /*
56 * Verify using OpenSSL.
57 */
58 int rcOssl;
59 unsigned char const *pbRawContent = RTASN1CORE_GET_RAW_ASN1_PTR(&pContentInfo->SeqCore.Asn1Core);
60 PKCS7 *pOsslPkcs7 = NULL;
61 if (d2i_PKCS7(&pOsslPkcs7, &pbRawContent, RTASN1CORE_GET_RAW_ASN1_SIZE(&pContentInfo->SeqCore.Asn1Core)) == pOsslPkcs7)
62 {
63 STACK_OF(X509) *pAddCerts = NULL;
64 if (hAdditionalCerts != NIL_RTCRSTORE)
65 rcOssl = RTCrStoreConvertToOpenSslCertStack(hAdditionalCerts, 0, (void **)&pAddCerts);
66 else
67 {
68 pAddCerts = sk_X509_new_null();
69 rcOssl = RT_LIKELY(pAddCerts != NULL) ? VINF_SUCCESS : VERR_NO_MEMORY;
70 }
71 if (RT_SUCCESS(rcOssl))
72 {
73 for (uint32_t i = 0; i < pContentInfo->u.pSignedData->Certificates.cItems; i++)
74 rtCrOpenSslAddX509CertToStack(pAddCerts, &pContentInfo->u.pSignedData->Certificates.paItems[i]);
75
76
77 X509_STORE *pTrustedCerts = NULL;
78 if (hTrustedCerts != NIL_RTCRSTORE)
79 rcOssl = RTCrStoreConvertToOpenSslCertStore(hTrustedCerts, 0, (void **)&pTrustedCerts);
80 if (RT_SUCCESS(rcOssl))
81 {
82 rtCrOpenSslInit();
83
84 BIO *pBioContent = BIO_new_mem_buf((void *)pvContent, cbContent);
85 if (pBioContent)
86 {
87 uint32_t fOsslFlags = PKCS7_NOCHAIN;
88 fOsslFlags |= PKCS7_NOVERIFY; // temporary hack.
89 if (PKCS7_verify(pOsslPkcs7, pAddCerts, pTrustedCerts, pBioContent, NULL /*out*/, fOsslFlags))
90 rcOssl = VINF_SUCCESS;
91 else
92 {
93 rcOssl = RTErrInfoSet(pErrInfo, VERR_CR_PKCS7_OSSL_VERIFY_FAILED, "PKCS7_verify failed: ");
94 if (pErrInfo)
95 ERR_print_errors_cb(rtCrOpenSslErrInfoCallback, pErrInfo);
96 }
97 BIO_free(pBioContent);
98 }
99 if (pTrustedCerts)
100 X509_STORE_free(pTrustedCerts);
101 }
102 else
103 rcOssl = RTErrInfoSet(pErrInfo, rcOssl, "RTCrStoreConvertToOpenSslCertStack failed");
104 if (pAddCerts)
105 sk_X509_pop_free(pAddCerts, X509_free);
106 }
107 else
108 rcOssl = RTErrInfoSet(pErrInfo, rcOssl, "RTCrStoreConvertToOpenSslCertStack failed");
109 PKCS7_free(pOsslPkcs7);
110 }
111 else
112 rcOssl = RTErrInfoSet(pErrInfo, VERR_CR_PKCS7_OSSL_D2I_FAILED, "d2i_PKCS7 failed");
113
114 return rcOssl;
115}
116#endif /* IPRT_WITH_OPENSSL */
117
118
119
120static int rtCrPkcs7VerifyCertUsageTimstamping(PCRTCRX509CERTIFICATE pCert, PRTERRINFO pErrInfo)
121{
122 if (!(pCert->TbsCertificate.T3.fFlags & RTCRX509TBSCERTIFICATE_F_PRESENT_EXT_KEY_USAGE))
123 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_KEY_USAGE_MISMATCH, "No extended key usage certificate attribute.");
124 if (!(pCert->TbsCertificate.T3.fExtKeyUsage & (RTCRX509CERT_EKU_F_TIMESTAMPING | RTCRX509CERT_EKU_F_MS_TIMESTAMP_SIGNING)))
125 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_KEY_USAGE_MISMATCH, "fExtKeyUsage=%#x, missing %#x (time stamping)",
126 pCert->TbsCertificate.T3.fExtKeyUsage,
127 RTCRX509CERT_EKU_F_TIMESTAMPING | RTCRX509CERT_EKU_F_MS_TIMESTAMP_SIGNING);
128 return VINF_SUCCESS;
129}
130
131
132static int rtCrPkcs7VerifyCertUsageDigitalSignature(PCRTCRX509CERTIFICATE pCert, PRTERRINFO pErrInfo)
133{
134 if ( (pCert->TbsCertificate.T3.fFlags & RTCRX509TBSCERTIFICATE_F_PRESENT_KEY_USAGE)
135 && !(pCert->TbsCertificate.T3.fKeyUsage & RTCRX509CERT_KEY_USAGE_F_DIGITAL_SIGNATURE))
136 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_KEY_USAGE_MISMATCH, "fKeyUsage=%#x, missing %#x",
137 pCert->TbsCertificate.T3.fKeyUsage, RTCRX509CERT_KEY_USAGE_F_DIGITAL_SIGNATURE);
138 return VINF_SUCCESS;
139}
140
141
142/**
143 * @callback_method_impl{RTCRPKCS7VERIFYCERTCALLBACK,
144 * Default implementation that checks for the DigitalSignature KeyUsage bit.}
145 */
146RTDECL(int) RTCrPkcs7VerifyCertCallbackDefault(PCRTCRX509CERTIFICATE pCert, RTCRX509CERTPATHS hCertPaths, uint32_t fFlags,
147 void *pvUser, PRTERRINFO pErrInfo)
148{
149 int rc = VINF_SUCCESS;
150
151 if (fFlags & RTCRPKCS7VCC_F_SIGNED_DATA)
152 rc = rtCrPkcs7VerifyCertUsageDigitalSignature(pCert, pErrInfo);
153
154 if ( (fFlags & RTCRPKCS7VCC_F_TIMESTAMP)
155 && RT_SUCCESS(rc))
156 rc = rtCrPkcs7VerifyCertUsageTimstamping(pCert, pErrInfo);
157
158 return rc;
159}
160
161
162/**
163 * @callback_method_impl{RTCRPKCS7VERIFYCERTCALLBACK,
164 * Standard code signing. Use this for Microsoft SPC.}
165 */
166RTDECL(int) RTCrPkcs7VerifyCertCallbackCodeSigning(PCRTCRX509CERTIFICATE pCert, RTCRX509CERTPATHS hCertPaths, uint32_t fFlags,
167 void *pvUser, PRTERRINFO pErrInfo)
168{
169 int rc = VINF_SUCCESS;
170 if (fFlags & RTCRPKCS7VCC_F_SIGNED_DATA)
171 {
172 /*
173 * If KeyUsage is present it must include digital signature.
174 */
175 rc = rtCrPkcs7VerifyCertUsageDigitalSignature(pCert, pErrInfo);
176 if (RT_SUCCESS(rc))
177 {
178 /*
179 * The extended usage 'code signing' must be present.
180 */
181 if (!(pCert->TbsCertificate.T3.fFlags & RTCRX509TBSCERTIFICATE_F_PRESENT_EXT_KEY_USAGE))
182 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_KEY_USAGE_MISMATCH, "No extended key usage certificate attribute.");
183 if (!(pCert->TbsCertificate.T3.fExtKeyUsage & RTCRX509CERT_EKU_F_CODE_SIGNING))
184 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_KEY_USAGE_MISMATCH, "fExtKeyUsage=%#x, missing %#x",
185 pCert->TbsCertificate.T3.fExtKeyUsage, RTCRX509CERT_EKU_F_CODE_SIGNING);
186 }
187 }
188
189 /*
190 * Timestamping too?
191 */
192 if ( (fFlags & RTCRPKCS7VCC_F_TIMESTAMP)
193 && RT_SUCCESS(rc))
194 rc = rtCrPkcs7VerifyCertUsageTimstamping(pCert, pErrInfo);
195
196 return rc;
197}
198
199
200/**
201 * Deals with authenticated attributes.
202 *
203 * When authenticated attributes are present (checked by caller) we must:
204 * - fish out the content type and check it against the content inof,
205 * - fish out the message digest among and check it against *phDigest,
206 * - compute the message digest of the authenticated attributes and
207 * replace *phDigest with this for the signature verification.
208 *
209 * @returns IPRT status code.
210 * @param pSignerInfo The signer info being verified.
211 * @param pSignedData The signed data.
212 * @param phDigest On input this is the digest of the content. On
213 * output it will (on success) be a reference to
214 * the message digest of the authenticated
215 * attributes. The input reference is consumed.
216 * The caller shall release the output reference.
217 * @param fFlags Flags.
218 * @param pErrInfo Extended error info, optional.
219 */
220static int rtCrPkcs7VerifySignerInfoAuthAttribs(PCRTCRPKCS7SIGNERINFO pSignerInfo, PCRTCRPKCS7SIGNEDDATA pSignedData,
221 PRTCRDIGEST phDigest, uint32_t fFlags, PRTERRINFO pErrInfo)
222{
223 /*
224 * Scan the attributes and validate the two required attributes
225 * (RFC-2315, chapter 9.2, fourth bullet). Checking that we've got exactly
226 * one of each of them is checked by the santiy checker function, so we'll
227 * just assert that it did it's job here.
228 */
229 uint32_t cContentTypes = 0;
230 uint32_t cMessageDigests = 0;
231 uint32_t i = pSignerInfo->AuthenticatedAttributes.cItems;
232 while (i-- > 0)
233 {
234 PCRTCRPKCS7ATTRIBUTE pAttrib = &pSignerInfo->AuthenticatedAttributes.paItems[i];
235
236 if (RTAsn1ObjId_CompareWithString(&pAttrib->Type, RTCR_PKCS9_ID_CONTENT_TYPE_OID) == 0)
237 {
238 AssertReturn(!cContentTypes, VERR_CR_PKCS7_INTERNAL_ERROR);
239 AssertReturn(pAttrib->enmType == RTCRPKCS7ATTRIBUTETYPE_OBJ_IDS, VERR_CR_PKCS7_INTERNAL_ERROR);
240 AssertReturn(pAttrib->uValues.pObjIds->cItems == 1, VERR_CR_PKCS7_INTERNAL_ERROR);
241
242 if ( !(fFlags & RTCRPKCS7VERIFY_SD_F_COUNTER_SIGNATURE) /* See note about microsoft below. */
243 && RTAsn1ObjId_Compare(&pAttrib->uValues.pObjIds->paItems[0], &pSignedData->ContentInfo.ContentType) != 0)
244 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_CONTENT_TYPE_ATTRIB_MISMATCH,
245 "Expected content-type %s, found %s",
246 &pAttrib->uValues.pObjIds->paItems[0], pSignedData->ContentInfo.ContentType.szObjId);
247 cContentTypes++;
248 }
249 else if (RTAsn1ObjId_CompareWithString(&pAttrib->Type, RTCR_PKCS9_ID_MESSAGE_DIGEST_OID) == 0)
250 {
251 AssertReturn(!cMessageDigests, VERR_CR_PKCS7_INTERNAL_ERROR);
252 AssertReturn(pAttrib->enmType == RTCRPKCS7ATTRIBUTETYPE_OCTET_STRINGS, VERR_CR_PKCS7_INTERNAL_ERROR);
253 AssertReturn(pAttrib->uValues.pOctetStrings->cItems == 1, VERR_CR_PKCS7_INTERNAL_ERROR);
254
255 if (!RTCrDigestMatch(*phDigest,
256 pAttrib->uValues.pOctetStrings->paItems[0].Asn1Core.uData.pv,
257 pAttrib->uValues.pOctetStrings->paItems[0].Asn1Core.cb))
258 {
259 size_t cbHash = RTCrDigestGetHashSize(*phDigest);
260 if (cbHash != pAttrib->uValues.pOctetStrings->paItems[0].Asn1Core.cb)
261 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_MESSAGE_DIGEST_ATTRIB_MISMATCH,
262 "Authenticated message-digest attribute mismatch: cbHash=%#zx cbValue=%#x",
263 cbHash, pAttrib->uValues.pOctetStrings->paItems[0].Asn1Core.cb);
264 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_MESSAGE_DIGEST_ATTRIB_MISMATCH,
265 "Authenticated message-digest attribute mismatch (cbHash=%#zx):\n"
266 "signed: %.*Rhxs\n"
267 "our: %.*Rhxs\n",
268 cbHash,
269 cbHash, pAttrib->uValues.pOctetStrings->paItems[0].Asn1Core.uData.pv,
270 cbHash, RTCrDigestGetHash(*phDigest));
271 }
272 cMessageDigests++;
273 }
274 }
275
276 /*
277 * Full error reporting here as we don't currently extensively santiy check
278 * counter signatures.
279 * Note! Microsoft includes content info in their timestamp counter signatures,
280 * at least for vista, despite the RFC-3852 stating counter signatures
281 * "MUST NOT contain a content-type".
282 */
283 if (RT_UNLIKELY( cContentTypes != 1
284 && !(fFlags & RTCRPKCS7VERIFY_SD_F_COUNTER_SIGNATURE)))
285 return RTErrInfoSet(pErrInfo, VERR_CR_PKCS7_MISSING_CONTENT_TYPE_ATTRIB,
286 "Missing authenticated content-type attribute.");
287 if (RT_UNLIKELY(cMessageDigests != 1))
288 return RTErrInfoSet(pErrInfo, VERR_CR_PKCS7_MISSING_MESSAGE_DIGEST_ATTRIB,
289 "Missing authenticated message-digest attribute.");
290
291 /*
292 * Calculate the digest of the the authenticated attributes for use in the
293 * signature validation.
294 */
295 if ( pSignerInfo->DigestAlgorithm.Parameters.enmType != RTASN1TYPE_NULL
296 && pSignerInfo->DigestAlgorithm.Parameters.enmType != RTASN1TYPE_NOT_PRESENT)
297 return RTErrInfoSet(pErrInfo, VERR_CR_PKCS7_DIGEST_PARAMS_NOT_IMPL, "Digest algorithm has unsupported parameters");
298
299 RTCRDIGEST hDigest;
300 int rc = RTCrDigestCreateByObjId(&hDigest, &pSignerInfo->DigestAlgorithm.Algorithm);
301 if (RT_SUCCESS(rc))
302 {
303 RTCrDigestRelease(*phDigest);
304 *phDigest = hDigest;
305
306 /* ASSUMES that the attributes are encoded according to DER. */
307 uint8_t const *pbData = (uint8_t const *)RTASN1CORE_GET_RAW_ASN1_PTR(&pSignerInfo->AuthenticatedAttributes.SetCore.Asn1Core);
308 uint32_t cbData = RTASN1CORE_GET_RAW_ASN1_SIZE(&pSignerInfo->AuthenticatedAttributes.SetCore.Asn1Core);
309 uint8_t bSetOfTag = ASN1_TAG_SET | ASN1_TAGCLASS_UNIVERSAL | ASN1_TAGFLAG_CONSTRUCTED;
310 rc = RTCrDigestUpdate(hDigest, &bSetOfTag, sizeof(bSetOfTag)); /* Replace the implict tag with a SET-OF tag. */
311 if (RT_SUCCESS(rc))
312 rc = RTCrDigestUpdate(hDigest, pbData + sizeof(bSetOfTag), cbData - sizeof(bSetOfTag)); /* Skip the implicit tag. */
313 if (RT_SUCCESS(rc))
314 rc = RTCrDigestFinal(hDigest, NULL, 0);
315 }
316 return rc;
317}
318
319
320/**
321 * Find the handle to the digest given by the specified SignerInfo.
322 *
323 * @returns IPRT status code
324 * @param phDigest Where to return a referenced digest handle on
325 * success.
326 * @param pSignedData The signed data structure.
327 * @param pSignerInfo The signer info.
328 * @param pahDigests Array of content digests that runs parallel to
329 * pSignedData->DigestAlgorithms.
330 * @param pErrInfo Where to store additional error details,
331 * optional.
332 */
333static int rtCrPkcs7VerifyFindDigest(PRTCRDIGEST phDigest, PCRTCRPKCS7SIGNEDDATA pSignedData,
334 PCRTCRPKCS7SIGNERINFO pSignerInfo, PRTCRDIGEST pahDigests, PRTERRINFO pErrInfo)
335{
336 uint32_t iDigest = pSignedData->DigestAlgorithms.cItems;
337 while (iDigest-- > 0)
338 if (RTCrX509AlgorithmIdentifier_Compare(&pSignedData->DigestAlgorithms.paItems[iDigest],
339 &pSignerInfo->DigestAlgorithm) == 0)
340 {
341 RTCRDIGEST hDigest = pahDigests[iDigest];
342 uint32_t cRefs = RTCrDigestRetain(hDigest);
343 AssertReturn(cRefs != UINT32_MAX, VERR_CR_PKCS7_INTERNAL_ERROR);
344 *phDigest = hDigest;
345 return VINF_SUCCESS;
346 }
347 *phDigest = NIL_RTCRDIGEST; /* Make gcc happy. */
348 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_DIGEST_ALGO_NOT_FOUND_IN_LIST,
349 "SignerInfo.DigestAlgorithm %s not found.",
350 pSignerInfo->DigestAlgorithm.Algorithm.szObjId);
351}
352
353
354/**
355 * Verifies one signature on a PKCS \#7 SignedData.
356 *
357 * @returns IPRT status code.
358 * @param pSignerInfo The signature.
359 * @param pSignedData The SignedData.
360 * @param hDigests The digest corresponding to
361 * pSignerInfo->DigestAlgorithm.
362 * @param fFlags Verficiation flags.
363 * @param hAdditionalCerts Store containing optional certificates,
364 * optional.
365 * @param hTrustedCerts Store containing trusted certificates, required.
366 * @param pValidationTime The time we're supposed to validate the
367 * certificates chains at.
368 * @param pfnVerifyCert Signing certificate verification callback.
369 * @param fVccFlags Signing certificate verification callback flags.
370 * @param pvUser Callback parameter.
371 * @param pErrInfo Where to store additional error details,
372 * optional.
373 */
374static int rtCrPkcs7VerifySignerInfo(PCRTCRPKCS7SIGNERINFO pSignerInfo, PCRTCRPKCS7SIGNEDDATA pSignedData,
375 RTCRDIGEST hDigest, uint32_t fFlags, RTCRSTORE hAdditionalCerts, RTCRSTORE hTrustedCerts,
376 PCRTTIMESPEC pValidationTime, PFNRTCRPKCS7VERIFYCERTCALLBACK pfnVerifyCert,
377 uint32_t fVccFlags, void *pvUser, PRTERRINFO pErrInfo)
378{
379 /*
380 * Locate the certificate used for signing.
381 */
382 PCRTCRCERTCTX pSignerCertCtx = NULL;
383 PCRTCRX509CERTIFICATE pSignerCert = NULL;
384 RTCRSTORE hSignerCertSrc = hTrustedCerts;
385 if (hSignerCertSrc != NIL_RTCRSTORE)
386 pSignerCertCtx = RTCrStoreCertByIssuerAndSerialNo(hSignerCertSrc, &pSignerInfo->IssuerAndSerialNumber.Name,
387 &pSignerInfo->IssuerAndSerialNumber.SerialNumber);
388 if (!pSignerCertCtx)
389 {
390 hSignerCertSrc = hAdditionalCerts;
391 if (hSignerCertSrc != NIL_RTCRSTORE)
392 pSignerCertCtx = RTCrStoreCertByIssuerAndSerialNo(hSignerCertSrc, &pSignerInfo->IssuerAndSerialNumber.Name,
393 &pSignerInfo->IssuerAndSerialNumber.SerialNumber);
394 }
395 if (pSignerCertCtx)
396 pSignerCert = pSignerCertCtx->pCert;
397 else
398 {
399 hSignerCertSrc = NULL;
400 pSignerCert = RTCrX509Certificates_FindByIssuerAndSerialNumber(&pSignedData->Certificates,
401 &pSignerInfo->IssuerAndSerialNumber.Name,
402 &pSignerInfo->IssuerAndSerialNumber.SerialNumber);
403 if (!pSignerCert)
404 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_SIGNED_DATA_CERT_NOT_FOUND,
405 "Certificate not found: serial=%.*Rhxs",
406 pSignerInfo->IssuerAndSerialNumber.SerialNumber.Asn1Core.cb,
407 pSignerInfo->IssuerAndSerialNumber.SerialNumber.Asn1Core.uData.pv);
408 }
409
410 /*
411 * If not a trusted certificate, we'll have to build certificate paths
412 * and verify them. If no valid paths are found, this step will fail.
413 */
414 int rc = VINF_SUCCESS;
415 if ( hSignerCertSrc == NIL_RTCRSTORE
416 || hSignerCertSrc != hTrustedCerts)
417 {
418 RTCRX509CERTPATHS hCertPaths;
419 rc = RTCrX509CertPathsCreate(&hCertPaths, pSignerCert);
420 if (RT_SUCCESS(rc))
421 {
422 rc = RTCrX509CertPathsSetValidTimeSpec(hCertPaths, pValidationTime);
423 if (hTrustedCerts != NIL_RTCRSTORE && RT_SUCCESS(rc))
424 rc = RTCrX509CertPathsSetTrustedStore(hCertPaths, hTrustedCerts);
425 if (hAdditionalCerts != NIL_RTCRSTORE && RT_SUCCESS(rc))
426 rc = RTCrX509CertPathsSetUntrustedStore(hCertPaths, hAdditionalCerts);
427 if (pSignedData->Certificates.cItems > 0 && RT_SUCCESS(rc))
428 rc = RTCrX509CertPathsSetUntrustedArray(hCertPaths,
429 pSignedData->Certificates.paItems,
430 pSignedData->Certificates.cItems);
431 if (RT_SUCCESS(rc))
432 {
433 rc = RTCrX509CertPathsBuild(hCertPaths, pErrInfo);
434 if (RT_SUCCESS(rc))
435 rc = RTCrX509CertPathsValidateAll(hCertPaths, NULL, pErrInfo);
436
437 /*
438 * Check that the certificate purpose and whatnot matches what
439 * is being signed.
440 */
441 if (RT_SUCCESS(rc))
442 rc = pfnVerifyCert(pSignerCert, hCertPaths, fVccFlags, pvUser, pErrInfo);
443 }
444 else
445 RTErrInfoSetF(pErrInfo, rc, "Error configuring path builder: %Rrc", rc);
446 RTCrX509CertPathsRelease(hCertPaths);
447 }
448 }
449 /*
450 * Check that the certificate purpose matches what is signed.
451 */
452 else
453 rc = pfnVerifyCert(pSignerCert, NIL_RTCRX509CERTPATHS, fVccFlags, pvUser, pErrInfo);
454
455 /*
456 * Reference the digest so we can safely replace with one on the
457 * authenticated attributes below.
458 */
459 if ( RT_SUCCESS(rc)
460 && RTCrDigestRetain(hDigest) != UINT32_MAX)
461 {
462 /*
463 * If there are authenticated attributes, we've got more work before we
464 * can verify the signature.
465 */
466 if ( RT_SUCCESS(rc)
467 && RTCrPkcs7Attributes_IsPresent(&pSignerInfo->AuthenticatedAttributes))
468 rc = rtCrPkcs7VerifySignerInfoAuthAttribs(pSignerInfo, pSignedData, &hDigest, fFlags, pErrInfo);
469
470 /*
471 * Verify the signature.
472 */
473 if (RT_SUCCESS(rc))
474 {
475 RTCRPKIXSIGNATURE hSignature;
476 rc = RTCrPkixSignatureCreateByObjId(&hSignature,
477 &pSignerCert->TbsCertificate.SubjectPublicKeyInfo.Algorithm.Algorithm,
478 false /*fSigning*/,
479 &pSignerCert->TbsCertificate.SubjectPublicKeyInfo.SubjectPublicKey,
480 &pSignerInfo->DigestEncryptionAlgorithm.Parameters);
481 if (RT_SUCCESS(rc))
482 {
483 /** @todo Check that DigestEncryptionAlgorithm is compatible with hSignature
484 * (this is not vital). */
485 rc = RTCrPkixSignatureVerifyOctetString(hSignature, hDigest, &pSignerInfo->EncryptedDigest);
486 if (RT_FAILURE(rc))
487 rc = RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_SIGNATURE_VERIFICATION_FAILED,
488 "Signature verficiation failed: %Rrc", rc);
489 RTCrPkixSignatureRelease(hSignature);
490 }
491 else
492 rc = RTErrInfoSetF(pErrInfo, rc, "Failure to instantiate public key algorithm [IPRT]: %s (%s)",
493 pSignerCert->TbsCertificate.SubjectPublicKeyInfo.Algorithm.Algorithm.szObjId,
494 pSignerInfo->DigestEncryptionAlgorithm.Algorithm.szObjId);
495 }
496
497 RTCrDigestRelease(hDigest);
498 }
499 else if (RT_SUCCESS(rc))
500 rc = VERR_CR_PKCS7_INTERNAL_ERROR;
501 RTCrCertCtxRelease(pSignerCertCtx);
502 return rc;
503}
504
505
506/**
507 * Verifies a counter signature.
508 *
509 * @returns IPRT status code.
510 * @param pCounterSignerInfo The counter signature.
511 * @param pPrimarySignerInfo The primary signature (can be a counter
512 * signature too if nested).
513 * @param pSignedData The SignedData.
514 * @param fFlags Verficiation flags.
515 * @param hAdditionalCerts Store containing optional certificates,
516 * optional.
517 * @param hTrustedCerts Store containing trusted certificates, required.
518 * @param pValidationTime The time we're supposed to validate the
519 * certificates chains at.
520 * @param pfnVerifyCert Signing certificate verification callback.
521 * @param fVccFlags Signing certificate verification callback flags.
522 * @param pvUser Callback parameter.
523 * @param pErrInfo Where to store additional error details,
524 * optional.
525 */
526static int rtCrPkcs7VerifyCounterSignerInfo(PCRTCRPKCS7SIGNERINFO pCounterSignerInfo, PCRTCRPKCS7SIGNERINFO pPrimarySignerInfo,
527 PCRTCRPKCS7SIGNEDDATA pSignedData, uint32_t fFlags,
528 RTCRSTORE hAdditionalCerts, RTCRSTORE hTrustedCerts, PCRTTIMESPEC pValidationTime,
529 PFNRTCRPKCS7VERIFYCERTCALLBACK pfnVerifyCert, uint32_t fVccFlags,
530 void *pvUser, PRTERRINFO pErrInfo)
531{
532 /*
533 * Calculate the digest we need to verify.
534 */
535 RTCRDIGEST hDigest;
536 int rc = RTCrDigestCreateByObjId(&hDigest, &pCounterSignerInfo->DigestAlgorithm.Algorithm);
537 if (RT_SUCCESS(rc))
538 {
539 rc = RTCrDigestUpdate(hDigest,
540 pPrimarySignerInfo->EncryptedDigest.Asn1Core.uData.pv,
541 pPrimarySignerInfo->EncryptedDigest.Asn1Core.cb);
542 if (RT_SUCCESS(rc))
543 rc = RTCrDigestFinal(hDigest, NULL, 0);
544 if (RT_SUCCESS(rc))
545 {
546 /*
547 * Pass it on to the common SignerInfo verifier function.
548 */
549 rc = rtCrPkcs7VerifySignerInfo(pCounterSignerInfo, pSignedData, hDigest,
550 fFlags | RTCRPKCS7VERIFY_SD_F_COUNTER_SIGNATURE,
551 hAdditionalCerts, hTrustedCerts, pValidationTime,
552 pfnVerifyCert, fVccFlags, pvUser, pErrInfo);
553
554 }
555 else
556 rc = RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_DIGEST_CALC_ERROR,
557 "Hashing for counter signature failed unexpectedly: %Rrc", rc);
558 RTCrDigestRelease(hDigest);
559 }
560 else
561 rc = RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_DIGEST_CREATE_ERROR, "Error creating digest for '%s': %Rrc",
562 pCounterSignerInfo->DigestAlgorithm.Algorithm.szObjId, rc);
563
564 return rc;
565}
566
567
568RTDECL(int) RTCrPkcs7VerifySignedData(PCRTCRPKCS7CONTENTINFO pContentInfo, uint32_t fFlags,
569 RTCRSTORE hAdditionalCerts, RTCRSTORE hTrustedCerts,
570 PCRTTIMESPEC pValidationTime, PFNRTCRPKCS7VERIFYCERTCALLBACK pfnVerifyCert, void *pvUser,
571 PRTERRINFO pErrInfo)
572{
573 /*
574 * Check the input.
575 */
576 if (pfnVerifyCert)
577 AssertPtrReturn(pfnVerifyCert, VERR_INVALID_POINTER);
578 else
579 pfnVerifyCert = RTCrPkcs7VerifyCertCallbackDefault;
580
581 if (!RTCrPkcs7ContentInfo_IsSignedData(pContentInfo))
582 return RTErrInfoSet(pErrInfo, VERR_CR_PKCS7_NOT_SIGNED_DATA, "Not PKCS #7 SignedData.");
583 PCRTCRPKCS7SIGNEDDATA pSignedData = pContentInfo->u.pSignedData;
584 int rc = RTCrPkcs7SignedData_CheckSanity(pSignedData, 0, pErrInfo, "");
585 if (RT_FAILURE(rc))
586 return rc;
587
588 AssertReturn(!(fFlags & RTCRPKCS7VERIFY_SD_F_COUNTER_SIGNATURE), VERR_INVALID_FLAGS);
589
590 /*
591 * Hash the content info.
592 */
593 /* Exactly what the content is, for some stupid reason unnecessarily
594 complicated. Figure it out here as we'll need it for the OpenSSL code
595 path as well. */
596 void const *pvContent = pSignedData->ContentInfo.Content.Asn1Core.uData.pv;
597 uint32_t cbContent = pSignedData->ContentInfo.Content.Asn1Core.cb;
598 if (pSignedData->ContentInfo.Content.pEncapsulated)
599 {
600 pvContent = pSignedData->ContentInfo.Content.pEncapsulated->uData.pv;
601 cbContent = pSignedData->ContentInfo.Content.pEncapsulated->cb;
602 }
603
604 /* Check that there aren't too many or too few hash algorithms for our
605 implementation and purposes. */
606 RTCRDIGEST ahDigests[2];
607 uint32_t const cDigests = pSignedData->DigestAlgorithms.cItems;
608 if (!cDigests) /** @todo we might have to support this... */
609 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_NO_DIGEST_ALGORITHMS, "No digest algorithms");
610
611 if (cDigests > RT_ELEMENTS(ahDigests))
612 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_TOO_MANY_DIGEST_ALGORITHMS,
613 "Too many digest algorithm: cAlgorithms=%u", cDigests);
614
615 /* Create the message digest calculators. */
616 rc = VERR_CR_PKCS7_NO_DIGEST_ALGORITHMS;
617 uint32_t i;
618 for (i = 0; i < cDigests; i++)
619 {
620 rc = RTCrDigestCreateByObjId(&ahDigests[i], &pSignedData->DigestAlgorithms.paItems[i].Algorithm);
621 if (RT_FAILURE(rc))
622 {
623 rc = RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_DIGEST_CREATE_ERROR, "Error creating digest for '%s': %Rrc",
624 pSignedData->DigestAlgorithms.paItems[i].Algorithm.szObjId, rc);
625 break;
626 }
627 }
628 if (RT_SUCCESS(rc))
629 {
630 /* Hash the content. */
631 for (i = 0; i < cDigests && RT_SUCCESS(rc); i++)
632 {
633 rc = RTCrDigestUpdate(ahDigests[i], pvContent, cbContent);
634 if (RT_SUCCESS(rc))
635 rc = RTCrDigestFinal(ahDigests[i], NULL, 0);
636 }
637 if (RT_SUCCESS(rc))
638 {
639 /*
640 * Validate the signed infos.
641 */
642 rc = VERR_CR_PKCS7_NO_SIGNER_INFOS;
643 for (i = 0; i < pSignedData->SignerInfos.cItems; i++)
644 {
645 PCRTCRPKCS7SIGNERINFO pSignerInfo = &pSignedData->SignerInfos.paItems[i];
646 RTCRDIGEST hThisDigest;
647 rc = rtCrPkcs7VerifyFindDigest(&hThisDigest, pSignedData, pSignerInfo, ahDigests, pErrInfo);
648 if (RT_FAILURE(rc))
649 break;
650
651 /*
652 * See if we can find a trusted signing time.
653 */
654 bool fDone = false;
655 PCRTCRPKCS7SIGNERINFO pSigningTimeSigner = NULL;
656 PCRTASN1TIME pSignedTime;
657 while ( !fDone
658 && (pSignedTime = RTCrPkcs7SignerInfo_GetSigningTime(pSignerInfo, &pSigningTimeSigner)) != NULL)
659 {
660 RTTIMESPEC ThisValidationTime;
661 if (RT_LIKELY(RTTimeImplode(&ThisValidationTime, &pSignedTime->Time)))
662 {
663 if (pSigningTimeSigner == pSignerInfo)
664 {
665 if (fFlags & RTCRPKCS7VERIFY_SD_F_COUNTER_SIGNATURE_SIGNING_TIME_ONLY)
666 continue;
667 rc = rtCrPkcs7VerifySignerInfo(pSignerInfo, pSignedData, hThisDigest, fFlags,
668 hAdditionalCerts, hTrustedCerts, &ThisValidationTime,
669 pfnVerifyCert, RTCRPKCS7VCC_F_SIGNED_DATA | RTCRPKCS7VCC_F_TIMESTAMP,
670 pvUser, pErrInfo);
671 }
672 else
673 {
674 rc = VINF_SUCCESS;
675 if (!(fFlags & RTCRPKCS7VERIFY_SD_F_USE_SIGNING_TIME_UNVERIFIED))
676 rc = rtCrPkcs7VerifyCounterSignerInfo(pSigningTimeSigner, pSignerInfo, pSignedData, fFlags,
677 hAdditionalCerts, hTrustedCerts, &ThisValidationTime,
678 pfnVerifyCert, RTCRPKCS7VCC_F_TIMESTAMP, pvUser, pErrInfo);
679 if (RT_SUCCESS(rc))
680 rc = rtCrPkcs7VerifySignerInfo(pSignerInfo, pSignedData, hThisDigest, fFlags, hAdditionalCerts,
681 hTrustedCerts, &ThisValidationTime,
682 pfnVerifyCert, RTCRPKCS7VCC_F_SIGNED_DATA, pvUser, pErrInfo);
683 }
684 fDone = RT_SUCCESS(rc)
685 || (fFlags & RTCRPKCS7VERIFY_SD_F_ALWAYS_USE_SIGNING_TIME_IF_PRESENT);
686 }
687 else
688 {
689 rc = RTErrInfoSet(pErrInfo, VERR_INTERNAL_ERROR_3, "RTTimeImplode failed");
690 fDone = true;
691 }
692 }
693
694 /*
695 * No valid signing time found, use the one specified instead.
696 */
697 if (!fDone)
698 rc = rtCrPkcs7VerifySignerInfo(pSignerInfo, pSignedData, hThisDigest, fFlags, hAdditionalCerts, hTrustedCerts,
699 pValidationTime, pfnVerifyCert, RTCRPKCS7VCC_F_SIGNED_DATA, pvUser, pErrInfo);
700 RTCrDigestRelease(hThisDigest);
701 if (RT_FAILURE(rc))
702 break;
703 }
704 }
705 else
706 rc = RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_DIGEST_CALC_ERROR,
707 "Hashing content failed unexpectedly (i=%u): %Rrc", i, rc);
708
709 /* Clean up digests. */
710 i = cDigests;
711 }
712 while (i-- > 0)
713 {
714 int rc2 = RTCrDigestRelease(ahDigests[i]);
715 AssertRC(rc2);
716 }
717
718
719#ifdef IPRT_WITH_OPENSSL
720 /*
721 * Verify using OpenSSL and combine the results (should be identical).
722 */
723 int rcOssl = rtCrPkcs7VerifySignedDataUsingOpenSsl(pContentInfo, fFlags, hAdditionalCerts, hTrustedCerts,
724 pvContent, cbContent, RT_SUCCESS(rc) ? pErrInfo : NULL);
725 if (RT_SUCCESS(rcOssl) && RT_SUCCESS(rc))
726 return rc;
727// AssertMsg(RT_FAILURE_NP(rcOssl) && RT_FAILURE_NP(rc), ("%Rrc, %Rrc\n", rcOssl, rc));
728 if (RT_FAILURE(rc))
729 return rc;
730 return rcOssl;
731#else
732 return rc;
733#endif
734}
735
Note: See TracBrowser for help on using the repository browser.

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette