VirtualBox

source: vbox/trunk/src/VBox/Runtime/common/crypto/pkcs7-verify.cpp@ 57358

Last change on this file since 57358 was 57358, checked in by vboxsync, 9 years ago

*: scm cleanup run.
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 36.4 KB
Line 
1/* $Id: pkcs7-verify.cpp 57358 2015-08-14 15:16:38Z vboxsync $ */
2/** @file
3 * IPRT - Crypto - PKCS \#7, Verification
4 */
5
6/*
7 * Copyright (C) 2006-2015 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27
28/*********************************************************************************************************************************
29* Header Files *
30*********************************************************************************************************************************/
31#include "internal/iprt.h"
32#include <iprt/crypto/pkcs7.h>
33
34#include <iprt/err.h>
35#include <iprt/string.h>
36#include <iprt/crypto/digest.h>
37#include <iprt/crypto/pkix.h>
38#include <iprt/crypto/store.h>
39#include <iprt/crypto/x509.h>
40
41#ifdef IPRT_WITH_OPENSSL
42# include "internal/iprt-openssl.h"
43# include <openssl/pkcs7.h>
44# include <openssl/x509.h>
45# include <openssl/err.h>
46#endif
47
48
49
50#ifdef IPRT_WITH_OPENSSL
51static int rtCrPkcs7VerifySignedDataUsingOpenSsl(PCRTCRPKCS7CONTENTINFO pContentInfo, uint32_t fFlags,
52 RTCRSTORE hAdditionalCerts, RTCRSTORE hTrustedCerts,
53 void const *pvContent, uint32_t cbContent, PRTERRINFO pErrInfo)
54{
55 /*
56 * Verify using OpenSSL.
57 */
58 int rcOssl;
59 unsigned char const *pbRawContent = RTASN1CORE_GET_RAW_ASN1_PTR(&pContentInfo->SeqCore.Asn1Core);
60 PKCS7 *pOsslPkcs7 = NULL;
61 if (d2i_PKCS7(&pOsslPkcs7, &pbRawContent, RTASN1CORE_GET_RAW_ASN1_SIZE(&pContentInfo->SeqCore.Asn1Core)) == pOsslPkcs7)
62 {
63 STACK_OF(X509) *pAddCerts = NULL;
64 if (hAdditionalCerts != NIL_RTCRSTORE)
65 rcOssl = RTCrStoreConvertToOpenSslCertStack(hAdditionalCerts, 0, (void **)&pAddCerts);
66 else
67 {
68 pAddCerts = sk_X509_new_null();
69 rcOssl = RT_LIKELY(pAddCerts != NULL) ? VINF_SUCCESS : VERR_NO_MEMORY;
70 }
71 if (RT_SUCCESS(rcOssl))
72 {
73 PCRTCRPKCS7SETOFCERTS pCerts = &pContentInfo->u.pSignedData->Certificates;
74 for (uint32_t i = 0; i < pCerts->cItems; i++)
75 if (pCerts->paItems[i].enmChoice == RTCRPKCS7CERTCHOICE_X509)
76 rtCrOpenSslAddX509CertToStack(pAddCerts, pCerts->paItems[i].u.pX509Cert);
77
78
79 X509_STORE *pTrustedCerts = NULL;
80 if (hTrustedCerts != NIL_RTCRSTORE)
81 rcOssl = RTCrStoreConvertToOpenSslCertStore(hTrustedCerts, 0, (void **)&pTrustedCerts);
82 if (RT_SUCCESS(rcOssl))
83 {
84 rtCrOpenSslInit();
85
86 BIO *pBioContent = BIO_new_mem_buf((void *)pvContent, cbContent);
87 if (pBioContent)
88 {
89 uint32_t fOsslFlags = PKCS7_NOCHAIN;
90 fOsslFlags |= PKCS7_NOVERIFY; // temporary hack.
91 if (PKCS7_verify(pOsslPkcs7, pAddCerts, pTrustedCerts, pBioContent, NULL /*out*/, fOsslFlags))
92 rcOssl = VINF_SUCCESS;
93 else
94 {
95 rcOssl = RTErrInfoSet(pErrInfo, VERR_CR_PKCS7_OSSL_VERIFY_FAILED, "PKCS7_verify failed: ");
96 if (pErrInfo)
97 ERR_print_errors_cb(rtCrOpenSslErrInfoCallback, pErrInfo);
98 }
99 BIO_free(pBioContent);
100 }
101 if (pTrustedCerts)
102 X509_STORE_free(pTrustedCerts);
103 }
104 else
105 rcOssl = RTErrInfoSet(pErrInfo, rcOssl, "RTCrStoreConvertToOpenSslCertStack failed");
106 if (pAddCerts)
107 sk_X509_pop_free(pAddCerts, X509_free);
108 }
109 else
110 rcOssl = RTErrInfoSet(pErrInfo, rcOssl, "RTCrStoreConvertToOpenSslCertStack failed");
111 PKCS7_free(pOsslPkcs7);
112 }
113 else
114 rcOssl = RTErrInfoSet(pErrInfo, VERR_CR_PKCS7_OSSL_D2I_FAILED, "d2i_PKCS7 failed");
115
116 return rcOssl;
117}
118#endif /* IPRT_WITH_OPENSSL */
119
120
121
122static int rtCrPkcs7VerifyCertUsageTimstamping(PCRTCRX509CERTIFICATE pCert, PRTERRINFO pErrInfo)
123{
124 if (!(pCert->TbsCertificate.T3.fFlags & RTCRX509TBSCERTIFICATE_F_PRESENT_EXT_KEY_USAGE))
125 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_KEY_USAGE_MISMATCH, "No extended key usage certificate attribute.");
126 if (!(pCert->TbsCertificate.T3.fExtKeyUsage & (RTCRX509CERT_EKU_F_TIMESTAMPING | RTCRX509CERT_EKU_F_MS_TIMESTAMP_SIGNING)))
127 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_KEY_USAGE_MISMATCH, "fExtKeyUsage=%#x, missing %#x (time stamping)",
128 pCert->TbsCertificate.T3.fExtKeyUsage,
129 RTCRX509CERT_EKU_F_TIMESTAMPING | RTCRX509CERT_EKU_F_MS_TIMESTAMP_SIGNING);
130 return VINF_SUCCESS;
131}
132
133
134static int rtCrPkcs7VerifyCertUsageDigitalSignature(PCRTCRX509CERTIFICATE pCert, PRTERRINFO pErrInfo)
135{
136 if ( (pCert->TbsCertificate.T3.fFlags & RTCRX509TBSCERTIFICATE_F_PRESENT_KEY_USAGE)
137 && !(pCert->TbsCertificate.T3.fKeyUsage & RTCRX509CERT_KEY_USAGE_F_DIGITAL_SIGNATURE))
138 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_KEY_USAGE_MISMATCH, "fKeyUsage=%#x, missing %#x",
139 pCert->TbsCertificate.T3.fKeyUsage, RTCRX509CERT_KEY_USAGE_F_DIGITAL_SIGNATURE);
140 return VINF_SUCCESS;
141}
142
143
144/**
145 * @callback_method_impl{RTCRPKCS7VERIFYCERTCALLBACK,
146 * Default implementation that checks for the DigitalSignature KeyUsage bit.}
147 */
148RTDECL(int) RTCrPkcs7VerifyCertCallbackDefault(PCRTCRX509CERTIFICATE pCert, RTCRX509CERTPATHS hCertPaths, uint32_t fFlags,
149 void *pvUser, PRTERRINFO pErrInfo)
150{
151 int rc = VINF_SUCCESS;
152
153 if (fFlags & RTCRPKCS7VCC_F_SIGNED_DATA)
154 rc = rtCrPkcs7VerifyCertUsageDigitalSignature(pCert, pErrInfo);
155
156 if ( (fFlags & RTCRPKCS7VCC_F_TIMESTAMP)
157 && RT_SUCCESS(rc))
158 rc = rtCrPkcs7VerifyCertUsageTimstamping(pCert, pErrInfo);
159
160 return rc;
161}
162
163
164/**
165 * @callback_method_impl{RTCRPKCS7VERIFYCERTCALLBACK,
166 * Standard code signing. Use this for Microsoft SPC.}
167 */
168RTDECL(int) RTCrPkcs7VerifyCertCallbackCodeSigning(PCRTCRX509CERTIFICATE pCert, RTCRX509CERTPATHS hCertPaths, uint32_t fFlags,
169 void *pvUser, PRTERRINFO pErrInfo)
170{
171 int rc = VINF_SUCCESS;
172 if (fFlags & RTCRPKCS7VCC_F_SIGNED_DATA)
173 {
174 /*
175 * If KeyUsage is present it must include digital signature.
176 */
177 rc = rtCrPkcs7VerifyCertUsageDigitalSignature(pCert, pErrInfo);
178 if (RT_SUCCESS(rc))
179 {
180 /*
181 * The extended usage 'code signing' must be present.
182 */
183 if (!(pCert->TbsCertificate.T3.fFlags & RTCRX509TBSCERTIFICATE_F_PRESENT_EXT_KEY_USAGE))
184 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_KEY_USAGE_MISMATCH, "No extended key usage certificate attribute.");
185 if (!(pCert->TbsCertificate.T3.fExtKeyUsage & RTCRX509CERT_EKU_F_CODE_SIGNING))
186 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_KEY_USAGE_MISMATCH, "fExtKeyUsage=%#x, missing %#x",
187 pCert->TbsCertificate.T3.fExtKeyUsage, RTCRX509CERT_EKU_F_CODE_SIGNING);
188 }
189 }
190
191 /*
192 * Timestamping too?
193 */
194 if ( (fFlags & RTCRPKCS7VCC_F_TIMESTAMP)
195 && RT_SUCCESS(rc))
196 rc = rtCrPkcs7VerifyCertUsageTimstamping(pCert, pErrInfo);
197
198 return rc;
199}
200
201
202/**
203 * Deals with authenticated attributes.
204 *
205 * When authenticated attributes are present (checked by caller) we must:
206 * - fish out the content type and check it against the content inof,
207 * - fish out the message digest among and check it against *phDigest,
208 * - compute the message digest of the authenticated attributes and
209 * replace *phDigest with this for the signature verification.
210 *
211 * @returns IPRT status code.
212 * @param pSignerInfo The signer info being verified.
213 * @param pSignedData The signed data.
214 * @param phDigest On input this is the digest of the content. On
215 * output it will (on success) be a reference to
216 * the message digest of the authenticated
217 * attributes. The input reference is consumed.
218 * The caller shall release the output reference.
219 * @param fFlags Flags.
220 * @param pErrInfo Extended error info, optional.
221 */
222static int rtCrPkcs7VerifySignerInfoAuthAttribs(PCRTCRPKCS7SIGNERINFO pSignerInfo, PCRTCRPKCS7SIGNEDDATA pSignedData,
223 PRTCRDIGEST phDigest, uint32_t fFlags, PRTERRINFO pErrInfo)
224{
225 /*
226 * Scan the attributes and validate the two required attributes
227 * (RFC-2315, chapter 9.2, fourth bullet). Checking that we've got exactly
228 * one of each of them is checked by the santiy checker function, so we'll
229 * just assert that it did it's job here.
230 */
231 uint32_t cContentTypes = 0;
232 uint32_t cMessageDigests = 0;
233 uint32_t i = pSignerInfo->AuthenticatedAttributes.cItems;
234 while (i-- > 0)
235 {
236 PCRTCRPKCS7ATTRIBUTE pAttrib = &pSignerInfo->AuthenticatedAttributes.paItems[i];
237
238 if (RTAsn1ObjId_CompareWithString(&pAttrib->Type, RTCR_PKCS9_ID_CONTENT_TYPE_OID) == 0)
239 {
240 AssertReturn(!cContentTypes, VERR_CR_PKCS7_INTERNAL_ERROR);
241 AssertReturn(pAttrib->enmType == RTCRPKCS7ATTRIBUTETYPE_OBJ_IDS, VERR_CR_PKCS7_INTERNAL_ERROR);
242 AssertReturn(pAttrib->uValues.pObjIds->cItems == 1, VERR_CR_PKCS7_INTERNAL_ERROR);
243
244 if ( !(fFlags & RTCRPKCS7VERIFY_SD_F_COUNTER_SIGNATURE) /* See note about microsoft below. */
245 && RTAsn1ObjId_Compare(&pAttrib->uValues.pObjIds->paItems[0], &pSignedData->ContentInfo.ContentType) != 0)
246 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_CONTENT_TYPE_ATTRIB_MISMATCH,
247 "Expected content-type %s, found %s",
248 &pAttrib->uValues.pObjIds->paItems[0], pSignedData->ContentInfo.ContentType.szObjId);
249 cContentTypes++;
250 }
251 else if (RTAsn1ObjId_CompareWithString(&pAttrib->Type, RTCR_PKCS9_ID_MESSAGE_DIGEST_OID) == 0)
252 {
253 AssertReturn(!cMessageDigests, VERR_CR_PKCS7_INTERNAL_ERROR);
254 AssertReturn(pAttrib->enmType == RTCRPKCS7ATTRIBUTETYPE_OCTET_STRINGS, VERR_CR_PKCS7_INTERNAL_ERROR);
255 AssertReturn(pAttrib->uValues.pOctetStrings->cItems == 1, VERR_CR_PKCS7_INTERNAL_ERROR);
256
257 if (!RTCrDigestMatch(*phDigest,
258 pAttrib->uValues.pOctetStrings->paItems[0].Asn1Core.uData.pv,
259 pAttrib->uValues.pOctetStrings->paItems[0].Asn1Core.cb))
260 {
261 size_t cbHash = RTCrDigestGetHashSize(*phDigest);
262 if (cbHash != pAttrib->uValues.pOctetStrings->paItems[0].Asn1Core.cb)
263 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_MESSAGE_DIGEST_ATTRIB_MISMATCH,
264 "Authenticated message-digest attribute mismatch: cbHash=%#zx cbValue=%#x",
265 cbHash, pAttrib->uValues.pOctetStrings->paItems[0].Asn1Core.cb);
266 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_MESSAGE_DIGEST_ATTRIB_MISMATCH,
267 "Authenticated message-digest attribute mismatch (cbHash=%#zx):\n"
268 "signed: %.*Rhxs\n"
269 "our: %.*Rhxs\n",
270 cbHash,
271 cbHash, pAttrib->uValues.pOctetStrings->paItems[0].Asn1Core.uData.pv,
272 cbHash, RTCrDigestGetHash(*phDigest));
273 }
274 cMessageDigests++;
275 }
276 }
277
278 /*
279 * Full error reporting here as we don't currently extensively santiy check
280 * counter signatures.
281 * Note! Microsoft includes content info in their timestamp counter signatures,
282 * at least for vista, despite the RFC-3852 stating counter signatures
283 * "MUST NOT contain a content-type".
284 */
285 if (RT_UNLIKELY( cContentTypes != 1
286 && !(fFlags & RTCRPKCS7VERIFY_SD_F_COUNTER_SIGNATURE)))
287 return RTErrInfoSet(pErrInfo, VERR_CR_PKCS7_MISSING_CONTENT_TYPE_ATTRIB,
288 "Missing authenticated content-type attribute.");
289 if (RT_UNLIKELY(cMessageDigests != 1))
290 return RTErrInfoSet(pErrInfo, VERR_CR_PKCS7_MISSING_MESSAGE_DIGEST_ATTRIB,
291 "Missing authenticated message-digest attribute.");
292
293 /*
294 * Calculate the digest of the the authenticated attributes for use in the
295 * signature validation.
296 */
297 if ( pSignerInfo->DigestAlgorithm.Parameters.enmType != RTASN1TYPE_NULL
298 && pSignerInfo->DigestAlgorithm.Parameters.enmType != RTASN1TYPE_NOT_PRESENT)
299 return RTErrInfoSet(pErrInfo, VERR_CR_PKCS7_DIGEST_PARAMS_NOT_IMPL, "Digest algorithm has unsupported parameters");
300
301 RTCRDIGEST hDigest;
302 int rc = RTCrDigestCreateByObjId(&hDigest, &pSignerInfo->DigestAlgorithm.Algorithm);
303 if (RT_SUCCESS(rc))
304 {
305 RTCrDigestRelease(*phDigest);
306 *phDigest = hDigest;
307
308 /* ASSUMES that the attributes are encoded according to DER. */
309 uint8_t const *pbData = (uint8_t const *)RTASN1CORE_GET_RAW_ASN1_PTR(&pSignerInfo->AuthenticatedAttributes.SetCore.Asn1Core);
310 uint32_t cbData = RTASN1CORE_GET_RAW_ASN1_SIZE(&pSignerInfo->AuthenticatedAttributes.SetCore.Asn1Core);
311 uint8_t bSetOfTag = ASN1_TAG_SET | ASN1_TAGCLASS_UNIVERSAL | ASN1_TAGFLAG_CONSTRUCTED;
312 rc = RTCrDigestUpdate(hDigest, &bSetOfTag, sizeof(bSetOfTag)); /* Replace the implict tag with a SET-OF tag. */
313 if (RT_SUCCESS(rc))
314 rc = RTCrDigestUpdate(hDigest, pbData + sizeof(bSetOfTag), cbData - sizeof(bSetOfTag)); /* Skip the implicit tag. */
315 if (RT_SUCCESS(rc))
316 rc = RTCrDigestFinal(hDigest, NULL, 0);
317 }
318 return rc;
319}
320
321
322/**
323 * Find the handle to the digest given by the specified SignerInfo.
324 *
325 * @returns IPRT status code
326 * @param phDigest Where to return a referenced digest handle on
327 * success.
328 * @param pSignedData The signed data structure.
329 * @param pSignerInfo The signer info.
330 * @param pahDigests Array of content digests that runs parallel to
331 * pSignedData->DigestAlgorithms.
332 * @param pErrInfo Where to store additional error details,
333 * optional.
334 */
335static int rtCrPkcs7VerifyFindDigest(PRTCRDIGEST phDigest, PCRTCRPKCS7SIGNEDDATA pSignedData,
336 PCRTCRPKCS7SIGNERINFO pSignerInfo, PRTCRDIGEST pahDigests, PRTERRINFO pErrInfo)
337{
338 uint32_t iDigest = pSignedData->DigestAlgorithms.cItems;
339 while (iDigest-- > 0)
340 if (RTCrX509AlgorithmIdentifier_Compare(&pSignedData->DigestAlgorithms.paItems[iDigest],
341 &pSignerInfo->DigestAlgorithm) == 0)
342 {
343 RTCRDIGEST hDigest = pahDigests[iDigest];
344 uint32_t cRefs = RTCrDigestRetain(hDigest);
345 AssertReturn(cRefs != UINT32_MAX, VERR_CR_PKCS7_INTERNAL_ERROR);
346 *phDigest = hDigest;
347 return VINF_SUCCESS;
348 }
349 *phDigest = NIL_RTCRDIGEST; /* Make gcc happy. */
350 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_DIGEST_ALGO_NOT_FOUND_IN_LIST,
351 "SignerInfo.DigestAlgorithm %s not found.",
352 pSignerInfo->DigestAlgorithm.Algorithm.szObjId);
353}
354
355
356/**
357 * Verifies one signature on a PKCS \#7 SignedData.
358 *
359 * @returns IPRT status code.
360 * @param pSignerInfo The signature.
361 * @param pSignedData The SignedData.
362 * @param hDigests The digest corresponding to
363 * pSignerInfo->DigestAlgorithm.
364 * @param fFlags Verficiation flags.
365 * @param hAdditionalCerts Store containing optional certificates,
366 * optional.
367 * @param hTrustedCerts Store containing trusted certificates, required.
368 * @param pValidationTime The time we're supposed to validate the
369 * certificates chains at.
370 * @param pfnVerifyCert Signing certificate verification callback.
371 * @param fVccFlags Signing certificate verification callback flags.
372 * @param pvUser Callback parameter.
373 * @param pErrInfo Where to store additional error details,
374 * optional.
375 */
376static int rtCrPkcs7VerifySignerInfo(PCRTCRPKCS7SIGNERINFO pSignerInfo, PCRTCRPKCS7SIGNEDDATA pSignedData,
377 RTCRDIGEST hDigest, uint32_t fFlags, RTCRSTORE hAdditionalCerts, RTCRSTORE hTrustedCerts,
378 PCRTTIMESPEC pValidationTime, PFNRTCRPKCS7VERIFYCERTCALLBACK pfnVerifyCert,
379 uint32_t fVccFlags, void *pvUser, PRTERRINFO pErrInfo)
380{
381 /*
382 * Locate the certificate used for signing.
383 */
384 PCRTCRCERTCTX pSignerCertCtx = NULL;
385 PCRTCRX509CERTIFICATE pSignerCert = NULL;
386 RTCRSTORE hSignerCertSrc = hTrustedCerts;
387 if (hSignerCertSrc != NIL_RTCRSTORE)
388 pSignerCertCtx = RTCrStoreCertByIssuerAndSerialNo(hSignerCertSrc, &pSignerInfo->IssuerAndSerialNumber.Name,
389 &pSignerInfo->IssuerAndSerialNumber.SerialNumber);
390 if (!pSignerCertCtx)
391 {
392 hSignerCertSrc = hAdditionalCerts;
393 if (hSignerCertSrc != NIL_RTCRSTORE)
394 pSignerCertCtx = RTCrStoreCertByIssuerAndSerialNo(hSignerCertSrc, &pSignerInfo->IssuerAndSerialNumber.Name,
395 &pSignerInfo->IssuerAndSerialNumber.SerialNumber);
396 }
397 if (pSignerCertCtx)
398 pSignerCert = pSignerCertCtx->pCert;
399 else
400 {
401 hSignerCertSrc = NULL;
402 pSignerCert = RTCrPkcs7SetOfCerts_FindX509ByIssuerAndSerialNumber(&pSignedData->Certificates,
403 &pSignerInfo->IssuerAndSerialNumber.Name,
404 &pSignerInfo->IssuerAndSerialNumber.SerialNumber);
405 if (!pSignerCert)
406 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_SIGNED_DATA_CERT_NOT_FOUND,
407 "Certificate not found: serial=%.*Rhxs",
408 pSignerInfo->IssuerAndSerialNumber.SerialNumber.Asn1Core.cb,
409 pSignerInfo->IssuerAndSerialNumber.SerialNumber.Asn1Core.uData.pv);
410 }
411
412 /*
413 * If not a trusted certificate, we'll have to build certificate paths
414 * and verify them. If no valid paths are found, this step will fail.
415 */
416 int rc = VINF_SUCCESS;
417 if ( hSignerCertSrc == NIL_RTCRSTORE
418 || hSignerCertSrc != hTrustedCerts)
419 {
420 RTCRX509CERTPATHS hCertPaths;
421 rc = RTCrX509CertPathsCreate(&hCertPaths, pSignerCert);
422 if (RT_SUCCESS(rc))
423 {
424 rc = RTCrX509CertPathsSetValidTimeSpec(hCertPaths, pValidationTime);
425 if (hTrustedCerts != NIL_RTCRSTORE && RT_SUCCESS(rc))
426 rc = RTCrX509CertPathsSetTrustedStore(hCertPaths, hTrustedCerts);
427 if (hAdditionalCerts != NIL_RTCRSTORE && RT_SUCCESS(rc))
428 rc = RTCrX509CertPathsSetUntrustedStore(hCertPaths, hAdditionalCerts);
429 if (pSignedData->Certificates.cItems > 0 && RT_SUCCESS(rc))
430 rc = RTCrX509CertPathsSetUntrustedSet(hCertPaths, &pSignedData->Certificates);
431 if (RT_SUCCESS(rc))
432 {
433 rc = RTCrX509CertPathsBuild(hCertPaths, pErrInfo);
434 if (RT_SUCCESS(rc))
435 rc = RTCrX509CertPathsValidateAll(hCertPaths, NULL, pErrInfo);
436
437 /*
438 * Check that the certificate purpose and whatnot matches what
439 * is being signed.
440 */
441 if (RT_SUCCESS(rc))
442 rc = pfnVerifyCert(pSignerCert, hCertPaths, fVccFlags, pvUser, pErrInfo);
443 }
444 else
445 RTErrInfoSetF(pErrInfo, rc, "Error configuring path builder: %Rrc", rc);
446 RTCrX509CertPathsRelease(hCertPaths);
447 }
448 }
449 /*
450 * Check that the certificate purpose matches what is signed.
451 */
452 else
453 rc = pfnVerifyCert(pSignerCert, NIL_RTCRX509CERTPATHS, fVccFlags, pvUser, pErrInfo);
454
455 /*
456 * Reference the digest so we can safely replace with one on the
457 * authenticated attributes below.
458 */
459 if ( RT_SUCCESS(rc)
460 && RTCrDigestRetain(hDigest) != UINT32_MAX)
461 {
462 /*
463 * If there are authenticated attributes, we've got more work before we
464 * can verify the signature.
465 */
466 if ( RT_SUCCESS(rc)
467 && RTCrPkcs7Attributes_IsPresent(&pSignerInfo->AuthenticatedAttributes))
468 rc = rtCrPkcs7VerifySignerInfoAuthAttribs(pSignerInfo, pSignedData, &hDigest, fFlags, pErrInfo);
469
470 /*
471 * Verify the signature.
472 */
473 if (RT_SUCCESS(rc))
474 {
475 RTCRPKIXSIGNATURE hSignature;
476 rc = RTCrPkixSignatureCreateByObjId(&hSignature,
477 &pSignerCert->TbsCertificate.SubjectPublicKeyInfo.Algorithm.Algorithm,
478 false /*fSigning*/,
479 &pSignerCert->TbsCertificate.SubjectPublicKeyInfo.SubjectPublicKey,
480 &pSignerInfo->DigestEncryptionAlgorithm.Parameters);
481 if (RT_SUCCESS(rc))
482 {
483 /** @todo Check that DigestEncryptionAlgorithm is compatible with hSignature
484 * (this is not vital). */
485 rc = RTCrPkixSignatureVerifyOctetString(hSignature, hDigest, &pSignerInfo->EncryptedDigest);
486 if (RT_FAILURE(rc))
487 rc = RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_SIGNATURE_VERIFICATION_FAILED,
488 "Signature verficiation failed: %Rrc", rc);
489 RTCrPkixSignatureRelease(hSignature);
490 }
491 else
492 rc = RTErrInfoSetF(pErrInfo, rc, "Failure to instantiate public key algorithm [IPRT]: %s (%s)",
493 pSignerCert->TbsCertificate.SubjectPublicKeyInfo.Algorithm.Algorithm.szObjId,
494 pSignerInfo->DigestEncryptionAlgorithm.Algorithm.szObjId);
495 }
496
497 RTCrDigestRelease(hDigest);
498 }
499 else if (RT_SUCCESS(rc))
500 rc = VERR_CR_PKCS7_INTERNAL_ERROR;
501 RTCrCertCtxRelease(pSignerCertCtx);
502 return rc;
503}
504
505
506/**
507 * Verifies a counter signature.
508 *
509 * @returns IPRT status code.
510 * @param pCounterSignerInfo The counter signature.
511 * @param pPrimarySignerInfo The primary signature (can be a counter
512 * signature too if nested).
513 * @param pSignedData The SignedData.
514 * @param fFlags Verficiation flags.
515 * @param hAdditionalCerts Store containing optional certificates,
516 * optional.
517 * @param hTrustedCerts Store containing trusted certificates, required.
518 * @param pValidationTime The time we're supposed to validate the
519 * certificates chains at.
520 * @param pfnVerifyCert Signing certificate verification callback.
521 * @param fVccFlags Signing certificate verification callback flags.
522 * @param pvUser Callback parameter.
523 * @param pErrInfo Where to store additional error details,
524 * optional.
525 */
526static int rtCrPkcs7VerifyCounterSignerInfo(PCRTCRPKCS7SIGNERINFO pCounterSignerInfo, PCRTCRPKCS7SIGNERINFO pPrimarySignerInfo,
527 PCRTCRPKCS7SIGNEDDATA pSignedData, uint32_t fFlags,
528 RTCRSTORE hAdditionalCerts, RTCRSTORE hTrustedCerts, PCRTTIMESPEC pValidationTime,
529 PFNRTCRPKCS7VERIFYCERTCALLBACK pfnVerifyCert, uint32_t fVccFlags,
530 void *pvUser, PRTERRINFO pErrInfo)
531{
532 /*
533 * Calculate the digest we need to verify.
534 */
535 RTCRDIGEST hDigest;
536 int rc = RTCrDigestCreateByObjId(&hDigest, &pCounterSignerInfo->DigestAlgorithm.Algorithm);
537 if (RT_SUCCESS(rc))
538 {
539 rc = RTCrDigestUpdate(hDigest,
540 pPrimarySignerInfo->EncryptedDigest.Asn1Core.uData.pv,
541 pPrimarySignerInfo->EncryptedDigest.Asn1Core.cb);
542 if (RT_SUCCESS(rc))
543 rc = RTCrDigestFinal(hDigest, NULL, 0);
544 if (RT_SUCCESS(rc))
545 {
546 /*
547 * Pass it on to the common SignerInfo verifier function.
548 */
549 rc = rtCrPkcs7VerifySignerInfo(pCounterSignerInfo, pSignedData, hDigest,
550 fFlags | RTCRPKCS7VERIFY_SD_F_COUNTER_SIGNATURE,
551 hAdditionalCerts, hTrustedCerts, pValidationTime,
552 pfnVerifyCert, fVccFlags, pvUser, pErrInfo);
553
554 }
555 else
556 rc = RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_DIGEST_CALC_ERROR,
557 "Hashing for counter signature failed unexpectedly: %Rrc", rc);
558 RTCrDigestRelease(hDigest);
559 }
560 else
561 rc = RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_DIGEST_CREATE_ERROR, "Error creating digest for '%s': %Rrc",
562 pCounterSignerInfo->DigestAlgorithm.Algorithm.szObjId, rc);
563
564 return rc;
565}
566
567
568RTDECL(int) RTCrPkcs7VerifySignedData(PCRTCRPKCS7CONTENTINFO pContentInfo, uint32_t fFlags,
569 RTCRSTORE hAdditionalCerts, RTCRSTORE hTrustedCerts,
570 PCRTTIMESPEC pValidationTime, PFNRTCRPKCS7VERIFYCERTCALLBACK pfnVerifyCert, void *pvUser,
571 PRTERRINFO pErrInfo)
572{
573 /*
574 * Check the input.
575 */
576 if (pfnVerifyCert)
577 AssertPtrReturn(pfnVerifyCert, VERR_INVALID_POINTER);
578 else
579 pfnVerifyCert = RTCrPkcs7VerifyCertCallbackDefault;
580
581 if (!RTCrPkcs7ContentInfo_IsSignedData(pContentInfo))
582 return RTErrInfoSet(pErrInfo, VERR_CR_PKCS7_NOT_SIGNED_DATA, "Not PKCS #7 SignedData.");
583 PCRTCRPKCS7SIGNEDDATA pSignedData = pContentInfo->u.pSignedData;
584 int rc = RTCrPkcs7SignedData_CheckSanity(pSignedData, 0, pErrInfo, "");
585 if (RT_FAILURE(rc))
586 return rc;
587
588 /*
589 * Hash the content info.
590 */
591 /* Exactly what the content is, for some stupid reason unnecessarily
592 complicated. Figure it out here as we'll need it for the OpenSSL code
593 path as well. */
594 void const *pvContent = pSignedData->ContentInfo.Content.Asn1Core.uData.pv;
595 uint32_t cbContent = pSignedData->ContentInfo.Content.Asn1Core.cb;
596 if (pSignedData->ContentInfo.Content.pEncapsulated)
597 {
598 pvContent = pSignedData->ContentInfo.Content.pEncapsulated->uData.pv;
599 cbContent = pSignedData->ContentInfo.Content.pEncapsulated->cb;
600 }
601
602 /* Check that there aren't too many or too few hash algorithms for our
603 implementation and purposes. */
604 RTCRDIGEST ahDigests[2];
605 uint32_t const cDigests = pSignedData->DigestAlgorithms.cItems;
606 if (!cDigests) /** @todo we might have to support this... */
607 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_NO_DIGEST_ALGORITHMS, "No digest algorithms");
608
609 if (cDigests > RT_ELEMENTS(ahDigests))
610 return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_TOO_MANY_DIGEST_ALGORITHMS,
611 "Too many digest algorithm: cAlgorithms=%u", cDigests);
612
613 /* Create the message digest calculators. */
614 rc = VERR_CR_PKCS7_NO_DIGEST_ALGORITHMS;
615 uint32_t i;
616 for (i = 0; i < cDigests; i++)
617 {
618 rc = RTCrDigestCreateByObjId(&ahDigests[i], &pSignedData->DigestAlgorithms.paItems[i].Algorithm);
619 if (RT_FAILURE(rc))
620 {
621 rc = RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_DIGEST_CREATE_ERROR, "Error creating digest for '%s': %Rrc",
622 pSignedData->DigestAlgorithms.paItems[i].Algorithm.szObjId, rc);
623 break;
624 }
625 }
626 if (RT_SUCCESS(rc))
627 {
628 /* Hash the content. */
629 for (i = 0; i < cDigests && RT_SUCCESS(rc); i++)
630 {
631 rc = RTCrDigestUpdate(ahDigests[i], pvContent, cbContent);
632 if (RT_SUCCESS(rc))
633 rc = RTCrDigestFinal(ahDigests[i], NULL, 0);
634 }
635 if (RT_SUCCESS(rc))
636 {
637 /*
638 * Validate the signed infos.
639 */
640 uint32_t fPrimaryVccFlags = !(fFlags & RTCRPKCS7VERIFY_SD_F_USAGE_TIMESTAMPING)
641 ? RTCRPKCS7VCC_F_SIGNED_DATA : RTCRPKCS7VCC_F_TIMESTAMP;
642 rc = VERR_CR_PKCS7_NO_SIGNER_INFOS;
643 for (i = 0; i < pSignedData->SignerInfos.cItems; i++)
644 {
645 PCRTCRPKCS7SIGNERINFO pSignerInfo = &pSignedData->SignerInfos.paItems[i];
646 RTCRDIGEST hThisDigest = NIL_RTCRDIGEST; /* (gcc maybe incredible stupid.) */
647 rc = rtCrPkcs7VerifyFindDigest(&hThisDigest, pSignedData, pSignerInfo, ahDigests, pErrInfo);
648 if (RT_FAILURE(rc))
649 break;
650
651 /*
652 * See if we can find a trusted signing time.
653 * (Note that while it would make sense splitting up this function,
654 * we need to carry a lot of arguments around, so better not.)
655 */
656 bool fDone = false;
657 PCRTCRPKCS7SIGNERINFO pSigningTimeSigner = NULL;
658 PCRTASN1TIME pSignedTime;
659 while ( !fDone
660 && (pSignedTime = RTCrPkcs7SignerInfo_GetSigningTime(pSignerInfo, &pSigningTimeSigner)) != NULL)
661 {
662 RTTIMESPEC ThisValidationTime;
663 if (RT_LIKELY(RTTimeImplode(&ThisValidationTime, &pSignedTime->Time)))
664 {
665 if (pSigningTimeSigner == pSignerInfo)
666 {
667 if (fFlags & RTCRPKCS7VERIFY_SD_F_COUNTER_SIGNATURE_SIGNING_TIME_ONLY)
668 continue;
669 rc = rtCrPkcs7VerifySignerInfo(pSignerInfo, pSignedData, hThisDigest, fFlags,
670 hAdditionalCerts, hTrustedCerts, &ThisValidationTime,
671 pfnVerifyCert, fPrimaryVccFlags | RTCRPKCS7VCC_F_TIMESTAMP,
672 pvUser, pErrInfo);
673 }
674 else
675 {
676 rc = VINF_SUCCESS;
677 if (!(fFlags & RTCRPKCS7VERIFY_SD_F_USE_SIGNING_TIME_UNVERIFIED))
678 rc = rtCrPkcs7VerifyCounterSignerInfo(pSigningTimeSigner, pSignerInfo, pSignedData, fFlags,
679 hAdditionalCerts, hTrustedCerts, &ThisValidationTime,
680 pfnVerifyCert, RTCRPKCS7VCC_F_TIMESTAMP, pvUser, pErrInfo);
681 if (RT_SUCCESS(rc))
682 rc = rtCrPkcs7VerifySignerInfo(pSignerInfo, pSignedData, hThisDigest, fFlags, hAdditionalCerts,
683 hTrustedCerts, &ThisValidationTime,
684 pfnVerifyCert, fPrimaryVccFlags, pvUser, pErrInfo);
685 }
686 fDone = RT_SUCCESS(rc)
687 || (fFlags & RTCRPKCS7VERIFY_SD_F_ALWAYS_USE_SIGNING_TIME_IF_PRESENT);
688 }
689 else
690 {
691 rc = RTErrInfoSet(pErrInfo, VERR_INTERNAL_ERROR_3, "RTTimeImplode failed");
692 fDone = true;
693 }
694 }
695
696 /*
697 * If not luck, check for microsoft timestamp counter signatures.
698 */
699 if (!fDone && !(fFlags & RTCRPKCS7VERIFY_SD_F_IGNORE_MS_TIMESTAMP))
700 {
701 PCRTCRPKCS7CONTENTINFO pSignedTimestamp = NULL;
702 pSignedTime = RTCrPkcs7SignerInfo_GetMsTimestamp(pSignerInfo, &pSignedTimestamp);
703 if (pSignedTime)
704 {
705 RTTIMESPEC ThisValidationTime;
706 if (RT_LIKELY(RTTimeImplode(&ThisValidationTime, &pSignedTime->Time)))
707 {
708 rc = VINF_SUCCESS;
709 if (!(fFlags & RTCRPKCS7VERIFY_SD_F_USE_MS_TIMESTAMP_UNVERIFIED))
710 rc = RTCrPkcs7VerifySignedData(pSignedTimestamp,
711 fFlags | RTCRPKCS7VERIFY_SD_F_IGNORE_MS_TIMESTAMP
712 | RTCRPKCS7VERIFY_SD_F_USAGE_TIMESTAMPING,
713 hAdditionalCerts, hTrustedCerts, &ThisValidationTime,
714 pfnVerifyCert, pvUser, pErrInfo);
715
716 if (RT_SUCCESS(rc))
717 rc = rtCrPkcs7VerifySignerInfo(pSignerInfo, pSignedData, hThisDigest, fFlags, hAdditionalCerts,
718 hTrustedCerts, &ThisValidationTime,
719 pfnVerifyCert, fPrimaryVccFlags, pvUser, pErrInfo);
720 fDone = RT_SUCCESS(rc)
721 || (fFlags & RTCRPKCS7VERIFY_SD_F_ALWAYS_USE_MS_TIMESTAMP_IF_PRESENT);
722 }
723 else
724 {
725 rc = RTErrInfoSet(pErrInfo, VERR_INTERNAL_ERROR_3, "RTTimeImplode failed");
726 fDone = true;
727 }
728
729 }
730 }
731
732 /*
733 * No valid signing time found, use the one specified instead.
734 */
735 if (!fDone)
736 rc = rtCrPkcs7VerifySignerInfo(pSignerInfo, pSignedData, hThisDigest, fFlags, hAdditionalCerts, hTrustedCerts,
737 pValidationTime, pfnVerifyCert, fPrimaryVccFlags, pvUser, pErrInfo);
738 RTCrDigestRelease(hThisDigest);
739 if (RT_FAILURE(rc))
740 break;
741 }
742 }
743 else
744 rc = RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_DIGEST_CALC_ERROR,
745 "Hashing content failed unexpectedly (i=%u): %Rrc", i, rc);
746
747 /* Clean up digests. */
748 i = cDigests;
749 }
750 while (i-- > 0)
751 {
752 int rc2 = RTCrDigestRelease(ahDigests[i]);
753 AssertRC(rc2);
754 }
755
756
757#ifdef IPRT_WITH_OPENSSL
758 /*
759 * Verify using OpenSSL and combine the results (should be identical).
760 */
761 /** @todo figure out how to verify MS timstamp signatures using OpenSSL. */
762 if (fFlags & RTCRPKCS7VERIFY_SD_F_USAGE_TIMESTAMPING)
763 return rc;
764 int rcOssl = rtCrPkcs7VerifySignedDataUsingOpenSsl(pContentInfo, fFlags, hAdditionalCerts, hTrustedCerts,
765 pvContent, cbContent, RT_SUCCESS(rc) ? pErrInfo : NULL);
766 if (RT_SUCCESS(rcOssl) && RT_SUCCESS(rc))
767 return rc;
768// AssertMsg(RT_FAILURE_NP(rcOssl) && RT_FAILURE_NP(rc), ("%Rrc, %Rrc\n", rcOssl, rc));
769 if (RT_FAILURE(rc))
770 return rc;
771 return rcOssl;
772#else
773 return rc;
774#endif
775}
776
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette