VirtualBox

source: vbox/trunk/src/VBox/Runtime/common/crypto/store-inmem.cpp@ 52533

Last change on this file since 52533 was 51781, checked in by vboxsync, 11 years ago

warning

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 11.9 KB
Line 
1/* $Id: store-inmem.cpp 51781 2014-07-01 19:58:13Z vboxsync $ */
2/** @file
3 * IPRT - In Memory Cryptographic Certificate Store.
4 */
5
6/*
7 * Copyright (C) 2006-2014 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27
28/*******************************************************************************
29* Header Files *
30*******************************************************************************/
31#include "internal/iprt.h"
32#include <iprt/crypto/store.h>
33
34#include <iprt/err.h>
35#include <iprt/mem.h>
36#include <iprt/string.h>
37
38#include "store-internal.h"
39
40
41/*******************************************************************************
42* Structures and Typedefs *
43*******************************************************************************/
44/**
45 * A certificate entry in the in-memory store.
46 */
47typedef struct RTCRSTOREINMEMCERT
48{
49 /** The core certificate context. */
50 RTCRCERTCTXINT Core;
51 /** Internal copy of the flag (paranoia). */
52 uint32_t fFlags;
53 /** Decoded data. */
54 union
55 {
56 /** ASN.1 core structure for generic access. */
57 RTASN1CORE Asn1Core;
58 /** The decoded X.509 certificate (RTCRCERTCTX_F_ENC_X509_DER). */
59 RTCRX509CERTIFICATE X509Cert;
60 /** The decoded trust anchor info (RTCRCERTCTX_F_ENC_TAF_DER). */
61 RTCRTAFTRUSTANCHORINFO TaInfo;
62 } u;
63 /** Pointer to the store if still in it (no reference). */
64 struct RTCRSTOREINMEM *pStore;
65 /** The DER encoding of the certificate. */
66 uint8_t abEncoded[1];
67} RTCRSTOREINMEMCERT;
68AssertCompileMembersAtSameOffset(RTCRSTOREINMEMCERT, u.X509Cert.SeqCore.Asn1Core, RTCRSTOREINMEMCERT, u.Asn1Core);
69AssertCompileMembersAtSameOffset(RTCRSTOREINMEMCERT, u.TaInfo.SeqCore.Asn1Core, RTCRSTOREINMEMCERT, u.Asn1Core);
70/** Pointer to an in-memory store certificate entry. */
71typedef RTCRSTOREINMEMCERT *PRTCRSTOREINMEMCERT;
72
73
74/**
75 * The per instance data of a in-memory crypto store.
76 *
77 * Currently we ASSUME we don't need serialization. Add that when needed!
78 */
79typedef struct RTCRSTOREINMEM
80{
81 /** The number of certificates. */
82 uint32_t cCerts;
83 /** The max number of certificates papCerts can store before growing it. */
84 uint32_t cCertsAlloc;
85 /** Array of certificates. */
86 PRTCRSTOREINMEMCERT *papCerts;
87} RTCRSTOREINMEM;
88/** Pointer to an in-memory crypto store. */
89typedef RTCRSTOREINMEM *PRTCRSTOREINMEM;
90
91
92
93
94static DECLCALLBACK(void) rtCrStoreInMemCertEntry_Dtor(PRTCRCERTCTXINT pCertCtx)
95{
96 PRTCRSTOREINMEMCERT pEntry = (PRTCRSTOREINMEMCERT)pCertCtx;
97 AssertRelease(!pEntry->pStore);
98
99 pEntry->Core.pfnDtor = NULL;
100 RTAsn1VtDelete(&pEntry->u.Asn1Core);
101 RTMemFree(pEntry);
102}
103
104
105/**
106 * Internal method for allocating and initalizing a certificate entry in the
107 * in-memory store.
108 *
109 * @returns IPRT status code.
110 * @param pThis The in-memory store instance.
111 * @param fEnc RTCRCERTCTX_F_ENC_X509_DER or RTCRCERTCTX_F_ENC_TAF_DER.
112 * @param pbSrc The DER encoded X.509 certificate to add.
113 * @param cbSrc The size of the encoded certificate.
114 * @param pErrInfo Where to return extended error info. Optional.
115 * @param ppEntry Where to return the pointer to the new entry.
116 */
117static int rtCrStoreInMemCreateCertEntry(PRTCRSTOREINMEM pThis, uint32_t fEnc, uint8_t const *pbSrc, uint32_t cbSrc,
118 PRTERRINFO pErrInfo, PRTCRSTOREINMEMCERT *ppEntry)
119{
120 int rc;
121 PRTCRSTOREINMEMCERT pEntry = (PRTCRSTOREINMEMCERT)RTMemAllocZ(RT_UOFFSETOF(RTCRSTOREINMEMCERT, abEncoded[cbSrc]));
122 if (pEntry)
123 {
124 memcpy(pEntry->abEncoded, pbSrc, cbSrc);
125 pEntry->Core.u32Magic = RTCRCERTCTXINT_MAGIC;
126 pEntry->Core.cRefs = 1;
127 pEntry->Core.pfnDtor = rtCrStoreInMemCertEntry_Dtor;
128 pEntry->Core.Public.fFlags = fEnc;
129 pEntry->Core.Public.cbEncoded = cbSrc;
130 pEntry->Core.Public.pabEncoded = &pEntry->abEncoded[0];
131 if (fEnc == RTCRCERTCTX_F_ENC_X509_DER)
132 {
133 pEntry->Core.Public.pCert = &pEntry->u.X509Cert;
134 pEntry->Core.Public.pTaInfo = NULL;
135 }
136 else
137 {
138 pEntry->Core.Public.pCert = NULL;
139 pEntry->Core.Public.pTaInfo = &pEntry->u.TaInfo;
140 }
141 pEntry->pStore = pThis;
142
143 RTASN1CURSORPRIMARY Cursor;
144 RTAsn1CursorInitPrimary(&Cursor, &pEntry->abEncoded[0], cbSrc, pErrInfo, &g_RTAsn1DefaultAllocator,
145 RTASN1CURSOR_FLAGS_DER, "InMem");
146 if (fEnc == RTCRCERTCTX_F_ENC_X509_DER)
147 rc = RTCrX509Certificate_DecodeAsn1(&Cursor.Cursor, 0, &pEntry->u.X509Cert, "Cert");
148 else
149 rc = RTCrTafTrustAnchorInfo_DecodeAsn1(&Cursor.Cursor, 0, &pEntry->u.TaInfo, "TaInfo");
150 if (RT_SUCCESS(rc))
151 {
152 if (fEnc == RTCRCERTCTX_F_ENC_X509_DER)
153 rc = RTCrX509Certificate_CheckSanity(&pEntry->u.X509Cert, 0, pErrInfo, "Cert");
154 else
155 rc = RTCrTafTrustAnchorInfo_CheckSanity(&pEntry->u.TaInfo, 0, pErrInfo, "TaInfo");
156 if (RT_SUCCESS(rc))
157 {
158 *ppEntry = pEntry;
159 return VINF_SUCCESS;
160 }
161
162 RTAsn1VtDelete(&pEntry->u.Asn1Core);
163 }
164 RTMemFree(pEntry);
165 }
166 else
167 rc = VERR_NO_MEMORY;
168 return rc;
169}
170
171
172/**
173 * Grows the certificate pointer array to at least @a cMin entries.
174 *
175 * @returns IPRT status code.
176 * @param pThis The in-memory store instance.
177 * @param cMin The new minimum store size.
178 */
179static int rtCrStoreInMemGrow(PRTCRSTOREINMEM pThis, uint32_t cMin)
180{
181 AssertReturn(cMin <= _1M, VERR_OUT_OF_RANGE);
182 AssertReturn(cMin > pThis->cCertsAlloc, VERR_INTERNAL_ERROR_3);
183
184 if (cMin < 64)
185 cMin = RT_ALIGN_32(cMin, 8);
186 else
187 cMin = RT_ALIGN_32(cMin, 32);
188
189 void *pv = RTMemRealloc(pThis->papCerts, cMin * sizeof(pThis->papCerts[0]));
190 if (pv)
191 {
192 pThis->papCerts = (PRTCRSTOREINMEMCERT *)pv;
193 for (uint32_t i = pThis->cCertsAlloc; i < cMin; i++)
194 pThis->papCerts[i] = NULL;
195 pThis->cCertsAlloc = cMin;
196 return VINF_SUCCESS;
197 }
198 return VERR_NO_MEMORY;
199}
200
201
202
203/** @interface_method_impl{RTCRSTOREPROVIDER, pfnDestroyStore} */
204static DECLCALLBACK(void) rtCrStoreInMem_DestroyStore(void *pvProvider)
205{
206 PRTCRSTOREINMEM pThis = (PRTCRSTOREINMEM)pvProvider;
207
208 while (pThis->cCerts > 0)
209 {
210 uint32_t i = --pThis->cCerts;
211 PRTCRSTOREINMEMCERT pEntry = pThis->papCerts[i];
212 pThis->papCerts[i] = NULL;
213 AssertPtr(pEntry);
214
215 pEntry->pStore = NULL;
216 RTCrCertCtxRelease(&pEntry->Core.Public);
217 }
218
219 RTMemFree(pThis->papCerts);
220 pThis->papCerts = NULL;
221 RTMemFree(pThis);
222}
223
224
225/** @interface_method_impl{RTCRSTOREPROVIDER, pfnCertCtxQueryPrivateKey} */
226static DECLCALLBACK(int) rtCrStoreInMem_CertCtxQueryPrivateKey(void *pvProvider, PRTCRCERTCTXINT pCertCtx,
227 uint8_t *pbKey, size_t cbKey, size_t *pcbKeyRet)
228{
229 //PRTCRSTOREINMEM pThis = (PRTCRSTOREINMEM)pvProvider;
230 return VERR_NOT_FOUND;
231}
232
233
234/** @interface_method_impl{RTCRSTOREPROVIDER, pfnCertFindAll} */
235static DECLCALLBACK(int) rtCrStoreInMem_CertFindAll(void *pvProvider, PRTCRSTORECERTSEARCH pSearch)
236{
237 PRTCRSTOREINMEM pThis = (PRTCRSTOREINMEM)pvProvider;
238 pSearch->auOpaque[0] = ~(uintptr_t)pvProvider;
239 pSearch->auOpaque[1] = 0;
240 pSearch->auOpaque[2] = ~(uintptr_t)0; /* For the front-end API. */
241 pSearch->auOpaque[3] = ~(uintptr_t)0; /* For the front-end API. */
242 return VINF_SUCCESS;
243}
244
245
246/** @interface_method_impl{RTCRSTOREPROVIDER, pfnCertSearchNext} */
247static DECLCALLBACK(PCRTCRCERTCTX) rtCrStoreInMem_CertSearchNext(void *pvProvider, PRTCRSTORECERTSEARCH pSearch)
248{
249 PRTCRSTOREINMEM pThis = (PRTCRSTOREINMEM)pvProvider;
250 AssertReturn(pSearch->auOpaque[0] == ~(uintptr_t)pvProvider, NULL);
251
252 uintptr_t i = pSearch->auOpaque[1];
253 if (i < pThis->cCerts)
254 {
255 pSearch->auOpaque[1] = i + 1;
256 pThis->papCerts[i]->Core.cRefs++;
257 return &pThis->papCerts[i]->Core.Public;
258 }
259 return NULL;
260}
261
262
263/** @interface_method_impl{RTCRSTOREPROVIDER, pfnCertSearchDestroy} */
264static DECLCALLBACK(void) rtCrStoreInMem_CertSearchDestroy(void *pvProvider, PRTCRSTORECERTSEARCH pSearch)
265{
266 NOREF(pvProvider);
267 AssertReturnVoid(pSearch->auOpaque[0] == ~(uintptr_t)pvProvider);
268 pSearch->auOpaque[0] = 0;
269 pSearch->auOpaque[1] = 0;
270 pSearch->auOpaque[2] = 0;
271 pSearch->auOpaque[3] = 0;
272}
273
274
275/** @interface_method_impl{RTCRSTOREPROVIDER, pfnCertSearchDestroy} */
276static DECLCALLBACK(int) rtCrStoreInMem_CertAddEncoded(void *pvProvider, uint32_t fFlags,
277 uint8_t const *pbEncoded, uint32_t cbEncoded, PRTERRINFO pErrInfo)
278{
279 PRTCRSTOREINMEM pThis = (PRTCRSTOREINMEM)pvProvider;
280 int rc;
281
282 AssertMsgReturn( fFlags == RTCRCERTCTX_F_ENC_X509_DER
283 || fFlags == RTCRCERTCTX_F_ENC_TAF_DER
284 , ("Only X.509 and TAF DER are supported: %#x\n", fFlags), VERR_INVALID_FLAGS);
285
286 if (pThis->cCerts + 1 > pThis->cCertsAlloc)
287 {
288 rc = rtCrStoreInMemGrow(pThis, pThis->cCerts + 1);
289 if (RT_FAILURE(rc))
290 return rc;
291 }
292
293 rc = rtCrStoreInMemCreateCertEntry(pThis, fFlags, pbEncoded, cbEncoded, pErrInfo, &pThis->papCerts[pThis->cCerts]);
294 if (RT_SUCCESS(rc))
295 {
296 pThis->cCerts++;
297 return VINF_SUCCESS;
298 }
299 return rc;
300}
301
302
303/**
304 * In-memory store provider.
305 */
306static RTCRSTOREPROVIDER const g_rtCrStoreInMemProvider =
307{
308 "in-memory",
309 rtCrStoreInMem_DestroyStore,
310 rtCrStoreInMem_CertCtxQueryPrivateKey,
311 rtCrStoreInMem_CertFindAll,
312 rtCrStoreInMem_CertSearchNext,
313 rtCrStoreInMem_CertSearchDestroy,
314 rtCrStoreInMem_CertAddEncoded,
315 NULL,
316 42
317};
318
319
320/**
321 * Common worker for RTCrStoreCreateInMem and future constructors...
322 *
323 * @returns IPRT status code.
324 * @param ppStore Where to return the store instance.
325 */
326static int rtCrStoreInMemCreateInternal(PRTCRSTOREINMEM *ppStore)
327{
328 PRTCRSTOREINMEM pStore = (PRTCRSTOREINMEM)RTMemAlloc(sizeof(*pStore));
329 if (pStore)
330 {
331 pStore->cCerts = 0;
332 pStore->cCertsAlloc = 0;
333 pStore->papCerts = NULL;
334 *ppStore = pStore;
335 return VINF_SUCCESS;
336 }
337 *ppStore = NULL; /* shut up gcc-maybe-pita warning. */
338 return VERR_NO_MEMORY;
339}
340
341
342RTDECL(int) RTCrStoreCreateInMem(PRTCRSTORE phStore, uint32_t cSizeHint)
343{
344 PRTCRSTOREINMEM pStore;
345 int rc = rtCrStoreInMemCreateInternal(&pStore);
346 if (RT_SUCCESS(rc))
347 {
348 if (cSizeHint)
349 rc = rtCrStoreInMemGrow(pStore, RT_MIN(cSizeHint, 512));
350 if (RT_SUCCESS(rc))
351 {
352 rc = rtCrStoreCreate(&g_rtCrStoreInMemProvider, pStore, phStore);
353 if (RT_SUCCESS(rc))
354 return VINF_SUCCESS;
355 }
356 RTMemFree(pStore);
357 }
358 return rc;
359}
360
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette