VirtualBox

source: vbox/trunk/src/VBox/Runtime/common/crypto/x509-verify.cpp@ 73603

Last change on this file since 73603 was 69111, checked in by vboxsync, 7 years ago

(C) year

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 5.8 KB
Line 
1/* $Id: x509-verify.cpp 69111 2017-10-17 14:26:02Z vboxsync $ */
2/** @file
3 * IPRT - Crypto - X.509, Signature verficiation.
4 */
5
6/*
7 * Copyright (C) 2006-2017 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27
28/*********************************************************************************************************************************
29* Header Files *
30*********************************************************************************************************************************/
31#include "internal/iprt.h"
32#include <iprt/crypto/x509.h>
33#include <iprt/crypto/pkix.h>
34
35#include <iprt/err.h>
36#include <iprt/mem.h>
37#include <iprt/string.h>
38
39
40RTDECL(int) RTCrX509Certificate_VerifySignature(PCRTCRX509CERTIFICATE pThis, PCRTASN1OBJID pAlgorithm,
41 PCRTASN1DYNTYPE pParameters, PCRTASN1BITSTRING pPublicKey,
42 PRTERRINFO pErrInfo)
43{
44 /*
45 * Validate the input a little.
46 */
47 AssertPtrReturn(pThis, VERR_INVALID_POINTER);
48 AssertReturn(RTCrX509Certificate_IsPresent(pThis), VERR_INVALID_PARAMETER);
49
50 AssertPtrReturn(pAlgorithm, VERR_INVALID_POINTER);
51 AssertReturn(RTAsn1ObjId_IsPresent(pAlgorithm), VERR_INVALID_POINTER);
52
53 if (pParameters)
54 {
55 AssertPtrReturn(pParameters, VERR_INVALID_POINTER);
56 if (pParameters->enmType == RTASN1TYPE_NULL)
57 pParameters = NULL;
58 }
59
60 AssertPtrReturn(pPublicKey, VERR_INVALID_POINTER);
61 AssertReturn(RTAsn1BitString_IsPresent(pPublicKey), VERR_INVALID_POINTER);
62
63 /*
64 * Check if the algorithm matches.
65 */
66 const char *pszCipherOid = RTCrPkixGetCiperOidFromSignatureAlgorithm(&pThis->SignatureAlgorithm.Algorithm);
67 if (!pszCipherOid)
68 return RTErrInfoSetF(pErrInfo, VERR_CR_X509_UNKNOWN_CERT_SIGN_ALGO,
69 "Certificate signature algorithm not known: %s",
70 pThis->SignatureAlgorithm.Algorithm.szObjId);
71
72 if (RTAsn1ObjId_CompareWithString(pAlgorithm, pszCipherOid) != 0)
73 return RTErrInfoSetF(pErrInfo, VERR_CR_X509_CERT_SIGN_ALGO_MISMATCH,
74 "Certificate signature cipher algorithm mismatch: cert uses %s (%s) while key uses %s",
75 pszCipherOid, pThis->SignatureAlgorithm.Algorithm.szObjId, pAlgorithm->szObjId);
76
77 /*
78 * Here we should recode the to-be-signed part as DER, but we'll ASSUME
79 * that it's already in DER encoding and only does this if there the
80 * encoded bits are missing.
81 */
82 if ( pThis->TbsCertificate.SeqCore.Asn1Core.uData.pu8
83 && pThis->TbsCertificate.SeqCore.Asn1Core.cb > 0)
84 return RTCrPkixPubKeyVerifySignature(&pThis->SignatureAlgorithm.Algorithm, pParameters, pPublicKey, &pThis->SignatureValue,
85 RTASN1CORE_GET_RAW_ASN1_PTR(&pThis->TbsCertificate.SeqCore.Asn1Core),
86 RTASN1CORE_GET_RAW_ASN1_SIZE(&pThis->TbsCertificate.SeqCore.Asn1Core),
87 pErrInfo);
88
89 uint32_t cbEncoded;
90 int rc = RTAsn1EncodePrepare((PRTASN1CORE)&pThis->TbsCertificate.SeqCore.Asn1Core, RTASN1ENCODE_F_DER, &cbEncoded, pErrInfo);
91 if (RT_SUCCESS(rc))
92 {
93 void *pvTbsBits = RTMemTmpAlloc(cbEncoded);
94 if (pvTbsBits)
95 {
96 rc = RTAsn1EncodeToBuffer(&pThis->TbsCertificate.SeqCore.Asn1Core, RTASN1ENCODE_F_DER,
97 pvTbsBits, cbEncoded, pErrInfo);
98 if (RT_SUCCESS(rc))
99 rc = RTCrPkixPubKeyVerifySignature(&pThis->SignatureAlgorithm.Algorithm, pParameters, pPublicKey,
100 &pThis->SignatureValue, pvTbsBits, cbEncoded, pErrInfo);
101 else
102 AssertRC(rc);
103 RTMemTmpFree(pvTbsBits);
104 }
105 else
106 rc = VERR_NO_TMP_MEMORY;
107 }
108 return rc;
109}
110
111
112RTDECL(int) RTCrX509Certificate_VerifySignatureSelfSigned(PCRTCRX509CERTIFICATE pThis, PRTERRINFO pErrInfo)
113{
114 /*
115 * Validate the input a little.
116 */
117 AssertPtrReturn(pThis, VERR_INVALID_POINTER);
118 AssertReturn(RTCrX509Certificate_IsPresent(pThis), VERR_INVALID_PARAMETER);
119
120 /*
121 * Assemble parameters for the generic verification call.
122 */
123 PCRTCRX509TBSCERTIFICATE const pTbsCert = &pThis->TbsCertificate;
124 PCRTASN1DYNTYPE pParameters = NULL;
125 if ( RTASN1CORE_IS_PRESENT(&pTbsCert->SubjectPublicKeyInfo.Algorithm.Parameters.u.Core)
126 && pTbsCert->SubjectPublicKeyInfo.Algorithm.Parameters.enmType != RTASN1TYPE_NULL)
127 pParameters = &pTbsCert->SubjectPublicKeyInfo.Algorithm.Parameters;
128 return RTCrX509Certificate_VerifySignature(pThis, &pTbsCert->SubjectPublicKeyInfo.Algorithm.Algorithm, pParameters,
129 &pTbsCert->SubjectPublicKeyInfo.SubjectPublicKey, pErrInfo);
130}
131
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette