Changeset 57572 in vbox for trunk/include/iprt

Timestamp:

Aug 28, 2015 1:31:29 AM (9 years ago)

Author:

vboxsync

Message:

IPRT: Started on accessing system certificate stores to get SSL roots for cURL.

Location:

trunk/include/iprt

Files:

• cdefs.h (modified) (1 diff)
• crypto/pem.h (modified) (2 diffs)
• crypto/store.h (modified) (3 diffs)
• crypto/x509.h (modified) (1 diff)
• mangling.h (modified) (9 diffs)
• path.h (modified) (1 diff)
• sha.h (modified) (5 diffs)
• types.h (modified) (1 diff)

trunk/include/iprt/cdefs.h

@@ -1452 +1452 @@
  *
  * @param   a_szConst   String constant.
+ * @sa      RTSTRTUPLE
  */
 #define RT_STR_TUPLE(a_szConst)  a_szConst, (sizeof(a_szConst) - 1)

trunk/include/iprt/crypto/pem.h

@@ -117 +117 @@
  * @returns IPRT status code.
  * @param   pszFilename     The path to the file to read.
- * @param   fFlags          Flags reserved for future hacks.
+ * @param   fFlags          RTCRPEMREADFILE_F_XXX.
  * @param   paMarkers       Array of one or more section markers to look for.
  * @param   cMarkers        Number of markers in the array.
@@ -125 +125 @@
 RTDECL(int) RTCrPemReadFile(const char *pszFilename, uint32_t fFlags, PCRTCRPEMMARKER paMarkers, size_t cMarkers,
                             PCRTCRPEMSECTION *ppSectionHead, PRTERRINFO pErrInfo);
+/** @name RTCRPEMREADFILE_F_XXX - Flags for RTCrPemReadFile
+ * @{ */
+/** Continue on encoding error. */
+#define RTCRPEMREADFILE_F_CONTINUE_ON_ENCODING_ERROR    RT_BIT(0)
+/** @} */
 
 /** @} */

trunk/include/iprt/crypto/store.h

@@ -58 +58 @@
 
 
+/**
+ * Standard store identifiers.
+ *
+ * This is a least common denominator approach to system specific certificate
+ * stores, could be extended to include things other than certificates later if
+ * we need it.
+ *
+ * Windows has lots of different stores, they'll be combined by the
+ * implementation, possibly leading to duplicates.  The user stores on Windows
+ * seems to be unioned with the system (machine) stores.
+ *
+ * Linux may have different stores depending on the distro/version/installation,
+ * in which case we'll combine them, which will most likely lead to
+ * duplicates just like on windows.  Haven't found any easily accessible
+ * per-user certificate stores on linux yet, so they'll all be empty.
+ *
+ * Mac OS X seems a lot simpler, at least from the GUI point of view.  Each
+ * keychains as a "Certificates" folder (the "My Certificates" folder seems to
+ * only be a matching of "Keys" and "Certificates"). However, there are two
+ * system keychains that we need to combine, "System" and "System Roots".  As
+ * with Windows and Linux, there is a possibility for duplicates here.
+ *
+ * On solaris we have currently no idea where to look for a certificate store,
+ * so that doesn't yet work.
+ *
+ * Because of the OS X setup, we do not provide any purpose specific
+ */
+typedef enum RTCRSTOREID
+{
+    /** Mandatory invalid zero value. */
+    RTCRSTOREID_INVALID = 0,
+    /** Open the certificate store of the current user containing trusted
+     * CAs and certificates.
+     * @remarks This may or may not include all the certificates in the system
+     *          store, that's host dependent.  So, you better look in both. */
+    RTCRSTOREID_USER_TRUSTED_CAS_AND_CERTIFICATES,
+    /** Open the certificate store of the system containg trusted CAs
+     * and certificates. */
+    RTCRSTOREID_SYSTEM_TRUSTED_CAS_AND_CERTIFICATES,
+    /** End of valid values. */
+    RTCRSTOREID_END,
+    /** Traditional enum type compression prevention hack. */
+    RTCRSTOREID_32BIT_HACK = 0x7fffffff
+} RTCRSTOREID;
+
+/**
+ * Creates a snapshot of a standard store.
+ *
+ * This will return an in-memory store containing all data from the given store.
+ * There will be no duplicates in this one.
+ *
+ * @returns IPRT status code.
+ * @retval  VWRN_ALREADY_EXISTS if the certificate is already present and
+ *          RTCRCERTCTX_F_ADD_IF_NOT_FOUND was specified.
+ * @param   phStore             Where to return the store handle. Use
+ *                              RTCrStoreRelease to release it.
+ * @param   enmStoreId          The store to snapshot.
+ * @param   pErrInfo            Where to return additional error/warning info.
+ *                              Optional.
+ */
+RTDECL(int) RTCrStoreCreateSnapshotById(PRTCRSTORE phStore, RTCRSTOREID enmStoreId, PRTERRINFO pErrInfo);
+
 RTDECL(int) RTCrStoreCreateInMem(PRTCRSTORE phStore, uint32_t cSizeHint);
 
@@ -63 +125 @@
 RTDECL(uint32_t) RTCrStoreRelease(RTCRSTORE hStore);
 RTDECL(PCRTCRCERTCTX) RTCrStoreCertByIssuerAndSerialNo(RTCRSTORE hStore, PCRTCRX509NAME pIssuer, PCRTASN1INTEGER pSerialNo);
+
+/**
+ * Add a certificate to the store.
+ *
+ * @returns IPRT status code.
+ * @retval  VWRN_ALREADY_EXISTS if the certificate is already present and
+ *          RTCRCERTCTX_F_ADD_IF_NOT_FOUND was specified.
+ * @retval  VERR_WRITE_PROTECT if the store doesn't support adding.
+ * @param   hStore              The store to add the certificate to.
+ * @param   fFlags              RTCRCERTCTX_F_XXX. Encoding must be specified.
+ *                              RTCRCERTCTX_F_ADD_IF_NOT_FOUND is supported.
+ * @param   pvSrc               The encoded certificate bytes.
+ * @param   cbSrc               The size of the encoded certificate.
+ * @param   pErrInfo            Where to return additional error/warning info.
+ *                              Optional.
+ */
 RTDECL(int) RTCrStoreCertAddEncoded(RTCRSTORE hStore, uint32_t fFlags, void const *pvSrc, size_t cbSrc, PRTERRINFO pErrInfo);
+
+/**
+ * Adds certificates from the specified file.
+ *
+ * @returns IPRT status code.  Even when RTCRCERTCTX_F_ADD_CONTINUE_ON_ERROR is
+ *          used, an error is returned as an error (and not a warning).
+ *
+ * @param   hStore              The store to add the certificate(s) to.
+ * @param   fFlags              RTCRCERTCTX_F_ADD_IF_NOT_FOUND and/or
+ *                              RTCRCERTCTX_F_ADD_CONTINUE_ON_ERROR.
+ * @param   pszFilename         The filename.
+ * @param   pErrInfo            Where to return additional error/warning info.
+ *                              Optional.
+ */
 RTDECL(int) RTCrStoreCertAddFromFile(RTCRSTORE hStore, uint32_t fFlags, const char *pszFilename, PRTERRINFO pErrInfo);
+
+/**
+ * Adds certificates from files in the specified directory.
+ *
+ * @returns IPRT status code.  Even when RTCRCERTCTX_F_ADD_CONTINUE_ON_ERROR is
+ *          used, an error is returned as an error (and not a warning).
+ *
+ * @param   hStore              The store to add the certificate(s) to.
+ * @param   fFlags              RTCRCERTCTX_F_ADD_IF_NOT_FOUND and/or
+ *                              RTCRCERTCTX_F_ADD_CONTINUE_ON_ERROR.
+ * @param   pszDir              The path to the directory.
+ * @param   paSuffixes          List of suffixes of files to process.
+ * @param   cSuffixes           Number of suffixes.  If this is 0, all files are
+ *                              processed.
+ * @param   pErrInfo            Where to return additional error/warning info.
+ *                              Optional.
+ */
+RTDECL(int) RTCrStoreCertAddFromDir(RTCRSTORE hStore, uint32_t fFlags, const char *pszDir,
+                                    PCRTSTRTUPLE paSuffixes, size_t cSuffixes, PRTERRINFO pErrInfo);
+
+/**
+ * Adds all certificates from @a hStoreSrc into @a hStore.
+ *
+ * @returns IPRT status code.  Even when RTCRCERTCTX_F_ADD_CONTINUE_ON_ERROR is
+ *          used, an error is returned as an error (and not a warning).
+ *
+ * @param   hStore              The destination store.
+ * @param   fFlags              RTCRCERTCTX_F_ADD_IF_NOT_FOUND and/or
+ *                              RTCRCERTCTX_F_ADD_CONTINUE_ON_ERROR.
+ * @param   hStoreSrc           The source store.
+ */
+RTDECL(int) RTCrStoreCertAddFromStore(RTCRSTORE hStore, uint32_t fFlags, RTCRSTORE hStoreSrc);
+
+/**
+ * Exports the certificates in the store to a PEM file
+ *
+ * @returns IPRT status code.
+ * @param   hStore              The store which certificates should be exported.
+ * @param   fFlags              Reserved for the future, MBZ.
+ * @param   pszFilename         The name of the destination PEM file.  This will
+ *                              be truncated.
+ */
+RTDECL(int) RTCrStoreCertExportAsPem(RTCRSTORE hStore, uint32_t fFlags, const char *pszFilename);
 
 RTDECL(int) RTCrStoreCertFindAll(RTCRSTORE hStore, PRTCRSTORECERTSEARCH pSearch);
@@ -119 +254 @@
 #define RTCRCERTCTX_F_ENC_PKCS6_DER    UINT32_C(0x00000002)
 #endif
+/** Mask containing the flags that ends up in the certificate context. */
+#define RTCRCERTCTX_F_MASK             UINT32_C(0x000000ff)
+
+/** Add APIs: Add the certificate if not found. */
+#define RTCRCERTCTX_F_ADD_IF_NOT_FOUND          UINT32_C(0x00010000)
+/** Add APIs: Continue on error when possible. */
+#define RTCRCERTCTX_F_ADD_CONTINUE_ON_ERROR     UINT32_C(0x00020000)
 /** @} */
 

trunk/include/iprt/crypto/x509.h

@@ -165 +165 @@
 
 /**
- * Matches the directory name against a comma separated list of the comonent
+ * Matches the directory name against a comma separated list of the component
  * strings (case sensitive).
  *

trunk/include/iprt/mangling.h

@@ -1050 +1050 @@
 # define RTPathCopyComponents                           RT_MANGLER(RTPathCopyComponents)
 # define RTPathCountComponents                          RT_MANGLER(RTPathCountComponents)
+# define RTPathEnsureTrailingSeparator                  RT_MANGLER(RTPathEnsureTrailingSeparator)
 # define RTPathExecDir                                  RT_MANGLER(RTPathExecDir)
 # define RTPathExists                                   RT_MANGLER(RTPathExists)
@@ -1344 +1345 @@
 # define RTSgBufGetNextSegment                          RT_MANGLER(RTSgBufGetNextSegment)
 # define RTSha1                                         RT_MANGLER(RTSha1)
+# define RTSha1Check                                    RT_MANGLER(RTSha1Check)
 # define RTSha1Digest                                   RT_MANGLER(RTSha1Digest)
 # define RTSha1DigestFromFile                           RT_MANGLER(RTSha1DigestFromFile)
@@ -1352 +1354 @@
 # define RTSha1Update                                   RT_MANGLER(RTSha1Update)
 # define RTSha224                                       RT_MANGLER(RTSha224)
+# define RTSha224Check                                  RT_MANGLER(RTSha224Check)
 # define RTSha224Final                                  RT_MANGLER(RTSha224Final)
 # define RTSha224FromString                             RT_MANGLER(RTSha224FromString)
@@ -1360 +1363 @@
 # define RTSha224DigestFromFile                         RT_MANGLER(RTSha224DigestFromFile)
 # define RTSha256                                       RT_MANGLER(RTSha256)
+# define RTSha256Check                                  RT_MANGLER(RTSha256Check)
 # define RTSha256Final                                  RT_MANGLER(RTSha256Final)
 # define RTSha256FromString                             RT_MANGLER(RTSha256FromString)
@@ -1368 +1372 @@
 # define RTSha256DigestFromFile                         RT_MANGLER(RTSha256DigestFromFile)
 # define RTSha384                                       RT_MANGLER(RTSha384)
+# define RTSha384Check                                  RT_MANGLER(RTSha384Check)
 # define RTSha384Final                                  RT_MANGLER(RTSha384Final)
 # define RTSha384FromString                             RT_MANGLER(RTSha384FromString)
@@ -1374 +1379 @@
 # define RTSha384Update                                 RT_MANGLER(RTSha384Update)
 # define RTSha512                                       RT_MANGLER(RTSha512)
+# define RTSha512Check                                  RT_MANGLER(RTSha512Check)
 # define RTSha512Final                                  RT_MANGLER(RTSha512Final)
 # define RTSha512FromString                             RT_MANGLER(RTSha512FromString)
@@ -1380 +1386 @@
 # define RTSha512Update                                 RT_MANGLER(RTSha512Update)
 # define RTSha512t224                                   RT_MANGLER(RTSha512t224)
+# define RTSha512t224Check                              RT_MANGLER(RTSha512t224Check)
 # define RTSha512t224Final                              RT_MANGLER(RTSha512t224Final)
 # define RTSha512t224FromString                         RT_MANGLER(RTSha512t224FromString)
@@ -1386 +1393 @@
 # define RTSha512t224Update                             RT_MANGLER(RTSha512t224Update)
 # define RTSha512t256                                   RT_MANGLER(RTSha512t256)
+# define RTSha512t256Check                              RT_MANGLER(RTSha512t256Check)
 # define RTSha512t256Final                              RT_MANGLER(RTSha512t256Final)
 # define RTSha512t256FromString                         RT_MANGLER(RTSha512t256FromString)
@@ -2892 +2900 @@
 # define RTCrStoreRetain                                RT_MANGLER(RTCrStoreRetain)
 # define RTCrStoreCreateInMem                           RT_MANGLER(RTCrStoreCreateInMem)
+# define RTCrStoreCreateSnapshotById                    RT_MANGLER(RTCrStoreCreateSnapshotById)
 # define RTCrStoreCertAddFromFile                       RT_MANGLER(RTCrStoreCertAddFromFile)
+# define RTCrStoreCertAddFromDir                        RT_MANGLER(RTCrStoreCertAddFromDir)
+# define RTCrStoreCertAddFromStore                      RT_MANGLER(RTCrStoreCertAddFromStore)
+# define RTCrStoreCertExportAsPem                       RT_MANGLER(RTCrStoreCertExportAsPem)
 # define RTErrInfoAdd                                   RT_MANGLER(RTErrInfoAdd)
 # define RTErrInfoAddF                                  RT_MANGLER(RTErrInfoAddF)

trunk/include/iprt/path.h

@@ -357 +357 @@
  */
 RTDECL(size_t) RTPathStripTrailingSlash(char *pszPath);
+
+/**
+ * Ensures that the path has a trailing path separator such that file names can
+ * be appended without further work.
+ *
+ * This can be helpful when preparing for efficiently combining a directory path
+ * with the filenames returned by RTDirRead.  The return value gives you the
+ * position at which you copy the RTDIRENTRY::szName to construct a valid path
+ * to it.
+ *
+ * @returns The length of the path, 0 on buffer overflow.
+ * @param   pszPath     The path.
+ * @param   cbPath      The length of the path buffer @a pszPath points to.
+ */
+RTDECL(size_t) RTPathEnsureTrailingSeparator(char *pszPath, size_t cbPath);
 
 /**

trunk/include/iprt/sha.h

@@ -69 +69 @@
 
 /**
+ * Computes the SHA-1 hash for the given data comparing it with the one given.
+ *
+ * @returns true on match, false on mismatch.
+ * @param   pvBuf       Pointer to the data.
+ * @param   cbBuf       The amount of data (in bytes).
+ * @param   pabHash     The hash to verify. (What is passed is a pointer to the
+ *                      caller's buffer.)
+ */
+RTDECL(bool) RTSha1Check(const void *pvBuf, size_t cbBuf, uint8_t const pabDigest[RTSHA1_HASH_SIZE]);
+
+/**
  * Initializes the SHA-1 context.
  *
@@ -177 +188 @@
 
 /**
+ * Computes the SHA-256 hash for the given data comparing it with the one given.
+ *
+ * @returns true on match, false on mismatch.
+ * @param   pvBuf       Pointer to the data.
+ * @param   cbBuf       The amount of data (in bytes).
+ * @param   pabHash     The hash to verify. (What is passed is a pointer to the
+ *                      caller's buffer.)
+ */
+RTDECL(bool) RTSha256Check(const void *pvBuf, size_t cbBuf, uint8_t const pabDigest[RTSHA256_HASH_SIZE]);
+
+/**
  * Initializes the SHA-256 context.
  *
@@ -275 +297 @@
 
 /**
+ * Computes the SHA-224 hash for the given data comparing it with the one given.
+ *
+ * @returns true on match, false on mismatch.
+ * @param   pvBuf       Pointer to the data.
+ * @param   cbBuf       The amount of data (in bytes).
+ * @param   pabHash     The hash to verify. (What is passed is a pointer to the
+ *                      caller's buffer.)
+ */
+RTDECL(bool) RTSha224Check(const void *pvBuf, size_t cbBuf, uint8_t const pabDigest[RTSHA224_HASH_SIZE]);
+
+/**
  * Initializes the SHA-224 context.
  *
@@ -383 +416 @@
 
 /**
+ * Computes the SHA-512 hash for the given data comparing it with the one given.
+ *
+ * @returns true on match, false on mismatch.
+ * @param   pvBuf       Pointer to the data.
+ * @param   cbBuf       The amount of data (in bytes).
+ * @param   pabHash     The hash to verify. (What is passed is a pointer to the
+ *                      caller's buffer.)
+ */
+RTDECL(bool) RTSha512Check(const void *pvBuf, size_t cbBuf, uint8_t const pabDigest[RTSHA512_HASH_SIZE]);
+
+/**
  * Initializes the SHA-512 context.
  *
@@ -438 +482 @@
     typedef RTSHA512CONTEXT *RT_CONCAT3(PRTSHA,a_UName,CONTEXT); \
     RTDECL(void) RT_CONCAT(RTSha,a_Name)(const void *pvBuf, size_t cbBuf, uint8_t pabDigest[RT_CONCAT3(RTSHA,a_UName,_HASH_SIZE)]); \
+    RTDECL(bool) RT_CONCAT3(RTSha,a_Name,Check)(const void *pvBuf, size_t cbBuf, uint8_t const pabDigest[RT_CONCAT3(RTSHA,a_UName,_HASH_SIZE)]); \
     RTDECL(void) RT_CONCAT3(RTSha,a_Name,Init)(RT_CONCAT3(PRTSHA,a_UName,CONTEXT) pCtx); \
     RTDECL(void) RT_CONCAT3(RTSha,a_Name,Update)(RT_CONCAT3(PRTSHA,a_UName,CONTEXT) pCtx, const void *pvBuf, size_t cbBuf); \

trunk/include/iprt/types.h

@@ -2176 +2176 @@
 
 /**
+ * String tuple to go with the RT_STR_TUPLE macro.
+ */
+typedef struct RTSTRTUPLE
+{
+    /** The string. */
+    const char *psz;
+    /** The string length. */
+    size_t      cch;
+} RTSTRTUPLE;
+/** Pointer to a string tuple. */
+typedef RTSTRTUPLE *PRTSTRTUPLE;
+/** Pointer to a const string tuple. */
+typedef RTSTRTUPLE const *PCRTSTRTUPLE;
+
+/**
  * Wait for ever if we have to.
  */