Changeset 59663 in vbox

Timestamp:

Feb 14, 2016 8:11:06 PM (9 years ago)

Author:

vboxsync

Message:

IPRT: Added RTCrX509Certificate_VerifySignatureSelfSigned and RTAsn1EncodeToBuffer, corrected the name of RTAsn1EncodeWriteHeader (was RTAsnEncodeWriteHeader).

Location:

trunk

Files:

• include/iprt/asn1.h (modified) (2 diffs)
• include/iprt/crypto/x509.h (modified) (1 diff)
• include/iprt/mangling.h (modified) (2 diffs)
• src/VBox/Runtime/common/asn1/asn1-encode.cpp (modified) (5 diffs)
• src/VBox/Runtime/common/asn1/asn1-ut-bitstring.cpp (modified) (1 diff)
• src/VBox/Runtime/common/asn1/asn1-ut-octetstring.cpp (modified) (1 diff)
• src/VBox/Runtime/common/crypto/x509-verify.cpp (modified) (2 diffs)

trunk/include/iprt/asn1.h

@@ -1467 +1467 @@
  *                              Optional.
  */
-RTDECL(int) RTAsnEncodeWriteHeader(PCRTASN1CORE pAsn1Core, uint32_t fFlags, FNRTASN1ENCODEWRITER pfnWriter, void *pvUser,
-                                   PRTERRINFO pErrInfo);
-
-/**
- * Prepares the ASN.1 structure for encoding.
- *
- * The preparations is mainly calculating accurate object size, but may also
- * involve operations like recoding internal UTF-8 strings to the actual ASN.1
- * format and other things that may require memory to allocated/reallocated.
+RTDECL(int) RTAsn1EncodeWriteHeader(PCRTASN1CORE pAsn1Core, uint32_t fFlags, FNRTASN1ENCODEWRITER pfnWriter, void *pvUser,
+                                    PRTERRINFO pErrInfo);
+
+/**
+ * Encodes and writes an ASN.1 object.
  *
  * @returns IPRT status code
@@ -1488 +1484 @@
 RTDECL(int) RTAsn1EncodeWrite(PCRTASN1CORE pRoot, uint32_t fFlags, FNRTASN1ENCODEWRITER pfnWriter, void *pvUser,
                               PRTERRINFO pErrInfo);
+
+/**
+ * Encodes and writes an ASN.1 object into a caller allocated memory buffer.
+ *
+ * @returns IPRT status code
+ * @param   pRoot               The root of the ASN.1 object tree to encode.
+ * @param   fFlags              Valid combination of the RTASN1ENCODE_F_XXX
+ *                              flags.  Must include the encoding type.
+ * @param   pvBuf               The output buffer.
+ * @param   cbBuf               The buffer size.  This should have the size
+ *                              returned by RTAsn1EncodePrepare().
+ * @param   pErrInfo            Where to store extended error information.
+ *                              Optional.
+ */
+RTDECL(int) RTAsn1EncodeToBuffer(PCRTASN1CORE pRoot, uint32_t fFlags, void *pvBuf, size_t cbBuf, PRTERRINFO pErrInfo);
 
 /** @} */

trunk/include/iprt/crypto/x509.h

@@ -960 +960 @@
                                                 PCRTASN1DYNTYPE pParameters, PCRTASN1BITSTRING pPublicKey,
                                                 PRTERRINFO pErrInfo);
+RTDECL(int) RTCrX509Certificate_VerifySignatureSelfSigned(PCRTCRX509CERTIFICATE pThis, PRTERRINFO pErrInfo);
 RTDECL(int) RTCrX509Certificate_ReadFromFile(PRTCRX509CERTIFICATE pCertificate, const char *pszFilename, uint32_t fFlags,
                                              PCRTASN1ALLOCATORVTABLE pAllocator, PRTERRINFO pErrInfo);

trunk/include/iprt/mangling.h

@@ -2380 +2380 @@
 # define RTAsn1EncodePrepare                            RT_MANGLER(RTAsn1EncodePrepare)
 # define RTAsn1EncodeRecalcHdrSize                      RT_MANGLER(RTAsn1EncodeRecalcHdrSize)
+# define RTAsn1EncodeToBuffer                           RT_MANGLER(RTAsn1EncodeToBuffer)
 # define RTAsn1EncodeWrite                              RT_MANGLER(RTAsn1EncodeWrite)
-# define RTAsnEncodeWriteHeader                         RT_MANGLER(RTAsnEncodeWriteHeader)
+# define RTAsn1EncodeWriteHeader                        RT_MANGLER(RTAsn1EncodeWriteHeader)
 # define RTAsn1BitString_CheckSanity                    RT_MANGLER(RTAsn1BitString_CheckSanity)
 # define RTAsn1BitString_Clone                          RT_MANGLER(RTAsn1BitString_Clone)
@@ -3152 +3153 @@
 # define RTCrX509Validity_CheckSanity                   RT_MANGLER(RTCrX509Validity_CheckSanity)
 # define RTCrX509Certificate_VerifySignature            RT_MANGLER(RTCrX509Certificate_VerifySignature)
+# define RTCrX509Certificate_VerifySignatureSelfSigned  RT_MANGLER(RTCrX509Certificate_VerifySignatureSelfSigned)
 # define RTCrTafCertPathControls_DecodeAsn1             RT_MANGLER(RTCrTafCertPathControls_DecodeAsn1)
 # define RTCrTafTrustAnchorChoice_DecodeAsn1            RT_MANGLER(RTCrTafTrustAnchorChoice_DecodeAsn1)

trunk/src/VBox/Runtime/common/asn1/asn1-encode.cpp

@@ -36 +36 @@
 #include <iprt/ctype.h>
 #include <iprt/err.h>
+#include <iprt/string.h>
 
 #include <iprt/formats/asn1.h>
@@ -72 +73 @@
 } RTASN1ENCODEWRITEARGS;
 
+/**
+ * Argument package for rtAsn1EncodeToBufferCallback passed by
+ * RTAsn1EncodeToBuffer.
+ */
+typedef struct RTASN1ENCODETOBUFARGS
+{
+    /** The destination buffer position (incremented while writing). */
+    uint8_t                *pbDst;
+    /** The size of the destination buffer left (decremented while writing). */
+    size_t                  cbDst;
+} RTASN1ENCODETOBUFARGS;
+
 
 RTDECL(int) RTAsn1EncodeRecalcHdrSize(PRTASN1CORE pAsn1Core, uint32_t fFlags, PRTERRINFO pErrInfo)
@@ -234 +247 @@
 
 
-RTDECL(int) RTAsnEncodeWriteHeader(PCRTASN1CORE pAsn1Core, uint32_t fFlags, FNRTASN1ENCODEWRITER pfnWriter, void *pvUser,
-                                   PRTERRINFO pErrInfo)
+RTDECL(int) RTAsn1EncodeWriteHeader(PCRTASN1CORE pAsn1Core, uint32_t fFlags, FNRTASN1ENCODEWRITER pfnWriter, void *pvUser,
+                                    PRTERRINFO pErrInfo)
 {
     AssertReturn((fFlags & RTASN1ENCODE_F_RULE_MASK) == RTASN1ENCODE_F_DER, VERR_INVALID_FLAGS);
@@ -377 +390 @@
              * Generic path. Start by writing the header for this object.
              */
-            rc = RTAsnEncodeWriteHeader(pAsn1Core, pArgs->fFlags, pArgs->pfnWriter, pArgs->pvUser, pArgs->pErrInfo);
+            rc = RTAsn1EncodeWriteHeader(pAsn1Core, pArgs->fFlags, pArgs->pfnWriter, pArgs->pvUser, pArgs->pErrInfo);
             if (RT_SUCCESS(rc))
             {
@@ -426 +439 @@
 }
 
+
+static DECLCALLBACK(int) rtAsn1EncodeToBufferCallback(const void *pvBuf, size_t cbToWrite, void *pvUser, PRTERRINFO pErrInfo)
+{
+    RTASN1ENCODETOBUFARGS *pArgs = (RTASN1ENCODETOBUFARGS *)pvUser;
+    if (RT_LIKELY(pArgs->cbDst >= cbToWrite))
+    {
+        memcpy(pArgs->pbDst, pvBuf, cbToWrite);
+        pArgs->cbDst -= cbToWrite;
+        pArgs->pbDst += cbToWrite;
+        return VINF_SUCCESS;
+    }
+
+    /*
+     * Overflow.
+     */
+    if (pArgs->cbDst)
+    {
+        memcpy(pArgs->pbDst, pvBuf, pArgs->cbDst);
+        pArgs->pbDst -= pArgs->cbDst;
+        pArgs->cbDst  = 0;
+    }
+    return VERR_BUFFER_OVERFLOW;
+}
+
+
+RTDECL(int) RTAsn1EncodeToBuffer(PCRTASN1CORE pRoot, uint32_t fFlags, void *pvBuf, size_t cbBuf, PRTERRINFO pErrInfo)
+{
+    RTASN1ENCODETOBUFARGS Args;
+    Args.pbDst = (uint8_t *)pvBuf;
+    Args.cbDst = cbBuf;
+    return RTAsn1EncodeWrite(pRoot, fFlags, rtAsn1EncodeToBufferCallback, &Args, pErrInfo);
+}
+

trunk/src/VBox/Runtime/common/asn1/asn1-ut-bitstring.cpp

@@ -272 +272 @@
      * First the header.
      */
-    int rc = RTAsnEncodeWriteHeader(&pThis->Asn1Core, fFlags, pfnWriter, pvUser, pErrInfo);
+    int rc = RTAsn1EncodeWriteHeader(&pThis->Asn1Core, fFlags, pfnWriter, pvUser, pErrInfo);
     if (RT_SUCCESS(rc) && rc != VINF_ASN1_NOT_ENCODED)
     {

trunk/src/VBox/Runtime/common/asn1/asn1-ut-octetstring.cpp

@@ -210 +210 @@
      * First the header.
      */
-    int rc = RTAsnEncodeWriteHeader(&pThis->Asn1Core, fFlags, pfnWriter, pvUser, pErrInfo);
+    int rc = RTAsn1EncodeWriteHeader(&pThis->Asn1Core, fFlags, pfnWriter, pvUser, pErrInfo);
     if (RT_SUCCESS(rc) && rc != VINF_ASN1_NOT_ENCODED)
     {

trunk/src/VBox/Runtime/common/crypto/x509-verify.cpp

@@ -34 +34 @@
 
 #include <iprt/err.h>
+#include <iprt/mem.h>
 #include <iprt/string.h>
 
@@ -76 +77 @@
     /*
      * Here we should recode the to-be-signed part as DER, but we'll ASSUME
-     * that it's already in DER encoding.  This is safe.
+     * that it's already in DER encoding and only does this if there the
+     * encoded bits are missing.
      */
-    return RTCrPkixPubKeyVerifySignature(&pThis->SignatureAlgorithm.Algorithm, pParameters, pPublicKey, &pThis->SignatureValue,
-                                         RTASN1CORE_GET_RAW_ASN1_PTR(&pThis->TbsCertificate.SeqCore.Asn1Core),
-                                         RTASN1CORE_GET_RAW_ASN1_SIZE(&pThis->TbsCertificate.SeqCore.Asn1Core),
-                                         pErrInfo);
+    if (   pThis->TbsCertificate.SeqCore.Asn1Core.uData.pu8
+        && pThis->TbsCertificate.SeqCore.Asn1Core.cb > 0)
+        return RTCrPkixPubKeyVerifySignature(&pThis->SignatureAlgorithm.Algorithm, pParameters, pPublicKey, &pThis->SignatureValue,
+                                             RTASN1CORE_GET_RAW_ASN1_PTR(&pThis->TbsCertificate.SeqCore.Asn1Core),
+                                             RTASN1CORE_GET_RAW_ASN1_SIZE(&pThis->TbsCertificate.SeqCore.Asn1Core),
+                                             pErrInfo);
+
+    uint32_t cbEncoded;
+    int rc = RTAsn1EncodePrepare((PRTASN1CORE)&pThis->TbsCertificate.SeqCore.Asn1Core, RTASN1ENCODE_F_DER, &cbEncoded, pErrInfo);
+    if (RT_SUCCESS(rc))
+    {
+        void *pvTbsBits = RTMemTmpAlloc(cbEncoded);
+        if (pvTbsBits)
+        {
+            rc = RTAsn1EncodeToBuffer(&pThis->TbsCertificate.SeqCore.Asn1Core, RTASN1ENCODE_F_DER,
+                                      pvTbsBits, cbEncoded, pErrInfo);
+            if (RT_SUCCESS(rc))
+                rc = RTCrPkixPubKeyVerifySignature(&pThis->SignatureAlgorithm.Algorithm, pParameters, pPublicKey,
+                                                   &pThis->SignatureValue, pvTbsBits, cbEncoded, pErrInfo);
+            else
+                AssertRC(rc);
+            RTMemTmpFree(pvTbsBits);
+        }
+        else
+            rc = VERR_NO_TMP_MEMORY;
+    }
+    return rc;
 }
 
+
+RTDECL(int) RTCrX509Certificate_VerifySignatureSelfSigned(PCRTCRX509CERTIFICATE pThis, PRTERRINFO pErrInfo)
+{
+    /*
+     * Validate the input a little.
+     */
+    AssertPtrReturn(pThis, VERR_INVALID_POINTER);
+    AssertReturn(RTCrX509Certificate_IsPresent(pThis), VERR_INVALID_PARAMETER);
+
+    /*
+     * Assemble parameters for the generic verification call.
+     */
+    PCRTCRX509TBSCERTIFICATE const pTbsCert    = &pThis->TbsCertificate;
+    PCRTASN1DYNTYPE                pParameters = NULL;
+    if (   RTASN1CORE_IS_PRESENT(&pTbsCert->SubjectPublicKeyInfo.Algorithm.Parameters.u.Core)
+        && pTbsCert->SubjectPublicKeyInfo.Algorithm.Parameters.enmType != RTASN1TYPE_NULL)
+        pParameters = &pTbsCert->SubjectPublicKeyInfo.Algorithm.Parameters;
+    return RTCrX509Certificate_VerifySignature(pThis, &pTbsCert->SubjectPublicKeyInfo.Algorithm.Algorithm, pParameters,
+                                               &pTbsCert->SubjectPublicKeyInfo.SubjectPublicKey, pErrInfo);
+}
+