VirtualBox

Ignore:
Timestamp:
May 18, 2020 1:37:00 PM (5 years ago)
Author:
vboxsync
Message:

IPRT: Adding some new flags to the PKCS#7/CMS verification routines. bugref:9699

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/include/iprt/crypto/pkcs7.h

    r84310 r84330  
    527527 *                              certificates chains at.  Ignored for signatures
    528528 *                              with valid signing time attributes.
     529 *                              When RTCRPKCS7VERIFY_SD_F_UPDATE_VALIDATION_TIME
     530 *                              is set, this is updated to the actual validation
     531 *                              time used.
    529532 * @param   pfnVerifyCert       Callback for checking that a certificate used
    530533 *                              for signing the data is suitable.
     
    554557 *                              certificates chains at.  Ignored for signatures
    555558 *                              with valid signing time attributes.
     559 *                              When RTCRPKCS7VERIFY_SD_F_UPDATE_VALIDATION_TIME
     560 *                              is set, this is updated to the actual validation
     561 *                              time used.
    556562 * @param   pfnVerifyCert       Callback for checking that a certificate used
    557563 *                              for signing the data is suitable.
     
    597603 * certificates to be trustworthy. */
    598604#define RTCRPKCS7VERIFY_SD_F_TRUST_ALL_CERTS                        RT_BIT_32(7)
     605/** Update @a pValidationTime with the actual validation time used.
     606 * This requires RTCRPKCS7VERIFY_SD_F_HAS_SIGNER_INDEX to get a consistent
     607 * result.  And yeah, it unconst the parameter, which is patently ugly. */
     608#define RTCRPKCS7VERIFY_SD_F_UPDATE_VALIDATION_TIME                 RT_BIT_32(8)
     609
     610/** This can be used to only verify one given signer info.
     611 * Max index value is 15.  */
     612#define RTCRPKCS7VERIFY_SD_F_SIGNER_INDEX(a_idxSignerInfo) \
     613    (  RTCRPKCS7VERIFY_SD_F_HAS_SIGNER_INDEX \
     614     | (((a_idxSignerInfo) & RTCRPKCS7VERIFY_SD_F_SIGNER_INDEX_MAX) << RTCRPKCS7VERIFY_SD_F_SIGNER_INDEX_SHIFT) )
     615/** Has a valid value in RTCRPKCS7VERIFY_SD_F_SIGNER_INDEX_MASK. */
     616#define RTCRPKCS7VERIFY_SD_F_HAS_SIGNER_INDEX                       RT_BIT_32(23)
     617/** Signer index shift value. */
     618#define RTCRPKCS7VERIFY_SD_F_SIGNER_INDEX_SHIFT                     24
     619/** Signer index mask. */
     620#define RTCRPKCS7VERIFY_SD_F_SIGNER_INDEX_MASK                      UINT32_C(0x0f000000)
     621/** Max signer index value (inclusive). */
     622#define RTCRPKCS7VERIFY_SD_F_SIGNER_INDEX_MAX \
     623    (RTCRPKCS7VERIFY_SD_F_SIGNER_INDEX_MASK >> RTCRPKCS7VERIFY_SD_F_SIGNER_INDEX_SHIFT)
    599624
    600625/** Indicates internally that we're validating a counter signature and should
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette