Changeset 95631 in vbox for trunk/src/VBox/Runtime/tools
- Timestamp:
- Jul 13, 2022 10:53:13 PM (3 years ago)
- svn:sync-xref-src-repo-rev:
- 152273
- File:
-
- 1 edited
-
trunk/src/VBox/Runtime/tools/RTSignTool.cpp (modified) (20 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/Runtime/tools/RTSignTool.cpp
r95626 r95631 963 963 #ifndef IPRT_IN_BUILD_TOOL 964 964 965 static PRTCRPKCS7ATTRIBUTE SignToolPkcs7_AuthAttribAppend(PRTCRPKCS7ATTRIBUTES pAuthAttribs) 966 { 967 int32_t iPos = RTCrPkcs7Attributes_Append(pAuthAttribs); 968 if (iPos >= 0) 969 return pAuthAttribs->papItems[iPos]; 970 RTMsgError("RTCrPkcs7Attributes_Append failed: %Rrc", iPos); 971 return NULL; 972 } 973 965 974 static PRTCRPKCS7ATTRIBUTE SignToolPkcs7_AuthAttribAppend(PRTCRPKCS7ATTRIBUTES pAuthAttribs, const char *pszAttrId) 966 975 { … … 991 1000 * ^^- end 2016-10-05T07:50:30.000000000Z (161005075030Z) 992 1001 */ 993 PRTCRPKCS7ATTRIBUTE pAttr = SignToolPkcs7_AuthAttribAppend(pAuthAttribs , RTCR_PKCS9_ID_SIGNING_TIME_OID);1002 PRTCRPKCS7ATTRIBUTE pAttr = SignToolPkcs7_AuthAttribAppend(pAuthAttribs); 994 1003 if (!pAttr) 995 1004 return RTEXITCODE_FAILURE; 996 1005 997 /** @todo Generalize the Type + enmType DYN stuff and generate setters. */ 998 Assert(pAttr->enmType == RTCRPKCS7ATTRIBUTETYPE_NOT_PRESENT); 999 Assert(pAttr->uValues.pContentInfos == NULL); 1000 pAttr->enmType = RTCRPKCS7ATTRIBUTETYPE_SIGNING_TIME; 1001 int rc = RTAsn1MemAllocZ(&pAttr->Allocation, (void **)&pAttr->uValues.pSigningTime, sizeof(*pAttr->uValues.pSigningTime)); 1006 int rc = RTCrPkcs7Attribute_SetSigningTime(pAttr, NULL, pAuthAttribs->Allocation.pAllocator); 1002 1007 if (RT_FAILURE(rc)) 1003 return RTMsgErrorExitFailure("RTAsn1MemAllocZ failed: %Rrc", rc); 1004 1005 rc = RTAsn1SetOfTimes_Init(pAttr->uValues.pSigningTime, pAttr->Allocation.pAllocator); 1006 if (RT_FAILURE(rc)) 1007 return RTMsgErrorExitFailure("RTAsn1SetOfTimes_Init failed: %Rrc", rc); 1008 return RTMsgErrorExitFailure("RTCrPkcs7Attribute_SetSigningTime failed: %Rrc", rc); 1008 1009 1009 1010 /* Create the timestamp. */ … … 1021 1022 1022 1023 1023 static RTEXITCODE SignToolPkcs7_AuthAttribsAdd ObjIdSeqsEmpty(PRTCRPKCS7ATTRIBUTES pAuthAttribs, const char *pszAttrId)1024 { 1025 PRTCRPKCS7ATTRIBUTE pAttr = SignToolPkcs7_AuthAttribAppend(pAuthAttribs , pszAttrId);1024 static RTEXITCODE SignToolPkcs7_AuthAttribsAddSpcOpusInfo(PRTCRPKCS7ATTRIBUTES pAuthAttribs, void *pvInfo) 1025 { 1026 PRTCRPKCS7ATTRIBUTE pAttr = SignToolPkcs7_AuthAttribAppend(pAuthAttribs); 1026 1027 if (!pAttr) 1027 1028 return RTEXITCODE_FAILURE; 1028 1029 1029 /** @todo Generalize the Type + enmType DYN stuff and generate setters. */ 1030 Assert(pAttr->enmType == RTCRPKCS7ATTRIBUTETYPE_NOT_PRESENT); 1031 Assert(pAttr->uValues.pContentInfos == NULL); 1032 pAttr->enmType = RTCRPKCS7ATTRIBUTETYPE_MS_STATEMENT_TYPE; 1033 int rc = RTAsn1MemAllocZ(&pAttr->Allocation, (void **)&pAttr->uValues.pObjIdSeqs, sizeof(*pAttr->uValues.pObjIdSeqs)); 1030 int rc = RTCrPkcs7Attribute_SetMsStatementType(pAttr, NULL, pAuthAttribs->Allocation.pAllocator); 1034 1031 if (RT_FAILURE(rc)) 1035 return RTMsgErrorExitFailure("RTAsn1MemAllocZ failed: %Rrc", rc); 1036 1037 rc = RTAsn1SetOfObjIdSeqs_Init(pAttr->uValues.pObjIdSeqs, pAttr->Allocation.pAllocator); 1032 return RTMsgErrorExitFailure("RTCrPkcs7Attribute_SetMsStatementType failed: %Rrc", rc); 1033 1034 /* Override the ID. */ 1035 rc = RTAsn1ObjId_SetFromString(&pAttr->Type, RTCR_PKCS9_ID_MS_SP_OPUS_INFO, pAuthAttribs->Allocation.pAllocator); 1038 1036 if (RT_FAILURE(rc)) 1039 return RTMsgErrorExitFailure("RTAsn1SetOfObjIdSeqs_Init failed: %Rrc", rc); 1040 1037 return RTMsgErrorExitFailure("RTAsn1ObjId_SetFromString failed: %Rrc", rc); 1038 1039 /* Add attribute value entry. */ 1040 int32_t iPos = RTAsn1SetOfObjIdSeqs_Append(pAttr->uValues.pObjIdSeqs); 1041 if (iPos < 0) 1042 return RTMsgErrorExitFailure("RTAsn1SetOfObjIdSeqs_Append failed: %Rrc", iPos); 1043 1044 RT_NOREF(pvInfo); Assert(!pvInfo); 1041 1045 return RTEXITCODE_SUCCESS; 1042 1046 } 1043 1047 1044 1048 1045 static RTEXITCODE SignToolPkcs7_AuthAttribsAddObjIdSeqsValue(PRTCRPKCS7ATTRIBUTES pAuthAttribs, const char *pszAttrId, 1046 const char *pszValueId) 1047 { 1048 RTEXITCODE rcExit = SignToolPkcs7_AuthAttribsAddObjIdSeqsEmpty(pAuthAttribs, pszAttrId); 1049 if (rcExit != RTEXITCODE_SUCCESS) 1050 return rcExit; 1049 static RTEXITCODE SignToolPkcs7_AuthAttribsAddMsStatementType(PRTCRPKCS7ATTRIBUTES pAuthAttribs, const char *pszTypeId) 1050 { 1051 PRTCRPKCS7ATTRIBUTE pAttr = SignToolPkcs7_AuthAttribAppend(pAuthAttribs); 1052 if (!pAttr) 1053 return RTEXITCODE_FAILURE; 1054 1055 int rc = RTCrPkcs7Attribute_SetMsStatementType(pAttr, NULL, pAuthAttribs->Allocation.pAllocator); 1056 if (RT_FAILURE(rc)) 1057 return RTMsgErrorExitFailure("RTCrPkcs7Attribute_SetMsStatementType failed: %Rrc", rc); 1051 1058 1052 1059 /* Add attribute value entry. */ 1053 PRTCRPKCS7ATTRIBUTE pAttr = pAuthAttribs->papItems[pAuthAttribs->cItems - 1];1054 1060 int32_t iPos = RTAsn1SetOfObjIdSeqs_Append(pAttr->uValues.pObjIdSeqs); 1055 1061 if (iPos < 0) … … 1059 1065 /* Add a object id to the value. */ 1060 1066 RTASN1OBJID ObjIdValue; 1061 int rc = RTAsn1ObjId_InitFromString(&ObjIdValue, pszValueId, &g_RTAsn1DefaultAllocator);1067 rc = RTAsn1ObjId_InitFromString(&ObjIdValue, pszTypeId, &g_RTAsn1DefaultAllocator); 1062 1068 if (RT_FAILURE(rc)) 1063 return RTMsgErrorExitFailure("RTAsn1ObjId_InitFromString/%s failed: %Rrc", psz AttrId, rc);1069 return RTMsgErrorExitFailure("RTAsn1ObjId_InitFromString/%s failed: %Rrc", pszTypeId, rc); 1064 1070 1065 1071 rc = RTAsn1SeqOfObjIds_InsertEx(pSeqObjIds, 0 /*iPos*/, &ObjIdValue, &g_RTAsn1DefaultAllocator, NULL); … … 1071 1077 } 1072 1078 1073 1074 static RTEXITCODE SignToolPkcs7_AuthAttribsAddObjIdValue(PRTCRPKCS7ATTRIBUTES pAuthAttribs, const char *pszAttrId, 1075 const char *pszValueId) 1076 { 1077 /* Create the attrib and its sub-set of object IDs. */ 1078 PRTCRPKCS7ATTRIBUTE pAttr = SignToolPkcs7_AuthAttribAppend(pAuthAttribs, pszAttrId); 1079 static RTEXITCODE SignToolPkcs7_AuthAttribsAddContentType(PRTCRPKCS7ATTRIBUTES pAuthAttribs, const char *pszContentTypeId) 1080 { 1081 PRTCRPKCS7ATTRIBUTE pAttr = SignToolPkcs7_AuthAttribAppend(pAuthAttribs); 1079 1082 if (!pAttr) 1080 1083 return RTEXITCODE_FAILURE; 1081 1084 1082 /** @todo Generalize the Type + enmType DYN stuff and generate setters. */ 1083 Assert(pAttr->enmType == RTCRPKCS7ATTRIBUTETYPE_NOT_PRESENT); 1084 Assert(pAttr->uValues.pContentInfos == NULL); 1085 pAttr->enmType = RTCRPKCS7ATTRIBUTETYPE_OBJ_IDS; 1086 int rc = RTAsn1MemAllocZ(&pAttr->Allocation, (void **)&pAttr->uValues.pObjIds, sizeof(*pAttr->uValues.pObjIds)); 1085 int rc = RTCrPkcs7Attribute_SetContentType(pAttr, NULL, pAuthAttribs->Allocation.pAllocator); 1087 1086 if (RT_FAILURE(rc)) 1088 return RTMsgErrorExitFailure("RTAsn1MemAllocZ failed: %Rrc", rc); 1089 1090 rc = RTAsn1SetOfObjIds_Init(pAttr->uValues.pObjIds, pAttr->Allocation.pAllocator); 1091 if (RT_FAILURE(rc)) 1092 return RTMsgErrorExitFailure("RTAsn1SetOfObjIdSeqs_Init failed: %Rrc", rc); 1087 return RTMsgErrorExitFailure("RTCrPkcs7Attribute_SetContentType failed: %Rrc", rc); 1093 1088 1094 1089 /* Add a object id to the value. */ 1095 1090 RTASN1OBJID ObjIdValue; 1096 rc = RTAsn1ObjId_InitFromString(&ObjIdValue, psz ValueId, &g_RTAsn1DefaultAllocator);1091 rc = RTAsn1ObjId_InitFromString(&ObjIdValue, pszContentTypeId, pAuthAttribs->Allocation.pAllocator); 1097 1092 if (RT_FAILURE(rc)) 1098 return RTMsgErrorExitFailure("RTAsn1ObjId_InitFromString/%s failed: %Rrc", psz AttrId, rc);1099 1100 rc = RTAsn1SetOfObjIds_InsertEx(pAttr->uValues.pObjIds, 0 /*iPos*/, &ObjIdValue, &g_RTAsn1DefaultAllocator, NULL);1093 return RTMsgErrorExitFailure("RTAsn1ObjId_InitFromString/%s failed: %Rrc", pszContentTypeId, rc); 1094 1095 rc = RTAsn1SetOfObjIds_InsertEx(pAttr->uValues.pObjIds, 0 /*iPos*/, &ObjIdValue, pAuthAttribs->Allocation.pAllocator, NULL); 1101 1096 RTAsn1ObjId_Delete(&ObjIdValue); 1102 1097 if (RT_FAILURE(rc)) … … 1136 1131 * Set Of -^^ ^^- Empty Sequence. 1137 1132 */ 1138 /** @todo ends up with zero byte instead of two. */ 1139 RTEXITCODE rcExit = SignToolPkcs7_AuthAttribsAddObjIdSeqsEmpty(pAuthAttribs, RTCR_PKCS9_ID_MS_SP_OPUS_INFO); 1133 RTEXITCODE rcExit = SignToolPkcs7_AuthAttribsAddSpcOpusInfo(pAuthAttribs, NULL /*pvInfo - none*/); 1140 1134 if (rcExit != RTEXITCODE_SUCCESS) 1141 1135 return rcExit; … … 1149 1143 * ^- Set Of 1150 1144 */ 1151 rcExit = SignToolPkcs7_AuthAttribsAddObjIdValue(pAuthAttribs, RTCR_PKCS9_ID_CONTENT_TYPE_OID, 1152 RTCRSPCINDIRECTDATACONTENT_OID); 1145 rcExit = SignToolPkcs7_AuthAttribsAddContentType(pAuthAttribs, RTCRSPCINDIRECTDATACONTENT_OID); 1153 1146 if (rcExit != RTEXITCODE_SUCCESS) 1154 1147 return rcExit; … … 1162 1155 * Set Of -^^ ^^- Sequence Of 1163 1156 */ 1164 rcExit = SignToolPkcs7_AuthAttribsAddObjIdSeqsValue(pAuthAttribs, RTCR_PKCS9_ID_MS_STATEMENT_TYPE, 1165 RTCRSPC_STMT_TYPE_INDIVIDUAL_CODE_SIGNING); 1157 rcExit = SignToolPkcs7_AuthAttribsAddMsStatementType(pAuthAttribs, RTCRSPC_STMT_TYPE_INDIVIDUAL_CODE_SIGNING); 1166 1158 if (rcExit != RTEXITCODE_SUCCESS) 1167 1159 return rcExit; … … 1201 1193 1202 1194 /* Create the attrib and its sub-set of counter signatures. */ 1195 #if 1 1196 rc = RTCrPkcs7Attribute_SetCounterSignatures(pAttr, NULL, pAttr->Allocation.pAllocator); 1197 #else 1203 1198 rc = RTAsn1ObjId_InitFromString(&pAttr->Type, RTCR_PKCS9_ID_COUNTER_SIGNATURE_OID, pAttr->Allocation.pAllocator); 1204 1199 if (RT_FAILURE(rc)) … … 1217 1212 if (RT_FAILURE(rc)) 1218 1213 return RTMsgErrorExitFailure("RTCrPkcs7SignerInfos_Init failed: %Rrc", rc); 1214 #endif 1219 1215 1220 1216 /* Insert the counter signature. */ … … 1239 1235 if (!pExisting || RTCrX509Certificate_Compare(pExisting, pCertToAppend) != 0) 1240 1236 { 1241 /* Append a RTCRPKCS7CERT entry. */ 1242 //int32_t iPos = RTCrPkcs7SetOfCerts_Append(&pSignedData->Certificates); 1243 //if (iPos < 0) 1244 // return RTMsgErrorExitFailure("RTCrPkcs7SetOfCerts_Append failed: %Rrc", iPos); 1237 /* Prepend a RTCRPKCS7CERT entry. */ 1245 1238 uint32_t iPos; 1246 1239 int rc = RTCrPkcs7SetOfCerts_InsertEx(&pSignedData->Certificates, 0 /*iPosition*/, NULL /*pToClone*/, … … 1248 1241 if (RT_FAILURE(rc)) 1249 1242 return RTMsgErrorExitFailure("RTCrPkcs7SetOfCerts_Append failed: %Rrc", rc); 1250 1251 1243 PRTCRPKCS7CERT pCertEntry = pSignedData->Certificates.papItems[iPos]; 1252 1244 1253 /** @todo Generalize the Type + enmType DYN stuff and generate setters. */ 1254 Assert(pCertEntry->enmChoice == RTCRPKCS7CERTCHOICE_INVALID); 1255 Assert(pCertEntry->u.pX509Cert == NULL); 1256 pCertEntry->enmChoice = RTCRPKCS7CERTCHOICE_X509; 1257 rc = RTAsn1MemAllocZ(&pCertEntry->Allocation, (void **)&pCertEntry->u.pX509Cert, sizeof(*pCertEntry->u.pX509Cert)); 1245 /* Set (clone) the certificate. */ 1246 rc = RTCrPkcs7Cert_SetX509Cert(pCertEntry, pCertToAppend, pCertEntry->Allocation.pAllocator); 1258 1247 if (RT_FAILURE(rc)) 1259 return RTMsgErrorExitFailure("RTAsn1MemAllocZ failed: %Rrc", rc); 1260 1261 /* Copy over the certificate we wish to append. */ 1262 rc = RTCrX509Certificate_Clone(pCertEntry->u.pX509Cert, pCertToAppend, pCertEntry->Allocation.pAllocator); 1263 if (RT_FAILURE(rc)) 1264 return RTMsgErrorExitFailure("RTCrX509Certificate_Clone failed: %Rrc", rc); 1248 return RTMsgErrorExitFailure("RTCrPkcs7Cert_X509Cert failed: %Rrc", rc); 1265 1249 } 1266 1250 return RTEXITCODE_SUCCESS; … … 1339 1323 return RTEXITCODE_FAILURE; 1340 1324 } 1325 1341 1326 1342 1327 static RTEXITCODE SignToolPkcs7_AddTimestampSignatureEx(PRTCRPKCS7SIGNERINFO pSignerInfo, PRTCRPKCS7SIGNEDDATA pSignedData, … … 1416 1401 } 1417 1402 1403 1418 1404 static RTEXITCODE SignToolPkcs7_AddTimestampSignature(SIGNTOOLPKCS7EXE *pThis, unsigned cVerbosity, unsigned iSignature, 1419 1405 bool fReplaceExisting, bool fTimestampTypeOld, RTTIMESPEC SigningTime, … … 1434 1420 } 1435 1421 1422 1436 1423 static RTEXITCODE SignToolPkcs7_SignSpcIndData(SIGNTOOLPKCS7EXE *pThis, RTCRSPCINDIRECTDATACONTENT *pSpcIndData, 1437 unsigned cVerbosity, bool fReplaceExisting, SIGNTOOLKEYPAIR *pSigningCertKey,1438 RTCRSTORE hAddCerts, bool fTimestampTypeOld, RTTIMESPEC SigningTime,1439 SIGNTOOLKEYPAIR *pTimestampCertKey)1424 unsigned cVerbosity, RTDIGESTTYPE enmSigType, bool fReplaceExisting, 1425 SIGNTOOLKEYPAIR *pSigningCertKey, RTCRSTORE hAddCerts, 1426 bool fTimestampTypeOld, RTTIMESPEC SigningTime, SIGNTOOLKEYPAIR *pTimestampCertKey) 1440 1427 { 1441 1428 /* … … 1488 1475 PSIGNTOOLPKCS7 pSigDst = !pThis->pSignedData ? pThis : &Src; 1489 1476 rcExit = Pkcs7SignStuff("image", pvSpcEncoded, cbSpcEncoded, &AuthAttribs, hAddCerts, 0 /*fExtraFlags*/, 1490 RTDIGESTTYPE_SHA1 /** @todo*/, pSigningCertKey, cVerbosity,1477 enmSigType /** @todo ?? */, pSigningCertKey, cVerbosity, 1491 1478 (void **)&pSigDst->pbBuf, &pSigDst->cbBuf, &pSigDst->ContentInfo, &pSigDst->pSignedData); 1492 1479 if (rcExit == RTEXITCODE_SUCCESS) … … 1522 1509 return rcExit; 1523 1510 } 1511 1524 1512 1525 1513 static RTEXITCODE SignToolPkcs7_SpcCompleteWithoutPageHashes(RTCRSPCINDIRECTDATACONTENT *pSpcIndData) … … 1586 1574 } 1587 1575 1576 1588 1577 static RTEXITCODE SignToolPkcs7_SpcAddImagePageHashes(SIGNTOOLPKCS7EXE *pThis, RTCRSPCINDIRECTDATACONTENT *pSpcIndData, 1589 1578 RTDIGESTTYPE enmSigType) … … 1592 1581 return RTEXITCODE_SUCCESS; 1593 1582 } 1583 1594 1584 1595 1585 static RTEXITCODE SignToolPkcs7_SpcAddImageHash(SIGNTOOLPKCS7EXE *pThis, RTCRSPCINDIRECTDATACONTENT *pSpcIndData, … … 1689 1679 */ 1690 1680 if (rcExit == RTEXITCODE_SUCCESS) 1691 rcExit = SignToolPkcs7_SignSpcIndData(pThis, &SpcIndData, cVerbosity, fReplaceExisting, pSigningCertKey, 1692 hAddCerts, fTimestampTypeOld, SigningTime, pTimestampCertKey); 1681 rcExit = SignToolPkcs7_SignSpcIndData(pThis, &SpcIndData, cVerbosity, 1682 enmSigType, fReplaceExisting, pSigningCertKey, hAddCerts, 1683 fTimestampTypeOld, SigningTime, pTimestampCertKey); 1693 1684 } 1694 1685 }
Note:
See TracChangeset
for help on using the changeset viewer.
