common/crypto/pkcs7-core.cpp

13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync/* $Id$ */
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync/** @file
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync * IPRT - Crypto - PKCS \#7, Core APIs.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync */
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync/*
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync * Copyright (C) 2006-2014 Oracle Corporation
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync *
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync * This file is part of VirtualBox Open Source Edition (OSE), as
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync * available from http://www.virtualbox.org. This file is free software;
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync * you can redistribute it and/or modify it under the terms of the GNU
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync * General Public License (GPL) as published by the Free Software
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync * Foundation, in version 2 as it comes in the "COPYING" file of the
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync *
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync * The contents of this file may alternatively be used under the terms
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync * of the Common Development and Distribution License Version 1.0
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync * VirtualBox OSE distribution, in which case the provisions of the
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync * CDDL are applicable instead of those of the GPL.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync *
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync * You may elect to license modified versions of this file under the
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync * terms and conditions of either the GPL or the CDDL or both.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync */
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync/*******************************************************************************
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync*   Header Files                                                               *
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync*******************************************************************************/
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync#include "internal/iprt.h"
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync#include <iprt/crypto/pkcs7.h>
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync#include <iprt/err.h>
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync#include <iprt/string.h>
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync#include <iprt/crypto/tsp.h>
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync#include "pkcs7-internal.h"
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync/*
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync * PCKS #7 SignerInfo
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync */
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsyncRTDECL(PCRTASN1TIME) RTCrPkcs7SignerInfo_GetSigningTime(PCRTCRPKCS7SIGNERINFO pThis, PCRTCRPKCS7SIGNERINFO *ppSignerInfo)
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync{
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync    /*
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync     * Check the immediate level, unless we're continuing a previous search.
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync     * Note! We ASSUME a single signing time attribute, which simplifies the interface.
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync     */
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync    uint32_t                cAttrsLeft;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync    PCRTCRPKCS7ATTRIBUTE    pAttr;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync    if (!ppSignerInfo || *ppSignerInfo == NULL)
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync    {
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync        cAttrsLeft = pThis->AuthenticatedAttributes.cItems;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync        pAttr      = pThis->AuthenticatedAttributes.paItems;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync        while (cAttrsLeft-- > 0)
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync        {
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync            if (   pAttr->enmType == RTCRPKCS7ATTRIBUTETYPE_SIGNING_TIME
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                && pAttr->uValues.pSigningTime->cItems > 0)
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync            {
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                if (ppSignerInfo)
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                    *ppSignerInfo = pThis;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                return &pAttr->uValues.pSigningTime->paItems[0];
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync            }
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync            pAttr++;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync        }
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync    }
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync    else if (*ppSignerInfo == pThis)
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync        *ppSignerInfo = NULL;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync    /*
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync     * Check counter signatures.
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync     */
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync    cAttrsLeft = pThis->UnauthenticatedAttributes.cItems;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync    pAttr      = pThis->UnauthenticatedAttributes.paItems;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync    while (cAttrsLeft-- > 0)
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync    {
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync        if (pAttr->enmType == RTCRPKCS7ATTRIBUTETYPE_COUNTER_SIGNATURES)
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync        {
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync            uint32_t              cSignatures = pAttr->uValues.pCounterSignatures->cItems;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync            PCRTCRPKCS7SIGNERINFO pSignature  = pAttr->uValues.pCounterSignatures->paItems;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync            /* Skip past the previous counter signature. */
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync            if (ppSignerInfo && *ppSignerInfo != NULL)
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                while (cSignatures > 0)
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                {
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                    cSignatures--;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                    if (pSignature == *ppSignerInfo)
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                    {
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                        *ppSignerInfo = NULL;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                        pSignature++;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                        break;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                    }
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                    pSignature++;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                }
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync            /* Search the counter signatures (if any remaining). */
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync            while (cSignatures-- > 0)
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync            {
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                uint32_t                cCounterAttrsLeft = pSignature->AuthenticatedAttributes.cItems;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                PCRTCRPKCS7ATTRIBUTE    pCounterAttr      = pSignature->AuthenticatedAttributes.paItems;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                while (cCounterAttrsLeft-- > 0)
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                {
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                    if (   pCounterAttr->enmType == RTCRPKCS7ATTRIBUTETYPE_SIGNING_TIME
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                        && pCounterAttr->uValues.pSigningTime->cItems > 0)
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                    {
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                        if (ppSignerInfo)
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                            *ppSignerInfo = pSignature;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                        return &pCounterAttr->uValues.pSigningTime->paItems[0];
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                    }
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                    pCounterAttr++;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                }
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync                pSignature++;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync            }
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync        }
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync        pAttr++;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync    }
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync    /*
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync     * No signing timestamp found.
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync     */
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync    if (ppSignerInfo)
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync        *ppSignerInfo = NULL;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync    return NULL;
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync}
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5vboxsync
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsyncRTDECL(PCRTASN1TIME) RTCrPkcs7SignerInfo_GetMsTimestamp(PCRTCRPKCS7SIGNERINFO pThis, PCRTCRPKCS7CONTENTINFO *ppContentInfo)
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync{
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync    /*
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync     * Assume there is only one, so no need to enumerate anything here.
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync     */
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync    uint32_t             cAttrsLeft = pThis->UnauthenticatedAttributes.cItems;
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync    PCRTCRPKCS7ATTRIBUTE pAttr      = pThis->UnauthenticatedAttributes.paItems;
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync    while (cAttrsLeft-- > 0)
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync    {
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync        if (pAttr->enmType == RTCRPKCS7ATTRIBUTETYPE_MS_TIMESTAMP)
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync        {
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync            uint32_t                cLeft        = pAttr->uValues.pContentInfos->cItems;
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync            PCRTCRPKCS7CONTENTINFO  pContentInfo = &pAttr->uValues.pContentInfos->paItems[0];
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync            while (cLeft-- > 0)
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync            {
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync                if (RTAsn1ObjId_CompareWithString(&pContentInfo->ContentType, RTCRPKCS7SIGNEDDATA_OID) == 0)
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync                {
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync                    if (RTAsn1ObjId_CompareWithString(&pContentInfo->u.pSignedData->ContentInfo.ContentType,
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync                                                      RTCRTSPTSTINFO_OID) == 0)
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync                    {
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync                        if (ppContentInfo)
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync                            *ppContentInfo = pContentInfo;
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync                        return &pContentInfo->u.pSignedData->ContentInfo.u.pTstInfo->GenTime;
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync                    }
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync                }
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync                pContentInfo++;
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync            }
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync        }
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync        pAttr++;
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync    }
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync    /*
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync     * No signature was found.
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync     */
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync    if (ppContentInfo)
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync        *ppContentInfo = NULL;
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync    return NULL;
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync}
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync/*
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync * PCKS #7 ContentInfo.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync */
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsyncRTDECL(bool) RTCrPkcs7ContentInfo_IsSignedData(PCRTCRPKCS7CONTENTINFO pThis)
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync{
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync    return RTAsn1ObjId_CompareWithString(&pThis->ContentType, RTCRPKCS7SIGNEDDATA_OID) == 0;
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync}
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync/*
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync * Set of some kind of certificate supported by PKCS #7 or CMS.
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync */
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsyncRTDECL(PCRTCRX509CERTIFICATE)
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsyncRTCrPkcs7SetOfCerts_FindX509ByIssuerAndSerialNumber(PCRTCRPKCS7SETOFCERTS pCertificates,
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync                                                    PCRTCRX509NAME pIssuer, PCRTASN1INTEGER pSerialNumber)
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync{
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync    for (uint32_t i = 0; i < pCertificates->cItems; i++)
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync        if (   pCertificates->paItems[i].enmChoice == RTCRPKCS7CERTCHOICE_X509
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync            && RTCrX509Certificate_MatchIssuerAndSerialNumber(pCertificates->paItems[i].u.pX509Cert, pIssuer, pSerialNumber))
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync            return pCertificates->paItems[i].u.pX509Cert;
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync    return NULL;
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync}
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501evboxsync
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync/*
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync * Generate the standard core code.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync */
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync#include <iprt/asn1-generator-core.h>
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync