/* $Id$ */
/** @file
* IPRT - Crypto - PKCS \#7, Sanity Checkers.
*/
/*
* Copyright (C) 2006-2014 Oracle Corporation
*
* This file is part of VirtualBox Open Source Edition (OSE), as
* available from http://www.virtualbox.org. This file is free software;
* General Public License (GPL) as published by the Free Software
* Foundation, in version 2 as it comes in the "COPYING" file of the
* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
*
* The contents of this file may alternatively be used under the terms
* of the Common Development and Distribution License Version 1.0
* (CDDL) only, as it comes in the "COPYING.CDDL" file of the
* VirtualBox OSE distribution, in which case the provisions of the
* CDDL are applicable instead of those of the GPL.
*
* You may elect to license modified versions of this file under the
* terms and conditions of either the GPL or the CDDL or both.
*/
/*******************************************************************************
* Header Files *
*******************************************************************************/
#include "pkcs7-internal.h"
{
//RTAsn1Dump(&pSignedData->SeqCore.Asn1Core, 0, 0, RTAsn1DumpStrmPrintfV, g_pStdOut);
return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_SIGNED_DATA_VERSION, "SignedData version is %llu, expected %u",
/*
* DigestAlgorithms.
*/
return RTErrInfoSet(pErrInfo, VERR_CR_PKCS7_SIGNED_DATA_NO_DIGEST_ALGOS, "SignedData.DigestAlgorithms is empty");
"SignedData.DigestAlgorithms has more than one algorithm (%u)",
{
if (RTCrX509AlgorithmIdentifier_QueryDigestType(&pSignedData->DigestAlgorithms.paItems[i]) == RTDIGESTTYPE_INVALID)
"SignedData.DigestAlgorithms[%i] is not known: %s",
"SignedData.DigestAlgorithms[%i] has parameters: tag=%u",
}
/*
* Certificates.
*/
"SignedData.Certifcates is empty, expected at least one certificate");
/*
* Crls.
*/
"SignedData.Crls is not empty as expected for authenticode.");
/** @todo check Crls when they become important. */
/*
* SignerInfos.
*/
"SignedData.SignerInfos should have one entry for authenticode: %u",
{
"SignedData.SignerInfos[%u] version is %llu, expected %u",
/* IssuerAndSerialNumber. */
"SignedData.SignerInfos[#].IssuerAndSerialNumber.Name");
if (RT_FAILURE(rc))
return rc;
"SignedData.SignerInfos[%u].IssuerAndSerialNumber.SerialNumber is missing (zero length)", i);
"SignedData.SignerInfos[%u].IssuerAndSerialNumber not found in T0.Certificates", i);
/* DigestAlgorithm */
uint32_t j = 0;
&pSignerInfo->DigestAlgorithm) != 0)
j++;
"SignedData.SignerInfos[%u].DigestAlgorithm (%s) not found in SignedData.DigestAlgorithms",
/* Digest encryption algorithm. */
#if 0 /** @todo Unimportant: Seen timestamp signatures specifying pkcs1-Sha256WithRsaEncryption in SignerInfo and just RSA in the certificate. Figure out how to compare the two. */
if ( pCert
"SignedData.SignerInfos[%u].DigestEncryptionAlgorithm (%s) mismatch with certificate (%s)",
#endif
/* Authenticated attributes we know. */
{
bool fFoundContentInfo = false;
bool fFoundMessageDigest = false;
{
{
if (fFoundContentInfo)
"Multiple authenticated content-type attributes.");
fFoundContentInfo = true;
"Expected exactly one value for content-type attrib, found: %u",
}
{
if (fFoundMessageDigest)
"Multiple authenticated message-digest attributes.");
fFoundMessageDigest = true;
"Expected exactly one value for message-digest attrib, found: %u",
}
else
}
if (!fFoundContentInfo)
"Missing authenticated content-type attribute.");
if (!fFoundMessageDigest)
"Missing authenticated message-digest attribute.");
}
}
return VINF_SUCCESS;
}
/*
* Generate the code.
*/
#include <iprt/asn1-generator-sanity.h>