VirtualBox

source: vbox/trunk/src/VBox/Runtime/common/crypto/pkcs7-sign.cpp@ 95595

Last change on this file since 95595 was 95595, checked in by vboxsync, 2 years ago

IPRT/Pkcs7: Added a parameter to RTCrPkcs7SimpleSignSignedData (not yet implemented). bugref:8691
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 9.0 KB
Line 
1/* $Id: pkcs7-sign.cpp 95595 2022-07-12 02:20:48Z vboxsync $ */
2/** @file
3 * IPRT - Crypto - PKCS \#7, Signing
4 */
5
6/*
7 * Copyright (C) 2006-2022 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27
28/*********************************************************************************************************************************
29* Header Files *
30*********************************************************************************************************************************/
31#include "internal/iprt.h"
32#include <iprt/crypto/pkcs7.h>
33
34#include <iprt/errcore.h>
35#include <iprt/string.h>
36#include <iprt/crypto/digest.h>
37#include <iprt/crypto/key.h>
38#include <iprt/crypto/pkix.h>
39#include <iprt/crypto/store.h>
40#include <iprt/crypto/x509.h>
41
42#ifdef IPRT_WITH_OPENSSL
43# include "internal/iprt-openssl.h"
44# include "internal/openssl-pre.h"
45# include <openssl/pkcs7.h>
46# include <openssl/cms.h>
47# include <openssl/x509.h>
48# include <openssl/err.h>
49# include "internal/openssl-post.h"
50#endif
51
52
53/*********************************************************************************************************************************
54* Structures and Typedefs *
55*********************************************************************************************************************************/
56/**
57 * PKCS\#7 / CMS signing operation instance.
58 */
59typedef struct RTCRPKCS7SIGNINGJOBINT
60{
61 /** Magic value (RTCRPKCS7SIGNINGJOBINT). */
62 uint32_t u32Magic;
63 /** Reference counter. */
64 uint32_t volatile cRefs;
65 /** RTCRPKCS7SIGN_F_XXX. */
66 uint64_t fFlags;
67 /** Set if finalized. */
68 bool fFinallized;
69
70 //....
71} RTCRPKCS7SIGNINGJOBINT;
72
73/** Magic value for RTCRPKCS7SIGNINGJOBINT (Jonathan Lethem). */
74#define RTCRPKCS7SIGNINGJOBINT_MAGIC UINT32_C(0x19640219)
75
76/** Handle to PKCS\#7/CMS signing operation. */
77typedef struct RTCRPKCS7SIGNINGJOBINT *RTCRPKCS7SIGNINGJOB;
78/** Pointer to a PKCS\#7/CMS signing operation handle. */
79typedef RTCRPKCS7SIGNINGJOB *PRTCRPKCS7SIGNINGJOB;
80
81//// CMS_sign
82//RTDECL(int) RTCrPkcs7Sign(PRTCRPKCS7SIGNINGJOB *phJob, uint64_t fFlags, PCRTCRX509CERTIFICATE pSigner, RTCRKEY hPrivateKey,
83// RTCRSTORE hAdditionalCerts,
84//
85
86
87
88RTDECL(int) RTCrPkcs7SimpleSignSignedData(uint32_t fFlags, PCRTCRX509CERTIFICATE pSigner, RTCRKEY hPrivateKey,
89 void const *pvData, size_t cbData, RTDIGESTTYPE enmDigestType,
90 RTCRSTORE hAdditionalCerts, PCRTCRPKCS7ATTRIBUTES pAdditionalAuthenticatedAttribs,
91 void *pvResult, size_t *pcbResult, PRTERRINFO pErrInfo)
92{
93 size_t const cbResultBuf = *pcbResult;
94 *pcbResult = 0;
95 AssertReturn(!(fFlags & ~RTCRPKCS7SIGN_SD_F_VALID_MASK), VERR_INVALID_FLAGS);
96#ifdef IPRT_WITH_OPENSSL
97 AssertReturn((int)cbData >= 0 && (unsigned)cbData == cbData, VERR_TOO_MUCH_DATA);
98
99 /*
100 * Resolve the digest type.
101 */
102 const EVP_MD *pEvpMd = NULL;
103 if (enmDigestType != RTDIGESTTYPE_UNKNOWN)
104 {
105 pEvpMd = (const EVP_MD *)rtCrOpenSslConvertDigestType(enmDigestType, pErrInfo);
106 AssertReturn(pEvpMd, pErrInfo ? pErrInfo->rc : VERR_INVALID_PARAMETER);
107 }
108
109 /*
110 * Convert the private key.
111 */
112 EVP_PKEY *pEvpPrivateKey = NULL;
113 int rc = rtCrKeyToOpenSslKey(hPrivateKey, false /*fNeedPublic*/, (void **)&pEvpPrivateKey, pErrInfo);
114 if (RT_SUCCESS(rc))
115 {
116 /*
117 * Convert the signing certificate.
118 */
119 X509 *pOsslSigner = NULL;
120 rc = rtCrOpenSslConvertX509Cert((void **)&pOsslSigner, pSigner, pErrInfo);
121 if (RT_SUCCESS(rc))
122 {
123 /*
124 * Convert any additional certificates.
125 */
126 STACK_OF(X509) *pOsslAdditionalCerts = NULL;
127 if (hAdditionalCerts != NIL_RTCRSTORE)
128 rc = RTCrStoreConvertToOpenSslCertStack(hAdditionalCerts, 0 /*fFlags*/, (void **)&pOsslAdditionalCerts, pErrInfo);
129 if (RT_SUCCESS(rc))
130 {
131 /*
132 * Create a BIO for the data buffer.
133 */
134 BIO *pOsslData = BIO_new_mem_buf((void *)pvData, (int)cbData);
135 if (pOsslData)
136 {
137 /*
138 * Do the signing.
139 */
140 unsigned int fOsslSign = CMS_BINARY | CMS_PARTIAL;
141 if (fFlags & RTCRPKCS7SIGN_SD_F_DEATCHED)
142 fOsslSign |= CMS_DETACHED;
143 if (fFlags & RTCRPKCS7SIGN_SD_F_NO_SMIME_CAP)
144 fOsslSign |= CMS_NOSMIMECAP;
145 CMS_ContentInfo *pCms = CMS_sign(NULL, NULL, pOsslAdditionalCerts, NULL, fOsslSign);
146 if (pCms != NULL)
147 {
148RT_NOREF(pAdditionalAuthenticatedAttribs); /** @todo */
149 if (CMS_add1_signer(pCms, pOsslSigner, pEvpPrivateKey, pEvpMd, fOsslSign) != NULL)
150 {
151 rc = CMS_final(pCms, pOsslData, NULL /*dcont*/, fOsslSign);
152 if (rc > 0)
153 {
154 /*
155 * Get the output and copy it into the result buffer.
156 */
157 BIO *pOsslResult = BIO_new(BIO_s_mem());
158 if (pOsslResult)
159 {
160 rc = i2d_CMS_bio(pOsslResult, pCms);
161 if (rc > 0)
162 {
163 BUF_MEM *pBuf = NULL;
164 rc = (int)BIO_get_mem_ptr(pOsslResult, &pBuf);
165 if (rc > 0)
166 {
167 AssertPtr(pBuf);
168 size_t const cbResult = pBuf->length;
169 if ( cbResultBuf >= cbResult
170 && pvResult != NULL)
171 {
172 memcpy(pvResult, pBuf->data, cbResult);
173 rc = VINF_SUCCESS;
174 }
175 else
176 rc = VERR_BUFFER_OVERFLOW;
177 *pcbResult = cbResult;
178 }
179 else
180 rc = RTErrInfoSet(pErrInfo, VERR_GENERAL_FAILURE, "BIO_get_mem_ptr");
181 }
182 else
183 rc = RTErrInfoSet(pErrInfo, VERR_GENERAL_FAILURE, "i2d_CMS_bio");
184 BIO_free(pOsslResult);
185 }
186 else
187 rc = RTErrInfoSet(pErrInfo, VERR_NO_MEMORY, "BIO_new/BIO_s_mem");
188 }
189 else
190 rc = RTErrInfoSet(pErrInfo, VERR_GENERAL_FAILURE, "CMS_final");
191 }
192 else
193 rc = RTErrInfoSet(pErrInfo, VERR_GENERAL_FAILURE, "CMS_add1_signer");
194 CMS_ContentInfo_free(pCms);
195 }
196 else
197 rc = RTErrInfoSet(pErrInfo, VERR_GENERAL_FAILURE, "CMS_sign");
198 BIO_free(pOsslData);
199 }
200 }
201 rtCrOpenSslFreeConvertedX509Cert(pOsslSigner);
202 }
203 EVP_PKEY_free(pEvpPrivateKey);
204 }
205 return rc;
206#else
207 RT_NOREF(fFlags, pSigner, hPrivateKey, pvData, cbData, enmDigestType, hAdditionalCerts, pAdditionalAuthenticatedAttribs,
208 pvResult, pErrInfo, cbResultBuf);
209 *pcbResult = 0;
210 return VERR_NOT_IMPLEMENTED;
211#endif
212}
213
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette