VirtualBox

source: vbox/trunk/src/VBox/Runtime/common/crypto/x509-verify.cpp@ 75482

Last change on this file since 75482 was 73666, checked in by vboxsync, 6 years ago

IPRT,SUP,Main: Working on new crypto key handling and rsa signing. bugref:9152 [build fix]

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 6.2 KB
Line 
1/* $Id: x509-verify.cpp 73666 2018-08-14 17:51:20Z vboxsync $ */
2/** @file
3 * IPRT - Crypto - X.509, Signature verficiation.
4 */
5
6/*
7 * Copyright (C) 2006-2017 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27
28/*********************************************************************************************************************************
29* Header Files *
30*********************************************************************************************************************************/
31#include "internal/iprt.h"
32#include <iprt/crypto/x509.h>
33#include <iprt/crypto/pkix.h>
34#include <iprt/crypto/key.h>
35
36#include <iprt/err.h>
37#include <iprt/mem.h>
38#include <iprt/string.h>
39
40
41RTDECL(int) RTCrX509Certificate_VerifySignature(PCRTCRX509CERTIFICATE pThis, PCRTASN1OBJID pAlgorithm,
42 PCRTASN1DYNTYPE pParameters, PCRTASN1BITSTRING pPublicKey,
43 PRTERRINFO pErrInfo)
44{
45 /*
46 * Validate the input a little.
47 */
48 AssertPtrReturn(pThis, VERR_INVALID_POINTER);
49 AssertReturn(RTCrX509Certificate_IsPresent(pThis), VERR_INVALID_PARAMETER);
50
51 AssertPtrReturn(pAlgorithm, VERR_INVALID_POINTER);
52 AssertReturn(RTAsn1ObjId_IsPresent(pAlgorithm), VERR_INVALID_POINTER);
53
54 if (pParameters)
55 {
56 AssertPtrReturn(pParameters, VERR_INVALID_POINTER);
57 if (pParameters->enmType == RTASN1TYPE_NULL)
58 pParameters = NULL;
59 }
60
61 AssertPtrReturn(pPublicKey, VERR_INVALID_POINTER);
62 AssertReturn(RTAsn1BitString_IsPresent(pPublicKey), VERR_INVALID_POINTER);
63
64 /*
65 * Check if the algorithm matches.
66 */
67 const char *pszCipherOid = RTCrPkixGetCiperOidFromSignatureAlgorithm(&pThis->SignatureAlgorithm.Algorithm);
68 if (!pszCipherOid)
69 return RTErrInfoSetF(pErrInfo, VERR_CR_X509_UNKNOWN_CERT_SIGN_ALGO,
70 "Certificate signature algorithm not known: %s",
71 pThis->SignatureAlgorithm.Algorithm.szObjId);
72
73 if (RTAsn1ObjId_CompareWithString(pAlgorithm, pszCipherOid) != 0)
74 return RTErrInfoSetF(pErrInfo, VERR_CR_X509_CERT_SIGN_ALGO_MISMATCH,
75 "Certificate signature cipher algorithm mismatch: cert uses %s (%s) while key uses %s",
76 pszCipherOid, pThis->SignatureAlgorithm.Algorithm.szObjId, pAlgorithm->szObjId);
77
78 /*
79 * Wrap up the public key.
80 */
81 RTCRKEY hPubKey;
82 int rc = RTCrKeyCreateFromPublicAlgorithmAndBits(&hPubKey, pAlgorithm, pPublicKey, pErrInfo, NULL);
83 if (RT_FAILURE(rc))
84 return rc;
85
86 /*
87 * Here we should recode the to-be-signed part as DER, but we'll ASSUME
88 * that it's already in DER encoding and only does this if there the
89 * encoded bits are missing.
90 */
91 if ( pThis->TbsCertificate.SeqCore.Asn1Core.uData.pu8
92 && pThis->TbsCertificate.SeqCore.Asn1Core.cb > 0)
93 rc = RTCrPkixPubKeyVerifySignature(&pThis->SignatureAlgorithm.Algorithm, hPubKey, pParameters, &pThis->SignatureValue,
94 RTASN1CORE_GET_RAW_ASN1_PTR(&pThis->TbsCertificate.SeqCore.Asn1Core),
95 RTASN1CORE_GET_RAW_ASN1_SIZE(&pThis->TbsCertificate.SeqCore.Asn1Core),
96 pErrInfo);
97 else
98 {
99 uint32_t cbEncoded;
100 rc = RTAsn1EncodePrepare((PRTASN1CORE)&pThis->TbsCertificate.SeqCore.Asn1Core, RTASN1ENCODE_F_DER, &cbEncoded, pErrInfo);
101 if (RT_SUCCESS(rc))
102 {
103 void *pvTbsBits = RTMemTmpAlloc(cbEncoded);
104 if (pvTbsBits)
105 {
106 rc = RTAsn1EncodeToBuffer(&pThis->TbsCertificate.SeqCore.Asn1Core, RTASN1ENCODE_F_DER,
107 pvTbsBits, cbEncoded, pErrInfo);
108 if (RT_SUCCESS(rc))
109 rc = RTCrPkixPubKeyVerifySignature(&pThis->SignatureAlgorithm.Algorithm, hPubKey, pParameters,
110 &pThis->SignatureValue, pvTbsBits, cbEncoded, pErrInfo);
111 else
112 AssertRC(rc);
113 RTMemTmpFree(pvTbsBits);
114 }
115 else
116 rc = VERR_NO_TMP_MEMORY;
117 }
118 }
119
120 /* Free the public key. */
121 uint32_t cRefs = RTCrKeyRelease(hPubKey);
122 Assert(cRefs == 0); NOREF(cRefs);
123
124 return rc;
125}
126
127
128RTDECL(int) RTCrX509Certificate_VerifySignatureSelfSigned(PCRTCRX509CERTIFICATE pThis, PRTERRINFO pErrInfo)
129{
130 /*
131 * Validate the input a little.
132 */
133 AssertPtrReturn(pThis, VERR_INVALID_POINTER);
134 AssertReturn(RTCrX509Certificate_IsPresent(pThis), VERR_INVALID_PARAMETER);
135
136 /*
137 * Assemble parameters for the generic verification call.
138 */
139 PCRTCRX509TBSCERTIFICATE const pTbsCert = &pThis->TbsCertificate;
140 PCRTASN1DYNTYPE pParameters = NULL;
141 if ( RTASN1CORE_IS_PRESENT(&pTbsCert->SubjectPublicKeyInfo.Algorithm.Parameters.u.Core)
142 && pTbsCert->SubjectPublicKeyInfo.Algorithm.Parameters.enmType != RTASN1TYPE_NULL)
143 pParameters = &pTbsCert->SubjectPublicKeyInfo.Algorithm.Parameters;
144 return RTCrX509Certificate_VerifySignature(pThis, &pTbsCert->SubjectPublicKeyInfo.Algorithm.Algorithm, pParameters,
145 &pTbsCert->SubjectPublicKeyInfo.SubjectPublicKey, pErrInfo);
146}
147
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette