Changeset 52600 in vbox for trunk/src/VBox/Runtime/common/crypto/pkcs7-core.cpp

Timestamp:

Sep 4, 2014 10:59:00 PM (11 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

95876

Message:

IPRT: Added support for microsoft timestamp counter signatures. This required making the PKCS #7 code accept some of the CMS (RFC-5652) stuff.

File:

• trunk/src/VBox/Runtime/common/crypto/pkcs7-core.cpp (modified) (3 diffs)

trunk/src/VBox/Runtime/common/crypto/pkcs7-core.cpp

@@ -34 +34 @@
 #include <iprt/err.h>
 #include <iprt/string.h>
+#include <iprt/crypto/tsp.h>
 
 #include "pkcs7-internal.h"
@@ -127 +128 @@
 
 
+RTDECL(PCRTASN1TIME) RTCrPkcs7SignerInfo_GetMsTimestamp(PCRTCRPKCS7SIGNERINFO pThis, PCRTCRPKCS7CONTENTINFO *ppContentInfo)
+{
+    /*
+     * Assume there is only one, so no need to enumerate anything here.
+     */
+    uint32_t             cAttrsLeft = pThis->UnauthenticatedAttributes.cItems;
+    PCRTCRPKCS7ATTRIBUTE pAttr      = pThis->UnauthenticatedAttributes.paItems;
+    while (cAttrsLeft-- > 0)
+    {
+        if (pAttr->enmType == RTCRPKCS7ATTRIBUTETYPE_MS_TIMESTAMP)
+        {
+            uint32_t                cLeft        = pAttr->uValues.pContentInfos->cItems;
+            PCRTCRPKCS7CONTENTINFO  pContentInfo = &pAttr->uValues.pContentInfos->paItems[0];
+            while (cLeft-- > 0)
+            {
+                if (RTAsn1ObjId_CompareWithString(&pContentInfo->ContentType, RTCRPKCS7SIGNEDDATA_OID) == 0)
+                {
+                    if (RTAsn1ObjId_CompareWithString(&pContentInfo->u.pSignedData->ContentInfo.ContentType,
+                                                      RTCRTSPTSTINFO_OID) == 0)
+                    {
+                        if (ppContentInfo)
+                            *ppContentInfo = pContentInfo;
+                        return &pContentInfo->u.pSignedData->ContentInfo.u.pTstInfo->GenTime;
+                    }
+                }
+
+                pContentInfo++;
+            }
+        }
+        pAttr++;
+    }
+
+    /*
+     * No signature was found.
+     */
+    if (ppContentInfo)
+        *ppContentInfo = NULL;
+
+    return NULL;
+}
+
+
 /*
  * PCKS #7 ContentInfo.
@@ -138 +181 @@
 
 /*
+ * Set of some kind of certificate supported by PKCS #7 or CMS.
+ */
+
+RTDECL(PCRTCRX509CERTIFICATE)
+RTCrPkcs7SetOfCerts_FindX509ByIssuerAndSerialNumber(PCRTCRPKCS7SETOFCERTS pCertificates,
+                                                    PCRTCRX509NAME pIssuer, PCRTASN1INTEGER pSerialNumber)
+{
+    for (uint32_t i = 0; i < pCertificates->cItems; i++)
+        if (   pCertificates->paItems[i].enmChoice == RTCRPKCS7CERTCHOICE_X509
+            && RTCrX509Certificate_MatchIssuerAndSerialNumber(pCertificates->paItems[i].u.pX509Cert, pIssuer, pSerialNumber))
+            return pCertificates->paItems[i].u.pX509Cert;
+    return NULL;
+}
+
+
+/*
  * Generate the standard core code.
  */