📄 p7read.c
字号:
/* Copyright 2003-2005, Voltage Security, all rights reserved.
*/
#include "vibe.h"
#include "environment.h"
#include "base.h"
#include "libctx.h"
#include "p7obj.h"
#include "derhelp.h"
#include "oidlist.h"
#include "reciplist.h"
ASN1_SEQUENCE (Asn1Pkcs7Message) =
{
ASN1_SIMPLE (Asn1Pkcs7Message, contentType, Asn1ObjectId),
ASN1_EXP (Asn1Pkcs7Message, content, Asn1Encoded, 0)
} ASN1_SEQUENCE_END (Asn1Pkcs7Message);
IMPLEMENT_ASN1_FUNCTIONS (Asn1Pkcs7Message)
ASN1_SEQUENCE (Asn1RecipientInfo) =
{
ASN1_SIMPLE (Asn1RecipientInfo, version, ASN1_INTEGER),
ASN1_SIMPLE (Asn1RecipientInfo, issuerSerial, Asn1Encoded),
ASN1_SIMPLE (Asn1RecipientInfo, keyEncAlg, Asn1Encoded),
ASN1_SIMPLE (Asn1RecipientInfo, encryptedKey, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END (Asn1RecipientInfo);
IMPLEMENT_ASN1_FUNCTIONS (Asn1RecipientInfo)
ASN1_SEQUENCE (Asn1RecipInfoExtract) =
{
ASN1_SIMPLE (Asn1RecipInfoExtract, version, ASN1_INTEGER),
ASN1_SET_OF (Asn1RecipInfoExtract, recipInfo, Asn1RecipientInfo),
ASN1_SIMPLE (Asn1RecipInfoExtract, ignore1, Asn1Encoded),
ASN1_OPT (Asn1RecipInfoExtract, ignore2, Asn1Encoded),
ASN1_OPT (Asn1RecipInfoExtract, ignore3, Asn1Encoded),
ASN1_OPT (Asn1RecipInfoExtract, ignore4, Asn1Encoded),
ASN1_OPT (Asn1RecipInfoExtract, ignore5, Asn1Encoded),
} ASN1_SEQUENCE_END (Asn1RecipInfoExtract);
IMPLEMENT_ASN1_FUNCTIONS (Asn1RecipInfoExtract)
/* Extract the issuerSerial from the recipInfo, it should contain the
* encoded identity, Base64 encoded. Build an Identity object from the
* encoded identity and add it to the identity list.
* <p>If the recipient info does not contain an encoded identity, this
* function does nothing and returns 0 (no error).
*
* @param p7Obj The P7 object involved in this transaction.
* @param recipients The identityList to which the identity will be
* added.
* @param recipInfo The struct containing the issuerSerial.
* @param decoders An array of VtIdentitySchemaDecode's used to decode
* the encoded identity.
* @param decoderCount The number of decoders in the array.
* @return an int, 0 if the function completed successfully or a
* non-zero error code.
*/
int VOLT_CALLING_CONV AddIdFromIssuerSerial VOLT_PROTO_LIST ((
VoltLibCtx *libCtx,
VtIdentityList recipients,
Asn1RecipientInfo *recipInfo,
VtIdentitySchemaDecode **decoders,
unsigned int decoderCount
));
int VoltReadP7ContentType (
VoltLibCtx *libCtx,
unsigned char *message,
unsigned int messageLen,
unsigned int *contentType
)
{
int status;
unsigned int bytesRead, offset, oidLastByte;
unsigned char p7DataOid[VoltP7DataOidBytesLen] = { VoltP7DataOidBytes };
VoltDerElement derElement;
*contentType = 0;
Z2Memset (&derElement, 0, sizeof (derElement));
do
{
/* Collect the SEQUENCE and OID of a P7 message.
* This call will collect an element. We'll "cheat" by setting the
* explicitTag to the SEQUENCE tag. That way the function will
* collect the SEQUENCE and the first thing after the SEQUENCE,
* which is the OID.
*/
status = VoltGetNextDerElement (
libCtx, message, messageLen, VOLT_SEQUENCE_TAG, VOLT_OID_TAG, 1,
&derElement, &bytesRead);
if (status != 0)
break;
status = VT_ERROR_INVALID_INPUT_LENGTH;
if (derElement.complete == 0)
break;
/* Check the OID. All P7 contentType's are the same length.
*/
status = VT_ERROR_INVALID_ENCODING;
offset = derElement.elementLen - derElement.tlvLen;
if (derElement.tlvLen != VoltP7DataOidBytesLen)
break;
/* Check all but the last byte of the OID, all P7 contentType's
* have the same first bytes.
*/
if (Z2Memcmp (
derElement.element + offset, p7DataOid, VoltP7DataOidBytesLen - 1) != 0)
break;
/* Look at the last byte of OID.
*/
offset = derElement.elementLen - 1;
oidLastByte = (unsigned int)(derElement.element[offset]);
if ( (oidLastByte < VOLT_P7_OID_BYTE_DATA) ||
(oidLastByte > VOLT_P7_OID_BYTE_ENCRYPTED_DATA) )
break;
*contentType = oidLastByte;
status = 0;
} while (0);
if (derElement.element != (unsigned char *)0)
Z2Free (derElement.element);
return (status);
}
int VoltReadP7Recipients (
VoltLibCtx *libCtx,
Asn1Pkcs7Message *p7Msg,
unsigned int contentType,
VtIdentitySchemaDecode **decoders,
unsigned int decoderCount,
VtIdentityList recipients
)
{
int status, count, index;
unsigned char *temp;
Asn1RecipInfoExtract *extractor;
Asn1RecipientInfo *nextEntry;
do
{
/* Use the Asn1RecipInfoExtract object to extract the recipients.
*/
status = VT_ERROR_MEMORY;
extractor = Asn1RecipInfoExtract_new ();
if (extractor == (Asn1RecipInfoExtract *)0)
break;
Asn1SetObjectCopyFlag (
extractor->ignore1, VOLT_ASN1_COPY_REFERENCE);
/* If this is SignedAndEnvelopedData, create the other ignore
* Asn1Encoded's.
*/
if (contentType != VT_PKCS7_ENVELOPED_DATA)
{
extractor->ignore2 = Asn1Encoded_new ();
if (extractor->ignore2 == (Asn1Encoded *)0)
break;
extractor->ignore3 = Asn1Encoded_new ();
if (extractor->ignore3 == (Asn1Encoded *)0)
break;
extractor->ignore4 = Asn1Encoded_new ();
if (extractor->ignore4 == (Asn1Encoded *)0)
break;
extractor->ignore5 = Asn1Encoded_new ();
if (extractor->ignore5 == (Asn1Encoded *)0)
break;
Asn1SetObjectCopyFlag (
extractor->ignore2, VOLT_ASN1_COPY_REFERENCE);
Asn1SetObjectCopyFlag (
extractor->ignore3, VOLT_ASN1_COPY_REFERENCE);
Asn1SetObjectCopyFlag (
extractor->ignore4, VOLT_ASN1_COPY_REFERENCE);
Asn1SetObjectCopyFlag (
extractor->ignore5, VOLT_ASN1_COPY_REFERENCE);
}
status = VT_ERROR_UNKNOWN_BER;
temp = p7Msg->content->base.data;
d2i_Asn1RecipInfoExtract (&extractor, &temp, p7Msg->content->base.length);
if (extractor == (Asn1RecipInfoExtract *)0)
break;
/* We now have a stack of RecipientInfo's. Each of the issuerSerial
* fields contains the identity.
*/
count = sk_num (extractor->recipInfo);
status = 0;
for (index = 0; index < count; ++index)
{
nextEntry = (Asn1RecipientInfo *)sk_value (extractor->recipInfo, index);
status = AddIdFromIssuerSerial (
libCtx, recipients, nextEntry, decoders, decoderCount);
if (status != 0)
break;
}
} while (0);
if (extractor != (Asn1RecipInfoExtract *)0)
Asn1RecipInfoExtract_free (extractor);
return (status);
}
int AddIdFromIssuerSerial (
VoltLibCtx *libCtx,
VtIdentityList recipients,
Asn1RecipientInfo *recipInfo,
VtIdentitySchemaDecode **decoders,
unsigned int decoderCount
)
{
int status;
unsigned int encodingLen, schemaType, index;
VtIdentityObject idObj = (VtIdentityObject)0;
unsigned char *encoding = (unsigned char *)0;
do
{
/* Get the encoded ID out of the RecipientInfo.
* If the RecipientInfo does not contain an encoded ID, just return
* 0 (we didn't add an ID to the IdentityList, but that's not an
* error we need to halt production over).
*/
status = VoltGetEncodedIdFromRecipInfoAlloc (
libCtx, recipInfo, &encoding, &encodingLen);
if (status != 0)
{
if (status != VT_ERROR_UNKNOWN_BER)
break;
status = 0;
break;
}
/* Build an ID object from the encoding.
*/
status = VtCreateIdentityObject (
(VtLibCtx)libCtx, (VtIdentityImpl *)0, (Pointer)0, &idObj);
if (status != 0)
break;
/* Use the encoded ID to set the ID object.
*/
status = VtDecodeIdentity (
encoding, encodingLen, decoders, decoderCount, &schemaType, idObj);
if (status != 0)
{
/* If the reason the function failed is just that it didn't know
* what the encoding was, that's not an error.
*/
if (status != VT_ERROR_UNKNOWN_SCHEMA)
break;
status = 0;
break;
}
/* We have an identity object, add it to the identity list.
*/
status = VtAddIdObjectToIdentityList (recipients, idObj, &index);
} while (0);
VtDestroyIdentityObject (&idObj);
if (encoding != (unsigned char *)0)
Z2Free (encoding);
return (status);
}
int VoltGetEncodedIdFromRecipInfoAlloc (
VoltLibCtx *libCtx,
Asn1RecipientInfo *recipInfo,
unsigned char **encodedId,
unsigned int *encodedIdLen
)
{
int status;
unsigned int index, encodingLen, lengthLen, valueLen, b64DataLen;
unsigned char *encoding, *b64Data;
unsigned char *buffer = (unsigned char *)0;
VtAlgorithmObject base64 = (VtAlgorithmObject)0;
VtBase64Info base64Info;
unsigned char expectedTags[7] = { 0x30, 0x30, 0x31, 0x30, 0x06, 0x0c, 0x02 };
unsigned char expectedOid[VoltIdAtNameOidBytesLen] =
{ VoltIdAtNameOidBytes };
/* The IssuerAndSerialNumber should look like this.
*
* 30 len SEQ: IssuerAndSerialNumber
* 30 len SEQ OF RDN
* 31 len SET OF Attribute
* 30 len SEQ: Attribute
* 06 03 OID
* 55 04 29
* 0c len value (ANY, UTF8String)
* <Base64 of encoded ID>
* 02 01 INTEGER: serialNumber
* 01
*
* If it doesn't look like that (either it doesn't have that
* structure or the OID is not the same or the serialNumber is not 1),
* just return 0.
* Actually, the value can be UTF8String or PrintableString. This
* function will accept either.
*/
encoding = recipInfo->issuerSerial->base.data;
encodingLen = (unsigned int)(recipInfo->issuerSerial->base.length);
/* Check each of the tags.
*/
for (index = 0; index < 7; ++index)
{
/* Any encoding? If not, this wasn't the Base64 encoding of the
* encoded identity.
*/
if (encodingLen == 0)
return (VT_ERROR_UNKNOWN_BER);
if (VoltDecodeDerLength (
encoding, encodingLen, &lengthLen, &valueLen) != 0)
return (VT_ERROR_UNKNOWN_BER);
/* For the first 4 tags, just move on to the next tag.
*/
if (index < 4)
{
/* Expected tag?
*/
if (encoding[0] != expectedTags[index])
return (VT_ERROR_UNKNOWN_BER);
encoding += (1 + lengthLen);
encodingLen -= (1 + lengthLen);
continue;
}
/* This tag is supposed to be the OID.
*/
if (index == 4)
{
/* Expected tag?
*/
if (encoding[0] != expectedTags[index])
return (VT_ERROR_UNKNOWN_BER);
if (encodingLen <= (1 + lengthLen + valueLen))
return (VT_ERROR_UNKNOWN_BER);
if (valueLen != VoltIdAtNameOidBytesLen)
return (VT_ERROR_UNKNOWN_BER);
if (Z2Memcmp (
encoding + 1 + lengthLen, expectedOid, VoltIdAtNameOidBytesLen) != 0)
return (VT_ERROR_UNKNOWN_BER);
encoding += (1 + lengthLen + valueLen);
encodingLen -= (1 + lengthLen + valueLen);
continue;
}
/* This should be the Base64 encoded identity.
*/
if (index == 5)
{
/* Expected tag?
*/
if ( (encoding[0] != 0x0c) && (encoding[0] != 0x13) )
return (VT_ERROR_UNKNOWN_BER);
if (encodingLen <= (1 + lengthLen + valueLen))
return (VT_ERROR_UNKNOWN_BER);
b64Data = encoding + 1 + lengthLen;
b64DataLen = valueLen;
encoding += (1 + lengthLen + valueLen);
encodingLen -= (1 + lengthLen + valueLen);
continue;
}
/* This should be the serial number and it should be 1.
*/
if (encodingLen < (1 + lengthLen + valueLen))
return (VT_ERROR_UNKNOWN_BER);
/* Expected tag?
*/
if (encoding[0] != expectedTags[index])
return (VT_ERROR_UNKNOWN_BER);
if (valueLen != 1)
return (VT_ERROR_UNKNOWN_BER);
encoding += (1 + lengthLen);
if (encoding[0] != 1)
return (VT_ERROR_UNKNOWN_BER);
}
do
{
/* Build the object that will Base64 decode the identity.
*/
base64Info.base64BlockSize = 76;
base64Info.newLineCharacter = VT_BASE64_NO_NEW_LINE;
base64Info.errorCheck = VT_BASE64_NO_ERROR_CHECK;
status = VtCreateAlgorithmObject (
(VtLibCtx)libCtx, VtAlgorithmImplBase64, (Pointer)&base64Info,
&base64);
if (status != 0)
break;
status = VtDecodeInit (base64);
if (status != 0)
break;
/* How big does the buffer need to be?
*/
status = VtDecodeFinal (
base64, (VtRandomObject)0, b64Data, b64DataLen,
(unsigned char *)0, 0, &valueLen);
if (status == 0)
status = VT_ERROR_UNKNOWN_BER;
if (status != VT_ERROR_BUFFER_TOO_SMALL)
break;
status = VT_ERROR_MEMORY;
buffer = (unsigned char *)Z2Malloc (valueLen, 0);
if (buffer == (unsigned char *)0)
break;
/* Decode into the buffer.
*/
status = VtDecodeFinal (
base64, (VtRandomObject)0, b64Data, b64DataLen,
buffer, valueLen, &valueLen);
if (status != 0)
break;
*encodedId = buffer;
*encodedIdLen = valueLen;
} while (0);
VtDestroyAlgorithmObject (&base64);
/* If success, we're done.
*/
if (status == 0)
return (0);
/* If error, free the buffer.
*/
if (buffer != (unsigned char *)0)
Z2Free (buffer);
return (status);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -