readsign.c

voltage 公司提供的一个开发Ibe的工具包

      status = VtGetDistrictParam (
        district, VtDistrictParamTrustedCerts, (Pointer *)&getCerts);
      if (status == 0)
      {
        trustedCerts.certObjects = getCerts->certObjects;
        trustedCerts.count = getCerts->count;
      }
    }

    status = VtVerifyCert (
      signerCert, certVerifyCtx, verifyCtxInfo,
      readCtx->DerCoders, readCtx->derCoderCount,
      &trustedCerts, &untrustedCerts, storageCtx, verifyStack,
      &sigResult);
    if (status != 0)
      break;

    if (sigResult == 0)
      break;

    /* If we get this far, the cert verifies, set verifyResult to 1.
     */
    *verifyResult = 1;

  } while (0);

  if (newDigest != (unsigned char *)0)
    Z2Free (newDigest);

  VtDestroyKeyObject (&pubKey);
  VtDestroyAlgorithmObject (&verifier);
  VtDestroyDistrictObject (&district);

  return (status);
}

static int AddCertToList (
   VoltLibCtx *libCtx,
   VoltPkcs7ReadSignCtx *readCtx,
   unsigned char *certDer,
   unsigned int certDerLen
   )
{
  int status;
  unsigned int bufferSize, index;
  VtCertObject newCert = (VtCertObject)0;
  VtCertObject *newList = (VtCertObject *)0;
  VtCertInfo certInfo;

  do
  {
    status = VtCreateCertObject (
      (VtLibCtx)libCtx, VtCertImplMpCtx, (Pointer)(readCtx->mpCtx),
      &newCert);
    if (status != 0)
      break;

    certInfo.derCoders = readCtx->DerCoders;
    certInfo.derCoderCount = readCtx->derCoderCount;
    certInfo.cert = certDer;
    certInfo.certLen = certDerLen;
    status = VtSetCertParam (
      newCert, VtCertParamX509Der, (Pointer)&certInfo);
    if (status != 0)
      break;

    /* Allocate enough to hold the certs currently in the list and this
     * new cert.
     */
    status = VT_ERROR_MEMORY;
    bufferSize = (readCtx->msgCertsCount + 1) * sizeof (VtCertObject);
    newList = (VtCertObject *)Z2Malloc (bufferSize, 0);
    if (newList == (VtCertObject *)0)
      break;
    Z2Memset (newList, 0, bufferSize);

    /* Copy the old into the new.
     */
    for (index = 0; index < readCtx->msgCertsCount; ++index)
      newList[index] = readCtx->msgCerts[index];

    newList[index] = newCert;

    /* Free the old.
     */
    if (readCtx->msgCerts != (VtCertObject *)0)
      Z2Free (readCtx->msgCerts);

    /* Load the new.
     */
    readCtx->msgCerts = newList;
    readCtx->msgCertsCount++;

    status = 0;

  } while (0);

  if (status == 0)
    return (0);

  /* If error, destroy what we created.
   */
  VtDestroyCertObject (&newCert);
  if (newList != (VtCertObject *)0)
    Z2Free (newList);

  return (status);
}

static int AddSignerInfoToList (
   VoltLibCtx *libCtx,
   VoltPkcs7ReadSignCtx *readCtx,
   unsigned char *encoding,
   unsigned int encodingLen
   )
{
  int status;
  unsigned int bufferSize, index, indexA, authAttrsCount;
  unsigned int theTag, lengthLen, valueLen;
  VoltSignerInfoData *newList = (VoltSignerInfoData *)0;
  Asn1SignerInfo *newSi = (Asn1SignerInfo *)0;
  unsigned char *temp;
  Asn1P9Attribute **authAttrs = (Asn1P9Attribute **)0;
  Asn1Encoded *attrValue;
  unsigned char signTimeOid[VoltP9AtSignTimeOidBytesLen] =
    { VoltP9AtSignTimeOidBytes };

  do
  {
    /* Create a new list.
     */
    status = VT_ERROR_MEMORY;
    bufferSize = (readCtx->signerInfosCount + 1) * sizeof (VoltSignerInfoData);
    newList = (VoltSignerInfoData *)Z2Malloc (bufferSize, 0);
    if (newList == (VoltSignerInfoData *)0)
      break;
    Z2Memset (newList, 0, bufferSize);

    /* Copy the old into the new.
     */
    for (index = 0; index < readCtx->signerInfosCount; ++index)
      newList[index] = readCtx->signerInfos[index];

    /* Get rid of the old.
     */
    if (readCtx->signerInfos != (VoltSignerInfoData *)0)
      Z2Free (readCtx->signerInfos);

    readCtx->signerInfos = newList;
    readCtx->signerInfosCount++;

    newSi = Asn1SignerInfo_new ();
    if (newSi == (Asn1SignerInfo *)0)
      break;

    status = VT_ERROR_INVALID_ENCODING;
    temp = encoding;
    d2i_Asn1SignerInfo (&newSi, &temp, encodingLen);
    if (newSi == (Asn1SignerInfo *)0)
      break;

    readCtx->signerInfos[index].signerInfo = newSi;

    status = DecodeAuthAttributesAlloc (
      libCtx, newSi, &(readCtx->signerInfos[index].authAttrs),
      &(readCtx->signerInfos[index].authAttrsCount));
    if (status != 0)
      break;

    /* Get the time attribute and convert it to VtTime.
     */
    authAttrs = readCtx->signerInfos[index].authAttrs;
    authAttrsCount = readCtx->signerInfos[index].authAttrsCount;

    for (indexA = 0; indexA < authAttrsCount; ++indexA)
    {
      if (authAttrs[indexA]->attrType->base.length !=
        VoltP9AtSignTimeOidBytesLen)
        continue;

      if (Z2Memcmp (
        authAttrs[indexA]->attrType->base.data, signTimeOid,
        VoltP9AtSignTimeOidBytesLen) != 0)
        continue;

      attrValue = (Asn1Encoded *)sk_value (authAttrs[indexA]->attrValues, 0);
      status = VoltDecodeTagAndLen (
        attrValue->base.data, (unsigned int)(attrValue->base.length),
        &theTag, &lengthLen, &valueLen);
      if (status != 0)
        break;

      if ( (theTag == VOLT_UTC_TIME_TAG) && (valueLen == VOLT_UTC_LEN) )
      {
        status = VoltConvertUTCToVtTime (
          attrValue->base.data + 1 + lengthLen,
          &(readCtx->signerInfos[index].signingTime));
        break;
      }
      else if ( (theTag == VOLT_GEN_TIME_TAG) && (valueLen == VOLT_GEN_LEN) )
      {
        status = VoltConvertGenTimeToVtTime (
          attrValue->base.data + 1 + lengthLen, valueLen,
          &(readCtx->signerInfos[index].signingTime));
        break;
      }
      else
      {
        status = VT_ERROR_INVALID_INPUT;
        break;
      }
    }

  } while (0);

  return (status);
}

static int DecodeAuthAttributesAlloc (
   VoltLibCtx *libCtx,
   Asn1SignerInfo *signerInfo,
   Asn1P9Attribute ***attributes,
   unsigned int *attributeCount
   )
{
  int status;
  unsigned int encodingLen, tempLen, lengthLen, valueLen, count, index;
  Asn1P9Attribute *newAttr = (Asn1P9Attribute *)0;
  Asn1P9Attribute **authAttrs = (Asn1P9Attribute **)0;
  unsigned char *encoding = signerInfo->authAttributes->base.data;
  unsigned char *temp;

  *attributes = (Asn1P9Attribute **)0;
  *attributeCount = 0;
  encodingLen = (unsigned int)(signerInfo->authAttributes->base.length);

  do
  {
    /* Move the pointer to the first attribute.
     */
    status = VoltDecodeDerLength (encoding, encodingLen, &lengthLen, &valueLen);
    if (status != 0)
      break;

    encoding += (1 + lengthLen);
    encodingLen -= (1 + lengthLen);
    temp = encoding;
    tempLen = encodingLen;

    /* Verify the lengths.
     */
    if (valueLen == 0)
      break;
    status = VT_ERROR_INVALID_ENCODING;
    if (tempLen < valueLen)
      break;

    /* Make sure we're only looking at the encoding.
     */
    tempLen = valueLen;

    /* Count the attributes.
     */
    count = 0;
    do
    {
      /* Get the stats on this attribute.
       */
      status = VoltDecodeDerLength (temp, tempLen, &lengthLen, &valueLen);
      if (status != 0)
        break;

      /* Valid stats?
       */
      status = VT_ERROR_INVALID_ENCODING;
      if (tempLen < (valueLen + lengthLen + 1))
        break;

      /* Move to the next attribute.
       */
      temp += (valueLen + lengthLen + 1);
      tempLen -= (valueLen + lengthLen + 1);
      status = 0;
      count++;
    } while (tempLen > 0);
    if (status != 0)
      break;

    /* Allocate the array.
     */
    status = VT_ERROR_MEMORY;
    authAttrs = (Asn1P9Attribute **)Z2Malloc (
      count * sizeof (Asn1P9Attribute *), 0);
    if (authAttrs == (Asn1P9Attribute **)0)
      break;
    Z2Memset (authAttrs, 0, count * sizeof (Asn1P9Attribute *));

    /* Run through the attributes again, this time creating an object
     * and decoding.
     */
    for (index = 0; index < count; ++index)
    {
      status = VT_ERROR_MEMORY;
      newAttr = Asn1P9Attribute_new ();
      if (newAttr == (Asn1P9Attribute *)0)
        break;

      /* We want just the attribute.
       */
      status = VoltDecodeDerLength (
        encoding, encodingLen, &lengthLen, &valueLen);
      if (status != 0)
        break;

      /* Decode, the length check is a sanity check, if the loop that
       * counted the number of attributes was correct, this will never
       * fail.
       */
      status = VT_ERROR_INVALID_ENCODING;
      if (encodingLen < (valueLen + lengthLen + 1))
        break;
      temp = encoding;
      d2i_Asn1P9Attribute (&newAttr, &temp, (valueLen + lengthLen + 1));
      if (newAttr == (Asn1P9Attribute *)0)
        break;

      encoding += (valueLen + lengthLen + 1);
      encodingLen -= (valueLen + lengthLen + 1);
      authAttrs[index] = newAttr;
      newAttr = (Asn1P9Attribute *)0;
      status = 0;
    }
    if (status != 0)
      break;

    *attributes = authAttrs;
    *attributeCount = count;

  } while (0);

  /* If success, we're done.
   */
  if (status == 0)
    return (0);

  /* If there was an error, destroy what we created, it won't be
   * returned.
   */
  if (newAttr != (Asn1P9Attribute *)0)
    Asn1P9Attribute_free (newAttr);

  if (authAttrs != (Asn1P9Attribute **)0)
  {
    for (index = 0; index < count; ++index)
    {
      if (authAttrs[index] != (Asn1P9Attribute *)0)
        Asn1P9Attribute_free (authAttrs[index]);
    }
    Z2Free (authAttrs);
  }

  return (status);
}

static int VerifyAuthAttribute (
   VoltLibCtx *libCtx,
   unsigned int flag,
   Asn1P9Attribute **attributes,
   unsigned int attributeCount,
   unsigned char *baseValue,
   unsigned int baseValueLen
   )
{
  int status;
  unsigned int theOidLen, theTag;
  unsigned int index, count, lengthLen, valueLen;
  Asn1Encoded *value;
  unsigned char *theOid;
  unsigned char contentTypeOid[VoltP9AtContentTypeOidBytesLen] =
    { VoltP9AtContentTypeOidBytes };
  unsigned char digestOid[VoltP9AtDigestOidBytesLen] =
    { VoltP9AtDigestOidBytes };

  do
  {
    /* Figure out what we're looking for.
     */
    if (flag == VOLT_P9_ATTRIBUTE_CONTENT_TYPE)
    {
      theOid = contentTypeOid;
      theOidLen = VoltP9AtContentTypeOidBytesLen;
      theTag = 6;
    }
    else if (flag == VOLT_P9_ATTRIBUTE_DIGEST)
    {
      theOid = digestOid;
      theOidLen = VoltP9AtDigestOidBytesLen;
      theTag = 4;
    }
    else
    {
      status = VT_ERROR_INVALID_ENCODING;
      break;
    }

    /* First, find the appropriate attribute.
     */
    status = FindAuthAttribute (
      libCtx, theOid, theOidLen, attributes, attributeCount, &index);
    if (status != 0)
      return (status);

    /* There should be one attribute value.
     */
    count = sk_num (attributes[index]->attrValues);
    if (count != 1)
      return (VT_ERROR_INVALID_ENCODING);

    /* Get the Asn1Encoded.
     */
    value = (Asn1Encoded *)sk_value (attributes[index]->attrValues, 0);

    /* The value should be an atomic unit.
     */
    status = VoltDecodeDerLength (
      value->base.data, (unsigned int)(value->base.length), &lengthLen,
      &valueLen);
    if (status != 0)
      break;

    status = VT_ERROR_INVALID_ENCODING;
    if (value->base.length < (int)(valueLen + lengthLen + 1))
      break;

    if (value->base.data[0] != theTag)
      break;

    /* Compare the data.
     */
    if (valueLen != baseValueLen)
      break;

    if (Z2Memcmp (
      value->base.data + (lengthLen + 1), baseValue, valueLen) != 0)
      break;

    /* It matches, return success.
     */
    status = 0;

  } while (0);

  return (status);
}

static int FindAuthAttribute (
   VoltLibCtx *libCtx,
   unsigned char *oid,
   unsigned int oidLen,
   Asn1P9Attribute **attributes,
   unsigned int attributeCount,
   unsigned int *index
   )
{
  unsigned int indexA;

  *index = 0;

  for (indexA = 0; indexA < attributeCount; ++indexA)
  {
    if (attributes[indexA]->attrType->base.length != (int)oidLen)
      continue;
    if (Z2Memcmp (
      attributes[indexA]->attrType->base.data, oid, oidLen) != 0)
      continue;

    /* We found the match, return the index.
     */
    *index = indexA;
    return (0);
  }

  /* If the program reaches this point it found no match, return the
   * error.
   */
  return (VT_ERROR_INVALID_ENCODING);
}