| 1 | /* $Id: pkix-util.cpp 100442 2023-07-08 11:10:51Z vboxsync $ */
|
|---|
| 2 | /** @file
|
|---|
| 3 | * IPRT - Crypto - Public Key Infrastructure API, Utilities.
|
|---|
| 4 | */
|
|---|
| 5 |
|
|---|
| 6 | /*
|
|---|
| 7 | * Copyright (C) 2006-2023 Oracle and/or its affiliates.
|
|---|
| 8 | *
|
|---|
| 9 | * This file is part of VirtualBox base platform packages, as
|
|---|
| 10 | * available from https://www.virtualbox.org.
|
|---|
| 11 | *
|
|---|
| 12 | * This program is free software; you can redistribute it and/or
|
|---|
| 13 | * modify it under the terms of the GNU General Public License
|
|---|
| 14 | * as published by the Free Software Foundation, in version 3 of the
|
|---|
| 15 | * License.
|
|---|
| 16 | *
|
|---|
| 17 | * This program is distributed in the hope that it will be useful, but
|
|---|
| 18 | * WITHOUT ANY WARRANTY; without even the implied warranty of
|
|---|
| 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|---|
| 20 | * General Public License for more details.
|
|---|
| 21 | *
|
|---|
| 22 | * You should have received a copy of the GNU General Public License
|
|---|
| 23 | * along with this program; if not, see <https://www.gnu.org/licenses>.
|
|---|
| 24 | *
|
|---|
| 25 | * The contents of this file may alternatively be used under the terms
|
|---|
| 26 | * of the Common Development and Distribution License Version 1.0
|
|---|
| 27 | * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
|
|---|
| 28 | * in the VirtualBox distribution, in which case the provisions of the
|
|---|
| 29 | * CDDL are applicable instead of those of the GPL.
|
|---|
| 30 | *
|
|---|
| 31 | * You may elect to license modified versions of this file under the
|
|---|
| 32 | * terms and conditions of either the GPL or the CDDL or both.
|
|---|
| 33 | *
|
|---|
| 34 | * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
|
|---|
| 35 | */
|
|---|
| 36 |
|
|---|
| 37 |
|
|---|
| 38 | /*********************************************************************************************************************************
|
|---|
| 39 | * Header Files *
|
|---|
| 40 | *********************************************************************************************************************************/
|
|---|
| 41 | #include "internal/iprt.h"
|
|---|
| 42 | #include <iprt/crypto/pkix.h>
|
|---|
| 43 |
|
|---|
| 44 | #include <iprt/asn1.h>
|
|---|
| 45 | #include <iprt/assert.h>
|
|---|
| 46 | #include <iprt/err.h>
|
|---|
| 47 | #include <iprt/crypto/rsa.h>
|
|---|
| 48 |
|
|---|
| 49 |
|
|---|
| 50 | RTDECL(const char *) RTCrPkixGetCiperOidFromSignatureAlgorithmOid(const char *pszSignatureOid)
|
|---|
| 51 | {
|
|---|
| 52 | return RTCrX509AlgorithmIdentifier_GetEncryptionOidFromOid(pszSignatureOid, true /*fMustIncludeHash*/);
|
|---|
| 53 | }
|
|---|
| 54 |
|
|---|
| 55 |
|
|---|
| 56 | RTDECL(const char *) RTCrPkixGetCiperOidFromSignatureAlgorithm(PCRTASN1OBJID pAlgorithm)
|
|---|
| 57 | {
|
|---|
| 58 | return RTCrX509AlgorithmIdentifier_GetEncryptionOidFromOid(pAlgorithm->szObjId, true /*fMustIncludeHash*/);
|
|---|
| 59 | }
|
|---|
| 60 |
|
|---|
| 61 |
|
|---|
| 62 | RTDECL(bool) RTCrPkixPubKeyCanHandleDigestType(PCRTCRX509SUBJECTPUBLICKEYINFO pPublicKeyInfo, RTDIGESTTYPE enmDigestType,
|
|---|
| 63 | PRTERRINFO pErrInfo)
|
|---|
| 64 | {
|
|---|
| 65 | bool fRc = false;
|
|---|
| 66 | if (RTCrX509SubjectPublicKeyInfo_IsPresent(pPublicKeyInfo))
|
|---|
| 67 | {
|
|---|
| 68 | void const * const pvKeyBits = RTASN1BITSTRING_GET_BIT0_PTR(&pPublicKeyInfo->SubjectPublicKey);
|
|---|
| 69 | uint32_t const cbKeyBits = RTASN1BITSTRING_GET_BYTE_SIZE(&pPublicKeyInfo->SubjectPublicKey);
|
|---|
| 70 | RTASN1CURSORPRIMARY PrimaryCursor;
|
|---|
| 71 | union
|
|---|
| 72 | {
|
|---|
| 73 | RTCRRSAPUBLICKEY RsaPublicKey;
|
|---|
| 74 | } u;
|
|---|
| 75 |
|
|---|
| 76 | if (RTAsn1ObjId_CompareWithString(&pPublicKeyInfo->Algorithm.Algorithm, RTCR_PKCS1_RSA_OID) == 0)
|
|---|
| 77 | {
|
|---|
| 78 | /*
|
|---|
| 79 | * RSA.
|
|---|
| 80 | */
|
|---|
| 81 | RTAsn1CursorInitPrimary(&PrimaryCursor, pvKeyBits, cbKeyBits, pErrInfo, &g_RTAsn1DefaultAllocator,
|
|---|
| 82 | RTASN1CURSOR_FLAGS_DER, "rsa");
|
|---|
| 83 |
|
|---|
| 84 | RT_ZERO(u.RsaPublicKey);
|
|---|
| 85 | int rc = RTCrRsaPublicKey_DecodeAsn1(&PrimaryCursor.Cursor, 0, &u.RsaPublicKey, "PublicKey");
|
|---|
| 86 | if (RT_SUCCESS(rc))
|
|---|
| 87 | fRc = RTCrRsaPublicKey_CanHandleDigestType(&u.RsaPublicKey, enmDigestType, pErrInfo);
|
|---|
| 88 | RTCrRsaPublicKey_Delete(&u.RsaPublicKey);
|
|---|
| 89 | }
|
|---|
| 90 | else
|
|---|
| 91 | {
|
|---|
| 92 | /** @todo ECDSA when adding signing support. */
|
|---|
| 93 | RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_CIPHER_ALGO_NOT_KNOWN, "%s", pPublicKeyInfo->Algorithm.Algorithm.szObjId);
|
|---|
| 94 | AssertMsgFailed(("unknown key algorithm: %s\n", pPublicKeyInfo->Algorithm.Algorithm.szObjId));
|
|---|
| 95 | fRc = true;
|
|---|
| 96 | }
|
|---|
| 97 | }
|
|---|
| 98 | return fRc;
|
|---|
| 99 | }
|
|---|
| 100 |
|
|---|
| 101 |
|
|---|
| 102 | RTDECL(bool) RTCrPkixCanCertHandleDigestType(PCRTCRX509CERTIFICATE pCertificate, RTDIGESTTYPE enmDigestType, PRTERRINFO pErrInfo)
|
|---|
| 103 | {
|
|---|
| 104 | if (RTCrX509Certificate_IsPresent(pCertificate))
|
|---|
| 105 | return RTCrPkixPubKeyCanHandleDigestType(&pCertificate->TbsCertificate.SubjectPublicKeyInfo, enmDigestType, pErrInfo);
|
|---|
| 106 | return false;
|
|---|
| 107 | }
|
|---|
| 108 |
|
|---|
