static VALUE
ossl_pkcs7_get_detached(VALUE self)
{
PKCS7 *p7;
GetPKCS7(self, p7);
return PKCS7_get_detached(p7) ? Qtrue : Qfalse;
}
/* Getting encapsulated TS_TST_INFO object from PKCS7. */
TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token)
{
PKCS7_SIGNED *pkcs7_signed;
PKCS7 *enveloped;
ASN1_TYPE *tst_info_wrapper;
ASN1_OCTET_STRING *tst_info_der;
const unsigned char *p;
if (!PKCS7_type_is_signed(token)) {
TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE);
return NULL;
}
if (PKCS7_get_detached(token)) {
TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_DETACHED_CONTENT);
return NULL;
}
pkcs7_signed = token->d.sign;
enveloped = pkcs7_signed->contents;
if (OBJ_obj2nid(enveloped->type) != NID_id_smime_ct_TSTInfo) {
TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE);
return NULL;
}
tst_info_wrapper = enveloped->d.other;
if (tst_info_wrapper->type != V_ASN1_OCTET_STRING) {
TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_TYPE);
return NULL;
}
tst_info_der = tst_info_wrapper->value.octet_string;
p = tst_info_der->data;
return d2i_TS_TST_INFO(NULL, &p, tst_info_der->length);
}
/* Getting encapsulated TS_TST_INFO object from PKCS7. */
TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token)
{
PKCS7_SIGNED *pkcs7_signed;
PKCS7 *enveloped;
ASN1_TYPE *tst_info_wrapper;
ASN1_OCTET_STRING *tst_info_der;
const unsigned char *p;
if (!PKCS7_type_is_signed(token))
{
TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE);
return NULL;
}
/* Content must be present. */
if (PKCS7_get_detached(token))
{
TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_DETACHED_CONTENT);
return NULL;
}
/* We have a signed data with content. */
pkcs7_signed = token->d.sign;
enveloped = pkcs7_signed->contents;
if (OBJ_obj2nid(enveloped->type) != NID_id_smime_ct_TSTInfo)
{
TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE);
return NULL;
}
/* We have a DER encoded TST_INFO as the signed data. */
tst_info_wrapper = enveloped->d.other;
if (tst_info_wrapper->type != V_ASN1_OCTET_STRING)
{
TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_TYPE);
return NULL;
}
/* We have the correct ASN1_OCTET_STRING type. */
tst_info_der = tst_info_wrapper->value.octet_string;
/* At last, decode the TST_INFO. */
p = tst_info_der->data;
return d2i_TS_TST_INFO(NULL, &p, tst_info_der->length);
}
static LUA_FUNCTION(openssl_pkcs7_verify_digest)
{
PKCS7 *p7 = CHECK_OBJECT(1, PKCS7, "openssl.pkcs7");
STACK_OF(X509) *certs = lua_isnoneornil(L, 2) ? NULL : openssl_sk_x509_fromtable(L, 2);
X509_STORE *store = lua_isnoneornil(L, 3) ? NULL : CHECK_OBJECT(3, X509_STORE, "openssl.x509_store");
size_t len;
const char* data = luaL_checklstring(L, 4, &len);
long flags = luaL_optint(L, 5, 0);
int hash = lua_isnoneornil(L, 6) ? 0 : lua_toboolean(L, 6);
STACK_OF(X509) *signers;
X509 *signer;
STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
PKCS7_SIGNER_INFO *si;
X509_STORE_CTX cert_ctx;
int i, j = 0, k, ret = 0;
if (!PKCS7_type_is_signed(p7))
{
luaL_error(L, "pkcs7 must be signedData");
}
/* Check for no data and no content: no data to verify signature */
if (!PKCS7_get_detached(p7))
{
luaL_error(L, "pkcs7 must be detached signedData");
}
sinfos = PKCS7_get_signer_info(p7);
if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos))
{
luaL_error(L, "pkcs7 signedData without signature");
}
signers = PKCS7_get0_signers(p7, certs, flags);
if (!signers)
{
luaL_error(L, "pkcs7 signedData without signers");
}
if (!store)
flags |= PKCS7_NOVERIFY;
/* Now verify the certificates */
if (!(flags & PKCS7_NOVERIFY))
for (k = 0; k < sk_X509_num(signers); k++)
{
signer = sk_X509_value(signers, k);
if (!(flags & PKCS7_NOCHAIN))
{
if (!X509_STORE_CTX_init(&cert_ctx, store, signer,
p7->d.sign->cert))
{
PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
goto err;
}
X509_STORE_CTX_set_default(&cert_ctx, "smime_sign");
}
else if (!X509_STORE_CTX_init(&cert_ctx, store, signer, NULL))
{
PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
goto err;
}
if (!(flags & PKCS7_NOCRL))
X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl);
i = X509_verify_cert(&cert_ctx);
if (i <= 0)
j = X509_STORE_CTX_get_error(&cert_ctx);
X509_STORE_CTX_cleanup(&cert_ctx);
if (i <= 0)
{
PKCS7err(PKCS7_F_PKCS7_VERIFY,
PKCS7_R_CERTIFICATE_VERIFY_ERROR);
ERR_add_error_data(2, "Verify error:",
X509_verify_cert_error_string(j));
goto err;
}
/* Check for revocation status here */
}
/* Now Verify All Signatures */
if (!(flags & PKCS7_NOSIGS))
for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
{
si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
signer = sk_X509_value(signers, i);
j = PKCS7_signatureVerify_digest(p7, si, signer,
(const unsigned char*) data, len, hash);
if (j <= 0)
{
PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_SIGNATURE_FAILURE);
goto err;
}
}
ret = 1;
err:
if (certs)
sk_X509_pop_free(certs, X509_free);
sk_X509_free(signers);
return openssl_pushresult(L, ret);
}
char* /* returns contents of the signed message, NULL if error */
smime_verify_signature(const char* pubkey,
const char* sig_entity, /* signed entity
or just the sigature */
const char* detached_data, /* possibly NULL */
int detached_data_len)
{
X509* x509 = NULL;
PKCS7* p7 = NULL;
STACK_OF(PKCS7_SIGNER_INFO)* sigs = NULL;
X509_STORE* certs=NULL;
BIO* detached = NULL;
BIO* p7bio = NULL;
BIO* wbio = NULL;
char* data = NULL;
char buf[4096];
int i,x;
if (!sig_entity || !pubkey) GOTO_ERR("NULL arg(s)");
if (!(p7 = get_pkcs7_from_pem(sig_entity))) goto err;
/* Hmm, if its clear signed, we already provided the detached sig, but
* if its one sig blob, may be PKCS7_get_detached() provides BIO connected
* to the detached part. Go figure.
*/
if (detached_data && detached_data_len) {
if (!(detached = set_read_BIO_from_buf(detached_data, detached_data_len)))
goto err;
} else {
if (!PKCS7_get_detached(p7))
GOTO_ERR("15 cant extract signed data from signed entity (PKCS7_get_detached)");
}
if (!(p7bio=PKCS7_dataInit(p7,detached))) GOTO_ERR("PKCS7_dataInit");
if (!(wbio = BIO_new(BIO_s_mem()))) GOTO_ERR("no memory?");
/* We now have to 'read' from p7bio to calculate message digest(s).
* I also take the opportunity to save the signed data. */
for (;;) {
i = BIO_read(p7bio,buf,sizeof(buf));
if (i <= 0) break;
BIO_write(wbio, buf, i);
}
if (get_written_BIO_data(wbio, &data)==-1) goto err;
BIO_free_all(wbio);
wbio = NULL;
/* We can now verify signatures */
if (!(sigs=PKCS7_get_signer_info(p7)))
GOTO_ERR("13 no sigs? (PKCS7_get_signer_info)");
/* Ok, first we need to, for each subject entry, see if we can verify */
for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sigs); i++) {
X509_STORE_CTX cert_ctx;
PKCS7_SIGNER_INFO *si;
ASN1_UTCTIME *tm;
char *str1,*str2;
si=sk_PKCS7_SIGNER_INFO_value(sigs,i);
/* The bio is needed here only to lookup the message digest context
* which presumably now contains the message digest. It will not be
* read, and hence its good for any number of iterations. This is so
* because MD bios pass the data right thru so they can be stacked
* to calculate multiple message digests simultaneously. Clever, eh?
*/
#if 0
/* *** this is currently broken and thus disabled. --Sampo */
/* verifies by looking up the certificate from certs database,
* verifying the validity of the certificate, and finally
* validity of the signature */
x=PKCS7_dataVerify(certs, &cert_ctx, p7bio, p7, si);
#else
/* just verify the signature, given that we already have certificate
* candidate (see crypto/pk7_doit.c around line 675) */
if (!(x509 = extract_certificate(pubkey))) goto err;
x=PKCS7_signatureVerify(p7bio, p7, si, x509);
#endif
if (x <= 0) GOTO_ERR("14 sig verify failed");
#if 0
if ((tm=get_signed_time(si)) != NULL) {
//fprintf(stderr,"Signed time:");
//ASN1_UTCTIME_print(bio_out,tm);
ASN1_UTCTIME_free(tm);
//BIO_printf(bio_out,"\n");
}
#endif
#if 0
if (get_signed_seq2string(si,&str1,&str2)) {
fprintf(stderr,"String 1 is %s\n",str1);
fprintf(stderr,"String 2 is %s\n",str2);
}
#endif
}
BIO_free_all(p7bio);
PKCS7_free(p7);
X509_STORE_free(certs);
return data; /* return the signed plain text */
err:
if (wbio) BIO_free_all(wbio);
if (p7bio) BIO_free_all(p7bio);
if (p7) PKCS7_free(p7);
if (certs) X509_STORE_free(certs);
if (data) Free(data);
return NULL;
}
