archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 1b390dddff
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b390dddff'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/cryptoapi/mincrypt/lib/verdata.cpp

361 lines
12 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+-------------------------------------------------------------------------
  2. // Microsoft Windows
  3. //
  4. // Copyright (C) Microsoft Corporation, 2001 - 2001
  5. //
  6. // File: verdata.cpp
  7. //
  8. // Contents: Minimal Cryptographic functions to verify PKCS #7 Signed Data
  9. // message
  10. //
  11. //
  12. // Functions: MinCryptVerifySignedData
  13. //
  14. // History: 19-Jan-01 philh created
  15. //--------------------------------------------------------------------------
  17. #include "global.hxx"
  19. #define MAX_SIGNED_DATA_CERT_CNT 10
  20. #define MAX_SIGNED_DATA_AUTH_ATTR_CNT 10
  22. // #define szOID_RSA_signedData "1.2.840.113549.1.7.2"
  23. const BYTE rgbOID_RSA_signedData[] =
  24. {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02};
  26. // #define szOID_RSA_messageDigest "1.2.840.113549.1.9.4"
  27. const BYTE rgbOID_RSA_messageDigest[] =
  28. {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x04};
  29. const CRYPT_DER_BLOB RSA_messageDigestEncodedOIDBlob = {
  30. sizeof(rgbOID_RSA_messageDigest),
  31. (BYTE *) rgbOID_RSA_messageDigest
  32. };
  34. PCRYPT_DER_BLOB
  35. WINAPI
  36. I_MinCryptFindSignerCertificateByIssuerAndSerialNumber(
  37. IN PCRYPT_DER_BLOB pIssuerNameValueBlob,
  38. IN PCRYPT_DER_BLOB pIssuerSerialNumberContentBlob,
  39. IN DWORD cCert,
  40. IN CRYPT_DER_BLOB rgrgCertBlob[][MINASN1_CERT_BLOB_CNT]
  41. )
  42. {
  43. DWORD i;
  44. const BYTE *pbName = pIssuerNameValueBlob->pbData;
  45. DWORD cbName = pIssuerNameValueBlob->cbData;
  46. const BYTE *pbSerial = pIssuerSerialNumberContentBlob->pbData;
  47. DWORD cbSerial = pIssuerSerialNumberContentBlob->cbData;
  49. if (0 == cbName || 0 == cbSerial)
  50. return NULL;
  52. for (i = 0; i < cCert; i++) {
  53. PCRYPT_DER_BLOB rgCert = rgrgCertBlob[i];
  55. if (cbName == rgCert[MINASN1_CERT_ISSUER_IDX].cbData &&
  56. cbSerial == rgCert[MINASN1_CERT_SERIAL_NUMBER_IDX].cbData
  57. &&
  58. 0 == memcmp(pbSerial,
  59. rgCert[MINASN1_CERT_SERIAL_NUMBER_IDX].pbData,
  60. cbSerial)
  61. &&
  62. 0 == memcmp(pbName,
  63. rgCert[MINASN1_CERT_ISSUER_IDX].pbData,
  64. cbName))
  65. return rgCert;
  66. }
  68. return NULL;
  69. }
  71. // Verifies that the input hash matches the
  72. // szOID_RSA_messageDigest ("1.2.840.113549.1.9.4") authenticated attribute.
  73. //
  74. // Replaces the input hash with a hash of the authenticated attributes.
  75. LONG
  76. WINAPI
  77. I_MinCryptVerifySignerAuthenticatedAttributes(
  78. IN ALG_ID HashAlgId,
  79. IN OUT BYTE rgbHash[MINCRYPT_MAX_HASH_LEN],
  80. IN OUT DWORD *pcbHash,
  81. IN PCRYPT_DER_BLOB pAttrsValueBlob
  82. )
  83. {
  84. LONG lErr;
  85. DWORD cAttr;
  86. CRYPT_DER_BLOB rgrgAttrBlob[MAX_SIGNED_DATA_AUTH_ATTR_CNT][MINASN1_ATTR_BLOB_CNT];
  87. PCRYPT_DER_BLOB rgDigestAuthAttr;
  89. const BYTE *pbDigestAuthValue;
  90. DWORD cbDigestAuthValue;
  92. CRYPT_DER_BLOB rgAuthHashBlob[2];
  93. const BYTE bTagSet = MINASN1_TAG_SET;
  95. // Parse the authenticated attributes
  96. cAttr = MAX_SIGNED_DATA_AUTH_ATTR_CNT;
  97. if (0 >= MinAsn1ParseAttributes(
  98. pAttrsValueBlob,
  99. &cAttr,
  100. rgrgAttrBlob) || 0 == cAttr)
  101. goto MissingAuthAttrs;
  103. // Find the szOID_RSA_messageDigest ("1.2.840.113549.1.9.4")
  104. // attribute value
  105. rgDigestAuthAttr = MinAsn1FindAttribute(
  106. (PCRYPT_DER_BLOB) &RSA_messageDigestEncodedOIDBlob,
  107. cAttr,
  108. rgrgAttrBlob
  109. );
  110. if (NULL == rgDigestAuthAttr)
  111. goto MissingDigestAuthAttr;
  113. // Skip past the digest's outer OCTET tag and length octets
  114. if (0 >= MinAsn1ExtractContent(
  115. rgDigestAuthAttr[MINASN1_ATTR_VALUE_IDX].pbData,
  116. rgDigestAuthAttr[MINASN1_ATTR_VALUE_IDX].cbData,
  117. &cbDigestAuthValue,
  118. &pbDigestAuthValue
  119. ))
  120. goto InvalidDigestAuthAttr;
  122. // Check that the authenticated digest bytes match the input
  123. // content hash.
  124. if (*pcbHash != cbDigestAuthValue ||
  125. 0 != memcmp(rgbHash, pbDigestAuthValue, cbDigestAuthValue))
  126. goto InvalidContentHash;
  128. // Hash the authenticated attributes. This hash will be compared against
  129. // the decrypted signature.
  131. // Note, the authenticated attributes "[0] Implicit" tag needs to be changed
  132. // to a "SET OF" tag before doing the hash.
  133. rgAuthHashBlob[0].pbData = (BYTE *) &bTagSet;
  134. rgAuthHashBlob[0].cbData = 1;
  135. assert(0 < pAttrsValueBlob->cbData);
  136. rgAuthHashBlob[1].pbData = pAttrsValueBlob->pbData + 1;
  137. rgAuthHashBlob[1].cbData = pAttrsValueBlob->cbData - 1;
  139. lErr = MinCryptHashMemory(
  140. HashAlgId,
  141. 2, // cBlob
  142. rgAuthHashBlob,
  143. rgbHash,
  144. pcbHash
  145. );
  147. CommonReturn:
  148. return lErr;
  150. MissingAuthAttrs:
  151. MissingDigestAuthAttr:
  152. InvalidDigestAuthAttr:
  153. lErr = CRYPT_E_AUTH_ATTR_MISSING;
  154. goto CommonReturn;
  156. InvalidContentHash:
  157. lErr = CRYPT_E_HASH_VALUE;
  158. goto CommonReturn;
  159. }
  162. //+-------------------------------------------------------------------------
  163. // Function: MinCryptVerifySignedData
  164. //
  165. // Verifies an ASN.1 encoded PKCS #7 Signed Data Message.
  166. //
  167. // Assumes the PKCS #7 message is definite length encoded.
  168. // Assumes PKCS #7 version 1.5, ie, not the newer CMS version.
  169. // We only look at the first signer.
  170. //
  171. // The Signed Data message is parsed. Its signature is verified. Its
  172. // signer certificate chain is verified to a baked in root public key.
  173. //
  174. // If the Signed Data was successfully verified, ERROR_SUCCESS is returned.
  175. // Otherwise, a nonzero error code is returned.
  176. //
  177. // Here are some interesting errors that can be returned:
  178. // CRYPT_E_BAD_MSG - unable to ASN1 parse as a signed data message
  179. // ERROR_NO_DATA - the content is empty
  180. // CRYPT_E_NO_SIGNER - not signed or unable to find signer cert
  181. // CRYPT_E_UNKNOWN_ALGO- unknown MD5 or SHA1 ASN.1 algorithm identifier
  182. // CERT_E_UNTRUSTEDROOT- the signer chain's root wasn't baked in
  183. // CERT_E_CHAINING - unable to build signer chain to a root
  184. // CRYPT_E_AUTH_ATTR_MISSING - missing digest authenticated attribute
  185. // CRYPT_E_HASH_VALUE - content hash != authenticated digest attribute
  186. // NTE_BAD_ALGID - unsupported hash or public key algorithm
  187. // NTE_BAD_PUBLIC_KEY - not a valid RSA public key
  188. // NTE_BAD_SIGNATURE - bad PKCS #7 or signer chain signature
  189. //
  190. // The rgVerSignedDataBlob[] is updated with pointer to and length of the
  191. // following fields in the encoded PKCS #7 message.
  192. //--------------------------------------------------------------------------
  193. LONG
  194. WINAPI
  195. MinCryptVerifySignedData(
  196. IN const BYTE *pbEncoded,
  197. IN DWORD cbEncoded,
  198. OUT CRYPT_DER_BLOB rgVerSignedDataBlob[MINCRYPT_VER_SIGNED_DATA_BLOB_CNT]
  199. )
  200. {
  201. LONG lErr;
  202. CRYPT_DER_BLOB rgParseSignedDataBlob[MINASN1_SIGNED_DATA_BLOB_CNT];
  203. DWORD cCert;
  204. CRYPT_DER_BLOB rgrgCertBlob[MAX_SIGNED_DATA_CERT_CNT][MINASN1_CERT_BLOB_CNT];
  205. PCRYPT_DER_BLOB rgSignerCert;
  206. ALG_ID HashAlgId;
  207. BYTE rgbHash[MINCRYPT_MAX_HASH_LEN];
  208. DWORD cbHash;
  209. CRYPT_DER_BLOB ContentBlob;
  211. memset(rgVerSignedDataBlob, 0,
  212. sizeof(CRYPT_DER_BLOB) * MINCRYPT_VER_SIGNED_DATA_BLOB_CNT);
  214. // Parse the message and verify that it's ASN.1 PKCS #7 SignedData
  215. if (0 >= MinAsn1ParseSignedData(
  216. pbEncoded,
  217. cbEncoded,
  218. rgParseSignedDataBlob
  219. ))
  220. goto ParseSignedDataError;
  222. // Only support szOID_RSA_signedData - "1.2.840.113549.1.7.2"
  223. if (sizeof(rgbOID_RSA_signedData) !=
  224. rgParseSignedDataBlob[MINASN1_SIGNED_DATA_OUTER_OID_IDX].cbData
  225. ||
  226. 0 != memcmp(rgbOID_RSA_signedData,
  227. rgParseSignedDataBlob[MINASN1_SIGNED_DATA_OUTER_OID_IDX].pbData,
  228. sizeof(rgbOID_RSA_signedData)))
  229. goto NotSignedDataOID;
  231. // Verify this isn't an empty SignedData message
  232. if (0 == rgParseSignedDataBlob[MINASN1_SIGNED_DATA_CONTENT_OID_IDX].cbData
  233. ||
  234. 0 == rgParseSignedDataBlob[MINASN1_SIGNED_DATA_CONTENT_DATA_IDX].cbData)
  235. goto NoContent;
  237. rgVerSignedDataBlob[MINCRYPT_VER_SIGNED_DATA_CONTENT_OID_IDX] =
  238. rgParseSignedDataBlob[MINASN1_SIGNED_DATA_CONTENT_OID_IDX];
  239. rgVerSignedDataBlob[MINCRYPT_VER_SIGNED_DATA_CONTENT_DATA_IDX] =
  240. rgParseSignedDataBlob[MINASN1_SIGNED_DATA_CONTENT_DATA_IDX];
  242. // Check that the message has a signer
  243. if (0 == rgParseSignedDataBlob[MINASN1_SIGNED_DATA_SIGNER_INFO_ENCODED_IDX].cbData)
  244. goto NoSigner;
  246. // Get the message's bag of certs
  247. cCert = MAX_SIGNED_DATA_CERT_CNT;
  248. if (0 >= MinAsn1ParseSignedDataCertificates(
  249. &rgParseSignedDataBlob[MINASN1_SIGNED_DATA_CERTS_IDX],
  250. &cCert,
  251. rgrgCertBlob
  252. ) || 0 == cCert)
  253. goto NoCerts;
  255. // Get the signer certificate
  256. rgSignerCert = I_MinCryptFindSignerCertificateByIssuerAndSerialNumber(
  257. &rgParseSignedDataBlob[MINASN1_SIGNED_DATA_SIGNER_INFO_ISSUER_IDX],
  258. &rgParseSignedDataBlob[MINASN1_SIGNED_DATA_SIGNER_INFO_SERIAL_NUMBER_IDX],
  259. cCert,
  260. rgrgCertBlob
  261. );
  262. if (NULL == rgSignerCert)
  263. goto NoSignerCert;
  265. rgVerSignedDataBlob[MINCRYPT_VER_SIGNED_DATA_SIGNER_CERT_IDX] =
  266. rgSignerCert[MINASN1_CERT_ENCODED_IDX];
  267. rgVerSignedDataBlob[MINCRYPT_VER_SIGNED_DATA_AUTH_ATTRS_IDX] =
  268. rgParseSignedDataBlob[MINASN1_SIGNED_DATA_SIGNER_INFO_AUTH_ATTRS_IDX];
  269. rgVerSignedDataBlob[MINCRYPT_VER_SIGNED_DATA_UNAUTH_ATTRS_IDX] =
  270. rgParseSignedDataBlob[MINASN1_SIGNED_DATA_SIGNER_INFO_UNAUTH_ATTRS_IDX];
  273. // Verify the signer certificate up to a baked in, trusted root
  274. lErr = MinCryptVerifyCertificate(
  275. rgSignerCert,
  276. cCert,
  277. rgrgCertBlob
  278. );
  279. if (ERROR_SUCCESS != lErr)
  280. goto ErrorReturn;
  283. // Hash the message's content octets according to the signer's hash
  284. // algorithm
  285. HashAlgId = MinCryptDecodeHashAlgorithmIdentifier(
  286. &rgParseSignedDataBlob[MINASN1_SIGNED_DATA_SIGNER_INFO_DIGEST_ALGID_IDX]
  287. );
  288. if (0 == HashAlgId)
  289. goto UnknownHashAlgId;
  291. // Note, the content's tag and length octets aren't included in the hash
  292. if (0 >= MinAsn1ExtractContent(
  293. rgParseSignedDataBlob[MINASN1_SIGNED_DATA_CONTENT_DATA_IDX].pbData,
  294. rgParseSignedDataBlob[MINASN1_SIGNED_DATA_CONTENT_DATA_IDX].cbData,
  295. &ContentBlob.cbData,
  296. (const BYTE **) &ContentBlob.pbData
  297. ))
  298. goto InvalidContent;
  300. lErr = MinCryptHashMemory(
  301. HashAlgId,
  302. 1, // cBlob
  303. &ContentBlob,
  304. rgbHash,
  305. &cbHash
  306. );
  307. if (ERROR_SUCCESS != lErr)
  308. goto ErrorReturn;
  310. // If we have authenticated attributes, then, need to compare the
  311. // above hash with the szOID_RSA_messageDigest ("1.2.840.113549.1.9.4")
  312. // attribute value. After a successful comparison, the above hash
  313. // is replaced with a hash of the authenticated attributes.
  314. if (0 != rgParseSignedDataBlob[
  315. MINASN1_SIGNED_DATA_SIGNER_INFO_AUTH_ATTRS_IDX].cbData) {
  316. lErr = I_MinCryptVerifySignerAuthenticatedAttributes(
  317. HashAlgId,
  318. rgbHash,
  319. &cbHash,
  320. &rgParseSignedDataBlob[MINASN1_SIGNED_DATA_SIGNER_INFO_AUTH_ATTRS_IDX]
  321. );
  322. if (ERROR_SUCCESS != lErr)
  323. goto ErrorReturn;
  324. }
  326. // Verify the signature using either the authenticated attributes hash
  327. // or the content hash
  328. lErr = MinCryptVerifySignedHash(
  329. HashAlgId,
  330. rgbHash,
  331. cbHash,
  332. &rgParseSignedDataBlob[MINASN1_SIGNED_DATA_SIGNER_INFO_ENCYRPT_DIGEST_IDX],
  333. &rgSignerCert[MINASN1_CERT_PUBKEY_INFO_IDX]
  334. );
  337. ErrorReturn:
  338. CommonReturn:
  339. return lErr;
  341. ParseSignedDataError:
  342. NotSignedDataOID:
  343. InvalidContent:
  344. lErr = CRYPT_E_BAD_MSG;
  345. goto CommonReturn;
  347. NoContent:
  348. lErr = ERROR_NO_DATA;
  349. goto CommonReturn;
  351. NoSigner:
  352. NoCerts:
  353. NoSignerCert:
  354. lErr = CRYPT_E_NO_SIGNER;
  355. goto CommonReturn;
  357. UnknownHashAlgId:
  358. lErr = CRYPT_E_UNKNOWN_ALGO;
  359. goto CommonReturn;
  360. }