Lines Matching +full:no +full:- +full:sd
2 * Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
42 * - SignedData
45 * - EnvelopedData
47 * - EncryptedData
49 * - ContentInfo
57 #define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0)
95 ci.content->data = malloc(buf->length); in hx509_cms_wrap_ContentInfo()
96 if (ci.content->data == NULL) { in hx509_cms_wrap_ContentInfo()
100 memcpy(ci.content->data, buf->data, buf->length); in hx509_cms_wrap_ContentInfo()
101 ci.content->length = buf->length; in hx509_cms_wrap_ContentInfo()
104 ASN1_MALLOC_ENCODE(ContentInfo, res->data, res->length, &ci, &size, ret); in hx509_cms_wrap_ContentInfo()
108 if (res->length != size) in hx509_cms_wrap_ContentInfo()
121 * diffrence between no data and the zero length data.
141 ret = decode_ContentInfo(in->data, in->length, &ci, &size); in hx509_cms_unwrap_ContentInfo()
180 id->element = choice_CMSIdentifier_subjectKeyIdentifier; in fill_CMSIdentifier()
182 &id->u.subjectKeyIdentifier); in fill_CMSIdentifier()
189 id->element = choice_CMSIdentifier_issuerAndSerialNumber; in fill_CMSIdentifier()
193 ret = hx509_name_to_Name(name, &id->u.issuerAndSerialNumber.issuer); in fill_CMSIdentifier()
198 ret = hx509_cert_get_serialnumber(cert, &id->u.issuerAndSerialNumber.serialNumber); in fill_CMSIdentifier()
215 switch (id->element) { in unparse_CMSIdentifier()
220 iasn = &id->u.issuerAndSerialNumber; in unparse_CMSIdentifier()
222 ret = _hx509_Name_to_string(&iasn->issuer, &name); in unparse_CMSIdentifier()
225 ret = der_print_hex_heim_integer(&iasn->serialNumber, &serial); in unparse_CMSIdentifier()
237 KeyIdentifier *ki = &id->u.subjectKeyIdentifier; in unparse_CMSIdentifier()
241 len = hex_encode(ki->data, ki->length, &keyid); in unparse_CMSIdentifier()
276 switch (client->element) { in find_CMSIdentifier()
278 q.serial = &client->u.issuerAndSerialNumber.serialNumber; in find_CMSIdentifier()
279 q.issuer_name = &client->u.issuerAndSerialNumber.issuer; in find_CMSIdentifier()
283 q.subject_id = &client->u.subjectKeyIdentifier; in find_CMSIdentifier()
388 "No recipient info in enveloped data"); in hx509_cms_unenvelope()
416 ret = find_CMSIdentifier(context, &ri->rid, certs, in hx509_cms_unenvelope()
425 &ri->encryptedKey, in hx509_cms_unenvelope()
426 &ri->keyEncryptionAlgorithm.algorithm, in hx509_cms_unenvelope()
433 ret2 = unparse_CMSIdentifier(context, &ri->rid, &str); in hx509_cms_unenvelope()
444 "No private key matched any certificate"); in hx509_cms_unenvelope()
451 "No private key decrypted the transfer key"); in hx509_cms_unenvelope()
463 if (ai->parameters) { in hx509_cms_unenvelope()
464 params_data.data = ai->parameters->data; in hx509_cms_unenvelope()
465 params_data.length = ai->parameters->length; in hx509_cms_unenvelope()
473 ret = hx509_crypto_init(context, NULL, &ai->algorithm, &crypto); in hx509_cms_unenvelope()
498 enccontent->data, in hx509_cms_unenvelope()
499 enccontent->length, in hx509_cms_unenvelope()
534 * - HX509_CMS_EV_NO_KU_CHECK - Dont check KU on certificate
535 * - HX509_CMS_EV_ALLOW_WEAK - Allow weak crytpo
536 * - HX509_CMS_EV_ID_NAME - prefer issuer name and serial number
617 ret = der_copy_oid(encryption_type, &enc_alg->algorithm); in hx509_cms_envelope_1()
624 ALLOC(enc_alg->parameters, 1); in hx509_cms_envelope_1()
625 if (enc_alg->parameters == NULL) { in hx509_cms_envelope_1()
636 enc_alg->parameters); in hx509_cms_envelope_1()
654 ri->version = 0; in hx509_cms_envelope_1()
657 ri->version = 2; in hx509_cms_envelope_1()
661 ret = fill_CMSIdentifier(cert, cmsidflag, &ri->rid); in hx509_cms_envelope_1()
671 &ri->keyEncryptionAlgorithm.algorithm, in hx509_cms_envelope_1()
672 &ri->encryptedKey); in hx509_cms_envelope_1()
697 ASN1_MALLOC_ENCODE(EnvelopedData, content->data, content->length, in hx509_cms_envelope_1()
704 if (size != content->length) in hx509_cms_envelope_1()
720 any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs) in any_to_certs() argument
725 if (sd->certificates == NULL) in any_to_certs()
728 for (i = 0; i < sd->certificates->len; i++) { in any_to_certs()
732 sd->certificates->val[i].data, in any_to_certs()
733 sd->certificates->val[i].length, in any_to_certs()
750 for (i = 0; i < attr->len; i++) in find_attribute()
751 if (der_heim_oid_cmp(&attr->val[i].type, oid) == 0) in find_attribute()
752 return &attr->val[i]; in find_attribute()
762 * - HX509_CMS_VS_NO_KU_CHECK - Don't check KeyUsage
763 * - HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH - allow oid mismatch
764 * - HX509_CMS_VS_ALLOW_ZERO_SIGNER - no signer, see below.
793 SignedData sd; in hx509_cms_verify_signed() local
799 content->data = NULL; in hx509_cms_verify_signed()
800 content->length = 0; in hx509_cms_verify_signed()
801 contentType->length = 0; in hx509_cms_verify_signed()
802 contentType->components = NULL; in hx509_cms_verify_signed()
804 memset(&sd, 0, sizeof(sd)); in hx509_cms_verify_signed()
806 ret = decode_SignedData(data, length, &sd, &size); in hx509_cms_verify_signed()
813 if (sd.encapContentInfo.eContent == NULL && signedContent == NULL) { in hx509_cms_verify_signed()
816 "No content data in SignedData"); in hx509_cms_verify_signed()
819 if (sd.encapContentInfo.eContent && signedContent) { in hx509_cms_verify_signed()
826 if (sd.encapContentInfo.eContent) in hx509_cms_verify_signed()
827 ret = der_copy_octet_string(sd.encapContentInfo.eContent, content); in hx509_cms_verify_signed()
835 ret = hx509_certs_init(context, "MEMORY:cms-cert-buffer", in hx509_cms_verify_signed()
840 ret = hx509_certs_init(context, "MEMORY:cms-signer-certs", in hx509_cms_verify_signed()
847 ret = any_to_certs(context, &sd, certs); in hx509_cms_verify_signed()
857 for (found_valid_sig = 0, i = 0; i < sd.signerInfos.len; i++) { in hx509_cms_verify_signed()
862 signer_info = &sd.signerInfos.val[i]; in hx509_cms_verify_signed()
865 if (signer_info->signature.length == 0) { in hx509_cms_verify_signed()
873 ret = find_CMSIdentifier(context, &signer_info->sid, certs, in hx509_cms_verify_signed()
885 ret = find_CMSIdentifier(context, &signer_info->sid, certs, in hx509_cms_verify_signed()
893 if (signer_info->signedAttrs) { in hx509_cms_verify_signed()
899 sa.val = signer_info->signedAttrs->val; in hx509_cms_verify_signed()
900 sa.len = signer_info->signedAttrs->len; in hx509_cms_verify_signed()
912 if (attr->value.len != 1) { in hx509_cms_verify_signed()
920 ret = decode_MessageDigest(attr->value.val[0].data, in hx509_cms_verify_signed()
921 attr->value.val[0].length, in hx509_cms_verify_signed()
933 &signer_info->digestAlgorithm, in hx509_cms_verify_signed()
945 * id-pkcs7-data. in hx509_cms_verify_signed()
951 if (attr->value.len != 1) { in hx509_cms_verify_signed()
958 ret = decode_ContentType(attr->value.val[0].data, in hx509_cms_verify_signed()
959 attr->value.val[0].length, in hx509_cms_verify_signed()
986 signed_data.data = content->data; in hx509_cms_verify_signed()
987 signed_data.length = content->length; in hx509_cms_verify_signed()
994 * (or if no signedAttributes where use, pkcs7-data oid). in hx509_cms_verify_signed()
999 if (der_heim_oid_cmp(match_oid, &sd.encapContentInfo.eContentType) && in hx509_cms_verify_signed()
1011 &signer_info->signatureAlgorithm, in hx509_cms_verify_signed()
1013 &signer_info->signature); in hx509_cms_verify_signed()
1019 if (signer_info->signedAttrs) in hx509_cms_verify_signed()
1048 * SignerInfo (no signatures). If SignedData have no signatures, in hx509_cms_verify_signed()
1054 if (sd.signerInfos.len == 0 && (flags & HX509_CMS_VS_ALLOW_ZERO_SIGNER)) { in hx509_cms_verify_signed()
1061 "No signers where found"); in hx509_cms_verify_signed()
1066 ret = der_copy_oid(&sd.encapContentInfo.eContentType, contentType); in hx509_cms_verify_signed()
1073 free_SignedData(&sd); in hx509_cms_verify_signed()
1077 if (content->data) in hx509_cms_verify_signed()
1112 (*attr)[*len].value.val[0].data = data->data; in add_one_attribute()
1113 (*attr)[*len].value.val[0].length = data->length; in add_one_attribute()
1158 signed_data->data = NULL; in hx509_cms_create_signed_1()
1159 signed_data->length = 0; in hx509_cms_create_signed_1()
1178 SignedData sd; member
1200 SignedData *sd = &sigctx->sd; in sig_process() local
1212 if (sigctx->digest_alg) { in sig_process()
1213 ret = copy_AlgorithmIdentifier(sigctx->digest_alg, &digest); in sig_process()
1219 sigctx->peer, &digest); in sig_process()
1228 ptr = realloc(sd->signerInfos.val, in sig_process()
1229 (sd->signerInfos.len + 1) * sizeof(sd->signerInfos.val[0])); in sig_process()
1234 sd->signerInfos.val = ptr; in sig_process()
1236 signer_info = &sd->signerInfos.val[sd->signerInfos.len]; in sig_process()
1240 signer_info->version = 1; in sig_process()
1242 ret = fill_CMSIdentifier(cert, sigctx->cmsidflag, &signer_info->sid); in sig_process()
1248 signer_info->signedAttrs = NULL; in sig_process()
1249 signer_info->unsignedAttrs = NULL; in sig_process()
1251 ret = copy_AlgorithmIdentifier(&digest, &signer_info->digestAlgorithm); in sig_process()
1258 * If it isn't pkcs7-data send signedAttributes in sig_process()
1261 if (der_heim_oid_cmp(sigctx->eContentType, &asn1_oid_id_pkcs7_data) != 0) { in sig_process()
1265 ALLOC(signer_info->signedAttrs, 1); in sig_process()
1266 if (signer_info->signedAttrs == NULL) { in sig_process()
1274 &sigctx->content, in sig_process()
1294 ret = add_one_attribute(&signer_info->signedAttrs->val, in sig_process()
1295 &signer_info->signedAttrs->len, in sig_process()
1308 sigctx->eContentType, in sig_process()
1316 ret = add_one_attribute(&signer_info->signedAttrs->val, in sig_process()
1317 &signer_info->signedAttrs->len, in sig_process()
1326 sa.val = signer_info->signedAttrs->val; in sig_process()
1327 sa.len = signer_info->signedAttrs->len; in sig_process()
1342 sigdata.data = sigctx->content.data; in sig_process()
1343 sigdata.length = sigctx->content.length; in sig_process()
1350 _hx509_cert_private_key(cert), sigctx->peer, in sig_process()
1359 &signer_info->signatureAlgorithm, in sig_process()
1360 &signer_info->signature); in sig_process()
1366 sigctx->sd.signerInfos.len++; in sig_process()
1372 if (sigctx->certs) { in sig_process()
1375 if (sigctx->pool && sigctx->leafonly == 0) { in sig_process()
1379 sigctx->anchors, in sig_process()
1382 sigctx->pool, in sig_process()
1389 ret = hx509_certs_add(context, sigctx->certs, path.val[i]); in sig_process()
1400 if (sigdata.data != sigctx->content.data) in sig_process()
1412 const unsigned int i = sigctx->sd.certificates->len; in cert_process()
1416 ptr = realloc(sigctx->sd.certificates->val, in cert_process()
1417 (i + 1) * sizeof(sigctx->sd.certificates->val[0])); in cert_process()
1420 sigctx->sd.certificates->val = ptr; in cert_process()
1423 &sigctx->sd.certificates->val[i]); in cert_process()
1425 sigctx->sd.certificates->len++; in cert_process()
1433 return der_heim_oid_cmp(&p->algorithm, &q->algorithm); in cmp_AlgorithmIdentifier()
1482 * Use HX509_CMS_NO_CERTS to make the SignedData contain no in hx509_cms_create_signed()
1495 sigctx.sd.version = CMSVersion_v3; in hx509_cms_create_signed()
1497 der_copy_oid(eContentType, &sigctx.sd.encapContentInfo.eContentType); in hx509_cms_create_signed()
1503 ALLOC(sigctx.sd.encapContentInfo.eContent, 1); in hx509_cms_create_signed()
1504 if (sigctx.sd.encapContentInfo.eContent == NULL) { in hx509_cms_create_signed()
1510 sigctx.sd.encapContentInfo.eContent->data = malloc(length); in hx509_cms_create_signed()
1511 if (sigctx.sd.encapContentInfo.eContent->data == NULL) { in hx509_cms_create_signed()
1516 memcpy(sigctx.sd.encapContentInfo.eContent->data, data, length); in hx509_cms_create_signed()
1517 sigctx.sd.encapContentInfo.eContent->length = length; in hx509_cms_create_signed()
1521 * Use HX509_CMS_SIGNATURE_NO_SIGNER to create no sigInfo (no in hx509_cms_create_signed()
1530 if (sigctx.sd.signerInfos.len) { in hx509_cms_create_signed()
1535 for (i = 0; i < sigctx.sd.signerInfos.len; i++) { in hx509_cms_create_signed()
1537 &sigctx.sd.signerInfos.val[i].digestAlgorithm; in hx509_cms_create_signed()
1539 for (j = 0; j < sigctx.sd.digestAlgorithms.len; j++) in hx509_cms_create_signed()
1540 if (cmp_AlgorithmIdentifier(di, &sigctx.sd.digestAlgorithms.val[j]) == 0) in hx509_cms_create_signed()
1542 if (j == sigctx.sd.digestAlgorithms.len) { in hx509_cms_create_signed()
1543 ret = add_DigestAlgorithmIdentifiers(&sigctx.sd.digestAlgorithms, di); in hx509_cms_create_signed()
1556 ALLOC(sigctx.sd.certificates, 1); in hx509_cms_create_signed()
1557 if (sigctx.sd.certificates == NULL) { in hx509_cms_create_signed()
1569 signed_data->data, signed_data->length, in hx509_cms_create_signed()
1570 &sigctx.sd, &size, ret); in hx509_cms_create_signed()
1575 if (signed_data->length != size) in hx509_cms_create_signed()
1580 free_SignedData(&sigctx.sd); in hx509_cms_create_signed()
1611 "No content in EncryptedData"); in hx509_cms_decrypt_encrypted()
1622 if (ai->parameters == NULL) { in hx509_cms_decrypt_encrypted()