Commit 9471c9bc authored by Tomáš Stefan's avatar Tomáš Stefan

Verify signing certificate

parent 88c90fc3
......@@ -34,6 +34,10 @@
#define SUBFILTER_UNKNOWN 0
#define SUBFILTER_adbe_x509_rsa_sha1 1
#define CERT_STATUS_UNKNOWN 0
#define CERT_STATUS_VERIFIED 1
#define CERT_STATUS_FAILED 2
#define DEALLOCATE_FILE 0x01
#define DEALLOCATE_BUFFER 0x02
......
......@@ -10,6 +10,8 @@ sigil_err_t compute_sha1_hash_over_range(sigil_t *sgl);
sigil_err_t load_certificates(sigil_t *sgl);
sigil_err_t verify_signing_certificate(sigil_t *sgl);
int sigil_sigil_self_test(int verbosity);
#endif /* PDF_SIGIL_CRYPTOGRAPHY_H */
......@@ -10,6 +10,10 @@ sigil_err_t sigil_set_pdf_file(sigil_t *sgl, FILE *pdf_file);
sigil_err_t sigil_set_pdf_path(sigil_t *sgl, const char *path_to_pdf);
sigil_err_t sigil_set_pdf_buffer(sigil_t *sgl, char *pdf_content, size_t size);
sigil_err_t sigil_set_trusted_default_system(sigil_t *sgl);
sigil_err_t sigil_set_trusted_file(sigil_t *sgl, const char *path_to_file);
sigil_err_t sigil_set_trusted_dir(sigil_t *sgl, const char *path_to_dir);
sigil_err_t sigil_verify(sigil_t *sgl);
// ... get functions TODO
......
......@@ -88,6 +88,8 @@ typedef struct {
contents_t *contents;
unsigned char computed_hash[EVP_MAX_MD_SIZE];
unsigned int computed_hash_len;
int signing_cert_status;
X509_STORE *trusted_store;
} sigil_t;
#endif /* PDF_SIGIL_TYPES_H */
......@@ -190,3 +190,57 @@ sigil_err_t load_certificates(sigil_t *sgl)
return ERR_NO;
}
sigil_err_t verify_signing_certificate(sigil_t *sgl)
{
X509_STORE_CTX *ctx;
cert_t *additional_cert;
STACK_OF(X509) *trusted_chain;
if (sgl == NULL || sgl->certificates == NULL)
return ERR_PARAMETER;
trusted_chain = sk_X509_new_null();
additional_cert = sgl->certificates->next;
while (additional_cert != NULL) {
if (sk_X509_push(trusted_chain, additional_cert->x509) == 0) {
sk_X509_free(trusted_chain);
return ERR_OPENSSL;
}
additional_cert = additional_cert->next;
}
ctx = X509_STORE_CTX_new();
if (ctx == NULL) {
sk_X509_free(trusted_chain);
return ERR_OPENSSL;
}
// initialize store context
if (X509_STORE_CTX_init(ctx, sgl->trusted_store, sgl->certificates->x509, trusted_chain) != 1) {
sk_X509_free(trusted_chain);
return ERR_OPENSSL;
}
// signing certificate to be verified
X509_STORE_CTX_set_cert(ctx, sgl->certificates->x509);
// verify
if (X509_verify_cert(ctx) == 1) {
// verification successful
sgl->signing_cert_status = CERT_STATUS_VERIFIED;
} else {
// verification not successful
sgl->signing_cert_status = CERT_STATUS_FAILED;
}
sk_X509_free(trusted_chain);
X509_STORE_CTX_free(ctx);
return ERR_NO;
}
......@@ -61,7 +61,9 @@ sigil_err_t sigil_init(sigil_t **sgl)
(*sgl)->certificates = NULL;
(*sgl)->contents = NULL;
(*sgl)->computed_hash_len = 0;
(*sgl)->signing_cert_status = CERT_STATUS_UNKNOWN;
(*sgl)->trusted_store = X509_STORE_new();
return ERR_NO;
}
......@@ -187,6 +189,48 @@ sigil_err_t sigil_set_pdf_buffer(sigil_t *sgl, char *pdf_content, size_t size)
return ERR_NO;
}
sigil_err_t sigil_set_trusted_default_system(sigil_t *sgl)
{
if (sgl == NULL)
return ERR_PARAMETER;
if (sgl->trusted_store == NULL)
return ERR_OPENSSL;
if (X509_STORE_set_default_paths(sgl->trusted_store) != 1)
return ERR_OPENSSL;
return ERR_NO;
}
sigil_err_t sigil_set_trusted_file(sigil_t *sgl, const char *path_to_file)
{
if (sgl == NULL || path_to_file == NULL)
return ERR_PARAMETER;
if (sgl->trusted_store == NULL)
return ERR_OPENSSL;
if (X509_STORE_load_locations(sgl->trusted_store, path_to_file, NULL) != 1)
return ERR_OPENSSL;
return ERR_NO;
}
sigil_err_t sigil_set_trusted_dir(sigil_t *sgl, const char *path_to_dir)
{
if (sgl == NULL || path_to_dir == NULL)
return ERR_PARAMETER;
if (sgl->trusted_store == NULL)
return ERR_OPENSSL;
if (X509_STORE_load_locations(sgl->trusted_store, NULL, path_to_dir) != 1)
return ERR_OPENSSL;
return ERR_NO;
}
static sigil_err_t sigil_verify_adbe_x509_rsa_sha1(sigil_t *sgl)
{
sigil_err_t err;
......@@ -202,6 +246,10 @@ static sigil_err_t sigil_verify_adbe_x509_rsa_sha1(sigil_t *sgl)
if (err != ERR_NO)
return err;
err = verify_signing_certificate(sgl);
if (err != ERR_NO)
return err;
}
......@@ -363,6 +411,9 @@ void sigil_free(sigil_t **sgl)
if ((*sgl)->contents != NULL)
contents_free(*sgl);
if ((*sgl)->trusted_store != NULL)
X509_STORE_free((*sgl)->trusted_store);
free(*sgl);
*sgl = NULL;
}
......@@ -416,6 +467,9 @@ int sigil_sigil_self_test(int verbosity)
if (sgl == NULL)
goto failed;
if (sigil_set_trusted_default_system(sgl) != ERR_NO)
goto failed;
if (sigil_verify(sgl) != ERR_NO || 1)
goto failed;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment