Loading include/constants.h +4 −0 Original line number Diff line number Diff line Loading @@ -34,6 +34,10 @@ #define SUBFILTER_UNKNOWN 0 #define SUBFILTER_adbe_x509_rsa_sha1 1 #define CERT_STATUS_UNKNOWN 0 #define CERT_STATUS_VERIFIED 1 #define CERT_STATUS_FAILED 2 #define DEALLOCATE_FILE 0x01 #define DEALLOCATE_BUFFER 0x02 Loading include/cryptography.h +2 −0 Original line number Diff line number Diff line Loading @@ -10,6 +10,8 @@ sigil_err_t compute_sha1_hash_over_range(sigil_t *sgl); sigil_err_t load_certificates(sigil_t *sgl); sigil_err_t verify_signing_certificate(sigil_t *sgl); int sigil_sigil_self_test(int verbosity); #endif /* PDF_SIGIL_CRYPTOGRAPHY_H */ include/sigil.h +4 −0 Original line number Diff line number Diff line Loading @@ -10,6 +10,10 @@ sigil_err_t sigil_set_pdf_file(sigil_t *sgl, FILE *pdf_file); sigil_err_t sigil_set_pdf_path(sigil_t *sgl, const char *path_to_pdf); sigil_err_t sigil_set_pdf_buffer(sigil_t *sgl, char *pdf_content, size_t size); sigil_err_t sigil_set_trusted_default_system(sigil_t *sgl); sigil_err_t sigil_set_trusted_file(sigil_t *sgl, const char *path_to_file); sigil_err_t sigil_set_trusted_dir(sigil_t *sgl, const char *path_to_dir); sigil_err_t sigil_verify(sigil_t *sgl); // ... get functions TODO Loading include/types.h +2 −0 Original line number Diff line number Diff line Loading @@ -88,6 +88,8 @@ typedef struct { contents_t *contents; unsigned char computed_hash[EVP_MAX_MD_SIZE]; unsigned int computed_hash_len; int signing_cert_status; X509_STORE *trusted_store; } sigil_t; #endif /* PDF_SIGIL_TYPES_H */ lib/cryptography.c +54 −0 Original line number Diff line number Diff line Loading @@ -190,3 +190,57 @@ sigil_err_t load_certificates(sigil_t *sgl) return ERR_NO; } sigil_err_t verify_signing_certificate(sigil_t *sgl) { X509_STORE_CTX *ctx; cert_t *additional_cert; STACK_OF(X509) *trusted_chain; if (sgl == NULL || sgl->certificates == NULL) return ERR_PARAMETER; trusted_chain = sk_X509_new_null(); additional_cert = sgl->certificates->next; while (additional_cert != NULL) { if (sk_X509_push(trusted_chain, additional_cert->x509) == 0) { sk_X509_free(trusted_chain); return ERR_OPENSSL; } additional_cert = additional_cert->next; } ctx = X509_STORE_CTX_new(); if (ctx == NULL) { sk_X509_free(trusted_chain); return ERR_OPENSSL; } // initialize store context if (X509_STORE_CTX_init(ctx, sgl->trusted_store, sgl->certificates->x509, trusted_chain) != 1) { sk_X509_free(trusted_chain); return ERR_OPENSSL; } // signing certificate to be verified X509_STORE_CTX_set_cert(ctx, sgl->certificates->x509); // verify if (X509_verify_cert(ctx) == 1) { // verification successful sgl->signing_cert_status = CERT_STATUS_VERIFIED; } else { // verification not successful sgl->signing_cert_status = CERT_STATUS_FAILED; } sk_X509_free(trusted_chain); X509_STORE_CTX_free(ctx); return ERR_NO; } Loading
include/constants.h +4 −0 Original line number Diff line number Diff line Loading @@ -34,6 +34,10 @@ #define SUBFILTER_UNKNOWN 0 #define SUBFILTER_adbe_x509_rsa_sha1 1 #define CERT_STATUS_UNKNOWN 0 #define CERT_STATUS_VERIFIED 1 #define CERT_STATUS_FAILED 2 #define DEALLOCATE_FILE 0x01 #define DEALLOCATE_BUFFER 0x02 Loading
include/cryptography.h +2 −0 Original line number Diff line number Diff line Loading @@ -10,6 +10,8 @@ sigil_err_t compute_sha1_hash_over_range(sigil_t *sgl); sigil_err_t load_certificates(sigil_t *sgl); sigil_err_t verify_signing_certificate(sigil_t *sgl); int sigil_sigil_self_test(int verbosity); #endif /* PDF_SIGIL_CRYPTOGRAPHY_H */
include/sigil.h +4 −0 Original line number Diff line number Diff line Loading @@ -10,6 +10,10 @@ sigil_err_t sigil_set_pdf_file(sigil_t *sgl, FILE *pdf_file); sigil_err_t sigil_set_pdf_path(sigil_t *sgl, const char *path_to_pdf); sigil_err_t sigil_set_pdf_buffer(sigil_t *sgl, char *pdf_content, size_t size); sigil_err_t sigil_set_trusted_default_system(sigil_t *sgl); sigil_err_t sigil_set_trusted_file(sigil_t *sgl, const char *path_to_file); sigil_err_t sigil_set_trusted_dir(sigil_t *sgl, const char *path_to_dir); sigil_err_t sigil_verify(sigil_t *sgl); // ... get functions TODO Loading
include/types.h +2 −0 Original line number Diff line number Diff line Loading @@ -88,6 +88,8 @@ typedef struct { contents_t *contents; unsigned char computed_hash[EVP_MAX_MD_SIZE]; unsigned int computed_hash_len; int signing_cert_status; X509_STORE *trusted_store; } sigil_t; #endif /* PDF_SIGIL_TYPES_H */
lib/cryptography.c +54 −0 Original line number Diff line number Diff line Loading @@ -190,3 +190,57 @@ sigil_err_t load_certificates(sigil_t *sgl) return ERR_NO; } sigil_err_t verify_signing_certificate(sigil_t *sgl) { X509_STORE_CTX *ctx; cert_t *additional_cert; STACK_OF(X509) *trusted_chain; if (sgl == NULL || sgl->certificates == NULL) return ERR_PARAMETER; trusted_chain = sk_X509_new_null(); additional_cert = sgl->certificates->next; while (additional_cert != NULL) { if (sk_X509_push(trusted_chain, additional_cert->x509) == 0) { sk_X509_free(trusted_chain); return ERR_OPENSSL; } additional_cert = additional_cert->next; } ctx = X509_STORE_CTX_new(); if (ctx == NULL) { sk_X509_free(trusted_chain); return ERR_OPENSSL; } // initialize store context if (X509_STORE_CTX_init(ctx, sgl->trusted_store, sgl->certificates->x509, trusted_chain) != 1) { sk_X509_free(trusted_chain); return ERR_OPENSSL; } // signing certificate to be verified X509_STORE_CTX_set_cert(ctx, sgl->certificates->x509); // verify if (X509_verify_cert(ctx) == 1) { // verification successful sgl->signing_cert_status = CERT_STATUS_VERIFIED; } else { // verification not successful sgl->signing_cert_status = CERT_STATUS_FAILED; } sk_X509_free(trusted_chain); X509_STORE_CTX_free(ctx); return ERR_NO; }
