... | ... |
@@ -493,6 +493,8 @@ static int asn1_get_x509(fmap_t *map, const void **asn1data, unsigned int *size, |
493 | 493 |
|
494 | 494 |
if(asn1_expect_objtype(map, next, &tbs.size, &obj, 0x02)) /* serialNumber */ |
495 | 495 |
break; |
496 |
+ if(map_sha1(map, obj.content, obj.size, x509.serial)) |
|
497 |
+ break; |
|
496 | 498 |
|
497 | 499 |
if(asn1_expect_rsa(map, &obj.next, &tbs.size, &hashtype1)) /* algo = sha1WithRSAEncryption | md5WithRSAEncryption */ |
498 | 500 |
break; |
... | ... |
@@ -740,7 +742,7 @@ static int asn1_get_x509(fmap_t *map, const void **asn1data, unsigned int *size, |
740 | 740 |
|
741 | 741 |
static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmgr *cmgr, int embedded, const void **hashes, unsigned int *hashes_size) { |
742 | 742 |
struct cli_asn1 asn1, deep, deeper; |
743 |
- uint8_t sha1[SHA1_HASH_SIZE], issuer[SHA1_HASH_SIZE], md[SHA1_HASH_SIZE]; |
|
743 |
+ uint8_t sha1[SHA1_HASH_SIZE], issuer[SHA1_HASH_SIZE], md[SHA1_HASH_SIZE], serial[SHA1_HASH_SIZE]; |
|
744 | 744 |
const uint8_t *message, *attrs; |
745 | 745 |
unsigned int dsize, message_size, attrs_size; |
746 | 746 |
cli_crt_hashtype hashtype; |
... | ... |
@@ -887,6 +889,8 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
887 | 887 |
|
888 | 888 |
if(asn1_expect_objtype(map, deep.next, &dsize, &deep, 0x02)) /* serial */ |
889 | 889 |
break; |
890 |
+ if(map_sha1(map, deep.content, deep.size, serial)) |
|
891 |
+ break; |
|
890 | 892 |
if(dsize) { |
891 | 893 |
cli_dbgmsg("asn1_parse_mscat: extra data inside issuerAndSerialNumber\n"); |
892 | 894 |
break; |
... | ... |
@@ -1016,7 +1020,7 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
1016 | 1016 |
cli_dbgmsg("asn1_parse_mscat: failed to read encryptedDigest\n"); |
1017 | 1017 |
break; |
1018 | 1018 |
} |
1019 |
- if(crtmgr_verify_pkcs7(cmgr, issuer, asn1.content, asn1.size, CLI_SHA1RSA, sha1, VRFY_CODE)) { |
|
1019 |
+ if(crtmgr_verify_pkcs7(cmgr, issuer, serial, asn1.content, asn1.size, CLI_SHA1RSA, sha1, VRFY_CODE)) { |
|
1020 | 1020 |
cli_dbgmsg("asn1_parse_mscat: pkcs7 signature verification failed\n"); |
1021 | 1021 |
break; |
1022 | 1022 |
} |
... | ... |
@@ -1077,6 +1081,9 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
1077 | 1077 |
|
1078 | 1078 |
if(asn1_expect_objtype(map, deep.next, &asn1.size, &deep, 0x02)) /* serial */ |
1079 | 1079 |
break; |
1080 |
+ if(map_sha1(map, deep.content, deep.size, serial)) |
|
1081 |
+ break; |
|
1082 |
+ |
|
1080 | 1083 |
if(asn1.size) { |
1081 | 1084 |
cli_dbgmsg("asn1_parse_mscat: extra data inside countersignature issuer\n"); |
1082 | 1085 |
break; |
... | ... |
@@ -1257,7 +1264,7 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
1257 | 1257 |
cli_dbgmsg("asn1_parse_mscat: failed to read countersignature encryptedDigest\n"); |
1258 | 1258 |
break; |
1259 | 1259 |
} |
1260 |
- if(crtmgr_verify_pkcs7(cmgr, issuer, asn1.content, asn1.size, hashtype, sha1, VRFY_TIME)) { |
|
1260 |
+ if(crtmgr_verify_pkcs7(cmgr, issuer, serial, asn1.content, asn1.size, hashtype, sha1, VRFY_TIME)) { |
|
1261 | 1261 |
cli_dbgmsg("asn1_parse_mscat: pkcs7 countersignature verification failed\n"); |
1262 | 1262 |
break; |
1263 | 1263 |
} |
... | ... |
@@ -50,6 +50,7 @@ cli_crt *crtmgr_lookup(crtmgr *m, cli_crt *x509) { |
50 | 50 |
(i->codeSign | x509->codeSign) == i->codeSign && |
51 | 51 |
(i->timeSign | x509->timeSign) == i->timeSign && |
52 | 52 |
!memcmp(x509->subject, i->subject, sizeof(i->subject)) && |
53 |
+ !memcmp(x509->serial, i->serial, sizeof(i->subject)) && |
|
53 | 54 |
!mp_cmp(&x509->n, &i->n) && |
54 | 55 |
!mp_cmp(&x509->e, &i->e)) { |
55 | 56 |
return i; |
... | ... |
@@ -64,6 +65,7 @@ int crtmgr_add(crtmgr *m, cli_crt *x509) { |
64 | 64 |
|
65 | 65 |
for(i = m->crts; i; i = i->next) { |
66 | 66 |
if(!memcmp(x509->subject, i->subject, sizeof(i->subject)) && |
67 |
+ !memcmp(x509->serial, i->subject, sizeof(i->serial)) && |
|
67 | 68 |
!mp_cmp(&x509->n, &i->n) && |
68 | 69 |
!mp_cmp(&x509->e, &i->e)) { |
69 | 70 |
if(x509->not_before >= i->not_before && x509->not_after <= i->not_after) { |
... | ... |
@@ -104,6 +106,7 @@ int crtmgr_add(crtmgr *m, cli_crt *x509) { |
104 | 104 |
return 1; |
105 | 105 |
} |
106 | 106 |
memcpy(i->subject, x509->subject, sizeof(i->subject)); |
107 |
+ memcpy(i->serial, x509->serial, sizeof(i->serial)); |
|
107 | 108 |
memcpy(i->issuer, x509->issuer, sizeof(i->issuer)); |
108 | 109 |
memcpy(i->tbshash, x509->tbshash, sizeof(i->tbshash)); |
109 | 110 |
i->not_before = x509->not_before; |
... | ... |
@@ -270,7 +273,7 @@ cli_crt *crtmgr_verify_crt(crtmgr *m, cli_crt *x509) { |
270 | 270 |
return NULL; |
271 | 271 |
} |
272 | 272 |
|
273 |
-int crtmgr_verify_pkcs7(crtmgr *m, const uint8_t *issuer, const void *signature, unsigned int signature_len, cli_crt_hashtype hashtype, const uint8_t *refhash, cli_vrfy_type vrfytype) { |
|
273 |
+int crtmgr_verify_pkcs7(crtmgr *m, const uint8_t *issuer, const uint8_t *serial, const void *signature, unsigned int signature_len, cli_crt_hashtype hashtype, const uint8_t *refhash, cli_vrfy_type vrfytype) { |
|
274 | 274 |
cli_crt *i; |
275 | 275 |
mp_int sig; |
276 | 276 |
int ret; |
... | ... |
@@ -296,6 +299,7 @@ int crtmgr_verify_pkcs7(crtmgr *m, const uint8_t *issuer, const void *signature, |
296 | 296 |
if(vrfytype == VRFY_TIME && !i->timeSign) |
297 | 297 |
continue; |
298 | 298 |
if(!memcmp(i->issuer, issuer, sizeof(i->issuer)) && |
299 |
+ !memcmp(i->serial, serial, sizeof(i->serial)) && |
|
299 | 300 |
!crtmgr_rsa_verify(i, &sig, hashtype, refhash)) { |
300 | 301 |
ret = 0; |
301 | 302 |
break; |
... | ... |
@@ -33,6 +33,7 @@ typedef struct cli_crt_t { |
33 | 33 |
uint8_t subject[SHA1_HASH_SIZE]; |
34 | 34 |
uint8_t issuer[SHA1_HASH_SIZE]; |
35 | 35 |
uint8_t tbshash[SHA1_HASH_SIZE]; |
36 |
+ uint8_t serial[SHA1_HASH_SIZE]; |
|
36 | 37 |
mp_int n; |
37 | 38 |
mp_int e; |
38 | 39 |
mp_int sig; |
... | ... |
@@ -60,7 +61,7 @@ int crtmgr_add(crtmgr *m, cli_crt *x509); |
60 | 60 |
cli_crt *crtmgr_lookup(crtmgr *m, cli_crt *x509); |
61 | 61 |
void crtmgr_del(crtmgr *m, cli_crt *x509); |
62 | 62 |
cli_crt *crtmgr_verify_crt(crtmgr *m, cli_crt *x509); |
63 |
-int crtmgr_verify_pkcs7(crtmgr *m, const uint8_t *issuer, const void *signature, unsigned int signature_len, cli_crt_hashtype hashtype, const uint8_t *refhash, cli_vrfy_type vrfytype); |
|
63 |
+int crtmgr_verify_pkcs7(crtmgr *m, const uint8_t *issuer, const uint8_t *serial, const void *signature, unsigned int signature_len, cli_crt_hashtype hashtype, const uint8_t *refhash, cli_vrfy_type vrfytype); |
|
64 | 64 |
int crtmgr_add_roots(crtmgr *m); |
65 | 65 |
|
66 | 66 |
|