[rst-commit] r186 - in /redwax-signtext-windows/trunk/Redwax SignText/Redwax SignText (MFC): crypto.c message.c signtext.c signtext.h

rst-commit at redwax.eu rst-commit at redwax.eu
Sat Jul 13 11:18:50 CEST 2024 

Author: minfrin at redwax.eu
Date: Sat Jul 13 11:18:39 2024
New Revision: 186

Log:
Work around strictness of bouncycastle.

Windows expects to use the signature algorithm of the certificate (eg SHA256 and RSA), while certain bouncycastle versions wants the digest algorithm only (SHA256).

Map problematic algorithms.

Modified:
    redwax-signtext-windows/trunk/Redwax SignText/Redwax SignText (MFC)/crypto.c
    redwax-signtext-windows/trunk/Redwax SignText/Redwax SignText (MFC)/message.c
    redwax-signtext-windows/trunk/Redwax SignText/Redwax SignText (MFC)/signtext.c
    redwax-signtext-windows/trunk/Redwax SignText/Redwax SignText (MFC)/signtext.h

Modified: redwax-signtext-windows/trunk/Redwax SignText/Redwax SignText (MFC)/crypto.c
==============================================================================
--- redwax-signtext-windows/trunk/Redwax SignText/Redwax SignText (MFC)/crypto.c	(original)
+++ redwax-signtext-windows/trunk/Redwax SignText/Redwax SignText (MFC)/crypto.c	Sat Jul 13 11:18:39 2024
@@ -254,6 +254,59 @@
 	return found;
 }
 
+size_t crypto_oidcmp(LPSTR oid1, LPSTR oid2, size_t oid2len)
+{
+	size_t oid1len = strlen(oid1);
+
+	if (oid1len != oid2len)	{
+		return (oid1len - oid2len);
+	}
+
+	return strcmp(oid1, oid2);
+}
+
+LPSTR
+crypto_signature2digest(LPSTR signatureOid)
+{
+	if (!signatureOid) {
+		return signatureOid;
+	}
+
+	size_t oidlen = strlen(signatureOid);
+
+	/* some crypto libraries like bounceycastle are strict
+	 * in what they accept.
+	 * 
+	 * map signature algorithms to digest algorithms
+	 */
+	if (!crypto_oidcmp(szOID_RSA_SHA256RSA, signatureOid, oidlen)) {
+		return szOID_NIST_sha256;
+	}
+
+	if (!crypto_oidcmp(szOID_RSA_SHA384RSA, signatureOid, oidlen)) {
+		return szOID_NIST_sha384;
+	}
+
+	if (!crypto_oidcmp(szOID_RSA_SHA512RSA, signatureOid, oidlen)) {
+		return szOID_NIST_sha512;
+	}
+
+	if (!crypto_oidcmp(szOID_ECDSA_SHA256, signatureOid, oidlen)) {
+		return szOID_NIST_sha256;
+	}
+
+	if (!crypto_oidcmp(szOID_ECDSA_SHA384, signatureOid, oidlen)) {
+		return szOID_NIST_sha384;
+	}
+
+	if (!crypto_oidcmp(szOID_ECDSA_SHA512, signatureOid, oidlen)) {
+		return szOID_NIST_sha512;
+	}
+
+	/* default to the signature OID for anything we don't recognise */
+	return signatureOid;
+}
+
 int
 crypto_certificate_compare(SignTextCertificate* c1, SignTextCertificate* c2)
 {
@@ -357,12 +410,13 @@
 
 	CRYPT_ALGORITHM_IDENTIFIER hashAlgorithm;
 	memset(&hashAlgorithm, 0, sizeof(hashAlgorithm));
-#if 0
-//	hashAlgorithm.pszObjId = szOID_RSA_SHA256RSA;
-	hashAlgorithm.pszObjId = szOID_NIST_sha256;
-#else
-	hashAlgorithm.pszObjId = cert->pCertInfo->SignatureAlgorithm.pszObjId;
-#endif
+
+	if (instance->digestAlgorithm) {
+		hashAlgorithm.pszObjId = instance->digestAlgorithm;
+	}
+	else {
+		hashAlgorithm.pszObjId = crypto_signature2digest(cert->pCertInfo->SignatureAlgorithm.pszObjId);
+	}
 
 	CRYPT_SIGN_MESSAGE_PARA signParam;
 	memset(&signParam, 0, sizeof(signParam));

Modified: redwax-signtext-windows/trunk/Redwax SignText/Redwax SignText (MFC)/message.c
==============================================================================
--- redwax-signtext-windows/trunk/Redwax SignText/Redwax SignText (MFC)/message.c	(original)
+++ redwax-signtext-windows/trunk/Redwax SignText/Redwax SignText (MFC)/message.c	Sat Jul 13 11:18:39 2024
@@ -200,6 +200,14 @@
      */
     else if (cJSON_IsObject(request))
     {
+        const cJSON* digestAlgorithm = cJSON_GetObjectItemCaseSensitive(json, "digestAlgorithm");
+        if (!cJSON_IsString(digestAlgorithm) || (digestAlgorithm->valuestring == NULL))
+        {
+            /* log a warning and ignore */
+        }
+        else {
+            instance->digestAlgorithm = _strdup(digestAlgorithm->valuestring);
+        }
 
         PostMessage(signtext->hwnd, WM_MESSAGE_SHOW, 0, (LPARAM)instance);
 

Modified: redwax-signtext-windows/trunk/Redwax SignText/Redwax SignText (MFC)/signtext.c
==============================================================================
--- redwax-signtext-windows/trunk/Redwax SignText/Redwax SignText (MFC)/signtext.c	(original)
+++ redwax-signtext-windows/trunk/Redwax SignText/Redwax SignText (MFC)/signtext.c	Sat Jul 13 11:18:39 2024
@@ -67,6 +67,10 @@
         if (data->pinBuffer) {
             memset(data->pinBuffer, 0, data->pinLen);
             free(data->pinBuffer);
+        }
+
+        if (data->digestAlgorithm) {
+            free(data->digestAlgorithm);
         }
     }
     free(data);

Modified: redwax-signtext-windows/trunk/Redwax SignText/Redwax SignText (MFC)/signtext.h
==============================================================================
--- redwax-signtext-windows/trunk/Redwax SignText/Redwax SignText (MFC)/signtext.h	(original)
+++ redwax-signtext-windows/trunk/Redwax SignText/Redwax SignText (MFC)/signtext.h	Sat Jul 13 11:18:39 2024
@@ -104,6 +104,8 @@
 	size_t out_length;
 	char* out_buffer;
 
+	char* digestAlgorithm;
+
 	int is_cancelled;
 	int is_signing;
 	int response_done;

More information about the rst-commit mailing list