mh5sig.c

Go to the documentation of this file.

/*******************************************************************************
 * Copyright © 2014 The DTVKit Open Software Foundation Ltd (www.dtvkit.org)
 * Copyright © 2010 Ocean Blue Software Ltd
 *
 * This file is part of a DTVKit Software Component
 * You are permitted to copy, modify or distribute this file subject to the terms
 * of the DTVKit 1.0 Licence which can be found in licence.txt or at www.dtvkit.org
 *
 * THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
 * EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
 *
 * If you or your organisation is not a member of DTVKit then you have access
 * to this source code outside of the terms of the licence agreement
 * and you are expected to delete this and any associated files immediately.
 * Further information on DTVKit, membership and terms can be found at www.dtvkit.org
 *******************************************************************************/
/*---includes for this file--------------------------------------------------*/
#include <stdlib.h>
#include <string.h>
#include <stdio.h>

#include <openssl/sha.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/x509.h>

#include "mh5profile.h"
#include "mh5sig.h"
#include "mh5memory.h"
#include "mh5fileorm.h"
#include "mh5debug.h" /*tracing*/
#include "stb_os.h"

/*---constant definitions for this file--------------------------------------*/

/* Official timeout is 4hrs but to be on the safe side, refresh after 3hrs */
#define SIG_CERT_TIMEOUT        (3 * 60 * 60 * 1000)

#define MAX_SIG_CERT_NAME       (22)
#define MAX_SIG_SIZE            (256)

#define ENTRY_STATE_STRING(e)                \
   ((e)->state == ENTRY_STATE_START ? "ENTRY_STATE_START" :    \
    (e)->state == ENTRY_STATE_VERIFIED ? "ENTRY_STATE_VERIFIED" : \
    (e)->state == ENTRY_STATE_NOT_VERIFIED ? "ENTRY_STATE_NOT_VERIFIED" : \
    (e)->state == ENTRY_STATE_WAIT_FOR_CERT ? "ENTRY_STATE_WAIT_FOR_CERT" : \
    (e)->state == ENTRY_STATE_HAS_CERT ? "ENTRY_STATE_HAS_CERT" : \
    (e)->state == ENTRY_STATE_NO_CERT ? "ENTRY_STATE_NO_CERT" : \
    "UNKNOWN")

#define SIG_DEBUG_PRINT
#undef SIG_DEBUG_PRINT
#ifdef SIG_DEBUG_PRINT
#define PRINT(x) DBG_PRINTF x
#else
#define PRINT(x)
#endif


/*---local typedef structs for this file-------------------------------------*/
typedef enum
{
   ENTRY_STATE_START,
   ENTRY_STATE_VERIFIED,
   ENTRY_STATE_NOT_VERIFIED,
   ENTRY_STATE_WAIT_FOR_CERT,
   ENTRY_STATE_HAS_CERT,
   ENTRY_STATE_NO_CERT
} SigEntryState;

typedef struct sSigCacheEntry
{
   struct sSigCacheEntry *next;
   U8BIT hashDigest[SHA_DIGEST_LENGTH];
   U8BIT certDigest[SHA_DIGEST_LENGTH];
   MHEG5String signature;
   MHEG5String signatureValue;
   MHEG5String authorityCertSerialNumber;
   MHEG5String directoryName;
   U32BIT lastCertChecked;
   SigEntryState state;
} SigCacheEntry;

typedef struct sCertLink
{
   struct sCertLink *next;
   X509 *x509;
} CertLink;

typedef struct sCertFile
{
   struct sCertFile *next;
   U32BIT id;
   U32BIT timestamp;
   BOOLEAN valid;
   U8BIT certDigest[SHA_DIGEST_LENGTH];
   CertLink *certList;
} CertFile;

/*---local (static) variable declarations for this file----------------------*/

static void (*sigVerifyCallback)(void) = NULL;
static SigCacheEntry *sigCache = NULL;
static CertFile *certCache = NULL;
static BOOLEAN certRequested = FALSE;
static BOOLEAN certCacheInvalid = FALSE;

/*---local function prototypes for this file---------------------------------*/

static void ProcessSigCache(void);
static BOOLEAN IsInFinalState(SigCacheEntry *entry);
static BOOLEAN ProcessSigCacheEntry(SigCacheEntry *entry);
static BOOLEAN HandleStartState(SigCacheEntry *entry);
static BOOLEAN HandleHasCertState(SigCacheEntry *entry);
static BOOLEAN HandleVerifiedState(SigCacheEntry *entry);
static MHEG5Bool IsTimeToUpdate(CertFile *certFile);
static void RefreshCertCache(void);
static void RequestNextCertFile(void);
static void SigCertRetrieved( void *userData, S_CONTENT *content );
static void SigCertRetrievalFailed( void *userData );
static CertFile* ParseCertFile(U8BIT *data, U32BIT len);
static void* ParseX509Cert(U8BIT *data, U16BIT len);
static void ClearSigCache(void);
static void ClearCertCache(void);
static BOOLEAN AddCertFileToCache(U8BIT *data, S32BIT size);
static void UpdatePendingEntries(BOOLEAN retrieved);
static CertFile* GetLastCertFile(void);
static CertLink* GetMatchingCert(SigCacheEntry *entry, CertFile *certFile);
static BOOLEAN IsIssuerNameEqual(SigCacheEntry *entry, CertLink *cert);
static BOOLEAN IsSerialNumberEqual(SigCacheEntry *entry, CertLink *cert);
static BOOLEAN VerifyHashFileSignature(CertLink *cert, SigCacheEntry *entry);
static BOOLEAN VerifyDigest(SigCacheEntry *entry, U8BIT *digestInfo,
   S32BIT digestInfoLen);
static SigCacheEntry* FindCacheEntry(U8BIT *hashDigest,
   MHEG5String *signature);
static SigCacheEntry* CreateCacheEntry(U8BIT *hashDigest,
   MHEG5String *signature);
static BOOLEAN ParseSignature(SigCacheEntry *entry);
static BOOLEAN ASN1ParseSignature(
   SigCacheEntry *entry, U8BIT *data, U32BIT *offset, U32BIT limit);
static BOOLEAN ASN1ParseCertificateIdentifier(
   SigCacheEntry *entry, U8BIT *data, U32BIT *offset, U32BIT limit);
static BOOLEAN ASN1ParseKeyIdentifier(
   SigCacheEntry *entry, U8BIT *data, U32BIT *offset, U32BIT limit);
static BOOLEAN ASN1ParseAuthorityCertIssuer(
   SigCacheEntry *entry, U8BIT *data, U32BIT *offset, U32BIT limit);
static BOOLEAN ASN1ParseAuthorityCertSerialNumber(
   SigCacheEntry *entry, U8BIT *data, U32BIT *offset, U32BIT limit);
static BOOLEAN ASN1ParseHashSignatureAlgorithm(
   U8BIT *data, U32BIT *offset, U32BIT limit);
static BOOLEAN ASN1ParseSignatureValue(
   SigCacheEntry *entry, U8BIT *data, U32BIT *offset, U32BIT limit);
static BOOLEAN ASN1ParseDigestAlgorithm(
   U8BIT *data, U32BIT *offset, U32BIT limit);
static BOOLEAN ASN1ParseDigest(
   U8BIT *data, U32BIT *offset, U32BIT limit, U8BIT *digest);
static void CalculateSha1(MHEG5String *data, U8BIT digest[]);
static BOOLEAN GetAsn1Tag(U8BIT *data, U32BIT *tag, U8BIT *class,
   BOOLEAN *constructed, U32BIT *offset, U32BIT limit);
static BOOLEAN GetAsn1Length(U8BIT *data, U32BIT *length, U32BIT *offset,
   U32BIT limit);

/*---global function definitions---------------------------------------------*/

MHEG5SigVerifyStatus_t MHEG5IsValidSignature(MHEG5String *hash,
   MHEG5String *signature)
{
   U8BIT hashDigest[SHA_DIGEST_LENGTH];
   SigCacheEntry *entry;
   MHEG5SigVerifyStatus_t status;
   BOOLEAN success;

   PRINT(("MHEG5IsValidSignature\n"));

   status = MHEG5_SIG_NOT_VERIFIED;
   if (hash->len > 0 && signature->len > 0)
   {
      CalculateSha1(hash, hashDigest);
      entry = FindCacheEntry(hashDigest, signature);
      if (entry == NULL)
      {
         entry = CreateCacheEntry(hashDigest, signature);
         if (entry != NULL)
         {
            success = ParseSignature(entry);
            PRINT(("Parsing: %s\n", success ? "TRUE" : "FALSE"));
            if (!success)
            {
               /* Remember this for later */
               entry->state = ENTRY_STATE_NOT_VERIFIED;
            }
         }
      }

      if (entry != NULL)
      {
         ProcessSigCache();

         PRINT(("entry->state = %s\n", ENTRY_STATE_STRING(entry)));

         if (entry->state == ENTRY_STATE_VERIFIED)
         {
            /* Found matching certificates, validated signature */
            status = MHEG5_SIG_VERIFIED;
         }
         else if (entry->state == ENTRY_STATE_NOT_VERIFIED)
         {
            /* Could not find matching, verifying certificate */
            status = MHEG5_SIG_NOT_VERIFIED;
         }
         else
         {
            /* Still checking */
            status = MHEG5_SIG_CHECK_PENDING;
         }
      }
   }

   return status;
}

void MHEG5ClearSigCertCache(void)
{
   ClearSigCache();
   ClearCertCache();

   if (certRequested)
   {
      /* When the certificate is loaded (or fails to load), the cache will
       * be cleared
       */
      certCacheInvalid = TRUE;
      certRequested = FALSE;
      TRACE(TFILE, (""))
   }
}

void MHEG5InvalidateSigCertCache(void)
{
   if (certRequested)
   {
      /* Flag the cache as invalid, so that when the certificate is loaded,
       * the cache can be refreshed from the start.
       */
      certCacheInvalid = TRUE;
      /* certRequested = FALSE; <- if do this, can have it hang (NDT003 scn7) */
      TRACE(TFILE, (""))
   }
   else
   {
      /* Cache is "idle", so we can just clear it */
      ClearCertCache();
   }

   /* Awake existing requests */
   PRINT(("Calling callback\n"));
   sigVerifyCallback();
}

void MHEG5SetSigVerifyCallback(void (*callback)(void))
{
   sigVerifyCallback = callback;
}

/*---local function definitions----------------------------------------------*/


static void ProcessSigCache(void)
{
   SigCacheEntry *entry;
   BOOLEAN call;
   BOOLEAN finalBefore, finalAfter;
   BOOLEAN reprocess;

   call = FALSE;
   entry = sigCache;
   while (entry != NULL)
   {
      finalBefore = IsInFinalState(entry);

      do
      {
         reprocess = ProcessSigCacheEntry(entry);
      }
      while (reprocess);

      finalAfter = IsInFinalState(entry);

      PRINT(("finalBefore = %d, finalAfter = %d\n", finalBefore, finalAfter));

      if (!finalBefore && finalAfter)
      {
         /* Need to notify the hash verification mechanism that there's new
          * information.
          */
         call = TRUE;
      }
      entry = entry->next;
   }

   if (call)
   {
      PRINT(("Calling callback\n"));
      sigVerifyCallback();
   }
}

static BOOLEAN IsInFinalState(SigCacheEntry *entry)
{
   BOOLEAN final;

   switch (entry->state)
   {
      case ENTRY_STATE_VERIFIED:
      case ENTRY_STATE_NOT_VERIFIED:
         final = TRUE;
         break;
      default:
         final = FALSE;
   }

   return final;
}

static BOOLEAN ProcessSigCacheEntry(SigCacheEntry *entry)
{
   BOOLEAN reprocess;

   PRINT(("State: %s\n", ENTRY_STATE_STRING(entry)));

   reprocess = FALSE;
   switch (entry->state)
   {
      case ENTRY_STATE_START:
         reprocess = HandleStartState(entry);
         break;
      case ENTRY_STATE_HAS_CERT:
         reprocess = HandleHasCertState(entry);
         break;
      case ENTRY_STATE_NO_CERT:
         /* Move entry to final state */
         entry->state = ENTRY_STATE_NOT_VERIFIED;
         reprocess = TRUE;
         break;
      case ENTRY_STATE_VERIFIED:
         reprocess = HandleVerifiedState(entry);
         break;
      case ENTRY_STATE_NOT_VERIFIED:
         /* Nothing to do */
         break;
      default:
         PRINT(("Unhandled case (state=%d)!\n", entry->state));
         break;
   }

   return reprocess;
}

static BOOLEAN HandleStartState(SigCacheEntry *entry)
{
   BOOLEAN verified;
   CertFile *certFile;
   CertLink *cert;

   certFile = certCache;
   while (certFile != NULL)
   {
      if (certFile->valid)
      {
         cert = GetMatchingCert(entry, certFile);
         if (cert != NULL)
         {
            verified = VerifyHashFileSignature(cert, entry);
            if (verified)
            {
               entry->state = ENTRY_STATE_VERIFIED;
               memcpy(entry->certDigest, certFile->certDigest,
                  SHA_DIGEST_LENGTH);
               break;
            }
         }
      }
      certFile = certFile->next;
   }

   if (certFile == NULL)
   {
      /* Could not find matching, verifying certificate in cache */
      entry->state = ENTRY_STATE_WAIT_FOR_CERT;
      RefreshCertCache();
   }

   return FALSE;
}

static BOOLEAN HandleHasCertState(SigCacheEntry *entry)
{
   CertFile *certFile;
   CertLink *cert;
   BOOLEAN verified;
   BOOLEAN reprocess;

   assert(entry->state == ENTRY_STATE_HAS_CERT);

   certFile = GetLastCertFile();
   assert(certFile != NULL);

   verified = FALSE;
   cert = GetMatchingCert(entry, certFile);
   if (cert != NULL)
   {
      verified = VerifyHashFileSignature(cert, entry);
   }

   if (verified)
   {
      entry->state = ENTRY_STATE_VERIFIED;
      memcpy(entry->certDigest, certFile->certDigest, SHA_DIGEST_LENGTH);
      reprocess = TRUE;
   }
   else
   {
      entry->state = ENTRY_STATE_WAIT_FOR_CERT;
      reprocess = FALSE;
   }

   return reprocess;
}

static BOOLEAN HandleVerifiedState(SigCacheEntry *entry)
{
   CertFile *certFile;

   certFile = certCache;
   while (certFile != NULL)
   {
      if (memcmp(entry->certDigest, certFile->certDigest,
             SHA_DIGEST_LENGTH) == 0)
      {
         break;
      }
      certFile = certFile->next;
   }

   if (certFile == NULL || !certFile->valid || IsTimeToUpdate(certFile))
   {
      /* Certificate is not available or expired, need to refresh the cache */
      entry->state = ENTRY_STATE_WAIT_FOR_CERT;
      RefreshCertCache();
   }

   return FALSE;
}

static MHEG5Bool IsTimeToUpdate(CertFile *certFile)
{
   MHEG5Bool timeToUpdate;
   U32BIT currentTime;
   U32BIT timestamp;

   timeToUpdate = FALSE;

   currentTime = STB_OSGetClockMilliseconds();
   timestamp = certFile->timestamp;

   if ((currentTime > timestamp) &&
       (currentTime - timestamp > SIG_CERT_TIMEOUT))
   {
      timeToUpdate = TRUE;
   }
   else if (currentTime < timestamp)
   {
      /* overflow - all bets are off */
      timeToUpdate = TRUE;
   }

   return timeToUpdate;
}

static void RefreshCertCache(void)
{
   PRINT(("RefreshCertCache\n"));

   if (!certRequested)
   {
      PRINT(("Start refresh process\n"));
      TRACE(TFILE, (""))
      certRequested = TRUE;
      ClearCertCache();
      RequestNextCertFile();
   }
}

static void RequestNextCertFile(void)
{
   CertFile *certFile;
   char name[MAX_SIG_CERT_NAME];
   MHEG5String requestName;
   MHEG5Int lastId, nextId;

   assert(certRequested);

   certFile = GetLastCertFile();
   if (certFile != NULL)
   {
      lastId = certFile->id;
   }
   else
   {
      lastId = 0;
   }
   nextId = lastId + 1;

   sprintf(name, "DSM://auth.cert.%ld", nextId);
   requestName.data = (U8BIT *)name;
   requestName.len = strlen(name);
   PRINT(("Requesting %s\n", name));
   (void)MHEG5FileOrmGet( requestName, FRP_CERT | FRP_CACHE_DEFAULT, NULL,
      SigCertRetrieved, SigCertRetrievalFailed );
}

static void SigCertRetrieved( void *userData, S_CONTENT *content )
{
   BOOLEAN success;

   USE_UNWANTED_PARAM(userData);

   PRINT(("SigCertRetrieved\n"));

   if (certCacheInvalid)
   {
      /* Cache is invalid - need to get rid of newly loaded certificate and
       * start again
       */
      certCacheInvalid = FALSE;
      ClearCertCache();
      if (certRequested)
      {
         /* After the cache was invalidated it was also refreshed */
         RequestNextCertFile();
      }
      else
      {
         TRACE(TERROR, (""))
      }
   }
   else
   {
      success = AddCertFileToCache( content->data, content->size );
      if (success)
      {
         UpdatePendingEntries(TRUE);
         ProcessSigCache();
      }
      else
      {
         TRACE(TERROR, (""))
      }

      /* Cache is being refreshed, get the next certificate */
      assert(certRequested);
      RequestNextCertFile();
   }
}

static void SigCertRetrievalFailed(void *userData )
{
   USE_UNWANTED_PARAM(userData);

   PRINT(("SigCertRetrievalFailed\n"));

   if (certCacheInvalid)
   {
      /* Cache is invalid - need to get rid of newly loaded certificate and
       * start again
       */
      certCacheInvalid = FALSE;
      ClearCertCache();
      if (certRequested)
      {
         /* After the cache was invalidated it was also refreshed */
         RequestNextCertFile();
      }
      else
      {
         TRACE(TERROR, (""))
      }
   }
   else
   {
      assert(certRequested);
      certRequested = FALSE;

      UpdatePendingEntries(FALSE);
      ProcessSigCache();
   }
}

static CertFile* ParseCertFile(U8BIT *data, U32BIT len)
{
   U32BIT offset, size;
   U16BIT count, i;
   CertLink *list, **pLink;
   CertFile *certFile;

   PRINT(("ParseCertFile\n"));

   list = NULL;
   pLink = &list;

   count = 0;
   offset = 2;

   if (len > 2)
   {
      count = data[0] << 8 | data[1];
   }

   for (i = 0; i < count; ++i)
   {
      if (offset + 3 <= len)
      {
         size = (data[offset] << 16 | data[offset + 1] << 8 | data[offset + 2]);
         offset += 3;
         if (offset + size <= len)
         {
            *pLink = MHEG5getMem(sizeof **pLink);
            if (*pLink != NULL)
            {
               (*pLink)->next = NULL;
               (*pLink)->x509 = ParseX509Cert(data + offset, size);
               if ((*pLink)->x509 != NULL)
               {
                  pLink = &(*pLink)->next;
               }
               else
               {
                  /* Cannot parse / create certificate, skip */
                  MHEG5freeMem(*pLink);
                  *pLink = NULL;
               }
            }
            offset += size;
         }
         else
         {
            /* corrupt */
         }
      }
      else
      {
         /* corrupt */
         break;
      }
   }

   certFile = MHEG5getMem(sizeof *certFile);
   if (certFile != NULL)
   {
      certFile->next = NULL;
      certFile->id = 0;
      certFile->timestamp = 0;
      certFile->valid = FALSE;
      certFile->certList = list;
   }

   return certFile;
}

static void* ParseX509Cert(U8BIT *data, U16BIT len)
{
   BIO *bio;
   X509 *x509;
   void *cert;

   cert = NULL;
   bio = BIO_new_mem_buf(data, len);
   if (bio != NULL)
   {
      x509 = d2i_X509_bio(bio, NULL);
      if (x509 != NULL)
      {
         cert = x509;
      }
      BIO_free(bio);
   }

   return cert;
}

static void ClearSigCache(void)
{
   SigCacheEntry *entry, *next;

   entry = sigCache;
   while (entry != NULL)
   {
      next = entry->next;
      MHEG5stringDestruct(&entry->signatureValue);
      MHEG5stringDestruct(&entry->authorityCertSerialNumber);
      MHEG5stringDestruct(&entry->directoryName);
      MHEG5stringDestruct(&entry->signature);
      MHEG5freeMem(entry);
      entry = next;
   }
   sigCache = NULL;
}

static void ClearCertCache(void)
{
   CertFile *certFile, *nextCertFile;
   CertLink *cell, *nextCell;
   SigCacheEntry *entry;

   certFile = certCache;
   while (certFile != NULL)
   {
      nextCertFile = certFile->next;
      cell = certFile->certList;
      while (cell != NULL)
      {
         nextCell = cell->next;
         X509_free(cell->x509);
         MHEG5freeMem(cell);
         cell = nextCell;
      }
      MHEG5freeMem(certFile);
      certFile = nextCertFile;
   }
   certCache = NULL;

   /* When the cache is cleared, entries must be invalidated */
   entry = sigCache;
   while (entry != NULL)
   {
      if (entry->state != ENTRY_STATE_WAIT_FOR_CERT)
      {
         entry->state = ENTRY_STATE_START;
      }
      entry = entry->next;
   }
}

static BOOLEAN AddCertFileToCache(U8BIT *data, S32BIT size)
{
   CertFile *certFile;
   CertFile **pCertFile;
   U32BIT lastId;
   MHEG5String cert;
   BOOLEAN success;

   success = FALSE;

   certFile = ParseCertFile(data, size);
   if (certFile != NULL)
   {
      lastId = 0;
      pCertFile = &certCache;
      while (*pCertFile != NULL)
      {
         lastId = (*pCertFile)->id;
         pCertFile = &(*pCertFile)->next;
      }
      *pCertFile = certFile;
      (*pCertFile)->id = lastId + 1;

      /* Update timestamp */
      (*pCertFile)->timestamp = STB_OSGetClockMilliseconds();

      /* Retrieved certificates are initially valid */
      (*pCertFile)->valid = TRUE;

      /* Update digest */
      cert.data = data;
      cert.len = size;
      CalculateSha1(&cert, (*pCertFile)->certDigest);

      success = TRUE;
   }

   return success;
}

static void UpdatePendingEntries(BOOLEAN retrieved)
{
   SigCacheEntry *entry;
   SigEntryState nextState;

   if (retrieved)
   {
      nextState = ENTRY_STATE_HAS_CERT;
   }
   else
   {
      nextState = ENTRY_STATE_NO_CERT;
   }

   entry = sigCache;
   while (entry != NULL)
   {
      if (entry->state == ENTRY_STATE_WAIT_FOR_CERT)
      {
         entry->state = nextState;
      }
      entry = entry->next;
   }
}

static CertFile* GetLastCertFile(void)
{
   CertFile *certFile;

   certFile = certCache;
   while (certFile != NULL && certFile->next != NULL)
   {
      certFile = certFile->next;
   }

   return certFile;
}

static CertLink* GetMatchingCert(SigCacheEntry *entry, CertFile *certFile)
{
   CertLink *cert;
   BOOLEAN nameEqual;
   BOOLEAN numberEqual;

   cert = certFile->certList;
   while (cert != NULL)
   {
      nameEqual = IsIssuerNameEqual(entry, cert);
      numberEqual = IsSerialNumberEqual(entry, cert);
      if (nameEqual && numberEqual)
      {
         break;
      }
      cert = cert->next;
   }

   return cert;
}

static BOOLEAN IsIssuerNameEqual(SigCacheEntry *entry, CertLink *cert)
{
   MHEG5String *issuerName;
   X509_NAME *x509_name;
   U8BIT *name;
   S32BIT nameLen;
   BOOLEAN equal;

   equal = FALSE;

   x509_name = X509_get_issuer_name(cert->x509);
   if (x509_name != NULL)
   {
      name = NULL;
      nameLen = i2d_X509_NAME(x509_name, &name);
      if (name != NULL)
      {
         issuerName = &entry->directoryName;
         if ((issuerName->len == nameLen) &&
             (memcmp(issuerName->data, name, nameLen) == 0))
         {
            equal = TRUE;
         }
         OPENSSL_free(name);
      }
   }

   return equal;
}

static BOOLEAN IsSerialNumberEqual(SigCacheEntry *entry, CertLink *cert)
{
   MHEG5String *serialNumber;
   ASN1_INTEGER *x509_number;
   U8BIT *number;
   U32BIT numberLen;
   U32BIT offset;
   U32BIT limit;
   U32BIT tag;
   U32BIT asn1_length;
   U8BIT class;
   BOOLEAN constructed;
   BOOLEAN success;
   BOOLEAN equal;

   equal = FALSE;

   x509_number = X509_get_serialNumber(cert->x509);
   if (x509_number != NULL)
   {
      number = NULL;
      numberLen = i2d_ASN1_INTEGER(x509_number, &number);
      if (number != NULL)
      {
         /* Parse DER-encoded number */
         limit = numberLen;
         offset = 0;
         success = GetAsn1Tag(number, &tag, &class, &constructed, &offset,
               limit);
         if (success && (tag != 0x02 || class != 0x00 || constructed))
         {
            success = FALSE;
         }
         if (success)
         {
            /* INTEGER */
            success = GetAsn1Length(number, &asn1_length, &offset, limit);
            if (success && (offset + asn1_length != limit))
            {
               success = FALSE;
            }
         }
         if (success)
         {
            serialNumber = &entry->authorityCertSerialNumber;
            if (((U32BIT)serialNumber->len == asn1_length) &&
                (memcmp(serialNumber->data, number + offset, asn1_length) == 0))
            {
               equal = TRUE;
            }
         }
         OPENSSL_free(number);
      }
   }

   return equal;
}

static BOOLEAN VerifyHashFileSignature(CertLink *cert, SigCacheEntry *entry)
{
   X509 *x509;
   EVP_PKEY *pkey;
   RSA *rsa;
   int size;
   U8BIT digestInfo[MAX_SIG_SIZE];
   int digestInfoLen;
   BOOLEAN verified;

   verified = FALSE;

   x509 = cert->x509;
   pkey = X509_get_pubkey(x509);
   if (pkey != NULL)
   {
      rsa = EVP_PKEY_get1_RSA(pkey);
      if (rsa != NULL)
      {
         size = RSA_size(rsa);
         if ((size <= MAX_SIG_SIZE) && (size == entry->signatureValue.len))
         {
            digestInfoLen = RSA_public_decrypt(entry->signatureValue.len,
                  entry->signatureValue.data,
                  digestInfo, rsa,
                  RSA_PKCS1_PADDING);
            if (digestInfoLen >= 0)
            {
               verified = VerifyDigest(entry, digestInfo, digestInfoLen);
            }
         }
         RSA_free(rsa);
      }
      EVP_PKEY_free(pkey);
   }

   return verified;
}

static BOOLEAN VerifyDigest(SigCacheEntry *entry, U8BIT *digestInfo,
   S32BIT digestInfoLen)
{
   U32BIT tag;
   U32BIT asn1_length;
   U8BIT class;
   BOOLEAN constructed;
   BOOLEAN success;

   U8BIT *data = digestInfo;
   U32BIT offset = 0;
   U32BIT limit = digestInfoLen;

   U8BIT digest[SHA_DIGEST_LENGTH];
   BOOLEAN verified;

   verified = FALSE;

   success = GetAsn1Tag(data, &tag, &class, &constructed, &offset, limit);
   if (success && (tag != 0x10 || class != 0x00 || !constructed))
   {
      success = FALSE;
   }
   if (success)
   {
      /* SEQUENCE */
      success = GetAsn1Length(data, &asn1_length, &offset, limit);
      if (success && (offset + asn1_length != limit))
      {
         success = FALSE;
      }
   }

   if (success)
   {
      success = ASN1ParseDigestAlgorithm(data, &offset, limit);
   }
   if (success)
   {
      success = ASN1ParseDigest(data, &offset, limit, digest);
   }
   if (success)
   {
      if (memcmp(entry->hashDigest, digest, SHA_DIGEST_LENGTH) == 0)
      {
         verified = TRUE;
      }
   }

   return verified;
}

static SigCacheEntry* FindCacheEntry(U8BIT *hashDigest,
   MHEG5String *signature)
{
   SigCacheEntry *entry;

   entry = sigCache;
   while (entry != NULL)
   {
      if ((memcmp(hashDigest, entry->hashDigest, SHA_DIGEST_LENGTH) == 0) &&
          (MHEG5stringEqual(&entry->signature, signature)))
      {
         break;
      }
      entry = entry->next;
   }

   return entry;
}

static SigCacheEntry* CreateCacheEntry(U8BIT *hashDigest,
   MHEG5String *signature)
{
   SigCacheEntry *entry;
   SigCacheEntry **pEntry;

   entry = MHEG5getMem(sizeof *entry);
   if (entry != NULL)
   {
      entry->next = NULL;
      entry->signatureValue.len = 0;
      entry->signatureValue.data = NULL;
      entry->authorityCertSerialNumber.len = 0;
      entry->authorityCertSerialNumber.data = NULL;
      entry->directoryName.len = 0;
      entry->directoryName.data = 0;
      entry->lastCertChecked = 0;
      entry->state = ENTRY_STATE_START;
      memcpy(entry->hashDigest, hashDigest, SHA_DIGEST_LENGTH);
      memset(entry->certDigest, 0, SHA_DIGEST_LENGTH);
      entry->signature = MHEG5stringCopy(*signature);
      if (entry->signature.len > 0)
      {
         /* Add to signature cache */
         pEntry = &sigCache;
         while (*pEntry != NULL)
         {
            pEntry = &(*pEntry)->next;
         }
         *pEntry = entry;
      }
      else
      {
         MHEG5freeMem(entry);
         entry = NULL;
      }
   }

   return entry;
}

static BOOLEAN ParseSignature(SigCacheEntry *entry)
{
   U8BIT *data;
   U32BIT offset;
   U32BIT limit;
   BOOLEAN success;

   offset = 0;
   data = entry->signature.data;
   limit = entry->signature.len;

   success = ASN1ParseSignature(entry, data, &offset, limit);

   return success;
}

static BOOLEAN ASN1ParseSignature(
   SigCacheEntry *entry, U8BIT *data, U32BIT *offset, U32BIT limit)
{
   U32BIT tag;
   U32BIT asn1_length;
   U8BIT class;
   BOOLEAN constructed;
   BOOLEAN success;

   success = GetAsn1Tag(data, &tag, &class, &constructed, offset, limit);
   if (success && (tag != 0x10 || class != 0x00 || !constructed))
   {
      success = FALSE;
   }
   if (success)
   {
      /* SEQUENCE */
      success = GetAsn1Length(data, &asn1_length, offset, limit);
      if (success && (*offset + asn1_length != limit))
      {
         success = FALSE;
      }
   }

   if (success)
   {
      success = ASN1ParseCertificateIdentifier(entry, data, offset, limit);
   }
   if (success)
   {
      success = ASN1ParseHashSignatureAlgorithm(data, offset, limit);
   }
   if (success)
   {
      success = ASN1ParseSignatureValue(entry, data, offset, limit);
   }

   return success;
}

static BOOLEAN ASN1ParseCertificateIdentifier(
   SigCacheEntry *entry, U8BIT *data, U32BIT *offset, U32BIT limit)
{
   U32BIT tag;
   U32BIT asn1_length;
   U8BIT class;
   BOOLEAN constructed;
   BOOLEAN success;

   success = GetAsn1Tag(data, &tag, &class, &constructed, offset, limit);
   if (success && (tag != 0x10 || class != 0x00 || !constructed))
   {
      success = FALSE;
   }
   if (success)
   {
      /* SEQUENCE */
      success = GetAsn1Length(data, &asn1_length, offset, limit);
      if (success && (*offset + asn1_length > limit))
      {
         success = FALSE;
      }
   }
   if (success)
   {
      success = ASN1ParseKeyIdentifier(entry, data, offset, limit);
   }
   if (success)
   {
      success = ASN1ParseAuthorityCertIssuer(entry, data, offset, limit);
   }
   if (success)
   {
      success = ASN1ParseAuthorityCertSerialNumber(entry, data, offset, limit);
   }

   return success;
}

static BOOLEAN ASN1ParseKeyIdentifier(
   SigCacheEntry *entry, U8BIT *data, U32BIT *offset, U32BIT limit)
{
   U32BIT tag;
   U32BIT asn1_length;
   U8BIT class;
   BOOLEAN constructed;
   BOOLEAN success;
   U32BIT origOffset;

   origOffset = *offset;
   success = GetAsn1Tag(data, &tag, &class, &constructed, offset, limit);
   if (success && (class != 0x02))
   {
      success = FALSE;
   }
   if (success && (tag == 0x00 && constructed))
   {
      /* keyIdentifier - skip */
      success = GetAsn1Length(data, &asn1_length, offset, limit);
      if (success && (*offset + asn1_length > limit))
      {
         success = FALSE;
      }
      if (success)
      {
         *offset += asn1_length;
      }
   }
   else
   {
      *offset = origOffset;
   }

   return success;
}

static BOOLEAN ASN1ParseAuthorityCertIssuer(
   SigCacheEntry *entry, U8BIT *data, U32BIT *offset, U32BIT limit)
{
   U32BIT tag;
   U32BIT asn1_length;
   U8BIT class;
   BOOLEAN constructed;
   BOOLEAN success;

   success = GetAsn1Tag(data, &tag, &class, &constructed, offset, limit);
   if (success && (tag != 0x01 || class != 0x02 || !constructed))
   {
      success = FALSE;
   }
   if (success)
   {
      /* authorityCertIssuer */
      success = GetAsn1Length(data, &asn1_length, offset, limit);
      if (success && (*offset + asn1_length > limit))
      {
         success = FALSE;
      }
   }
   if (success)
   {
      success = GetAsn1Tag(data, &tag, &class, &constructed, offset, limit);
   }
   while (success && (tag != 0x04 || class != 0x02 || !constructed))
   {
      success = GetAsn1Length(data, &asn1_length, offset, limit);
      if (success && (*offset + asn1_length > limit))
      {
         success = FALSE;
      }
      if (success)
      {
         /* Skip */
         *offset += asn1_length;
         success = GetAsn1Tag(data, &tag, &class, &constructed, offset, limit);
      }
   }
   if (success && (tag == 0x04 && class == 0x02 && constructed))
   {
      success = GetAsn1Length(data, &asn1_length, offset, limit);
      if (success && (*offset + asn1_length > limit))
      {
         success = FALSE;
      }
   }
   if (success)
   {
      /* directoryName */
      {
         U32BIT i;
         PRINT(("directoryName: "));
         for (i = 0; i != asn1_length - 1; ++i)
         {
            PRINT(("%02x:", data[*offset + i]));
         }
         PRINT(("%02x\n", data[*offset + asn1_length - 1]));
      }

      entry->directoryName.data = STR_DataAlloc(asn1_length);
      if (entry->directoryName.data != NULL)
      {
         memcpy(entry->directoryName.data, data + *offset, asn1_length);
         entry->directoryName.len = asn1_length;
         *offset += asn1_length;
      }
      else
      {
         success = FALSE;
      }
   }

   return success;
}

static BOOLEAN ASN1ParseAuthorityCertSerialNumber(
   SigCacheEntry *entry, U8BIT *data, U32BIT *offset, U32BIT limit)
{
   U32BIT tag;
   U32BIT asn1_length;
   U8BIT class;
   BOOLEAN constructed;
   BOOLEAN success;

   success = GetAsn1Tag(data, &tag, &class, &constructed, offset, limit);
   if (success && (tag != 0x02 || class != 0x02 || constructed))
   {
      success = FALSE;
   }
   if (success)
   {
      /* authorityCertSerialNumber */
      success = GetAsn1Length(data, &asn1_length, offset, limit);
      if (success && (*offset + asn1_length > limit))
      {
         success = FALSE;
      }
   }
   if (success)
   {
      /* Copy serial number into entry */
      {
         U32BIT i;
         PRINT(("authorityCertSerialNumber: "));
         for (i = 0; i != asn1_length - 1; ++i)
         {
            PRINT(("%02x:", data[*offset + i]));
         }
         PRINT(("%02x\n", data[*offset + asn1_length - 1]));
      }

      entry->authorityCertSerialNumber.data = STR_DataAlloc(asn1_length);
      if (entry->authorityCertSerialNumber.data != NULL)
      {
         memcpy(entry->authorityCertSerialNumber.data,
            data + *offset, asn1_length);
         entry->authorityCertSerialNumber.len = asn1_length;
         *offset += asn1_length;
      }
      else
      {
         success = FALSE;
      }
   }

   return success;
}

static BOOLEAN ASN1ParseHashSignatureAlgorithm(
   U8BIT *data, U32BIT *offset, U32BIT limit)
{
   U32BIT tag;
   U32BIT asn1_length;
   U8BIT class;
   BOOLEAN constructed;
   BOOLEAN success;

   /* sha-1 OBJECT IDENTIFIER ::=
    *   { iso(1) identified-organization(3) oiw(14) secsig(3) algorithm(2) 26 }
    */
   static U8BIT sha1objectIdentifer[] = { 43, 14, 3, 2, 26 };

   success = GetAsn1Tag(data, &tag, &class, &constructed, offset, limit);
   if (success && (tag != 0x06 || class != 0x00 || constructed))
   {
      success = FALSE;
   }
   if (success)
   {
      /* OBJECT IDENTIFIER */
      success = GetAsn1Length(data, &asn1_length, offset, limit);
      if (success && (asn1_length != sizeof(sha1objectIdentifer)))
      {
         success = FALSE;
      }
   }
   if (success)
   {
      if (memcmp(data + *offset, sha1objectIdentifer, asn1_length) != 0)
      {
         success = FALSE;
      }
      if (success)
      {
         *offset += asn1_length;
      }
   }

   return success;
}

static BOOLEAN ASN1ParseSignatureValue(
   SigCacheEntry *entry, U8BIT *data, U32BIT *offset, U32BIT limit)
{
   U32BIT tag;
   U32BIT asn1_length;
   U8BIT class;
   BOOLEAN constructed;
   BOOLEAN success;

   success = GetAsn1Tag(data, &tag, &class, &constructed, offset, limit);
   if (success && (tag != 0x03 || class != 0x00 || constructed))
   {
      success = FALSE;
   }
   if (success)
   {
      /* BIT STRING (last item in the sequence) */
      success = GetAsn1Length(data, &asn1_length, offset, limit);
      if (success && (*offset + asn1_length != limit))
      {
         success = FALSE;
      }
   }
   if (success && (asn1_length < 2 || data[*offset] != 0))
   {
      /* Make sure the signature value is in whole bytes */
      success = FALSE;
   }
   if (success)
   {
      /* Copy signature value into entry */
      entry->signatureValue.data = STR_DataAlloc(asn1_length - 1);
      if (entry->signatureValue.data != NULL)
      {
         memcpy(entry->signatureValue.data, data + *offset + 1,
            asn1_length - 1);
         entry->signatureValue.len = asn1_length - 1;
         *offset += asn1_length;
      }
      else
      {
         success = FALSE;
      }
   }

   return success;
}

static BOOLEAN ASN1ParseDigestAlgorithm(
   U8BIT *data, U32BIT *offset, U32BIT limit)
{
   U32BIT tag;
   U32BIT asn1_length;
   U8BIT class;
   BOOLEAN constructed;
   BOOLEAN success;
   U32BIT origOffset;

   /* sha-1 OBJECT IDENTIFIER ::=
    *   { iso(1) identified-organization(3) oiw(14) secsig(3) algorithm(2) 26 }
    */
   static U8BIT sha1objectIdentifer[] = { 43, 14, 3, 2, 26 };

   success = GetAsn1Tag(data, &tag, &class, &constructed, offset, limit);
   if (success && (tag != 0x10 || class != 0x00 || !constructed))
   {
      success = FALSE;
   }
   if (success)
   {
      /* SEQUENCE */
      success = GetAsn1Length(data, &asn1_length, offset, limit);
      if (success && (*offset + asn1_length > limit))
      {
         success = FALSE;
      }
   }
   if (success)
   {
      success = GetAsn1Tag(data, &tag, &class, &constructed, offset, limit);
      if (success && (tag != 0x06 || class != 0x00 || constructed))
      {
         success = FALSE;
      }
   }
   if (success)
   {
      /* OBJECT IDENTIFIER */
      success = GetAsn1Length(data, &asn1_length, offset, limit);
      if (success && (asn1_length != sizeof(sha1objectIdentifer)))
      {
         success = FALSE;
      }
   }
   if (success)
   {
      if (memcmp(data + *offset, sha1objectIdentifer, asn1_length) != 0)
      {
         success = FALSE;
      }
      if (success)
      {
         *offset += asn1_length;
      }
   }
   if (success)
   {
      origOffset = *offset;
      success = GetAsn1Tag(data, &tag, &class, &constructed, offset, limit);
      if (success && (tag == 0x05 && class == 0x00 && !constructed))
      {
         /* Optional NULL (parameters for digest algorithm) */
         success = GetAsn1Length(data, &asn1_length, offset, limit);
         if (success && (asn1_length != 0))
         {
            success = FALSE;
         }
      }
      else
      {
         /* Parameters are optional, but parsing has been successful so far */
         success = TRUE;
         *offset = origOffset;
      }
   }

   return success;
}

static BOOLEAN ASN1ParseDigest(
   U8BIT *data, U32BIT *offset, U32BIT limit, U8BIT *digest)
{
   U32BIT tag;
   U32BIT asn1_length;
   U8BIT class;
   BOOLEAN constructed;
   BOOLEAN success;

   success = GetAsn1Tag(data, &tag, &class, &constructed, offset, limit);
   if (success && (tag != 0x04 || class != 0x00 || constructed))
   {
      success = FALSE;
   }
   if (success)
   {
      /* OCTET STRING (last item in the sequence) */
      success = GetAsn1Length(data, &asn1_length, offset, limit);
      if (success && ((asn1_length != SHA_DIGEST_LENGTH) ||
                      (*offset + asn1_length != limit)))
      {
         success = FALSE;
      }
   }
   if (success)
   {
      /* Copy digest value */
      memcpy(digest, data + *offset, SHA_DIGEST_LENGTH);
      *offset += asn1_length;
   }

   return success;
}

static void CalculateSha1(MHEG5String *data, U8BIT digest[])
{
   EVP_MD_CTX ctx;

   EVP_DigestInit(&ctx, EVP_sha1());
   EVP_DigestUpdate(&ctx, data->data, data->len);
   EVP_DigestFinal(&ctx, digest, NULL);
}

static BOOLEAN GetAsn1Tag(U8BIT *data, U32BIT *tag, U8BIT *class,
   BOOLEAN *constructed, U32BIT *offset, U32BIT limit)
{
   U32BIT i;
   BOOLEAN success;

   success = FALSE;

   i = *offset;
   if (i < limit)
   {
      *class = (data[i] & 0xc0) >> 6;
      if ((data[i] & 0x20) >> 5)
      {
         *constructed = TRUE;
      }
      else
      {
         *constructed = FALSE;
      }
      *tag = data[i] & 0x1f;
      if (*tag == 0x1f)
      {
         *tag = 0;
         while (i + 1 < limit)
         {
            *tag <<= 7;
            *tag |= data[i] & 0x7f;
            if ((data[i] & 0x80) == 0)
            {
               success = TRUE;
               break;
            }
            ++i;
         }
      }
      else
      {
         success = TRUE;
      }
      ++i;
   }

   if (success)
   {
      *offset = i;
   }

   return success;
}

static BOOLEAN GetAsn1Length(U8BIT *data, U32BIT *length, U32BIT *offset,
   U32BIT limit)
{
   U32BIT i;
   U8BIT lenlen;
   BOOLEAN success;

   success = FALSE;

   i = *offset;
   if (i < limit)
   {
      *length = data[i];
      if (*length & 0x80)
      {
         lenlen = data[i] & 0x7f;
         ++i;
         *length = 0;
         while (lenlen > 0 && i < limit)
         {
            *length <<= 8;
            *length |= data[i];
            --lenlen;
            ++i;
         }
         if (lenlen == 0)
         {
            success = TRUE;
         }
      }
      else
      {
         ++i;
         success = TRUE;
      }
   }

   if (success)
   {
      *offset = i;
   }

   return success;
}