]>
Commit | Line | Data |
---|---|---|
8931b30d | 1 | /* crypto/cms/cms_env.c */ |
0f113f3e MC |
2 | /* |
3 | * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
8931b30d DSH |
4 | * project. |
5 | */ | |
6 | /* ==================================================================== | |
7 | * Copyright (c) 2008 The OpenSSL Project. All rights reserved. | |
8 | * | |
9 | * Redistribution and use in source and binary forms, with or without | |
10 | * modification, are permitted provided that the following conditions | |
11 | * are met: | |
12 | * | |
13 | * 1. Redistributions of source code must retain the above copyright | |
0f113f3e | 14 | * notice, this list of conditions and the following disclaimer. |
8931b30d DSH |
15 | * |
16 | * 2. Redistributions in binary form must reproduce the above copyright | |
17 | * notice, this list of conditions and the following disclaimer in | |
18 | * the documentation and/or other materials provided with the | |
19 | * distribution. | |
20 | * | |
21 | * 3. All advertising materials mentioning features or use of this | |
22 | * software must display the following acknowledgment: | |
23 | * "This product includes software developed by the OpenSSL Project | |
24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
25 | * | |
26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
27 | * endorse or promote products derived from this software without | |
28 | * prior written permission. For written permission, please contact | |
29 | * licensing@OpenSSL.org. | |
30 | * | |
31 | * 5. Products derived from this software may not be called "OpenSSL" | |
32 | * nor may "OpenSSL" appear in their names without prior written | |
33 | * permission of the OpenSSL Project. | |
34 | * | |
35 | * 6. Redistributions of any form whatsoever must retain the following | |
36 | * acknowledgment: | |
37 | * "This product includes software developed by the OpenSSL Project | |
38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
39 | * | |
40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
52 | * ==================================================================== | |
53 | */ | |
54 | ||
55 | #include "cryptlib.h" | |
56 | #include <openssl/asn1t.h> | |
57 | #include <openssl/pem.h> | |
58 | #include <openssl/x509v3.h> | |
59 | #include <openssl/err.h> | |
60 | #include <openssl/cms.h> | |
5c4436c9 | 61 | #include <openssl/rand.h> |
6e3bc4f0 | 62 | #include <openssl/aes.h> |
8931b30d | 63 | #include "cms_lcl.h" |
5fe736e5 | 64 | #include "internal/asn1_int.h" |
8931b30d DSH |
65 | |
66 | /* CMS EnvelopedData Utilities */ | |
67 | ||
68 | DECLARE_ASN1_ITEM(CMS_EnvelopedData) | |
8931b30d | 69 | DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo) |
c36e936b DSH |
70 | DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo) |
71 | DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute) | |
8931b30d | 72 | |
8931b30d DSH |
73 | DECLARE_STACK_OF(CMS_RecipientInfo) |
74 | ||
d2a53c22 | 75 | CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms) |
0f113f3e MC |
76 | { |
77 | if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) { | |
78 | CMSerr(CMS_F_CMS_GET0_ENVELOPED, | |
79 | CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); | |
80 | return NULL; | |
81 | } | |
82 | return cms->d.envelopedData; | |
83 | } | |
8931b30d DSH |
84 | |
85 | static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms) | |
0f113f3e MC |
86 | { |
87 | if (cms->d.other == NULL) { | |
88 | cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData); | |
89 | if (!cms->d.envelopedData) { | |
90 | CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT, ERR_R_MALLOC_FAILURE); | |
91 | return NULL; | |
92 | } | |
93 | cms->d.envelopedData->version = 0; | |
94 | cms->d.envelopedData->encryptedContentInfo->contentType = | |
95 | OBJ_nid2obj(NID_pkcs7_data); | |
96 | ASN1_OBJECT_free(cms->contentType); | |
97 | cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped); | |
98 | return cms->d.envelopedData; | |
99 | } | |
100 | return cms_get0_enveloped(cms); | |
101 | } | |
8931b30d | 102 | |
17c2764d | 103 | int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd) |
0f113f3e MC |
104 | { |
105 | EVP_PKEY *pkey; | |
106 | int i; | |
107 | if (ri->type == CMS_RECIPINFO_TRANS) | |
108 | pkey = ri->d.ktri->pkey; | |
109 | else if (ri->type == CMS_RECIPINFO_AGREE) { | |
110 | EVP_PKEY_CTX *pctx = ri->d.kari->pctx; | |
111 | if (!pctx) | |
112 | return 0; | |
113 | pkey = EVP_PKEY_CTX_get0_pkey(pctx); | |
114 | if (!pkey) | |
115 | return 0; | |
116 | } else | |
117 | return 0; | |
118 | if (!pkey->ameth || !pkey->ameth->pkey_ctrl) | |
119 | return 1; | |
120 | i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri); | |
121 | if (i == -2) { | |
122 | CMSerr(CMS_F_CMS_ENV_ASN1_CTRL, | |
123 | CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); | |
124 | return 0; | |
125 | } | |
126 | if (i <= 0) { | |
127 | CMSerr(CMS_F_CMS_ENV_ASN1_CTRL, CMS_R_CTRL_FAILURE); | |
128 | return 0; | |
129 | } | |
130 | return 1; | |
131 | } | |
e365352d | 132 | |
4f1aa191 | 133 | STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms) |
0f113f3e MC |
134 | { |
135 | CMS_EnvelopedData *env; | |
136 | env = cms_get0_enveloped(cms); | |
137 | if (!env) | |
138 | return NULL; | |
139 | return env->recipientInfos; | |
140 | } | |
4f1aa191 DSH |
141 | |
142 | int CMS_RecipientInfo_type(CMS_RecipientInfo *ri) | |
0f113f3e MC |
143 | { |
144 | return ri->type; | |
145 | } | |
4f1aa191 | 146 | |
e365352d | 147 | EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri) |
0f113f3e MC |
148 | { |
149 | if (ri->type == CMS_RECIPINFO_TRANS) | |
150 | return ri->d.ktri->pctx; | |
151 | else if (ri->type == CMS_RECIPINFO_AGREE) | |
152 | return ri->d.kari->pctx; | |
153 | return NULL; | |
154 | } | |
e365352d | 155 | |
761ffa72 | 156 | CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher) |
0f113f3e MC |
157 | { |
158 | CMS_ContentInfo *cms; | |
159 | CMS_EnvelopedData *env; | |
160 | cms = CMS_ContentInfo_new(); | |
161 | if (!cms) | |
162 | goto merr; | |
163 | env = cms_enveloped_data_init(cms); | |
164 | if (!env) | |
165 | goto merr; | |
166 | if (!cms_EncryptedContent_init(env->encryptedContentInfo, | |
167 | cipher, NULL, 0)) | |
168 | goto merr; | |
169 | return cms; | |
170 | merr: | |
171 | if (cms) | |
172 | CMS_ContentInfo_free(cms); | |
173 | CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE); | |
174 | return NULL; | |
175 | } | |
761ffa72 | 176 | |
ab124380 DSH |
177 | /* Key Transport Recipient Info (KTRI) routines */ |
178 | ||
17c2764d | 179 | /* Initialise a ktri based on passed certificate and key */ |
ab124380 | 180 | |
17c2764d | 181 | static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip, |
0f113f3e MC |
182 | EVP_PKEY *pk, unsigned int flags) |
183 | { | |
184 | CMS_KeyTransRecipientInfo *ktri; | |
185 | int idtype; | |
186 | ||
187 | ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo); | |
188 | if (!ri->d.ktri) | |
189 | return 0; | |
190 | ri->type = CMS_RECIPINFO_TRANS; | |
191 | ||
192 | ktri = ri->d.ktri; | |
193 | ||
194 | if (flags & CMS_USE_KEYID) { | |
195 | ktri->version = 2; | |
196 | idtype = CMS_RECIPINFO_KEYIDENTIFIER; | |
197 | } else { | |
198 | ktri->version = 0; | |
199 | idtype = CMS_RECIPINFO_ISSUER_SERIAL; | |
200 | } | |
201 | ||
202 | /* | |
203 | * Not a typo: RecipientIdentifier and SignerIdentifier are the same | |
204 | * structure. | |
205 | */ | |
206 | ||
207 | if (!cms_set1_SignerIdentifier(ktri->rid, recip, idtype)) | |
208 | return 0; | |
209 | ||
210 | CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509); | |
211 | CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY); | |
212 | ktri->pkey = pk; | |
213 | ktri->recip = recip; | |
214 | ||
215 | if (flags & CMS_KEY_PARAM) { | |
216 | ktri->pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL); | |
217 | if (!ktri->pctx) | |
218 | return 0; | |
219 | if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0) | |
220 | return 0; | |
221 | } else if (!cms_env_asn1_ctrl(ri, 0)) | |
222 | return 0; | |
223 | return 1; | |
224 | } | |
225 | ||
226 | /* | |
227 | * Add a recipient certificate using appropriate type of RecipientInfo | |
17c2764d DSH |
228 | */ |
229 | ||
230 | CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, | |
0f113f3e MC |
231 | X509 *recip, unsigned int flags) |
232 | { | |
233 | CMS_RecipientInfo *ri = NULL; | |
234 | CMS_EnvelopedData *env; | |
235 | EVP_PKEY *pk = NULL; | |
236 | env = cms_get0_enveloped(cms); | |
237 | if (!env) | |
238 | goto err; | |
239 | ||
240 | /* Initialize recipient info */ | |
241 | ri = M_ASN1_new_of(CMS_RecipientInfo); | |
242 | if (!ri) | |
243 | goto merr; | |
244 | ||
245 | pk = X509_get_pubkey(recip); | |
246 | if (!pk) { | |
247 | CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, CMS_R_ERROR_GETTING_PUBLIC_KEY); | |
248 | goto err; | |
249 | } | |
250 | ||
251 | switch (cms_pkey_get_ri_type(pk)) { | |
252 | ||
253 | case CMS_RECIPINFO_TRANS: | |
254 | if (!cms_RecipientInfo_ktri_init(ri, recip, pk, flags)) | |
255 | goto err; | |
256 | break; | |
257 | ||
258 | case CMS_RECIPINFO_AGREE: | |
259 | if (!cms_RecipientInfo_kari_init(ri, recip, pk, flags)) | |
260 | goto err; | |
261 | break; | |
262 | ||
263 | default: | |
264 | CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, | |
265 | CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); | |
266 | goto err; | |
267 | ||
268 | } | |
269 | ||
270 | if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) | |
271 | goto merr; | |
272 | ||
273 | EVP_PKEY_free(pk); | |
274 | ||
275 | return ri; | |
276 | ||
277 | merr: | |
278 | CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE); | |
279 | err: | |
280 | if (ri) | |
281 | M_ASN1_free_of(ri, CMS_RecipientInfo); | |
282 | if (pk) | |
283 | EVP_PKEY_free(pk); | |
284 | return NULL; | |
285 | ||
286 | } | |
8931b30d DSH |
287 | |
288 | int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, | |
0f113f3e MC |
289 | EVP_PKEY **pk, X509 **recip, |
290 | X509_ALGOR **palg) | |
291 | { | |
292 | CMS_KeyTransRecipientInfo *ktri; | |
293 | if (ri->type != CMS_RECIPINFO_TRANS) { | |
294 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS, | |
295 | CMS_R_NOT_KEY_TRANSPORT); | |
296 | return 0; | |
297 | } | |
298 | ||
299 | ktri = ri->d.ktri; | |
300 | ||
301 | if (pk) | |
302 | *pk = ktri->pkey; | |
303 | if (recip) | |
304 | *recip = ktri->recip; | |
305 | if (palg) | |
306 | *palg = ktri->keyEncryptionAlgorithm; | |
307 | return 1; | |
308 | } | |
8931b30d DSH |
309 | |
310 | int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, | |
0f113f3e MC |
311 | ASN1_OCTET_STRING **keyid, |
312 | X509_NAME **issuer, | |
313 | ASN1_INTEGER **sno) | |
314 | { | |
315 | CMS_KeyTransRecipientInfo *ktri; | |
316 | if (ri->type != CMS_RECIPINFO_TRANS) { | |
317 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID, | |
318 | CMS_R_NOT_KEY_TRANSPORT); | |
319 | return 0; | |
320 | } | |
321 | ktri = ri->d.ktri; | |
322 | ||
323 | return cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer, sno); | |
324 | } | |
8931b30d DSH |
325 | |
326 | int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert) | |
0f113f3e MC |
327 | { |
328 | if (ri->type != CMS_RECIPINFO_TRANS) { | |
329 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP, | |
330 | CMS_R_NOT_KEY_TRANSPORT); | |
331 | return -2; | |
332 | } | |
333 | return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert); | |
334 | } | |
4f1aa191 | 335 | |
6e3bc4f0 | 336 | int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey) |
0f113f3e MC |
337 | { |
338 | if (ri->type != CMS_RECIPINFO_TRANS) { | |
339 | CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT); | |
340 | return 0; | |
341 | } | |
342 | ri->d.ktri->pkey = pkey; | |
343 | return 1; | |
344 | } | |
6e3bc4f0 | 345 | |
761ffa72 DSH |
346 | /* Encrypt content key in key transport recipient info */ |
347 | ||
348 | static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, | |
0f113f3e MC |
349 | CMS_RecipientInfo *ri) |
350 | { | |
351 | CMS_KeyTransRecipientInfo *ktri; | |
352 | CMS_EncryptedContentInfo *ec; | |
353 | EVP_PKEY_CTX *pctx; | |
354 | unsigned char *ek = NULL; | |
355 | size_t eklen; | |
356 | ||
357 | int ret = 0; | |
358 | ||
359 | if (ri->type != CMS_RECIPINFO_TRANS) { | |
360 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_NOT_KEY_TRANSPORT); | |
361 | return 0; | |
362 | } | |
363 | ktri = ri->d.ktri; | |
364 | ec = cms->d.envelopedData->encryptedContentInfo; | |
365 | ||
366 | pctx = ktri->pctx; | |
367 | ||
368 | if (pctx) { | |
369 | if (!cms_env_asn1_ctrl(ri, 0)) | |
370 | goto err; | |
371 | } else { | |
372 | pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL); | |
373 | if (!pctx) | |
374 | return 0; | |
375 | ||
376 | if (EVP_PKEY_encrypt_init(pctx) <= 0) | |
377 | goto err; | |
378 | } | |
379 | ||
380 | if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT, | |
381 | EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) { | |
382 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR); | |
383 | goto err; | |
384 | } | |
385 | ||
386 | if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0) | |
387 | goto err; | |
388 | ||
389 | ek = OPENSSL_malloc(eklen); | |
390 | ||
391 | if (ek == NULL) { | |
392 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, ERR_R_MALLOC_FAILURE); | |
393 | goto err; | |
394 | } | |
395 | ||
396 | if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0) | |
397 | goto err; | |
398 | ||
399 | ASN1_STRING_set0(ktri->encryptedKey, ek, eklen); | |
400 | ek = NULL; | |
401 | ||
402 | ret = 1; | |
403 | ||
404 | err: | |
405 | if (pctx) { | |
406 | EVP_PKEY_CTX_free(pctx); | |
407 | ktri->pctx = NULL; | |
408 | } | |
409 | if (ek) | |
410 | OPENSSL_free(ek); | |
411 | return ret; | |
412 | ||
413 | } | |
761ffa72 | 414 | |
ab124380 DSH |
415 | /* Decrypt content key from KTRI */ |
416 | ||
6e3bc4f0 | 417 | static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, |
0f113f3e MC |
418 | CMS_RecipientInfo *ri) |
419 | { | |
420 | CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; | |
421 | EVP_PKEY *pkey = ktri->pkey; | |
422 | unsigned char *ek = NULL; | |
423 | size_t eklen; | |
424 | int ret = 0; | |
425 | CMS_EncryptedContentInfo *ec; | |
426 | ec = cms->d.envelopedData->encryptedContentInfo; | |
427 | ||
428 | if (ktri->pkey == NULL) { | |
429 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_NO_PRIVATE_KEY); | |
430 | return 0; | |
431 | } | |
432 | ||
433 | ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL); | |
434 | if (!ktri->pctx) | |
435 | return 0; | |
436 | ||
437 | if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0) | |
438 | goto err; | |
439 | ||
440 | if (!cms_env_asn1_ctrl(ri, 1)) | |
441 | goto err; | |
442 | ||
443 | if (EVP_PKEY_CTX_ctrl(ktri->pctx, -1, EVP_PKEY_OP_DECRYPT, | |
444 | EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) { | |
445 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR); | |
446 | goto err; | |
447 | } | |
448 | ||
449 | if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen, | |
450 | ktri->encryptedKey->data, | |
451 | ktri->encryptedKey->length) <= 0) | |
452 | goto err; | |
453 | ||
454 | ek = OPENSSL_malloc(eklen); | |
455 | ||
456 | if (ek == NULL) { | |
457 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, ERR_R_MALLOC_FAILURE); | |
458 | goto err; | |
459 | } | |
460 | ||
461 | if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen, | |
462 | ktri->encryptedKey->data, | |
463 | ktri->encryptedKey->length) <= 0) { | |
464 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB); | |
465 | goto err; | |
466 | } | |
467 | ||
468 | ret = 1; | |
469 | ||
470 | if (ec->key) { | |
471 | OPENSSL_cleanse(ec->key, ec->keylen); | |
472 | OPENSSL_free(ec->key); | |
473 | } | |
474 | ||
475 | ec->key = ek; | |
476 | ec->keylen = eklen; | |
477 | ||
478 | err: | |
479 | if (ktri->pctx) { | |
480 | EVP_PKEY_CTX_free(ktri->pctx); | |
481 | ktri->pctx = NULL; | |
482 | } | |
483 | if (!ret && ek) | |
484 | OPENSSL_free(ek); | |
485 | ||
486 | return ret; | |
487 | } | |
4f1aa191 | 488 | |
ab124380 DSH |
489 | /* Key Encrypted Key (KEK) RecipientInfo routines */ |
490 | ||
0f113f3e MC |
491 | int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, |
492 | const unsigned char *id, size_t idlen) | |
493 | { | |
494 | ASN1_OCTET_STRING tmp_os; | |
495 | CMS_KEKRecipientInfo *kekri; | |
496 | if (ri->type != CMS_RECIPINFO_KEK) { | |
497 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK); | |
498 | return -2; | |
499 | } | |
500 | kekri = ri->d.kekri; | |
501 | tmp_os.type = V_ASN1_OCTET_STRING; | |
502 | tmp_os.flags = 0; | |
503 | tmp_os.data = (unsigned char *)id; | |
504 | tmp_os.length = (int)idlen; | |
505 | return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier); | |
506 | } | |
eeb9cdfc | 507 | |
ab124380 DSH |
508 | /* For now hard code AES key wrap info */ |
509 | ||
510 | static size_t aes_wrap_keylen(int nid) | |
0f113f3e MC |
511 | { |
512 | switch (nid) { | |
513 | case NID_id_aes128_wrap: | |
514 | return 16; | |
ab124380 | 515 | |
0f113f3e MC |
516 | case NID_id_aes192_wrap: |
517 | return 24; | |
ab124380 | 518 | |
0f113f3e MC |
519 | case NID_id_aes256_wrap: |
520 | return 32; | |
ab124380 | 521 | |
0f113f3e MC |
522 | default: |
523 | return 0; | |
524 | } | |
525 | } | |
ab124380 DSH |
526 | |
527 | CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, | |
0f113f3e MC |
528 | unsigned char *key, size_t keylen, |
529 | unsigned char *id, size_t idlen, | |
530 | ASN1_GENERALIZEDTIME *date, | |
531 | ASN1_OBJECT *otherTypeId, | |
532 | ASN1_TYPE *otherType) | |
533 | { | |
534 | CMS_RecipientInfo *ri = NULL; | |
535 | CMS_EnvelopedData *env; | |
536 | CMS_KEKRecipientInfo *kekri; | |
537 | env = cms_get0_enveloped(cms); | |
538 | if (!env) | |
539 | goto err; | |
ab124380 | 540 | |
0f113f3e MC |
541 | if (nid == NID_undef) { |
542 | switch (keylen) { | |
543 | case 16: | |
544 | nid = NID_id_aes128_wrap; | |
545 | break; | |
ab124380 | 546 | |
0f113f3e MC |
547 | case 24: |
548 | nid = NID_id_aes192_wrap; | |
549 | break; | |
550 | ||
551 | case 32: | |
552 | nid = NID_id_aes256_wrap; | |
553 | break; | |
554 | ||
555 | default: | |
556 | CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, CMS_R_INVALID_KEY_LENGTH); | |
557 | goto err; | |
558 | } | |
559 | ||
560 | } else { | |
561 | ||
562 | size_t exp_keylen = aes_wrap_keylen(nid); | |
563 | ||
564 | if (!exp_keylen) { | |
565 | CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, | |
566 | CMS_R_UNSUPPORTED_KEK_ALGORITHM); | |
567 | goto err; | |
568 | } | |
569 | ||
570 | if (keylen != exp_keylen) { | |
571 | CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, CMS_R_INVALID_KEY_LENGTH); | |
572 | goto err; | |
573 | } | |
574 | ||
575 | } | |
576 | ||
577 | /* Initialize recipient info */ | |
578 | ri = M_ASN1_new_of(CMS_RecipientInfo); | |
579 | if (!ri) | |
580 | goto merr; | |
581 | ||
582 | ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo); | |
583 | if (!ri->d.kekri) | |
584 | goto merr; | |
585 | ri->type = CMS_RECIPINFO_KEK; | |
586 | ||
587 | kekri = ri->d.kekri; | |
588 | ||
589 | if (otherTypeId) { | |
590 | kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute); | |
591 | if (kekri->kekid->other == NULL) | |
592 | goto merr; | |
593 | } | |
ab124380 | 594 | |
0f113f3e MC |
595 | if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) |
596 | goto merr; | |
597 | ||
598 | /* After this point no calls can fail */ | |
599 | ||
600 | kekri->version = 4; | |
601 | ||
602 | kekri->key = key; | |
603 | kekri->keylen = keylen; | |
604 | ||
605 | ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen); | |
606 | ||
607 | kekri->kekid->date = date; | |
608 | ||
609 | if (kekri->kekid->other) { | |
610 | kekri->kekid->other->keyAttrId = otherTypeId; | |
611 | kekri->kekid->other->keyAttr = otherType; | |
612 | } | |
613 | ||
614 | X509_ALGOR_set0(kekri->keyEncryptionAlgorithm, | |
615 | OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL); | |
616 | ||
617 | return ri; | |
618 | ||
619 | merr: | |
620 | CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE); | |
621 | err: | |
622 | if (ri) | |
623 | M_ASN1_free_of(ri, CMS_RecipientInfo); | |
624 | return NULL; | |
625 | ||
626 | } | |
627 | ||
628 | int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, | |
629 | X509_ALGOR **palg, | |
630 | ASN1_OCTET_STRING **pid, | |
631 | ASN1_GENERALIZEDTIME **pdate, | |
632 | ASN1_OBJECT **potherid, | |
633 | ASN1_TYPE **pothertype) | |
634 | { | |
635 | CMS_KEKIdentifier *rkid; | |
636 | if (ri->type != CMS_RECIPINFO_KEK) { | |
637 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK); | |
638 | return 0; | |
639 | } | |
640 | rkid = ri->d.kekri->kekid; | |
641 | if (palg) | |
642 | *palg = ri->d.kekri->keyEncryptionAlgorithm; | |
643 | if (pid) | |
644 | *pid = rkid->keyIdentifier; | |
645 | if (pdate) | |
646 | *pdate = rkid->date; | |
647 | if (potherid) { | |
648 | if (rkid->other) | |
649 | *potherid = rkid->other->keyAttrId; | |
650 | else | |
651 | *potherid = NULL; | |
652 | } | |
653 | if (pothertype) { | |
654 | if (rkid->other) | |
655 | *pothertype = rkid->other->keyAttr; | |
656 | else | |
657 | *pothertype = NULL; | |
658 | } | |
659 | return 1; | |
660 | } | |
661 | ||
662 | int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, | |
663 | unsigned char *key, size_t keylen) | |
664 | { | |
665 | CMS_KEKRecipientInfo *kekri; | |
666 | if (ri->type != CMS_RECIPINFO_KEK) { | |
667 | CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK); | |
668 | return 0; | |
669 | } | |
670 | ||
671 | kekri = ri->d.kekri; | |
672 | kekri->key = key; | |
673 | kekri->keylen = keylen; | |
674 | return 1; | |
675 | } | |
6e3bc4f0 DSH |
676 | |
677 | /* Encrypt content key in KEK recipient info */ | |
678 | ||
679 | static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms, | |
0f113f3e MC |
680 | CMS_RecipientInfo *ri) |
681 | { | |
682 | CMS_EncryptedContentInfo *ec; | |
683 | CMS_KEKRecipientInfo *kekri; | |
684 | AES_KEY actx; | |
685 | unsigned char *wkey = NULL; | |
686 | int wkeylen; | |
687 | int r = 0; | |
6e3bc4f0 | 688 | |
0f113f3e | 689 | ec = cms->d.envelopedData->encryptedContentInfo; |
6e3bc4f0 | 690 | |
0f113f3e | 691 | kekri = ri->d.kekri; |
6e3bc4f0 | 692 | |
0f113f3e MC |
693 | if (!kekri->key) { |
694 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY); | |
695 | return 0; | |
696 | } | |
6e3bc4f0 | 697 | |
0f113f3e MC |
698 | if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx)) { |
699 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, | |
700 | CMS_R_ERROR_SETTING_KEY); | |
701 | goto err; | |
702 | } | |
6e3bc4f0 | 703 | |
0f113f3e | 704 | wkey = OPENSSL_malloc(ec->keylen + 8); |
6e3bc4f0 | 705 | |
0f113f3e MC |
706 | if (!wkey) { |
707 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, ERR_R_MALLOC_FAILURE); | |
708 | goto err; | |
709 | } | |
6e3bc4f0 | 710 | |
0f113f3e | 711 | wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen); |
6e3bc4f0 | 712 | |
0f113f3e MC |
713 | if (wkeylen <= 0) { |
714 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR); | |
715 | goto err; | |
716 | } | |
6e3bc4f0 | 717 | |
0f113f3e | 718 | ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen); |
6e3bc4f0 | 719 | |
0f113f3e | 720 | r = 1; |
6e3bc4f0 | 721 | |
0f113f3e | 722 | err: |
6e3bc4f0 | 723 | |
0f113f3e MC |
724 | if (!r && wkey) |
725 | OPENSSL_free(wkey); | |
726 | OPENSSL_cleanse(&actx, sizeof(actx)); | |
6e3bc4f0 | 727 | |
0f113f3e | 728 | return r; |
6e3bc4f0 | 729 | |
0f113f3e | 730 | } |
6e3bc4f0 | 731 | |
ab124380 DSH |
732 | /* Decrypt content key in KEK recipient info */ |
733 | ||
6e3bc4f0 | 734 | static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, |
0f113f3e MC |
735 | CMS_RecipientInfo *ri) |
736 | { | |
737 | CMS_EncryptedContentInfo *ec; | |
738 | CMS_KEKRecipientInfo *kekri; | |
739 | AES_KEY actx; | |
740 | unsigned char *ukey = NULL; | |
741 | int ukeylen; | |
742 | int r = 0, wrap_nid; | |
743 | ||
744 | ec = cms->d.envelopedData->encryptedContentInfo; | |
745 | ||
746 | kekri = ri->d.kekri; | |
747 | ||
748 | if (!kekri->key) { | |
749 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY); | |
750 | return 0; | |
751 | } | |
752 | ||
753 | wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm); | |
754 | if (aes_wrap_keylen(wrap_nid) != kekri->keylen) { | |
755 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, | |
756 | CMS_R_INVALID_KEY_LENGTH); | |
757 | return 0; | |
758 | } | |
759 | ||
760 | /* If encrypted key length is invalid don't bother */ | |
761 | ||
762 | if (kekri->encryptedKey->length < 16) { | |
763 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, | |
764 | CMS_R_INVALID_ENCRYPTED_KEY_LENGTH); | |
765 | goto err; | |
766 | } | |
767 | ||
768 | if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx)) { | |
769 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, | |
770 | CMS_R_ERROR_SETTING_KEY); | |
771 | goto err; | |
772 | } | |
773 | ||
774 | ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8); | |
775 | ||
776 | if (!ukey) { | |
777 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, ERR_R_MALLOC_FAILURE); | |
778 | goto err; | |
779 | } | |
780 | ||
781 | ukeylen = AES_unwrap_key(&actx, NULL, ukey, | |
782 | kekri->encryptedKey->data, | |
783 | kekri->encryptedKey->length); | |
784 | ||
785 | if (ukeylen <= 0) { | |
786 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_UNWRAP_ERROR); | |
787 | goto err; | |
788 | } | |
789 | ||
790 | ec->key = ukey; | |
791 | ec->keylen = ukeylen; | |
792 | ||
793 | r = 1; | |
794 | ||
795 | err: | |
796 | ||
797 | if (!r && ukey) | |
798 | OPENSSL_free(ukey); | |
799 | OPENSSL_cleanse(&actx, sizeof(actx)); | |
800 | ||
801 | return r; | |
802 | ||
803 | } | |
6e3bc4f0 DSH |
804 | |
805 | int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) | |
0f113f3e MC |
806 | { |
807 | switch (ri->type) { | |
808 | case CMS_RECIPINFO_TRANS: | |
809 | return cms_RecipientInfo_ktri_decrypt(cms, ri); | |
6e3bc4f0 | 810 | |
0f113f3e MC |
811 | case CMS_RECIPINFO_KEK: |
812 | return cms_RecipientInfo_kekri_decrypt(cms, ri); | |
6e3bc4f0 | 813 | |
0f113f3e MC |
814 | case CMS_RECIPINFO_PASS: |
815 | return cms_RecipientInfo_pwri_crypt(cms, ri, 0); | |
d2a53c22 | 816 | |
0f113f3e MC |
817 | default: |
818 | CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT, | |
819 | CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE); | |
820 | return 0; | |
821 | } | |
822 | } | |
6e3bc4f0 | 823 | |
e1f1d28f | 824 | int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) |
0f113f3e MC |
825 | { |
826 | switch (ri->type) { | |
827 | case CMS_RECIPINFO_TRANS: | |
828 | return cms_RecipientInfo_ktri_encrypt(cms, ri); | |
829 | ||
830 | case CMS_RECIPINFO_AGREE: | |
831 | return cms_RecipientInfo_kari_encrypt(cms, ri); | |
832 | ||
833 | case CMS_RECIPINFO_KEK: | |
834 | return cms_RecipientInfo_kekri_encrypt(cms, ri); | |
0f113f3e MC |
835 | |
836 | case CMS_RECIPINFO_PASS: | |
837 | return cms_RecipientInfo_pwri_crypt(cms, ri, 1); | |
0f113f3e MC |
838 | |
839 | default: | |
840 | CMSerr(CMS_F_CMS_RECIPIENTINFO_ENCRYPT, | |
841 | CMS_R_UNSUPPORTED_RECIPIENT_TYPE); | |
842 | return 0; | |
843 | } | |
844 | } | |
e1f1d28f | 845 | |
ff7b6ce9 DSH |
846 | /* Check structures and fixup version numbers (if necessary) */ |
847 | ||
848 | static void cms_env_set_originfo_version(CMS_EnvelopedData *env) | |
0f113f3e MC |
849 | { |
850 | CMS_OriginatorInfo *org = env->originatorInfo; | |
851 | int i; | |
852 | if (org == NULL) | |
853 | return; | |
854 | for (i = 0; i < sk_CMS_CertificateChoices_num(org->certificates); i++) { | |
855 | CMS_CertificateChoices *cch; | |
856 | cch = sk_CMS_CertificateChoices_value(org->certificates, i); | |
857 | if (cch->type == CMS_CERTCHOICE_OTHER) { | |
858 | env->version = 4; | |
859 | return; | |
860 | } else if (cch->type == CMS_CERTCHOICE_V2ACERT) { | |
861 | if (env->version < 3) | |
862 | env->version = 3; | |
863 | } | |
864 | } | |
865 | ||
866 | for (i = 0; i < sk_CMS_RevocationInfoChoice_num(org->crls); i++) { | |
867 | CMS_RevocationInfoChoice *rch; | |
868 | rch = sk_CMS_RevocationInfoChoice_value(org->crls, i); | |
869 | if (rch->type == CMS_REVCHOICE_OTHER) { | |
870 | env->version = 4; | |
871 | return; | |
872 | } | |
873 | } | |
874 | } | |
ff7b6ce9 DSH |
875 | |
876 | static void cms_env_set_version(CMS_EnvelopedData *env) | |
0f113f3e MC |
877 | { |
878 | int i; | |
879 | CMS_RecipientInfo *ri; | |
880 | ||
881 | /* | |
882 | * Can't set version higher than 4 so if 4 or more already nothing to do. | |
883 | */ | |
884 | if (env->version >= 4) | |
885 | return; | |
886 | ||
887 | cms_env_set_originfo_version(env); | |
888 | ||
889 | if (env->version >= 3) | |
890 | return; | |
891 | ||
892 | for (i = 0; i < sk_CMS_RecipientInfo_num(env->recipientInfos); i++) { | |
893 | ri = sk_CMS_RecipientInfo_value(env->recipientInfos, i); | |
894 | if (ri->type == CMS_RECIPINFO_PASS || ri->type == CMS_RECIPINFO_OTHER) { | |
895 | env->version = 3; | |
896 | return; | |
897 | } else if (ri->type != CMS_RECIPINFO_TRANS | |
898 | || ri->d.ktri->version != 0) { | |
899 | env->version = 2; | |
900 | } | |
901 | } | |
902 | if (env->version == 2) | |
903 | return; | |
904 | if (env->originatorInfo || env->unprotectedAttrs) | |
905 | env->version = 2; | |
906 | env->version = 0; | |
907 | } | |
ff7b6ce9 | 908 | |
4f1aa191 | 909 | BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms) |
0f113f3e MC |
910 | { |
911 | CMS_EncryptedContentInfo *ec; | |
912 | STACK_OF(CMS_RecipientInfo) *rinfos; | |
913 | CMS_RecipientInfo *ri; | |
914 | int i, ok = 0; | |
915 | BIO *ret; | |
916 | ||
917 | /* Get BIO first to set up key */ | |
918 | ||
919 | ec = cms->d.envelopedData->encryptedContentInfo; | |
920 | ret = cms_EncryptedContent_init_bio(ec); | |
921 | ||
922 | /* If error or no cipher end of processing */ | |
923 | ||
924 | if (!ret || !ec->cipher) | |
925 | return ret; | |
926 | ||
927 | /* Now encrypt content key according to each RecipientInfo type */ | |
928 | ||
929 | rinfos = cms->d.envelopedData->recipientInfos; | |
930 | ||
931 | for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) { | |
932 | ri = sk_CMS_RecipientInfo_value(rinfos, i); | |
933 | if (CMS_RecipientInfo_encrypt(cms, ri) <= 0) { | |
934 | CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO, | |
935 | CMS_R_ERROR_SETTING_RECIPIENTINFO); | |
936 | goto err; | |
937 | } | |
938 | } | |
939 | cms_env_set_version(cms->d.envelopedData); | |
940 | ||
941 | ok = 1; | |
942 | ||
943 | err: | |
944 | ec->cipher = NULL; | |
945 | if (ec->key) { | |
946 | OPENSSL_cleanse(ec->key, ec->keylen); | |
947 | OPENSSL_free(ec->key); | |
948 | ec->key = NULL; | |
949 | ec->keylen = 0; | |
950 | } | |
951 | if (ok) | |
952 | return ret; | |
953 | BIO_free(ret); | |
954 | return NULL; | |
955 | ||
956 | } | |
957 | ||
958 | /* | |
959 | * Get RecipientInfo type (if any) supported by a key (public or private). To | |
960 | * retain compatibility with previous behaviour if the ctrl value isn't | |
17c2764d DSH |
961 | * supported we assume key transport. |
962 | */ | |
963 | int cms_pkey_get_ri_type(EVP_PKEY *pk) | |
0f113f3e MC |
964 | { |
965 | if (pk->ameth && pk->ameth->pkey_ctrl) { | |
966 | int i, r; | |
967 | i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_RI_TYPE, 0, &r); | |
968 | if (i > 0) | |
969 | return r; | |
970 | } | |
971 | return CMS_RECIPINFO_TRANS; | |
972 | } |