]> git.ipfire.org Git - thirdparty/openssl.git/blame - crypto/cms/cms_env.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
make EVP_PKEY opaque
[thirdparty/openssl.git] / crypto / cms / cms_env.c
CommitLineData
8931b30d 1/* crypto/cms/cms_env.c */
0f113f3e
MC		 2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
8931b30d
DSH		 4 * project.
5 */
6/* ====================================================================
7 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
0f113f3e 14 * notice, this list of conditions and the following disclaimer.
8931b30d
DSH		 15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 */
54
b39fc560 55#include "internal/cryptlib.h"
8931b30d
DSH		 56#include <openssl/asn1t.h>
57#include <openssl/pem.h>
58#include <openssl/x509v3.h>
59#include <openssl/err.h>
60#include <openssl/cms.h>
5c4436c9 61#include <openssl/rand.h>
6e3bc4f0 62#include <openssl/aes.h>
8931b30d 63#include "cms_lcl.h"
5fe736e5 64#include "internal/asn1_int.h"
3aeb9348 65#include "internal/evp_int.h"
8931b30d
DSH		 66
67/* CMS EnvelopedData Utilities */
68
d2a53c22 69CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
0f113f3e
MC		 70{
71 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
72 CMSerr(CMS_F_CMS_GET0_ENVELOPED,
73 CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
74 return NULL;
75 }
76 return cms->d.envelopedData;
77}
8931b30d
DSH		 78
79static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
0f113f3e
MC		 80{
81 if (cms->d.other == NULL) {
82 cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
83 if (!cms->d.envelopedData) {
84 CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT, ERR_R_MALLOC_FAILURE);
85 return NULL;
86 }
87 cms->d.envelopedData->version = 0;
88 cms->d.envelopedData->encryptedContentInfo->contentType =
89 OBJ_nid2obj(NID_pkcs7_data);
90 ASN1_OBJECT_free(cms->contentType);
91 cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
92 return cms->d.envelopedData;
93 }
94 return cms_get0_enveloped(cms);
95}
8931b30d 96
17c2764d 97int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
0f113f3e
MC		 98{
99 EVP_PKEY *pkey;
100 int i;
101 if (ri->type == CMS_RECIPINFO_TRANS)
102 pkey = ri->d.ktri->pkey;
103 else if (ri->type == CMS_RECIPINFO_AGREE) {
104 EVP_PKEY_CTX *pctx = ri->d.kari->pctx;
105 if (!pctx)
106 return 0;
107 pkey = EVP_PKEY_CTX_get0_pkey(pctx);
108 if (!pkey)
109 return 0;
110 } else
111 return 0;
112 if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
113 return 1;
114 i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri);
115 if (i == -2) {
116 CMSerr(CMS_F_CMS_ENV_ASN1_CTRL,
117 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
118 return 0;
119 }
120 if (i <= 0) {
121 CMSerr(CMS_F_CMS_ENV_ASN1_CTRL, CMS_R_CTRL_FAILURE);
122 return 0;
123 }
124 return 1;
125}
e365352d 126
4f1aa191 127STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
0f113f3e
MC		 128{
129 CMS_EnvelopedData *env;
130 env = cms_get0_enveloped(cms);
131 if (!env)
132 return NULL;
133 return env->recipientInfos;
134}
4f1aa191
DSH		 135
136int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
0f113f3e
MC		 137{
138 return ri->type;
139}
4f1aa191 140
e365352d 141EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri)
0f113f3e
MC		 142{
143 if (ri->type == CMS_RECIPINFO_TRANS)
144 return ri->d.ktri->pctx;
145 else if (ri->type == CMS_RECIPINFO_AGREE)
146 return ri->d.kari->pctx;
147 return NULL;
148}
e365352d 149
761ffa72 150CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
0f113f3e
MC		 151{
152 CMS_ContentInfo *cms;
153 CMS_EnvelopedData *env;
154 cms = CMS_ContentInfo_new();
90945fa3 155 if (cms == NULL)
0f113f3e
MC		 156 goto merr;
157 env = cms_enveloped_data_init(cms);
90945fa3 158 if (env == NULL)
0f113f3e
MC		 159 goto merr;
160 if (!cms_EncryptedContent_init(env->encryptedContentInfo,
161 cipher, NULL, 0))
162 goto merr;
163 return cms;
164 merr:
25aaa98a 165 CMS_ContentInfo_free(cms);
0f113f3e
MC		 166 CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
167 return NULL;
168}
761ffa72 169
ab124380
DSH		 170/* Key Transport Recipient Info (KTRI) routines */
171
17c2764d 172/* Initialise a ktri based on passed certificate and key */
ab124380 173
17c2764d 174static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
0f113f3e
MC		 175 EVP_PKEY *pk, unsigned int flags)
176{
177 CMS_KeyTransRecipientInfo *ktri;
178 int idtype;
179
180 ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
181 if (!ri->d.ktri)
182 return 0;
183 ri->type = CMS_RECIPINFO_TRANS;
184
185 ktri = ri->d.ktri;
186
187 if (flags & CMS_USE_KEYID) {
188 ktri->version = 2;
189 idtype = CMS_RECIPINFO_KEYIDENTIFIER;
190 } else {
191 ktri->version = 0;
192 idtype = CMS_RECIPINFO_ISSUER_SERIAL;
193 }
194
195 /*
196 * Not a typo: RecipientIdentifier and SignerIdentifier are the same
197 * structure.
198 */
199
200 if (!cms_set1_SignerIdentifier(ktri->rid, recip, idtype))
201 return 0;
202
05f0fb9f 203 X509_up_ref(recip);
0f113f3e
MC		 204 CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
205 ktri->pkey = pk;
206 ktri->recip = recip;
207
208 if (flags & CMS_KEY_PARAM) {
209 ktri->pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
90945fa3 210 if (ktri->pctx == NULL)
0f113f3e
MC		 211 return 0;
212 if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
213 return 0;
214 } else if (!cms_env_asn1_ctrl(ri, 0))
215 return 0;
216 return 1;
217}
218
219/*
220 * Add a recipient certificate using appropriate type of RecipientInfo
17c2764d
DSH		 221 */
222
223CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
0f113f3e
MC		 224 X509 *recip, unsigned int flags)
225{
226 CMS_RecipientInfo *ri = NULL;
227 CMS_EnvelopedData *env;
228 EVP_PKEY *pk = NULL;
229 env = cms_get0_enveloped(cms);
230 if (!env)
231 goto err;
232
233 /* Initialize recipient info */
234 ri = M_ASN1_new_of(CMS_RecipientInfo);
235 if (!ri)
236 goto merr;
237
8382fd3a 238 pk = X509_get0_pubkey(recip);
0f113f3e
MC		 239 if (!pk) {
240 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, CMS_R_ERROR_GETTING_PUBLIC_KEY);
241 goto err;
242 }
243
244 switch (cms_pkey_get_ri_type(pk)) {
245
246 case CMS_RECIPINFO_TRANS:
247 if (!cms_RecipientInfo_ktri_init(ri, recip, pk, flags))
248 goto err;
249 break;
250
251 case CMS_RECIPINFO_AGREE:
252 if (!cms_RecipientInfo_kari_init(ri, recip, pk, flags))
253 goto err;
254 break;
255
256 default:
257 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
258 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
259 goto err;
260
261 }
262
263 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
264 goto merr;
265
0f113f3e
MC		 266 return ri;
267
268 merr:
269 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
270 err:
2ace7450 271 M_ASN1_free_of(ri, CMS_RecipientInfo);
0f113f3e
MC		 272 return NULL;
273
274}
8931b30d
DSH		 275
276int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
0f113f3e
MC		 277 EVP_PKEY **pk, X509 **recip,
278 X509_ALGOR **palg)
279{
280 CMS_KeyTransRecipientInfo *ktri;
281 if (ri->type != CMS_RECIPINFO_TRANS) {
282 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
283 CMS_R_NOT_KEY_TRANSPORT);
284 return 0;
285 }
286
287 ktri = ri->d.ktri;
288
289 if (pk)
290 *pk = ktri->pkey;
291 if (recip)
292 *recip = ktri->recip;
293 if (palg)
294 *palg = ktri->keyEncryptionAlgorithm;
295 return 1;
296}
8931b30d
DSH		 297
298int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
0f113f3e
MC		 299 ASN1_OCTET_STRING **keyid,
300 X509_NAME **issuer,
301 ASN1_INTEGER **sno)
302{
303 CMS_KeyTransRecipientInfo *ktri;
304 if (ri->type != CMS_RECIPINFO_TRANS) {
305 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
306 CMS_R_NOT_KEY_TRANSPORT);
307 return 0;
308 }
309 ktri = ri->d.ktri;
310
311 return cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer, sno);
312}
8931b30d
DSH		 313
314int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
0f113f3e
MC		 315{
316 if (ri->type != CMS_RECIPINFO_TRANS) {
317 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
318 CMS_R_NOT_KEY_TRANSPORT);
319 return -2;
320 }
321 return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
322}
4f1aa191 323
6e3bc4f0 324int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
0f113f3e
MC		 325{
326 if (ri->type != CMS_RECIPINFO_TRANS) {
327 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT);
328 return 0;
329 }
330 ri->d.ktri->pkey = pkey;
331 return 1;
332}
6e3bc4f0 333
761ffa72
DSH		 334/* Encrypt content key in key transport recipient info */
335
336static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
0f113f3e
MC		 337 CMS_RecipientInfo *ri)
338{
339 CMS_KeyTransRecipientInfo *ktri;
340 CMS_EncryptedContentInfo *ec;
341 EVP_PKEY_CTX *pctx;
342 unsigned char *ek = NULL;
343 size_t eklen;
344
345 int ret = 0;
346
347 if (ri->type != CMS_RECIPINFO_TRANS) {
348 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_NOT_KEY_TRANSPORT);
349 return 0;
350 }
351 ktri = ri->d.ktri;
352 ec = cms->d.envelopedData->encryptedContentInfo;
353
354 pctx = ktri->pctx;
355
356 if (pctx) {
357 if (!cms_env_asn1_ctrl(ri, 0))
358 goto err;
359 } else {
360 pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
90945fa3 361 if (pctx == NULL)
0f113f3e
MC		 362 return 0;
363
364 if (EVP_PKEY_encrypt_init(pctx) <= 0)
365 goto err;
366 }
367
368 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
369 EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) {
370 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR);
371 goto err;
372 }
373
374 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
375 goto err;
376
377 ek = OPENSSL_malloc(eklen);
378
379 if (ek == NULL) {
380 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
381 goto err;
382 }
383
384 if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
385 goto err;
386
387 ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
388 ek = NULL;
389
390 ret = 1;
391
392 err:
25aaa98a
RS		 393 EVP_PKEY_CTX_free(pctx);
394 ktri->pctx = NULL;
b548a1f1 395 OPENSSL_free(ek);
0f113f3e
MC		 396 return ret;
397
398}
761ffa72 399
ab124380
DSH		 400/* Decrypt content key from KTRI */
401
6e3bc4f0 402static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
0f113f3e
MC		 403 CMS_RecipientInfo *ri)
404{
405 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
406 EVP_PKEY *pkey = ktri->pkey;
407 unsigned char *ek = NULL;
408 size_t eklen;
409 int ret = 0;
410 CMS_EncryptedContentInfo *ec;
411 ec = cms->d.envelopedData->encryptedContentInfo;
412
413 if (ktri->pkey == NULL) {
414 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_NO_PRIVATE_KEY);
415 return 0;
416 }
417
418 ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL);
90945fa3 419 if (ktri->pctx == NULL)
0f113f3e
MC		 420 return 0;
421
422 if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0)
423 goto err;
424
425 if (!cms_env_asn1_ctrl(ri, 1))
426 goto err;
427
428 if (EVP_PKEY_CTX_ctrl(ktri->pctx, -1, EVP_PKEY_OP_DECRYPT,
429 EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) {
430 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR);
431 goto err;
432 }
433
434 if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen,
435 ktri->encryptedKey->data,
436 ktri->encryptedKey->length) <= 0)
437 goto err;
438
439 ek = OPENSSL_malloc(eklen);
440
441 if (ek == NULL) {
442 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, ERR_R_MALLOC_FAILURE);
443 goto err;
444 }
445
446 if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen,
447 ktri->encryptedKey->data,
448 ktri->encryptedKey->length) <= 0) {
449 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
450 goto err;
451 }
452
453 ret = 1;
454
4b45c6e5 455 OPENSSL_clear_free(ec->key, ec->keylen);
0f113f3e
MC		 456 ec->key = ek;
457 ec->keylen = eklen;
458
459 err:
c5ba2d99
RS		 460 EVP_PKEY_CTX_free(ktri->pctx);
461 ktri->pctx = NULL;
b548a1f1 462 if (!ret)
0f113f3e
MC		 463 OPENSSL_free(ek);
464
465 return ret;
466}
4f1aa191 467
ab124380
DSH		 468/* Key Encrypted Key (KEK) RecipientInfo routines */
469
0f113f3e
MC		 470int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
471 const unsigned char *id, size_t idlen)
472{
473 ASN1_OCTET_STRING tmp_os;
474 CMS_KEKRecipientInfo *kekri;
475 if (ri->type != CMS_RECIPINFO_KEK) {
476 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK);
477 return -2;
478 }
479 kekri = ri->d.kekri;
480 tmp_os.type = V_ASN1_OCTET_STRING;
481 tmp_os.flags = 0;
482 tmp_os.data = (unsigned char *)id;
483 tmp_os.length = (int)idlen;
484 return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
485}
eeb9cdfc 486
ab124380
DSH		 487/* For now hard code AES key wrap info */
488
489static size_t aes_wrap_keylen(int nid)
0f113f3e
MC		 490{
491 switch (nid) {
492 case NID_id_aes128_wrap:
493 return 16;
ab124380 494
0f113f3e
MC		 495 case NID_id_aes192_wrap:
496 return 24;
ab124380 497
0f113f3e
MC		 498 case NID_id_aes256_wrap:
499 return 32;
ab124380 500
0f113f3e
MC		 501 default:
502 return 0;
503 }
504}
ab124380
DSH		 505
506CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
0f113f3e
MC		 507 unsigned char *key, size_t keylen,
508 unsigned char *id, size_t idlen,
509 ASN1_GENERALIZEDTIME *date,
510 ASN1_OBJECT *otherTypeId,
511 ASN1_TYPE *otherType)
512{
513 CMS_RecipientInfo *ri = NULL;
514 CMS_EnvelopedData *env;
515 CMS_KEKRecipientInfo *kekri;
516 env = cms_get0_enveloped(cms);
517 if (!env)
518 goto err;
ab124380 519
0f113f3e
MC		 520 if (nid == NID_undef) {
521 switch (keylen) {
522 case 16:
523 nid = NID_id_aes128_wrap;
524 break;
ab124380 525
0f113f3e
MC		 526 case 24:
527 nid = NID_id_aes192_wrap;
528 break;
529
530 case 32:
531 nid = NID_id_aes256_wrap;
532 break;
533
534 default:
535 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, CMS_R_INVALID_KEY_LENGTH);
536 goto err;
537 }
538
539 } else {
540
541 size_t exp_keylen = aes_wrap_keylen(nid);
542
543 if (!exp_keylen) {
544 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
545 CMS_R_UNSUPPORTED_KEK_ALGORITHM);
546 goto err;
547 }
548
549 if (keylen != exp_keylen) {
550 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, CMS_R_INVALID_KEY_LENGTH);
551 goto err;
552 }
553
554 }
555
556 /* Initialize recipient info */
557 ri = M_ASN1_new_of(CMS_RecipientInfo);
558 if (!ri)
559 goto merr;
560
561 ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
562 if (!ri->d.kekri)
563 goto merr;
564 ri->type = CMS_RECIPINFO_KEK;
565
566 kekri = ri->d.kekri;
567
568 if (otherTypeId) {
569 kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
570 if (kekri->kekid->other == NULL)
571 goto merr;
572 }
ab124380 573
0f113f3e
MC		 574 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
575 goto merr;
576
577 /* After this point no calls can fail */
578
579 kekri->version = 4;
580
581 kekri->key = key;
582 kekri->keylen = keylen;
583
584 ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
585
586 kekri->kekid->date = date;
587
588 if (kekri->kekid->other) {
589 kekri->kekid->other->keyAttrId = otherTypeId;
590 kekri->kekid->other->keyAttr = otherType;
591 }
592
593 X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
594 OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
595
596 return ri;
597
598 merr:
599 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
600 err:
2ace7450 601 M_ASN1_free_of(ri, CMS_RecipientInfo);
0f113f3e
MC		 602 return NULL;
603
604}
605
606int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
607 X509_ALGOR **palg,
608 ASN1_OCTET_STRING **pid,
609 ASN1_GENERALIZEDTIME **pdate,
610 ASN1_OBJECT **potherid,
611 ASN1_TYPE **pothertype)
612{
613 CMS_KEKIdentifier *rkid;
614 if (ri->type != CMS_RECIPINFO_KEK) {
615 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
616 return 0;
617 }
618 rkid = ri->d.kekri->kekid;
619 if (palg)
620 *palg = ri->d.kekri->keyEncryptionAlgorithm;
621 if (pid)
622 *pid = rkid->keyIdentifier;
623 if (pdate)
624 *pdate = rkid->date;
625 if (potherid) {
626 if (rkid->other)
627 *potherid = rkid->other->keyAttrId;
628 else
629 *potherid = NULL;
630 }
631 if (pothertype) {
632 if (rkid->other)
633 *pothertype = rkid->other->keyAttr;
634 else
635 *pothertype = NULL;
636 }
637 return 1;
638}
639
640int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
641 unsigned char *key, size_t keylen)
642{
643 CMS_KEKRecipientInfo *kekri;
644 if (ri->type != CMS_RECIPINFO_KEK) {
645 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK);
646 return 0;
647 }
648
649 kekri = ri->d.kekri;
650 kekri->key = key;
651 kekri->keylen = keylen;
652 return 1;
653}
6e3bc4f0
DSH		 654
655/* Encrypt content key in KEK recipient info */
656
657static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
0f113f3e
MC		 658 CMS_RecipientInfo *ri)
659{
660 CMS_EncryptedContentInfo *ec;
661 CMS_KEKRecipientInfo *kekri;
662 AES_KEY actx;
663 unsigned char *wkey = NULL;
664 int wkeylen;
665 int r = 0;
6e3bc4f0 666
0f113f3e 667 ec = cms->d.envelopedData->encryptedContentInfo;
6e3bc4f0 668
0f113f3e 669 kekri = ri->d.kekri;
6e3bc4f0 670
0f113f3e
MC		 671 if (!kekri->key) {
672 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY);
673 return 0;
674 }
6e3bc4f0 675
0f113f3e
MC		 676 if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
677 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
678 CMS_R_ERROR_SETTING_KEY);
679 goto err;
680 }
6e3bc4f0 681
0f113f3e 682 wkey = OPENSSL_malloc(ec->keylen + 8);
6e3bc4f0 683
90945fa3 684 if (wkey == NULL) {
0f113f3e
MC		 685 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
686 goto err;
687 }
6e3bc4f0 688
0f113f3e 689 wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
6e3bc4f0 690
0f113f3e
MC		 691 if (wkeylen <= 0) {
692 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
693 goto err;
694 }
6e3bc4f0 695
0f113f3e 696 ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
6e3bc4f0 697
0f113f3e 698 r = 1;
6e3bc4f0 699
0f113f3e 700 err:
6e3bc4f0 701
b548a1f1 702 if (!r)
0f113f3e
MC		 703 OPENSSL_free(wkey);
704 OPENSSL_cleanse(&actx, sizeof(actx));
6e3bc4f0 705
0f113f3e 706 return r;
6e3bc4f0 707
0f113f3e 708}
6e3bc4f0 709
ab124380
DSH		 710/* Decrypt content key in KEK recipient info */
711
6e3bc4f0 712static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
0f113f3e
MC		 713 CMS_RecipientInfo *ri)
714{
715 CMS_EncryptedContentInfo *ec;
716 CMS_KEKRecipientInfo *kekri;
717 AES_KEY actx;
718 unsigned char *ukey = NULL;
719 int ukeylen;
720 int r = 0, wrap_nid;
721
722 ec = cms->d.envelopedData->encryptedContentInfo;
723
724 kekri = ri->d.kekri;
725
726 if (!kekri->key) {
727 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY);
728 return 0;
729 }
730
731 wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
732 if (aes_wrap_keylen(wrap_nid) != kekri->keylen) {
733 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
734 CMS_R_INVALID_KEY_LENGTH);
735 return 0;
736 }
737
738 /* If encrypted key length is invalid don't bother */
739
740 if (kekri->encryptedKey->length < 16) {
741 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
742 CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
743 goto err;
744 }
745
746 if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
747 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
748 CMS_R_ERROR_SETTING_KEY);
749 goto err;
750 }
751
752 ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
753
90945fa3 754 if (ukey == NULL) {
0f113f3e
MC		 755 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, ERR_R_MALLOC_FAILURE);
756 goto err;
757 }
758
759 ukeylen = AES_unwrap_key(&actx, NULL, ukey,
760 kekri->encryptedKey->data,
761 kekri->encryptedKey->length);
762
763 if (ukeylen <= 0) {
764 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_UNWRAP_ERROR);
765 goto err;
766 }
767
768 ec->key = ukey;
769 ec->keylen = ukeylen;
770
771 r = 1;
772
773 err:
774
b548a1f1 775 if (!r)
0f113f3e
MC		 776 OPENSSL_free(ukey);
777 OPENSSL_cleanse(&actx, sizeof(actx));
778
779 return r;
780
781}
6e3bc4f0
DSH		 782
783int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
0f113f3e
MC		 784{
785 switch (ri->type) {
786 case CMS_RECIPINFO_TRANS:
787 return cms_RecipientInfo_ktri_decrypt(cms, ri);
6e3bc4f0 788
0f113f3e
MC		 789 case CMS_RECIPINFO_KEK:
790 return cms_RecipientInfo_kekri_decrypt(cms, ri);
6e3bc4f0 791
0f113f3e
MC		 792 case CMS_RECIPINFO_PASS:
793 return cms_RecipientInfo_pwri_crypt(cms, ri, 0);
d2a53c22 794
0f113f3e
MC		 795 default:
796 CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
797 CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
798 return 0;
799 }
800}
6e3bc4f0 801
e1f1d28f 802int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
0f113f3e
MC		 803{
804 switch (ri->type) {
805 case CMS_RECIPINFO_TRANS:
806 return cms_RecipientInfo_ktri_encrypt(cms, ri);
807
808 case CMS_RECIPINFO_AGREE:
809 return cms_RecipientInfo_kari_encrypt(cms, ri);
810
811 case CMS_RECIPINFO_KEK:
812 return cms_RecipientInfo_kekri_encrypt(cms, ri);
0f113f3e
MC		 813
814 case CMS_RECIPINFO_PASS:
815 return cms_RecipientInfo_pwri_crypt(cms, ri, 1);
0f113f3e
MC		 816
817 default:
818 CMSerr(CMS_F_CMS_RECIPIENTINFO_ENCRYPT,
819 CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
820 return 0;
821 }
822}
e1f1d28f 823
ff7b6ce9
DSH		 824/* Check structures and fixup version numbers (if necessary) */
825
826static void cms_env_set_originfo_version(CMS_EnvelopedData *env)
0f113f3e
MC		 827{
828 CMS_OriginatorInfo *org = env->originatorInfo;
829 int i;
830 if (org == NULL)
831 return;
832 for (i = 0; i < sk_CMS_CertificateChoices_num(org->certificates); i++) {
833 CMS_CertificateChoices *cch;
834 cch = sk_CMS_CertificateChoices_value(org->certificates, i);
835 if (cch->type == CMS_CERTCHOICE_OTHER) {
836 env->version = 4;
837 return;
838 } else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
839 if (env->version < 3)
840 env->version = 3;
841 }
842 }
843
844 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(org->crls); i++) {
845 CMS_RevocationInfoChoice *rch;
846 rch = sk_CMS_RevocationInfoChoice_value(org->crls, i);
847 if (rch->type == CMS_REVCHOICE_OTHER) {
848 env->version = 4;
849 return;
850 }
851 }
852}
ff7b6ce9
DSH		 853
854static void cms_env_set_version(CMS_EnvelopedData *env)
0f113f3e
MC		 855{
856 int i;
857 CMS_RecipientInfo *ri;
858
859 /*
860 * Can't set version higher than 4 so if 4 or more already nothing to do.
861 */
862 if (env->version >= 4)
863 return;
864
865 cms_env_set_originfo_version(env);
866
867 if (env->version >= 3)
868 return;
869
870 for (i = 0; i < sk_CMS_RecipientInfo_num(env->recipientInfos); i++) {
871 ri = sk_CMS_RecipientInfo_value(env->recipientInfos, i);
872 if (ri->type == CMS_RECIPINFO_PASS || ri->type == CMS_RECIPINFO_OTHER) {
873 env->version = 3;
874 return;
875 } else if (ri->type != CMS_RECIPINFO_TRANS
876 || ri->d.ktri->version != 0) {
877 env->version = 2;
878 }
879 }
880 if (env->version == 2)
881 return;
882 if (env->originatorInfo || env->unprotectedAttrs)
883 env->version = 2;
884 env->version = 0;
885}
ff7b6ce9 886
4f1aa191 887BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
0f113f3e
MC		 888{
889 CMS_EncryptedContentInfo *ec;
890 STACK_OF(CMS_RecipientInfo) *rinfos;
891 CMS_RecipientInfo *ri;
892 int i, ok = 0;
893 BIO *ret;
894
895 /* Get BIO first to set up key */
896
897 ec = cms->d.envelopedData->encryptedContentInfo;
898 ret = cms_EncryptedContent_init_bio(ec);
899
900 /* If error or no cipher end of processing */
901
902 if (!ret || !ec->cipher)
903 return ret;
904
905 /* Now encrypt content key according to each RecipientInfo type */
906
907 rinfos = cms->d.envelopedData->recipientInfos;
908
909 for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) {
910 ri = sk_CMS_RecipientInfo_value(rinfos, i);
911 if (CMS_RecipientInfo_encrypt(cms, ri) <= 0) {
912 CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
913 CMS_R_ERROR_SETTING_RECIPIENTINFO);
914 goto err;
915 }
916 }
917 cms_env_set_version(cms->d.envelopedData);
918
919 ok = 1;
920
921 err:
922 ec->cipher = NULL;
4b45c6e5
RS		 923 OPENSSL_clear_free(ec->key, ec->keylen);
924 ec->key = NULL;
925 ec->keylen = 0;
0f113f3e
MC		 926 if (ok)
927 return ret;
928 BIO_free(ret);
929 return NULL;
930
931}
932
933/*
934 * Get RecipientInfo type (if any) supported by a key (public or private). To
935 * retain compatibility with previous behaviour if the ctrl value isn't
17c2764d
DSH		 936 * supported we assume key transport.
937 */
938int cms_pkey_get_ri_type(EVP_PKEY *pk)
0f113f3e
MC		 939{
940 if (pk->ameth && pk->ameth->pkey_ctrl) {
941 int i, r;
942 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_RI_TYPE, 0, &r);
943 if (i > 0)
944 return r;
945 }
946 return CMS_RECIPINFO_TRANS;
947}
A mirror of the official openssl repository