]>
Commit | Line | Data |
---|---|---|
8931b30d DSH |
1 | /* crypto/cms/cms_env.c */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
3 | * project. | |
4 | */ | |
5 | /* ==================================================================== | |
6 | * Copyright (c) 2008 The OpenSSL Project. All rights reserved. | |
7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | |
11 | * | |
12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | |
14 | * | |
15 | * 2. Redistributions in binary form must reproduce the above copyright | |
16 | * notice, this list of conditions and the following disclaimer in | |
17 | * the documentation and/or other materials provided with the | |
18 | * distribution. | |
19 | * | |
20 | * 3. All advertising materials mentioning features or use of this | |
21 | * software must display the following acknowledgment: | |
22 | * "This product includes software developed by the OpenSSL Project | |
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
24 | * | |
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
26 | * endorse or promote products derived from this software without | |
27 | * prior written permission. For written permission, please contact | |
28 | * licensing@OpenSSL.org. | |
29 | * | |
30 | * 5. Products derived from this software may not be called "OpenSSL" | |
31 | * nor may "OpenSSL" appear in their names without prior written | |
32 | * permission of the OpenSSL Project. | |
33 | * | |
34 | * 6. Redistributions of any form whatsoever must retain the following | |
35 | * acknowledgment: | |
36 | * "This product includes software developed by the OpenSSL Project | |
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
38 | * | |
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
51 | * ==================================================================== | |
52 | */ | |
53 | ||
54 | #include "cryptlib.h" | |
55 | #include <openssl/asn1t.h> | |
56 | #include <openssl/pem.h> | |
57 | #include <openssl/x509v3.h> | |
58 | #include <openssl/err.h> | |
59 | #include <openssl/cms.h> | |
5c4436c9 | 60 | #include <openssl/rand.h> |
8931b30d DSH |
61 | #include "cms_lcl.h" |
62 | #include "asn1_locl.h" | |
63 | ||
64 | /* CMS EnvelopedData Utilities */ | |
65 | ||
66 | DECLARE_ASN1_ITEM(CMS_EnvelopedData) | |
67 | DECLARE_ASN1_ITEM(CMS_RecipientInfo) | |
68 | DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo) | |
69 | ||
8931b30d DSH |
70 | DECLARE_STACK_OF(CMS_RecipientInfo) |
71 | ||
72 | static CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms) | |
73 | { | |
74 | if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) | |
75 | { | |
76 | CMSerr(CMS_F_CMS_GET0_ENVELOPED, | |
77 | CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); | |
78 | return NULL; | |
79 | } | |
80 | return cms->d.envelopedData; | |
81 | } | |
82 | ||
83 | static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms) | |
84 | { | |
85 | if (cms->d.other == NULL) | |
86 | { | |
87 | cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData); | |
88 | if (!cms->d.envelopedData) | |
89 | { | |
90 | CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT, | |
91 | ERR_R_MALLOC_FAILURE); | |
92 | return NULL; | |
93 | } | |
94 | cms->d.envelopedData->version = 0; | |
95 | cms->d.envelopedData->encryptedContentInfo->contentType = | |
96 | OBJ_nid2obj(NID_pkcs7_data); | |
97 | ASN1_OBJECT_free(cms->contentType); | |
98 | cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped); | |
99 | return cms->d.envelopedData; | |
100 | } | |
101 | return cms_get0_enveloped(cms); | |
102 | } | |
103 | ||
4f1aa191 DSH |
104 | STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms) |
105 | { | |
106 | CMS_EnvelopedData *env; | |
761ffa72 | 107 | env = cms_get0_enveloped(cms); |
4f1aa191 DSH |
108 | if (!env) |
109 | return NULL; | |
110 | return env->recipientInfos; | |
111 | } | |
112 | ||
113 | int CMS_RecipientInfo_type(CMS_RecipientInfo *ri) | |
114 | { | |
115 | return ri->type; | |
116 | } | |
117 | ||
761ffa72 DSH |
118 | CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher) |
119 | { | |
120 | CMS_ContentInfo *cms; | |
121 | CMS_EnvelopedData *env; | |
122 | cms = CMS_ContentInfo_new(); | |
123 | if (!cms) | |
124 | goto merr; | |
125 | env = cms_enveloped_data_init(cms); | |
126 | if (!env) | |
127 | goto merr; | |
128 | if (!cms_EncryptedContent_init(env->encryptedContentInfo, | |
129 | cipher, NULL, 0)) | |
130 | goto merr; | |
131 | return cms; | |
132 | merr: | |
133 | if (cms) | |
134 | CMS_ContentInfo_free(cms); | |
135 | CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE); | |
136 | return NULL; | |
137 | } | |
138 | ||
8931b30d DSH |
139 | /* Add a recipient certificate. For now only handle key transport. |
140 | * If we ever handle key agreement will need updating. | |
141 | */ | |
8931b30d DSH |
142 | CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, |
143 | X509 *recip, unsigned int flags) | |
144 | { | |
145 | CMS_RecipientInfo *ri = NULL; | |
146 | CMS_KeyTransRecipientInfo *ktri; | |
147 | CMS_EnvelopedData *env; | |
148 | EVP_PKEY *pk = NULL; | |
149 | int i, type; | |
761ffa72 | 150 | env = cms_get0_enveloped(cms); |
8931b30d DSH |
151 | if (!env) |
152 | goto err; | |
153 | ||
761ffa72 | 154 | /* Initialize recipient info */ |
8931b30d DSH |
155 | ri = M_ASN1_new_of(CMS_RecipientInfo); |
156 | if (!ri) | |
157 | goto merr; | |
158 | ||
761ffa72 | 159 | /* Initialize and add key transport recipient info */ |
8931b30d DSH |
160 | |
161 | ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo); | |
162 | if (!ri->d.ktri) | |
163 | goto merr; | |
164 | ri->type = CMS_RECIPINFO_TRANS; | |
165 | ||
166 | ktri = ri->d.ktri; | |
167 | ||
168 | X509_check_purpose(recip, -1, -1); | |
169 | pk = X509_get_pubkey(recip); | |
170 | if (!pk) | |
171 | { | |
172 | CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, | |
173 | CMS_R_ERROR_GETTING_PUBLIC_KEY); | |
174 | goto err; | |
175 | } | |
176 | CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509); | |
8931b30d DSH |
177 | ktri->pkey = pk; |
178 | ktri->recip = recip; | |
179 | ||
180 | if (flags & CMS_USE_KEYID) | |
181 | { | |
182 | ktri->version = 2; | |
183 | type = CMS_RECIPINFO_KEYIDENTIFIER; | |
184 | } | |
185 | else | |
186 | { | |
187 | ktri->version = 0; | |
188 | type = CMS_RECIPINFO_ISSUER_SERIAL; | |
189 | } | |
190 | ||
191 | /* Not a typo: RecipientIdentifier and SignerIdentifier are the | |
192 | * same structure. | |
193 | */ | |
194 | ||
195 | if (!cms_set1_SignerIdentifier(ktri->rid, recip, type)) | |
196 | goto err; | |
197 | ||
198 | if (pk->ameth && pk->ameth->pkey_ctrl) | |
199 | { | |
200 | i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_ENVELOPE, | |
201 | 0, ri); | |
202 | if (i == -2) | |
203 | { | |
204 | CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, | |
205 | CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); | |
206 | goto err; | |
207 | } | |
208 | if (i <= 0) | |
209 | { | |
210 | CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, | |
211 | CMS_R_CTRL_FAILURE); | |
212 | goto err; | |
213 | } | |
214 | } | |
215 | ||
216 | if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) | |
217 | goto merr; | |
218 | ||
219 | return ri; | |
220 | ||
221 | merr: | |
222 | CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE); | |
223 | err: | |
224 | if (ri) | |
225 | M_ASN1_free_of(ri, CMS_RecipientInfo); | |
226 | return NULL; | |
227 | ||
228 | } | |
229 | ||
230 | int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, | |
231 | EVP_PKEY **pk, X509 **recip, | |
232 | X509_ALGOR **palg) | |
233 | { | |
234 | CMS_KeyTransRecipientInfo *ktri; | |
235 | if (ri->type != CMS_RECIPINFO_TRANS) | |
236 | { | |
237 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS, | |
238 | CMS_R_NOT_KEY_TRANSPORT); | |
239 | return 0; | |
240 | } | |
241 | ||
242 | ktri = ri->d.ktri; | |
243 | ||
244 | if (pk) | |
245 | *pk = ktri->pkey; | |
246 | if (recip) | |
247 | *recip = ktri->recip; | |
248 | if (palg) | |
249 | *palg = ktri->keyEncryptionAlgorithm; | |
250 | return 1; | |
251 | } | |
252 | ||
253 | int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, | |
254 | ASN1_OCTET_STRING **keyid, | |
255 | X509_NAME **issuer, ASN1_INTEGER **sno) | |
256 | { | |
257 | CMS_KeyTransRecipientInfo *ktri; | |
258 | if (ri->type != CMS_RECIPINFO_TRANS) | |
259 | { | |
260 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID, | |
261 | CMS_R_NOT_KEY_TRANSPORT); | |
262 | return 0; | |
263 | } | |
4f1aa191 | 264 | ktri = ri->d.ktri; |
8931b30d DSH |
265 | |
266 | return cms_SignerIdentifier_get0_signer_id(ktri->rid, | |
267 | keyid, issuer, sno); | |
268 | } | |
269 | ||
270 | int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert) | |
271 | { | |
8931b30d DSH |
272 | if (ri->type != CMS_RECIPINFO_TRANS) |
273 | { | |
274 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP, | |
275 | CMS_R_NOT_KEY_TRANSPORT); | |
4f1aa191 DSH |
276 | return -2; |
277 | } | |
278 | ||
279 | return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert); | |
280 | } | |
281 | ||
761ffa72 DSH |
282 | /* Encrypt content key in key transport recipient info */ |
283 | ||
284 | static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, | |
285 | CMS_RecipientInfo *ri) | |
286 | { | |
287 | CMS_KeyTransRecipientInfo *ktri; | |
288 | CMS_EncryptedContentInfo *ec; | |
289 | EVP_PKEY_CTX *pctx = NULL; | |
290 | unsigned char *ek = NULL; | |
291 | size_t eklen; | |
292 | ||
293 | int ret = 0; | |
294 | ||
295 | if (ri->type != CMS_RECIPINFO_TRANS) | |
296 | { | |
297 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, | |
298 | CMS_R_NOT_KEY_TRANSPORT); | |
299 | return 0; | |
300 | } | |
301 | ktri = ri->d.ktri; | |
302 | ec = cms->d.envelopedData->encryptedContentInfo; | |
303 | ||
304 | pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL); | |
305 | if (!pctx) | |
306 | return 0; | |
307 | ||
308 | if (EVP_PKEY_encrypt_init(pctx) <= 0) | |
309 | goto err; | |
310 | ||
311 | if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT, | |
312 | EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) | |
313 | { | |
314 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR); | |
315 | goto err; | |
316 | } | |
317 | ||
318 | if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0) | |
319 | goto err; | |
320 | ||
321 | ek = OPENSSL_malloc(eklen); | |
322 | ||
323 | if (ek == NULL) | |
324 | { | |
325 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, | |
326 | ERR_R_MALLOC_FAILURE); | |
327 | goto err; | |
328 | } | |
329 | ||
330 | if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0) | |
331 | goto err; | |
332 | ||
333 | ASN1_STRING_set0(ktri->encryptedKey, ek, eklen); | |
334 | ek = NULL; | |
335 | ||
336 | ret = 1; | |
337 | ||
338 | err: | |
339 | if (pctx) | |
340 | EVP_PKEY_CTX_free(pctx); | |
341 | if (ek) | |
342 | OPENSSL_free(ek); | |
343 | return ret; | |
344 | ||
345 | } | |
346 | ||
4f1aa191 DSH |
347 | int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, |
348 | EVP_PKEY *pkey) | |
349 | { | |
350 | CMS_KeyTransRecipientInfo *ktri; | |
351 | EVP_PKEY_CTX *pctx = NULL; | |
352 | unsigned char *ek = NULL; | |
353 | size_t eklen; | |
354 | ||
355 | int ret = 0; | |
356 | ||
357 | if (ri->type != CMS_RECIPINFO_TRANS) | |
358 | { | |
359 | CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT, | |
360 | CMS_R_NOT_KEY_TRANSPORT); | |
361 | return 0; | |
362 | } | |
363 | ktri = ri->d.ktri; | |
364 | ||
365 | pctx = EVP_PKEY_CTX_new(pkey, NULL); | |
366 | if (!pctx) | |
8931b30d | 367 | return 0; |
4f1aa191 DSH |
368 | |
369 | if (EVP_PKEY_decrypt_init(pctx) <= 0) | |
370 | goto err; | |
371 | ||
372 | if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT, | |
373 | EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) | |
374 | { | |
375 | CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT, CMS_R_CTRL_ERROR); | |
376 | goto err; | |
8931b30d DSH |
377 | } |
378 | ||
4f1aa191 DSH |
379 | if (EVP_PKEY_decrypt(pctx, NULL, &eklen, |
380 | ktri->encryptedKey->data, | |
381 | ktri->encryptedKey->length) <= 0) | |
382 | goto err; | |
383 | ||
384 | ek = OPENSSL_malloc(eklen); | |
385 | ||
386 | if (ek == NULL) | |
387 | { | |
388 | CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT, ERR_R_MALLOC_FAILURE); | |
389 | goto err; | |
390 | } | |
391 | ||
392 | if (EVP_PKEY_decrypt(pctx, ek, &eklen, | |
393 | ktri->encryptedKey->data, | |
394 | ktri->encryptedKey->length) <= 0) | |
395 | { | |
396 | CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT, CMS_R_CMS_LIB); | |
397 | goto err; | |
398 | } | |
399 | ||
400 | ret = 1; | |
401 | ||
402 | cms->d.envelopedData->encryptedContentInfo->key = ek; | |
403 | cms->d.envelopedData->encryptedContentInfo->keylen = eklen; | |
404 | ||
405 | err: | |
406 | if (pctx) | |
407 | EVP_PKEY_CTX_free(pctx); | |
408 | if (!ret && ek) | |
409 | OPENSSL_free(ek); | |
410 | ||
411 | return ret; | |
412 | } | |
413 | ||
414 | BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms) | |
415 | { | |
416 | CMS_EncryptedContentInfo *ec; | |
761ffa72 DSH |
417 | STACK_OF(CMS_RecipientInfo) *rinfos; |
418 | CMS_RecipientInfo *ri; | |
419 | int i, r, ok = 0; | |
420 | BIO *ret; | |
421 | ||
422 | /* Get BIO first to set up key */ | |
423 | ||
4f1aa191 | 424 | ec = cms->d.envelopedData->encryptedContentInfo; |
761ffa72 DSH |
425 | ret = cms_EncryptedContent_init_bio(ec); |
426 | ||
427 | /* If error or no cipher end of processing */ | |
428 | ||
429 | if (!ret || !ec->cipher) | |
430 | return ret; | |
431 | ||
432 | ||
433 | rinfos = cms->d.envelopedData->recipientInfos; | |
434 | ||
435 | for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) | |
436 | { | |
437 | ri = sk_CMS_RecipientInfo_value(rinfos, i); | |
438 | if (ri->type == CMS_RECIPINFO_TRANS) | |
439 | r = cms_RecipientInfo_ktri_encrypt(cms, ri); | |
440 | else | |
441 | { | |
442 | CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO, | |
443 | CMS_R_UNSUPPORTED_RECIPIENT_TYPE); | |
444 | goto err; | |
445 | } | |
446 | if (r <= 0) | |
447 | { | |
448 | CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO, | |
449 | CMS_R_ERROR_SETTING_RECIPIENTINFO); | |
450 | goto err; | |
451 | } | |
452 | } | |
453 | ||
454 | ok = 1; | |
455 | ||
456 | err: | |
457 | ec->cipher = NULL; | |
458 | if (ec->key) | |
459 | { | |
460 | OPENSSL_cleanse(ec->key, ec->keylen); | |
461 | OPENSSL_free(ec->key); | |
462 | ec->key = NULL; | |
463 | ec->keylen = 0; | |
464 | } | |
465 | if (ok) | |
466 | return ret; | |
467 | BIO_free(ret); | |
468 | return NULL; | |
469 | ||
8931b30d | 470 | } |