]>
Commit | Line | Data |
---|---|---|
8931b30d DSH |
1 | /* crypto/cms/cms_env.c */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
3 | * project. | |
4 | */ | |
5 | /* ==================================================================== | |
6 | * Copyright (c) 2008 The OpenSSL Project. All rights reserved. | |
7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | |
11 | * | |
12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | |
14 | * | |
15 | * 2. Redistributions in binary form must reproduce the above copyright | |
16 | * notice, this list of conditions and the following disclaimer in | |
17 | * the documentation and/or other materials provided with the | |
18 | * distribution. | |
19 | * | |
20 | * 3. All advertising materials mentioning features or use of this | |
21 | * software must display the following acknowledgment: | |
22 | * "This product includes software developed by the OpenSSL Project | |
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
24 | * | |
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
26 | * endorse or promote products derived from this software without | |
27 | * prior written permission. For written permission, please contact | |
28 | * licensing@OpenSSL.org. | |
29 | * | |
30 | * 5. Products derived from this software may not be called "OpenSSL" | |
31 | * nor may "OpenSSL" appear in their names without prior written | |
32 | * permission of the OpenSSL Project. | |
33 | * | |
34 | * 6. Redistributions of any form whatsoever must retain the following | |
35 | * acknowledgment: | |
36 | * "This product includes software developed by the OpenSSL Project | |
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
38 | * | |
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
51 | * ==================================================================== | |
52 | */ | |
53 | ||
54 | #include "cryptlib.h" | |
55 | #include <openssl/asn1t.h> | |
56 | #include <openssl/pem.h> | |
57 | #include <openssl/x509v3.h> | |
58 | #include <openssl/err.h> | |
59 | #include <openssl/cms.h> | |
60 | #include "cms_lcl.h" | |
61 | #include "asn1_locl.h" | |
62 | ||
63 | /* CMS EnvelopedData Utilities */ | |
64 | ||
65 | DECLARE_ASN1_ITEM(CMS_EnvelopedData) | |
66 | DECLARE_ASN1_ITEM(CMS_RecipientInfo) | |
67 | DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo) | |
68 | ||
69 | #if 0 | |
70 | IMPLEMENT_ASN1_ALLOC_FUNCTIONS(CMS_EnvelopedData) | |
71 | IMPLEMENT_ASN1_ALLOC_FUNCTIONS(CMS_RecipientInfo) | |
72 | IMPLEMENT_ASN1_ALLOC_FUNCTIONS(CMS_KeyTransRecipientInfo) | |
73 | #endif | |
74 | ||
75 | DECLARE_STACK_OF(CMS_RecipientInfo) | |
76 | ||
77 | static CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms) | |
78 | { | |
79 | if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) | |
80 | { | |
81 | CMSerr(CMS_F_CMS_GET0_ENVELOPED, | |
82 | CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); | |
83 | return NULL; | |
84 | } | |
85 | return cms->d.envelopedData; | |
86 | } | |
87 | ||
88 | static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms) | |
89 | { | |
90 | if (cms->d.other == NULL) | |
91 | { | |
92 | cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData); | |
93 | if (!cms->d.envelopedData) | |
94 | { | |
95 | CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT, | |
96 | ERR_R_MALLOC_FAILURE); | |
97 | return NULL; | |
98 | } | |
99 | cms->d.envelopedData->version = 0; | |
100 | cms->d.envelopedData->encryptedContentInfo->contentType = | |
101 | OBJ_nid2obj(NID_pkcs7_data); | |
102 | ASN1_OBJECT_free(cms->contentType); | |
103 | cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped); | |
104 | return cms->d.envelopedData; | |
105 | } | |
106 | return cms_get0_enveloped(cms); | |
107 | } | |
108 | ||
109 | /* Add a recipient certificate. For now only handle key transport. | |
110 | * If we ever handle key agreement will need updating. | |
111 | */ | |
112 | ||
113 | CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, | |
114 | X509 *recip, unsigned int flags) | |
115 | { | |
116 | CMS_RecipientInfo *ri = NULL; | |
117 | CMS_KeyTransRecipientInfo *ktri; | |
118 | CMS_EnvelopedData *env; | |
119 | EVP_PKEY *pk = NULL; | |
120 | int i, type; | |
121 | /* Init enveloped data */ | |
122 | env = cms_enveloped_data_init(cms); | |
123 | if (!env) | |
124 | goto err; | |
125 | ||
126 | /* Initialized recipient info */ | |
127 | ri = M_ASN1_new_of(CMS_RecipientInfo); | |
128 | if (!ri) | |
129 | goto merr; | |
130 | ||
131 | /* Initialize and add key transrport recipient info */ | |
132 | ||
133 | ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo); | |
134 | if (!ri->d.ktri) | |
135 | goto merr; | |
136 | ri->type = CMS_RECIPINFO_TRANS; | |
137 | ||
138 | ktri = ri->d.ktri; | |
139 | ||
140 | X509_check_purpose(recip, -1, -1); | |
141 | pk = X509_get_pubkey(recip); | |
142 | if (!pk) | |
143 | { | |
144 | CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, | |
145 | CMS_R_ERROR_GETTING_PUBLIC_KEY); | |
146 | goto err; | |
147 | } | |
148 | CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509); | |
149 | CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY); | |
150 | ktri->pkey = pk; | |
151 | ktri->recip = recip; | |
152 | ||
153 | if (flags & CMS_USE_KEYID) | |
154 | { | |
155 | ktri->version = 2; | |
156 | type = CMS_RECIPINFO_KEYIDENTIFIER; | |
157 | } | |
158 | else | |
159 | { | |
160 | ktri->version = 0; | |
161 | type = CMS_RECIPINFO_ISSUER_SERIAL; | |
162 | } | |
163 | ||
164 | /* Not a typo: RecipientIdentifier and SignerIdentifier are the | |
165 | * same structure. | |
166 | */ | |
167 | ||
168 | if (!cms_set1_SignerIdentifier(ktri->rid, recip, type)) | |
169 | goto err; | |
170 | ||
171 | if (pk->ameth && pk->ameth->pkey_ctrl) | |
172 | { | |
173 | i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_ENVELOPE, | |
174 | 0, ri); | |
175 | if (i == -2) | |
176 | { | |
177 | CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, | |
178 | CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); | |
179 | goto err; | |
180 | } | |
181 | if (i <= 0) | |
182 | { | |
183 | CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, | |
184 | CMS_R_CTRL_FAILURE); | |
185 | goto err; | |
186 | } | |
187 | } | |
188 | ||
189 | if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) | |
190 | goto merr; | |
191 | ||
192 | return ri; | |
193 | ||
194 | merr: | |
195 | CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE); | |
196 | err: | |
197 | if (ri) | |
198 | M_ASN1_free_of(ri, CMS_RecipientInfo); | |
199 | return NULL; | |
200 | ||
201 | } | |
202 | ||
203 | int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, | |
204 | EVP_PKEY **pk, X509 **recip, | |
205 | X509_ALGOR **palg) | |
206 | { | |
207 | CMS_KeyTransRecipientInfo *ktri; | |
208 | if (ri->type != CMS_RECIPINFO_TRANS) | |
209 | { | |
210 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS, | |
211 | CMS_R_NOT_KEY_TRANSPORT); | |
212 | return 0; | |
213 | } | |
214 | ||
215 | ktri = ri->d.ktri; | |
216 | ||
217 | if (pk) | |
218 | *pk = ktri->pkey; | |
219 | if (recip) | |
220 | *recip = ktri->recip; | |
221 | if (palg) | |
222 | *palg = ktri->keyEncryptionAlgorithm; | |
223 | return 1; | |
224 | } | |
225 | ||
226 | int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, | |
227 | ASN1_OCTET_STRING **keyid, | |
228 | X509_NAME **issuer, ASN1_INTEGER **sno) | |
229 | { | |
230 | CMS_KeyTransRecipientInfo *ktri; | |
231 | if (ri->type != CMS_RECIPINFO_TRANS) | |
232 | { | |
233 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID, | |
234 | CMS_R_NOT_KEY_TRANSPORT); | |
235 | return 0; | |
236 | } | |
237 | ||
238 | return cms_SignerIdentifier_get0_signer_id(ktri->rid, | |
239 | keyid, issuer, sno); | |
240 | } | |
241 | ||
242 | int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert) | |
243 | { | |
244 | CMS_KeyTransRecipientInfo *ktri; | |
245 | if (ri->type != CMS_RECIPINFO_TRANS) | |
246 | { | |
247 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP, | |
248 | CMS_R_NOT_KEY_TRANSPORT); | |
249 | return 0; | |
250 | } | |
251 | ||
252 | return cms_SignerIdentifier_cert_cmp(ktri->rid, cert); | |
253 | } |