]> git.ipfire.org Git - thirdparty/openssl.git/blame - crypto/cms/cms_env.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
EVP support for wrapping algorithms.
[thirdparty/openssl.git] / crypto / cms / cms_env.c
CommitLineData
8931b30d
DSH		 1/* crypto/cms/cms_env.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include "cryptlib.h"
55#include <openssl/asn1t.h>
56#include <openssl/pem.h>
57#include <openssl/x509v3.h>
58#include <openssl/err.h>
59#include <openssl/cms.h>
5c4436c9 60#include <openssl/rand.h>
6e3bc4f0 61#include <openssl/aes.h>
8931b30d
DSH		 62#include "cms_lcl.h"
63#include "asn1_locl.h"
64
65/* CMS EnvelopedData Utilities */
66
67DECLARE_ASN1_ITEM(CMS_EnvelopedData)
8931b30d 68DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
c36e936b
DSH		 69DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
70DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
8931b30d 71
8931b30d
DSH		 72DECLARE_STACK_OF(CMS_RecipientInfo)
73
d2a53c22 74CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
8931b30d
DSH		 75 {
76 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped)
77 {
78 CMSerr(CMS_F_CMS_GET0_ENVELOPED,
79 CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
80 return NULL;
81 }
82 return cms->d.envelopedData;
83 }
84
85static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
86 {
87 if (cms->d.other == NULL)
88 {
89 cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
90 if (!cms->d.envelopedData)
91 {
92 CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT,
93 ERR_R_MALLOC_FAILURE);
94 return NULL;
95 }
96 cms->d.envelopedData->version = 0;
97 cms->d.envelopedData->encryptedContentInfo->contentType =
98 OBJ_nid2obj(NID_pkcs7_data);
99 ASN1_OBJECT_free(cms->contentType);
100 cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
101 return cms->d.envelopedData;
102 }
103 return cms_get0_enveloped(cms);
104 }
105
e365352d
DSH		 106static int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
107 {
108 EVP_PKEY *pkey = ri->d.ktri->pkey;
109 int i;
110 if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
111 return 1;
112 i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri);
113 if (i == -2)
114 {
115 CMSerr(CMS_F_CMS_ENV_ASN1_CTRL,
116 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
117 return 0;
118 }
119 if (i <= 0)
120 {
121 CMSerr(CMS_F_CMS_ENV_ASN1_CTRL, CMS_R_CTRL_FAILURE);
122 return 0;
123 }
124 return 1;
125 }
126
4f1aa191
DSH		 127STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
128 {
129 CMS_EnvelopedData *env;
761ffa72 130 env = cms_get0_enveloped(cms);
4f1aa191
DSH		 131 if (!env)
132 return NULL;
133 return env->recipientInfos;
134 }
135
136int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
137 {
138 return ri->type;
139 }
140
e365352d
DSH		 141EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri)
142 {
143 if (ri->type == CMS_RECIPINFO_TRANS)
144 return ri->d.ktri->pctx;
145 return NULL;
146 }
147
761ffa72
DSH		 148CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
149 {
150 CMS_ContentInfo *cms;
151 CMS_EnvelopedData *env;
152 cms = CMS_ContentInfo_new();
153 if (!cms)
154 goto merr;
155 env = cms_enveloped_data_init(cms);
156 if (!env)
157 goto merr;
158 if (!cms_EncryptedContent_init(env->encryptedContentInfo,
159 cipher, NULL, 0))
160 goto merr;
161 return cms;
162 merr:
163 if (cms)
164 CMS_ContentInfo_free(cms);
165 CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
166 return NULL;
167 }
168
ab124380
DSH		 169/* Key Transport Recipient Info (KTRI) routines */
170
8931b30d
DSH		 171/* Add a recipient certificate. For now only handle key transport.
172 * If we ever handle key agreement will need updating.
173 */
ab124380 174
8931b30d
DSH		 175CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
176 X509 *recip, unsigned int flags)
177 {
178 CMS_RecipientInfo *ri = NULL;
179 CMS_KeyTransRecipientInfo *ktri;
180 CMS_EnvelopedData *env;
181 EVP_PKEY *pk = NULL;
e365352d 182 int type;
761ffa72 183 env = cms_get0_enveloped(cms);
8931b30d
DSH		 184 if (!env)
185 goto err;
186
761ffa72 187 /* Initialize recipient info */
8931b30d
DSH		 188 ri = M_ASN1_new_of(CMS_RecipientInfo);
189 if (!ri)
190 goto merr;
191
761ffa72 192 /* Initialize and add key transport recipient info */
8931b30d
DSH		 193
194 ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
195 if (!ri->d.ktri)
196 goto merr;
197 ri->type = CMS_RECIPINFO_TRANS;
198
199 ktri = ri->d.ktri;
200
201 X509_check_purpose(recip, -1, -1);
202 pk = X509_get_pubkey(recip);
203 if (!pk)
204 {
205 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
206 CMS_R_ERROR_GETTING_PUBLIC_KEY);
207 goto err;
208 }
209 CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
8931b30d
DSH		 210 ktri->pkey = pk;
211 ktri->recip = recip;
212
213 if (flags & CMS_USE_KEYID)
214 {
215 ktri->version = 2;
216 type = CMS_RECIPINFO_KEYIDENTIFIER;
217 }
218 else
219 {
220 ktri->version = 0;
221 type = CMS_RECIPINFO_ISSUER_SERIAL;
222 }
223
224 /* Not a typo: RecipientIdentifier and SignerIdentifier are the
225 * same structure.
226 */
227
228 if (!cms_set1_SignerIdentifier(ktri->rid, recip, type))
229 goto err;
230
e365352d 231 if (flags & CMS_KEY_PARAM)
8931b30d 232 {
e365352d
DSH		 233 ktri->pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
234 if (!ktri->pctx)
235 return 0;
236 if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
8931b30d 237 goto err;
8931b30d 238 }
e365352d
DSH		 239 else if (!cms_env_asn1_ctrl(ri, 0))
240 goto err;
8931b30d
DSH		 241
242 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
243 goto merr;
244
245 return ri;
246
247 merr:
248 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
249 err:
250 if (ri)
251 M_ASN1_free_of(ri, CMS_RecipientInfo);
252 return NULL;
253
254 }
255
256int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
257 EVP_PKEY **pk, X509 **recip,
258 X509_ALGOR **palg)
259 {
260 CMS_KeyTransRecipientInfo *ktri;
261 if (ri->type != CMS_RECIPINFO_TRANS)
262 {
263 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
264 CMS_R_NOT_KEY_TRANSPORT);
265 return 0;
266 }
267
268 ktri = ri->d.ktri;
269
270 if (pk)
271 *pk = ktri->pkey;
272 if (recip)
273 *recip = ktri->recip;
274 if (palg)
275 *palg = ktri->keyEncryptionAlgorithm;
276 return 1;
277 }
278
279int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
280 ASN1_OCTET_STRING **keyid,
281 X509_NAME **issuer, ASN1_INTEGER **sno)
282 {
283 CMS_KeyTransRecipientInfo *ktri;
284 if (ri->type != CMS_RECIPINFO_TRANS)
285 {
286 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
287 CMS_R_NOT_KEY_TRANSPORT);
288 return 0;
289 }
4f1aa191 290 ktri = ri->d.ktri;
8931b30d
DSH		 291
292 return cms_SignerIdentifier_get0_signer_id(ktri->rid,
293 keyid, issuer, sno);
294 }
295
296int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
297 {
8931b30d
DSH		 298 if (ri->type != CMS_RECIPINFO_TRANS)
299 {
300 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
301 CMS_R_NOT_KEY_TRANSPORT);
4f1aa191
DSH		 302 return -2;
303 }
4f1aa191
DSH		 304 return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
305 }
306
6e3bc4f0
DSH		 307int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
308 {
309 if (ri->type != CMS_RECIPINFO_TRANS)
310 {
311 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY,
312 CMS_R_NOT_KEY_TRANSPORT);
313 return 0;
314 }
315 ri->d.ktri->pkey = pkey;
316 return 1;
317 }
318
761ffa72
DSH		 319/* Encrypt content key in key transport recipient info */
320
321static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
322 CMS_RecipientInfo *ri)
323 {
324 CMS_KeyTransRecipientInfo *ktri;
325 CMS_EncryptedContentInfo *ec;
e365352d 326 EVP_PKEY_CTX *pctx;
761ffa72
DSH		 327 unsigned char *ek = NULL;
328 size_t eklen;
329
330 int ret = 0;
331
332 if (ri->type != CMS_RECIPINFO_TRANS)
333 {
334 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
335 CMS_R_NOT_KEY_TRANSPORT);
336 return 0;
337 }
338 ktri = ri->d.ktri;
339 ec = cms->d.envelopedData->encryptedContentInfo;
340
e365352d 341 pctx = ktri->pctx;
761ffa72 342
e365352d
DSH		 343 if (pctx)
344 {
345 if (!cms_env_asn1_ctrl(ri, 0))
346 goto err;
347 }
348 else
349 {
350 pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
351 if (!pctx)
352 return 0;
353
354 if (EVP_PKEY_encrypt_init(pctx) <= 0)
355 goto err;
356 }
761ffa72
DSH		 357
358 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
359 EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0)
360 {
361 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR);
362 goto err;
363 }
364
365 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
366 goto err;
367
368 ek = OPENSSL_malloc(eklen);
369
370 if (ek == NULL)
371 {
372 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
373 ERR_R_MALLOC_FAILURE);
374 goto err;
375 }
376
377 if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
378 goto err;
379
380 ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
381 ek = NULL;
382
383 ret = 1;
384
385 err:
386 if (pctx)
e365352d 387 {
761ffa72 388 EVP_PKEY_CTX_free(pctx);
e365352d
DSH		 389 ktri->pctx = NULL;
390 }
761ffa72
DSH		 391 if (ek)
392 OPENSSL_free(ek);
393 return ret;
394
395 }
396
ab124380
DSH		 397/* Decrypt content key from KTRI */
398
6e3bc4f0
DSH		 399static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
400 CMS_RecipientInfo *ri)
4f1aa191 401 {
6e3bc4f0 402 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
e365352d 403 EVP_PKEY *pkey = ktri->pkey;
4f1aa191
DSH		 404 unsigned char *ek = NULL;
405 size_t eklen;
f7e85c37 406 int ret = 0;
146b52ed
DSH		 407 CMS_EncryptedContentInfo *ec;
408 ec = cms->d.envelopedData->encryptedContentInfo;
4f1aa191 409
6e3bc4f0 410 if (ktri->pkey == NULL)
4f1aa191 411 {
6e3bc4f0
DSH		 412 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
413 CMS_R_NO_PRIVATE_KEY);
4f1aa191
DSH		 414 return 0;
415 }
4f1aa191 416
e365352d
DSH		 417 ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL);
418 if (!ktri->pctx)
8931b30d 419 return 0;
4f1aa191 420
e365352d
DSH		 421 if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0)
422 goto err;
423
424 if (!cms_env_asn1_ctrl(ri, 1))
4f1aa191
DSH		 425 goto err;
426
e365352d 427 if (EVP_PKEY_CTX_ctrl(ktri->pctx, -1, EVP_PKEY_OP_DECRYPT,
4f1aa191
DSH		 428 EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0)
429 {
6e3bc4f0 430 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR);
4f1aa191 431 goto err;
8931b30d
DSH		 432 }
433
e365352d 434 if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen,
4f1aa191
DSH		 435 ktri->encryptedKey->data,
436 ktri->encryptedKey->length) <= 0)
437 goto err;
438
439 ek = OPENSSL_malloc(eklen);
440
441 if (ek == NULL)
442 {
6e3bc4f0
DSH		 443 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
444 ERR_R_MALLOC_FAILURE);
4f1aa191
DSH		 445 goto err;
446 }
447
e365352d 448 if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen,
4f1aa191
DSH		 449 ktri->encryptedKey->data,
450 ktri->encryptedKey->length) <= 0)
451 {
6e3bc4f0 452 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
4f1aa191
DSH		 453 goto err;
454 }
455
456 ret = 1;
457
146b52ed
DSH		 458 if (ec->key)
459 {
460 OPENSSL_cleanse(ec->key, ec->keylen);
461 OPENSSL_free(ec->key);
462 }
463
464 ec->key = ek;
465 ec->keylen = eklen;
4f1aa191
DSH		 466
467 err:
e365352d
DSH		 468 if (ktri->pctx)
469 {
470 EVP_PKEY_CTX_free(ktri->pctx);
471 ktri->pctx = NULL;
472 }
4f1aa191
DSH		 473 if (!ret && ek)
474 OPENSSL_free(ek);
475
476 return ret;
477 }
478
ab124380
DSH		 479/* Key Encrypted Key (KEK) RecipientInfo routines */
480
eeb9cdfc
DSH		 481int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
482 const unsigned char *id, size_t idlen)
483 {
484 ASN1_OCTET_STRING tmp_os;
485 CMS_KEKRecipientInfo *kekri;
486 if (ri->type != CMS_RECIPINFO_KEK)
487 {
488 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK);
489 return -2;
490 }
491 kekri = ri->d.kekri;
492 tmp_os.type = V_ASN1_OCTET_STRING;
493 tmp_os.flags = 0;
494 tmp_os.data = (unsigned char *)id;
495 tmp_os.length = (int)idlen;
496 return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
497 }
498
ab124380
DSH		 499/* For now hard code AES key wrap info */
500
501static size_t aes_wrap_keylen(int nid)
502 {
503 switch (nid)
504 {
505 case NID_id_aes128_wrap:
506 return 16;
507
508 case NID_id_aes192_wrap:
509 return 24;
510
511 case NID_id_aes256_wrap:
512 return 32;
513
514 default:
515 return 0;
516 }
517 }
518
519CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
520 unsigned char *key, size_t keylen,
521 unsigned char *id, size_t idlen,
522 ASN1_GENERALIZEDTIME *date,
523 ASN1_OBJECT *otherTypeId,
524 ASN1_TYPE *otherType)
525 {
526 CMS_RecipientInfo *ri = NULL;
527 CMS_EnvelopedData *env;
528 CMS_KEKRecipientInfo *kekri;
529 env = cms_get0_enveloped(cms);
530 if (!env)
531 goto err;
532
533 if (nid == NID_undef)
534 {
535 switch (keylen)
536 {
537 case 16:
538 nid = NID_id_aes128_wrap;
539 break;
540
541 case 24:
542 nid = NID_id_aes192_wrap;
543 break;
544
545 case 32:
546 nid = NID_id_aes256_wrap;
547 break;
548
549 default:
550 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
551 CMS_R_INVALID_KEY_LENGTH);
552 goto err;
553 }
554
555 }
556 else
557 {
558
559 size_t exp_keylen = aes_wrap_keylen(nid);
560
561 if (!exp_keylen)
562 {
563 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
564 CMS_R_UNSUPPORTED_KEK_ALGORITHM);
565 goto err;
566 }
567
568 if (keylen != exp_keylen)
569 {
570 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
571 CMS_R_INVALID_KEY_LENGTH);
572 goto err;
573 }
574
575 }
576
577 /* Initialize recipient info */
578 ri = M_ASN1_new_of(CMS_RecipientInfo);
579 if (!ri)
580 goto merr;
581
582 ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
583 if (!ri->d.kekri)
584 goto merr;
585 ri->type = CMS_RECIPINFO_KEK;
586
587 kekri = ri->d.kekri;
588
589 if (otherTypeId)
590 {
591 kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
592 if (kekri->kekid->other == NULL)
593 goto merr;
594 }
595
596 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
597 goto merr;
598
599
600 /* After this point no calls can fail */
601
602 kekri->version = 4;
603
604 kekri->key = key;
605 kekri->keylen = keylen;
606
607 ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
608
609 kekri->kekid->date = date;
610
611 if (kekri->kekid->other)
612 {
613 kekri->kekid->other->keyAttrId = otherTypeId;
614 kekri->kekid->other->keyAttr = otherType;
615 }
616
617 X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
618 OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
619
620 return ri;
621
622 merr:
623 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
624 err:
625 if (ri)
626 M_ASN1_free_of(ri, CMS_RecipientInfo);
627 return NULL;
628
629 }
630
631int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
632 X509_ALGOR **palg,
633 ASN1_OCTET_STRING **pid,
634 ASN1_GENERALIZEDTIME **pdate,
635 ASN1_OBJECT **potherid,
636 ASN1_TYPE **pothertype)
637 {
638 CMS_KEKIdentifier *rkid;
639 if (ri->type != CMS_RECIPINFO_KEK)
640 {
641 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
642 return 0;
643 }
644 rkid = ri->d.kekri->kekid;
645 if (palg)
646 *palg = ri->d.kekri->keyEncryptionAlgorithm;
647 if (pid)
648 *pid = rkid->keyIdentifier;
649 if (pdate)
650 *pdate = rkid->date;
651 if (potherid)
652 {
653 if (rkid->other)
654 *potherid = rkid->other->keyAttrId;
655 else
656 *potherid = NULL;
657 }
658 if (pothertype)
659 {
660 if (rkid->other)
661 *pothertype = rkid->other->keyAttr;
662 else
663 *pothertype = NULL;
664 }
665 return 1;
666 }
ab124380
DSH		 667
668int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
669 unsigned char *key, size_t keylen)
670 {
671 CMS_KEKRecipientInfo *kekri;
ab124380
DSH		 672 if (ri->type != CMS_RECIPINFO_KEK)
673 {
674 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK);
675 return 0;
676 }
eeb9cdfc 677
ab124380 678 kekri = ri->d.kekri;
ab124380
DSH		 679 kekri->key = key;
680 kekri->keylen = keylen;
681 return 1;
682 }
683
6e3bc4f0
DSH		 684
685/* Encrypt content key in KEK recipient info */
686
687static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
688 CMS_RecipientInfo *ri)
689 {
690 CMS_EncryptedContentInfo *ec;
691 CMS_KEKRecipientInfo *kekri;
692 AES_KEY actx;
693 unsigned char *wkey = NULL;
694 int wkeylen;
695 int r = 0;
696
697 ec = cms->d.envelopedData->encryptedContentInfo;
698
699 kekri = ri->d.kekri;
700
701 if (!kekri->key)
702 {
703 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY);
704 return 0;
705 }
706
707 if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx))
708 {
709 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
710 CMS_R_ERROR_SETTING_KEY);
711 goto err;
712 }
713
714 wkey = OPENSSL_malloc(ec->keylen + 8);
715
716 if (!wkey)
717 {
718 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
719 ERR_R_MALLOC_FAILURE);
720 goto err;
721 }
722
723 wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
724
725 if (wkeylen <= 0)
726 {
727 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
728 goto err;
729 }
730
731 ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
732
733 r = 1;
734
735 err:
736
737 if (!r && wkey)
738 OPENSSL_free(wkey);
739 OPENSSL_cleanse(&actx, sizeof(actx));
740
741 return r;
742
743 }
744
ab124380
DSH		 745/* Decrypt content key in KEK recipient info */
746
6e3bc4f0
DSH		 747static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
748 CMS_RecipientInfo *ri)
749 {
750 CMS_EncryptedContentInfo *ec;
751 CMS_KEKRecipientInfo *kekri;
752 AES_KEY actx;
753 unsigned char *ukey = NULL;
754 int ukeylen;
eeb9cdfc 755 int r = 0, wrap_nid;
6e3bc4f0
DSH		 756
757 ec = cms->d.envelopedData->encryptedContentInfo;
758
759 kekri = ri->d.kekri;
760
761 if (!kekri->key)
762 {
763 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY);
764 return 0;
765 }
766
eeb9cdfc
DSH		 767 wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
768 if (aes_wrap_keylen(wrap_nid) != kekri->keylen)
769 {
770 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
771 CMS_R_INVALID_KEY_LENGTH);
772 return 0;
773 }
774
6e3bc4f0
DSH		 775 /* If encrypted key length is invalid don't bother */
776
777 if (kekri->encryptedKey->length < 16)
778 {
779 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
780 CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
781 goto err;
782 }
783
784 if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx))
785 {
786 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
787 CMS_R_ERROR_SETTING_KEY);
788 goto err;
789 }
790
791 ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
792
793 if (!ukey)
794 {
795 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
796 ERR_R_MALLOC_FAILURE);
797 goto err;
798 }
799
800 ukeylen = AES_unwrap_key(&actx, NULL, ukey,
801 kekri->encryptedKey->data,
802 kekri->encryptedKey->length);
803
804 if (ukeylen <= 0)
805 {
806 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
807 CMS_R_UNWRAP_ERROR);
808 goto err;
809 }
810
811 ec->key = ukey;
812 ec->keylen = ukeylen;
813
814 r = 1;
815
816 err:
817
818 if (!r && ukey)
819 OPENSSL_free(ukey);
820 OPENSSL_cleanse(&actx, sizeof(actx));
821
822 return r;
823
824 }
825
826int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
827 {
828 switch(ri->type)
829 {
830 case CMS_RECIPINFO_TRANS:
831 return cms_RecipientInfo_ktri_decrypt(cms, ri);
832
833 case CMS_RECIPINFO_KEK:
834 return cms_RecipientInfo_kekri_decrypt(cms, ri);
835
d2a53c22
DSH		 836 case CMS_RECIPINFO_PASS:
837 return cms_RecipientInfo_pwri_crypt(cms, ri, 0);
838
6e3bc4f0
DSH		 839 default:
840 CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
841 CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
842 return 0;
843 }
844 }
845
e1f1d28f
DSH		 846int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
847 {
848 switch (ri->type)
849 {
850 case CMS_RECIPINFO_TRANS:
851 return cms_RecipientInfo_ktri_encrypt(cms, ri);
852
853 case CMS_RECIPINFO_KEK:
854 return cms_RecipientInfo_kekri_encrypt(cms, ri);
855 break;
856
857 case CMS_RECIPINFO_PASS:
858 return cms_RecipientInfo_pwri_crypt(cms, ri, 1);
859 break;
860
861 default:
862 CMSerr(CMS_F_CMS_RECIPIENTINFO_ENCRYPT,
863 CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
864 return 0;
865 }
866 }
867
4f1aa191
DSH		 868BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
869 {
870 CMS_EncryptedContentInfo *ec;
761ffa72
DSH		 871 STACK_OF(CMS_RecipientInfo) *rinfos;
872 CMS_RecipientInfo *ri;
e1f1d28f 873 int i, ok = 0;
761ffa72
DSH		 874 BIO *ret;
875
876 /* Get BIO first to set up key */
877
4f1aa191 878 ec = cms->d.envelopedData->encryptedContentInfo;
761ffa72
DSH		 879 ret = cms_EncryptedContent_init_bio(ec);
880
881 /* If error or no cipher end of processing */
882
883 if (!ret || !ec->cipher)
884 return ret;
885
ab124380
DSH		 886 /* Now encrypt content key according to each RecipientInfo type */
887
761ffa72
DSH		 888 rinfos = cms->d.envelopedData->recipientInfos;
889
890 for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++)
891 {
892 ri = sk_CMS_RecipientInfo_value(rinfos, i);
e1f1d28f 893 if (CMS_RecipientInfo_encrypt(cms, ri) <= 0)
761ffa72
DSH		 894 {
895 CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
896 CMS_R_ERROR_SETTING_RECIPIENTINFO);
897 goto err;
898 }
899 }
900
901 ok = 1;
902
903 err:
904 ec->cipher = NULL;
905 if (ec->key)
906 {
907 OPENSSL_cleanse(ec->key, ec->keylen);
908 OPENSSL_free(ec->key);
909 ec->key = NULL;
910 ec->keylen = 0;
911 }
912 if (ok)
913 return ret;
914 BIO_free(ret);
915 return NULL;
916
8931b30d 917 }
A mirror of the official openssl repository