]>
Commit | Line | Data |
---|---|---|
0b3a4ef2 | 1 | /* |
da1c088f | 2 | * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. |
0b3a4ef2 MC |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
9ab7fe48 | 10 | #include <assert.h> |
0b3a4ef2 MC |
11 | #include <openssl/cms.h> |
12 | #include <openssl/err.h> | |
5a3bbe17 | 13 | #include <openssl/core_names.h> |
0b3a4ef2 | 14 | #include "crypto/asn1.h" |
9ab7fe48 | 15 | #include "crypto/rsa.h" |
3410a72d | 16 | #include "crypto/evp.h" |
0b3a4ef2 MC |
17 | #include "cms_local.h" |
18 | ||
0b3a4ef2 MC |
19 | static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg) |
20 | { | |
21 | RSA_OAEP_PARAMS *oaep; | |
22 | ||
23 | oaep = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS), | |
24 | alg->parameter); | |
25 | ||
26 | if (oaep == NULL) | |
27 | return NULL; | |
28 | ||
29 | if (oaep->maskGenFunc != NULL) { | |
adf7e6d1 | 30 | oaep->maskHash = ossl_x509_algor_mgf1_decode(oaep->maskGenFunc); |
0b3a4ef2 MC |
31 | if (oaep->maskHash == NULL) { |
32 | RSA_OAEP_PARAMS_free(oaep); | |
33 | return NULL; | |
34 | } | |
35 | } | |
36 | return oaep; | |
37 | } | |
38 | ||
39 | static int rsa_cms_decrypt(CMS_RecipientInfo *ri) | |
40 | { | |
41 | EVP_PKEY_CTX *pkctx; | |
42 | X509_ALGOR *cmsalg; | |
43 | int nid; | |
44 | int rv = -1; | |
45 | unsigned char *label = NULL; | |
46 | int labellen = 0; | |
47 | const EVP_MD *mgf1md = NULL, *md = NULL; | |
48 | RSA_OAEP_PARAMS *oaep; | |
49 | ||
50 | pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri); | |
51 | if (pkctx == NULL) | |
52 | return 0; | |
53 | if (!CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &cmsalg)) | |
54 | return -1; | |
55 | nid = OBJ_obj2nid(cmsalg->algorithm); | |
56 | if (nid == NID_rsaEncryption) | |
57 | return 1; | |
58 | if (nid != NID_rsaesOaep) { | |
9311d0c4 | 59 | ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_ENCRYPTION_TYPE); |
0b3a4ef2 MC |
60 | return -1; |
61 | } | |
62 | /* Decode OAEP parameters */ | |
63 | oaep = rsa_oaep_decode(cmsalg); | |
64 | ||
65 | if (oaep == NULL) { | |
9311d0c4 | 66 | ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_OAEP_PARAMETERS); |
0b3a4ef2 MC |
67 | goto err; |
68 | } | |
69 | ||
adf7e6d1 | 70 | mgf1md = ossl_x509_algor_get_md(oaep->maskHash); |
0b3a4ef2 MC |
71 | if (mgf1md == NULL) |
72 | goto err; | |
adf7e6d1 | 73 | md = ossl_x509_algor_get_md(oaep->hashFunc); |
0b3a4ef2 MC |
74 | if (md == NULL) |
75 | goto err; | |
76 | ||
77 | if (oaep->pSourceFunc != NULL) { | |
78 | X509_ALGOR *plab = oaep->pSourceFunc; | |
79 | ||
80 | if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) { | |
9311d0c4 | 81 | ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_LABEL_SOURCE); |
0b3a4ef2 MC |
82 | goto err; |
83 | } | |
84 | if (plab->parameter->type != V_ASN1_OCTET_STRING) { | |
9311d0c4 | 85 | ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_LABEL); |
0b3a4ef2 MC |
86 | goto err; |
87 | } | |
88 | ||
89 | label = plab->parameter->value.octet_string->data; | |
90 | /* Stop label being freed when OAEP parameters are freed */ | |
91 | plab->parameter->value.octet_string->data = NULL; | |
92 | labellen = plab->parameter->value.octet_string->length; | |
93 | } | |
94 | ||
95 | if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0) | |
96 | goto err; | |
97 | if (EVP_PKEY_CTX_set_rsa_oaep_md(pkctx, md) <= 0) | |
98 | goto err; | |
99 | if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) | |
100 | goto err; | |
101 | if (label != NULL | |
102 | && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) | |
103 | goto err; | |
104 | /* Carry on */ | |
105 | rv = 1; | |
106 | ||
107 | err: | |
108 | RSA_OAEP_PARAMS_free(oaep); | |
109 | return rv; | |
110 | } | |
111 | ||
112 | static int rsa_cms_encrypt(CMS_RecipientInfo *ri) | |
113 | { | |
114 | const EVP_MD *md, *mgf1md; | |
115 | RSA_OAEP_PARAMS *oaep = NULL; | |
116 | ASN1_STRING *os = NULL; | |
117 | X509_ALGOR *alg; | |
118 | EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri); | |
119 | int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen; | |
120 | unsigned char *label; | |
121 | ||
122 | if (CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg) <= 0) | |
123 | return 0; | |
9ab7fe48 | 124 | if (pkctx != NULL) { |
0b3a4ef2 MC |
125 | if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) |
126 | return 0; | |
127 | } | |
04bc3c12 DDO |
128 | if (pad_mode == RSA_PKCS1_PADDING) |
129 | return X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), | |
130 | V_ASN1_NULL, NULL); | |
131 | ||
0b3a4ef2 MC |
132 | /* Not supported */ |
133 | if (pad_mode != RSA_PKCS1_OAEP_PADDING) | |
134 | return 0; | |
135 | if (EVP_PKEY_CTX_get_rsa_oaep_md(pkctx, &md) <= 0) | |
136 | goto err; | |
137 | if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0) | |
138 | goto err; | |
139 | labellen = EVP_PKEY_CTX_get0_rsa_oaep_label(pkctx, &label); | |
140 | if (labellen < 0) | |
141 | goto err; | |
142 | oaep = RSA_OAEP_PARAMS_new(); | |
143 | if (oaep == NULL) | |
144 | goto err; | |
adf7e6d1 | 145 | if (!ossl_x509_algor_new_from_md(&oaep->hashFunc, md)) |
0b3a4ef2 | 146 | goto err; |
adf7e6d1 | 147 | if (!ossl_x509_algor_md_to_mgf1(&oaep->maskGenFunc, mgf1md)) |
0b3a4ef2 MC |
148 | goto err; |
149 | if (labellen > 0) { | |
9944df11 | 150 | ASN1_OCTET_STRING *los = ASN1_OCTET_STRING_new(); |
9ab7fe48 | 151 | |
0b3a4ef2 MC |
152 | if (los == NULL) |
153 | goto err; | |
154 | if (!ASN1_OCTET_STRING_set(los, label, labellen)) { | |
155 | ASN1_OCTET_STRING_free(los); | |
156 | goto err; | |
157 | } | |
9944df11 DDO |
158 | oaep->pSourceFunc = ossl_X509_ALGOR_from_nid(NID_pSpecified, |
159 | V_ASN1_OCTET_STRING, los); | |
160 | if (oaep->pSourceFunc == NULL) | |
161 | goto err; | |
0b3a4ef2 MC |
162 | } |
163 | /* create string with pss parameter encoding. */ | |
164 | if (!ASN1_item_pack(oaep, ASN1_ITEM_rptr(RSA_OAEP_PARAMS), &os)) | |
04bc3c12 DDO |
165 | goto err; |
166 | if (!X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os)) | |
167 | goto err; | |
0b3a4ef2 MC |
168 | os = NULL; |
169 | rv = 1; | |
170 | err: | |
171 | RSA_OAEP_PARAMS_free(oaep); | |
172 | ASN1_STRING_free(os); | |
173 | return rv; | |
174 | } | |
175 | ||
53155f1c | 176 | int ossl_cms_rsa_envelope(CMS_RecipientInfo *ri, int decrypt) |
0b3a4ef2 | 177 | { |
9ab7fe48 MC |
178 | assert(decrypt == 0 || decrypt == 1); |
179 | ||
0b3a4ef2 MC |
180 | if (decrypt == 1) |
181 | return rsa_cms_decrypt(ri); | |
9ab7fe48 MC |
182 | |
183 | if (decrypt == 0) | |
0b3a4ef2 MC |
184 | return rsa_cms_encrypt(ri); |
185 | ||
9311d0c4 | 186 | ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); |
0b3a4ef2 | 187 | return 0; |
9ab7fe48 MC |
188 | } |
189 | ||
190 | static int rsa_cms_sign(CMS_SignerInfo *si) | |
191 | { | |
192 | int pad_mode = RSA_PKCS1_PADDING; | |
193 | X509_ALGOR *alg; | |
194 | EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si); | |
5a3bbe17 CL |
195 | unsigned char aid[128]; |
196 | const unsigned char *pp = aid; | |
197 | size_t aid_len = 0; | |
198 | OSSL_PARAM params[2]; | |
9ab7fe48 MC |
199 | |
200 | CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); | |
201 | if (pkctx != NULL) { | |
202 | if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) | |
203 | return 0; | |
204 | } | |
04bc3c12 DDO |
205 | if (pad_mode == RSA_PKCS1_PADDING) |
206 | return X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), | |
207 | V_ASN1_NULL, NULL); | |
208 | ||
9ab7fe48 MC |
209 | /* We don't support it */ |
210 | if (pad_mode != RSA_PKCS1_PSS_PADDING) | |
211 | return 0; | |
5a3bbe17 | 212 | |
3410a72d TM |
213 | if (evp_pkey_ctx_is_legacy(pkctx)) { |
214 | /* No provider -> we cannot query it for algorithm ID. */ | |
215 | ASN1_STRING *os = NULL; | |
216 | ||
217 | os = ossl_rsa_ctx_to_pss_string(pkctx); | |
218 | if (os == NULL) | |
219 | return 0; | |
220 | return X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os); | |
221 | } | |
222 | ||
5a3bbe17 CL |
223 | params[0] = OSSL_PARAM_construct_octet_string( |
224 | OSSL_SIGNATURE_PARAM_ALGORITHM_ID, aid, sizeof(aid)); | |
225 | params[1] = OSSL_PARAM_construct_end(); | |
226 | ||
227 | if (EVP_PKEY_CTX_get_params(pkctx, params) <= 0) | |
9ab7fe48 | 228 | return 0; |
5a3bbe17 CL |
229 | if ((aid_len = params[0].return_size) == 0) |
230 | return 0; | |
231 | if (d2i_X509_ALGOR(&alg, &pp, aid_len) == NULL) | |
232 | return 0; | |
233 | return 1; | |
9ab7fe48 MC |
234 | } |
235 | ||
236 | static int rsa_cms_verify(CMS_SignerInfo *si) | |
237 | { | |
238 | int nid, nid2; | |
239 | X509_ALGOR *alg; | |
240 | EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si); | |
241 | EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pkctx); | |
242 | ||
243 | CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); | |
244 | nid = OBJ_obj2nid(alg->algorithm); | |
245 | if (nid == EVP_PKEY_RSA_PSS) | |
643ce310 | 246 | return ossl_rsa_pss_to_ctx(NULL, pkctx, alg, NULL) > 0; |
9ab7fe48 MC |
247 | /* Only PSS allowed for PSS keys */ |
248 | if (EVP_PKEY_is_a(pkey, "RSA-PSS")) { | |
9311d0c4 | 249 | ERR_raise(ERR_LIB_RSA, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); |
9ab7fe48 MC |
250 | return 0; |
251 | } | |
252 | if (nid == NID_rsaEncryption) | |
253 | return 1; | |
254 | /* Workaround for some implementation that use a signature OID */ | |
255 | if (OBJ_find_sigid_algs(nid, NULL, &nid2)) { | |
256 | if (nid2 == NID_rsaEncryption) | |
257 | return 1; | |
258 | } | |
259 | return 0; | |
260 | } | |
261 | ||
53155f1c | 262 | int ossl_cms_rsa_sign(CMS_SignerInfo *si, int verify) |
9ab7fe48 MC |
263 | { |
264 | assert(verify == 0 || verify == 1); | |
265 | ||
266 | if (verify == 1) | |
267 | return rsa_cms_verify(si); | |
268 | ||
269 | if (verify == 0) | |
270 | return rsa_cms_sign(si); | |
271 | ||
9311d0c4 | 272 | ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); |
9ab7fe48 MC |
273 | return 0; |
274 | } |