]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/cms/cms_dh.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
dh_cms_set_peerkey: Pad the public key to p size
[thirdparty/openssl.git] / crypto / cms / cms_dh.c
1 /*
2 * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <assert.h>
11 #include <openssl/cms.h>
12 #include <openssl/dh.h>
13 #include <openssl/err.h>
14 #include <openssl/core_names.h>
15 #include "cms_local.h"
16 #include "crypto/evp.h"
17
18 static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
19 X509_ALGOR *alg, ASN1_BIT_STRING *pubkey)
20 {
21 const ASN1_OBJECT *aoid;
22 int atype;
23 const void *aval;
24 ASN1_INTEGER *public_key = NULL;
25 int rv = 0;
26 EVP_PKEY *pkpeer = NULL, *pk = NULL;
27 BIGNUM *bnpub = NULL;
28 const unsigned char *p;
29 unsigned char *buf = NULL;
30 int plen;
31
32 X509_ALGOR_get0(&aoid, &atype, &aval, alg);
33 if (OBJ_obj2nid(aoid) != NID_dhpublicnumber)
34 goto err;
35 /* Only absent parameters allowed in RFC XXXX */
36 if (atype != V_ASN1_UNDEF && atype == V_ASN1_NULL)
37 goto err;
38
39 pk = EVP_PKEY_CTX_get0_pkey(pctx);
40 if (pk == NULL || !EVP_PKEY_is_a(pk, "DHX"))
41 goto err;
42
43 /* Get public key */
44 plen = ASN1_STRING_length(pubkey);
45 p = ASN1_STRING_get0_data(pubkey);
46 if (p == NULL || plen == 0)
47 goto err;
48
49 if ((public_key = d2i_ASN1_INTEGER(NULL, &p, plen)) == NULL)
50 goto err;
51 /*
52 * Pad to full p parameter size as that is checked by
53 * EVP_PKEY_set1_encoded_public_key()
54 */
55 plen = EVP_PKEY_size(pk);
56 if ((bnpub = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL)
57 goto err;
58 if ((buf = OPENSSL_malloc(plen)) == NULL)
59 goto err;
60 if (BN_bn2binpad(bnpub, buf, plen) < 0)
61 goto err;
62
63 pkpeer = EVP_PKEY_new();
64 if (pkpeer == NULL
65 || !EVP_PKEY_copy_parameters(pkpeer, pk)
66 || !EVP_PKEY_set1_encoded_public_key(pkpeer, buf, plen))
67 goto err;
68
69 if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)
70 rv = 1;
71 err:
72 ASN1_INTEGER_free(public_key);
73 BN_free(bnpub);
74 OPENSSL_free(buf);
75 EVP_PKEY_free(pkpeer);
76 return rv;
77 }
78
79 static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
80 {
81 int rv = 0;
82 X509_ALGOR *alg, *kekalg = NULL;
83 ASN1_OCTET_STRING *ukm;
84 const unsigned char *p;
85 unsigned char *dukm = NULL;
86 size_t dukmlen = 0;
87 int keylen, plen;
88 EVP_CIPHER *kekcipher = NULL;
89 EVP_CIPHER_CTX *kekctx;
90 const char *name;
91
92 if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
93 goto err;
94
95 /*
96 * For DH we only have one OID permissible. If ever any more get defined
97 * we will need something cleverer.
98 */
99 if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH) {
100 ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR);
101 goto err;
102 }
103
104 if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, EVP_PKEY_DH_KDF_X9_42) <= 0
105 || EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0)
106 goto err;
107
108 if (alg->parameter->type != V_ASN1_SEQUENCE)
109 goto err;
110
111 p = alg->parameter->value.sequence->data;
112 plen = alg->parameter->value.sequence->length;
113 kekalg = d2i_X509_ALGOR(NULL, &p, plen);
114 if (kekalg == NULL)
115 goto err;
116 kekctx = CMS_RecipientInfo_kari_get0_ctx(ri);
117 if (kekctx == NULL)
118 goto err;
119
120 name = OBJ_nid2sn(OBJ_obj2nid(kekalg->algorithm));
121 if (name == NULL)
122 goto err;
123
124 kekcipher = EVP_CIPHER_fetch(pctx->libctx, name, pctx->propquery);
125 if (kekcipher == NULL || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
126 goto err;
127 if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL))
128 goto err;
129 if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0)
130 goto err;
131
132 keylen = EVP_CIPHER_CTX_key_length(kekctx);
133 if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0)
134 goto err;
135 /* Use OBJ_nid2obj to ensure we use built in OID that isn't freed */
136 if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx,
137 OBJ_nid2obj(EVP_CIPHER_type(kekcipher)))
138 <= 0)
139 goto err;
140
141 if (ukm != NULL) {
142 dukmlen = ASN1_STRING_length(ukm);
143 dukm = OPENSSL_memdup(ASN1_STRING_get0_data(ukm), dukmlen);
144 if (dukm == NULL)
145 goto err;
146 }
147
148 if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0)
149 goto err;
150 dukm = NULL;
151
152 rv = 1;
153 err:
154 X509_ALGOR_free(kekalg);
155 EVP_CIPHER_free(kekcipher);
156 OPENSSL_free(dukm);
157 return rv;
158 }
159
160 static int dh_cms_decrypt(CMS_RecipientInfo *ri)
161 {
162 EVP_PKEY_CTX *pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
163
164 if (pctx == NULL)
165 return 0;
166 /* See if we need to set peer key */
167 if (!EVP_PKEY_CTX_get0_peerkey(pctx)) {
168 X509_ALGOR *alg;
169 ASN1_BIT_STRING *pubkey;
170
171 if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &alg, &pubkey,
172 NULL, NULL, NULL))
173 return 0;
174 if (alg == NULL || pubkey == NULL)
175 return 0;
176 if (!dh_cms_set_peerkey(pctx, alg, pubkey)) {
177 ERR_raise(ERR_LIB_CMS, CMS_R_PEER_KEY_ERROR);
178 return 0;
179 }
180 }
181 /* Set DH derivation parameters and initialise unwrap context */
182 if (!dh_cms_set_shared_info(pctx, ri)) {
183 ERR_raise(ERR_LIB_CMS, CMS_R_SHARED_INFO_ERROR);
184 return 0;
185 }
186 return 1;
187 }
188
189 static int dh_cms_encrypt(CMS_RecipientInfo *ri)
190 {
191 EVP_PKEY_CTX *pctx;
192 EVP_PKEY *pkey;
193 EVP_CIPHER_CTX *ctx;
194 int keylen;
195 X509_ALGOR *talg, *wrap_alg = NULL;
196 const ASN1_OBJECT *aoid;
197 ASN1_BIT_STRING *pubkey;
198 ASN1_STRING *wrap_str;
199 ASN1_OCTET_STRING *ukm;
200 unsigned char *penc = NULL, *dukm = NULL;
201 int penclen;
202 size_t dukmlen = 0;
203 int rv = 0;
204 int kdf_type, wrap_nid;
205 const EVP_MD *kdf_md;
206
207 pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
208 if (pctx == NULL)
209 return 0;
210 /* Get ephemeral key */
211 pkey = EVP_PKEY_CTX_get0_pkey(pctx);
212 if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey,
213 NULL, NULL, NULL))
214 goto err;
215
216 /* Is everything uninitialised? */
217 X509_ALGOR_get0(&aoid, NULL, NULL, talg);
218 if (aoid == OBJ_nid2obj(NID_undef)) {
219 BIGNUM *bn_pub_key = NULL;
220 ASN1_INTEGER *pubk;
221
222 if (!EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PUB_KEY, &bn_pub_key))
223 goto err;
224
225 pubk = BN_to_ASN1_INTEGER(bn_pub_key, NULL);
226 BN_free(bn_pub_key);
227 if (pubk == NULL)
228 goto err;
229
230 /* Set the key */
231 penclen = i2d_ASN1_INTEGER(pubk, &penc);
232 ASN1_INTEGER_free(pubk);
233 if (penclen <= 0)
234 goto err;
235 ASN1_STRING_set0(pubkey, penc, penclen);
236 pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
237 pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
238
239 penc = NULL;
240 X509_ALGOR_set0(talg, OBJ_nid2obj(NID_dhpublicnumber),
241 V_ASN1_UNDEF, NULL);
242 }
243
244 /* See if custom parameters set */
245 kdf_type = EVP_PKEY_CTX_get_dh_kdf_type(pctx);
246 if (kdf_type <= 0 || !EVP_PKEY_CTX_get_dh_kdf_md(pctx, &kdf_md))
247 goto err;
248
249 if (kdf_type == EVP_PKEY_DH_KDF_NONE) {
250 kdf_type = EVP_PKEY_DH_KDF_X9_42;
251 if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, kdf_type) <= 0)
252 goto err;
253 } else if (kdf_type != EVP_PKEY_DH_KDF_X9_42)
254 /* Unknown KDF */
255 goto err;
256 if (kdf_md == NULL) {
257 /* Only SHA1 supported */
258 kdf_md = EVP_sha1();
259 if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, kdf_md) <= 0)
260 goto err;
261 } else if (EVP_MD_type(kdf_md) != NID_sha1)
262 /* Unsupported digest */
263 goto err;
264
265 if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm))
266 goto err;
267
268 /* Get wrap NID */
269 ctx = CMS_RecipientInfo_kari_get0_ctx(ri);
270 wrap_nid = EVP_CIPHER_CTX_type(ctx);
271 if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx, OBJ_nid2obj(wrap_nid)) <= 0)
272 goto err;
273 keylen = EVP_CIPHER_CTX_key_length(ctx);
274
275 /* Package wrap algorithm in an AlgorithmIdentifier */
276
277 wrap_alg = X509_ALGOR_new();
278 if (wrap_alg == NULL)
279 goto err;
280 wrap_alg->algorithm = OBJ_nid2obj(wrap_nid);
281 wrap_alg->parameter = ASN1_TYPE_new();
282 if (wrap_alg->parameter == NULL)
283 goto err;
284 if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0)
285 goto err;
286 if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) {
287 ASN1_TYPE_free(wrap_alg->parameter);
288 wrap_alg->parameter = NULL;
289 }
290
291 if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0)
292 goto err;
293
294 if (ukm != NULL) {
295 dukmlen = ASN1_STRING_length(ukm);
296 dukm = OPENSSL_memdup(ASN1_STRING_get0_data(ukm), dukmlen);
297 if (dukm == NULL)
298 goto err;
299 }
300
301 if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0)
302 goto err;
303 dukm = NULL;
304
305 /*
306 * Now need to wrap encoding of wrap AlgorithmIdentifier into parameter
307 * of another AlgorithmIdentifier.
308 */
309 penc = NULL;
310 penclen = i2d_X509_ALGOR(wrap_alg, &penc);
311 if (penc == NULL || penclen == 0)
312 goto err;
313 wrap_str = ASN1_STRING_new();
314 if (wrap_str == NULL)
315 goto err;
316 ASN1_STRING_set0(wrap_str, penc, penclen);
317 penc = NULL;
318 X509_ALGOR_set0(talg, OBJ_nid2obj(NID_id_smime_alg_ESDH),
319 V_ASN1_SEQUENCE, wrap_str);
320
321 rv = 1;
322
323 err:
324 OPENSSL_free(penc);
325 X509_ALGOR_free(wrap_alg);
326 OPENSSL_free(dukm);
327 return rv;
328 }
329
330 int cms_dh_envelope(CMS_RecipientInfo *ri, int decrypt)
331 {
332 assert(decrypt == 0 || decrypt == 1);
333
334 if (decrypt == 1)
335 return dh_cms_decrypt(ri);
336
337 if (decrypt == 0)
338 return dh_cms_encrypt(ri);
339
340 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
341 return 0;
342 }
A mirror of the official openssl repository