]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/cms/cms_env.c
projects / thirdparty / openssl.git / blob
? search:


4648cd137294835e05674b38b77621026a75b0e4
[thirdparty/openssl.git] / crypto / cms / cms_env.c
1 /*
2 * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include "internal/cryptlib.h"
11 #include <openssl/asn1t.h>
12 #include <openssl/pem.h>
13 #include <openssl/x509v3.h>
14 #include <openssl/err.h>
15 #include <openssl/cms.h>
16 #include <openssl/evp.h>
17 #include "internal/sizes.h"
18 #include "crypto/asn1.h"
19 #include "crypto/evp.h"
20 #include "crypto/x509.h"
21 #include "cms_local.h"
22
23 /* CMS EnvelopedData Utilities */
24 static void cms_env_set_version(CMS_EnvelopedData *env);
25
26 #define CMS_ENVELOPED_STANDARD 1
27 #define CMS_ENVELOPED_AUTH 2
28
29 static int cms_get_enveloped_type(const CMS_ContentInfo *cms)
30 {
31 int nid = OBJ_obj2nid(cms->contentType);
32
33 switch (nid) {
34 case NID_pkcs7_enveloped:
35 return CMS_ENVELOPED_STANDARD;
36
37 case NID_id_smime_ct_authEnvelopedData:
38 return CMS_ENVELOPED_AUTH;
39
40 default:
41 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
42 return 0;
43 }
44 }
45
46 CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms)
47 {
48 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
49 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
50 return NULL;
51 }
52 return cms->d.envelopedData;
53 }
54
55 CMS_AuthEnvelopedData *ossl_cms_get0_auth_enveloped(CMS_ContentInfo *cms)
56 {
57 if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_authEnvelopedData) {
58 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
59 return NULL;
60 }
61 return cms->d.authEnvelopedData;
62 }
63
64 static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
65 {
66 if (cms->d.other == NULL) {
67 cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
68 if (cms->d.envelopedData == NULL) {
69 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
70 return NULL;
71 }
72 cms->d.envelopedData->version = 0;
73 cms->d.envelopedData->encryptedContentInfo->contentType =
74 OBJ_nid2obj(NID_pkcs7_data);
75 ASN1_OBJECT_free(cms->contentType);
76 cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
77 return cms->d.envelopedData;
78 }
79 return ossl_cms_get0_enveloped(cms);
80 }
81
82 static CMS_AuthEnvelopedData *
83 cms_auth_enveloped_data_init(CMS_ContentInfo *cms)
84 {
85 if (cms->d.other == NULL) {
86 cms->d.authEnvelopedData = M_ASN1_new_of(CMS_AuthEnvelopedData);
87 if (cms->d.authEnvelopedData == NULL) {
88 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
89 return NULL;
90 }
91 /* Defined in RFC 5083 - Section 2.1. "AuthEnvelopedData Type" */
92 cms->d.authEnvelopedData->version = 0;
93 cms->d.authEnvelopedData->authEncryptedContentInfo->contentType =
94 OBJ_nid2obj(NID_pkcs7_data);
95 ASN1_OBJECT_free(cms->contentType);
96 cms->contentType = OBJ_nid2obj(NID_id_smime_ct_authEnvelopedData);
97 return cms->d.authEnvelopedData;
98 }
99 return ossl_cms_get0_auth_enveloped(cms);
100 }
101
102 int ossl_cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
103 {
104 EVP_PKEY *pkey;
105 int i;
106 if (ri->type == CMS_RECIPINFO_TRANS)
107 pkey = ri->d.ktri->pkey;
108 else if (ri->type == CMS_RECIPINFO_AGREE) {
109 EVP_PKEY_CTX *pctx = ri->d.kari->pctx;
110
111 if (pctx == NULL)
112 return 0;
113 pkey = EVP_PKEY_CTX_get0_pkey(pctx);
114 if (pkey == NULL)
115 return 0;
116 } else
117 return 0;
118
119 if (EVP_PKEY_is_a(pkey, "DHX") || EVP_PKEY_is_a(pkey, "DH"))
120 return ossl_cms_dh_envelope(ri, cmd);
121 else if (EVP_PKEY_is_a(pkey, "EC"))
122 return ossl_cms_ecdh_envelope(ri, cmd);
123 else if (EVP_PKEY_is_a(pkey, "RSA"))
124 return ossl_cms_rsa_envelope(ri, cmd);
125
126 /* Something else? We'll give engines etc a chance to handle this */
127 if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL)
128 return 1;
129 i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri);
130 if (i == -2) {
131 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
132 return 0;
133 }
134 if (i <= 0) {
135 ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_FAILURE);
136 return 0;
137 }
138 return 1;
139 }
140
141 CMS_EncryptedContentInfo* ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms)
142 {
143 switch (cms_get_enveloped_type(cms)) {
144 case CMS_ENVELOPED_STANDARD:
145 return cms->d.envelopedData->encryptedContentInfo;
146
147 case CMS_ENVELOPED_AUTH:
148 return cms->d.authEnvelopedData->authEncryptedContentInfo;
149
150 default:
151 return NULL;
152 }
153 }
154
155 STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
156 {
157 switch (cms_get_enveloped_type(cms)) {
158 case CMS_ENVELOPED_STANDARD:
159 return cms->d.envelopedData->recipientInfos;
160
161 case CMS_ENVELOPED_AUTH:
162 return cms->d.authEnvelopedData->recipientInfos;
163
164 default:
165 return NULL;
166 }
167 }
168
169 void ossl_cms_RecipientInfos_set_cmsctx(CMS_ContentInfo *cms)
170 {
171 int i;
172 CMS_RecipientInfo *ri;
173 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
174 STACK_OF(CMS_RecipientInfo) *rinfos = CMS_get0_RecipientInfos(cms);
175
176 for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) {
177 ri = sk_CMS_RecipientInfo_value(rinfos, i);
178 if (ri != NULL) {
179 switch (ri->type) {
180 case CMS_RECIPINFO_AGREE:
181 ri->d.kari->cms_ctx = ctx;
182 break;
183 case CMS_RECIPINFO_TRANS:
184 ri->d.ktri->cms_ctx = ctx;
185 ossl_x509_set0_libctx(ri->d.ktri->recip,
186 ossl_cms_ctx_get0_libctx(ctx),
187 ossl_cms_ctx_get0_propq(ctx));
188 break;
189 case CMS_RECIPINFO_KEK:
190 ri->d.kekri->cms_ctx = ctx;
191 break;
192 case CMS_RECIPINFO_PASS:
193 ri->d.pwri->cms_ctx = ctx;
194 break;
195 default:
196 break;
197 }
198 }
199 }
200 }
201
202 int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
203 {
204 return ri->type;
205 }
206
207 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri)
208 {
209 if (ri->type == CMS_RECIPINFO_TRANS)
210 return ri->d.ktri->pctx;
211 else if (ri->type == CMS_RECIPINFO_AGREE)
212 return ri->d.kari->pctx;
213 return NULL;
214 }
215
216 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
217 OSSL_LIB_CTX *libctx,
218 const char *propq)
219 {
220 CMS_ContentInfo *cms;
221 CMS_EnvelopedData *env;
222
223 cms = CMS_ContentInfo_new_ex(libctx, propq);
224 if (cms == NULL)
225 goto merr;
226 env = cms_enveloped_data_init(cms);
227 if (env == NULL)
228 goto merr;
229
230 if (!ossl_cms_EncryptedContent_init(env->encryptedContentInfo, cipher, NULL,
231 0, ossl_cms_get0_cmsctx(cms)))
232 goto merr;
233 return cms;
234 merr:
235 CMS_ContentInfo_free(cms);
236 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
237 return NULL;
238 }
239
240 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
241 {
242 return CMS_EnvelopedData_create_ex(cipher, NULL, NULL);
243 }
244
245 BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
246 EVP_PKEY *pkey, X509 *cert,
247 ASN1_OCTET_STRING *secret, unsigned int flags,
248 OSSL_LIB_CTX *libctx, const char *propq)
249 {
250 CMS_ContentInfo *ci;
251 BIO *bio = NULL;
252 int res = 0;
253
254 if (env == NULL) {
255 ERR_raise(ERR_LIB_CMS, ERR_R_PASSED_NULL_PARAMETER);
256 return NULL;
257 }
258
259 if ((ci = CMS_ContentInfo_new_ex(libctx, propq)) == NULL
260 || (bio = BIO_new(BIO_s_mem())) == NULL)
261 goto end;
262 ci->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
263 ci->d.envelopedData = env;
264 if (secret != NULL
265 && CMS_decrypt_set1_password(ci, (unsigned char *)
266 ASN1_STRING_get0_data(secret),
267 ASN1_STRING_length(secret)) != 1)
268 goto end;
269 res = CMS_decrypt(ci, pkey, cert, detached_data, bio, flags);
270
271 end:
272 if (ci != NULL)
273 ci->d.envelopedData = NULL; /* do not indirectly free |env| */
274 CMS_ContentInfo_free(ci);
275 if (!res) {
276 BIO_free(bio);
277 bio = NULL;
278 }
279 return bio;
280 }
281
282 CMS_ContentInfo *
283 CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
284 const char *propq)
285 {
286 CMS_ContentInfo *cms;
287 CMS_AuthEnvelopedData *aenv;
288
289 cms = CMS_ContentInfo_new_ex(libctx, propq);
290 if (cms == NULL)
291 goto merr;
292 aenv = cms_auth_enveloped_data_init(cms);
293 if (aenv == NULL)
294 goto merr;
295 if (!ossl_cms_EncryptedContent_init(aenv->authEncryptedContentInfo,
296 cipher, NULL, 0,
297 ossl_cms_get0_cmsctx(cms)))
298 goto merr;
299 return cms;
300 merr:
301 CMS_ContentInfo_free(cms);
302 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
303 return NULL;
304 }
305
306
307 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher)
308 {
309 return CMS_AuthEnvelopedData_create_ex(cipher, NULL, NULL);
310 }
311
312 /* Key Transport Recipient Info (KTRI) routines */
313
314 /* Initialise a ktri based on passed certificate and key */
315
316 static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
317 EVP_PKEY *pk, unsigned int flags,
318 const CMS_CTX *ctx)
319 {
320 CMS_KeyTransRecipientInfo *ktri;
321 int idtype;
322
323 ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
324 if (!ri->d.ktri)
325 return 0;
326 ri->type = CMS_RECIPINFO_TRANS;
327
328 ktri = ri->d.ktri;
329 ktri->cms_ctx = ctx;
330
331 if (flags & CMS_USE_KEYID) {
332 ktri->version = 2;
333 idtype = CMS_RECIPINFO_KEYIDENTIFIER;
334 } else {
335 ktri->version = 0;
336 idtype = CMS_RECIPINFO_ISSUER_SERIAL;
337 }
338
339 /*
340 * Not a typo: RecipientIdentifier and SignerIdentifier are the same
341 * structure.
342 */
343
344 if (!ossl_cms_set1_SignerIdentifier(ktri->rid, recip, idtype, ctx))
345 return 0;
346
347 X509_up_ref(recip);
348 EVP_PKEY_up_ref(pk);
349
350 ktri->pkey = pk;
351 ktri->recip = recip;
352
353 if (flags & CMS_KEY_PARAM) {
354 ktri->pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx),
355 ktri->pkey,
356 ossl_cms_ctx_get0_propq(ctx));
357 if (ktri->pctx == NULL)
358 return 0;
359 if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
360 return 0;
361 } else if (!ossl_cms_env_asn1_ctrl(ri, 0))
362 return 0;
363 return 1;
364 }
365
366 /*
367 * Add a recipient certificate using appropriate type of RecipientInfo
368 */
369
370 CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip,
371 EVP_PKEY *originatorPrivKey,
372 X509 *originator, unsigned int flags)
373 {
374 CMS_RecipientInfo *ri = NULL;
375 STACK_OF(CMS_RecipientInfo) *ris;
376 EVP_PKEY *pk = NULL;
377 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
378
379 ris = CMS_get0_RecipientInfos(cms);
380 if (ris == NULL)
381 goto err;
382
383 /* Initialize recipient info */
384 ri = M_ASN1_new_of(CMS_RecipientInfo);
385 if (ri == NULL)
386 goto merr;
387
388 pk = X509_get0_pubkey(recip);
389 if (pk == NULL) {
390 ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_GETTING_PUBLIC_KEY);
391 goto err;
392 }
393
394 switch (ossl_cms_pkey_get_ri_type(pk)) {
395
396 case CMS_RECIPINFO_TRANS:
397 if (!cms_RecipientInfo_ktri_init(ri, recip, pk, flags, ctx))
398 goto err;
399 break;
400
401 case CMS_RECIPINFO_AGREE:
402 if (!ossl_cms_RecipientInfo_kari_init(ri, recip, pk, originator,
403 originatorPrivKey, flags, ctx))
404 goto err;
405 break;
406
407 default:
408 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
409 goto err;
410
411 }
412
413 if (!sk_CMS_RecipientInfo_push(ris, ri))
414 goto merr;
415
416 return ri;
417
418 merr:
419 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
420 err:
421 M_ASN1_free_of(ri, CMS_RecipientInfo);
422 return NULL;
423
424 }
425
426 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip,
427 unsigned int flags)
428 {
429 return CMS_add1_recipient(cms, recip, NULL, NULL, flags);
430 }
431
432 int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
433 EVP_PKEY **pk, X509 **recip,
434 X509_ALGOR **palg)
435 {
436 CMS_KeyTransRecipientInfo *ktri;
437 if (ri->type != CMS_RECIPINFO_TRANS) {
438 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
439 return 0;
440 }
441
442 ktri = ri->d.ktri;
443
444 if (pk)
445 *pk = ktri->pkey;
446 if (recip)
447 *recip = ktri->recip;
448 if (palg)
449 *palg = ktri->keyEncryptionAlgorithm;
450 return 1;
451 }
452
453 int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
454 ASN1_OCTET_STRING **keyid,
455 X509_NAME **issuer,
456 ASN1_INTEGER **sno)
457 {
458 CMS_KeyTransRecipientInfo *ktri;
459 if (ri->type != CMS_RECIPINFO_TRANS) {
460 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
461 return 0;
462 }
463 ktri = ri->d.ktri;
464
465 return ossl_cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer,
466 sno);
467 }
468
469 int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
470 {
471 if (ri->type != CMS_RECIPINFO_TRANS) {
472 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
473 return -2;
474 }
475 return ossl_cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
476 }
477
478 int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
479 {
480 if (ri->type != CMS_RECIPINFO_TRANS) {
481 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
482 return 0;
483 }
484 EVP_PKEY_free(ri->d.ktri->pkey);
485 ri->d.ktri->pkey = pkey;
486 return 1;
487 }
488
489 /* Encrypt content key in key transport recipient info */
490
491 static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms,
492 CMS_RecipientInfo *ri)
493 {
494 CMS_KeyTransRecipientInfo *ktri;
495 CMS_EncryptedContentInfo *ec;
496 EVP_PKEY_CTX *pctx;
497 unsigned char *ek = NULL;
498 size_t eklen;
499 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
500
501 int ret = 0;
502
503 if (ri->type != CMS_RECIPINFO_TRANS) {
504 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
505 return 0;
506 }
507 ktri = ri->d.ktri;
508 ec = ossl_cms_get0_env_enc_content(cms);
509
510 pctx = ktri->pctx;
511
512 if (pctx) {
513 if (!ossl_cms_env_asn1_ctrl(ri, 0))
514 goto err;
515 } else {
516 pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx),
517 ktri->pkey,
518 ossl_cms_ctx_get0_propq(ctx));
519 if (pctx == NULL)
520 return 0;
521
522 if (EVP_PKEY_encrypt_init(pctx) <= 0)
523 goto err;
524 }
525
526 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
527 goto err;
528
529 ek = OPENSSL_malloc(eklen);
530
531 if (ek == NULL) {
532 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
533 goto err;
534 }
535
536 if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
537 goto err;
538
539 ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
540 ek = NULL;
541
542 ret = 1;
543
544 err:
545 EVP_PKEY_CTX_free(pctx);
546 ktri->pctx = NULL;
547 OPENSSL_free(ek);
548 return ret;
549 }
550
551 /* Decrypt content key from KTRI */
552
553 static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
554 CMS_RecipientInfo *ri)
555 {
556 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
557 EVP_PKEY *pkey = ktri->pkey;
558 unsigned char *ek = NULL;
559 size_t eklen;
560 int ret = 0;
561 size_t fixlen = 0;
562 const EVP_CIPHER *cipher = NULL;
563 EVP_CIPHER *fetched_cipher = NULL;
564 CMS_EncryptedContentInfo *ec;
565 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
566 OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(ctx);
567 const char *propq = ossl_cms_ctx_get0_propq(ctx);
568
569 ec = ossl_cms_get0_env_enc_content(cms);
570
571 if (ktri->pkey == NULL) {
572 ERR_raise(ERR_LIB_CMS, CMS_R_NO_PRIVATE_KEY);
573 return 0;
574 }
575
576 if (cms->d.envelopedData->encryptedContentInfo->havenocert
577 && !cms->d.envelopedData->encryptedContentInfo->debug) {
578 X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
579 char name[OSSL_MAX_NAME_SIZE];
580
581 OBJ_obj2txt(name, sizeof(name), calg->algorithm, 0);
582
583 (void)ERR_set_mark();
584 fetched_cipher = EVP_CIPHER_fetch(libctx, name, propq);
585
586 if (fetched_cipher != NULL)
587 cipher = fetched_cipher;
588 else
589 cipher = EVP_get_cipherbyobj(calg->algorithm);
590 if (cipher == NULL) {
591 (void)ERR_clear_last_mark();
592 ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_CIPHER);
593 return 0;
594 }
595 (void)ERR_pop_to_mark();
596
597 fixlen = EVP_CIPHER_get_key_length(cipher);
598 EVP_CIPHER_free(fetched_cipher);
599 }
600
601 ktri->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
602 if (ktri->pctx == NULL)
603 goto err;
604
605 if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0)
606 goto err;
607
608 if (!ossl_cms_env_asn1_ctrl(ri, 1))
609 goto err;
610
611 if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen,
612 ktri->encryptedKey->data,
613 ktri->encryptedKey->length) <= 0)
614 goto err;
615
616 ek = OPENSSL_malloc(eklen);
617 if (ek == NULL) {
618 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
619 goto err;
620 }
621
622 if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen,
623 ktri->encryptedKey->data,
624 ktri->encryptedKey->length) <= 0
625 || eklen == 0
626 || (fixlen != 0 && eklen != fixlen)) {
627 ERR_raise(ERR_LIB_CMS, CMS_R_CMS_LIB);
628 goto err;
629 }
630
631 ret = 1;
632
633 OPENSSL_clear_free(ec->key, ec->keylen);
634 ec->key = ek;
635 ec->keylen = eklen;
636
637 err:
638 EVP_PKEY_CTX_free(ktri->pctx);
639 ktri->pctx = NULL;
640 if (!ret)
641 OPENSSL_free(ek);
642
643 return ret;
644 }
645
646 /* Key Encrypted Key (KEK) RecipientInfo routines */
647
648 int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
649 const unsigned char *id, size_t idlen)
650 {
651 ASN1_OCTET_STRING tmp_os;
652 CMS_KEKRecipientInfo *kekri;
653 if (ri->type != CMS_RECIPINFO_KEK) {
654 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK);
655 return -2;
656 }
657 kekri = ri->d.kekri;
658 tmp_os.type = V_ASN1_OCTET_STRING;
659 tmp_os.flags = 0;
660 tmp_os.data = (unsigned char *)id;
661 tmp_os.length = (int)idlen;
662 return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
663 }
664
665 /* For now hard code AES key wrap info */
666
667 static size_t aes_wrap_keylen(int nid)
668 {
669 switch (nid) {
670 case NID_id_aes128_wrap:
671 return 16;
672
673 case NID_id_aes192_wrap:
674 return 24;
675
676 case NID_id_aes256_wrap:
677 return 32;
678
679 default:
680 return 0;
681 }
682 }
683
684 CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
685 unsigned char *key, size_t keylen,
686 unsigned char *id, size_t idlen,
687 ASN1_GENERALIZEDTIME *date,
688 ASN1_OBJECT *otherTypeId,
689 ASN1_TYPE *otherType)
690 {
691 CMS_RecipientInfo *ri = NULL;
692 CMS_KEKRecipientInfo *kekri;
693 STACK_OF(CMS_RecipientInfo) *ris = CMS_get0_RecipientInfos(cms);
694
695 if (ris == NULL)
696 goto err;
697
698 if (nid == NID_undef) {
699 switch (keylen) {
700 case 16:
701 nid = NID_id_aes128_wrap;
702 break;
703
704 case 24:
705 nid = NID_id_aes192_wrap;
706 break;
707
708 case 32:
709 nid = NID_id_aes256_wrap;
710 break;
711
712 default:
713 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
714 goto err;
715 }
716
717 } else {
718
719 size_t exp_keylen = aes_wrap_keylen(nid);
720
721 if (!exp_keylen) {
722 ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_KEK_ALGORITHM);
723 goto err;
724 }
725
726 if (keylen != exp_keylen) {
727 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
728 goto err;
729 }
730
731 }
732
733 /* Initialize recipient info */
734 ri = M_ASN1_new_of(CMS_RecipientInfo);
735 if (!ri)
736 goto merr;
737
738 ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
739 if (!ri->d.kekri)
740 goto merr;
741 ri->type = CMS_RECIPINFO_KEK;
742
743 kekri = ri->d.kekri;
744
745 if (otherTypeId) {
746 kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
747 if (kekri->kekid->other == NULL)
748 goto merr;
749 }
750
751 if (!sk_CMS_RecipientInfo_push(ris, ri))
752 goto merr;
753
754 /* After this point no calls can fail */
755
756 kekri->version = 4;
757
758 kekri->key = key;
759 kekri->keylen = keylen;
760
761 ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
762
763 kekri->kekid->date = date;
764
765 if (kekri->kekid->other) {
766 kekri->kekid->other->keyAttrId = otherTypeId;
767 kekri->kekid->other->keyAttr = otherType;
768 }
769
770 (void)X509_ALGOR_set0(kekri->keyEncryptionAlgorithm, OBJ_nid2obj(nid),
771 V_ASN1_UNDEF, NULL); /* cannot fail */
772
773 return ri;
774
775 merr:
776 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
777 err:
778 M_ASN1_free_of(ri, CMS_RecipientInfo);
779 return NULL;
780 }
781
782 int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
783 X509_ALGOR **palg,
784 ASN1_OCTET_STRING **pid,
785 ASN1_GENERALIZEDTIME **pdate,
786 ASN1_OBJECT **potherid,
787 ASN1_TYPE **pothertype)
788 {
789 CMS_KEKIdentifier *rkid;
790 if (ri->type != CMS_RECIPINFO_KEK) {
791 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK);
792 return 0;
793 }
794 rkid = ri->d.kekri->kekid;
795 if (palg)
796 *palg = ri->d.kekri->keyEncryptionAlgorithm;
797 if (pid)
798 *pid = rkid->keyIdentifier;
799 if (pdate)
800 *pdate = rkid->date;
801 if (potherid) {
802 if (rkid->other)
803 *potherid = rkid->other->keyAttrId;
804 else
805 *potherid = NULL;
806 }
807 if (pothertype) {
808 if (rkid->other)
809 *pothertype = rkid->other->keyAttr;
810 else
811 *pothertype = NULL;
812 }
813 return 1;
814 }
815
816 int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
817 unsigned char *key, size_t keylen)
818 {
819 CMS_KEKRecipientInfo *kekri;
820 if (ri->type != CMS_RECIPINFO_KEK) {
821 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK);
822 return 0;
823 }
824
825 kekri = ri->d.kekri;
826 kekri->key = key;
827 kekri->keylen = keylen;
828 return 1;
829 }
830
831 static EVP_CIPHER *cms_get_key_wrap_cipher(size_t keylen, const CMS_CTX *ctx)
832 {
833 const char *alg = NULL;
834
835 switch (keylen) {
836 case 16:
837 alg = "AES-128-WRAP";
838 break;
839 case 24:
840 alg = "AES-192-WRAP";
841 break;
842 case 32:
843 alg = "AES-256-WRAP";
844 break;
845 default:
846 return NULL;
847 }
848 return EVP_CIPHER_fetch(ossl_cms_ctx_get0_libctx(ctx), alg,
849 ossl_cms_ctx_get0_propq(ctx));
850 }
851
852
853 /* Encrypt content key in KEK recipient info */
854
855 static int cms_RecipientInfo_kekri_encrypt(const CMS_ContentInfo *cms,
856 CMS_RecipientInfo *ri)
857 {
858 CMS_EncryptedContentInfo *ec;
859 CMS_KEKRecipientInfo *kekri;
860 unsigned char *wkey = NULL;
861 int wkeylen;
862 int r = 0;
863 EVP_CIPHER *cipher = NULL;
864 int outlen = 0;
865 EVP_CIPHER_CTX *ctx = NULL;
866 const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms);
867
868 ec = ossl_cms_get0_env_enc_content(cms);
869 if (ec == NULL)
870 return 0;
871
872 kekri = ri->d.kekri;
873
874 if (kekri->key == NULL) {
875 ERR_raise(ERR_LIB_CMS, CMS_R_NO_KEY);
876 return 0;
877 }
878
879 cipher = cms_get_key_wrap_cipher(kekri->keylen, cms_ctx);
880 if (cipher == NULL) {
881 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
882 goto err;
883 }
884
885 /* 8 byte prefix for AES wrap ciphers */
886 wkey = OPENSSL_malloc(ec->keylen + 8);
887 if (wkey == NULL) {
888 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
889 goto err;
890 }
891
892 ctx = EVP_CIPHER_CTX_new();
893 if (ctx == NULL) {
894 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
895 goto err;
896 }
897
898 EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
899 if (!EVP_EncryptInit_ex(ctx, cipher, NULL, kekri->key, NULL)
900 || !EVP_EncryptUpdate(ctx, wkey, &wkeylen, ec->key, ec->keylen)
901 || !EVP_EncryptFinal_ex(ctx, wkey + wkeylen, &outlen)) {
902 ERR_raise(ERR_LIB_CMS, CMS_R_WRAP_ERROR);
903 goto err;
904 }
905 wkeylen += outlen;
906 if (!ossl_assert((size_t)wkeylen == ec->keylen + 8)) {
907 ERR_raise(ERR_LIB_CMS, CMS_R_WRAP_ERROR);
908 goto err;
909 }
910
911 ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
912
913 r = 1;
914
915 err:
916 EVP_CIPHER_free(cipher);
917 if (!r)
918 OPENSSL_free(wkey);
919 EVP_CIPHER_CTX_free(ctx);
920
921 return r;
922 }
923
924 /* Decrypt content key in KEK recipient info */
925
926 static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
927 CMS_RecipientInfo *ri)
928 {
929 CMS_EncryptedContentInfo *ec;
930 CMS_KEKRecipientInfo *kekri;
931 unsigned char *ukey = NULL;
932 int ukeylen;
933 int r = 0, wrap_nid;
934 EVP_CIPHER *cipher = NULL;
935 int outlen = 0;
936 EVP_CIPHER_CTX *ctx = NULL;
937 const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms);
938
939 ec = ossl_cms_get0_env_enc_content(cms);
940 if (ec == NULL)
941 return 0;
942
943 kekri = ri->d.kekri;
944
945 if (!kekri->key) {
946 ERR_raise(ERR_LIB_CMS, CMS_R_NO_KEY);
947 return 0;
948 }
949
950 wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
951 if (aes_wrap_keylen(wrap_nid) != kekri->keylen) {
952 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
953 return 0;
954 }
955
956 /* If encrypted key length is invalid don't bother */
957
958 if (kekri->encryptedKey->length < 16) {
959 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
960 goto err;
961 }
962
963 cipher = cms_get_key_wrap_cipher(kekri->keylen, cms_ctx);
964 if (cipher == NULL) {
965 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
966 goto err;
967 }
968
969 ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
970 if (ukey == NULL) {
971 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
972 goto err;
973 }
974
975 ctx = EVP_CIPHER_CTX_new();
976 if (ctx == NULL) {
977 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
978 goto err;
979 }
980
981 if (!EVP_DecryptInit_ex(ctx, cipher, NULL, kekri->key, NULL)
982 || !EVP_DecryptUpdate(ctx, ukey, &ukeylen,
983 kekri->encryptedKey->data,
984 kekri->encryptedKey->length)
985 || !EVP_DecryptFinal_ex(ctx, ukey + ukeylen, &outlen)) {
986 ERR_raise(ERR_LIB_CMS, CMS_R_UNWRAP_ERROR);
987 goto err;
988 }
989 ukeylen += outlen;
990
991 OPENSSL_clear_free(ec->key, ec->keylen);
992 ec->key = ukey;
993 ec->keylen = ukeylen;
994
995 r = 1;
996
997 err:
998 EVP_CIPHER_free(cipher);
999 if (!r)
1000 OPENSSL_free(ukey);
1001 EVP_CIPHER_CTX_free(ctx);
1002
1003 return r;
1004 }
1005
1006 int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
1007 {
1008 switch (ri->type) {
1009 case CMS_RECIPINFO_TRANS:
1010 return cms_RecipientInfo_ktri_decrypt(cms, ri);
1011
1012 case CMS_RECIPINFO_KEK:
1013 return cms_RecipientInfo_kekri_decrypt(cms, ri);
1014
1015 case CMS_RECIPINFO_PASS:
1016 return ossl_cms_RecipientInfo_pwri_crypt(cms, ri, 0);
1017
1018 default:
1019 ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE);
1020 return 0;
1021 }
1022 }
1023
1024 int CMS_RecipientInfo_encrypt(const CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
1025 {
1026 switch (ri->type) {
1027 case CMS_RECIPINFO_TRANS:
1028 return cms_RecipientInfo_ktri_encrypt(cms, ri);
1029
1030 case CMS_RECIPINFO_AGREE:
1031 return ossl_cms_RecipientInfo_kari_encrypt(cms, ri);
1032
1033 case CMS_RECIPINFO_KEK:
1034 return cms_RecipientInfo_kekri_encrypt(cms, ri);
1035
1036 case CMS_RECIPINFO_PASS:
1037 return ossl_cms_RecipientInfo_pwri_crypt(cms, ri, 1);
1038
1039 default:
1040 ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
1041 return 0;
1042 }
1043 }
1044
1045 /* Check structures and fixup version numbers (if necessary) */
1046
1047 static void cms_env_set_originfo_version(CMS_EnvelopedData *env)
1048 {
1049 CMS_OriginatorInfo *org = env->originatorInfo;
1050 int i;
1051 if (org == NULL)
1052 return;
1053 for (i = 0; i < sk_CMS_CertificateChoices_num(org->certificates); i++) {
1054 CMS_CertificateChoices *cch;
1055 cch = sk_CMS_CertificateChoices_value(org->certificates, i);
1056 if (cch->type == CMS_CERTCHOICE_OTHER) {
1057 env->version = 4;
1058 return;
1059 } else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
1060 if (env->version < 3)
1061 env->version = 3;
1062 }
1063 }
1064
1065 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(org->crls); i++) {
1066 CMS_RevocationInfoChoice *rch;
1067 rch = sk_CMS_RevocationInfoChoice_value(org->crls, i);
1068 if (rch->type == CMS_REVCHOICE_OTHER) {
1069 env->version = 4;
1070 return;
1071 }
1072 }
1073 }
1074
1075 static void cms_env_set_version(CMS_EnvelopedData *env)
1076 {
1077 int i;
1078 CMS_RecipientInfo *ri;
1079
1080 /*
1081 * Can't set version higher than 4 so if 4 or more already nothing to do.
1082 */
1083 if (env->version >= 4)
1084 return;
1085
1086 cms_env_set_originfo_version(env);
1087
1088 if (env->version >= 3)
1089 return;
1090
1091 for (i = 0; i < sk_CMS_RecipientInfo_num(env->recipientInfos); i++) {
1092 ri = sk_CMS_RecipientInfo_value(env->recipientInfos, i);
1093 if (ri->type == CMS_RECIPINFO_PASS || ri->type == CMS_RECIPINFO_OTHER) {
1094 env->version = 3;
1095 return;
1096 } else if (ri->type != CMS_RECIPINFO_TRANS
1097 || ri->d.ktri->version != 0) {
1098 env->version = 2;
1099 }
1100 }
1101 if (env->originatorInfo || env->unprotectedAttrs)
1102 env->version = 2;
1103 if (env->version == 2)
1104 return;
1105 env->version = 0;
1106 }
1107
1108 static int cms_env_encrypt_content_key(const CMS_ContentInfo *cms,
1109 STACK_OF(CMS_RecipientInfo) *ris)
1110 {
1111 int i;
1112 CMS_RecipientInfo *ri;
1113
1114 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
1115 ri = sk_CMS_RecipientInfo_value(ris, i);
1116 if (CMS_RecipientInfo_encrypt(cms, ri) <= 0)
1117 return -1;
1118 }
1119 return 1;
1120 }
1121
1122 static void cms_env_clear_ec(CMS_EncryptedContentInfo *ec)
1123 {
1124 ec->cipher = NULL;
1125 OPENSSL_clear_free(ec->key, ec->keylen);
1126 ec->key = NULL;
1127 ec->keylen = 0;
1128 }
1129
1130 static BIO *cms_EnvelopedData_Decryption_init_bio(CMS_ContentInfo *cms)
1131 {
1132 CMS_EncryptedContentInfo *ec = cms->d.envelopedData->encryptedContentInfo;
1133 BIO *contentBio = ossl_cms_EncryptedContent_init_bio(ec,
1134 ossl_cms_get0_cmsctx(cms));
1135 EVP_CIPHER_CTX *ctx = NULL;
1136
1137 if (contentBio == NULL)
1138 return NULL;
1139
1140 BIO_get_cipher_ctx(contentBio, &ctx);
1141 if (ctx == NULL) {
1142 BIO_free(contentBio);
1143 return NULL;
1144 }
1145 /*
1146 * If the selected cipher supports unprotected attributes,
1147 * deal with it using special ctrl function
1148 */
1149 if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
1150 & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0
1151 && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED, 0,
1152 cms->d.envelopedData->unprotectedAttrs) <= 0) {
1153 BIO_free(contentBio);
1154 return NULL;
1155 }
1156 return contentBio;
1157 }
1158
1159 static BIO *cms_EnvelopedData_Encryption_init_bio(CMS_ContentInfo *cms)
1160 {
1161 CMS_EncryptedContentInfo *ec;
1162 STACK_OF(CMS_RecipientInfo) *rinfos;
1163 int ok = 0;
1164 BIO *ret;
1165 CMS_EnvelopedData *env = cms->d.envelopedData;
1166
1167 /* Get BIO first to set up key */
1168
1169 ec = env->encryptedContentInfo;
1170 ret = ossl_cms_EncryptedContent_init_bio(ec, ossl_cms_get0_cmsctx(cms));
1171
1172 /* If error end of processing */
1173 if (!ret)
1174 return ret;
1175
1176 /* Now encrypt content key according to each RecipientInfo type */
1177 rinfos = env->recipientInfos;
1178 if (cms_env_encrypt_content_key(cms, rinfos) < 0) {
1179 ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_SETTING_RECIPIENTINFO);
1180 goto err;
1181 }
1182
1183 /* And finally set the version */
1184 cms_env_set_version(env);
1185
1186 ok = 1;
1187
1188 err:
1189 cms_env_clear_ec(ec);
1190 if (ok)
1191 return ret;
1192 BIO_free(ret);
1193 return NULL;
1194 }
1195
1196 BIO *ossl_cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
1197 {
1198 if (cms->d.envelopedData->encryptedContentInfo->cipher != NULL) {
1199 /* If cipher is set it's encryption */
1200 return cms_EnvelopedData_Encryption_init_bio(cms);
1201 }
1202
1203 /* If cipher is not set it's decryption */
1204 return cms_EnvelopedData_Decryption_init_bio(cms);
1205 }
1206
1207 BIO *ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms)
1208 {
1209 CMS_EncryptedContentInfo *ec;
1210 STACK_OF(CMS_RecipientInfo) *rinfos;
1211 int ok = 0;
1212 BIO *ret;
1213 CMS_AuthEnvelopedData *aenv = cms->d.authEnvelopedData;
1214
1215 /* Get BIO first to set up key */
1216 ec = aenv->authEncryptedContentInfo;
1217 /* Set tag for decryption */
1218 if (ec->cipher == NULL) {
1219 ec->tag = aenv->mac->data;
1220 ec->taglen = aenv->mac->length;
1221 }
1222 ret = ossl_cms_EncryptedContent_init_bio(ec, ossl_cms_get0_cmsctx(cms));
1223
1224 /* If error or no cipher end of processing */
1225 if (ret == NULL || ec->cipher == NULL)
1226 return ret;
1227
1228 /* Now encrypt content key according to each RecipientInfo type */
1229 rinfos = aenv->recipientInfos;
1230 if (cms_env_encrypt_content_key(cms, rinfos) < 0) {
1231 ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_SETTING_RECIPIENTINFO);
1232 goto err;
1233 }
1234
1235 /* And finally set the version */
1236 aenv->version = 0;
1237
1238 ok = 1;
1239
1240 err:
1241 cms_env_clear_ec(ec);
1242 if (ok)
1243 return ret;
1244 BIO_free(ret);
1245 return NULL;
1246 }
1247
1248 int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain)
1249 {
1250 CMS_EnvelopedData *env = NULL;
1251 EVP_CIPHER_CTX *ctx = NULL;
1252 BIO *mbio = BIO_find_type(chain, BIO_TYPE_CIPHER);
1253
1254 env = ossl_cms_get0_enveloped(cms);
1255 if (env == NULL)
1256 return 0;
1257
1258 if (mbio == NULL) {
1259 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_NOT_FOUND);
1260 return 0;
1261 }
1262
1263 BIO_get_cipher_ctx(mbio, &ctx);
1264
1265 /*
1266 * If the selected cipher supports unprotected attributes,
1267 * deal with it using special ctrl function
1268 */
1269 if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
1270 & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) {
1271 if (env->unprotectedAttrs == NULL)
1272 env->unprotectedAttrs = sk_X509_ATTRIBUTE_new_null();
1273
1274 if (env->unprotectedAttrs == NULL) {
1275 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
1276 return 0;
1277 }
1278
1279 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED,
1280 1, env->unprotectedAttrs) <= 0) {
1281 ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_FAILURE);
1282 return 0;
1283 }
1284 }
1285
1286 cms_env_set_version(cms->d.envelopedData);
1287 return 1;
1288 }
1289
1290 int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio)
1291 {
1292 EVP_CIPHER_CTX *ctx;
1293 unsigned char *tag = NULL;
1294 int taglen, ok = 0;
1295
1296 BIO_get_cipher_ctx(cmsbio, &ctx);
1297
1298 /*
1299 * The tag is set only for encryption. There is nothing to do for
1300 * decryption.
1301 */
1302 if (!EVP_CIPHER_CTX_is_encrypting(ctx))
1303 return 1;
1304
1305 taglen = EVP_CIPHER_CTX_get_tag_length(ctx);
1306 if (taglen <= 0
1307 || (tag = OPENSSL_malloc(taglen)) == NULL
1308 || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen,
1309 tag) <= 0) {
1310 ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_GET_TAG);
1311 goto err;
1312 }
1313
1314 if (!ASN1_OCTET_STRING_set(cms->d.authEnvelopedData->mac, tag, taglen))
1315 goto err;
1316
1317 ok = 1;
1318 err:
1319 OPENSSL_free(tag);
1320 return ok;
1321 }
1322
1323 /*
1324 * Get RecipientInfo type (if any) supported by a key (public or private). To
1325 * retain compatibility with previous behaviour if the ctrl value isn't
1326 * supported we assume key transport.
1327 */
1328 int ossl_cms_pkey_get_ri_type(EVP_PKEY *pk)
1329 {
1330 /* Check types that we know about */
1331 if (EVP_PKEY_is_a(pk, "DH"))
1332 return CMS_RECIPINFO_AGREE;
1333 else if (EVP_PKEY_is_a(pk, "DHX"))
1334 return CMS_RECIPINFO_AGREE;
1335 else if (EVP_PKEY_is_a(pk, "DSA"))
1336 return CMS_RECIPINFO_NONE;
1337 else if (EVP_PKEY_is_a(pk, "EC"))
1338 return CMS_RECIPINFO_AGREE;
1339 else if (EVP_PKEY_is_a(pk, "RSA"))
1340 return CMS_RECIPINFO_TRANS;
1341
1342 /*
1343 * Otherwise this might ben an engine implementation, so see if we can get
1344 * the type from the ameth.
1345 */
1346 if (pk->ameth && pk->ameth->pkey_ctrl) {
1347 int i, r;
1348 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_RI_TYPE, 0, &r);
1349 if (i > 0)
1350 return r;
1351 }
1352 return CMS_RECIPINFO_TRANS;
1353 }
1354
1355 int ossl_cms_pkey_is_ri_type_supported(EVP_PKEY *pk, int ri_type)
1356 {
1357 int supportedRiType;
1358
1359 if (pk->ameth != NULL && pk->ameth->pkey_ctrl != NULL) {
1360 int i, r;
1361
1362 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_IS_RI_TYPE_SUPPORTED,
1363 ri_type, &r);
1364 if (i > 0)
1365 return r;
1366 }
1367
1368 supportedRiType = ossl_cms_pkey_get_ri_type(pk);
1369 if (supportedRiType < 0)
1370 return 0;
1371
1372 return (supportedRiType == ri_type);
1373 }
A mirror of the official openssl repository