]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/cms/cms_env.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
make EVP_PKEY opaque
[thirdparty/openssl.git] / crypto / cms / cms_env.c
1 /* crypto/cms/cms_env.c */
2 /*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project.
5 */
6 /* ====================================================================
7 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 */
54
55 #include "internal/cryptlib.h"
56 #include <openssl/asn1t.h>
57 #include <openssl/pem.h>
58 #include <openssl/x509v3.h>
59 #include <openssl/err.h>
60 #include <openssl/cms.h>
61 #include <openssl/rand.h>
62 #include <openssl/aes.h>
63 #include "cms_lcl.h"
64 #include "internal/asn1_int.h"
65 #include "internal/evp_int.h"
66
67 /* CMS EnvelopedData Utilities */
68
69 CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
70 {
71 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
72 CMSerr(CMS_F_CMS_GET0_ENVELOPED,
73 CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
74 return NULL;
75 }
76 return cms->d.envelopedData;
77 }
78
79 static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
80 {
81 if (cms->d.other == NULL) {
82 cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
83 if (!cms->d.envelopedData) {
84 CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT, ERR_R_MALLOC_FAILURE);
85 return NULL;
86 }
87 cms->d.envelopedData->version = 0;
88 cms->d.envelopedData->encryptedContentInfo->contentType =
89 OBJ_nid2obj(NID_pkcs7_data);
90 ASN1_OBJECT_free(cms->contentType);
91 cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
92 return cms->d.envelopedData;
93 }
94 return cms_get0_enveloped(cms);
95 }
96
97 int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
98 {
99 EVP_PKEY *pkey;
100 int i;
101 if (ri->type == CMS_RECIPINFO_TRANS)
102 pkey = ri->d.ktri->pkey;
103 else if (ri->type == CMS_RECIPINFO_AGREE) {
104 EVP_PKEY_CTX *pctx = ri->d.kari->pctx;
105 if (!pctx)
106 return 0;
107 pkey = EVP_PKEY_CTX_get0_pkey(pctx);
108 if (!pkey)
109 return 0;
110 } else
111 return 0;
112 if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
113 return 1;
114 i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri);
115 if (i == -2) {
116 CMSerr(CMS_F_CMS_ENV_ASN1_CTRL,
117 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
118 return 0;
119 }
120 if (i <= 0) {
121 CMSerr(CMS_F_CMS_ENV_ASN1_CTRL, CMS_R_CTRL_FAILURE);
122 return 0;
123 }
124 return 1;
125 }
126
127 STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
128 {
129 CMS_EnvelopedData *env;
130 env = cms_get0_enveloped(cms);
131 if (!env)
132 return NULL;
133 return env->recipientInfos;
134 }
135
136 int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
137 {
138 return ri->type;
139 }
140
141 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri)
142 {
143 if (ri->type == CMS_RECIPINFO_TRANS)
144 return ri->d.ktri->pctx;
145 else if (ri->type == CMS_RECIPINFO_AGREE)
146 return ri->d.kari->pctx;
147 return NULL;
148 }
149
150 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
151 {
152 CMS_ContentInfo *cms;
153 CMS_EnvelopedData *env;
154 cms = CMS_ContentInfo_new();
155 if (cms == NULL)
156 goto merr;
157 env = cms_enveloped_data_init(cms);
158 if (env == NULL)
159 goto merr;
160 if (!cms_EncryptedContent_init(env->encryptedContentInfo,
161 cipher, NULL, 0))
162 goto merr;
163 return cms;
164 merr:
165 CMS_ContentInfo_free(cms);
166 CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
167 return NULL;
168 }
169
170 /* Key Transport Recipient Info (KTRI) routines */
171
172 /* Initialise a ktri based on passed certificate and key */
173
174 static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
175 EVP_PKEY *pk, unsigned int flags)
176 {
177 CMS_KeyTransRecipientInfo *ktri;
178 int idtype;
179
180 ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
181 if (!ri->d.ktri)
182 return 0;
183 ri->type = CMS_RECIPINFO_TRANS;
184
185 ktri = ri->d.ktri;
186
187 if (flags & CMS_USE_KEYID) {
188 ktri->version = 2;
189 idtype = CMS_RECIPINFO_KEYIDENTIFIER;
190 } else {
191 ktri->version = 0;
192 idtype = CMS_RECIPINFO_ISSUER_SERIAL;
193 }
194
195 /*
196 * Not a typo: RecipientIdentifier and SignerIdentifier are the same
197 * structure.
198 */
199
200 if (!cms_set1_SignerIdentifier(ktri->rid, recip, idtype))
201 return 0;
202
203 X509_up_ref(recip);
204 CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
205 ktri->pkey = pk;
206 ktri->recip = recip;
207
208 if (flags & CMS_KEY_PARAM) {
209 ktri->pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
210 if (ktri->pctx == NULL)
211 return 0;
212 if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
213 return 0;
214 } else if (!cms_env_asn1_ctrl(ri, 0))
215 return 0;
216 return 1;
217 }
218
219 /*
220 * Add a recipient certificate using appropriate type of RecipientInfo
221 */
222
223 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
224 X509 *recip, unsigned int flags)
225 {
226 CMS_RecipientInfo *ri = NULL;
227 CMS_EnvelopedData *env;
228 EVP_PKEY *pk = NULL;
229 env = cms_get0_enveloped(cms);
230 if (!env)
231 goto err;
232
233 /* Initialize recipient info */
234 ri = M_ASN1_new_of(CMS_RecipientInfo);
235 if (!ri)
236 goto merr;
237
238 pk = X509_get0_pubkey(recip);
239 if (!pk) {
240 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, CMS_R_ERROR_GETTING_PUBLIC_KEY);
241 goto err;
242 }
243
244 switch (cms_pkey_get_ri_type(pk)) {
245
246 case CMS_RECIPINFO_TRANS:
247 if (!cms_RecipientInfo_ktri_init(ri, recip, pk, flags))
248 goto err;
249 break;
250
251 case CMS_RECIPINFO_AGREE:
252 if (!cms_RecipientInfo_kari_init(ri, recip, pk, flags))
253 goto err;
254 break;
255
256 default:
257 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
258 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
259 goto err;
260
261 }
262
263 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
264 goto merr;
265
266 return ri;
267
268 merr:
269 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
270 err:
271 M_ASN1_free_of(ri, CMS_RecipientInfo);
272 return NULL;
273
274 }
275
276 int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
277 EVP_PKEY **pk, X509 **recip,
278 X509_ALGOR **palg)
279 {
280 CMS_KeyTransRecipientInfo *ktri;
281 if (ri->type != CMS_RECIPINFO_TRANS) {
282 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
283 CMS_R_NOT_KEY_TRANSPORT);
284 return 0;
285 }
286
287 ktri = ri->d.ktri;
288
289 if (pk)
290 *pk = ktri->pkey;
291 if (recip)
292 *recip = ktri->recip;
293 if (palg)
294 *palg = ktri->keyEncryptionAlgorithm;
295 return 1;
296 }
297
298 int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
299 ASN1_OCTET_STRING **keyid,
300 X509_NAME **issuer,
301 ASN1_INTEGER **sno)
302 {
303 CMS_KeyTransRecipientInfo *ktri;
304 if (ri->type != CMS_RECIPINFO_TRANS) {
305 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
306 CMS_R_NOT_KEY_TRANSPORT);
307 return 0;
308 }
309 ktri = ri->d.ktri;
310
311 return cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer, sno);
312 }
313
314 int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
315 {
316 if (ri->type != CMS_RECIPINFO_TRANS) {
317 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
318 CMS_R_NOT_KEY_TRANSPORT);
319 return -2;
320 }
321 return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
322 }
323
324 int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
325 {
326 if (ri->type != CMS_RECIPINFO_TRANS) {
327 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT);
328 return 0;
329 }
330 ri->d.ktri->pkey = pkey;
331 return 1;
332 }
333
334 /* Encrypt content key in key transport recipient info */
335
336 static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
337 CMS_RecipientInfo *ri)
338 {
339 CMS_KeyTransRecipientInfo *ktri;
340 CMS_EncryptedContentInfo *ec;
341 EVP_PKEY_CTX *pctx;
342 unsigned char *ek = NULL;
343 size_t eklen;
344
345 int ret = 0;
346
347 if (ri->type != CMS_RECIPINFO_TRANS) {
348 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_NOT_KEY_TRANSPORT);
349 return 0;
350 }
351 ktri = ri->d.ktri;
352 ec = cms->d.envelopedData->encryptedContentInfo;
353
354 pctx = ktri->pctx;
355
356 if (pctx) {
357 if (!cms_env_asn1_ctrl(ri, 0))
358 goto err;
359 } else {
360 pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
361 if (pctx == NULL)
362 return 0;
363
364 if (EVP_PKEY_encrypt_init(pctx) <= 0)
365 goto err;
366 }
367
368 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
369 EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) {
370 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR);
371 goto err;
372 }
373
374 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
375 goto err;
376
377 ek = OPENSSL_malloc(eklen);
378
379 if (ek == NULL) {
380 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
381 goto err;
382 }
383
384 if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
385 goto err;
386
387 ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
388 ek = NULL;
389
390 ret = 1;
391
392 err:
393 EVP_PKEY_CTX_free(pctx);
394 ktri->pctx = NULL;
395 OPENSSL_free(ek);
396 return ret;
397
398 }
399
400 /* Decrypt content key from KTRI */
401
402 static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
403 CMS_RecipientInfo *ri)
404 {
405 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
406 EVP_PKEY *pkey = ktri->pkey;
407 unsigned char *ek = NULL;
408 size_t eklen;
409 int ret = 0;
410 CMS_EncryptedContentInfo *ec;
411 ec = cms->d.envelopedData->encryptedContentInfo;
412
413 if (ktri->pkey == NULL) {
414 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_NO_PRIVATE_KEY);
415 return 0;
416 }
417
418 ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL);
419 if (ktri->pctx == NULL)
420 return 0;
421
422 if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0)
423 goto err;
424
425 if (!cms_env_asn1_ctrl(ri, 1))
426 goto err;
427
428 if (EVP_PKEY_CTX_ctrl(ktri->pctx, -1, EVP_PKEY_OP_DECRYPT,
429 EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) {
430 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR);
431 goto err;
432 }
433
434 if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen,
435 ktri->encryptedKey->data,
436 ktri->encryptedKey->length) <= 0)
437 goto err;
438
439 ek = OPENSSL_malloc(eklen);
440
441 if (ek == NULL) {
442 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, ERR_R_MALLOC_FAILURE);
443 goto err;
444 }
445
446 if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen,
447 ktri->encryptedKey->data,
448 ktri->encryptedKey->length) <= 0) {
449 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
450 goto err;
451 }
452
453 ret = 1;
454
455 OPENSSL_clear_free(ec->key, ec->keylen);
456 ec->key = ek;
457 ec->keylen = eklen;
458
459 err:
460 EVP_PKEY_CTX_free(ktri->pctx);
461 ktri->pctx = NULL;
462 if (!ret)
463 OPENSSL_free(ek);
464
465 return ret;
466 }
467
468 /* Key Encrypted Key (KEK) RecipientInfo routines */
469
470 int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
471 const unsigned char *id, size_t idlen)
472 {
473 ASN1_OCTET_STRING tmp_os;
474 CMS_KEKRecipientInfo *kekri;
475 if (ri->type != CMS_RECIPINFO_KEK) {
476 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK);
477 return -2;
478 }
479 kekri = ri->d.kekri;
480 tmp_os.type = V_ASN1_OCTET_STRING;
481 tmp_os.flags = 0;
482 tmp_os.data = (unsigned char *)id;
483 tmp_os.length = (int)idlen;
484 return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
485 }
486
487 /* For now hard code AES key wrap info */
488
489 static size_t aes_wrap_keylen(int nid)
490 {
491 switch (nid) {
492 case NID_id_aes128_wrap:
493 return 16;
494
495 case NID_id_aes192_wrap:
496 return 24;
497
498 case NID_id_aes256_wrap:
499 return 32;
500
501 default:
502 return 0;
503 }
504 }
505
506 CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
507 unsigned char *key, size_t keylen,
508 unsigned char *id, size_t idlen,
509 ASN1_GENERALIZEDTIME *date,
510 ASN1_OBJECT *otherTypeId,
511 ASN1_TYPE *otherType)
512 {
513 CMS_RecipientInfo *ri = NULL;
514 CMS_EnvelopedData *env;
515 CMS_KEKRecipientInfo *kekri;
516 env = cms_get0_enveloped(cms);
517 if (!env)
518 goto err;
519
520 if (nid == NID_undef) {
521 switch (keylen) {
522 case 16:
523 nid = NID_id_aes128_wrap;
524 break;
525
526 case 24:
527 nid = NID_id_aes192_wrap;
528 break;
529
530 case 32:
531 nid = NID_id_aes256_wrap;
532 break;
533
534 default:
535 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, CMS_R_INVALID_KEY_LENGTH);
536 goto err;
537 }
538
539 } else {
540
541 size_t exp_keylen = aes_wrap_keylen(nid);
542
543 if (!exp_keylen) {
544 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
545 CMS_R_UNSUPPORTED_KEK_ALGORITHM);
546 goto err;
547 }
548
549 if (keylen != exp_keylen) {
550 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, CMS_R_INVALID_KEY_LENGTH);
551 goto err;
552 }
553
554 }
555
556 /* Initialize recipient info */
557 ri = M_ASN1_new_of(CMS_RecipientInfo);
558 if (!ri)
559 goto merr;
560
561 ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
562 if (!ri->d.kekri)
563 goto merr;
564 ri->type = CMS_RECIPINFO_KEK;
565
566 kekri = ri->d.kekri;
567
568 if (otherTypeId) {
569 kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
570 if (kekri->kekid->other == NULL)
571 goto merr;
572 }
573
574 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
575 goto merr;
576
577 /* After this point no calls can fail */
578
579 kekri->version = 4;
580
581 kekri->key = key;
582 kekri->keylen = keylen;
583
584 ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
585
586 kekri->kekid->date = date;
587
588 if (kekri->kekid->other) {
589 kekri->kekid->other->keyAttrId = otherTypeId;
590 kekri->kekid->other->keyAttr = otherType;
591 }
592
593 X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
594 OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
595
596 return ri;
597
598 merr:
599 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
600 err:
601 M_ASN1_free_of(ri, CMS_RecipientInfo);
602 return NULL;
603
604 }
605
606 int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
607 X509_ALGOR **palg,
608 ASN1_OCTET_STRING **pid,
609 ASN1_GENERALIZEDTIME **pdate,
610 ASN1_OBJECT **potherid,
611 ASN1_TYPE **pothertype)
612 {
613 CMS_KEKIdentifier *rkid;
614 if (ri->type != CMS_RECIPINFO_KEK) {
615 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
616 return 0;
617 }
618 rkid = ri->d.kekri->kekid;
619 if (palg)
620 *palg = ri->d.kekri->keyEncryptionAlgorithm;
621 if (pid)
622 *pid = rkid->keyIdentifier;
623 if (pdate)
624 *pdate = rkid->date;
625 if (potherid) {
626 if (rkid->other)
627 *potherid = rkid->other->keyAttrId;
628 else
629 *potherid = NULL;
630 }
631 if (pothertype) {
632 if (rkid->other)
633 *pothertype = rkid->other->keyAttr;
634 else
635 *pothertype = NULL;
636 }
637 return 1;
638 }
639
640 int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
641 unsigned char *key, size_t keylen)
642 {
643 CMS_KEKRecipientInfo *kekri;
644 if (ri->type != CMS_RECIPINFO_KEK) {
645 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK);
646 return 0;
647 }
648
649 kekri = ri->d.kekri;
650 kekri->key = key;
651 kekri->keylen = keylen;
652 return 1;
653 }
654
655 /* Encrypt content key in KEK recipient info */
656
657 static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
658 CMS_RecipientInfo *ri)
659 {
660 CMS_EncryptedContentInfo *ec;
661 CMS_KEKRecipientInfo *kekri;
662 AES_KEY actx;
663 unsigned char *wkey = NULL;
664 int wkeylen;
665 int r = 0;
666
667 ec = cms->d.envelopedData->encryptedContentInfo;
668
669 kekri = ri->d.kekri;
670
671 if (!kekri->key) {
672 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY);
673 return 0;
674 }
675
676 if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
677 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
678 CMS_R_ERROR_SETTING_KEY);
679 goto err;
680 }
681
682 wkey = OPENSSL_malloc(ec->keylen + 8);
683
684 if (wkey == NULL) {
685 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
686 goto err;
687 }
688
689 wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
690
691 if (wkeylen <= 0) {
692 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
693 goto err;
694 }
695
696 ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
697
698 r = 1;
699
700 err:
701
702 if (!r)
703 OPENSSL_free(wkey);
704 OPENSSL_cleanse(&actx, sizeof(actx));
705
706 return r;
707
708 }
709
710 /* Decrypt content key in KEK recipient info */
711
712 static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
713 CMS_RecipientInfo *ri)
714 {
715 CMS_EncryptedContentInfo *ec;
716 CMS_KEKRecipientInfo *kekri;
717 AES_KEY actx;
718 unsigned char *ukey = NULL;
719 int ukeylen;
720 int r = 0, wrap_nid;
721
722 ec = cms->d.envelopedData->encryptedContentInfo;
723
724 kekri = ri->d.kekri;
725
726 if (!kekri->key) {
727 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY);
728 return 0;
729 }
730
731 wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
732 if (aes_wrap_keylen(wrap_nid) != kekri->keylen) {
733 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
734 CMS_R_INVALID_KEY_LENGTH);
735 return 0;
736 }
737
738 /* If encrypted key length is invalid don't bother */
739
740 if (kekri->encryptedKey->length < 16) {
741 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
742 CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
743 goto err;
744 }
745
746 if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
747 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
748 CMS_R_ERROR_SETTING_KEY);
749 goto err;
750 }
751
752 ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
753
754 if (ukey == NULL) {
755 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, ERR_R_MALLOC_FAILURE);
756 goto err;
757 }
758
759 ukeylen = AES_unwrap_key(&actx, NULL, ukey,
760 kekri->encryptedKey->data,
761 kekri->encryptedKey->length);
762
763 if (ukeylen <= 0) {
764 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_UNWRAP_ERROR);
765 goto err;
766 }
767
768 ec->key = ukey;
769 ec->keylen = ukeylen;
770
771 r = 1;
772
773 err:
774
775 if (!r)
776 OPENSSL_free(ukey);
777 OPENSSL_cleanse(&actx, sizeof(actx));
778
779 return r;
780
781 }
782
783 int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
784 {
785 switch (ri->type) {
786 case CMS_RECIPINFO_TRANS:
787 return cms_RecipientInfo_ktri_decrypt(cms, ri);
788
789 case CMS_RECIPINFO_KEK:
790 return cms_RecipientInfo_kekri_decrypt(cms, ri);
791
792 case CMS_RECIPINFO_PASS:
793 return cms_RecipientInfo_pwri_crypt(cms, ri, 0);
794
795 default:
796 CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
797 CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
798 return 0;
799 }
800 }
801
802 int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
803 {
804 switch (ri->type) {
805 case CMS_RECIPINFO_TRANS:
806 return cms_RecipientInfo_ktri_encrypt(cms, ri);
807
808 case CMS_RECIPINFO_AGREE:
809 return cms_RecipientInfo_kari_encrypt(cms, ri);
810
811 case CMS_RECIPINFO_KEK:
812 return cms_RecipientInfo_kekri_encrypt(cms, ri);
813
814 case CMS_RECIPINFO_PASS:
815 return cms_RecipientInfo_pwri_crypt(cms, ri, 1);
816
817 default:
818 CMSerr(CMS_F_CMS_RECIPIENTINFO_ENCRYPT,
819 CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
820 return 0;
821 }
822 }
823
824 /* Check structures and fixup version numbers (if necessary) */
825
826 static void cms_env_set_originfo_version(CMS_EnvelopedData *env)
827 {
828 CMS_OriginatorInfo *org = env->originatorInfo;
829 int i;
830 if (org == NULL)
831 return;
832 for (i = 0; i < sk_CMS_CertificateChoices_num(org->certificates); i++) {
833 CMS_CertificateChoices *cch;
834 cch = sk_CMS_CertificateChoices_value(org->certificates, i);
835 if (cch->type == CMS_CERTCHOICE_OTHER) {
836 env->version = 4;
837 return;
838 } else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
839 if (env->version < 3)
840 env->version = 3;
841 }
842 }
843
844 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(org->crls); i++) {
845 CMS_RevocationInfoChoice *rch;
846 rch = sk_CMS_RevocationInfoChoice_value(org->crls, i);
847 if (rch->type == CMS_REVCHOICE_OTHER) {
848 env->version = 4;
849 return;
850 }
851 }
852 }
853
854 static void cms_env_set_version(CMS_EnvelopedData *env)
855 {
856 int i;
857 CMS_RecipientInfo *ri;
858
859 /*
860 * Can't set version higher than 4 so if 4 or more already nothing to do.
861 */
862 if (env->version >= 4)
863 return;
864
865 cms_env_set_originfo_version(env);
866
867 if (env->version >= 3)
868 return;
869
870 for (i = 0; i < sk_CMS_RecipientInfo_num(env->recipientInfos); i++) {
871 ri = sk_CMS_RecipientInfo_value(env->recipientInfos, i);
872 if (ri->type == CMS_RECIPINFO_PASS || ri->type == CMS_RECIPINFO_OTHER) {
873 env->version = 3;
874 return;
875 } else if (ri->type != CMS_RECIPINFO_TRANS
876 || ri->d.ktri->version != 0) {
877 env->version = 2;
878 }
879 }
880 if (env->version == 2)
881 return;
882 if (env->originatorInfo || env->unprotectedAttrs)
883 env->version = 2;
884 env->version = 0;
885 }
886
887 BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
888 {
889 CMS_EncryptedContentInfo *ec;
890 STACK_OF(CMS_RecipientInfo) *rinfos;
891 CMS_RecipientInfo *ri;
892 int i, ok = 0;
893 BIO *ret;
894
895 /* Get BIO first to set up key */
896
897 ec = cms->d.envelopedData->encryptedContentInfo;
898 ret = cms_EncryptedContent_init_bio(ec);
899
900 /* If error or no cipher end of processing */
901
902 if (!ret || !ec->cipher)
903 return ret;
904
905 /* Now encrypt content key according to each RecipientInfo type */
906
907 rinfos = cms->d.envelopedData->recipientInfos;
908
909 for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) {
910 ri = sk_CMS_RecipientInfo_value(rinfos, i);
911 if (CMS_RecipientInfo_encrypt(cms, ri) <= 0) {
912 CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
913 CMS_R_ERROR_SETTING_RECIPIENTINFO);
914 goto err;
915 }
916 }
917 cms_env_set_version(cms->d.envelopedData);
918
919 ok = 1;
920
921 err:
922 ec->cipher = NULL;
923 OPENSSL_clear_free(ec->key, ec->keylen);
924 ec->key = NULL;
925 ec->keylen = 0;
926 if (ok)
927 return ret;
928 BIO_free(ret);
929 return NULL;
930
931 }
932
933 /*
934 * Get RecipientInfo type (if any) supported by a key (public or private). To
935 * retain compatibility with previous behaviour if the ctrl value isn't
936 * supported we assume key transport.
937 */
938 int cms_pkey_get_ri_type(EVP_PKEY *pk)
939 {
940 if (pk->ameth && pk->ameth->pkey_ctrl) {
941 int i, r;
942 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_RI_TYPE, 0, &r);
943 if (i > 0)
944 return r;
945 }
946 return CMS_RECIPINFO_TRANS;
947 }
A mirror of the official openssl repository