[thirdparty/openssl.git] / crypto / cms / cms_enc.c

/*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 */

#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/cms.h>
#include <openssl/rand.h>
#include "cms_lcl.h"

/* CMS EncryptedData Utilities */

/* Return BIO based on EncryptedContentInfo and key */

BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
{
    BIO *b;
    EVP_CIPHER_CTX *ctx;
    const EVP_CIPHER *ciph;
    X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
    unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
    unsigned char *tkey = NULL;
    size_t tkeylen = 0;

    int ok = 0;

    int enc, keep_key = 0;

    enc = ec->cipher ? 1 : 0;

    b = BIO_new(BIO_f_cipher());
    if (b == NULL) {
        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
        return NULL;
    }

    BIO_get_cipher_ctx(b, &ctx);

    if (enc) {
        ciph = ec->cipher;
        /*
         * If not keeping key set cipher to NULL so subsequent calls decrypt.
         */
        if (ec->key)
            ec->cipher = NULL;
    } else {
        ciph = EVP_get_cipherbyobj(calg->algorithm);

        if (!ciph) {
            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, CMS_R_UNKNOWN_CIPHER);
            goto err;
        }
    }

    if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0) {
        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
               CMS_R_CIPHER_INITIALISATION_ERROR);
        goto err;
    }

    if (enc) {
        int ivlen;
        calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
        /* Generate a random IV if we need one */
        ivlen = EVP_CIPHER_CTX_iv_length(ctx);
        if (ivlen > 0) {
            if (RAND_bytes(iv, ivlen) <= 0)
                goto err;
            piv = iv;
        }
    } else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0) {
        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
               CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
        goto err;
    }
    tkeylen = EVP_CIPHER_CTX_key_length(ctx);
    /* Generate random session key */
    if (!enc || !ec->key) {
        tkey = OPENSSL_malloc(tkeylen);
        if (tkey == NULL) {
            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
            goto err;
        }
        if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
            goto err;
    }

    if (!ec->key) {
        ec->key = tkey;
        ec->keylen = tkeylen;
        tkey = NULL;
        if (enc)
            keep_key = 1;
        else
            ERR_clear_error();

    }

    if (ec->keylen != tkeylen) {
        /* If necessary set key length */
        if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) {
            /*
             * Only reveal failure if debugging so we don't leak information
             * which may be useful in MMA.
             */
            if (enc || ec->debug) {
                CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
                       CMS_R_INVALID_KEY_LENGTH);
                goto err;
            } else {
                /* Use random key */
                OPENSSL_clear_free(ec->key, ec->keylen);
                ec->key = tkey;
                ec->keylen = tkeylen;
                tkey = NULL;
                ERR_clear_error();
            }
        }
    }

    if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0) {
        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
               CMS_R_CIPHER_INITIALISATION_ERROR);
        goto err;
    }
    if (enc) {
        calg->parameter = ASN1_TYPE_new();
        if (calg->parameter == NULL) {
            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
            goto err;
        }
        if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) {
            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
                   CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
            goto err;
        }
        /* If parameter type not set omit parameter */
        if (calg->parameter->type == V_ASN1_UNDEF) {
            ASN1_TYPE_free(calg->parameter);
            calg->parameter = NULL;
        }
    }
    ok = 1;

 err:
    if (!keep_key || !ok) {
        OPENSSL_clear_free(ec->key, ec->keylen);
        ec->key = NULL;
    }
    OPENSSL_clear_free(tkey, tkeylen);
    if (ok)
        return b;
    BIO_free(b);
    return NULL;
}

int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
                              const EVP_CIPHER *cipher,
                              const unsigned char *key, size_t keylen)
{
    ec->cipher = cipher;
    if (key) {
        ec->key = OPENSSL_malloc(keylen);
        if (ec->key == NULL)
            return 0;
        memcpy(ec->key, key, keylen);
    }
    ec->keylen = keylen;
    if (cipher)
        ec->contentType = OBJ_nid2obj(NID_pkcs7_data);
    return 1;
}

int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
                               const unsigned char *key, size_t keylen)
{
    CMS_EncryptedContentInfo *ec;
    if (!key || !keylen) {
        CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY);
        return 0;
    }
    if (ciph) {
        cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData);
        if (!cms->d.encryptedData) {
            CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, ERR_R_MALLOC_FAILURE);
            return 0;
        }
        cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted);
        cms->d.encryptedData->version = 0;
    } else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted) {
        CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NOT_ENCRYPTED_DATA);
        return 0;
    }
    ec = cms->d.encryptedData->encryptedContentInfo;
    return cms_EncryptedContent_init(ec, ciph, key, keylen);
}

BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
{
    CMS_EncryptedData *enc = cms->d.encryptedData;
    if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs)
        enc->version = 2;
    return cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
}
Commit	Line	Data
0f113f3e MC	1	/*
0f113f3e MC	2	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
5c4436c9 DSH	3	* project.
	4	*/
	5	/* ====================================================================
	6	* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
	7	*
	8	* Redistribution and use in source and binary forms, with or without
	9	* modification, are permitted provided that the following conditions
	10	* are met:
	11	*
	12	* 1. Redistributions of source code must retain the above copyright
0f113f3e	13	* notice, this list of conditions and the following disclaimer.
5c4436c9 DSH	14	*
	15	* 2. Redistributions in binary form must reproduce the above copyright
	16	* notice, this list of conditions and the following disclaimer in
	17	* the documentation and/or other materials provided with the
	18	* distribution.
	19	*
	20	* 3. All advertising materials mentioning features or use of this
	21	* software must display the following acknowledgment:
	22	* "This product includes software developed by the OpenSSL Project
	23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
	24	*
	25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	26	* endorse or promote products derived from this software without
	27	* prior written permission. For written permission, please contact
	28	* licensing@OpenSSL.org.
	29	*
	30	* 5. Products derived from this software may not be called "OpenSSL"
	31	* nor may "OpenSSL" appear in their names without prior written
	32	* permission of the OpenSSL Project.
	33	*
	34	* 6. Redistributions of any form whatsoever must retain the following
	35	* acknowledgment:
	36	* "This product includes software developed by the OpenSSL Project
	37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
	38	*
	39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	50	* OF THE POSSIBILITY OF SUCH DAMAGE.
	51	* ====================================================================
	52	*/
	53
b39fc560	54	#include "internal/cryptlib.h"
5c4436c9 DSH	55	#include <openssl/asn1t.h>
	56	#include <openssl/pem.h>
	57	#include <openssl/x509v3.h>
	58	#include <openssl/err.h>
	59	#include <openssl/cms.h>
	60	#include <openssl/rand.h>
	61	#include "cms_lcl.h"
5c4436c9 DSH	62
	63	/* CMS EncryptedData Utilities */
	64
320bfc1b DSH	65	/* Return BIO based on EncryptedContentInfo and key */
	66
	67	BIO cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo ec)
0f113f3e MC	68	{
	69	BIO *b;
	70	EVP_CIPHER_CTX *ctx;
	71	const EVP_CIPHER *ciph;
	72	X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
	73	unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
	74	unsigned char *tkey = NULL;
	75	size_t tkeylen = 0;
5c4436c9	76
0f113f3e	77	int ok = 0;
d9f5f07e	78
0f113f3e	79	int enc, keep_key = 0;
5c4436c9	80
0f113f3e	81	enc = ec->cipher ? 1 : 0;
5c4436c9	82
0f113f3e	83	b = BIO_new(BIO_f_cipher());
90945fa3	84	if (b == NULL) {
0f113f3e MC	85	CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
	86	return NULL;
	87	}
5c4436c9	88
0f113f3e	89	BIO_get_cipher_ctx(b, &ctx);
5c4436c9	90
0f113f3e MC	91	if (enc) {
	92	ciph = ec->cipher;
	93	/*
	94	* If not keeping key set cipher to NULL so subsequent calls decrypt.
	95	*/
	96	if (ec->key)
	97	ec->cipher = NULL;
	98	} else {
	99	ciph = EVP_get_cipherbyobj(calg->algorithm);
5c4436c9	100
0f113f3e MC	101	if (!ciph) {
	102	CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, CMS_R_UNKNOWN_CIPHER);
	103	goto err;
	104	}
	105	}
5c4436c9	106
0f113f3e MC	107	if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0) {
	108	CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
	109	CMS_R_CIPHER_INITIALISATION_ERROR);
	110	goto err;
	111	}
5c4436c9	112
0f113f3e MC	113	if (enc) {
	114	int ivlen;
	115	calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
	116	/* Generate a random IV if we need one */
	117	ivlen = EVP_CIPHER_CTX_iv_length(ctx);
	118	if (ivlen > 0) {
266483d2	119	if (RAND_bytes(iv, ivlen) <= 0)
0f113f3e MC	120	goto err;
	121	piv = iv;
	122	}
	123	} else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0) {
	124	CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
	125	CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
	126	goto err;
	127	}
	128	tkeylen = EVP_CIPHER_CTX_key_length(ctx);
	129	/* Generate random session key */
	130	if (!enc \|\| !ec->key) {
	131	tkey = OPENSSL_malloc(tkeylen);
90945fa3	132	if (tkey == NULL) {
0f113f3e MC	133	CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
	134	goto err;
	135	}
	136	if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
	137	goto err;
	138	}
146b52ed	139
0f113f3e MC	140	if (!ec->key) {
	141	ec->key = tkey;
	142	ec->keylen = tkeylen;
	143	tkey = NULL;
	144	if (enc)
	145	keep_key = 1;
	146	else
	147	ERR_clear_error();
146b52ed	148
0f113f3e	149	}
e540d1cd	150
0f113f3e MC	151	if (ec->keylen != tkeylen) {
	152	/* If necessary set key length */
	153	if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) {
	154	/*
	155	* Only reveal failure if debugging so we don't leak information
	156	* which may be useful in MMA.
	157	*/
	158	if (enc \|\| ec->debug) {
	159	CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
	160	CMS_R_INVALID_KEY_LENGTH);
	161	goto err;
	162	} else {
	163	/* Use random key */
4b45c6e5	164	OPENSSL_clear_free(ec->key, ec->keylen);
0f113f3e MC	165	ec->key = tkey;
	166	ec->keylen = tkeylen;
	167	tkey = NULL;
	168	ERR_clear_error();
	169	}
	170	}
	171	}
5c4436c9	172
0f113f3e MC	173	if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0) {
	174	CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
	175	CMS_R_CIPHER_INITIALISATION_ERROR);
	176	goto err;
	177	}
708cf5de DSH	178	if (enc) {
	179	calg->parameter = ASN1_TYPE_new();
	180	if (calg->parameter == NULL) {
	181	CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
	182	goto err;
	183	}
	184	if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) {
	185	CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
	186	CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
	187	goto err;
	188	}
	189	/* If parameter type not set omit parameter */
	190	if (calg->parameter->type == V_ASN1_UNDEF) {
	191	ASN1_TYPE_free(calg->parameter);
	192	calg->parameter = NULL;
	193	}
0f113f3e MC	194	}
0f113f3e MC	195	ok = 1;
5c4436c9	196
0f113f3e	197	err:
891eac46	198	if (!keep_key \|\| !ok) {
4b45c6e5	199	OPENSSL_clear_free(ec->key, ec->keylen);
0f113f3e MC	200	ec->key = NULL;
0f113f3e MC	201	}
4b45c6e5	202	OPENSSL_clear_free(tkey, tkeylen);
0f113f3e MC	203	if (ok)
	204	return b;
	205	BIO_free(b);
	206	return NULL;
	207	}
	208
	209	int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
	210	const EVP_CIPHER *cipher,
	211	const unsigned char *key, size_t keylen)
	212	{
	213	ec->cipher = cipher;
	214	if (key) {
	215	ec->key = OPENSSL_malloc(keylen);
90945fa3	216	if (ec->key == NULL)
0f113f3e MC	217	return 0;
	218	memcpy(ec->key, key, keylen);
	219	}
	220	ec->keylen = keylen;
	221	if (cipher)
	222	ec->contentType = OBJ_nid2obj(NID_pkcs7_data);
	223	return 1;
	224	}
320bfc1b DSH	225
320bfc1b DSH	226	int CMS_EncryptedData_set1_key(CMS_ContentInfo cms, const EVP_CIPHER ciph,
0f113f3e MC	227	const unsigned char *key, size_t keylen)
	228	{
	229	CMS_EncryptedContentInfo *ec;
	230	if (!key \|\| !keylen) {
	231	CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY);
	232	return 0;
	233	}
	234	if (ciph) {
	235	cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData);
	236	if (!cms->d.encryptedData) {
	237	CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, ERR_R_MALLOC_FAILURE);
	238	return 0;
	239	}
	240	cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted);
	241	cms->d.encryptedData->version = 0;
	242	} else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted) {
	243	CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NOT_ENCRYPTED_DATA);
	244	return 0;
	245	}
	246	ec = cms->d.encryptedData->encryptedContentInfo;
	247	return cms_EncryptedContent_init(ec, ciph, key, keylen);
	248	}
320bfc1b DSH	249
320bfc1b DSH	250	BIO cms_EncryptedData_init_bio(CMS_ContentInfo cms)
0f113f3e MC	251	{
	252	CMS_EncryptedData *enc = cms->d.encryptedData;
	253	if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs)
	254	enc->version = 2;
	255	return cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
	256	}