]>
Commit | Line | Data |
---|---|---|
8931b30d DSH |
1 | /* crypto/cms/cms_env.c */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
3 | * project. | |
4 | */ | |
5 | /* ==================================================================== | |
6 | * Copyright (c) 2008 The OpenSSL Project. All rights reserved. | |
7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | |
11 | * | |
12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | |
14 | * | |
15 | * 2. Redistributions in binary form must reproduce the above copyright | |
16 | * notice, this list of conditions and the following disclaimer in | |
17 | * the documentation and/or other materials provided with the | |
18 | * distribution. | |
19 | * | |
20 | * 3. All advertising materials mentioning features or use of this | |
21 | * software must display the following acknowledgment: | |
22 | * "This product includes software developed by the OpenSSL Project | |
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
24 | * | |
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
26 | * endorse or promote products derived from this software without | |
27 | * prior written permission. For written permission, please contact | |
28 | * licensing@OpenSSL.org. | |
29 | * | |
30 | * 5. Products derived from this software may not be called "OpenSSL" | |
31 | * nor may "OpenSSL" appear in their names without prior written | |
32 | * permission of the OpenSSL Project. | |
33 | * | |
34 | * 6. Redistributions of any form whatsoever must retain the following | |
35 | * acknowledgment: | |
36 | * "This product includes software developed by the OpenSSL Project | |
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
38 | * | |
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
51 | * ==================================================================== | |
52 | */ | |
53 | ||
54 | #include "cryptlib.h" | |
55 | #include <openssl/asn1t.h> | |
56 | #include <openssl/pem.h> | |
57 | #include <openssl/x509v3.h> | |
58 | #include <openssl/err.h> | |
59 | #include <openssl/cms.h> | |
5c4436c9 | 60 | #include <openssl/rand.h> |
6e3bc4f0 | 61 | #include <openssl/aes.h> |
8931b30d DSH |
62 | #include "cms_lcl.h" |
63 | #include "asn1_locl.h" | |
64 | ||
65 | /* CMS EnvelopedData Utilities */ | |
66 | ||
67 | DECLARE_ASN1_ITEM(CMS_EnvelopedData) | |
8931b30d | 68 | DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo) |
c36e936b DSH |
69 | DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo) |
70 | DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute) | |
8931b30d | 71 | |
8931b30d DSH |
72 | DECLARE_STACK_OF(CMS_RecipientInfo) |
73 | ||
d2a53c22 | 74 | CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms) |
8931b30d DSH |
75 | { |
76 | if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) | |
77 | { | |
78 | CMSerr(CMS_F_CMS_GET0_ENVELOPED, | |
79 | CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); | |
80 | return NULL; | |
81 | } | |
82 | return cms->d.envelopedData; | |
83 | } | |
84 | ||
85 | static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms) | |
86 | { | |
87 | if (cms->d.other == NULL) | |
88 | { | |
89 | cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData); | |
90 | if (!cms->d.envelopedData) | |
91 | { | |
92 | CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT, | |
93 | ERR_R_MALLOC_FAILURE); | |
94 | return NULL; | |
95 | } | |
96 | cms->d.envelopedData->version = 0; | |
97 | cms->d.envelopedData->encryptedContentInfo->contentType = | |
98 | OBJ_nid2obj(NID_pkcs7_data); | |
99 | ASN1_OBJECT_free(cms->contentType); | |
100 | cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped); | |
101 | return cms->d.envelopedData; | |
102 | } | |
103 | return cms_get0_enveloped(cms); | |
104 | } | |
105 | ||
e365352d DSH |
106 | static int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd) |
107 | { | |
108 | EVP_PKEY *pkey = ri->d.ktri->pkey; | |
109 | int i; | |
110 | if (!pkey->ameth || !pkey->ameth->pkey_ctrl) | |
111 | return 1; | |
112 | i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri); | |
113 | if (i == -2) | |
114 | { | |
115 | CMSerr(CMS_F_CMS_ENV_ASN1_CTRL, | |
116 | CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); | |
117 | return 0; | |
118 | } | |
119 | if (i <= 0) | |
120 | { | |
121 | CMSerr(CMS_F_CMS_ENV_ASN1_CTRL, CMS_R_CTRL_FAILURE); | |
122 | return 0; | |
123 | } | |
124 | return 1; | |
125 | } | |
126 | ||
4f1aa191 DSH |
127 | STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms) |
128 | { | |
129 | CMS_EnvelopedData *env; | |
761ffa72 | 130 | env = cms_get0_enveloped(cms); |
4f1aa191 DSH |
131 | if (!env) |
132 | return NULL; | |
133 | return env->recipientInfos; | |
134 | } | |
135 | ||
136 | int CMS_RecipientInfo_type(CMS_RecipientInfo *ri) | |
137 | { | |
138 | return ri->type; | |
139 | } | |
140 | ||
e365352d DSH |
141 | EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri) |
142 | { | |
143 | if (ri->type == CMS_RECIPINFO_TRANS) | |
144 | return ri->d.ktri->pctx; | |
145 | return NULL; | |
146 | } | |
147 | ||
761ffa72 DSH |
148 | CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher) |
149 | { | |
150 | CMS_ContentInfo *cms; | |
151 | CMS_EnvelopedData *env; | |
152 | cms = CMS_ContentInfo_new(); | |
153 | if (!cms) | |
154 | goto merr; | |
155 | env = cms_enveloped_data_init(cms); | |
156 | if (!env) | |
157 | goto merr; | |
158 | if (!cms_EncryptedContent_init(env->encryptedContentInfo, | |
159 | cipher, NULL, 0)) | |
160 | goto merr; | |
161 | return cms; | |
162 | merr: | |
163 | if (cms) | |
164 | CMS_ContentInfo_free(cms); | |
165 | CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE); | |
166 | return NULL; | |
167 | } | |
168 | ||
ab124380 DSH |
169 | /* Key Transport Recipient Info (KTRI) routines */ |
170 | ||
8931b30d DSH |
171 | /* Add a recipient certificate. For now only handle key transport. |
172 | * If we ever handle key agreement will need updating. | |
173 | */ | |
ab124380 | 174 | |
8931b30d DSH |
175 | CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, |
176 | X509 *recip, unsigned int flags) | |
177 | { | |
178 | CMS_RecipientInfo *ri = NULL; | |
179 | CMS_KeyTransRecipientInfo *ktri; | |
180 | CMS_EnvelopedData *env; | |
181 | EVP_PKEY *pk = NULL; | |
e365352d | 182 | int type; |
761ffa72 | 183 | env = cms_get0_enveloped(cms); |
8931b30d DSH |
184 | if (!env) |
185 | goto err; | |
186 | ||
761ffa72 | 187 | /* Initialize recipient info */ |
8931b30d DSH |
188 | ri = M_ASN1_new_of(CMS_RecipientInfo); |
189 | if (!ri) | |
190 | goto merr; | |
191 | ||
761ffa72 | 192 | /* Initialize and add key transport recipient info */ |
8931b30d DSH |
193 | |
194 | ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo); | |
195 | if (!ri->d.ktri) | |
196 | goto merr; | |
197 | ri->type = CMS_RECIPINFO_TRANS; | |
198 | ||
199 | ktri = ri->d.ktri; | |
200 | ||
201 | X509_check_purpose(recip, -1, -1); | |
202 | pk = X509_get_pubkey(recip); | |
203 | if (!pk) | |
204 | { | |
205 | CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, | |
206 | CMS_R_ERROR_GETTING_PUBLIC_KEY); | |
207 | goto err; | |
208 | } | |
209 | CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509); | |
8931b30d DSH |
210 | ktri->pkey = pk; |
211 | ktri->recip = recip; | |
212 | ||
213 | if (flags & CMS_USE_KEYID) | |
214 | { | |
215 | ktri->version = 2; | |
216 | type = CMS_RECIPINFO_KEYIDENTIFIER; | |
217 | } | |
218 | else | |
219 | { | |
220 | ktri->version = 0; | |
221 | type = CMS_RECIPINFO_ISSUER_SERIAL; | |
222 | } | |
223 | ||
224 | /* Not a typo: RecipientIdentifier and SignerIdentifier are the | |
225 | * same structure. | |
226 | */ | |
227 | ||
228 | if (!cms_set1_SignerIdentifier(ktri->rid, recip, type)) | |
229 | goto err; | |
230 | ||
e365352d | 231 | if (flags & CMS_KEY_PARAM) |
8931b30d | 232 | { |
e365352d DSH |
233 | ktri->pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL); |
234 | if (!ktri->pctx) | |
235 | return 0; | |
236 | if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0) | |
8931b30d | 237 | goto err; |
8931b30d | 238 | } |
e365352d DSH |
239 | else if (!cms_env_asn1_ctrl(ri, 0)) |
240 | goto err; | |
8931b30d DSH |
241 | |
242 | if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) | |
243 | goto merr; | |
244 | ||
245 | return ri; | |
246 | ||
247 | merr: | |
248 | CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE); | |
249 | err: | |
250 | if (ri) | |
251 | M_ASN1_free_of(ri, CMS_RecipientInfo); | |
252 | return NULL; | |
253 | ||
254 | } | |
255 | ||
256 | int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, | |
257 | EVP_PKEY **pk, X509 **recip, | |
258 | X509_ALGOR **palg) | |
259 | { | |
260 | CMS_KeyTransRecipientInfo *ktri; | |
261 | if (ri->type != CMS_RECIPINFO_TRANS) | |
262 | { | |
263 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS, | |
264 | CMS_R_NOT_KEY_TRANSPORT); | |
265 | return 0; | |
266 | } | |
267 | ||
268 | ktri = ri->d.ktri; | |
269 | ||
270 | if (pk) | |
271 | *pk = ktri->pkey; | |
272 | if (recip) | |
273 | *recip = ktri->recip; | |
274 | if (palg) | |
275 | *palg = ktri->keyEncryptionAlgorithm; | |
276 | return 1; | |
277 | } | |
278 | ||
279 | int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, | |
280 | ASN1_OCTET_STRING **keyid, | |
281 | X509_NAME **issuer, ASN1_INTEGER **sno) | |
282 | { | |
283 | CMS_KeyTransRecipientInfo *ktri; | |
284 | if (ri->type != CMS_RECIPINFO_TRANS) | |
285 | { | |
286 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID, | |
287 | CMS_R_NOT_KEY_TRANSPORT); | |
288 | return 0; | |
289 | } | |
4f1aa191 | 290 | ktri = ri->d.ktri; |
8931b30d DSH |
291 | |
292 | return cms_SignerIdentifier_get0_signer_id(ktri->rid, | |
293 | keyid, issuer, sno); | |
294 | } | |
295 | ||
296 | int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert) | |
297 | { | |
8931b30d DSH |
298 | if (ri->type != CMS_RECIPINFO_TRANS) |
299 | { | |
300 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP, | |
301 | CMS_R_NOT_KEY_TRANSPORT); | |
4f1aa191 DSH |
302 | return -2; |
303 | } | |
4f1aa191 DSH |
304 | return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert); |
305 | } | |
306 | ||
6e3bc4f0 DSH |
307 | int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey) |
308 | { | |
309 | if (ri->type != CMS_RECIPINFO_TRANS) | |
310 | { | |
311 | CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, | |
312 | CMS_R_NOT_KEY_TRANSPORT); | |
313 | return 0; | |
314 | } | |
315 | ri->d.ktri->pkey = pkey; | |
316 | return 1; | |
317 | } | |
318 | ||
761ffa72 DSH |
319 | /* Encrypt content key in key transport recipient info */ |
320 | ||
321 | static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, | |
322 | CMS_RecipientInfo *ri) | |
323 | { | |
324 | CMS_KeyTransRecipientInfo *ktri; | |
325 | CMS_EncryptedContentInfo *ec; | |
e365352d | 326 | EVP_PKEY_CTX *pctx; |
761ffa72 DSH |
327 | unsigned char *ek = NULL; |
328 | size_t eklen; | |
329 | ||
330 | int ret = 0; | |
331 | ||
332 | if (ri->type != CMS_RECIPINFO_TRANS) | |
333 | { | |
334 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, | |
335 | CMS_R_NOT_KEY_TRANSPORT); | |
336 | return 0; | |
337 | } | |
338 | ktri = ri->d.ktri; | |
339 | ec = cms->d.envelopedData->encryptedContentInfo; | |
340 | ||
e365352d | 341 | pctx = ktri->pctx; |
761ffa72 | 342 | |
e365352d DSH |
343 | if (pctx) |
344 | { | |
345 | if (!cms_env_asn1_ctrl(ri, 0)) | |
346 | goto err; | |
347 | } | |
348 | else | |
349 | { | |
350 | pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL); | |
351 | if (!pctx) | |
352 | return 0; | |
353 | ||
354 | if (EVP_PKEY_encrypt_init(pctx) <= 0) | |
355 | goto err; | |
356 | } | |
761ffa72 DSH |
357 | |
358 | if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT, | |
359 | EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) | |
360 | { | |
361 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR); | |
362 | goto err; | |
363 | } | |
364 | ||
365 | if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0) | |
366 | goto err; | |
367 | ||
368 | ek = OPENSSL_malloc(eklen); | |
369 | ||
370 | if (ek == NULL) | |
371 | { | |
372 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, | |
373 | ERR_R_MALLOC_FAILURE); | |
374 | goto err; | |
375 | } | |
376 | ||
377 | if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0) | |
378 | goto err; | |
379 | ||
380 | ASN1_STRING_set0(ktri->encryptedKey, ek, eklen); | |
381 | ek = NULL; | |
382 | ||
383 | ret = 1; | |
384 | ||
385 | err: | |
386 | if (pctx) | |
e365352d | 387 | { |
761ffa72 | 388 | EVP_PKEY_CTX_free(pctx); |
e365352d DSH |
389 | ktri->pctx = NULL; |
390 | } | |
761ffa72 DSH |
391 | if (ek) |
392 | OPENSSL_free(ek); | |
393 | return ret; | |
394 | ||
395 | } | |
396 | ||
ab124380 DSH |
397 | /* Decrypt content key from KTRI */ |
398 | ||
6e3bc4f0 DSH |
399 | static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, |
400 | CMS_RecipientInfo *ri) | |
4f1aa191 | 401 | { |
6e3bc4f0 | 402 | CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; |
e365352d | 403 | EVP_PKEY *pkey = ktri->pkey; |
4f1aa191 DSH |
404 | unsigned char *ek = NULL; |
405 | size_t eklen; | |
f7e85c37 | 406 | int ret = 0; |
146b52ed DSH |
407 | CMS_EncryptedContentInfo *ec; |
408 | ec = cms->d.envelopedData->encryptedContentInfo; | |
4f1aa191 | 409 | |
6e3bc4f0 | 410 | if (ktri->pkey == NULL) |
4f1aa191 | 411 | { |
6e3bc4f0 DSH |
412 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, |
413 | CMS_R_NO_PRIVATE_KEY); | |
4f1aa191 DSH |
414 | return 0; |
415 | } | |
4f1aa191 | 416 | |
e365352d DSH |
417 | ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL); |
418 | if (!ktri->pctx) | |
8931b30d | 419 | return 0; |
4f1aa191 | 420 | |
e365352d DSH |
421 | if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0) |
422 | goto err; | |
423 | ||
424 | if (!cms_env_asn1_ctrl(ri, 1)) | |
4f1aa191 DSH |
425 | goto err; |
426 | ||
e365352d | 427 | if (EVP_PKEY_CTX_ctrl(ktri->pctx, -1, EVP_PKEY_OP_DECRYPT, |
4f1aa191 DSH |
428 | EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) |
429 | { | |
6e3bc4f0 | 430 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR); |
4f1aa191 | 431 | goto err; |
8931b30d DSH |
432 | } |
433 | ||
e365352d | 434 | if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen, |
4f1aa191 DSH |
435 | ktri->encryptedKey->data, |
436 | ktri->encryptedKey->length) <= 0) | |
437 | goto err; | |
438 | ||
439 | ek = OPENSSL_malloc(eklen); | |
440 | ||
441 | if (ek == NULL) | |
442 | { | |
6e3bc4f0 DSH |
443 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, |
444 | ERR_R_MALLOC_FAILURE); | |
4f1aa191 DSH |
445 | goto err; |
446 | } | |
447 | ||
e365352d | 448 | if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen, |
4f1aa191 DSH |
449 | ktri->encryptedKey->data, |
450 | ktri->encryptedKey->length) <= 0) | |
451 | { | |
6e3bc4f0 | 452 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB); |
4f1aa191 DSH |
453 | goto err; |
454 | } | |
455 | ||
456 | ret = 1; | |
457 | ||
146b52ed DSH |
458 | if (ec->key) |
459 | { | |
460 | OPENSSL_cleanse(ec->key, ec->keylen); | |
461 | OPENSSL_free(ec->key); | |
462 | } | |
463 | ||
464 | ec->key = ek; | |
465 | ec->keylen = eklen; | |
4f1aa191 DSH |
466 | |
467 | err: | |
e365352d DSH |
468 | if (ktri->pctx) |
469 | { | |
470 | EVP_PKEY_CTX_free(ktri->pctx); | |
471 | ktri->pctx = NULL; | |
472 | } | |
4f1aa191 DSH |
473 | if (!ret && ek) |
474 | OPENSSL_free(ek); | |
475 | ||
476 | return ret; | |
477 | } | |
478 | ||
ab124380 DSH |
479 | /* Key Encrypted Key (KEK) RecipientInfo routines */ |
480 | ||
eeb9cdfc DSH |
481 | int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, |
482 | const unsigned char *id, size_t idlen) | |
483 | { | |
484 | ASN1_OCTET_STRING tmp_os; | |
485 | CMS_KEKRecipientInfo *kekri; | |
486 | if (ri->type != CMS_RECIPINFO_KEK) | |
487 | { | |
488 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK); | |
489 | return -2; | |
490 | } | |
491 | kekri = ri->d.kekri; | |
492 | tmp_os.type = V_ASN1_OCTET_STRING; | |
493 | tmp_os.flags = 0; | |
494 | tmp_os.data = (unsigned char *)id; | |
495 | tmp_os.length = (int)idlen; | |
496 | return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier); | |
497 | } | |
498 | ||
ab124380 DSH |
499 | /* For now hard code AES key wrap info */ |
500 | ||
501 | static size_t aes_wrap_keylen(int nid) | |
502 | { | |
503 | switch (nid) | |
504 | { | |
505 | case NID_id_aes128_wrap: | |
506 | return 16; | |
507 | ||
508 | case NID_id_aes192_wrap: | |
509 | return 24; | |
510 | ||
511 | case NID_id_aes256_wrap: | |
512 | return 32; | |
513 | ||
514 | default: | |
515 | return 0; | |
516 | } | |
517 | } | |
518 | ||
519 | CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, | |
520 | unsigned char *key, size_t keylen, | |
521 | unsigned char *id, size_t idlen, | |
522 | ASN1_GENERALIZEDTIME *date, | |
523 | ASN1_OBJECT *otherTypeId, | |
524 | ASN1_TYPE *otherType) | |
525 | { | |
526 | CMS_RecipientInfo *ri = NULL; | |
527 | CMS_EnvelopedData *env; | |
528 | CMS_KEKRecipientInfo *kekri; | |
529 | env = cms_get0_enveloped(cms); | |
530 | if (!env) | |
531 | goto err; | |
532 | ||
533 | if (nid == NID_undef) | |
534 | { | |
535 | switch (keylen) | |
536 | { | |
537 | case 16: | |
538 | nid = NID_id_aes128_wrap; | |
539 | break; | |
540 | ||
541 | case 24: | |
542 | nid = NID_id_aes192_wrap; | |
543 | break; | |
544 | ||
545 | case 32: | |
546 | nid = NID_id_aes256_wrap; | |
547 | break; | |
548 | ||
549 | default: | |
550 | CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, | |
551 | CMS_R_INVALID_KEY_LENGTH); | |
552 | goto err; | |
553 | } | |
554 | ||
555 | } | |
556 | else | |
557 | { | |
558 | ||
559 | size_t exp_keylen = aes_wrap_keylen(nid); | |
560 | ||
561 | if (!exp_keylen) | |
562 | { | |
563 | CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, | |
564 | CMS_R_UNSUPPORTED_KEK_ALGORITHM); | |
565 | goto err; | |
566 | } | |
567 | ||
568 | if (keylen != exp_keylen) | |
569 | { | |
570 | CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, | |
571 | CMS_R_INVALID_KEY_LENGTH); | |
572 | goto err; | |
573 | } | |
574 | ||
575 | } | |
576 | ||
577 | /* Initialize recipient info */ | |
578 | ri = M_ASN1_new_of(CMS_RecipientInfo); | |
579 | if (!ri) | |
580 | goto merr; | |
581 | ||
582 | ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo); | |
583 | if (!ri->d.kekri) | |
584 | goto merr; | |
585 | ri->type = CMS_RECIPINFO_KEK; | |
586 | ||
587 | kekri = ri->d.kekri; | |
588 | ||
589 | if (otherTypeId) | |
590 | { | |
591 | kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute); | |
592 | if (kekri->kekid->other == NULL) | |
593 | goto merr; | |
594 | } | |
595 | ||
596 | if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) | |
597 | goto merr; | |
598 | ||
599 | ||
600 | /* After this point no calls can fail */ | |
601 | ||
602 | kekri->version = 4; | |
603 | ||
604 | kekri->key = key; | |
605 | kekri->keylen = keylen; | |
606 | ||
607 | ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen); | |
608 | ||
609 | kekri->kekid->date = date; | |
610 | ||
611 | if (kekri->kekid->other) | |
612 | { | |
613 | kekri->kekid->other->keyAttrId = otherTypeId; | |
614 | kekri->kekid->other->keyAttr = otherType; | |
615 | } | |
616 | ||
617 | X509_ALGOR_set0(kekri->keyEncryptionAlgorithm, | |
618 | OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL); | |
619 | ||
620 | return ri; | |
621 | ||
622 | merr: | |
623 | CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE); | |
624 | err: | |
625 | if (ri) | |
626 | M_ASN1_free_of(ri, CMS_RecipientInfo); | |
627 | return NULL; | |
628 | ||
629 | } | |
630 | ||
631 | int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, | |
632 | X509_ALGOR **palg, | |
633 | ASN1_OCTET_STRING **pid, | |
634 | ASN1_GENERALIZEDTIME **pdate, | |
635 | ASN1_OBJECT **potherid, | |
636 | ASN1_TYPE **pothertype) | |
637 | { | |
638 | CMS_KEKIdentifier *rkid; | |
639 | if (ri->type != CMS_RECIPINFO_KEK) | |
640 | { | |
641 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK); | |
642 | return 0; | |
643 | } | |
644 | rkid = ri->d.kekri->kekid; | |
645 | if (palg) | |
646 | *palg = ri->d.kekri->keyEncryptionAlgorithm; | |
647 | if (pid) | |
648 | *pid = rkid->keyIdentifier; | |
649 | if (pdate) | |
650 | *pdate = rkid->date; | |
651 | if (potherid) | |
652 | { | |
653 | if (rkid->other) | |
654 | *potherid = rkid->other->keyAttrId; | |
655 | else | |
656 | *potherid = NULL; | |
657 | } | |
658 | if (pothertype) | |
659 | { | |
660 | if (rkid->other) | |
661 | *pothertype = rkid->other->keyAttr; | |
662 | else | |
663 | *pothertype = NULL; | |
664 | } | |
665 | return 1; | |
666 | } | |
ab124380 DSH |
667 | |
668 | int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, | |
669 | unsigned char *key, size_t keylen) | |
670 | { | |
671 | CMS_KEKRecipientInfo *kekri; | |
ab124380 DSH |
672 | if (ri->type != CMS_RECIPINFO_KEK) |
673 | { | |
674 | CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK); | |
675 | return 0; | |
676 | } | |
eeb9cdfc | 677 | |
ab124380 | 678 | kekri = ri->d.kekri; |
ab124380 DSH |
679 | kekri->key = key; |
680 | kekri->keylen = keylen; | |
681 | return 1; | |
682 | } | |
683 | ||
6e3bc4f0 DSH |
684 | |
685 | /* Encrypt content key in KEK recipient info */ | |
686 | ||
687 | static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms, | |
688 | CMS_RecipientInfo *ri) | |
689 | { | |
690 | CMS_EncryptedContentInfo *ec; | |
691 | CMS_KEKRecipientInfo *kekri; | |
692 | AES_KEY actx; | |
693 | unsigned char *wkey = NULL; | |
694 | int wkeylen; | |
695 | int r = 0; | |
696 | ||
697 | ec = cms->d.envelopedData->encryptedContentInfo; | |
698 | ||
699 | kekri = ri->d.kekri; | |
700 | ||
701 | if (!kekri->key) | |
702 | { | |
703 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY); | |
704 | return 0; | |
705 | } | |
706 | ||
707 | if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx)) | |
708 | { | |
709 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, | |
710 | CMS_R_ERROR_SETTING_KEY); | |
711 | goto err; | |
712 | } | |
713 | ||
714 | wkey = OPENSSL_malloc(ec->keylen + 8); | |
715 | ||
716 | if (!wkey) | |
717 | { | |
718 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, | |
719 | ERR_R_MALLOC_FAILURE); | |
720 | goto err; | |
721 | } | |
722 | ||
723 | wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen); | |
724 | ||
725 | if (wkeylen <= 0) | |
726 | { | |
727 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR); | |
728 | goto err; | |
729 | } | |
730 | ||
731 | ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen); | |
732 | ||
733 | r = 1; | |
734 | ||
735 | err: | |
736 | ||
737 | if (!r && wkey) | |
738 | OPENSSL_free(wkey); | |
739 | OPENSSL_cleanse(&actx, sizeof(actx)); | |
740 | ||
741 | return r; | |
742 | ||
743 | } | |
744 | ||
ab124380 DSH |
745 | /* Decrypt content key in KEK recipient info */ |
746 | ||
6e3bc4f0 DSH |
747 | static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, |
748 | CMS_RecipientInfo *ri) | |
749 | { | |
750 | CMS_EncryptedContentInfo *ec; | |
751 | CMS_KEKRecipientInfo *kekri; | |
752 | AES_KEY actx; | |
753 | unsigned char *ukey = NULL; | |
754 | int ukeylen; | |
eeb9cdfc | 755 | int r = 0, wrap_nid; |
6e3bc4f0 DSH |
756 | |
757 | ec = cms->d.envelopedData->encryptedContentInfo; | |
758 | ||
759 | kekri = ri->d.kekri; | |
760 | ||
761 | if (!kekri->key) | |
762 | { | |
763 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY); | |
764 | return 0; | |
765 | } | |
766 | ||
eeb9cdfc DSH |
767 | wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm); |
768 | if (aes_wrap_keylen(wrap_nid) != kekri->keylen) | |
769 | { | |
770 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, | |
771 | CMS_R_INVALID_KEY_LENGTH); | |
772 | return 0; | |
773 | } | |
774 | ||
6e3bc4f0 DSH |
775 | /* If encrypted key length is invalid don't bother */ |
776 | ||
777 | if (kekri->encryptedKey->length < 16) | |
778 | { | |
779 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, | |
780 | CMS_R_INVALID_ENCRYPTED_KEY_LENGTH); | |
781 | goto err; | |
782 | } | |
783 | ||
784 | if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx)) | |
785 | { | |
786 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, | |
787 | CMS_R_ERROR_SETTING_KEY); | |
788 | goto err; | |
789 | } | |
790 | ||
791 | ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8); | |
792 | ||
793 | if (!ukey) | |
794 | { | |
795 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, | |
796 | ERR_R_MALLOC_FAILURE); | |
797 | goto err; | |
798 | } | |
799 | ||
800 | ukeylen = AES_unwrap_key(&actx, NULL, ukey, | |
801 | kekri->encryptedKey->data, | |
802 | kekri->encryptedKey->length); | |
803 | ||
804 | if (ukeylen <= 0) | |
805 | { | |
806 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, | |
807 | CMS_R_UNWRAP_ERROR); | |
808 | goto err; | |
809 | } | |
810 | ||
811 | ec->key = ukey; | |
812 | ec->keylen = ukeylen; | |
813 | ||
814 | r = 1; | |
815 | ||
816 | err: | |
817 | ||
818 | if (!r && ukey) | |
819 | OPENSSL_free(ukey); | |
820 | OPENSSL_cleanse(&actx, sizeof(actx)); | |
821 | ||
822 | return r; | |
823 | ||
824 | } | |
825 | ||
826 | int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) | |
827 | { | |
828 | switch(ri->type) | |
829 | { | |
830 | case CMS_RECIPINFO_TRANS: | |
831 | return cms_RecipientInfo_ktri_decrypt(cms, ri); | |
832 | ||
833 | case CMS_RECIPINFO_KEK: | |
834 | return cms_RecipientInfo_kekri_decrypt(cms, ri); | |
835 | ||
d2a53c22 DSH |
836 | case CMS_RECIPINFO_PASS: |
837 | return cms_RecipientInfo_pwri_crypt(cms, ri, 0); | |
838 | ||
6e3bc4f0 DSH |
839 | default: |
840 | CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT, | |
841 | CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE); | |
842 | return 0; | |
843 | } | |
844 | } | |
845 | ||
e1f1d28f DSH |
846 | int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) |
847 | { | |
848 | switch (ri->type) | |
849 | { | |
850 | case CMS_RECIPINFO_TRANS: | |
851 | return cms_RecipientInfo_ktri_encrypt(cms, ri); | |
852 | ||
853 | case CMS_RECIPINFO_KEK: | |
854 | return cms_RecipientInfo_kekri_encrypt(cms, ri); | |
855 | break; | |
856 | ||
857 | case CMS_RECIPINFO_PASS: | |
858 | return cms_RecipientInfo_pwri_crypt(cms, ri, 1); | |
859 | break; | |
860 | ||
861 | default: | |
862 | CMSerr(CMS_F_CMS_RECIPIENTINFO_ENCRYPT, | |
863 | CMS_R_UNSUPPORTED_RECIPIENT_TYPE); | |
864 | return 0; | |
865 | } | |
866 | } | |
867 | ||
4f1aa191 DSH |
868 | BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms) |
869 | { | |
870 | CMS_EncryptedContentInfo *ec; | |
761ffa72 DSH |
871 | STACK_OF(CMS_RecipientInfo) *rinfos; |
872 | CMS_RecipientInfo *ri; | |
e1f1d28f | 873 | int i, ok = 0; |
761ffa72 DSH |
874 | BIO *ret; |
875 | ||
876 | /* Get BIO first to set up key */ | |
877 | ||
4f1aa191 | 878 | ec = cms->d.envelopedData->encryptedContentInfo; |
761ffa72 DSH |
879 | ret = cms_EncryptedContent_init_bio(ec); |
880 | ||
881 | /* If error or no cipher end of processing */ | |
882 | ||
883 | if (!ret || !ec->cipher) | |
884 | return ret; | |
885 | ||
ab124380 DSH |
886 | /* Now encrypt content key according to each RecipientInfo type */ |
887 | ||
761ffa72 DSH |
888 | rinfos = cms->d.envelopedData->recipientInfos; |
889 | ||
890 | for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) | |
891 | { | |
892 | ri = sk_CMS_RecipientInfo_value(rinfos, i); | |
e1f1d28f | 893 | if (CMS_RecipientInfo_encrypt(cms, ri) <= 0) |
761ffa72 DSH |
894 | { |
895 | CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO, | |
896 | CMS_R_ERROR_SETTING_RECIPIENTINFO); | |
897 | goto err; | |
898 | } | |
899 | } | |
900 | ||
901 | ok = 1; | |
902 | ||
903 | err: | |
904 | ec->cipher = NULL; | |
905 | if (ec->key) | |
906 | { | |
907 | OPENSSL_cleanse(ec->key, ec->keylen); | |
908 | OPENSSL_free(ec->key); | |
909 | ec->key = NULL; | |
910 | ec->keylen = 0; | |
911 | } | |
912 | if (ok) | |
913 | return ret; | |
914 | BIO_free(ret); | |
915 | return NULL; | |
916 | ||
8931b30d | 917 | } |