]> git.ipfire.org Git - thirdparty/openssl.git/blame - crypto/cms/cms_env.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add "origin" field to EVP_CIPHER, EVP_MD
[thirdparty/openssl.git] / crypto / cms / cms_env.c
CommitLineData
0f113f3e 1/*
4333b89f 2 * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
8931b30d 3 *
08ddd302 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
b1322259
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8931b30d
DSH		 8 */
9
b39fc560 10#include "internal/cryptlib.h"
8931b30d
DSH		 11#include <openssl/asn1t.h>
12#include <openssl/pem.h>
13#include <openssl/x509v3.h>
14#include <openssl/err.h>
15#include <openssl/cms.h>
2852c672 16#include <openssl/evp.h>
25f2138b
DMSP		 17#include "crypto/asn1.h"
18#include "crypto/evp.h"
c1669f41
SL		 19#include "crypto/x509.h"
20#include "cms_local.h"
8931b30d
DSH		 21
22/* CMS EnvelopedData Utilities */
71434aed
DB		 23static void cms_env_set_version(CMS_EnvelopedData *env);
24
924663c3
JZ		 25#define CMS_ENVELOPED_STANDARD 1
26#define CMS_ENVELOPED_AUTH 2
27
28static int cms_get_enveloped_type(const CMS_ContentInfo *cms)
29{
30 int nid = OBJ_obj2nid(cms->contentType);
31
32 switch (nid) {
33 case NID_pkcs7_enveloped:
34 return CMS_ENVELOPED_STANDARD;
35
36 case NID_id_smime_ct_authEnvelopedData:
37 return CMS_ENVELOPED_AUTH;
38
39 default:
9311d0c4 40 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
924663c3
JZ		 41 return 0;
42 }
43}
44
53155f1c 45CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms)
0f113f3e
MC		 46{
47 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
9311d0c4 48 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
0f113f3e
MC		 49 return NULL;
50 }
51 return cms->d.envelopedData;
52}
8931b30d 53
53155f1c 54CMS_AuthEnvelopedData *ossl_cms_get0_auth_enveloped(CMS_ContentInfo *cms)
924663c3
JZ		 55{
56 if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_authEnvelopedData) {
9311d0c4 57 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
924663c3
JZ		 58 return NULL;
59 }
60 return cms->d.authEnvelopedData;
61}
62
8931b30d 63static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
0f113f3e
MC		 64{
65 if (cms->d.other == NULL) {
66 cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
924663c3 67 if (cms->d.envelopedData == NULL) {
9311d0c4 68 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
0f113f3e
MC		 69 return NULL;
70 }
71 cms->d.envelopedData->version = 0;
72 cms->d.envelopedData->encryptedContentInfo->contentType =
73 OBJ_nid2obj(NID_pkcs7_data);
74 ASN1_OBJECT_free(cms->contentType);
75 cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
76 return cms->d.envelopedData;
77 }
53155f1c 78 return ossl_cms_get0_enveloped(cms);
0f113f3e 79}
8931b30d 80
924663c3
JZ		 81static CMS_AuthEnvelopedData *
82cms_auth_enveloped_data_init(CMS_ContentInfo *cms)
83{
84 if (cms->d.other == NULL) {
85 cms->d.authEnvelopedData = M_ASN1_new_of(CMS_AuthEnvelopedData);
86 if (cms->d.authEnvelopedData == NULL) {
9311d0c4 87 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
924663c3
JZ		 88 return NULL;
89 }
90 /* Defined in RFC 5083 - Section 2.1. "AuthEnvelopedData Type" */
91 cms->d.authEnvelopedData->version = 0;
92 cms->d.authEnvelopedData->authEncryptedContentInfo->contentType =
93 OBJ_nid2obj(NID_pkcs7_data);
94 ASN1_OBJECT_free(cms->contentType);
95 cms->contentType = OBJ_nid2obj(NID_id_smime_ct_authEnvelopedData);
96 return cms->d.authEnvelopedData;
97 }
53155f1c 98 return ossl_cms_get0_auth_enveloped(cms);
924663c3
JZ		 99}
100
53155f1c 101int ossl_cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
0f113f3e
MC		 102{
103 EVP_PKEY *pkey;
104 int i;
105 if (ri->type == CMS_RECIPINFO_TRANS)
106 pkey = ri->d.ktri->pkey;
107 else if (ri->type == CMS_RECIPINFO_AGREE) {
108 EVP_PKEY_CTX *pctx = ri->d.kari->pctx;
12a765a5
RS		 109
110 if (pctx == NULL)
0f113f3e
MC		 111 return 0;
112 pkey = EVP_PKEY_CTX_get0_pkey(pctx);
12a765a5 113 if (pkey == NULL)
0f113f3e
MC		 114 return 0;
115 } else
116 return 0;
0b3a4ef2 117
f23e4a17 118 if (EVP_PKEY_is_a(pkey, "DHX") || EVP_PKEY_is_a(pkey, "DH"))
53155f1c 119 return ossl_cms_dh_envelope(ri, cmd);
c2403f36 120 else if (EVP_PKEY_is_a(pkey, "EC"))
53155f1c 121 return ossl_cms_ecdh_envelope(ri, cmd);
c2403f36 122 else if (EVP_PKEY_is_a(pkey, "RSA"))
53155f1c 123 return ossl_cms_rsa_envelope(ri, cmd);
0b3a4ef2
MC		 124
125 /* Something else? We'll give engines etc a chance to handle this */
12a765a5 126 if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL)
0f113f3e
MC		 127 return 1;
128 i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri);
129 if (i == -2) {
9311d0c4 130 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
0f113f3e
MC		 131 return 0;
132 }
133 if (i <= 0) {
9311d0c4 134 ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_FAILURE);
0f113f3e
MC		 135 return 0;
136 }
137 return 1;
138}
e365352d 139
53155f1c 140CMS_EncryptedContentInfo* ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms)
924663c3
JZ		 141{
142 switch (cms_get_enveloped_type(cms)) {
143 case CMS_ENVELOPED_STANDARD:
144 return cms->d.envelopedData->encryptedContentInfo;
145
146 case CMS_ENVELOPED_AUTH:
147 return cms->d.authEnvelopedData->authEncryptedContentInfo;
148
149 default:
150 return NULL;
151 }
152}
153
4f1aa191 154STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
0f113f3e 155{
924663c3
JZ		 156 switch (cms_get_enveloped_type(cms)) {
157 case CMS_ENVELOPED_STANDARD:
158 return cms->d.envelopedData->recipientInfos;
159
160 case CMS_ENVELOPED_AUTH:
161 return cms->d.authEnvelopedData->recipientInfos;
162
163 default:
0f113f3e 164 return NULL;
924663c3 165 }
0f113f3e 166}
4f1aa191 167
53155f1c 168void ossl_cms_RecipientInfos_set_cmsctx(CMS_ContentInfo *cms)
c1669f41
SL		 169{
170 int i;
171 CMS_RecipientInfo *ri;
53155f1c 172 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
c1669f41
SL		 173 STACK_OF(CMS_RecipientInfo) *rinfos = CMS_get0_RecipientInfos(cms);
174
175 for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) {
176 ri = sk_CMS_RecipientInfo_value(rinfos, i);
177 if (ri != NULL) {
178 switch (ri->type) {
179 case CMS_RECIPINFO_AGREE:
180 ri->d.kari->cms_ctx = ctx;
181 break;
182 case CMS_RECIPINFO_TRANS:
183 ri->d.ktri->cms_ctx = ctx;
4669015d
SL		 184 ossl_x509_set0_libctx(ri->d.ktri->recip,
185 ossl_cms_ctx_get0_libctx(ctx),
186 ossl_cms_ctx_get0_propq(ctx));
c1669f41
SL		 187 break;
188 case CMS_RECIPINFO_KEK:
189 ri->d.kekri->cms_ctx = ctx;
190 break;
191 case CMS_RECIPINFO_PASS:
192 ri->d.pwri->cms_ctx = ctx;
193 break;
194 default:
195 break;
196 }
197 }
198 }
199}
200
4f1aa191 201int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
0f113f3e
MC		 202{
203 return ri->type;
204}
4f1aa191 205
e365352d 206EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri)
0f113f3e
MC		 207{
208 if (ri->type == CMS_RECIPINFO_TRANS)
209 return ri->d.ktri->pctx;
210 else if (ri->type == CMS_RECIPINFO_AGREE)
211 return ri->d.kari->pctx;
212 return NULL;
213}
e365352d 214
d8652be0 215CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
b4250010 216 OSSL_LIB_CTX *libctx,
d8652be0 217 const char *propq)
0f113f3e
MC		 218{
219 CMS_ContentInfo *cms;
220 CMS_EnvelopedData *env;
c1669f41 221
d8652be0 222 cms = CMS_ContentInfo_new_ex(libctx, propq);
90945fa3 223 if (cms == NULL)
0f113f3e
MC		 224 goto merr;
225 env = cms_enveloped_data_init(cms);
90945fa3 226 if (env == NULL)
0f113f3e 227 goto merr;
c1669f41 228
53155f1c
SL		 229 if (!ossl_cms_EncryptedContent_init(env->encryptedContentInfo, cipher, NULL,
230 0, ossl_cms_get0_cmsctx(cms)))
0f113f3e
MC		 231 goto merr;
232 return cms;
233 merr:
25aaa98a 234 CMS_ContentInfo_free(cms);
9311d0c4 235 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
0f113f3e
MC		 236 return NULL;
237}
761ffa72 238
c1669f41
SL		 239CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
240{
d8652be0 241 return CMS_EnvelopedData_create_ex(cipher, NULL, NULL);
c1669f41
SL		 242}
243
924663c3 244CMS_ContentInfo *
b4250010 245CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
d8652be0 246 const char *propq)
71434aed 247{
924663c3
JZ		 248 CMS_ContentInfo *cms;
249 CMS_AuthEnvelopedData *aenv;
71434aed 250
d8652be0 251 cms = CMS_ContentInfo_new_ex(libctx, propq);
924663c3
JZ		 252 if (cms == NULL)
253 goto merr;
254 aenv = cms_auth_enveloped_data_init(cms);
255 if (aenv == NULL)
256 goto merr;
53155f1c
SL		 257 if (!ossl_cms_EncryptedContent_init(aenv->authEncryptedContentInfo,
258 cipher, NULL, 0,
259 ossl_cms_get0_cmsctx(cms)))
924663c3
JZ		 260 goto merr;
261 return cms;
262 merr:
263 CMS_ContentInfo_free(cms);
9311d0c4 264 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
924663c3
JZ		 265 return NULL;
266}
71434aed 267
71434aed 268
924663c3
JZ		 269CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher)
270{
d8652be0 271 return CMS_AuthEnvelopedData_create_ex(cipher, NULL, NULL);
71434aed
DB		 272}
273
ab124380
DSH		 274/* Key Transport Recipient Info (KTRI) routines */
275
17c2764d 276/* Initialise a ktri based on passed certificate and key */
ab124380 277
17c2764d 278static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
c1669f41
SL		 279 EVP_PKEY *pk, unsigned int flags,
280 const CMS_CTX *ctx)
0f113f3e
MC		 281{
282 CMS_KeyTransRecipientInfo *ktri;
283 int idtype;
284
285 ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
286 if (!ri->d.ktri)
287 return 0;
288 ri->type = CMS_RECIPINFO_TRANS;
289
290 ktri = ri->d.ktri;
c1669f41 291 ktri->cms_ctx = ctx;
0f113f3e
MC		 292
293 if (flags & CMS_USE_KEYID) {
294 ktri->version = 2;
295 idtype = CMS_RECIPINFO_KEYIDENTIFIER;
296 } else {
297 ktri->version = 0;
298 idtype = CMS_RECIPINFO_ISSUER_SERIAL;
299 }
300
301 /*
302 * Not a typo: RecipientIdentifier and SignerIdentifier are the same
303 * structure.
304 */
305
53155f1c 306 if (!ossl_cms_set1_SignerIdentifier(ktri->rid, recip, idtype, ctx))
0f113f3e
MC		 307 return 0;
308
05f0fb9f 309 X509_up_ref(recip);
03273d61
AG		 310 EVP_PKEY_up_ref(pk);
311
0f113f3e
MC		 312 ktri->pkey = pk;
313 ktri->recip = recip;
314
315 if (flags & CMS_KEY_PARAM) {
53155f1c 316 ktri->pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx),
84af8027 317 ktri->pkey,
53155f1c 318 ossl_cms_ctx_get0_propq(ctx));
90945fa3 319 if (ktri->pctx == NULL)
0f113f3e
MC		 320 return 0;
321 if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
322 return 0;
53155f1c 323 } else if (!ossl_cms_env_asn1_ctrl(ri, 0))
0f113f3e
MC		 324 return 0;
325 return 1;
326}
327
328/*
329 * Add a recipient certificate using appropriate type of RecipientInfo
17c2764d
DSH		 330 */
331
71434aed
DB		 332CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip,
333 EVP_PKEY *originatorPrivKey,
334 X509 *originator, unsigned int flags)
0f113f3e
MC		 335{
336 CMS_RecipientInfo *ri = NULL;
924663c3 337 STACK_OF(CMS_RecipientInfo) *ris;
0f113f3e 338 EVP_PKEY *pk = NULL;
53155f1c 339 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
c1669f41 340
924663c3
JZ		 341 ris = CMS_get0_RecipientInfos(cms);
342 if (ris == NULL)
0f113f3e
MC		 343 goto err;
344
345 /* Initialize recipient info */
346 ri = M_ASN1_new_of(CMS_RecipientInfo);
924663c3 347 if (ri == NULL)
0f113f3e
MC		 348 goto merr;
349
8382fd3a 350 pk = X509_get0_pubkey(recip);
12a765a5 351 if (pk == NULL) {
9311d0c4 352 ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_GETTING_PUBLIC_KEY);
0f113f3e
MC		 353 goto err;
354 }
355
53155f1c 356 switch (ossl_cms_pkey_get_ri_type(pk)) {
0f113f3e
MC		 357
358 case CMS_RECIPINFO_TRANS:
c1669f41 359 if (!cms_RecipientInfo_ktri_init(ri, recip, pk, flags, ctx))
0f113f3e
MC		 360 goto err;
361 break;
362
363 case CMS_RECIPINFO_AGREE:
53155f1c
SL		 364 if (!ossl_cms_RecipientInfo_kari_init(ri, recip, pk, originator,
365 originatorPrivKey, flags, ctx))
0f113f3e
MC		 366 goto err;
367 break;
368
369 default:
9311d0c4 370 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
0f113f3e
MC		 371 goto err;
372
373 }
374
924663c3 375 if (!sk_CMS_RecipientInfo_push(ris, ri))
0f113f3e
MC		 376 goto merr;
377
0f113f3e
MC		 378 return ri;
379
380 merr:
9311d0c4 381 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
0f113f3e 382 err:
2ace7450 383 M_ASN1_free_of(ri, CMS_RecipientInfo);
0f113f3e
MC		 384 return NULL;
385
386}
8931b30d 387
924663c3
JZ		 388CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip,
389 unsigned int flags)
71434aed
DB		 390{
391 return CMS_add1_recipient(cms, recip, NULL, NULL, flags);
392}
393
8931b30d 394int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
0f113f3e
MC		 395 EVP_PKEY **pk, X509 **recip,
396 X509_ALGOR **palg)
397{
398 CMS_KeyTransRecipientInfo *ktri;
399 if (ri->type != CMS_RECIPINFO_TRANS) {
9311d0c4 400 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
0f113f3e
MC		 401 return 0;
402 }
403
404 ktri = ri->d.ktri;
405
406 if (pk)
407 *pk = ktri->pkey;
408 if (recip)
409 *recip = ktri->recip;
410 if (palg)
411 *palg = ktri->keyEncryptionAlgorithm;
412 return 1;
413}
8931b30d
DSH		 414
415int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
0f113f3e
MC		 416 ASN1_OCTET_STRING **keyid,
417 X509_NAME **issuer,
418 ASN1_INTEGER **sno)
419{
420 CMS_KeyTransRecipientInfo *ktri;
421 if (ri->type != CMS_RECIPINFO_TRANS) {
9311d0c4 422 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
0f113f3e
MC		 423 return 0;
424 }
425 ktri = ri->d.ktri;
426
53155f1c
SL		 427 return ossl_cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer,
428 sno);
0f113f3e 429}
8931b30d
DSH		 430
431int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
0f113f3e
MC		 432{
433 if (ri->type != CMS_RECIPINFO_TRANS) {
9311d0c4 434 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
0f113f3e
MC		 435 return -2;
436 }
53155f1c 437 return ossl_cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
0f113f3e 438}
4f1aa191 439
6e3bc4f0 440int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
0f113f3e
MC		 441{
442 if (ri->type != CMS_RECIPINFO_TRANS) {
9311d0c4 443 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
0f113f3e
MC		 444 return 0;
445 }
3d551b20 446 EVP_PKEY_free(ri->d.ktri->pkey);
0f113f3e
MC		 447 ri->d.ktri->pkey = pkey;
448 return 1;
449}
6e3bc4f0 450
761ffa72
DSH		 451/* Encrypt content key in key transport recipient info */
452
9fdcc21f 453static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms,
0f113f3e
MC		 454 CMS_RecipientInfo *ri)
455{
456 CMS_KeyTransRecipientInfo *ktri;
457 CMS_EncryptedContentInfo *ec;
458 EVP_PKEY_CTX *pctx;
459 unsigned char *ek = NULL;
460 size_t eklen;
53155f1c 461 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
0f113f3e
MC		 462
463 int ret = 0;
464
465 if (ri->type != CMS_RECIPINFO_TRANS) {
9311d0c4 466 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
0f113f3e
MC		 467 return 0;
468 }
469 ktri = ri->d.ktri;
53155f1c 470 ec = ossl_cms_get0_env_enc_content(cms);
0f113f3e
MC		 471
472 pctx = ktri->pctx;
473
474 if (pctx) {
53155f1c 475 if (!ossl_cms_env_asn1_ctrl(ri, 0))
0f113f3e
MC		 476 goto err;
477 } else {
53155f1c
SL		 478 pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx),
479 ktri->pkey,
480 ossl_cms_ctx_get0_propq(ctx));
90945fa3 481 if (pctx == NULL)
0f113f3e
MC		 482 return 0;
483
484 if (EVP_PKEY_encrypt_init(pctx) <= 0)
485 goto err;
486 }
487
0f113f3e
MC		 488 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
489 goto err;
490
491 ek = OPENSSL_malloc(eklen);
492
493 if (ek == NULL) {
9311d0c4 494 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
0f113f3e
MC		 495 goto err;
496 }
497
498 if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
499 goto err;
500
501 ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
502 ek = NULL;
503
504 ret = 1;
505
506 err:
25aaa98a
RS		 507 EVP_PKEY_CTX_free(pctx);
508 ktri->pctx = NULL;
b548a1f1 509 OPENSSL_free(ek);
0f113f3e 510 return ret;
0f113f3e 511}
761ffa72 512
ab124380
DSH		 513/* Decrypt content key from KTRI */
514
6e3bc4f0 515static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
0f113f3e
MC		 516 CMS_RecipientInfo *ri)
517{
518 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
519 EVP_PKEY *pkey = ktri->pkey;
520 unsigned char *ek = NULL;
521 size_t eklen;
522 int ret = 0;
5840ed0c 523 size_t fixlen = 0;
1acb2e6f
SL		 524 const EVP_CIPHER *cipher = NULL;
525 EVP_CIPHER *fetched_cipher = NULL;
0f113f3e 526 CMS_EncryptedContentInfo *ec;
53155f1c
SL		 527 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
528 OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(ctx);
529 const char *propq = ossl_cms_ctx_get0_propq(ctx);
c1669f41 530
53155f1c 531 ec = ossl_cms_get0_env_enc_content(cms);
0f113f3e
MC		 532
533 if (ktri->pkey == NULL) {
9311d0c4 534 ERR_raise(ERR_LIB_CMS, CMS_R_NO_PRIVATE_KEY);
0f113f3e
MC		 535 return 0;
536 }
537
5840ed0c
BE		 538 if (cms->d.envelopedData->encryptedContentInfo->havenocert
539 && !cms->d.envelopedData->encryptedContentInfo->debug) {
540 X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
c1669f41 541 const char *name = OBJ_nid2sn(OBJ_obj2nid(calg->algorithm));
5840ed0c 542
1acb2e6f 543 (void)ERR_set_mark();
84af8027 544 fetched_cipher = EVP_CIPHER_fetch(libctx, name, propq);
1acb2e6f
SL		 545
546 if (fetched_cipher != NULL)
547 cipher = fetched_cipher;
548 else
549 cipher = EVP_get_cipherbyobj(calg->algorithm);
550 if (cipher == NULL) {
551 (void)ERR_clear_last_mark();
9311d0c4 552 ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_CIPHER);
5840ed0c
BE		 553 return 0;
554 }
1acb2e6f 555 (void)ERR_pop_to_mark();
5840ed0c 556
1acb2e6f
SL		 557 fixlen = EVP_CIPHER_key_length(cipher);
558 EVP_CIPHER_free(fetched_cipher);
5840ed0c
BE		 559 }
560
84af8027 561 ktri->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
90945fa3 562 if (ktri->pctx == NULL)
c1669f41 563 goto err;
0f113f3e
MC		 564
565 if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0)
566 goto err;
567
53155f1c 568 if (!ossl_cms_env_asn1_ctrl(ri, 1))
0f113f3e
MC		 569 goto err;
570
0f113f3e
MC		 571 if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen,
572 ktri->encryptedKey->data,
573 ktri->encryptedKey->length) <= 0)
574 goto err;
575
576 ek = OPENSSL_malloc(eklen);
0f113f3e 577 if (ek == NULL) {
9311d0c4 578 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
0f113f3e
MC		 579 goto err;
580 }
581
582 if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen,
583 ktri->encryptedKey->data,
5840ed0c
BE		 584 ktri->encryptedKey->length) <= 0
585 || eklen == 0
586 || (fixlen != 0 && eklen != fixlen)) {
9311d0c4 587 ERR_raise(ERR_LIB_CMS, CMS_R_CMS_LIB);
0f113f3e
MC		 588 goto err;
589 }
590
591 ret = 1;
592
4b45c6e5 593 OPENSSL_clear_free(ec->key, ec->keylen);
0f113f3e
MC		 594 ec->key = ek;
595 ec->keylen = eklen;
596
597 err:
c5ba2d99
RS		 598 EVP_PKEY_CTX_free(ktri->pctx);
599 ktri->pctx = NULL;
b548a1f1 600 if (!ret)
0f113f3e
MC		 601 OPENSSL_free(ek);
602
603 return ret;
604}
4f1aa191 605
ab124380
DSH		 606/* Key Encrypted Key (KEK) RecipientInfo routines */
607
0f113f3e
MC		 608int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
609 const unsigned char *id, size_t idlen)
610{
611 ASN1_OCTET_STRING tmp_os;
612 CMS_KEKRecipientInfo *kekri;
613 if (ri->type != CMS_RECIPINFO_KEK) {
9311d0c4 614 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK);
0f113f3e
MC		 615 return -2;
616 }
617 kekri = ri->d.kekri;
618 tmp_os.type = V_ASN1_OCTET_STRING;
619 tmp_os.flags = 0;
620 tmp_os.data = (unsigned char *)id;
621 tmp_os.length = (int)idlen;
622 return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
623}
eeb9cdfc 624
ab124380
DSH		 625/* For now hard code AES key wrap info */
626
627static size_t aes_wrap_keylen(int nid)
0f113f3e
MC		 628{
629 switch (nid) {
630 case NID_id_aes128_wrap:
631 return 16;
ab124380 632
0f113f3e
MC		 633 case NID_id_aes192_wrap:
634 return 24;
ab124380 635
0f113f3e
MC		 636 case NID_id_aes256_wrap:
637 return 32;
ab124380 638
0f113f3e
MC		 639 default:
640 return 0;
641 }
642}
ab124380
DSH		 643
644CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
0f113f3e
MC		 645 unsigned char *key, size_t keylen,
646 unsigned char *id, size_t idlen,
647 ASN1_GENERALIZEDTIME *date,
648 ASN1_OBJECT *otherTypeId,
649 ASN1_TYPE *otherType)
650{
651 CMS_RecipientInfo *ri = NULL;
0f113f3e 652 CMS_KEKRecipientInfo *kekri;
924663c3
JZ		 653 STACK_OF(CMS_RecipientInfo) *ris = CMS_get0_RecipientInfos(cms);
654
655 if (ris == NULL)
0f113f3e 656 goto err;
ab124380 657
0f113f3e
MC		 658 if (nid == NID_undef) {
659 switch (keylen) {
660 case 16:
661 nid = NID_id_aes128_wrap;
662 break;
ab124380 663
0f113f3e
MC		 664 case 24:
665 nid = NID_id_aes192_wrap;
666 break;
667
668 case 32:
669 nid = NID_id_aes256_wrap;
670 break;
671
672 default:
9311d0c4 673 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
0f113f3e
MC		 674 goto err;
675 }
676
677 } else {
678
679 size_t exp_keylen = aes_wrap_keylen(nid);
680
681 if (!exp_keylen) {
9311d0c4 682 ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_KEK_ALGORITHM);
0f113f3e
MC		 683 goto err;
684 }
685
686 if (keylen != exp_keylen) {
9311d0c4 687 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
0f113f3e
MC		 688 goto err;
689 }
690
691 }
692
693 /* Initialize recipient info */
694 ri = M_ASN1_new_of(CMS_RecipientInfo);
695 if (!ri)
696 goto merr;
697
698 ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
699 if (!ri->d.kekri)
700 goto merr;
701 ri->type = CMS_RECIPINFO_KEK;
702
703 kekri = ri->d.kekri;
704
705 if (otherTypeId) {
706 kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
707 if (kekri->kekid->other == NULL)
708 goto merr;
709 }
ab124380 710
924663c3 711 if (!sk_CMS_RecipientInfo_push(ris, ri))
0f113f3e
MC		 712 goto merr;
713
714 /* After this point no calls can fail */
715
716 kekri->version = 4;
717
718 kekri->key = key;
719 kekri->keylen = keylen;
720
721 ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
722
723 kekri->kekid->date = date;
724
725 if (kekri->kekid->other) {
726 kekri->kekid->other->keyAttrId = otherTypeId;
727 kekri->kekid->other->keyAttr = otherType;
728 }
729
730 X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
731 OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
732
733 return ri;
734
735 merr:
9311d0c4 736 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
0f113f3e 737 err:
2ace7450 738 M_ASN1_free_of(ri, CMS_RecipientInfo);
0f113f3e 739 return NULL;
0f113f3e
MC		 740}
741
742int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
743 X509_ALGOR **palg,
744 ASN1_OCTET_STRING **pid,
745 ASN1_GENERALIZEDTIME **pdate,
746 ASN1_OBJECT **potherid,
747 ASN1_TYPE **pothertype)
748{
749 CMS_KEKIdentifier *rkid;
750 if (ri->type != CMS_RECIPINFO_KEK) {
9311d0c4 751 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK);
0f113f3e
MC		 752 return 0;
753 }
754 rkid = ri->d.kekri->kekid;
755 if (palg)
756 *palg = ri->d.kekri->keyEncryptionAlgorithm;
757 if (pid)
758 *pid = rkid->keyIdentifier;
759 if (pdate)
760 *pdate = rkid->date;
761 if (potherid) {
762 if (rkid->other)
763 *potherid = rkid->other->keyAttrId;
764 else
765 *potherid = NULL;
766 }
767 if (pothertype) {
768 if (rkid->other)
769 *pothertype = rkid->other->keyAttr;
770 else
771 *pothertype = NULL;
772 }
773 return 1;
774}
775
776int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
777 unsigned char *key, size_t keylen)
778{
779 CMS_KEKRecipientInfo *kekri;
780 if (ri->type != CMS_RECIPINFO_KEK) {
9311d0c4 781 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK);
0f113f3e
MC		 782 return 0;
783 }
784
785 kekri = ri->d.kekri;
786 kekri->key = key;
787 kekri->keylen = keylen;
788 return 1;
789}
6e3bc4f0 790
c1669f41 791static EVP_CIPHER *cms_get_key_wrap_cipher(size_t keylen, const CMS_CTX *ctx)
2852c672 792{
c1669f41
SL		 793 const char *alg = NULL;
794
2852c672
MC		 795 switch(keylen) {
796 case 16:
c1669f41
SL		 797 alg = "AES-128-WRAP";
798 break;
2852c672 799 case 24:
c1669f41
SL		 800 alg = "AES-192-WRAP";
801 break;
2852c672 802 case 32:
c1669f41
SL		 803 alg = "AES-256-WRAP";
804 break;
805 default:
806 return NULL;
2852c672 807 }
53155f1c
SL		 808 return EVP_CIPHER_fetch(ossl_cms_ctx_get0_libctx(ctx), alg,
809 ossl_cms_ctx_get0_propq(ctx));
2852c672
MC		 810}
811
812
6e3bc4f0
DSH		 813/* Encrypt content key in KEK recipient info */
814
9fdcc21f 815static int cms_RecipientInfo_kekri_encrypt(const CMS_ContentInfo *cms,
0f113f3e
MC		 816 CMS_RecipientInfo *ri)
817{
818 CMS_EncryptedContentInfo *ec;
819 CMS_KEKRecipientInfo *kekri;
0f113f3e
MC		 820 unsigned char *wkey = NULL;
821 int wkeylen;
822 int r = 0;
c1669f41 823 EVP_CIPHER *cipher = NULL;
2852c672
MC		 824 int outlen = 0;
825 EVP_CIPHER_CTX *ctx = NULL;
53155f1c 826 const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms);
6e3bc4f0 827
53155f1c 828 ec = ossl_cms_get0_env_enc_content(cms);
924663c3
JZ		 829 if (ec == NULL)
830 return 0;
6e3bc4f0 831
0f113f3e 832 kekri = ri->d.kekri;
6e3bc4f0 833
2852c672 834 if (kekri->key == NULL) {
9311d0c4 835 ERR_raise(ERR_LIB_CMS, CMS_R_NO_KEY);
0f113f3e
MC		 836 return 0;
837 }
6e3bc4f0 838
c1669f41 839 cipher = cms_get_key_wrap_cipher(kekri->keylen, cms_ctx);
2852c672 840 if (cipher == NULL) {
9311d0c4 841 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
0f113f3e
MC		 842 goto err;
843 }
6e3bc4f0 844
2852c672 845 /* 8 byte prefix for AES wrap ciphers */
0f113f3e 846 wkey = OPENSSL_malloc(ec->keylen + 8);
90945fa3 847 if (wkey == NULL) {
9311d0c4 848 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
0f113f3e
MC		 849 goto err;
850 }
6e3bc4f0 851
2852c672
MC		 852 ctx = EVP_CIPHER_CTX_new();
853 if (ctx == NULL) {
9311d0c4 854 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
2852c672
MC		 855 goto err;
856 }
6e3bc4f0 857
2852c672
MC		 858 EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
859 if (!EVP_EncryptInit_ex(ctx, cipher, NULL, kekri->key, NULL)
860 || !EVP_EncryptUpdate(ctx, wkey, &wkeylen, ec->key, ec->keylen)
861 || !EVP_EncryptFinal_ex(ctx, wkey + wkeylen, &outlen)) {
9311d0c4 862 ERR_raise(ERR_LIB_CMS, CMS_R_WRAP_ERROR);
2852c672
MC		 863 goto err;
864 }
865 wkeylen += outlen;
866 if (!ossl_assert((size_t)wkeylen == ec->keylen + 8)) {
9311d0c4 867 ERR_raise(ERR_LIB_CMS, CMS_R_WRAP_ERROR);
0f113f3e
MC		 868 goto err;
869 }
6e3bc4f0 870
0f113f3e 871 ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
6e3bc4f0 872
0f113f3e 873 r = 1;
6e3bc4f0 874
0f113f3e 875 err:
c1669f41 876 EVP_CIPHER_free(cipher);
b548a1f1 877 if (!r)
0f113f3e 878 OPENSSL_free(wkey);
2852c672 879 EVP_CIPHER_CTX_free(ctx);
6e3bc4f0 880
0f113f3e 881 return r;
0f113f3e 882}
6e3bc4f0 883
ab124380
DSH		 884/* Decrypt content key in KEK recipient info */
885
6e3bc4f0 886static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
0f113f3e
MC		 887 CMS_RecipientInfo *ri)
888{
889 CMS_EncryptedContentInfo *ec;
890 CMS_KEKRecipientInfo *kekri;
0f113f3e
MC		 891 unsigned char *ukey = NULL;
892 int ukeylen;
893 int r = 0, wrap_nid;
c1669f41 894 EVP_CIPHER *cipher = NULL;
2852c672
MC		 895 int outlen = 0;
896 EVP_CIPHER_CTX *ctx = NULL;
53155f1c 897 const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms);
0f113f3e 898
53155f1c 899 ec = ossl_cms_get0_env_enc_content(cms);
924663c3
JZ		 900 if (ec == NULL)
901 return 0;
0f113f3e
MC		 902
903 kekri = ri->d.kekri;
904
905 if (!kekri->key) {
9311d0c4 906 ERR_raise(ERR_LIB_CMS, CMS_R_NO_KEY);
0f113f3e
MC		 907 return 0;
908 }
909
910 wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
911 if (aes_wrap_keylen(wrap_nid) != kekri->keylen) {
9311d0c4 912 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
0f113f3e
MC		 913 return 0;
914 }
915
916 /* If encrypted key length is invalid don't bother */
917
918 if (kekri->encryptedKey->length < 16) {
9311d0c4 919 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
0f113f3e
MC		 920 goto err;
921 }
922
c1669f41 923 cipher = cms_get_key_wrap_cipher(kekri->keylen, cms_ctx);
2852c672 924 if (cipher == NULL) {
9311d0c4 925 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
0f113f3e
MC		 926 goto err;
927 }
928
929 ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
90945fa3 930 if (ukey == NULL) {
9311d0c4 931 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
0f113f3e
MC		 932 goto err;
933 }
934
2852c672
MC		 935 ctx = EVP_CIPHER_CTX_new();
936 if (ctx == NULL) {
9311d0c4 937 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
2852c672
MC		 938 goto err;
939 }
0f113f3e 940
2852c672
MC		 941 if (!EVP_DecryptInit_ex(ctx, cipher, NULL, kekri->key, NULL)
942 || !EVP_DecryptUpdate(ctx, ukey, &ukeylen,
943 kekri->encryptedKey->data,
944 kekri->encryptedKey->length)
945 || !EVP_DecryptFinal_ex(ctx, ukey + ukeylen, &outlen)) {
9311d0c4 946 ERR_raise(ERR_LIB_CMS, CMS_R_UNWRAP_ERROR);
0f113f3e
MC		 947 goto err;
948 }
2852c672 949 ukeylen += outlen;
0f113f3e
MC		 950
951 ec->key = ukey;
952 ec->keylen = ukeylen;
953
954 r = 1;
955
956 err:
c1669f41 957 EVP_CIPHER_free(cipher);
b548a1f1 958 if (!r)
0f113f3e 959 OPENSSL_free(ukey);
2852c672 960 EVP_CIPHER_CTX_free(ctx);
0f113f3e
MC		 961
962 return r;
0f113f3e 963}
6e3bc4f0
DSH		 964
965int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
0f113f3e
MC		 966{
967 switch (ri->type) {
968 case CMS_RECIPINFO_TRANS:
969 return cms_RecipientInfo_ktri_decrypt(cms, ri);
6e3bc4f0 970
0f113f3e
MC		 971 case CMS_RECIPINFO_KEK:
972 return cms_RecipientInfo_kekri_decrypt(cms, ri);
6e3bc4f0 973
0f113f3e 974 case CMS_RECIPINFO_PASS:
53155f1c 975 return ossl_cms_RecipientInfo_pwri_crypt(cms, ri, 0);
d2a53c22 976
0f113f3e 977 default:
9311d0c4 978 ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE);
0f113f3e
MC		 979 return 0;
980 }
981}
6e3bc4f0 982
9fdcc21f 983int CMS_RecipientInfo_encrypt(const CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
0f113f3e
MC		 984{
985 switch (ri->type) {
986 case CMS_RECIPINFO_TRANS:
987 return cms_RecipientInfo_ktri_encrypt(cms, ri);
988
989 case CMS_RECIPINFO_AGREE:
53155f1c 990 return ossl_cms_RecipientInfo_kari_encrypt(cms, ri);
0f113f3e
MC		 991
992 case CMS_RECIPINFO_KEK:
993 return cms_RecipientInfo_kekri_encrypt(cms, ri);
0f113f3e
MC		 994
995 case CMS_RECIPINFO_PASS:
53155f1c 996 return ossl_cms_RecipientInfo_pwri_crypt(cms, ri, 1);
0f113f3e
MC		 997
998 default:
9311d0c4 999 ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
0f113f3e
MC		 1000 return 0;
1001 }
1002}
e1f1d28f 1003
ff7b6ce9
DSH		 1004/* Check structures and fixup version numbers (if necessary) */
1005
1006static void cms_env_set_originfo_version(CMS_EnvelopedData *env)
0f113f3e
MC		 1007{
1008 CMS_OriginatorInfo *org = env->originatorInfo;
1009 int i;
1010 if (org == NULL)
1011 return;
1012 for (i = 0; i < sk_CMS_CertificateChoices_num(org->certificates); i++) {
1013 CMS_CertificateChoices *cch;
1014 cch = sk_CMS_CertificateChoices_value(org->certificates, i);
1015 if (cch->type == CMS_CERTCHOICE_OTHER) {
1016 env->version = 4;
1017 return;
1018 } else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
1019 if (env->version < 3)
1020 env->version = 3;
1021 }
1022 }
1023
1024 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(org->crls); i++) {
1025 CMS_RevocationInfoChoice *rch;
1026 rch = sk_CMS_RevocationInfoChoice_value(org->crls, i);
1027 if (rch->type == CMS_REVCHOICE_OTHER) {
1028 env->version = 4;
1029 return;
1030 }
1031 }
1032}
ff7b6ce9
DSH		 1033
1034static void cms_env_set_version(CMS_EnvelopedData *env)
0f113f3e
MC		 1035{
1036 int i;
1037 CMS_RecipientInfo *ri;
1038
1039 /*
1040 * Can't set version higher than 4 so if 4 or more already nothing to do.
1041 */
1042 if (env->version >= 4)
1043 return;
1044
1045 cms_env_set_originfo_version(env);
1046
1047 if (env->version >= 3)
1048 return;
1049
1050 for (i = 0; i < sk_CMS_RecipientInfo_num(env->recipientInfos); i++) {
1051 ri = sk_CMS_RecipientInfo_value(env->recipientInfos, i);
1052 if (ri->type == CMS_RECIPINFO_PASS || ri->type == CMS_RECIPINFO_OTHER) {
1053 env->version = 3;
1054 return;
1055 } else if (ri->type != CMS_RECIPINFO_TRANS
1056 || ri->d.ktri->version != 0) {
1057 env->version = 2;
1058 }
1059 }
0f113f3e
MC		 1060 if (env->originatorInfo || env->unprotectedAttrs)
1061 env->version = 2;
35096e91
RS		 1062 if (env->version == 2)
1063 return;
0f113f3e
MC		 1064 env->version = 0;
1065}
ff7b6ce9 1066
924663c3
JZ		 1067static int cms_env_encrypt_content_key(const CMS_ContentInfo *cms,
1068 STACK_OF(CMS_RecipientInfo) *ris)
1069{
1070 int i;
1071 CMS_RecipientInfo *ri;
1072
1073 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
1074 ri = sk_CMS_RecipientInfo_value(ris, i);
1075 if (CMS_RecipientInfo_encrypt(cms, ri) <= 0)
1076 return -1;
1077 }
1078 return 1;
1079}
1080
1081static void cms_env_clear_ec(CMS_EncryptedContentInfo *ec)
1082{
1083 ec->cipher = NULL;
1084 OPENSSL_clear_free(ec->key, ec->keylen);
1085 ec->key = NULL;
1086 ec->keylen = 0;
1087}
1088
71434aed
DB		 1089static BIO *cms_EnvelopedData_Decryption_init_bio(CMS_ContentInfo *cms)
1090{
1091 CMS_EncryptedContentInfo *ec = cms->d.envelopedData->encryptedContentInfo;
53155f1c
SL		 1092 BIO *contentBio = ossl_cms_EncryptedContent_init_bio(ec,
1093 ossl_cms_get0_cmsctx(cms));
71434aed
DB		 1094 EVP_CIPHER_CTX *ctx = NULL;
1095
1096 if (contentBio == NULL)
1097 return NULL;
1098
1099 BIO_get_cipher_ctx(contentBio, &ctx);
1100 if (ctx == NULL) {
1101 BIO_free(contentBio);
1102 return NULL;
1103 }
924663c3
JZ		 1104 /*
1105 * If the selected cipher supports unprotected attributes,
1106 * deal with it using special ctrl function
1107 */
f6c95e46
RS		 1108 if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
1109 & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0
71434aed
DB		 1110 && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED, 0,
1111 cms->d.envelopedData->unprotectedAttrs) <= 0) {
1112 BIO_free(contentBio);
1113 return NULL;
1114 }
1115 return contentBio;
1116}
1117
1118static BIO *cms_EnvelopedData_Encryption_init_bio(CMS_ContentInfo *cms)
0f113f3e
MC		 1119{
1120 CMS_EncryptedContentInfo *ec;
1121 STACK_OF(CMS_RecipientInfo) *rinfos;
924663c3 1122 int ok = 0;
0f113f3e 1123 BIO *ret;
924663c3 1124 CMS_EnvelopedData *env = cms->d.envelopedData;
0f113f3e
MC		 1125
1126 /* Get BIO first to set up key */
1127
924663c3 1128 ec = env->encryptedContentInfo;
53155f1c 1129 ret = ossl_cms_EncryptedContent_init_bio(ec, ossl_cms_get0_cmsctx(cms));
0f113f3e 1130
71434aed
DB		 1131 /* If error end of processing */
1132 if (!ret)
0f113f3e
MC		 1133 return ret;
1134
1135 /* Now encrypt content key according to each RecipientInfo type */
924663c3
JZ		 1136 rinfos = env->recipientInfos;
1137 if (cms_env_encrypt_content_key(cms, rinfos) < 0) {
9311d0c4 1138 ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_SETTING_RECIPIENTINFO);
924663c3 1139 goto err;
0f113f3e 1140 }
924663c3
JZ		 1141
1142 /* And finally set the version */
1143 cms_env_set_version(env);
0f113f3e
MC		 1144
1145 ok = 1;
1146
1147 err:
924663c3 1148 cms_env_clear_ec(ec);
0f113f3e
MC		 1149 if (ok)
1150 return ret;
1151 BIO_free(ret);
1152 return NULL;
71434aed
DB		 1153}
1154
53155f1c 1155BIO *ossl_cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
71434aed
DB		 1156{
1157 if (cms->d.envelopedData->encryptedContentInfo->cipher != NULL) {
1158 /* If cipher is set it's encryption */
1159 return cms_EnvelopedData_Encryption_init_bio(cms);
1160 }
0f113f3e 1161
71434aed
DB		 1162 /* If cipher is not set it's decryption */
1163 return cms_EnvelopedData_Decryption_init_bio(cms);
0f113f3e
MC		 1164}
1165
53155f1c 1166BIO *ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms)
924663c3
JZ		 1167{
1168 CMS_EncryptedContentInfo *ec;
1169 STACK_OF(CMS_RecipientInfo) *rinfos;
1170 int ok = 0;
1171 BIO *ret;
1172 CMS_AuthEnvelopedData *aenv = cms->d.authEnvelopedData;
1173
1174 /* Get BIO first to set up key */
1175 ec = aenv->authEncryptedContentInfo;
1176 /* Set tag for decryption */
1177 if (ec->cipher == NULL) {
1178 ec->tag = aenv->mac->data;
1179 ec->taglen = aenv->mac->length;
1180 }
53155f1c 1181 ret = ossl_cms_EncryptedContent_init_bio(ec, ossl_cms_get0_cmsctx(cms));
924663c3
JZ		 1182
1183 /* If error or no cipher end of processing */
1184 if (ret == NULL || ec->cipher == NULL)
1185 return ret;
1186
1187 /* Now encrypt content key according to each RecipientInfo type */
1188 rinfos = aenv->recipientInfos;
1189 if (cms_env_encrypt_content_key(cms, rinfos) < 0) {
9311d0c4 1190 ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_SETTING_RECIPIENTINFO);
924663c3
JZ		 1191 goto err;
1192 }
1193
1194 /* And finally set the version */
1195 aenv->version = 0;
1196
1197 ok = 1;
1198
1199 err:
1200 cms_env_clear_ec(ec);
1201 if (ok)
1202 return ret;
1203 BIO_free(ret);
1204 return NULL;
1205}
1206
53155f1c 1207int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain)
924663c3
JZ		 1208{
1209 CMS_EnvelopedData *env = NULL;
1210 EVP_CIPHER_CTX *ctx = NULL;
1211 BIO *mbio = BIO_find_type(chain, BIO_TYPE_CIPHER);
1212
53155f1c 1213 env = ossl_cms_get0_enveloped(cms);
924663c3
JZ		 1214 if (env == NULL)
1215 return 0;
1216
1217 if (mbio == NULL) {
9311d0c4 1218 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_NOT_FOUND);
924663c3
JZ		 1219 return 0;
1220 }
1221
1222 BIO_get_cipher_ctx(mbio, &ctx);
1223
1224 /*
1225 * If the selected cipher supports unprotected attributes,
1226 * deal with it using special ctrl function
1227 */
f6c95e46
RS		 1228 if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
1229 & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) {
924663c3
JZ		 1230 if (env->unprotectedAttrs == NULL)
1231 env->unprotectedAttrs = sk_X509_ATTRIBUTE_new_null();
1232
1233 if (env->unprotectedAttrs == NULL) {
9311d0c4 1234 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
924663c3
JZ		 1235 return 0;
1236 }
1237
1238 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED,
1239 1, env->unprotectedAttrs) <= 0) {
9311d0c4 1240 ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_FAILURE);
924663c3
JZ		 1241 return 0;
1242 }
1243 }
1244
1245 cms_env_set_version(cms->d.envelopedData);
1246 return 1;
1247}
1248
53155f1c 1249int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio)
924663c3
JZ		 1250{
1251 EVP_CIPHER_CTX *ctx;
1252 unsigned char *tag = NULL;
1253 int taglen, ok = 0;
1254
1255 BIO_get_cipher_ctx(cmsbio, &ctx);
1256
1257 /*
1258 * The tag is set only for encryption. There is nothing to do for
1259 * decryption.
1260 */
1261 if (!EVP_CIPHER_CTX_encrypting(ctx))
1262 return 1;
1263
1264 taglen = EVP_CIPHER_CTX_tag_length(ctx);
1265 if (taglen <= 0
1266 || (tag = OPENSSL_malloc(taglen)) == NULL
1267 || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen,
1268 tag) <= 0) {
9311d0c4 1269 ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_GET_TAG);
924663c3
JZ		 1270 goto err;
1271 }
1272
1273 if (!ASN1_OCTET_STRING_set(cms->d.authEnvelopedData->mac, tag, taglen))
1274 goto err;
1275
1276 ok = 1;
1277err:
1278 OPENSSL_free(tag);
1279 return ok;
1280}
1281
0f113f3e
MC		 1282/*
1283 * Get RecipientInfo type (if any) supported by a key (public or private). To
1284 * retain compatibility with previous behaviour if the ctrl value isn't
17c2764d
DSH		 1285 * supported we assume key transport.
1286 */
53155f1c 1287int ossl_cms_pkey_get_ri_type(EVP_PKEY *pk)
0f113f3e 1288{
7022d9b9
MC		 1289 /* Check types that we know about */
1290 if (EVP_PKEY_is_a(pk, "DH"))
1291 return CMS_RECIPINFO_AGREE;
f23e4a17
TM		 1292 else if (EVP_PKEY_is_a(pk, "DHX"))
1293 return CMS_RECIPINFO_AGREE;
7022d9b9
MC		 1294 else if (EVP_PKEY_is_a(pk, "DSA"))
1295 return CMS_RECIPINFO_NONE;
1296 else if (EVP_PKEY_is_a(pk, "EC"))
1297 return CMS_RECIPINFO_AGREE;
1298 else if (EVP_PKEY_is_a(pk, "RSA"))
1299 return CMS_RECIPINFO_TRANS;
1300
1301 /*
1302 * Otherwise this might ben an engine implementation, so see if we can get
1303 * the type from the ameth.
1304 */
0f113f3e
MC		 1305 if (pk->ameth && pk->ameth->pkey_ctrl) {
1306 int i, r;
1307 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_RI_TYPE, 0, &r);
1308 if (i > 0)
1309 return r;
1310 }
1311 return CMS_RECIPINFO_TRANS;
1312}
71434aed 1313
53155f1c 1314int ossl_cms_pkey_is_ri_type_supported(EVP_PKEY *pk, int ri_type)
71434aed
DB		 1315{
1316 int supportedRiType;
1317
1318 if (pk->ameth != NULL && pk->ameth->pkey_ctrl != NULL) {
1319 int i, r;
1320
c1669f41
SL		 1321 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_IS_RI_TYPE_SUPPORTED,
1322 ri_type, &r);
71434aed
DB		 1323 if (i > 0)
1324 return r;
1325 }
1326
53155f1c 1327 supportedRiType = ossl_cms_pkey_get_ri_type(pk);
71434aed
DB		 1328 if (supportedRiType < 0)
1329 return 0;
1330
1331 return (supportedRiType == ri_type);
1332}
A mirror of the official openssl repository