]>
Commit | Line | Data |
---|---|---|
0b3a4ef2 MC |
1 | /* |
2 | * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
9ab7fe48 | 10 | #include <assert.h> |
0b3a4ef2 MC |
11 | #include <openssl/cms.h> |
12 | #include <openssl/err.h> | |
13 | #include "crypto/asn1.h" | |
9ab7fe48 | 14 | #include "crypto/rsa.h" |
0b3a4ef2 MC |
15 | #include "cms_local.h" |
16 | ||
0b3a4ef2 MC |
17 | static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg) |
18 | { | |
19 | RSA_OAEP_PARAMS *oaep; | |
20 | ||
21 | oaep = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS), | |
22 | alg->parameter); | |
23 | ||
24 | if (oaep == NULL) | |
25 | return NULL; | |
26 | ||
27 | if (oaep->maskGenFunc != NULL) { | |
28 | oaep->maskHash = x509_algor_mgf1_decode(oaep->maskGenFunc); | |
29 | if (oaep->maskHash == NULL) { | |
30 | RSA_OAEP_PARAMS_free(oaep); | |
31 | return NULL; | |
32 | } | |
33 | } | |
34 | return oaep; | |
35 | } | |
36 | ||
37 | static int rsa_cms_decrypt(CMS_RecipientInfo *ri) | |
38 | { | |
39 | EVP_PKEY_CTX *pkctx; | |
40 | X509_ALGOR *cmsalg; | |
41 | int nid; | |
42 | int rv = -1; | |
43 | unsigned char *label = NULL; | |
44 | int labellen = 0; | |
45 | const EVP_MD *mgf1md = NULL, *md = NULL; | |
46 | RSA_OAEP_PARAMS *oaep; | |
47 | ||
48 | pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri); | |
49 | if (pkctx == NULL) | |
50 | return 0; | |
51 | if (!CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &cmsalg)) | |
52 | return -1; | |
53 | nid = OBJ_obj2nid(cmsalg->algorithm); | |
54 | if (nid == NID_rsaEncryption) | |
55 | return 1; | |
56 | if (nid != NID_rsaesOaep) { | |
9311d0c4 | 57 | ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_ENCRYPTION_TYPE); |
0b3a4ef2 MC |
58 | return -1; |
59 | } | |
60 | /* Decode OAEP parameters */ | |
61 | oaep = rsa_oaep_decode(cmsalg); | |
62 | ||
63 | if (oaep == NULL) { | |
9311d0c4 | 64 | ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_OAEP_PARAMETERS); |
0b3a4ef2 MC |
65 | goto err; |
66 | } | |
67 | ||
68 | mgf1md = x509_algor_get_md(oaep->maskHash); | |
69 | if (mgf1md == NULL) | |
70 | goto err; | |
71 | md = x509_algor_get_md(oaep->hashFunc); | |
72 | if (md == NULL) | |
73 | goto err; | |
74 | ||
75 | if (oaep->pSourceFunc != NULL) { | |
76 | X509_ALGOR *plab = oaep->pSourceFunc; | |
77 | ||
78 | if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) { | |
9311d0c4 | 79 | ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_LABEL_SOURCE); |
0b3a4ef2 MC |
80 | goto err; |
81 | } | |
82 | if (plab->parameter->type != V_ASN1_OCTET_STRING) { | |
9311d0c4 | 83 | ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_LABEL); |
0b3a4ef2 MC |
84 | goto err; |
85 | } | |
86 | ||
87 | label = plab->parameter->value.octet_string->data; | |
88 | /* Stop label being freed when OAEP parameters are freed */ | |
89 | plab->parameter->value.octet_string->data = NULL; | |
90 | labellen = plab->parameter->value.octet_string->length; | |
91 | } | |
92 | ||
93 | if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0) | |
94 | goto err; | |
95 | if (EVP_PKEY_CTX_set_rsa_oaep_md(pkctx, md) <= 0) | |
96 | goto err; | |
97 | if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) | |
98 | goto err; | |
99 | if (label != NULL | |
100 | && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) | |
101 | goto err; | |
102 | /* Carry on */ | |
103 | rv = 1; | |
104 | ||
105 | err: | |
106 | RSA_OAEP_PARAMS_free(oaep); | |
107 | return rv; | |
108 | } | |
109 | ||
110 | static int rsa_cms_encrypt(CMS_RecipientInfo *ri) | |
111 | { | |
112 | const EVP_MD *md, *mgf1md; | |
113 | RSA_OAEP_PARAMS *oaep = NULL; | |
114 | ASN1_STRING *os = NULL; | |
115 | X509_ALGOR *alg; | |
116 | EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri); | |
117 | int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen; | |
118 | unsigned char *label; | |
119 | ||
120 | if (CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg) <= 0) | |
121 | return 0; | |
9ab7fe48 | 122 | if (pkctx != NULL) { |
0b3a4ef2 MC |
123 | if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) |
124 | return 0; | |
125 | } | |
126 | if (pad_mode == RSA_PKCS1_PADDING) { | |
127 | X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0); | |
128 | return 1; | |
129 | } | |
130 | /* Not supported */ | |
131 | if (pad_mode != RSA_PKCS1_OAEP_PADDING) | |
132 | return 0; | |
133 | if (EVP_PKEY_CTX_get_rsa_oaep_md(pkctx, &md) <= 0) | |
134 | goto err; | |
135 | if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0) | |
136 | goto err; | |
137 | labellen = EVP_PKEY_CTX_get0_rsa_oaep_label(pkctx, &label); | |
138 | if (labellen < 0) | |
139 | goto err; | |
140 | oaep = RSA_OAEP_PARAMS_new(); | |
141 | if (oaep == NULL) | |
142 | goto err; | |
143 | if (!x509_algor_new_from_md(&oaep->hashFunc, md)) | |
144 | goto err; | |
145 | if (!x509_algor_md_to_mgf1(&oaep->maskGenFunc, mgf1md)) | |
146 | goto err; | |
147 | if (labellen > 0) { | |
148 | ASN1_OCTET_STRING *los; | |
9ab7fe48 | 149 | |
0b3a4ef2 MC |
150 | oaep->pSourceFunc = X509_ALGOR_new(); |
151 | if (oaep->pSourceFunc == NULL) | |
152 | goto err; | |
153 | los = ASN1_OCTET_STRING_new(); | |
154 | if (los == NULL) | |
155 | goto err; | |
156 | if (!ASN1_OCTET_STRING_set(los, label, labellen)) { | |
157 | ASN1_OCTET_STRING_free(los); | |
158 | goto err; | |
159 | } | |
160 | X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified), | |
161 | V_ASN1_OCTET_STRING, los); | |
162 | } | |
163 | /* create string with pss parameter encoding. */ | |
164 | if (!ASN1_item_pack(oaep, ASN1_ITEM_rptr(RSA_OAEP_PARAMS), &os)) | |
165 | goto err; | |
166 | X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os); | |
167 | os = NULL; | |
168 | rv = 1; | |
169 | err: | |
170 | RSA_OAEP_PARAMS_free(oaep); | |
171 | ASN1_STRING_free(os); | |
172 | return rv; | |
173 | } | |
174 | ||
175 | int cms_rsa_envelope(CMS_RecipientInfo *ri, int decrypt) | |
176 | { | |
9ab7fe48 MC |
177 | assert(decrypt == 0 || decrypt == 1); |
178 | ||
0b3a4ef2 MC |
179 | if (decrypt == 1) |
180 | return rsa_cms_decrypt(ri); | |
9ab7fe48 MC |
181 | |
182 | if (decrypt == 0) | |
0b3a4ef2 MC |
183 | return rsa_cms_encrypt(ri); |
184 | ||
9311d0c4 | 185 | ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); |
0b3a4ef2 | 186 | return 0; |
9ab7fe48 MC |
187 | } |
188 | ||
189 | static int rsa_cms_sign(CMS_SignerInfo *si) | |
190 | { | |
191 | int pad_mode = RSA_PKCS1_PADDING; | |
192 | X509_ALGOR *alg; | |
193 | EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si); | |
194 | ASN1_STRING *os = NULL; | |
195 | ||
196 | CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); | |
197 | if (pkctx != NULL) { | |
198 | if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) | |
199 | return 0; | |
200 | } | |
201 | if (pad_mode == RSA_PKCS1_PADDING) { | |
202 | X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0); | |
203 | return 1; | |
204 | } | |
205 | /* We don't support it */ | |
206 | if (pad_mode != RSA_PKCS1_PSS_PADDING) | |
207 | return 0; | |
208 | os = ossl_rsa_ctx_to_pss_string(pkctx); | |
209 | if (os == NULL) | |
210 | return 0; | |
211 | X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os); | |
212 | return 1; | |
213 | } | |
214 | ||
215 | static int rsa_cms_verify(CMS_SignerInfo *si) | |
216 | { | |
217 | int nid, nid2; | |
218 | X509_ALGOR *alg; | |
219 | EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si); | |
220 | EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pkctx); | |
221 | ||
222 | CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); | |
223 | nid = OBJ_obj2nid(alg->algorithm); | |
224 | if (nid == EVP_PKEY_RSA_PSS) | |
225 | return ossl_rsa_pss_to_ctx(NULL, pkctx, alg, NULL); | |
226 | /* Only PSS allowed for PSS keys */ | |
227 | if (EVP_PKEY_is_a(pkey, "RSA-PSS")) { | |
9311d0c4 | 228 | ERR_raise(ERR_LIB_RSA, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); |
9ab7fe48 MC |
229 | return 0; |
230 | } | |
231 | if (nid == NID_rsaEncryption) | |
232 | return 1; | |
233 | /* Workaround for some implementation that use a signature OID */ | |
234 | if (OBJ_find_sigid_algs(nid, NULL, &nid2)) { | |
235 | if (nid2 == NID_rsaEncryption) | |
236 | return 1; | |
237 | } | |
238 | return 0; | |
239 | } | |
240 | ||
241 | int cms_rsa_sign(CMS_SignerInfo *si, int verify) | |
242 | { | |
243 | assert(verify == 0 || verify == 1); | |
244 | ||
245 | if (verify == 1) | |
246 | return rsa_cms_verify(si); | |
247 | ||
248 | if (verify == 0) | |
249 | return rsa_cms_sign(si); | |
250 | ||
9311d0c4 | 251 | ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); |
9ab7fe48 MC |
252 | return 0; |
253 | } |