2 * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright Nokia 2007-2019
4 * Copyright Siemens AG 2015-2019
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
12 /* CMP functions for PKIHeader handling */
14 #include "cmp_local.h"
16 #include <openssl/rand.h>
18 /* explicit #includes not strictly needed since implied by the above: */
19 #include <openssl/asn1t.h>
20 #include <openssl/cmp.h>
21 #include <openssl/err.h>
23 DEFINE_STACK_OF(ASN1_UTF8STRING
)
24 DEFINE_STACK_OF(OSSL_CMP_ITAV
)
26 int ossl_cmp_hdr_set_pvno(OSSL_CMP_PKIHEADER
*hdr
, int pvno
)
28 if (!ossl_assert(hdr
!= NULL
))
30 return ASN1_INTEGER_set(hdr
->pvno
, pvno
);
33 int ossl_cmp_hdr_get_pvno(const OSSL_CMP_PKIHEADER
*hdr
)
37 if (!ossl_assert(hdr
!= NULL
))
39 if (!ASN1_INTEGER_get_int64(&pvno
, hdr
->pvno
) || pvno
< 0 || pvno
> INT_MAX
)
44 int ossl_cmp_hdr_get_protection_nid(const OSSL_CMP_PKIHEADER
*hdr
)
46 if (!ossl_assert(hdr
!= NULL
)
47 || hdr
->protectionAlg
== NULL
)
49 return OBJ_obj2nid(hdr
->protectionAlg
->algorithm
);
52 ASN1_OCTET_STRING
*OSSL_CMP_HDR_get0_transactionID(const
53 OSSL_CMP_PKIHEADER
*hdr
)
56 CMPerr(0, CMP_R_NULL_ARGUMENT
);
59 return hdr
->transactionID
;
62 ASN1_OCTET_STRING
*ossl_cmp_hdr_get0_senderNonce(const OSSL_CMP_PKIHEADER
*hdr
)
64 if (!ossl_assert(hdr
!= NULL
))
66 return hdr
->senderNonce
;
69 ASN1_OCTET_STRING
*OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER
*hdr
)
72 CMPerr(0, CMP_R_NULL_ARGUMENT
);
75 return hdr
->recipNonce
;
78 int ossl_cmp_general_name_is_NULL_DN(GENERAL_NAME
*name
)
80 X509_NAME
*null
= X509_NAME_new();
81 int res
= name
== NULL
|| null
== NULL
82 || (name
->type
== GEN_DIRNAME
83 && X509_NAME_cmp(name
->d
.directoryName
, null
) == 0);
89 /* assign to *tgt a copy of src (which may be NULL to indicate an empty DN) */
90 static int set1_general_name(GENERAL_NAME
**tgt
, const X509_NAME
*src
)
94 if (!ossl_assert(tgt
!= NULL
))
96 if ((name
= GENERAL_NAME_new()) == NULL
)
98 name
->type
= GEN_DIRNAME
;
100 if (src
== NULL
) { /* NULL-DN */
101 if ((name
->d
.directoryName
= X509_NAME_new()) == NULL
)
103 } else if (!X509_NAME_set(&name
->d
.directoryName
, src
)) {
107 GENERAL_NAME_free(*tgt
);
113 GENERAL_NAME_free(name
);
118 * Set the sender name in PKIHeader.
119 * when nm is NULL, sender is set to an empty string
120 * returns 1 on success, 0 on error
122 int ossl_cmp_hdr_set1_sender(OSSL_CMP_PKIHEADER
*hdr
, const X509_NAME
*nm
)
124 if (!ossl_assert(hdr
!= NULL
))
126 return set1_general_name(&hdr
->sender
, nm
);
129 int ossl_cmp_hdr_set1_recipient(OSSL_CMP_PKIHEADER
*hdr
, const X509_NAME
*nm
)
131 if (!ossl_assert(hdr
!= NULL
))
133 return set1_general_name(&hdr
->recipient
, nm
);
136 int ossl_cmp_hdr_update_messageTime(OSSL_CMP_PKIHEADER
*hdr
)
138 if (!ossl_assert(hdr
!= NULL
))
140 if (hdr
->messageTime
== NULL
141 && (hdr
->messageTime
= ASN1_GENERALIZEDTIME_new()) == NULL
)
143 return ASN1_GENERALIZEDTIME_set(hdr
->messageTime
, time(NULL
)) != NULL
;
146 /* assign to *tgt a random byte array of given length */
147 static int set_random(ASN1_OCTET_STRING
**tgt
, OSSL_CMP_CTX
*ctx
, size_t len
)
149 unsigned char *bytes
= OPENSSL_malloc(len
);
152 if (bytes
== NULL
|| RAND_bytes_ex(ctx
->libctx
, bytes
, len
) <= 0)
153 CMPerr(0, CMP_R_FAILURE_OBTAINING_RANDOM
);
155 res
= ossl_cmp_asn1_octet_string_set1_bytes(tgt
, bytes
, len
);
160 int ossl_cmp_hdr_set1_senderKID(OSSL_CMP_PKIHEADER
*hdr
,
161 const ASN1_OCTET_STRING
*senderKID
)
163 if (!ossl_assert(hdr
!= NULL
))
165 return ossl_cmp_asn1_octet_string_set1(&hdr
->senderKID
, senderKID
);
168 /* push the given text string to the given PKIFREETEXT ft */
169 int ossl_cmp_hdr_push0_freeText(OSSL_CMP_PKIHEADER
*hdr
, ASN1_UTF8STRING
*text
)
171 if (!ossl_assert(hdr
!= NULL
&& text
!= NULL
))
174 if (hdr
->freeText
== NULL
175 && (hdr
->freeText
= sk_ASN1_UTF8STRING_new_null()) == NULL
)
178 return sk_ASN1_UTF8STRING_push(hdr
->freeText
, text
);
181 int ossl_cmp_hdr_push1_freeText(OSSL_CMP_PKIHEADER
*hdr
, ASN1_UTF8STRING
*text
)
183 if (!ossl_assert(hdr
!= NULL
&& text
!= NULL
))
186 if (hdr
->freeText
== NULL
187 && (hdr
->freeText
= sk_ASN1_UTF8STRING_new_null()) == NULL
)
191 ossl_cmp_sk_ASN1_UTF8STRING_push_str(hdr
->freeText
, (char *)text
->data
);
194 int ossl_cmp_hdr_generalInfo_push0_item(OSSL_CMP_PKIHEADER
*hdr
,
197 if (!ossl_assert(hdr
!= NULL
&& itav
!= NULL
))
199 return OSSL_CMP_ITAV_push0_stack_item(&hdr
->generalInfo
, itav
);
202 int ossl_cmp_hdr_generalInfo_push1_items(OSSL_CMP_PKIHEADER
*hdr
,
203 const STACK_OF(OSSL_CMP_ITAV
) *itavs
)
208 if (!ossl_assert(hdr
!= NULL
))
211 for (i
= 0; i
< sk_OSSL_CMP_ITAV_num(itavs
); i
++) {
212 itav
= OSSL_CMP_ITAV_dup(sk_OSSL_CMP_ITAV_value(itavs
, i
));
216 if (!ossl_cmp_hdr_generalInfo_push0_item(hdr
, itav
)) {
217 OSSL_CMP_ITAV_free(itav
);
224 int ossl_cmp_hdr_set_implicitConfirm(OSSL_CMP_PKIHEADER
*hdr
)
229 if (!ossl_assert(hdr
!= NULL
))
231 asn1null
= (ASN1_TYPE
*)ASN1_NULL_new();
232 if (asn1null
== NULL
)
234 if ((itav
= OSSL_CMP_ITAV_create(OBJ_nid2obj(NID_id_it_implicitConfirm
),
237 if (!ossl_cmp_hdr_generalInfo_push0_item(hdr
, itav
))
242 ASN1_TYPE_free(asn1null
);
243 OSSL_CMP_ITAV_free(itav
);
247 /* return 1 if implicitConfirm in the generalInfo field of the header is set */
248 int ossl_cmp_hdr_has_implicitConfirm(const OSSL_CMP_PKIHEADER
*hdr
)
254 if (!ossl_assert(hdr
!= NULL
))
257 itavCount
= sk_OSSL_CMP_ITAV_num(hdr
->generalInfo
);
258 for (i
= 0; i
< itavCount
; i
++) {
259 itav
= sk_OSSL_CMP_ITAV_value(hdr
->generalInfo
, i
);
261 && OBJ_obj2nid(itav
->infoType
) == NID_id_it_implicitConfirm
)
269 * set ctx->transactionID in CMP header
270 * if ctx->transactionID is NULL, a random one is created with 128 bit
271 * according to section 5.1.1:
273 * It is RECOMMENDED that the clients fill the transactionID field with
274 * 128 bits of (pseudo-) random data for the start of a transaction to
275 * reduce the probability of having the transactionID in use at the server.
277 int ossl_cmp_hdr_set_transactionID(OSSL_CMP_CTX
*ctx
, OSSL_CMP_PKIHEADER
*hdr
)
279 if (ctx
->transactionID
== NULL
280 && !set_random(&ctx
->transactionID
, ctx
, OSSL_CMP_TRANSACTIONID_LENGTH
))
282 return ossl_cmp_asn1_octet_string_set1(&hdr
->transactionID
,
286 /* fill in all fields of the hdr according to the info given in ctx */
287 int ossl_cmp_hdr_init(OSSL_CMP_CTX
*ctx
, OSSL_CMP_PKIHEADER
*hdr
)
289 const X509_NAME
*sender
;
290 const X509_NAME
*rcp
= NULL
;
292 if (!ossl_assert(ctx
!= NULL
&& hdr
!= NULL
))
295 /* set the CMP version */
296 if (!ossl_cmp_hdr_set_pvno(hdr
, OSSL_CMP_PVNO
))
300 * If neither protection cert nor oldCert nor subject are given,
301 * sender name is not known to the client and thus set to NULL-DN
303 sender
= ctx
->cert
!= NULL
? X509_get_subject_name(ctx
->cert
) :
304 ctx
->oldCert
!= NULL
? X509_get_subject_name(ctx
->oldCert
) :
306 if (!ossl_cmp_hdr_set1_sender(hdr
, sender
))
309 /* determine recipient entry in PKIHeader */
310 if (ctx
->recipient
!= NULL
)
311 rcp
= ctx
->recipient
;
312 else if (ctx
->srvCert
!= NULL
)
313 rcp
= X509_get_subject_name(ctx
->srvCert
);
314 else if (ctx
->issuer
!= NULL
)
316 else if (ctx
->oldCert
!= NULL
)
317 rcp
= X509_get_issuer_name(ctx
->oldCert
);
318 else if (ctx
->cert
!= NULL
)
319 rcp
= X509_get_issuer_name(ctx
->cert
);
320 if (!ossl_cmp_hdr_set1_recipient(hdr
, rcp
))
323 /* set current time as message time */
324 if (!ossl_cmp_hdr_update_messageTime(hdr
))
327 if (ctx
->recipNonce
!= NULL
328 && !ossl_cmp_asn1_octet_string_set1(&hdr
->recipNonce
,
332 if (!ossl_cmp_hdr_set_transactionID(ctx
, hdr
))
336 * set random senderNonce
337 * according to section 5.1.1:
339 * senderNonce present
340 * -- 128 (pseudo-)random bits
341 * The senderNonce and recipNonce fields protect the PKIMessage against
342 * replay attacks. The senderNonce will typically be 128 bits of
343 * (pseudo-) random data generated by the sender, whereas the recipNonce
344 * is copied from the senderNonce of the previous message in the
347 if (!set_random(&hdr
->senderNonce
, ctx
, OSSL_CMP_SENDERNONCE_LENGTH
))
350 /* store senderNonce - for cmp with recipNonce in next outgoing msg */
351 if (!OSSL_CMP_CTX_set1_senderNonce(ctx
, hdr
->senderNonce
))
355 * freeText [7] PKIFreeText OPTIONAL,
356 * -- this may be used to indicate context-specific instructions
357 * -- (this field is intended for human consumption)
359 if (ctx
->freeText
!= NULL
360 && !ossl_cmp_hdr_push1_freeText(hdr
, ctx
->freeText
))