]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/cms/cms_sd.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Introduce X509_add_cert[s] simplifying various additions to cert lists
[thirdparty/openssl.git] / crypto / cms / cms_sd.c
1 /*
2 * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include "internal/cryptlib.h"
11 #include <openssl/asn1t.h>
12 #include <openssl/pem.h>
13 #include <openssl/x509.h>
14 #include <openssl/x509v3.h>
15 #include <openssl/err.h>
16 #include <openssl/cms.h>
17 #include <openssl/ess.h>
18 #include "cms_local.h"
19 #include "crypto/asn1.h"
20 #include "crypto/evp.h"
21 #include "crypto/cms.h"
22 #include "crypto/ess.h"
23 #include "crypto/x509.h" /* for X509_add_cert_new() */
24
25 DEFINE_STACK_OF(CMS_RevocationInfoChoice)
26 DEFINE_STACK_OF(CMS_SignerInfo)
27 DEFINE_STACK_OF(X509)
28 DEFINE_STACK_OF(X509_ALGOR)
29 DEFINE_STACK_OF(X509_ATTRIBUTE)
30
31 /* CMS SignedData Utilities */
32
33 static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
34 {
35 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) {
36 CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA);
37 return NULL;
38 }
39 return cms->d.signedData;
40 }
41
42 static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
43 {
44 if (cms->d.other == NULL) {
45 cms->d.signedData = M_ASN1_new_of(CMS_SignedData);
46 if (!cms->d.signedData) {
47 CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE);
48 return NULL;
49 }
50 cms->d.signedData->version = 1;
51 cms->d.signedData->encapContentInfo->eContentType =
52 OBJ_nid2obj(NID_pkcs7_data);
53 cms->d.signedData->encapContentInfo->partial = 1;
54 ASN1_OBJECT_free(cms->contentType);
55 cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
56 return cms->d.signedData;
57 }
58 return cms_get0_signed(cms);
59 }
60
61 /* Just initialise SignedData e.g. for certs only structure */
62
63 int CMS_SignedData_init(CMS_ContentInfo *cms)
64 {
65 if (cms_signed_data_init(cms))
66 return 1;
67 else
68 return 0;
69 }
70
71
72 /* Check structures and fixup version numbers (if necessary) */
73
74 static void cms_sd_set_version(CMS_SignedData *sd)
75 {
76 int i;
77 CMS_CertificateChoices *cch;
78 CMS_RevocationInfoChoice *rch;
79 CMS_SignerInfo *si;
80
81 for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++) {
82 cch = sk_CMS_CertificateChoices_value(sd->certificates, i);
83 if (cch->type == CMS_CERTCHOICE_OTHER) {
84 if (sd->version < 5)
85 sd->version = 5;
86 } else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
87 if (sd->version < 4)
88 sd->version = 4;
89 } else if (cch->type == CMS_CERTCHOICE_V1ACERT) {
90 if (sd->version < 3)
91 sd->version = 3;
92 }
93 }
94
95 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++) {
96 rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i);
97 if (rch->type == CMS_REVCHOICE_OTHER) {
98 if (sd->version < 5)
99 sd->version = 5;
100 }
101 }
102
103 if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data)
104 && (sd->version < 3))
105 sd->version = 3;
106
107 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) {
108 si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
109 if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
110 if (si->version < 3)
111 si->version = 3;
112 if (sd->version < 3)
113 sd->version = 3;
114 } else if (si->version < 1)
115 si->version = 1;
116 }
117
118 if (sd->version < 1)
119 sd->version = 1;
120
121 }
122
123 /*
124 * RFC 5652 Section 11.1 Content Type
125 * The content-type attribute within signed-data MUST
126 * 1) be present if there are signed attributes
127 * 2) match the content type in the signed-data,
128 * 3) be a signed attribute.
129 * 4) not have more than one copy of the attribute.
130 *
131 * Note that since the CMS_SignerInfo_sign() always adds the "signing time"
132 * attribute, the content type attribute MUST be added also.
133 * Assumptions: This assumes that the attribute does not already exist.
134 */
135 static int cms_set_si_contentType_attr(CMS_ContentInfo *cms, CMS_SignerInfo *si)
136 {
137 ASN1_OBJECT *ctype = cms->d.signedData->encapContentInfo->eContentType;
138
139 /* Add the contentType attribute */
140 return CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
141 V_ASN1_OBJECT, ctype, -1) > 0;
142 }
143
144 /* Copy an existing messageDigest value */
145
146 static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
147 {
148 STACK_OF(CMS_SignerInfo) *sinfos;
149 CMS_SignerInfo *sitmp;
150 int i;
151
152 sinfos = CMS_get0_SignerInfos(cms);
153 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
154 ASN1_OCTET_STRING *messageDigest;
155
156 sitmp = sk_CMS_SignerInfo_value(sinfos, i);
157 if (sitmp == si)
158 continue;
159 if (CMS_signed_get_attr_count(sitmp) < 0)
160 continue;
161 if (OBJ_cmp(si->digestAlgorithm->algorithm,
162 sitmp->digestAlgorithm->algorithm))
163 continue;
164 messageDigest = CMS_signed_get0_data_by_OBJ(sitmp,
165 OBJ_nid2obj
166 (NID_pkcs9_messageDigest),
167 -3, V_ASN1_OCTET_STRING);
168 if (!messageDigest) {
169 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST,
170 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
171 return 0;
172 }
173
174 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
175 V_ASN1_OCTET_STRING,
176 messageDigest, -1))
177 return 1;
178 else
179 return 0;
180 }
181 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST);
182 return 0;
183 }
184
185 int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type,
186 const CMS_CTX *ctx)
187 {
188 switch (type) {
189 case CMS_SIGNERINFO_ISSUER_SERIAL:
190 if (!cms_set1_ias(&sid->d.issuerAndSerialNumber, cert))
191 return 0;
192 break;
193
194 case CMS_SIGNERINFO_KEYIDENTIFIER:
195 if (!cms_set1_keyid(&sid->d.subjectKeyIdentifier, cert))
196 return 0;
197 break;
198
199 default:
200 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID);
201 return 0;
202 }
203
204 sid->type = type;
205
206 return 1;
207 }
208
209 int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
210 ASN1_OCTET_STRING **keyid,
211 X509_NAME **issuer,
212 ASN1_INTEGER **sno)
213 {
214 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) {
215 if (issuer)
216 *issuer = sid->d.issuerAndSerialNumber->issuer;
217 if (sno)
218 *sno = sid->d.issuerAndSerialNumber->serialNumber;
219 } else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
220 if (keyid)
221 *keyid = sid->d.subjectKeyIdentifier;
222 } else
223 return 0;
224 return 1;
225 }
226
227 int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
228 {
229 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
230 return cms_ias_cert_cmp(sid->d.issuerAndSerialNumber, cert);
231 else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
232 return cms_keyid_cert_cmp(sid->d.subjectKeyIdentifier, cert);
233 else
234 return -1;
235 }
236
237 static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd)
238 {
239 EVP_PKEY *pkey = si->pkey;
240 int i;
241
242 if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL)
243 return 1;
244 i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_SIGN, cmd, si);
245 if (i == -2) {
246 CMSerr(CMS_F_CMS_SD_ASN1_CTRL, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
247 return 0;
248 }
249 if (i <= 0) {
250 CMSerr(CMS_F_CMS_SD_ASN1_CTRL, CMS_R_CTRL_FAILURE);
251 return 0;
252 }
253 return 1;
254 }
255
256 CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
257 X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
258 unsigned int flags)
259 {
260 CMS_SignedData *sd;
261 CMS_SignerInfo *si = NULL;
262 X509_ALGOR *alg;
263 int i, type;
264 const CMS_CTX *ctx = cms_get0_cmsctx(cms);
265
266 if (!X509_check_private_key(signer, pk)) {
267 CMSerr(CMS_F_CMS_ADD1_SIGNER,
268 CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
269 return NULL;
270 }
271 sd = cms_signed_data_init(cms);
272 if (!sd)
273 goto err;
274 si = M_ASN1_new_of(CMS_SignerInfo);
275 if (!si)
276 goto merr;
277 /* Call for side-effect of computing hash and caching extensions */
278 X509_check_purpose(signer, -1, -1);
279
280 X509_up_ref(signer);
281 EVP_PKEY_up_ref(pk);
282
283 si->cms_ctx = ctx;
284 si->pkey = pk;
285 si->signer = signer;
286 si->mctx = EVP_MD_CTX_new();
287 si->pctx = NULL;
288
289 if (si->mctx == NULL) {
290 CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
291 goto err;
292 }
293
294 if (flags & CMS_USE_KEYID) {
295 si->version = 3;
296 if (sd->version < 3)
297 sd->version = 3;
298 type = CMS_SIGNERINFO_KEYIDENTIFIER;
299 } else {
300 type = CMS_SIGNERINFO_ISSUER_SERIAL;
301 si->version = 1;
302 }
303
304 if (!cms_set1_SignerIdentifier(si->sid, signer, type, ctx))
305 goto err;
306
307 if (md == NULL) {
308 int def_nid;
309 if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
310 goto err;
311 md = EVP_get_digestbynid(def_nid);
312 if (md == NULL) {
313 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST);
314 goto err;
315 }
316 }
317
318 if (!md) {
319 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET);
320 goto err;
321 }
322
323 if (md == NULL) {
324 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET);
325 goto err;
326 }
327
328 X509_ALGOR_set_md(si->digestAlgorithm, md);
329
330 /* See if digest is present in digestAlgorithms */
331 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
332 const ASN1_OBJECT *aoid;
333 alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
334 X509_ALGOR_get0(&aoid, NULL, NULL, alg);
335 if (OBJ_obj2nid(aoid) == EVP_MD_type(md))
336 break;
337 }
338
339 if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) {
340 alg = X509_ALGOR_new();
341 if (alg == NULL)
342 goto merr;
343 X509_ALGOR_set_md(alg, md);
344 if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) {
345 X509_ALGOR_free(alg);
346 goto merr;
347 }
348 }
349
350 if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0))
351 goto err;
352 if (!(flags & CMS_NOATTR)) {
353 /*
354 * Initialize signed attributes structure so other attributes
355 * such as signing time etc are added later even if we add none here.
356 */
357 if (!si->signedAttrs) {
358 si->signedAttrs = sk_X509_ATTRIBUTE_new_null();
359 if (!si->signedAttrs)
360 goto merr;
361 }
362
363 if (!(flags & CMS_NOSMIMECAP)) {
364 STACK_OF(X509_ALGOR) *smcap = NULL;
365 i = CMS_add_standard_smimecap(&smcap);
366 if (i)
367 i = CMS_add_smimecap(si, smcap);
368 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
369 if (!i)
370 goto merr;
371 }
372 if (flags & CMS_CADES) {
373 ESS_SIGNING_CERT *sc = NULL;
374 ESS_SIGNING_CERT_V2 *sc2 = NULL;
375 int add_sc;
376
377 if (md == EVP_sha1() || md == NULL) {
378 if ((sc = ESS_SIGNING_CERT_new_init(signer,
379 NULL, 1)) == NULL)
380 goto err;
381 add_sc = cms_add1_signing_cert(si, sc);
382 ESS_SIGNING_CERT_free(sc);
383 } else {
384 if ((sc2 = ESS_SIGNING_CERT_V2_new_init(md, signer,
385 NULL, 1)) == NULL)
386 goto err;
387 add_sc = cms_add1_signing_cert_v2(si, sc2);
388 ESS_SIGNING_CERT_V2_free(sc2);
389 }
390 if (!add_sc)
391 goto err;
392 }
393 if (flags & CMS_REUSE_DIGEST) {
394 if (!cms_copy_messageDigest(cms, si))
395 goto err;
396 if (!cms_set_si_contentType_attr(cms, si))
397 goto err;
398 if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) &&
399 !CMS_SignerInfo_sign(si))
400 goto err;
401 }
402 }
403
404 if (!(flags & CMS_NOCERTS)) {
405 /* NB ignore -1 return for duplicate cert */
406 if (!CMS_add1_cert(cms, signer))
407 goto merr;
408 }
409
410 if (flags & CMS_KEY_PARAM) {
411 if (flags & CMS_NOATTR) {
412 si->pctx = EVP_PKEY_CTX_new_from_pkey(ctx->libctx, si->pkey,
413 ctx->propq);
414 if (si->pctx == NULL)
415 goto err;
416 if (EVP_PKEY_sign_init(si->pctx) <= 0)
417 goto err;
418 if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0)
419 goto err;
420 } else if (EVP_DigestSignInit_with_libctx(si->mctx, &si->pctx,
421 EVP_MD_name(md),
422 ctx->libctx, ctx->propq,
423 pk) <= 0) {
424 goto err;
425 }
426 }
427
428 if (!sd->signerInfos)
429 sd->signerInfos = sk_CMS_SignerInfo_new_null();
430 if (!sd->signerInfos || !sk_CMS_SignerInfo_push(sd->signerInfos, si))
431 goto merr;
432
433 return si;
434
435 merr:
436 CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
437 err:
438 M_ASN1_free_of(si, CMS_SignerInfo);
439 return NULL;
440
441 }
442
443 void cms_SignerInfos_set_cmsctx(CMS_ContentInfo *cms)
444 {
445 int i;
446 CMS_SignerInfo *si;
447 STACK_OF(CMS_SignerInfo) *sinfos = CMS_get0_SignerInfos(cms);
448 const CMS_CTX *ctx = cms_get0_cmsctx(cms);
449
450 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
451 si = sk_CMS_SignerInfo_value(sinfos, i);
452 if (si != NULL)
453 si->cms_ctx = ctx;
454 }
455 }
456
457 static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
458 {
459 ASN1_TIME *tt;
460 int r = 0;
461
462 if (t != NULL)
463 tt = t;
464 else
465 tt = X509_gmtime_adj(NULL, 0);
466
467 if (tt == NULL)
468 goto merr;
469
470 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime,
471 tt->type, tt, -1) <= 0)
472 goto merr;
473
474 r = 1;
475 merr:
476 if (t == NULL)
477 ASN1_TIME_free(tt);
478
479 if (!r)
480 CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE);
481
482 return r;
483
484 }
485
486 EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si)
487 {
488 return si->pctx;
489 }
490
491 EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si)
492 {
493 return si->mctx;
494 }
495
496 STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms)
497 {
498 CMS_SignedData *sd = cms_get0_signed(cms);
499
500 return sd != NULL ? sd->signerInfos : NULL;
501 }
502
503 STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
504 {
505 STACK_OF(X509) *signers = NULL;
506 STACK_OF(CMS_SignerInfo) *sinfos;
507 CMS_SignerInfo *si;
508 int i;
509
510 sinfos = CMS_get0_SignerInfos(cms);
511 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
512 si = sk_CMS_SignerInfo_value(sinfos, i);
513 if (si->signer != NULL) {
514 if (!X509_add_cert_new(&signers, si->signer,
515 X509_ADD_FLAG_DEFAULT)) {
516 sk_X509_free(signers);
517 return NULL;
518 }
519 }
520 }
521 return signers;
522 }
523
524 void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
525 {
526 if (signer != NULL) {
527 X509_up_ref(signer);
528 EVP_PKEY_free(si->pkey);
529 si->pkey = X509_get_pubkey(signer);
530 }
531 X509_free(si->signer);
532 si->signer = signer;
533 }
534
535 int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
536 ASN1_OCTET_STRING **keyid,
537 X509_NAME **issuer, ASN1_INTEGER **sno)
538 {
539 return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno);
540 }
541
542 int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert)
543 {
544 return cms_SignerIdentifier_cert_cmp(si->sid, cert);
545 }
546
547 int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
548 unsigned int flags)
549 {
550 CMS_SignedData *sd;
551 CMS_SignerInfo *si;
552 CMS_CertificateChoices *cch;
553 STACK_OF(CMS_CertificateChoices) *certs;
554 X509 *x;
555 int i, j;
556 int ret = 0;
557
558 sd = cms_get0_signed(cms);
559 if (sd == NULL)
560 return -1;
561 certs = sd->certificates;
562 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) {
563 si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
564 if (si->signer != NULL)
565 continue;
566
567 for (j = 0; j < sk_X509_num(scerts); j++) {
568 x = sk_X509_value(scerts, j);
569 if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
570 CMS_SignerInfo_set1_signer_cert(si, x);
571 ret++;
572 break;
573 }
574 }
575
576 if (si->signer != NULL || (flags & CMS_NOINTERN))
577 continue;
578
579 for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) {
580 cch = sk_CMS_CertificateChoices_value(certs, j);
581 if (cch->type != 0)
582 continue;
583 x = cch->d.certificate;
584 if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
585 CMS_SignerInfo_set1_signer_cert(si, x);
586 ret++;
587 break;
588 }
589 }
590 }
591 return ret;
592 }
593
594 void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
595 X509 **signer, X509_ALGOR **pdig,
596 X509_ALGOR **psig)
597 {
598 if (pk != NULL)
599 *pk = si->pkey;
600 if (signer != NULL)
601 *signer = si->signer;
602 if (pdig != NULL)
603 *pdig = si->digestAlgorithm;
604 if (psig != NULL)
605 *psig = si->signatureAlgorithm;
606 }
607
608 ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si)
609 {
610 return si->signature;
611 }
612
613 static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
614 CMS_SignerInfo *si, BIO *chain)
615 {
616 EVP_MD_CTX *mctx = EVP_MD_CTX_new();
617 int r = 0;
618 EVP_PKEY_CTX *pctx = NULL;
619 const CMS_CTX *ctx = cms_get0_cmsctx(cms);
620
621 if (mctx == NULL) {
622 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
623 return 0;
624 }
625
626 if (si->pkey == NULL) {
627 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
628 goto err;
629 }
630
631 if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
632 goto err;
633 /* Set SignerInfo algorithm details if we used custom parameter */
634 if (si->pctx && !cms_sd_asn1_ctrl(si, 0))
635 goto err;
636
637 /*
638 * If any signed attributes calculate and add messageDigest attribute
639 */
640
641 if (CMS_signed_get_attr_count(si) >= 0) {
642 unsigned char md[EVP_MAX_MD_SIZE];
643 unsigned int mdlen;
644
645 if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
646 goto err;
647 if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
648 V_ASN1_OCTET_STRING, md, mdlen))
649 goto err;
650 /* Copy content type across */
651 if (!cms_set_si_contentType_attr(cms, si))
652 goto err;
653
654 if (!CMS_SignerInfo_sign(si))
655 goto err;
656 } else if (si->pctx) {
657 unsigned char *sig;
658 size_t siglen;
659 unsigned char md[EVP_MAX_MD_SIZE];
660 unsigned int mdlen;
661
662 pctx = si->pctx;
663 if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
664 goto err;
665 siglen = EVP_PKEY_size(si->pkey);
666 sig = OPENSSL_malloc(siglen);
667 if (sig == NULL) {
668 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
669 goto err;
670 }
671 if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0) {
672 OPENSSL_free(sig);
673 goto err;
674 }
675 ASN1_STRING_set0(si->signature, sig, siglen);
676 } else {
677 unsigned char *sig;
678 unsigned int siglen;
679
680 sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey));
681 if (sig == NULL) {
682 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
683 goto err;
684 }
685 if (!EVP_SignFinal_with_libctx(mctx, sig, &siglen, si->pkey,
686 ctx->libctx, ctx->propq)) {
687 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_SIGNFINAL_ERROR);
688 OPENSSL_free(sig);
689 goto err;
690 }
691 ASN1_STRING_set0(si->signature, sig, siglen);
692 }
693
694 r = 1;
695
696 err:
697 EVP_MD_CTX_free(mctx);
698 EVP_PKEY_CTX_free(pctx);
699 return r;
700
701 }
702
703 int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
704 {
705 STACK_OF(CMS_SignerInfo) *sinfos;
706 CMS_SignerInfo *si;
707 int i;
708
709 sinfos = CMS_get0_SignerInfos(cms);
710 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
711 si = sk_CMS_SignerInfo_value(sinfos, i);
712 if (!cms_SignerInfo_content_sign(cms, si, chain))
713 return 0;
714 }
715 cms->d.signedData->encapContentInfo->partial = 0;
716 return 1;
717 }
718
719 int CMS_SignerInfo_sign(CMS_SignerInfo *si)
720 {
721 EVP_MD_CTX *mctx = si->mctx;
722 EVP_PKEY_CTX *pctx = NULL;
723 unsigned char *abuf = NULL;
724 int alen;
725 size_t siglen;
726 const CMS_CTX *ctx = si->cms_ctx;
727 const char *md_name = OBJ_nid2sn(OBJ_obj2nid(si->digestAlgorithm->algorithm));
728
729 if (md_name == NULL)
730 return 0;
731
732 if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) {
733 if (!cms_add1_signingTime(si, NULL))
734 goto err;
735 }
736
737 if (!CMS_si_check_attributes(si))
738 goto err;
739
740 if (si->pctx)
741 pctx = si->pctx;
742 else {
743 EVP_MD_CTX_reset(mctx);
744 if (EVP_DigestSignInit_with_libctx(mctx, &pctx,
745 md_name, ctx->libctx, ctx->propq,
746 si->pkey) <= 0)
747 goto err;
748 si->pctx = pctx;
749 }
750
751 /*
752 * TODO(3.0): This causes problems when providers are in use, so disabled
753 * for now. Can we get rid of this completely? AFAICT this ctrl has been
754 * present since CMS was first put in - but has never been used to do
755 * anything. All internal implementations just return 1 and ignore this ctrl
756 * and have always done so by the looks of things. To fix this we could
757 * convert this ctrl into a param, which would require us to send all the
758 * signer info data as a set of params...but that is non-trivial and since
759 * this isn't used by anything it may be better just to remove it.
760 */
761 #if 0
762 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
763 EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) {
764 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
765 goto err;
766 }
767 #endif
768
769 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
770 ASN1_ITEM_rptr(CMS_Attributes_Sign));
771 if (!abuf)
772 goto err;
773 if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0)
774 goto err;
775 if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0)
776 goto err;
777 OPENSSL_free(abuf);
778 abuf = OPENSSL_malloc(siglen);
779 if (abuf == NULL)
780 goto err;
781 if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0)
782 goto err;
783
784 /*
785 * TODO(3.0): This causes problems when providers are in use, so disabled
786 * for now. Can we get rid of this completely? AFAICT this ctrl has been
787 * present since CMS was first put in - but has never been used to do
788 * anything. All internal implementations just return 1 and ignore this ctrl
789 * and have always done so by the looks of things. To fix this we could
790 * convert this ctrl into a param, which would require us to send all the
791 * signer info data as a set of params...but that is non-trivial and since
792 * this isn't used by anything it may be better just to remove it.
793 */
794 #if 0
795 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
796 EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) {
797 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
798 goto err;
799 }
800 #endif
801
802 EVP_MD_CTX_reset(mctx);
803
804 ASN1_STRING_set0(si->signature, abuf, siglen);
805
806 return 1;
807
808 err:
809 OPENSSL_free(abuf);
810 EVP_MD_CTX_reset(mctx);
811 return 0;
812 }
813
814 int CMS_SignerInfo_verify(CMS_SignerInfo *si)
815 {
816 EVP_MD_CTX *mctx = NULL;
817 unsigned char *abuf = NULL;
818 int alen, r = -1;
819 const char *name;
820 EVP_MD *md = NULL;
821 const CMS_CTX *ctx = si->cms_ctx;
822
823 if (si->pkey == NULL) {
824 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY);
825 return -1;
826 }
827
828 if (!CMS_si_check_attributes(si))
829 return -1;
830
831 name = OBJ_nid2sn(OBJ_obj2nid(si->digestAlgorithm->algorithm));
832 md = EVP_MD_fetch(ctx->libctx, name, ctx->propq);
833 if (md == NULL)
834 return -1;
835 if (si->mctx == NULL && (si->mctx = EVP_MD_CTX_new()) == NULL) {
836 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, ERR_R_MALLOC_FAILURE);
837 goto err;
838 }
839 mctx = si->mctx;
840 if (EVP_DigestVerifyInit_with_libctx(mctx, &si->pctx,
841 EVP_MD_name(md), ctx->libctx, NULL,
842 si->pkey) <= 0)
843 goto err;
844
845 if (!cms_sd_asn1_ctrl(si, 1))
846 goto err;
847
848 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
849 ASN1_ITEM_rptr(CMS_Attributes_Verify));
850 if (!abuf)
851 goto err;
852 r = EVP_DigestVerifyUpdate(mctx, abuf, alen);
853 OPENSSL_free(abuf);
854 if (r <= 0) {
855 r = -1;
856 goto err;
857 }
858 r = EVP_DigestVerifyFinal(mctx,
859 si->signature->data, si->signature->length);
860 if (r <= 0)
861 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
862 err:
863 EVP_MD_free(md);
864 EVP_MD_CTX_reset(mctx);
865 return r;
866 }
867
868 /* Create a chain of digest BIOs from a CMS ContentInfo */
869
870 BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms)
871 {
872 int i;
873 CMS_SignedData *sd;
874 BIO *chain = NULL;
875
876 sd = cms_get0_signed(cms);
877 if (sd == NULL)
878 return NULL;
879 if (cms->d.signedData->encapContentInfo->partial)
880 cms_sd_set_version(sd);
881 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
882 X509_ALGOR *digestAlgorithm;
883 BIO *mdbio;
884
885 digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
886 mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm, cms_get0_cmsctx(cms));
887 if (mdbio == NULL)
888 goto err;
889 if (chain != NULL)
890 BIO_push(chain, mdbio);
891 else
892 chain = mdbio;
893 }
894 return chain;
895 err:
896 BIO_free_all(chain);
897 return NULL;
898 }
899
900 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
901 {
902 ASN1_OCTET_STRING *os = NULL;
903 EVP_MD_CTX *mctx = EVP_MD_CTX_new();
904 EVP_PKEY_CTX *pkctx = NULL;
905 int r = -1;
906 unsigned char mval[EVP_MAX_MD_SIZE];
907 unsigned int mlen;
908
909 if (mctx == NULL) {
910 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, ERR_R_MALLOC_FAILURE);
911 goto err;
912 }
913 /* If we have any signed attributes look for messageDigest value */
914 if (CMS_signed_get_attr_count(si) >= 0) {
915 os = CMS_signed_get0_data_by_OBJ(si,
916 OBJ_nid2obj(NID_pkcs9_messageDigest),
917 -3, V_ASN1_OCTET_STRING);
918 if (os == NULL) {
919 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
920 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
921 goto err;
922 }
923 }
924
925 if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
926 goto err;
927
928 if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) {
929 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
930 CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
931 goto err;
932 }
933
934 /* If messageDigest found compare it */
935
936 if (os != NULL) {
937 if (mlen != (unsigned int)os->length) {
938 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
939 CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
940 goto err;
941 }
942
943 if (memcmp(mval, os->data, mlen)) {
944 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
945 CMS_R_VERIFICATION_FAILURE);
946 r = 0;
947 } else
948 r = 1;
949 } else {
950 const EVP_MD *md = EVP_MD_CTX_md(mctx);
951 const CMS_CTX *ctx = si->cms_ctx;
952
953 pkctx = EVP_PKEY_CTX_new_from_pkey(ctx->libctx, si->pkey, ctx->propq);
954 if (pkctx == NULL)
955 goto err;
956 if (EVP_PKEY_verify_init(pkctx) <= 0)
957 goto err;
958 if (EVP_PKEY_CTX_set_signature_md(pkctx, md) <= 0)
959 goto err;
960 si->pctx = pkctx;
961 if (!cms_sd_asn1_ctrl(si, 1))
962 goto err;
963 r = EVP_PKEY_verify(pkctx, si->signature->data,
964 si->signature->length, mval, mlen);
965 if (r <= 0) {
966 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
967 CMS_R_VERIFICATION_FAILURE);
968 r = 0;
969 }
970 }
971
972 err:
973 EVP_PKEY_CTX_free(pkctx);
974 EVP_MD_CTX_free(mctx);
975 return r;
976
977 }
978
979 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
980 {
981 unsigned char *smder = NULL;
982 int smderlen, r;
983
984 smderlen = i2d_X509_ALGORS(algs, &smder);
985 if (smderlen <= 0)
986 return 0;
987 r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities,
988 V_ASN1_SEQUENCE, smder, smderlen);
989 OPENSSL_free(smder);
990 return r;
991 }
992
993 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
994 int algnid, int keysize)
995 {
996 X509_ALGOR *alg;
997 ASN1_INTEGER *key = NULL;
998
999 if (keysize > 0) {
1000 key = ASN1_INTEGER_new();
1001 if (key == NULL || !ASN1_INTEGER_set(key, keysize)) {
1002 ASN1_INTEGER_free(key);
1003 return 0;
1004 }
1005 }
1006 alg = X509_ALGOR_new();
1007 if (alg == NULL) {
1008 ASN1_INTEGER_free(key);
1009 return 0;
1010 }
1011
1012 X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
1013 key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
1014 if (*algs == NULL)
1015 *algs = sk_X509_ALGOR_new_null();
1016 if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) {
1017 X509_ALGOR_free(alg);
1018 return 0;
1019 }
1020 return 1;
1021 }
1022
1023 /* Check to see if a cipher exists and if so add S/MIME capabilities */
1024
1025 static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
1026 {
1027 if (EVP_get_cipherbynid(nid))
1028 return CMS_add_simple_smimecap(sk, nid, arg);
1029 return 1;
1030 }
1031
1032 static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
1033 {
1034 if (EVP_get_digestbynid(nid))
1035 return CMS_add_simple_smimecap(sk, nid, arg);
1036 return 1;
1037 }
1038
1039 int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
1040 {
1041 if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
1042 || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1)
1043 || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1)
1044 || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
1045 || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
1046 || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
1047 || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
1048 || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
1049 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128)
1050 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64)
1051 || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1)
1052 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40))
1053 return 0;
1054 return 1;
1055 }
A mirror of the official openssl repository