ts_rsp_sign.c 32 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057
  1. /*
  2. * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include "e_os.h"
  10. #include "internal/cryptlib.h"
  11. #include <openssl/objects.h>
  12. #include <openssl/ts.h>
  13. #include <openssl/pkcs7.h>
  14. #include <openssl/crypto.h>
  15. #include "ts_lcl.h"
  16. static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *);
  17. static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec);
  18. static int def_extension_cb(struct TS_resp_ctx *, X509_EXTENSION *, void *);
  19. static void ts_RESP_CTX_init(TS_RESP_CTX *ctx);
  20. static void ts_RESP_CTX_cleanup(TS_RESP_CTX *ctx);
  21. static int ts_RESP_check_request(TS_RESP_CTX *ctx);
  22. static ASN1_OBJECT *ts_RESP_get_policy(TS_RESP_CTX *ctx);
  23. static TS_TST_INFO *ts_RESP_create_tst_info(TS_RESP_CTX *ctx,
  24. ASN1_OBJECT *policy);
  25. static int ts_RESP_process_extensions(TS_RESP_CTX *ctx);
  26. static int ts_RESP_sign(TS_RESP_CTX *ctx);
  27. static ESS_SIGNING_CERT *ess_SIGNING_CERT_new_init(X509 *signcert,
  28. STACK_OF(X509) *certs);
  29. static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed);
  30. static int ts_TST_INFO_content_new(PKCS7 *p7);
  31. static int ess_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc);
  32. static ESS_SIGNING_CERT_V2 *ess_signing_cert_v2_new_init(const EVP_MD *hash_alg,
  33. X509 *signcert,
  34. STACK_OF(X509)
  35. *certs);
  36. static ESS_CERT_ID_V2 *ess_cert_id_v2_new_init(const EVP_MD *hash_alg,
  37. X509 *cert, int issuer_needed);
  38. static int ess_add_signing_cert_v2(PKCS7_SIGNER_INFO *si,
  39. ESS_SIGNING_CERT_V2 *sc);
  40. static ASN1_GENERALIZEDTIME
  41. *TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *, long, long,
  42. unsigned);
  43. /* Default callback for response generation. */
  44. static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data)
  45. {
  46. ASN1_INTEGER *serial = ASN1_INTEGER_new();
  47. if (serial == NULL)
  48. goto err;
  49. if (!ASN1_INTEGER_set(serial, 1))
  50. goto err;
  51. return serial;
  52. err:
  53. TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE);
  54. TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
  55. "Error during serial number generation.");
  56. return NULL;
  57. }
  58. #if defined(OPENSSL_SYS_UNIX)
  59. static int def_time_cb(struct TS_resp_ctx *ctx, void *data,
  60. long *sec, long *usec)
  61. {
  62. struct timeval tv;
  63. if (gettimeofday(&tv, NULL) != 0) {
  64. TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR);
  65. TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
  66. "Time is not available.");
  67. TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE);
  68. return 0;
  69. }
  70. *sec = tv.tv_sec;
  71. *usec = tv.tv_usec;
  72. return 1;
  73. }
  74. #else
  75. static int def_time_cb(struct TS_resp_ctx *ctx, void *data,
  76. long *sec, long *usec)
  77. {
  78. time_t t;
  79. if (time(&t) == (time_t)-1) {
  80. TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR);
  81. TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
  82. "Time is not available.");
  83. TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE);
  84. return 0;
  85. }
  86. *sec = (long)t;
  87. *usec = 0;
  88. return 1;
  89. }
  90. #endif
  91. static int def_extension_cb(struct TS_resp_ctx *ctx, X509_EXTENSION *ext,
  92. void *data)
  93. {
  94. TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
  95. "Unsupported extension.");
  96. TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_EXTENSION);
  97. return 0;
  98. }
  99. /* TS_RESP_CTX management functions. */
  100. TS_RESP_CTX *TS_RESP_CTX_new()
  101. {
  102. TS_RESP_CTX *ctx;
  103. if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
  104. TSerr(TS_F_TS_RESP_CTX_NEW, ERR_R_MALLOC_FAILURE);
  105. return NULL;
  106. }
  107. ctx->signer_md = EVP_sha256();
  108. ctx->serial_cb = def_serial_cb;
  109. ctx->time_cb = def_time_cb;
  110. ctx->extension_cb = def_extension_cb;
  111. return ctx;
  112. }
  113. void TS_RESP_CTX_free(TS_RESP_CTX *ctx)
  114. {
  115. if (!ctx)
  116. return;
  117. X509_free(ctx->signer_cert);
  118. EVP_PKEY_free(ctx->signer_key);
  119. sk_X509_pop_free(ctx->certs, X509_free);
  120. sk_ASN1_OBJECT_pop_free(ctx->policies, ASN1_OBJECT_free);
  121. ASN1_OBJECT_free(ctx->default_policy);
  122. sk_EVP_MD_free(ctx->mds); /* No EVP_MD_free method exists. */
  123. ASN1_INTEGER_free(ctx->seconds);
  124. ASN1_INTEGER_free(ctx->millis);
  125. ASN1_INTEGER_free(ctx->micros);
  126. OPENSSL_free(ctx);
  127. }
  128. int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer)
  129. {
  130. if (X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) != 1) {
  131. TSerr(TS_F_TS_RESP_CTX_SET_SIGNER_CERT,
  132. TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE);
  133. return 0;
  134. }
  135. X509_free(ctx->signer_cert);
  136. ctx->signer_cert = signer;
  137. X509_up_ref(ctx->signer_cert);
  138. return 1;
  139. }
  140. int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key)
  141. {
  142. EVP_PKEY_free(ctx->signer_key);
  143. ctx->signer_key = key;
  144. EVP_PKEY_up_ref(ctx->signer_key);
  145. return 1;
  146. }
  147. int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx, const EVP_MD *md)
  148. {
  149. ctx->signer_md = md;
  150. return 1;
  151. }
  152. int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy)
  153. {
  154. ASN1_OBJECT_free(ctx->default_policy);
  155. if ((ctx->default_policy = OBJ_dup(def_policy)) == NULL)
  156. goto err;
  157. return 1;
  158. err:
  159. TSerr(TS_F_TS_RESP_CTX_SET_DEF_POLICY, ERR_R_MALLOC_FAILURE);
  160. return 0;
  161. }
  162. int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
  163. {
  164. sk_X509_pop_free(ctx->certs, X509_free);
  165. ctx->certs = NULL;
  166. if (!certs)
  167. return 1;
  168. if ((ctx->certs = X509_chain_up_ref(certs)) == NULL) {
  169. TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE);
  170. return 0;
  171. }
  172. return 1;
  173. }
  174. int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy)
  175. {
  176. ASN1_OBJECT *copy = NULL;
  177. if (ctx->policies == NULL
  178. && (ctx->policies = sk_ASN1_OBJECT_new_null()) == NULL)
  179. goto err;
  180. if ((copy = OBJ_dup(policy)) == NULL)
  181. goto err;
  182. if (!sk_ASN1_OBJECT_push(ctx->policies, copy))
  183. goto err;
  184. return 1;
  185. err:
  186. TSerr(TS_F_TS_RESP_CTX_ADD_POLICY, ERR_R_MALLOC_FAILURE);
  187. ASN1_OBJECT_free(copy);
  188. return 0;
  189. }
  190. int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md)
  191. {
  192. if (ctx->mds == NULL
  193. && (ctx->mds = sk_EVP_MD_new_null()) == NULL)
  194. goto err;
  195. if (!sk_EVP_MD_push(ctx->mds, md))
  196. goto err;
  197. return 1;
  198. err:
  199. TSerr(TS_F_TS_RESP_CTX_ADD_MD, ERR_R_MALLOC_FAILURE);
  200. return 0;
  201. }
  202. #define TS_RESP_CTX_accuracy_free(ctx) \
  203. ASN1_INTEGER_free(ctx->seconds); \
  204. ctx->seconds = NULL; \
  205. ASN1_INTEGER_free(ctx->millis); \
  206. ctx->millis = NULL; \
  207. ASN1_INTEGER_free(ctx->micros); \
  208. ctx->micros = NULL;
  209. int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx,
  210. int secs, int millis, int micros)
  211. {
  212. TS_RESP_CTX_accuracy_free(ctx);
  213. if (secs
  214. && ((ctx->seconds = ASN1_INTEGER_new()) == NULL
  215. || !ASN1_INTEGER_set(ctx->seconds, secs)))
  216. goto err;
  217. if (millis
  218. && ((ctx->millis = ASN1_INTEGER_new()) == NULL
  219. || !ASN1_INTEGER_set(ctx->millis, millis)))
  220. goto err;
  221. if (micros
  222. && ((ctx->micros = ASN1_INTEGER_new()) == NULL
  223. || !ASN1_INTEGER_set(ctx->micros, micros)))
  224. goto err;
  225. return 1;
  226. err:
  227. TS_RESP_CTX_accuracy_free(ctx);
  228. TSerr(TS_F_TS_RESP_CTX_SET_ACCURACY, ERR_R_MALLOC_FAILURE);
  229. return 0;
  230. }
  231. void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags)
  232. {
  233. ctx->flags |= flags;
  234. }
  235. void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data)
  236. {
  237. ctx->serial_cb = cb;
  238. ctx->serial_cb_data = data;
  239. }
  240. void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data)
  241. {
  242. ctx->time_cb = cb;
  243. ctx->time_cb_data = data;
  244. }
  245. void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx,
  246. TS_extension_cb cb, void *data)
  247. {
  248. ctx->extension_cb = cb;
  249. ctx->extension_cb_data = data;
  250. }
  251. int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx,
  252. int status, const char *text)
  253. {
  254. TS_STATUS_INFO *si = NULL;
  255. ASN1_UTF8STRING *utf8_text = NULL;
  256. int ret = 0;
  257. if ((si = TS_STATUS_INFO_new()) == NULL)
  258. goto err;
  259. if (!ASN1_INTEGER_set(si->status, status))
  260. goto err;
  261. if (text) {
  262. if ((utf8_text = ASN1_UTF8STRING_new()) == NULL
  263. || !ASN1_STRING_set(utf8_text, text, strlen(text)))
  264. goto err;
  265. if (si->text == NULL
  266. && (si->text = sk_ASN1_UTF8STRING_new_null()) == NULL)
  267. goto err;
  268. if (!sk_ASN1_UTF8STRING_push(si->text, utf8_text))
  269. goto err;
  270. utf8_text = NULL; /* Ownership is lost. */
  271. }
  272. if (!TS_RESP_set_status_info(ctx->response, si))
  273. goto err;
  274. ret = 1;
  275. err:
  276. if (!ret)
  277. TSerr(TS_F_TS_RESP_CTX_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE);
  278. TS_STATUS_INFO_free(si);
  279. ASN1_UTF8STRING_free(utf8_text);
  280. return ret;
  281. }
  282. int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx,
  283. int status, const char *text)
  284. {
  285. int ret = 1;
  286. TS_STATUS_INFO *si = ctx->response->status_info;
  287. if (ASN1_INTEGER_get(si->status) == TS_STATUS_GRANTED) {
  288. ret = TS_RESP_CTX_set_status_info(ctx, status, text);
  289. }
  290. return ret;
  291. }
  292. int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure)
  293. {
  294. TS_STATUS_INFO *si = ctx->response->status_info;
  295. if (si->failure_info == NULL
  296. && (si->failure_info = ASN1_BIT_STRING_new()) == NULL)
  297. goto err;
  298. if (!ASN1_BIT_STRING_set_bit(si->failure_info, failure, 1))
  299. goto err;
  300. return 1;
  301. err:
  302. TSerr(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO, ERR_R_MALLOC_FAILURE);
  303. return 0;
  304. }
  305. TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx)
  306. {
  307. return ctx->request;
  308. }
  309. TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx)
  310. {
  311. return ctx->tst_info;
  312. }
  313. int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx,
  314. unsigned precision)
  315. {
  316. if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
  317. return 0;
  318. ctx->clock_precision_digits = precision;
  319. return 1;
  320. }
  321. /* Main entry method of the response generation. */
  322. TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio)
  323. {
  324. ASN1_OBJECT *policy;
  325. TS_RESP *response;
  326. int result = 0;
  327. ts_RESP_CTX_init(ctx);
  328. if ((ctx->response = TS_RESP_new()) == NULL) {
  329. TSerr(TS_F_TS_RESP_CREATE_RESPONSE, ERR_R_MALLOC_FAILURE);
  330. goto end;
  331. }
  332. if ((ctx->request = d2i_TS_REQ_bio(req_bio, NULL)) == NULL) {
  333. TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
  334. "Bad request format or system error.");
  335. TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT);
  336. goto end;
  337. }
  338. if (!TS_RESP_CTX_set_status_info(ctx, TS_STATUS_GRANTED, NULL))
  339. goto end;
  340. if (!ts_RESP_check_request(ctx))
  341. goto end;
  342. if ((policy = ts_RESP_get_policy(ctx)) == NULL)
  343. goto end;
  344. if ((ctx->tst_info = ts_RESP_create_tst_info(ctx, policy)) == NULL)
  345. goto end;
  346. if (!ts_RESP_process_extensions(ctx))
  347. goto end;
  348. if (!ts_RESP_sign(ctx))
  349. goto end;
  350. result = 1;
  351. end:
  352. if (!result) {
  353. TSerr(TS_F_TS_RESP_CREATE_RESPONSE, TS_R_RESPONSE_SETUP_ERROR);
  354. if (ctx->response != NULL) {
  355. if (TS_RESP_CTX_set_status_info_cond(ctx,
  356. TS_STATUS_REJECTION,
  357. "Error during response "
  358. "generation.") == 0) {
  359. TS_RESP_free(ctx->response);
  360. ctx->response = NULL;
  361. }
  362. }
  363. }
  364. response = ctx->response;
  365. ctx->response = NULL; /* Ownership will be returned to caller. */
  366. ts_RESP_CTX_cleanup(ctx);
  367. return response;
  368. }
  369. /* Initializes the variable part of the context. */
  370. static void ts_RESP_CTX_init(TS_RESP_CTX *ctx)
  371. {
  372. ctx->request = NULL;
  373. ctx->response = NULL;
  374. ctx->tst_info = NULL;
  375. }
  376. /* Cleans up the variable part of the context. */
  377. static void ts_RESP_CTX_cleanup(TS_RESP_CTX *ctx)
  378. {
  379. TS_REQ_free(ctx->request);
  380. ctx->request = NULL;
  381. TS_RESP_free(ctx->response);
  382. ctx->response = NULL;
  383. TS_TST_INFO_free(ctx->tst_info);
  384. ctx->tst_info = NULL;
  385. }
  386. /* Checks the format and content of the request. */
  387. static int ts_RESP_check_request(TS_RESP_CTX *ctx)
  388. {
  389. TS_REQ *request = ctx->request;
  390. TS_MSG_IMPRINT *msg_imprint;
  391. X509_ALGOR *md_alg;
  392. int md_alg_id;
  393. const ASN1_OCTET_STRING *digest;
  394. const EVP_MD *md = NULL;
  395. int i;
  396. if (TS_REQ_get_version(request) != 1) {
  397. TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
  398. "Bad request version.");
  399. TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_REQUEST);
  400. return 0;
  401. }
  402. msg_imprint = request->msg_imprint;
  403. md_alg = msg_imprint->hash_algo;
  404. md_alg_id = OBJ_obj2nid(md_alg->algorithm);
  405. for (i = 0; !md && i < sk_EVP_MD_num(ctx->mds); ++i) {
  406. const EVP_MD *current_md = sk_EVP_MD_value(ctx->mds, i);
  407. if (md_alg_id == EVP_MD_type(current_md))
  408. md = current_md;
  409. }
  410. if (!md) {
  411. TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
  412. "Message digest algorithm is "
  413. "not supported.");
  414. TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG);
  415. return 0;
  416. }
  417. if (md_alg->parameter && ASN1_TYPE_get(md_alg->parameter) != V_ASN1_NULL) {
  418. TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
  419. "Superfluous message digest "
  420. "parameter.");
  421. TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG);
  422. return 0;
  423. }
  424. digest = msg_imprint->hashed_msg;
  425. if (digest->length != EVP_MD_size(md)) {
  426. TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
  427. "Bad message digest.");
  428. TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT);
  429. return 0;
  430. }
  431. return 1;
  432. }
  433. /* Returns the TSA policy based on the requested and acceptable policies. */
  434. static ASN1_OBJECT *ts_RESP_get_policy(TS_RESP_CTX *ctx)
  435. {
  436. ASN1_OBJECT *requested = ctx->request->policy_id;
  437. ASN1_OBJECT *policy = NULL;
  438. int i;
  439. if (ctx->default_policy == NULL) {
  440. TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_INVALID_NULL_POINTER);
  441. return NULL;
  442. }
  443. if (!requested || !OBJ_cmp(requested, ctx->default_policy))
  444. policy = ctx->default_policy;
  445. /* Check if the policy is acceptable. */
  446. for (i = 0; !policy && i < sk_ASN1_OBJECT_num(ctx->policies); ++i) {
  447. ASN1_OBJECT *current = sk_ASN1_OBJECT_value(ctx->policies, i);
  448. if (!OBJ_cmp(requested, current))
  449. policy = current;
  450. }
  451. if (!policy) {
  452. TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_UNACCEPTABLE_POLICY);
  453. TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
  454. "Requested policy is not " "supported.");
  455. TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_POLICY);
  456. }
  457. return policy;
  458. }
  459. /* Creates the TS_TST_INFO object based on the settings of the context. */
  460. static TS_TST_INFO *ts_RESP_create_tst_info(TS_RESP_CTX *ctx,
  461. ASN1_OBJECT *policy)
  462. {
  463. int result = 0;
  464. TS_TST_INFO *tst_info = NULL;
  465. ASN1_INTEGER *serial = NULL;
  466. ASN1_GENERALIZEDTIME *asn1_time = NULL;
  467. long sec, usec;
  468. TS_ACCURACY *accuracy = NULL;
  469. const ASN1_INTEGER *nonce;
  470. GENERAL_NAME *tsa_name = NULL;
  471. if ((tst_info = TS_TST_INFO_new()) == NULL)
  472. goto end;
  473. if (!TS_TST_INFO_set_version(tst_info, 1))
  474. goto end;
  475. if (!TS_TST_INFO_set_policy_id(tst_info, policy))
  476. goto end;
  477. if (!TS_TST_INFO_set_msg_imprint(tst_info, ctx->request->msg_imprint))
  478. goto end;
  479. if ((serial = ctx->serial_cb(ctx, ctx->serial_cb_data)) == NULL
  480. || !TS_TST_INFO_set_serial(tst_info, serial))
  481. goto end;
  482. if (!ctx->time_cb(ctx, ctx->time_cb_data, &sec, &usec)
  483. || (asn1_time =
  484. TS_RESP_set_genTime_with_precision(NULL, sec, usec,
  485. ctx->clock_precision_digits)) == NULL
  486. || !TS_TST_INFO_set_time(tst_info, asn1_time))
  487. goto end;
  488. if ((ctx->seconds || ctx->millis || ctx->micros)
  489. && (accuracy = TS_ACCURACY_new()) == NULL)
  490. goto end;
  491. if (ctx->seconds && !TS_ACCURACY_set_seconds(accuracy, ctx->seconds))
  492. goto end;
  493. if (ctx->millis && !TS_ACCURACY_set_millis(accuracy, ctx->millis))
  494. goto end;
  495. if (ctx->micros && !TS_ACCURACY_set_micros(accuracy, ctx->micros))
  496. goto end;
  497. if (accuracy && !TS_TST_INFO_set_accuracy(tst_info, accuracy))
  498. goto end;
  499. if ((ctx->flags & TS_ORDERING)
  500. && !TS_TST_INFO_set_ordering(tst_info, 1))
  501. goto end;
  502. if ((nonce = ctx->request->nonce) != NULL
  503. && !TS_TST_INFO_set_nonce(tst_info, nonce))
  504. goto end;
  505. if (ctx->flags & TS_TSA_NAME) {
  506. if ((tsa_name = GENERAL_NAME_new()) == NULL)
  507. goto end;
  508. tsa_name->type = GEN_DIRNAME;
  509. tsa_name->d.dirn =
  510. X509_NAME_dup(X509_get_subject_name(ctx->signer_cert));
  511. if (!tsa_name->d.dirn)
  512. goto end;
  513. if (!TS_TST_INFO_set_tsa(tst_info, tsa_name))
  514. goto end;
  515. }
  516. result = 1;
  517. end:
  518. if (!result) {
  519. TS_TST_INFO_free(tst_info);
  520. tst_info = NULL;
  521. TSerr(TS_F_TS_RESP_CREATE_TST_INFO, TS_R_TST_INFO_SETUP_ERROR);
  522. TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION,
  523. "Error during TSTInfo "
  524. "generation.");
  525. }
  526. GENERAL_NAME_free(tsa_name);
  527. TS_ACCURACY_free(accuracy);
  528. ASN1_GENERALIZEDTIME_free(asn1_time);
  529. ASN1_INTEGER_free(serial);
  530. return tst_info;
  531. }
  532. /* Processing the extensions of the request. */
  533. static int ts_RESP_process_extensions(TS_RESP_CTX *ctx)
  534. {
  535. STACK_OF(X509_EXTENSION) *exts = ctx->request->extensions;
  536. int i;
  537. int ok = 1;
  538. for (i = 0; ok && i < sk_X509_EXTENSION_num(exts); ++i) {
  539. X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
  540. /*
  541. * The last argument was previously (void *)ctx->extension_cb,
  542. * but ISO C doesn't permit converting a function pointer to void *.
  543. * For lack of better information, I'm placing a NULL there instead.
  544. * The callback can pick its own address out from the ctx anyway...
  545. */
  546. ok = (*ctx->extension_cb) (ctx, ext, NULL);
  547. }
  548. return ok;
  549. }
  550. /* Functions for signing the TS_TST_INFO structure of the context. */
  551. static int ts_RESP_sign(TS_RESP_CTX *ctx)
  552. {
  553. int ret = 0;
  554. PKCS7 *p7 = NULL;
  555. PKCS7_SIGNER_INFO *si;
  556. STACK_OF(X509) *certs; /* Certificates to include in sc. */
  557. ESS_SIGNING_CERT_V2 *sc2 = NULL;
  558. ESS_SIGNING_CERT *sc = NULL;
  559. ASN1_OBJECT *oid;
  560. BIO *p7bio = NULL;
  561. int i;
  562. if (!X509_check_private_key(ctx->signer_cert, ctx->signer_key)) {
  563. TSerr(TS_F_TS_RESP_SIGN, TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
  564. goto err;
  565. }
  566. if ((p7 = PKCS7_new()) == NULL) {
  567. TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE);
  568. goto err;
  569. }
  570. if (!PKCS7_set_type(p7, NID_pkcs7_signed))
  571. goto err;
  572. if (!ASN1_INTEGER_set(p7->d.sign->version, 3))
  573. goto err;
  574. if (ctx->request->cert_req) {
  575. PKCS7_add_certificate(p7, ctx->signer_cert);
  576. if (ctx->certs) {
  577. for (i = 0; i < sk_X509_num(ctx->certs); ++i) {
  578. X509 *cert = sk_X509_value(ctx->certs, i);
  579. PKCS7_add_certificate(p7, cert);
  580. }
  581. }
  582. }
  583. if ((si = PKCS7_add_signature(p7, ctx->signer_cert,
  584. ctx->signer_key, ctx->signer_md)) == NULL) {
  585. TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNATURE_ERROR);
  586. goto err;
  587. }
  588. oid = OBJ_nid2obj(NID_id_smime_ct_TSTInfo);
  589. if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
  590. V_ASN1_OBJECT, oid)) {
  591. TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR);
  592. goto err;
  593. }
  594. certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL;
  595. if (ctx->ess_cert_id_digest == NULL
  596. || ctx->ess_cert_id_digest == EVP_sha1()) {
  597. if ((sc = ess_SIGNING_CERT_new_init(ctx->signer_cert, certs)) == NULL)
  598. goto err;
  599. if (!ess_add_signing_cert(si, sc)) {
  600. TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_ERROR);
  601. goto err;
  602. }
  603. } else {
  604. sc2 = ess_signing_cert_v2_new_init(ctx->ess_cert_id_digest,
  605. ctx->signer_cert, certs);
  606. if (sc2 == NULL)
  607. goto err;
  608. if (!ess_add_signing_cert_v2(si, sc2)) {
  609. TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR);
  610. goto err;
  611. }
  612. }
  613. if (!ts_TST_INFO_content_new(p7))
  614. goto err;
  615. if ((p7bio = PKCS7_dataInit(p7, NULL)) == NULL) {
  616. TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE);
  617. goto err;
  618. }
  619. if (!i2d_TS_TST_INFO_bio(p7bio, ctx->tst_info)) {
  620. TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN);
  621. goto err;
  622. }
  623. if (!PKCS7_dataFinal(p7, p7bio)) {
  624. TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN);
  625. goto err;
  626. }
  627. TS_RESP_set_tst_info(ctx->response, p7, ctx->tst_info);
  628. p7 = NULL; /* Ownership is lost. */
  629. ctx->tst_info = NULL; /* Ownership is lost. */
  630. ret = 1;
  631. err:
  632. if (!ret)
  633. TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION,
  634. "Error during signature "
  635. "generation.");
  636. BIO_free_all(p7bio);
  637. ESS_SIGNING_CERT_V2_free(sc2);
  638. ESS_SIGNING_CERT_free(sc);
  639. PKCS7_free(p7);
  640. return ret;
  641. }
  642. static ESS_SIGNING_CERT *ess_SIGNING_CERT_new_init(X509 *signcert,
  643. STACK_OF(X509) *certs)
  644. {
  645. ESS_CERT_ID *cid;
  646. ESS_SIGNING_CERT *sc = NULL;
  647. int i;
  648. if ((sc = ESS_SIGNING_CERT_new()) == NULL)
  649. goto err;
  650. if (sc->cert_ids == NULL
  651. && (sc->cert_ids = sk_ESS_CERT_ID_new_null()) == NULL)
  652. goto err;
  653. if ((cid = ess_CERT_ID_new_init(signcert, 0)) == NULL
  654. || !sk_ESS_CERT_ID_push(sc->cert_ids, cid))
  655. goto err;
  656. for (i = 0; i < sk_X509_num(certs); ++i) {
  657. X509 *cert = sk_X509_value(certs, i);
  658. if ((cid = ess_CERT_ID_new_init(cert, 1)) == NULL
  659. || !sk_ESS_CERT_ID_push(sc->cert_ids, cid))
  660. goto err;
  661. }
  662. return sc;
  663. err:
  664. ESS_SIGNING_CERT_free(sc);
  665. TSerr(TS_F_ESS_SIGNING_CERT_NEW_INIT, ERR_R_MALLOC_FAILURE);
  666. return NULL;
  667. }
  668. static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed)
  669. {
  670. ESS_CERT_ID *cid = NULL;
  671. GENERAL_NAME *name = NULL;
  672. unsigned char cert_sha1[SHA_DIGEST_LENGTH];
  673. /* Call for side-effect of computing hash and caching extensions */
  674. X509_check_purpose(cert, -1, 0);
  675. if ((cid = ESS_CERT_ID_new()) == NULL)
  676. goto err;
  677. X509_digest(cert, EVP_sha1(), cert_sha1, NULL);
  678. if (!ASN1_OCTET_STRING_set(cid->hash, cert_sha1, SHA_DIGEST_LENGTH))
  679. goto err;
  680. /* Setting the issuer/serial if requested. */
  681. if (issuer_needed) {
  682. if (cid->issuer_serial == NULL
  683. && (cid->issuer_serial = ESS_ISSUER_SERIAL_new()) == NULL)
  684. goto err;
  685. if ((name = GENERAL_NAME_new()) == NULL)
  686. goto err;
  687. name->type = GEN_DIRNAME;
  688. if ((name->d.dirn = X509_NAME_dup(X509_get_issuer_name(cert))) == NULL)
  689. goto err;
  690. if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name))
  691. goto err;
  692. name = NULL; /* Ownership is lost. */
  693. ASN1_INTEGER_free(cid->issuer_serial->serial);
  694. if (!(cid->issuer_serial->serial =
  695. ASN1_INTEGER_dup(X509_get_serialNumber(cert))))
  696. goto err;
  697. }
  698. return cid;
  699. err:
  700. GENERAL_NAME_free(name);
  701. ESS_CERT_ID_free(cid);
  702. TSerr(TS_F_ESS_CERT_ID_NEW_INIT, ERR_R_MALLOC_FAILURE);
  703. return NULL;
  704. }
  705. static int ts_TST_INFO_content_new(PKCS7 *p7)
  706. {
  707. PKCS7 *ret = NULL;
  708. ASN1_OCTET_STRING *octet_string = NULL;
  709. /* Create new encapsulated NID_id_smime_ct_TSTInfo content. */
  710. if ((ret = PKCS7_new()) == NULL)
  711. goto err;
  712. if ((ret->d.other = ASN1_TYPE_new()) == NULL)
  713. goto err;
  714. ret->type = OBJ_nid2obj(NID_id_smime_ct_TSTInfo);
  715. if ((octet_string = ASN1_OCTET_STRING_new()) == NULL)
  716. goto err;
  717. ASN1_TYPE_set(ret->d.other, V_ASN1_OCTET_STRING, octet_string);
  718. octet_string = NULL;
  719. /* Add encapsulated content to signed PKCS7 structure. */
  720. if (!PKCS7_set_content(p7, ret))
  721. goto err;
  722. return 1;
  723. err:
  724. ASN1_OCTET_STRING_free(octet_string);
  725. PKCS7_free(ret);
  726. return 0;
  727. }
  728. static int ess_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc)
  729. {
  730. ASN1_STRING *seq = NULL;
  731. unsigned char *p, *pp = NULL;
  732. int len;
  733. len = i2d_ESS_SIGNING_CERT(sc, NULL);
  734. if ((pp = OPENSSL_malloc(len)) == NULL) {
  735. TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE);
  736. goto err;
  737. }
  738. p = pp;
  739. i2d_ESS_SIGNING_CERT(sc, &p);
  740. if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) {
  741. TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE);
  742. goto err;
  743. }
  744. OPENSSL_free(pp);
  745. pp = NULL;
  746. return PKCS7_add_signed_attribute(si,
  747. NID_id_smime_aa_signingCertificate,
  748. V_ASN1_SEQUENCE, seq);
  749. err:
  750. ASN1_STRING_free(seq);
  751. OPENSSL_free(pp);
  752. return 0;
  753. }
  754. static ESS_SIGNING_CERT_V2 *ess_signing_cert_v2_new_init(const EVP_MD *hash_alg,
  755. X509 *signcert,
  756. STACK_OF(X509) *certs)
  757. {
  758. ESS_CERT_ID_V2 *cid = NULL;
  759. ESS_SIGNING_CERT_V2 *sc = NULL;
  760. int i;
  761. if ((sc = ESS_SIGNING_CERT_V2_new()) == NULL)
  762. goto err;
  763. if ((cid = ess_cert_id_v2_new_init(hash_alg, signcert, 0)) == NULL)
  764. goto err;
  765. if (!sk_ESS_CERT_ID_V2_push(sc->cert_ids, cid))
  766. goto err;
  767. cid = NULL;
  768. for (i = 0; i < sk_X509_num(certs); ++i) {
  769. X509 *cert = sk_X509_value(certs, i);
  770. if ((cid = ess_cert_id_v2_new_init(hash_alg, cert, 1)) == NULL)
  771. goto err;
  772. if (!sk_ESS_CERT_ID_V2_push(sc->cert_ids, cid))
  773. goto err;
  774. cid = NULL;
  775. }
  776. return sc;
  777. err:
  778. ESS_SIGNING_CERT_V2_free(sc);
  779. ESS_CERT_ID_V2_free(cid);
  780. TSerr(TS_F_ESS_SIGNING_CERT_V2_NEW_INIT, ERR_R_MALLOC_FAILURE);
  781. return NULL;
  782. }
  783. static ESS_CERT_ID_V2 *ess_cert_id_v2_new_init(const EVP_MD *hash_alg,
  784. X509 *cert, int issuer_needed)
  785. {
  786. ESS_CERT_ID_V2 *cid = NULL;
  787. GENERAL_NAME *name = NULL;
  788. unsigned char hash[EVP_MAX_MD_SIZE];
  789. unsigned int hash_len = sizeof(hash);
  790. X509_ALGOR *alg = NULL;
  791. memset(hash, 0, sizeof(hash));
  792. if ((cid = ESS_CERT_ID_V2_new()) == NULL)
  793. goto err;
  794. if (hash_alg != EVP_sha256()) {
  795. alg = X509_ALGOR_new();
  796. if (alg == NULL)
  797. goto err;
  798. X509_ALGOR_set_md(alg, hash_alg);
  799. if (alg->algorithm == NULL)
  800. goto err;
  801. cid->hash_alg = alg;
  802. alg = NULL;
  803. } else {
  804. cid->hash_alg = NULL;
  805. }
  806. if (!X509_digest(cert, hash_alg, hash, &hash_len))
  807. goto err;
  808. if (!ASN1_OCTET_STRING_set(cid->hash, hash, hash_len))
  809. goto err;
  810. if (issuer_needed) {
  811. if ((cid->issuer_serial = ESS_ISSUER_SERIAL_new()) == NULL)
  812. goto err;
  813. if ((name = GENERAL_NAME_new()) == NULL)
  814. goto err;
  815. name->type = GEN_DIRNAME;
  816. if ((name->d.dirn = X509_NAME_dup(X509_get_issuer_name(cert))) == NULL)
  817. goto err;
  818. if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name))
  819. goto err;
  820. name = NULL; /* Ownership is lost. */
  821. ASN1_INTEGER_free(cid->issuer_serial->serial);
  822. cid->issuer_serial->serial =
  823. ASN1_INTEGER_dup(X509_get_serialNumber(cert));
  824. if (cid->issuer_serial->serial == NULL)
  825. goto err;
  826. }
  827. return cid;
  828. err:
  829. X509_ALGOR_free(alg);
  830. GENERAL_NAME_free(name);
  831. ESS_CERT_ID_V2_free(cid);
  832. TSerr(TS_F_ESS_CERT_ID_V2_NEW_INIT, ERR_R_MALLOC_FAILURE);
  833. return NULL;
  834. }
  835. static int ess_add_signing_cert_v2(PKCS7_SIGNER_INFO *si,
  836. ESS_SIGNING_CERT_V2 *sc)
  837. {
  838. ASN1_STRING *seq = NULL;
  839. unsigned char *p, *pp = NULL;
  840. int len = i2d_ESS_SIGNING_CERT_V2(sc, NULL);
  841. if ((pp = OPENSSL_malloc(len)) == NULL) {
  842. TSerr(TS_F_ESS_ADD_SIGNING_CERT_V2, ERR_R_MALLOC_FAILURE);
  843. goto err;
  844. }
  845. p = pp;
  846. i2d_ESS_SIGNING_CERT_V2(sc, &p);
  847. if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) {
  848. TSerr(TS_F_ESS_ADD_SIGNING_CERT_V2, ERR_R_MALLOC_FAILURE);
  849. goto err;
  850. }
  851. OPENSSL_free(pp);
  852. pp = NULL;
  853. return PKCS7_add_signed_attribute(si,
  854. NID_id_smime_aa_signingCertificateV2,
  855. V_ASN1_SEQUENCE, seq);
  856. err:
  857. ASN1_STRING_free(seq);
  858. OPENSSL_free(pp);
  859. return 0;
  860. }
  861. static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision(
  862. ASN1_GENERALIZEDTIME *asn1_time, long sec, long usec,
  863. unsigned precision)
  864. {
  865. time_t time_sec = (time_t)sec;
  866. struct tm *tm = NULL, tm_result;
  867. char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS];
  868. char *p = genTime_str;
  869. char *p_end = genTime_str + sizeof(genTime_str);
  870. if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
  871. goto err;
  872. if ((tm = OPENSSL_gmtime(&time_sec, &tm_result)) == NULL)
  873. goto err;
  874. /*
  875. * Put "genTime_str" in GeneralizedTime format. We work around the
  876. * restrictions imposed by rfc3280 (i.e. "GeneralizedTime values MUST
  877. * NOT include fractional seconds") and OpenSSL related functions to
  878. * meet the rfc3161 requirement: "GeneralizedTime syntax can include
  879. * fraction-of-second details".
  880. */
  881. p += BIO_snprintf(p, p_end - p,
  882. "%04d%02d%02d%02d%02d%02d",
  883. tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
  884. tm->tm_hour, tm->tm_min, tm->tm_sec);
  885. if (precision > 0) {
  886. BIO_snprintf(p, 2 + precision, ".%06ld", usec);
  887. p += strlen(p);
  888. /*
  889. * To make things a bit harder, X.690 | ISO/IEC 8825-1 provides the
  890. * following restrictions for a DER-encoding, which OpenSSL
  891. * (specifically ASN1_GENERALIZEDTIME_check() function) doesn't
  892. * support: "The encoding MUST terminate with a "Z" (which means
  893. * "Zulu" time). The decimal point element, if present, MUST be the
  894. * point option ".". The fractional-seconds elements, if present,
  895. * MUST omit all trailing 0's; if the elements correspond to 0, they
  896. * MUST be wholly omitted, and the decimal point element also MUST be
  897. * omitted."
  898. */
  899. /*
  900. * Remove trailing zeros. The dot guarantees the exit condition of
  901. * this loop even if all the digits are zero.
  902. */
  903. while (*--p == '0')
  904. continue;
  905. if (*p != '.')
  906. ++p;
  907. }
  908. *p++ = 'Z';
  909. *p++ = '\0';
  910. if (asn1_time == NULL
  911. && (asn1_time = ASN1_GENERALIZEDTIME_new()) == NULL)
  912. goto err;
  913. if (!ASN1_GENERALIZEDTIME_set_string(asn1_time, genTime_str)) {
  914. ASN1_GENERALIZEDTIME_free(asn1_time);
  915. goto err;
  916. }
  917. return asn1_time;
  918. err:
  919. TSerr(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, TS_R_COULD_NOT_SET_TIME);
  920. return NULL;
  921. }
  922. int TS_RESP_CTX_set_ess_cert_id_digest(TS_RESP_CTX *ctx, const EVP_MD *md)
  923. {
  924. ctx->ess_cert_id_digest = md;
  925. return 1;
  926. }