cms_env.c 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775
  1. /* crypto/cms/cms_env.c */
  2. /*
  3. * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  4. * project.
  5. */
  6. /* ====================================================================
  7. * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
  8. *
  9. * Redistribution and use in source and binary forms, with or without
  10. * modification, are permitted provided that the following conditions
  11. * are met:
  12. *
  13. * 1. Redistributions of source code must retain the above copyright
  14. * notice, this list of conditions and the following disclaimer.
  15. *
  16. * 2. Redistributions in binary form must reproduce the above copyright
  17. * notice, this list of conditions and the following disclaimer in
  18. * the documentation and/or other materials provided with the
  19. * distribution.
  20. *
  21. * 3. All advertising materials mentioning features or use of this
  22. * software must display the following acknowledgment:
  23. * "This product includes software developed by the OpenSSL Project
  24. * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  25. *
  26. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  27. * endorse or promote products derived from this software without
  28. * prior written permission. For written permission, please contact
  29. * licensing@OpenSSL.org.
  30. *
  31. * 5. Products derived from this software may not be called "OpenSSL"
  32. * nor may "OpenSSL" appear in their names without prior written
  33. * permission of the OpenSSL Project.
  34. *
  35. * 6. Redistributions of any form whatsoever must retain the following
  36. * acknowledgment:
  37. * "This product includes software developed by the OpenSSL Project
  38. * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  39. *
  40. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  41. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  42. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  43. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  44. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  45. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  46. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  47. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  49. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  50. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  51. * OF THE POSSIBILITY OF SUCH DAMAGE.
  52. * ====================================================================
  53. */
  54. #include "cryptlib.h"
  55. #include <openssl/asn1t.h>
  56. #include <openssl/pem.h>
  57. #include <openssl/x509v3.h>
  58. #include <openssl/err.h>
  59. #include <openssl/cms.h>
  60. #include <openssl/rand.h>
  61. #include <openssl/aes.h>
  62. #include "cms_lcl.h"
  63. /* CMS EnvelopedData Utilities */
  64. DECLARE_ASN1_ITEM(CMS_EnvelopedData)
  65. DECLARE_ASN1_ITEM(CMS_RecipientInfo)
  66. DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
  67. DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
  68. DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
  69. DECLARE_STACK_OF(CMS_RecipientInfo)
  70. static CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
  71. {
  72. if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
  73. CMSerr(CMS_F_CMS_GET0_ENVELOPED,
  74. CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
  75. return NULL;
  76. }
  77. return cms->d.envelopedData;
  78. }
  79. static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
  80. {
  81. if (cms->d.other == NULL) {
  82. cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
  83. if (!cms->d.envelopedData) {
  84. CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT, ERR_R_MALLOC_FAILURE);
  85. return NULL;
  86. }
  87. cms->d.envelopedData->version = 0;
  88. cms->d.envelopedData->encryptedContentInfo->contentType =
  89. OBJ_nid2obj(NID_pkcs7_data);
  90. ASN1_OBJECT_free(cms->contentType);
  91. cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
  92. return cms->d.envelopedData;
  93. }
  94. return cms_get0_enveloped(cms);
  95. }
  96. STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
  97. {
  98. CMS_EnvelopedData *env;
  99. env = cms_get0_enveloped(cms);
  100. if (!env)
  101. return NULL;
  102. return env->recipientInfos;
  103. }
  104. int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
  105. {
  106. return ri->type;
  107. }
  108. CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
  109. {
  110. CMS_ContentInfo *cms;
  111. CMS_EnvelopedData *env;
  112. cms = CMS_ContentInfo_new();
  113. if (!cms)
  114. goto merr;
  115. env = cms_enveloped_data_init(cms);
  116. if (!env)
  117. goto merr;
  118. if (!cms_EncryptedContent_init(env->encryptedContentInfo,
  119. cipher, NULL, 0))
  120. goto merr;
  121. return cms;
  122. merr:
  123. if (cms)
  124. CMS_ContentInfo_free(cms);
  125. CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
  126. return NULL;
  127. }
  128. /* Key Transport Recipient Info (KTRI) routines */
  129. /*
  130. * Add a recipient certificate. For now only handle key transport. If we ever
  131. * handle key agreement will need updating.
  132. */
  133. CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
  134. X509 *recip, unsigned int flags)
  135. {
  136. CMS_RecipientInfo *ri = NULL;
  137. CMS_KeyTransRecipientInfo *ktri;
  138. CMS_EnvelopedData *env;
  139. EVP_PKEY *pk = NULL;
  140. int type;
  141. env = cms_get0_enveloped(cms);
  142. if (!env)
  143. goto err;
  144. /* Initialize recipient info */
  145. ri = M_ASN1_new_of(CMS_RecipientInfo);
  146. if (!ri)
  147. goto merr;
  148. /* Initialize and add key transport recipient info */
  149. ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
  150. if (!ri->d.ktri)
  151. goto merr;
  152. ri->type = CMS_RECIPINFO_TRANS;
  153. ktri = ri->d.ktri;
  154. X509_check_purpose(recip, -1, -1);
  155. pk = X509_get_pubkey(recip);
  156. if (!pk) {
  157. CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, CMS_R_ERROR_GETTING_PUBLIC_KEY);
  158. goto err;
  159. }
  160. CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
  161. ktri->pkey = pk;
  162. ktri->recip = recip;
  163. if (flags & CMS_USE_KEYID) {
  164. ktri->version = 2;
  165. if (env->version < 2)
  166. env->version = 2;
  167. type = CMS_RECIPINFO_KEYIDENTIFIER;
  168. } else {
  169. ktri->version = 0;
  170. type = CMS_RECIPINFO_ISSUER_SERIAL;
  171. }
  172. /*
  173. * Not a typo: RecipientIdentifier and SignerIdentifier are the same
  174. * structure.
  175. */
  176. if (!cms_set1_SignerIdentifier(ktri->rid, recip, type))
  177. goto err;
  178. /*
  179. * Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8, hard code
  180. * algorithm parameters.
  181. */
  182. if (pk->type == EVP_PKEY_RSA) {
  183. X509_ALGOR_set0(ktri->keyEncryptionAlgorithm,
  184. OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
  185. } else {
  186. CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
  187. CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
  188. goto err;
  189. }
  190. if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
  191. goto merr;
  192. return ri;
  193. merr:
  194. CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
  195. err:
  196. if (ri)
  197. M_ASN1_free_of(ri, CMS_RecipientInfo);
  198. return NULL;
  199. }
  200. int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
  201. EVP_PKEY **pk, X509 **recip,
  202. X509_ALGOR **palg)
  203. {
  204. CMS_KeyTransRecipientInfo *ktri;
  205. if (ri->type != CMS_RECIPINFO_TRANS) {
  206. CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
  207. CMS_R_NOT_KEY_TRANSPORT);
  208. return 0;
  209. }
  210. ktri = ri->d.ktri;
  211. if (pk)
  212. *pk = ktri->pkey;
  213. if (recip)
  214. *recip = ktri->recip;
  215. if (palg)
  216. *palg = ktri->keyEncryptionAlgorithm;
  217. return 1;
  218. }
  219. int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
  220. ASN1_OCTET_STRING **keyid,
  221. X509_NAME **issuer,
  222. ASN1_INTEGER **sno)
  223. {
  224. CMS_KeyTransRecipientInfo *ktri;
  225. if (ri->type != CMS_RECIPINFO_TRANS) {
  226. CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
  227. CMS_R_NOT_KEY_TRANSPORT);
  228. return 0;
  229. }
  230. ktri = ri->d.ktri;
  231. return cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer, sno);
  232. }
  233. int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
  234. {
  235. if (ri->type != CMS_RECIPINFO_TRANS) {
  236. CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
  237. CMS_R_NOT_KEY_TRANSPORT);
  238. return -2;
  239. }
  240. return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
  241. }
  242. int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
  243. {
  244. if (ri->type != CMS_RECIPINFO_TRANS) {
  245. CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT);
  246. return 0;
  247. }
  248. ri->d.ktri->pkey = pkey;
  249. return 1;
  250. }
  251. /* Encrypt content key in key transport recipient info */
  252. static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
  253. CMS_RecipientInfo *ri)
  254. {
  255. CMS_KeyTransRecipientInfo *ktri;
  256. CMS_EncryptedContentInfo *ec;
  257. unsigned char *ek = NULL;
  258. int eklen;
  259. int ret = 0;
  260. if (ri->type != CMS_RECIPINFO_TRANS) {
  261. CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_NOT_KEY_TRANSPORT);
  262. return 0;
  263. }
  264. ktri = ri->d.ktri;
  265. ec = cms->d.envelopedData->encryptedContentInfo;
  266. eklen = EVP_PKEY_size(ktri->pkey);
  267. ek = OPENSSL_malloc(eklen);
  268. if (ek == NULL) {
  269. CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
  270. goto err;
  271. }
  272. eklen = EVP_PKEY_encrypt(ek, ec->key, ec->keylen, ktri->pkey);
  273. if (eklen <= 0)
  274. goto err;
  275. ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
  276. ek = NULL;
  277. ret = 1;
  278. err:
  279. if (ek)
  280. OPENSSL_free(ek);
  281. return ret;
  282. }
  283. /* Decrypt content key from KTRI */
  284. static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
  285. CMS_RecipientInfo *ri)
  286. {
  287. CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
  288. unsigned char *ek = NULL;
  289. int eklen;
  290. int ret = 0;
  291. CMS_EncryptedContentInfo *ec;
  292. ec = cms->d.envelopedData->encryptedContentInfo;
  293. if (ktri->pkey == NULL) {
  294. CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_NO_PRIVATE_KEY);
  295. return 0;
  296. }
  297. eklen = EVP_PKEY_size(ktri->pkey);
  298. ek = OPENSSL_malloc(eklen);
  299. if (ek == NULL) {
  300. CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, ERR_R_MALLOC_FAILURE);
  301. goto err;
  302. }
  303. eklen = EVP_PKEY_decrypt(ek,
  304. ktri->encryptedKey->data,
  305. ktri->encryptedKey->length, ktri->pkey);
  306. if (eklen <= 0) {
  307. CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
  308. goto err;
  309. }
  310. ret = 1;
  311. if (ec->key) {
  312. OPENSSL_cleanse(ec->key, ec->keylen);
  313. OPENSSL_free(ec->key);
  314. }
  315. ec->key = ek;
  316. ec->keylen = eklen;
  317. err:
  318. if (!ret && ek)
  319. OPENSSL_free(ek);
  320. return ret;
  321. }
  322. /* Key Encrypted Key (KEK) RecipientInfo routines */
  323. int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
  324. const unsigned char *id, size_t idlen)
  325. {
  326. ASN1_OCTET_STRING tmp_os;
  327. CMS_KEKRecipientInfo *kekri;
  328. if (ri->type != CMS_RECIPINFO_KEK) {
  329. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK);
  330. return -2;
  331. }
  332. kekri = ri->d.kekri;
  333. tmp_os.type = V_ASN1_OCTET_STRING;
  334. tmp_os.flags = 0;
  335. tmp_os.data = (unsigned char *)id;
  336. tmp_os.length = (int)idlen;
  337. return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
  338. }
  339. /* For now hard code AES key wrap info */
  340. static size_t aes_wrap_keylen(int nid)
  341. {
  342. switch (nid) {
  343. case NID_id_aes128_wrap:
  344. return 16;
  345. case NID_id_aes192_wrap:
  346. return 24;
  347. case NID_id_aes256_wrap:
  348. return 32;
  349. default:
  350. return 0;
  351. }
  352. }
  353. CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
  354. unsigned char *key, size_t keylen,
  355. unsigned char *id, size_t idlen,
  356. ASN1_GENERALIZEDTIME *date,
  357. ASN1_OBJECT *otherTypeId,
  358. ASN1_TYPE *otherType)
  359. {
  360. CMS_RecipientInfo *ri = NULL;
  361. CMS_EnvelopedData *env;
  362. CMS_KEKRecipientInfo *kekri;
  363. env = cms_get0_enveloped(cms);
  364. if (!env)
  365. goto err;
  366. if (nid == NID_undef) {
  367. switch (keylen) {
  368. case 16:
  369. nid = NID_id_aes128_wrap;
  370. break;
  371. case 24:
  372. nid = NID_id_aes192_wrap;
  373. break;
  374. case 32:
  375. nid = NID_id_aes256_wrap;
  376. break;
  377. default:
  378. CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, CMS_R_INVALID_KEY_LENGTH);
  379. goto err;
  380. }
  381. } else {
  382. size_t exp_keylen = aes_wrap_keylen(nid);
  383. if (!exp_keylen) {
  384. CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
  385. CMS_R_UNSUPPORTED_KEK_ALGORITHM);
  386. goto err;
  387. }
  388. if (keylen != exp_keylen) {
  389. CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, CMS_R_INVALID_KEY_LENGTH);
  390. goto err;
  391. }
  392. }
  393. /* Initialize recipient info */
  394. ri = M_ASN1_new_of(CMS_RecipientInfo);
  395. if (!ri)
  396. goto merr;
  397. ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
  398. if (!ri->d.kekri)
  399. goto merr;
  400. ri->type = CMS_RECIPINFO_KEK;
  401. kekri = ri->d.kekri;
  402. if (otherTypeId) {
  403. kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
  404. if (kekri->kekid->other == NULL)
  405. goto merr;
  406. }
  407. if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
  408. goto merr;
  409. /* After this point no calls can fail */
  410. kekri->version = 4;
  411. kekri->key = key;
  412. kekri->keylen = keylen;
  413. ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
  414. kekri->kekid->date = date;
  415. if (kekri->kekid->other) {
  416. kekri->kekid->other->keyAttrId = otherTypeId;
  417. kekri->kekid->other->keyAttr = otherType;
  418. }
  419. X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
  420. OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
  421. return ri;
  422. merr:
  423. CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
  424. err:
  425. if (ri)
  426. M_ASN1_free_of(ri, CMS_RecipientInfo);
  427. return NULL;
  428. }
  429. int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
  430. X509_ALGOR **palg,
  431. ASN1_OCTET_STRING **pid,
  432. ASN1_GENERALIZEDTIME **pdate,
  433. ASN1_OBJECT **potherid,
  434. ASN1_TYPE **pothertype)
  435. {
  436. CMS_KEKIdentifier *rkid;
  437. if (ri->type != CMS_RECIPINFO_KEK) {
  438. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
  439. return 0;
  440. }
  441. rkid = ri->d.kekri->kekid;
  442. if (palg)
  443. *palg = ri->d.kekri->keyEncryptionAlgorithm;
  444. if (pid)
  445. *pid = rkid->keyIdentifier;
  446. if (pdate)
  447. *pdate = rkid->date;
  448. if (potherid) {
  449. if (rkid->other)
  450. *potherid = rkid->other->keyAttrId;
  451. else
  452. *potherid = NULL;
  453. }
  454. if (pothertype) {
  455. if (rkid->other)
  456. *pothertype = rkid->other->keyAttr;
  457. else
  458. *pothertype = NULL;
  459. }
  460. return 1;
  461. }
  462. int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
  463. unsigned char *key, size_t keylen)
  464. {
  465. CMS_KEKRecipientInfo *kekri;
  466. if (ri->type != CMS_RECIPINFO_KEK) {
  467. CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK);
  468. return 0;
  469. }
  470. kekri = ri->d.kekri;
  471. kekri->key = key;
  472. kekri->keylen = keylen;
  473. return 1;
  474. }
  475. /* Encrypt content key in KEK recipient info */
  476. static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
  477. CMS_RecipientInfo *ri)
  478. {
  479. CMS_EncryptedContentInfo *ec;
  480. CMS_KEKRecipientInfo *kekri;
  481. AES_KEY actx;
  482. unsigned char *wkey = NULL;
  483. int wkeylen;
  484. int r = 0;
  485. ec = cms->d.envelopedData->encryptedContentInfo;
  486. kekri = ri->d.kekri;
  487. if (!kekri->key) {
  488. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY);
  489. return 0;
  490. }
  491. if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
  492. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
  493. CMS_R_ERROR_SETTING_KEY);
  494. goto err;
  495. }
  496. wkey = OPENSSL_malloc(ec->keylen + 8);
  497. if (!wkey) {
  498. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
  499. goto err;
  500. }
  501. wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
  502. if (wkeylen <= 0) {
  503. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
  504. goto err;
  505. }
  506. ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
  507. r = 1;
  508. err:
  509. if (!r && wkey)
  510. OPENSSL_free(wkey);
  511. OPENSSL_cleanse(&actx, sizeof(actx));
  512. return r;
  513. }
  514. /* Decrypt content key in KEK recipient info */
  515. static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
  516. CMS_RecipientInfo *ri)
  517. {
  518. CMS_EncryptedContentInfo *ec;
  519. CMS_KEKRecipientInfo *kekri;
  520. AES_KEY actx;
  521. unsigned char *ukey = NULL;
  522. int ukeylen;
  523. int r = 0, wrap_nid;
  524. ec = cms->d.envelopedData->encryptedContentInfo;
  525. kekri = ri->d.kekri;
  526. if (!kekri->key) {
  527. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY);
  528. return 0;
  529. }
  530. wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
  531. if (aes_wrap_keylen(wrap_nid) != kekri->keylen) {
  532. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
  533. CMS_R_INVALID_KEY_LENGTH);
  534. return 0;
  535. }
  536. /* If encrypted key length is invalid don't bother */
  537. if (kekri->encryptedKey->length < 16) {
  538. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
  539. CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
  540. goto err;
  541. }
  542. if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
  543. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
  544. CMS_R_ERROR_SETTING_KEY);
  545. goto err;
  546. }
  547. ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
  548. if (!ukey) {
  549. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, ERR_R_MALLOC_FAILURE);
  550. goto err;
  551. }
  552. ukeylen = AES_unwrap_key(&actx, NULL, ukey,
  553. kekri->encryptedKey->data,
  554. kekri->encryptedKey->length);
  555. if (ukeylen <= 0) {
  556. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_UNWRAP_ERROR);
  557. goto err;
  558. }
  559. ec->key = ukey;
  560. ec->keylen = ukeylen;
  561. r = 1;
  562. err:
  563. if (!r && ukey)
  564. OPENSSL_free(ukey);
  565. OPENSSL_cleanse(&actx, sizeof(actx));
  566. return r;
  567. }
  568. int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
  569. {
  570. switch (ri->type) {
  571. case CMS_RECIPINFO_TRANS:
  572. return cms_RecipientInfo_ktri_decrypt(cms, ri);
  573. case CMS_RECIPINFO_KEK:
  574. return cms_RecipientInfo_kekri_decrypt(cms, ri);
  575. default:
  576. CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
  577. CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
  578. return 0;
  579. }
  580. }
  581. BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
  582. {
  583. CMS_EncryptedContentInfo *ec;
  584. STACK_OF(CMS_RecipientInfo) *rinfos;
  585. CMS_RecipientInfo *ri;
  586. int i, r, ok = 0;
  587. BIO *ret;
  588. /* Get BIO first to set up key */
  589. ec = cms->d.envelopedData->encryptedContentInfo;
  590. ret = cms_EncryptedContent_init_bio(ec);
  591. /* If error or no cipher end of processing */
  592. if (!ret || !ec->cipher)
  593. return ret;
  594. /* Now encrypt content key according to each RecipientInfo type */
  595. rinfos = cms->d.envelopedData->recipientInfos;
  596. for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) {
  597. ri = sk_CMS_RecipientInfo_value(rinfos, i);
  598. switch (ri->type) {
  599. case CMS_RECIPINFO_TRANS:
  600. r = cms_RecipientInfo_ktri_encrypt(cms, ri);
  601. break;
  602. case CMS_RECIPINFO_KEK:
  603. r = cms_RecipientInfo_kekri_encrypt(cms, ri);
  604. break;
  605. default:
  606. CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
  607. CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
  608. goto err;
  609. }
  610. if (r <= 0) {
  611. CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
  612. CMS_R_ERROR_SETTING_RECIPIENTINFO);
  613. goto err;
  614. }
  615. }
  616. ok = 1;
  617. err:
  618. ec->cipher = NULL;
  619. if (ec->key) {
  620. OPENSSL_cleanse(ec->key, ec->keylen);
  621. OPENSSL_free(ec->key);
  622. ec->key = NULL;
  623. ec->keylen = 0;
  624. }
  625. if (ok)
  626. return ret;
  627. BIO_free(ret);
  628. return NULL;
  629. }