pk7_smime.c 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549
  1. /*
  2. * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* Simple PKCS#7 processing functions */
  10. #include <stdio.h>
  11. #include "internal/cryptlib.h"
  12. #include <openssl/x509.h>
  13. #include <openssl/x509v3.h>
  14. #define BUFFERSIZE 4096
  15. static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
  16. PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
  17. BIO *data, int flags)
  18. {
  19. PKCS7 *p7;
  20. int i;
  21. if ((p7 = PKCS7_new()) == NULL) {
  22. PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE);
  23. return NULL;
  24. }
  25. if (!PKCS7_set_type(p7, NID_pkcs7_signed))
  26. goto err;
  27. if (!PKCS7_content_new(p7, NID_pkcs7_data))
  28. goto err;
  29. if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) {
  30. PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNER_ERROR);
  31. goto err;
  32. }
  33. if (!(flags & PKCS7_NOCERTS)) {
  34. for (i = 0; i < sk_X509_num(certs); i++) {
  35. if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))
  36. goto err;
  37. }
  38. }
  39. if (flags & PKCS7_DETACHED)
  40. PKCS7_set_detached(p7, 1);
  41. if (flags & (PKCS7_STREAM | PKCS7_PARTIAL))
  42. return p7;
  43. if (PKCS7_final(p7, data, flags))
  44. return p7;
  45. err:
  46. PKCS7_free(p7);
  47. return NULL;
  48. }
  49. int PKCS7_final(PKCS7 *p7, BIO *data, int flags)
  50. {
  51. BIO *p7bio;
  52. int ret = 0;
  53. if ((p7bio = PKCS7_dataInit(p7, NULL)) == NULL) {
  54. PKCS7err(PKCS7_F_PKCS7_FINAL, ERR_R_MALLOC_FAILURE);
  55. return 0;
  56. }
  57. SMIME_crlf_copy(data, p7bio, flags);
  58. (void)BIO_flush(p7bio);
  59. if (!PKCS7_dataFinal(p7, p7bio)) {
  60. PKCS7err(PKCS7_F_PKCS7_FINAL, PKCS7_R_PKCS7_DATASIGN);
  61. goto err;
  62. }
  63. ret = 1;
  64. err:
  65. BIO_free_all(p7bio);
  66. return ret;
  67. }
  68. /* Check to see if a cipher exists and if so add S/MIME capabilities */
  69. static int add_cipher_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
  70. {
  71. if (EVP_get_cipherbynid(nid))
  72. return PKCS7_simple_smimecap(sk, nid, arg);
  73. return 1;
  74. }
  75. static int add_digest_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
  76. {
  77. if (EVP_get_digestbynid(nid))
  78. return PKCS7_simple_smimecap(sk, nid, arg);
  79. return 1;
  80. }
  81. PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
  82. EVP_PKEY *pkey, const EVP_MD *md,
  83. int flags)
  84. {
  85. PKCS7_SIGNER_INFO *si = NULL;
  86. STACK_OF(X509_ALGOR) *smcap = NULL;
  87. if (!X509_check_private_key(signcert, pkey)) {
  88. PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
  89. PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
  90. return NULL;
  91. }
  92. if ((si = PKCS7_add_signature(p7, signcert, pkey, md)) == NULL) {
  93. PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
  94. PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
  95. return NULL;
  96. }
  97. if (!(flags & PKCS7_NOCERTS)) {
  98. if (!PKCS7_add_certificate(p7, signcert))
  99. goto err;
  100. }
  101. if (!(flags & PKCS7_NOATTR)) {
  102. if (!PKCS7_add_attrib_content_type(si, NULL))
  103. goto err;
  104. /* Add SMIMECapabilities */
  105. if (!(flags & PKCS7_NOSMIMECAP)) {
  106. if ((smcap = sk_X509_ALGOR_new_null()) == NULL) {
  107. PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, ERR_R_MALLOC_FAILURE);
  108. goto err;
  109. }
  110. if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
  111. || !add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1)
  112. || !add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1)
  113. || !add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
  114. || !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
  115. || !add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
  116. || !add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
  117. || !add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
  118. || !add_cipher_smcap(smcap, NID_rc2_cbc, 128)
  119. || !add_cipher_smcap(smcap, NID_rc2_cbc, 64)
  120. || !add_cipher_smcap(smcap, NID_des_cbc, -1)
  121. || !add_cipher_smcap(smcap, NID_rc2_cbc, 40)
  122. || !PKCS7_add_attrib_smimecap(si, smcap))
  123. goto err;
  124. sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
  125. smcap = NULL;
  126. }
  127. if (flags & PKCS7_REUSE_DIGEST) {
  128. if (!pkcs7_copy_existing_digest(p7, si))
  129. goto err;
  130. if (!(flags & PKCS7_PARTIAL) && !PKCS7_SIGNER_INFO_sign(si))
  131. goto err;
  132. }
  133. }
  134. return si;
  135. err:
  136. sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
  137. return NULL;
  138. }
  139. /*
  140. * Search for a digest matching SignerInfo digest type and if found copy
  141. * across.
  142. */
  143. static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
  144. {
  145. int i;
  146. STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
  147. PKCS7_SIGNER_INFO *sitmp;
  148. ASN1_OCTET_STRING *osdig = NULL;
  149. sinfos = PKCS7_get_signer_info(p7);
  150. for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
  151. sitmp = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
  152. if (si == sitmp)
  153. break;
  154. if (sk_X509_ATTRIBUTE_num(sitmp->auth_attr) <= 0)
  155. continue;
  156. if (!OBJ_cmp(si->digest_alg->algorithm, sitmp->digest_alg->algorithm)) {
  157. osdig = PKCS7_digest_from_attributes(sitmp->auth_attr);
  158. break;
  159. }
  160. }
  161. if (osdig)
  162. return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length);
  163. PKCS7err(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST,
  164. PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND);
  165. return 0;
  166. }
  167. int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
  168. BIO *indata, BIO *out, int flags)
  169. {
  170. STACK_OF(X509) *signers;
  171. X509 *signer;
  172. STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
  173. PKCS7_SIGNER_INFO *si;
  174. X509_STORE_CTX *cert_ctx = NULL;
  175. char *buf = NULL;
  176. int i, j = 0, k, ret = 0;
  177. BIO *p7bio = NULL;
  178. BIO *tmpin = NULL, *tmpout = NULL;
  179. if (!p7) {
  180. PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_INVALID_NULL_POINTER);
  181. return 0;
  182. }
  183. if (!PKCS7_type_is_signed(p7)) {
  184. PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_WRONG_CONTENT_TYPE);
  185. return 0;
  186. }
  187. /* Check for no data and no content: no data to verify signature */
  188. if (PKCS7_get_detached(p7) && !indata) {
  189. PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);
  190. return 0;
  191. }
  192. if (flags & PKCS7_NO_DUAL_CONTENT) {
  193. /*
  194. * This was originally "#if 0" because we thought that only old broken
  195. * Netscape did this. It turns out that Authenticode uses this kind
  196. * of "extended" PKCS7 format, and things like UEFI secure boot and
  197. * tools like osslsigncode need it. In Authenticode the verification
  198. * process is different, but the existing PKCs7 verification works.
  199. */
  200. if (!PKCS7_get_detached(p7) && indata) {
  201. PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
  202. return 0;
  203. }
  204. }
  205. sinfos = PKCS7_get_signer_info(p7);
  206. if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
  207. PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_SIGNATURES_ON_DATA);
  208. return 0;
  209. }
  210. signers = PKCS7_get0_signers(p7, certs, flags);
  211. if (!signers)
  212. return 0;
  213. /* Now verify the certificates */
  214. cert_ctx = X509_STORE_CTX_new();
  215. if (cert_ctx == NULL)
  216. goto err;
  217. if (!(flags & PKCS7_NOVERIFY))
  218. for (k = 0; k < sk_X509_num(signers); k++) {
  219. signer = sk_X509_value(signers, k);
  220. if (!(flags & PKCS7_NOCHAIN)) {
  221. if (!X509_STORE_CTX_init(cert_ctx, store, signer,
  222. p7->d.sign->cert)) {
  223. PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
  224. goto err;
  225. }
  226. X509_STORE_CTX_set_default(cert_ctx, "smime_sign");
  227. } else if (!X509_STORE_CTX_init(cert_ctx, store, signer, NULL)) {
  228. PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
  229. goto err;
  230. }
  231. if (!(flags & PKCS7_NOCRL))
  232. X509_STORE_CTX_set0_crls(cert_ctx, p7->d.sign->crl);
  233. i = X509_verify_cert(cert_ctx);
  234. if (i <= 0)
  235. j = X509_STORE_CTX_get_error(cert_ctx);
  236. X509_STORE_CTX_cleanup(cert_ctx);
  237. if (i <= 0) {
  238. PKCS7err(PKCS7_F_PKCS7_VERIFY,
  239. PKCS7_R_CERTIFICATE_VERIFY_ERROR);
  240. ERR_add_error_data(2, "Verify error:",
  241. X509_verify_cert_error_string(j));
  242. goto err;
  243. }
  244. /* Check for revocation status here */
  245. }
  246. /*
  247. * Performance optimization: if the content is a memory BIO then store
  248. * its contents in a temporary read only memory BIO. This avoids
  249. * potentially large numbers of slow copies of data which will occur when
  250. * reading from a read write memory BIO when signatures are calculated.
  251. */
  252. if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) {
  253. char *ptr;
  254. long len;
  255. len = BIO_get_mem_data(indata, &ptr);
  256. tmpin = BIO_new_mem_buf(ptr, len);
  257. if (tmpin == NULL) {
  258. PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
  259. goto err;
  260. }
  261. } else
  262. tmpin = indata;
  263. if ((p7bio = PKCS7_dataInit(p7, tmpin)) == NULL)
  264. goto err;
  265. if (flags & PKCS7_TEXT) {
  266. if ((tmpout = BIO_new(BIO_s_mem())) == NULL) {
  267. PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
  268. goto err;
  269. }
  270. BIO_set_mem_eof_return(tmpout, 0);
  271. } else
  272. tmpout = out;
  273. /* We now have to 'read' from p7bio to calculate digests etc. */
  274. if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
  275. PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
  276. goto err;
  277. }
  278. for (;;) {
  279. i = BIO_read(p7bio, buf, BUFFERSIZE);
  280. if (i <= 0)
  281. break;
  282. if (tmpout)
  283. BIO_write(tmpout, buf, i);
  284. }
  285. if (flags & PKCS7_TEXT) {
  286. if (!SMIME_text(tmpout, out)) {
  287. PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_SMIME_TEXT_ERROR);
  288. BIO_free(tmpout);
  289. goto err;
  290. }
  291. BIO_free(tmpout);
  292. }
  293. /* Now Verify All Signatures */
  294. if (!(flags & PKCS7_NOSIGS))
  295. for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
  296. si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
  297. signer = sk_X509_value(signers, i);
  298. j = PKCS7_signatureVerify(p7bio, p7, si, signer);
  299. if (j <= 0) {
  300. PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_SIGNATURE_FAILURE);
  301. goto err;
  302. }
  303. }
  304. ret = 1;
  305. err:
  306. X509_STORE_CTX_free(cert_ctx);
  307. OPENSSL_free(buf);
  308. if (tmpin == indata) {
  309. if (indata)
  310. BIO_pop(p7bio);
  311. }
  312. BIO_free_all(p7bio);
  313. sk_X509_free(signers);
  314. return ret;
  315. }
  316. STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs,
  317. int flags)
  318. {
  319. STACK_OF(X509) *signers;
  320. STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
  321. PKCS7_SIGNER_INFO *si;
  322. PKCS7_ISSUER_AND_SERIAL *ias;
  323. X509 *signer;
  324. int i;
  325. if (!p7) {
  326. PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_INVALID_NULL_POINTER);
  327. return NULL;
  328. }
  329. if (!PKCS7_type_is_signed(p7)) {
  330. PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_WRONG_CONTENT_TYPE);
  331. return NULL;
  332. }
  333. /* Collect all the signers together */
  334. sinfos = PKCS7_get_signer_info(p7);
  335. if (sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
  336. PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_NO_SIGNERS);
  337. return 0;
  338. }
  339. if ((signers = sk_X509_new_null()) == NULL) {
  340. PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE);
  341. return NULL;
  342. }
  343. for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
  344. si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
  345. ias = si->issuer_and_serial;
  346. signer = NULL;
  347. /* If any certificates passed they take priority */
  348. if (certs)
  349. signer = X509_find_by_issuer_and_serial(certs,
  350. ias->issuer, ias->serial);
  351. if (!signer && !(flags & PKCS7_NOINTERN)
  352. && p7->d.sign->cert)
  353. signer =
  354. X509_find_by_issuer_and_serial(p7->d.sign->cert,
  355. ias->issuer, ias->serial);
  356. if (!signer) {
  357. PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,
  358. PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
  359. sk_X509_free(signers);
  360. return 0;
  361. }
  362. if (!sk_X509_push(signers, signer)) {
  363. sk_X509_free(signers);
  364. return NULL;
  365. }
  366. }
  367. return signers;
  368. }
  369. /* Build a complete PKCS#7 enveloped data */
  370. PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
  371. int flags)
  372. {
  373. PKCS7 *p7;
  374. BIO *p7bio = NULL;
  375. int i;
  376. X509 *x509;
  377. if ((p7 = PKCS7_new()) == NULL) {
  378. PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE);
  379. return NULL;
  380. }
  381. if (!PKCS7_set_type(p7, NID_pkcs7_enveloped))
  382. goto err;
  383. if (!PKCS7_set_cipher(p7, cipher)) {
  384. PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_SETTING_CIPHER);
  385. goto err;
  386. }
  387. for (i = 0; i < sk_X509_num(certs); i++) {
  388. x509 = sk_X509_value(certs, i);
  389. if (!PKCS7_add_recipient(p7, x509)) {
  390. PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_ADDING_RECIPIENT);
  391. goto err;
  392. }
  393. }
  394. if (flags & PKCS7_STREAM)
  395. return p7;
  396. if (PKCS7_final(p7, in, flags))
  397. return p7;
  398. err:
  399. BIO_free_all(p7bio);
  400. PKCS7_free(p7);
  401. return NULL;
  402. }
  403. int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
  404. {
  405. BIO *tmpmem;
  406. int ret = 0, i;
  407. char *buf = NULL;
  408. if (!p7) {
  409. PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);
  410. return 0;
  411. }
  412. if (!PKCS7_type_is_enveloped(p7)) {
  413. PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_WRONG_CONTENT_TYPE);
  414. return 0;
  415. }
  416. if (cert && !X509_check_private_key(cert, pkey)) {
  417. PKCS7err(PKCS7_F_PKCS7_DECRYPT,
  418. PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
  419. return 0;
  420. }
  421. if ((tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert)) == NULL) {
  422. PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
  423. return 0;
  424. }
  425. if (flags & PKCS7_TEXT) {
  426. BIO *tmpbuf, *bread;
  427. /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
  428. if ((tmpbuf = BIO_new(BIO_f_buffer())) == NULL) {
  429. PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
  430. BIO_free_all(tmpmem);
  431. return 0;
  432. }
  433. if ((bread = BIO_push(tmpbuf, tmpmem)) == NULL) {
  434. PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
  435. BIO_free_all(tmpbuf);
  436. BIO_free_all(tmpmem);
  437. return 0;
  438. }
  439. ret = SMIME_text(bread, data);
  440. if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
  441. if (!BIO_get_cipher_status(tmpmem))
  442. ret = 0;
  443. }
  444. BIO_free_all(bread);
  445. return ret;
  446. }
  447. if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
  448. PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
  449. goto err;
  450. }
  451. for (;;) {
  452. i = BIO_read(tmpmem, buf, BUFFERSIZE);
  453. if (i <= 0) {
  454. ret = 1;
  455. if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
  456. if (!BIO_get_cipher_status(tmpmem))
  457. ret = 0;
  458. }
  459. break;
  460. }
  461. if (BIO_write(data, buf, i) != i) {
  462. break;
  463. }
  464. }
  465. err:
  466. OPENSSL_free(buf);
  467. BIO_free_all(tmpmem);
  468. return ret;
  469. }