cms_env.c 37 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380
  1. /*
  2. * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include "internal/cryptlib.h"
  10. #include <openssl/asn1t.h>
  11. #include <openssl/pem.h>
  12. #include <openssl/x509v3.h>
  13. #include <openssl/err.h>
  14. #include <openssl/cms.h>
  15. #include <openssl/evp.h>
  16. #include "internal/sizes.h"
  17. #include "crypto/asn1.h"
  18. #include "crypto/evp.h"
  19. #include "crypto/x509.h"
  20. #include "cms_local.h"
  21. /* CMS EnvelopedData Utilities */
  22. static void cms_env_set_version(CMS_EnvelopedData *env);
  23. #define CMS_ENVELOPED_STANDARD 1
  24. #define CMS_ENVELOPED_AUTH 2
  25. static int cms_get_enveloped_type(const CMS_ContentInfo *cms)
  26. {
  27. int nid = OBJ_obj2nid(cms->contentType);
  28. switch (nid) {
  29. case NID_pkcs7_enveloped:
  30. return CMS_ENVELOPED_STANDARD;
  31. case NID_id_smime_ct_authEnvelopedData:
  32. return CMS_ENVELOPED_AUTH;
  33. default:
  34. ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
  35. return 0;
  36. }
  37. }
  38. CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms)
  39. {
  40. if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
  41. ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
  42. return NULL;
  43. }
  44. return cms->d.envelopedData;
  45. }
  46. CMS_AuthEnvelopedData *ossl_cms_get0_auth_enveloped(CMS_ContentInfo *cms)
  47. {
  48. if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_authEnvelopedData) {
  49. ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
  50. return NULL;
  51. }
  52. return cms->d.authEnvelopedData;
  53. }
  54. static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
  55. {
  56. if (cms->d.other == NULL) {
  57. cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
  58. if (cms->d.envelopedData == NULL) {
  59. ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
  60. return NULL;
  61. }
  62. cms->d.envelopedData->version = 0;
  63. cms->d.envelopedData->encryptedContentInfo->contentType =
  64. OBJ_nid2obj(NID_pkcs7_data);
  65. ASN1_OBJECT_free(cms->contentType);
  66. cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
  67. return cms->d.envelopedData;
  68. }
  69. return ossl_cms_get0_enveloped(cms);
  70. }
  71. static CMS_AuthEnvelopedData *
  72. cms_auth_enveloped_data_init(CMS_ContentInfo *cms)
  73. {
  74. if (cms->d.other == NULL) {
  75. cms->d.authEnvelopedData = M_ASN1_new_of(CMS_AuthEnvelopedData);
  76. if (cms->d.authEnvelopedData == NULL) {
  77. ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
  78. return NULL;
  79. }
  80. /* Defined in RFC 5083 - Section 2.1. "AuthEnvelopedData Type" */
  81. cms->d.authEnvelopedData->version = 0;
  82. cms->d.authEnvelopedData->authEncryptedContentInfo->contentType =
  83. OBJ_nid2obj(NID_pkcs7_data);
  84. ASN1_OBJECT_free(cms->contentType);
  85. cms->contentType = OBJ_nid2obj(NID_id_smime_ct_authEnvelopedData);
  86. return cms->d.authEnvelopedData;
  87. }
  88. return ossl_cms_get0_auth_enveloped(cms);
  89. }
  90. int ossl_cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
  91. {
  92. EVP_PKEY *pkey;
  93. int i;
  94. if (ri->type == CMS_RECIPINFO_TRANS)
  95. pkey = ri->d.ktri->pkey;
  96. else if (ri->type == CMS_RECIPINFO_AGREE) {
  97. EVP_PKEY_CTX *pctx = ri->d.kari->pctx;
  98. if (pctx == NULL)
  99. return 0;
  100. pkey = EVP_PKEY_CTX_get0_pkey(pctx);
  101. if (pkey == NULL)
  102. return 0;
  103. } else
  104. return 0;
  105. if (EVP_PKEY_is_a(pkey, "DHX") || EVP_PKEY_is_a(pkey, "DH"))
  106. return ossl_cms_dh_envelope(ri, cmd);
  107. else if (EVP_PKEY_is_a(pkey, "EC"))
  108. return ossl_cms_ecdh_envelope(ri, cmd);
  109. else if (EVP_PKEY_is_a(pkey, "RSA"))
  110. return ossl_cms_rsa_envelope(ri, cmd);
  111. /* Something else? We'll give engines etc a chance to handle this */
  112. if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL)
  113. return 1;
  114. i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri);
  115. if (i == -2) {
  116. ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
  117. return 0;
  118. }
  119. if (i <= 0) {
  120. ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_FAILURE);
  121. return 0;
  122. }
  123. return 1;
  124. }
  125. CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms)
  126. {
  127. switch (cms_get_enveloped_type(cms)) {
  128. case CMS_ENVELOPED_STANDARD:
  129. return cms->d.envelopedData->encryptedContentInfo;
  130. case CMS_ENVELOPED_AUTH:
  131. return cms->d.authEnvelopedData->authEncryptedContentInfo;
  132. default:
  133. return NULL;
  134. }
  135. }
  136. STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
  137. {
  138. switch (cms_get_enveloped_type(cms)) {
  139. case CMS_ENVELOPED_STANDARD:
  140. return cms->d.envelopedData->recipientInfos;
  141. case CMS_ENVELOPED_AUTH:
  142. return cms->d.authEnvelopedData->recipientInfos;
  143. default:
  144. return NULL;
  145. }
  146. }
  147. void ossl_cms_RecipientInfos_set_cmsctx(CMS_ContentInfo *cms)
  148. {
  149. int i;
  150. CMS_RecipientInfo *ri;
  151. const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
  152. STACK_OF(CMS_RecipientInfo) *rinfos = CMS_get0_RecipientInfos(cms);
  153. for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) {
  154. ri = sk_CMS_RecipientInfo_value(rinfos, i);
  155. if (ri != NULL) {
  156. switch (ri->type) {
  157. case CMS_RECIPINFO_AGREE:
  158. ri->d.kari->cms_ctx = ctx;
  159. break;
  160. case CMS_RECIPINFO_TRANS:
  161. ri->d.ktri->cms_ctx = ctx;
  162. ossl_x509_set0_libctx(ri->d.ktri->recip,
  163. ossl_cms_ctx_get0_libctx(ctx),
  164. ossl_cms_ctx_get0_propq(ctx));
  165. break;
  166. case CMS_RECIPINFO_KEK:
  167. ri->d.kekri->cms_ctx = ctx;
  168. break;
  169. case CMS_RECIPINFO_PASS:
  170. ri->d.pwri->cms_ctx = ctx;
  171. break;
  172. default:
  173. break;
  174. }
  175. }
  176. }
  177. }
  178. int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
  179. {
  180. return ri->type;
  181. }
  182. EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri)
  183. {
  184. if (ri->type == CMS_RECIPINFO_TRANS)
  185. return ri->d.ktri->pctx;
  186. else if (ri->type == CMS_RECIPINFO_AGREE)
  187. return ri->d.kari->pctx;
  188. return NULL;
  189. }
  190. CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
  191. OSSL_LIB_CTX *libctx,
  192. const char *propq)
  193. {
  194. CMS_ContentInfo *cms;
  195. CMS_EnvelopedData *env;
  196. cms = CMS_ContentInfo_new_ex(libctx, propq);
  197. if (cms == NULL)
  198. goto err;
  199. env = cms_enveloped_data_init(cms);
  200. if (env == NULL)
  201. goto err;
  202. if (!ossl_cms_EncryptedContent_init(env->encryptedContentInfo, cipher, NULL,
  203. 0, ossl_cms_get0_cmsctx(cms)))
  204. goto err;
  205. return cms;
  206. err:
  207. CMS_ContentInfo_free(cms);
  208. ERR_raise(ERR_LIB_CMS, ERR_R_CMS_LIB);
  209. return NULL;
  210. }
  211. CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
  212. {
  213. return CMS_EnvelopedData_create_ex(cipher, NULL, NULL);
  214. }
  215. BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
  216. EVP_PKEY *pkey, X509 *cert,
  217. ASN1_OCTET_STRING *secret, unsigned int flags,
  218. OSSL_LIB_CTX *libctx, const char *propq)
  219. {
  220. CMS_ContentInfo *ci;
  221. BIO *bio = NULL;
  222. int res = 0;
  223. if (env == NULL) {
  224. ERR_raise(ERR_LIB_CMS, ERR_R_PASSED_NULL_PARAMETER);
  225. return NULL;
  226. }
  227. if ((ci = CMS_ContentInfo_new_ex(libctx, propq)) == NULL
  228. || (bio = BIO_new(BIO_s_mem())) == NULL)
  229. goto end;
  230. ci->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
  231. ci->d.envelopedData = env;
  232. if (secret != NULL
  233. && CMS_decrypt_set1_password(ci, (unsigned char *)
  234. ASN1_STRING_get0_data(secret),
  235. ASN1_STRING_length(secret)) != 1)
  236. goto end;
  237. res = CMS_decrypt(ci, secret == NULL ? pkey : NULL,
  238. secret == NULL ? cert : NULL, detached_data, bio, flags);
  239. end:
  240. if (ci != NULL)
  241. ci->d.envelopedData = NULL; /* do not indirectly free |env| */
  242. CMS_ContentInfo_free(ci);
  243. if (!res) {
  244. BIO_free(bio);
  245. bio = NULL;
  246. }
  247. return bio;
  248. }
  249. CMS_ContentInfo *
  250. CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
  251. const char *propq)
  252. {
  253. CMS_ContentInfo *cms;
  254. CMS_AuthEnvelopedData *aenv;
  255. cms = CMS_ContentInfo_new_ex(libctx, propq);
  256. if (cms == NULL)
  257. goto merr;
  258. aenv = cms_auth_enveloped_data_init(cms);
  259. if (aenv == NULL)
  260. goto merr;
  261. if (!ossl_cms_EncryptedContent_init(aenv->authEncryptedContentInfo,
  262. cipher, NULL, 0,
  263. ossl_cms_get0_cmsctx(cms)))
  264. goto merr;
  265. return cms;
  266. merr:
  267. CMS_ContentInfo_free(cms);
  268. ERR_raise(ERR_LIB_CMS, ERR_R_CMS_LIB);
  269. return NULL;
  270. }
  271. CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher)
  272. {
  273. return CMS_AuthEnvelopedData_create_ex(cipher, NULL, NULL);
  274. }
  275. /* Key Transport Recipient Info (KTRI) routines */
  276. /* Initialise a ktri based on passed certificate and key */
  277. static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
  278. EVP_PKEY *pk, unsigned int flags,
  279. const CMS_CTX *ctx)
  280. {
  281. CMS_KeyTransRecipientInfo *ktri;
  282. int idtype;
  283. ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
  284. if (!ri->d.ktri)
  285. return 0;
  286. ri->type = CMS_RECIPINFO_TRANS;
  287. ktri = ri->d.ktri;
  288. ktri->cms_ctx = ctx;
  289. if (flags & CMS_USE_KEYID) {
  290. ktri->version = 2;
  291. idtype = CMS_RECIPINFO_KEYIDENTIFIER;
  292. } else {
  293. ktri->version = 0;
  294. idtype = CMS_RECIPINFO_ISSUER_SERIAL;
  295. }
  296. /*
  297. * Not a typo: RecipientIdentifier and SignerIdentifier are the same
  298. * structure.
  299. */
  300. if (!ossl_cms_set1_SignerIdentifier(ktri->rid, recip, idtype, ctx))
  301. return 0;
  302. X509_up_ref(recip);
  303. EVP_PKEY_up_ref(pk);
  304. ktri->pkey = pk;
  305. ktri->recip = recip;
  306. if (flags & CMS_KEY_PARAM) {
  307. ktri->pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx),
  308. ktri->pkey,
  309. ossl_cms_ctx_get0_propq(ctx));
  310. if (ktri->pctx == NULL)
  311. return 0;
  312. if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
  313. return 0;
  314. } else if (!ossl_cms_env_asn1_ctrl(ri, 0))
  315. return 0;
  316. return 1;
  317. }
  318. /*
  319. * Add a recipient certificate using appropriate type of RecipientInfo
  320. */
  321. CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip,
  322. EVP_PKEY *originatorPrivKey,
  323. X509 *originator, unsigned int flags)
  324. {
  325. CMS_RecipientInfo *ri = NULL;
  326. STACK_OF(CMS_RecipientInfo) *ris;
  327. EVP_PKEY *pk = NULL;
  328. const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
  329. ris = CMS_get0_RecipientInfos(cms);
  330. if (ris == NULL)
  331. goto err;
  332. /* Initialize recipient info */
  333. ri = M_ASN1_new_of(CMS_RecipientInfo);
  334. if (ri == NULL) {
  335. ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
  336. goto err;
  337. }
  338. pk = X509_get0_pubkey(recip);
  339. if (pk == NULL) {
  340. ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_GETTING_PUBLIC_KEY);
  341. goto err;
  342. }
  343. switch (ossl_cms_pkey_get_ri_type(pk)) {
  344. case CMS_RECIPINFO_TRANS:
  345. if (!cms_RecipientInfo_ktri_init(ri, recip, pk, flags, ctx))
  346. goto err;
  347. break;
  348. case CMS_RECIPINFO_AGREE:
  349. if (!ossl_cms_RecipientInfo_kari_init(ri, recip, pk, originator,
  350. originatorPrivKey, flags, ctx))
  351. goto err;
  352. break;
  353. default:
  354. ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
  355. goto err;
  356. }
  357. if (!sk_CMS_RecipientInfo_push(ris, ri)) {
  358. ERR_raise(ERR_LIB_CMS, ERR_R_CRYPTO_LIB);
  359. goto err;
  360. }
  361. return ri;
  362. err:
  363. M_ASN1_free_of(ri, CMS_RecipientInfo);
  364. return NULL;
  365. }
  366. CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip,
  367. unsigned int flags)
  368. {
  369. return CMS_add1_recipient(cms, recip, NULL, NULL, flags);
  370. }
  371. int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
  372. EVP_PKEY **pk, X509 **recip,
  373. X509_ALGOR **palg)
  374. {
  375. CMS_KeyTransRecipientInfo *ktri;
  376. if (ri->type != CMS_RECIPINFO_TRANS) {
  377. ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
  378. return 0;
  379. }
  380. ktri = ri->d.ktri;
  381. if (pk)
  382. *pk = ktri->pkey;
  383. if (recip)
  384. *recip = ktri->recip;
  385. if (palg)
  386. *palg = ktri->keyEncryptionAlgorithm;
  387. return 1;
  388. }
  389. int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
  390. ASN1_OCTET_STRING **keyid,
  391. X509_NAME **issuer,
  392. ASN1_INTEGER **sno)
  393. {
  394. CMS_KeyTransRecipientInfo *ktri;
  395. if (ri->type != CMS_RECIPINFO_TRANS) {
  396. ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
  397. return 0;
  398. }
  399. ktri = ri->d.ktri;
  400. return ossl_cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer,
  401. sno);
  402. }
  403. int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
  404. {
  405. if (ri->type != CMS_RECIPINFO_TRANS) {
  406. ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
  407. return -2;
  408. }
  409. return ossl_cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
  410. }
  411. int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
  412. {
  413. if (ri->type != CMS_RECIPINFO_TRANS) {
  414. ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
  415. return 0;
  416. }
  417. EVP_PKEY_free(ri->d.ktri->pkey);
  418. ri->d.ktri->pkey = pkey;
  419. return 1;
  420. }
  421. /* Encrypt content key in key transport recipient info */
  422. static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms,
  423. CMS_RecipientInfo *ri)
  424. {
  425. CMS_KeyTransRecipientInfo *ktri;
  426. CMS_EncryptedContentInfo *ec;
  427. EVP_PKEY_CTX *pctx;
  428. unsigned char *ek = NULL;
  429. size_t eklen;
  430. const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
  431. int ret = 0;
  432. if (ri->type != CMS_RECIPINFO_TRANS) {
  433. ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
  434. return 0;
  435. }
  436. ktri = ri->d.ktri;
  437. ec = ossl_cms_get0_env_enc_content(cms);
  438. pctx = ktri->pctx;
  439. if (pctx) {
  440. if (!ossl_cms_env_asn1_ctrl(ri, 0))
  441. goto err;
  442. } else {
  443. pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx),
  444. ktri->pkey,
  445. ossl_cms_ctx_get0_propq(ctx));
  446. if (pctx == NULL)
  447. return 0;
  448. if (EVP_PKEY_encrypt_init(pctx) <= 0)
  449. goto err;
  450. }
  451. if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
  452. goto err;
  453. ek = OPENSSL_malloc(eklen);
  454. if (ek == NULL)
  455. goto err;
  456. if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
  457. goto err;
  458. ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
  459. ek = NULL;
  460. ret = 1;
  461. err:
  462. EVP_PKEY_CTX_free(pctx);
  463. ktri->pctx = NULL;
  464. OPENSSL_free(ek);
  465. return ret;
  466. }
  467. /* Decrypt content key from KTRI */
  468. static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
  469. CMS_RecipientInfo *ri)
  470. {
  471. CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
  472. EVP_PKEY *pkey = ktri->pkey;
  473. unsigned char *ek = NULL;
  474. size_t eklen;
  475. int ret = 0;
  476. size_t fixlen = 0;
  477. const EVP_CIPHER *cipher = NULL;
  478. EVP_CIPHER *fetched_cipher = NULL;
  479. CMS_EncryptedContentInfo *ec;
  480. const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
  481. OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(ctx);
  482. const char *propq = ossl_cms_ctx_get0_propq(ctx);
  483. ec = ossl_cms_get0_env_enc_content(cms);
  484. if (ktri->pkey == NULL) {
  485. ERR_raise(ERR_LIB_CMS, CMS_R_NO_PRIVATE_KEY);
  486. return 0;
  487. }
  488. if (cms->d.envelopedData->encryptedContentInfo->havenocert
  489. && !cms->d.envelopedData->encryptedContentInfo->debug) {
  490. X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
  491. char name[OSSL_MAX_NAME_SIZE];
  492. OBJ_obj2txt(name, sizeof(name), calg->algorithm, 0);
  493. (void)ERR_set_mark();
  494. fetched_cipher = EVP_CIPHER_fetch(libctx, name, propq);
  495. if (fetched_cipher != NULL)
  496. cipher = fetched_cipher;
  497. else
  498. cipher = EVP_get_cipherbyobj(calg->algorithm);
  499. if (cipher == NULL) {
  500. (void)ERR_clear_last_mark();
  501. ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_CIPHER);
  502. return 0;
  503. }
  504. (void)ERR_pop_to_mark();
  505. fixlen = EVP_CIPHER_get_key_length(cipher);
  506. EVP_CIPHER_free(fetched_cipher);
  507. }
  508. ktri->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
  509. if (ktri->pctx == NULL)
  510. goto err;
  511. if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0)
  512. goto err;
  513. if (!ossl_cms_env_asn1_ctrl(ri, 1))
  514. goto err;
  515. if (EVP_PKEY_is_a(pkey, "RSA"))
  516. /* upper layer CMS code incorrectly assumes that a successful RSA
  517. * decryption means that the key matches ciphertext (which never
  518. * was the case, implicit rejection or not), so to make it work
  519. * disable implicit rejection for RSA keys */
  520. EVP_PKEY_CTX_ctrl_str(ktri->pctx, "rsa_pkcs1_implicit_rejection", "0");
  521. if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen,
  522. ktri->encryptedKey->data,
  523. ktri->encryptedKey->length) <= 0)
  524. goto err;
  525. ek = OPENSSL_malloc(eklen);
  526. if (ek == NULL)
  527. goto err;
  528. if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen,
  529. ktri->encryptedKey->data,
  530. ktri->encryptedKey->length) <= 0
  531. || eklen == 0
  532. || (fixlen != 0 && eklen != fixlen)) {
  533. ERR_raise(ERR_LIB_CMS, CMS_R_CMS_LIB);
  534. goto err;
  535. }
  536. ret = 1;
  537. OPENSSL_clear_free(ec->key, ec->keylen);
  538. ec->key = ek;
  539. ec->keylen = eklen;
  540. err:
  541. EVP_PKEY_CTX_free(ktri->pctx);
  542. ktri->pctx = NULL;
  543. if (!ret)
  544. OPENSSL_free(ek);
  545. return ret;
  546. }
  547. /* Key Encrypted Key (KEK) RecipientInfo routines */
  548. int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
  549. const unsigned char *id, size_t idlen)
  550. {
  551. ASN1_OCTET_STRING tmp_os;
  552. CMS_KEKRecipientInfo *kekri;
  553. if (ri->type != CMS_RECIPINFO_KEK) {
  554. ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK);
  555. return -2;
  556. }
  557. kekri = ri->d.kekri;
  558. tmp_os.type = V_ASN1_OCTET_STRING;
  559. tmp_os.flags = 0;
  560. tmp_os.data = (unsigned char *)id;
  561. tmp_os.length = (int)idlen;
  562. return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
  563. }
  564. /* For now hard code AES key wrap info */
  565. static size_t aes_wrap_keylen(int nid)
  566. {
  567. switch (nid) {
  568. case NID_id_aes128_wrap:
  569. return 16;
  570. case NID_id_aes192_wrap:
  571. return 24;
  572. case NID_id_aes256_wrap:
  573. return 32;
  574. default:
  575. return 0;
  576. }
  577. }
  578. CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
  579. unsigned char *key, size_t keylen,
  580. unsigned char *id, size_t idlen,
  581. ASN1_GENERALIZEDTIME *date,
  582. ASN1_OBJECT *otherTypeId,
  583. ASN1_TYPE *otherType)
  584. {
  585. CMS_RecipientInfo *ri = NULL;
  586. CMS_KEKRecipientInfo *kekri;
  587. STACK_OF(CMS_RecipientInfo) *ris = CMS_get0_RecipientInfos(cms);
  588. if (ris == NULL)
  589. goto err;
  590. if (nid == NID_undef) {
  591. switch (keylen) {
  592. case 16:
  593. nid = NID_id_aes128_wrap;
  594. break;
  595. case 24:
  596. nid = NID_id_aes192_wrap;
  597. break;
  598. case 32:
  599. nid = NID_id_aes256_wrap;
  600. break;
  601. default:
  602. ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
  603. goto err;
  604. }
  605. } else {
  606. size_t exp_keylen = aes_wrap_keylen(nid);
  607. if (!exp_keylen) {
  608. ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_KEK_ALGORITHM);
  609. goto err;
  610. }
  611. if (keylen != exp_keylen) {
  612. ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
  613. goto err;
  614. }
  615. }
  616. /* Initialize recipient info */
  617. ri = M_ASN1_new_of(CMS_RecipientInfo);
  618. if (!ri) {
  619. ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
  620. goto err;
  621. }
  622. ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
  623. if (!ri->d.kekri) {
  624. ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
  625. goto err;
  626. }
  627. ri->type = CMS_RECIPINFO_KEK;
  628. kekri = ri->d.kekri;
  629. if (otherTypeId) {
  630. kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
  631. if (kekri->kekid->other == NULL) {
  632. ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
  633. goto err;
  634. }
  635. }
  636. if (!sk_CMS_RecipientInfo_push(ris, ri)) {
  637. ERR_raise(ERR_LIB_CMS, ERR_R_CRYPTO_LIB);
  638. goto err;
  639. }
  640. /* After this point no calls can fail */
  641. kekri->version = 4;
  642. kekri->key = key;
  643. kekri->keylen = keylen;
  644. ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
  645. kekri->kekid->date = date;
  646. if (kekri->kekid->other) {
  647. kekri->kekid->other->keyAttrId = otherTypeId;
  648. kekri->kekid->other->keyAttr = otherType;
  649. }
  650. (void)X509_ALGOR_set0(kekri->keyEncryptionAlgorithm, OBJ_nid2obj(nid),
  651. V_ASN1_UNDEF, NULL); /* cannot fail */
  652. return ri;
  653. err:
  654. M_ASN1_free_of(ri, CMS_RecipientInfo);
  655. return NULL;
  656. }
  657. int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
  658. X509_ALGOR **palg,
  659. ASN1_OCTET_STRING **pid,
  660. ASN1_GENERALIZEDTIME **pdate,
  661. ASN1_OBJECT **potherid,
  662. ASN1_TYPE **pothertype)
  663. {
  664. CMS_KEKIdentifier *rkid;
  665. if (ri->type != CMS_RECIPINFO_KEK) {
  666. ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK);
  667. return 0;
  668. }
  669. rkid = ri->d.kekri->kekid;
  670. if (palg)
  671. *palg = ri->d.kekri->keyEncryptionAlgorithm;
  672. if (pid)
  673. *pid = rkid->keyIdentifier;
  674. if (pdate)
  675. *pdate = rkid->date;
  676. if (potherid) {
  677. if (rkid->other)
  678. *potherid = rkid->other->keyAttrId;
  679. else
  680. *potherid = NULL;
  681. }
  682. if (pothertype) {
  683. if (rkid->other)
  684. *pothertype = rkid->other->keyAttr;
  685. else
  686. *pothertype = NULL;
  687. }
  688. return 1;
  689. }
  690. int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
  691. unsigned char *key, size_t keylen)
  692. {
  693. CMS_KEKRecipientInfo *kekri;
  694. if (ri->type != CMS_RECIPINFO_KEK) {
  695. ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK);
  696. return 0;
  697. }
  698. kekri = ri->d.kekri;
  699. kekri->key = key;
  700. kekri->keylen = keylen;
  701. return 1;
  702. }
  703. static EVP_CIPHER *cms_get_key_wrap_cipher(size_t keylen, const CMS_CTX *ctx)
  704. {
  705. const char *alg = NULL;
  706. switch (keylen) {
  707. case 16:
  708. alg = "AES-128-WRAP";
  709. break;
  710. case 24:
  711. alg = "AES-192-WRAP";
  712. break;
  713. case 32:
  714. alg = "AES-256-WRAP";
  715. break;
  716. default:
  717. return NULL;
  718. }
  719. return EVP_CIPHER_fetch(ossl_cms_ctx_get0_libctx(ctx), alg,
  720. ossl_cms_ctx_get0_propq(ctx));
  721. }
  722. /* Encrypt content key in KEK recipient info */
  723. static int cms_RecipientInfo_kekri_encrypt(const CMS_ContentInfo *cms,
  724. CMS_RecipientInfo *ri)
  725. {
  726. CMS_EncryptedContentInfo *ec;
  727. CMS_KEKRecipientInfo *kekri;
  728. unsigned char *wkey = NULL;
  729. int wkeylen;
  730. int r = 0;
  731. EVP_CIPHER *cipher = NULL;
  732. int outlen = 0;
  733. EVP_CIPHER_CTX *ctx = NULL;
  734. const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms);
  735. ec = ossl_cms_get0_env_enc_content(cms);
  736. if (ec == NULL)
  737. return 0;
  738. kekri = ri->d.kekri;
  739. if (kekri->key == NULL) {
  740. ERR_raise(ERR_LIB_CMS, CMS_R_NO_KEY);
  741. return 0;
  742. }
  743. cipher = cms_get_key_wrap_cipher(kekri->keylen, cms_ctx);
  744. if (cipher == NULL) {
  745. ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
  746. goto err;
  747. }
  748. /* 8 byte prefix for AES wrap ciphers */
  749. wkey = OPENSSL_malloc(ec->keylen + 8);
  750. if (wkey == NULL)
  751. goto err;
  752. ctx = EVP_CIPHER_CTX_new();
  753. if (ctx == NULL) {
  754. ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB);
  755. goto err;
  756. }
  757. EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
  758. if (!EVP_EncryptInit_ex(ctx, cipher, NULL, kekri->key, NULL)
  759. || !EVP_EncryptUpdate(ctx, wkey, &wkeylen, ec->key, ec->keylen)
  760. || !EVP_EncryptFinal_ex(ctx, wkey + wkeylen, &outlen)) {
  761. ERR_raise(ERR_LIB_CMS, CMS_R_WRAP_ERROR);
  762. goto err;
  763. }
  764. wkeylen += outlen;
  765. if (!ossl_assert((size_t)wkeylen == ec->keylen + 8)) {
  766. ERR_raise(ERR_LIB_CMS, CMS_R_WRAP_ERROR);
  767. goto err;
  768. }
  769. ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
  770. r = 1;
  771. err:
  772. EVP_CIPHER_free(cipher);
  773. if (!r)
  774. OPENSSL_free(wkey);
  775. EVP_CIPHER_CTX_free(ctx);
  776. return r;
  777. }
  778. /* Decrypt content key in KEK recipient info */
  779. static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
  780. CMS_RecipientInfo *ri)
  781. {
  782. CMS_EncryptedContentInfo *ec;
  783. CMS_KEKRecipientInfo *kekri;
  784. unsigned char *ukey = NULL;
  785. int ukeylen;
  786. int r = 0, wrap_nid;
  787. EVP_CIPHER *cipher = NULL;
  788. int outlen = 0;
  789. EVP_CIPHER_CTX *ctx = NULL;
  790. const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms);
  791. ec = ossl_cms_get0_env_enc_content(cms);
  792. if (ec == NULL)
  793. return 0;
  794. kekri = ri->d.kekri;
  795. if (!kekri->key) {
  796. ERR_raise(ERR_LIB_CMS, CMS_R_NO_KEY);
  797. return 0;
  798. }
  799. wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
  800. if (aes_wrap_keylen(wrap_nid) != kekri->keylen) {
  801. ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
  802. return 0;
  803. }
  804. /* If encrypted key length is invalid don't bother */
  805. if (kekri->encryptedKey->length < 16) {
  806. ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
  807. goto err;
  808. }
  809. cipher = cms_get_key_wrap_cipher(kekri->keylen, cms_ctx);
  810. if (cipher == NULL) {
  811. ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
  812. goto err;
  813. }
  814. ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
  815. if (ukey == NULL)
  816. goto err;
  817. ctx = EVP_CIPHER_CTX_new();
  818. if (ctx == NULL) {
  819. ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB);
  820. goto err;
  821. }
  822. if (!EVP_DecryptInit_ex(ctx, cipher, NULL, kekri->key, NULL)
  823. || !EVP_DecryptUpdate(ctx, ukey, &ukeylen,
  824. kekri->encryptedKey->data,
  825. kekri->encryptedKey->length)
  826. || !EVP_DecryptFinal_ex(ctx, ukey + ukeylen, &outlen)) {
  827. ERR_raise(ERR_LIB_CMS, CMS_R_UNWRAP_ERROR);
  828. goto err;
  829. }
  830. ukeylen += outlen;
  831. OPENSSL_clear_free(ec->key, ec->keylen);
  832. ec->key = ukey;
  833. ec->keylen = ukeylen;
  834. r = 1;
  835. err:
  836. EVP_CIPHER_free(cipher);
  837. if (!r)
  838. OPENSSL_free(ukey);
  839. EVP_CIPHER_CTX_free(ctx);
  840. return r;
  841. }
  842. int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
  843. {
  844. switch (ri->type) {
  845. case CMS_RECIPINFO_TRANS:
  846. return cms_RecipientInfo_ktri_decrypt(cms, ri);
  847. case CMS_RECIPINFO_KEK:
  848. return cms_RecipientInfo_kekri_decrypt(cms, ri);
  849. case CMS_RECIPINFO_PASS:
  850. return ossl_cms_RecipientInfo_pwri_crypt(cms, ri, 0);
  851. default:
  852. ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE);
  853. return 0;
  854. }
  855. }
  856. int CMS_RecipientInfo_encrypt(const CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
  857. {
  858. switch (ri->type) {
  859. case CMS_RECIPINFO_TRANS:
  860. return cms_RecipientInfo_ktri_encrypt(cms, ri);
  861. case CMS_RECIPINFO_AGREE:
  862. return ossl_cms_RecipientInfo_kari_encrypt(cms, ri);
  863. case CMS_RECIPINFO_KEK:
  864. return cms_RecipientInfo_kekri_encrypt(cms, ri);
  865. case CMS_RECIPINFO_PASS:
  866. return ossl_cms_RecipientInfo_pwri_crypt(cms, ri, 1);
  867. default:
  868. ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
  869. return 0;
  870. }
  871. }
  872. /* Check structures and fixup version numbers (if necessary) */
  873. static void cms_env_set_originfo_version(CMS_EnvelopedData *env)
  874. {
  875. CMS_OriginatorInfo *org = env->originatorInfo;
  876. int i;
  877. if (org == NULL)
  878. return;
  879. for (i = 0; i < sk_CMS_CertificateChoices_num(org->certificates); i++) {
  880. CMS_CertificateChoices *cch;
  881. cch = sk_CMS_CertificateChoices_value(org->certificates, i);
  882. if (cch->type == CMS_CERTCHOICE_OTHER) {
  883. env->version = 4;
  884. return;
  885. } else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
  886. if (env->version < 3)
  887. env->version = 3;
  888. }
  889. }
  890. for (i = 0; i < sk_CMS_RevocationInfoChoice_num(org->crls); i++) {
  891. CMS_RevocationInfoChoice *rch;
  892. rch = sk_CMS_RevocationInfoChoice_value(org->crls, i);
  893. if (rch->type == CMS_REVCHOICE_OTHER) {
  894. env->version = 4;
  895. return;
  896. }
  897. }
  898. }
  899. static void cms_env_set_version(CMS_EnvelopedData *env)
  900. {
  901. int i;
  902. CMS_RecipientInfo *ri;
  903. /*
  904. * Can't set version higher than 4 so if 4 or more already nothing to do.
  905. */
  906. if (env->version >= 4)
  907. return;
  908. cms_env_set_originfo_version(env);
  909. if (env->version >= 3)
  910. return;
  911. for (i = 0; i < sk_CMS_RecipientInfo_num(env->recipientInfos); i++) {
  912. ri = sk_CMS_RecipientInfo_value(env->recipientInfos, i);
  913. if (ri->type == CMS_RECIPINFO_PASS || ri->type == CMS_RECIPINFO_OTHER) {
  914. env->version = 3;
  915. return;
  916. } else if (ri->type != CMS_RECIPINFO_TRANS
  917. || ri->d.ktri->version != 0) {
  918. env->version = 2;
  919. }
  920. }
  921. if (env->originatorInfo || env->unprotectedAttrs)
  922. env->version = 2;
  923. if (env->version == 2)
  924. return;
  925. env->version = 0;
  926. }
  927. static int cms_env_encrypt_content_key(const CMS_ContentInfo *cms,
  928. STACK_OF(CMS_RecipientInfo) *ris)
  929. {
  930. int i;
  931. CMS_RecipientInfo *ri;
  932. for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
  933. ri = sk_CMS_RecipientInfo_value(ris, i);
  934. if (CMS_RecipientInfo_encrypt(cms, ri) <= 0)
  935. return -1;
  936. }
  937. return 1;
  938. }
  939. static void cms_env_clear_ec(CMS_EncryptedContentInfo *ec)
  940. {
  941. ec->cipher = NULL;
  942. OPENSSL_clear_free(ec->key, ec->keylen);
  943. ec->key = NULL;
  944. ec->keylen = 0;
  945. }
  946. static BIO *cms_EnvelopedData_Decryption_init_bio(CMS_ContentInfo *cms)
  947. {
  948. CMS_EncryptedContentInfo *ec = cms->d.envelopedData->encryptedContentInfo;
  949. BIO *contentBio = ossl_cms_EncryptedContent_init_bio(ec,
  950. ossl_cms_get0_cmsctx(cms));
  951. EVP_CIPHER_CTX *ctx = NULL;
  952. if (contentBio == NULL)
  953. return NULL;
  954. BIO_get_cipher_ctx(contentBio, &ctx);
  955. if (ctx == NULL) {
  956. BIO_free(contentBio);
  957. return NULL;
  958. }
  959. /*
  960. * If the selected cipher supports unprotected attributes,
  961. * deal with it using special ctrl function
  962. */
  963. if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
  964. & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0
  965. && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED, 0,
  966. cms->d.envelopedData->unprotectedAttrs) <= 0) {
  967. BIO_free(contentBio);
  968. return NULL;
  969. }
  970. return contentBio;
  971. }
  972. static BIO *cms_EnvelopedData_Encryption_init_bio(CMS_ContentInfo *cms)
  973. {
  974. CMS_EncryptedContentInfo *ec;
  975. STACK_OF(CMS_RecipientInfo) *rinfos;
  976. int ok = 0;
  977. BIO *ret;
  978. CMS_EnvelopedData *env = cms->d.envelopedData;
  979. /* Get BIO first to set up key */
  980. ec = env->encryptedContentInfo;
  981. ret = ossl_cms_EncryptedContent_init_bio(ec, ossl_cms_get0_cmsctx(cms));
  982. /* If error end of processing */
  983. if (!ret)
  984. return ret;
  985. /* Now encrypt content key according to each RecipientInfo type */
  986. rinfos = env->recipientInfos;
  987. if (cms_env_encrypt_content_key(cms, rinfos) < 0) {
  988. ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_SETTING_RECIPIENTINFO);
  989. goto err;
  990. }
  991. /* And finally set the version */
  992. cms_env_set_version(env);
  993. ok = 1;
  994. err:
  995. cms_env_clear_ec(ec);
  996. if (ok)
  997. return ret;
  998. BIO_free(ret);
  999. return NULL;
  1000. }
  1001. BIO *ossl_cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
  1002. {
  1003. if (cms->d.envelopedData->encryptedContentInfo->cipher != NULL) {
  1004. /* If cipher is set it's encryption */
  1005. return cms_EnvelopedData_Encryption_init_bio(cms);
  1006. }
  1007. /* If cipher is not set it's decryption */
  1008. return cms_EnvelopedData_Decryption_init_bio(cms);
  1009. }
  1010. BIO *ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms)
  1011. {
  1012. CMS_EncryptedContentInfo *ec;
  1013. STACK_OF(CMS_RecipientInfo) *rinfos;
  1014. int ok = 0;
  1015. BIO *ret;
  1016. CMS_AuthEnvelopedData *aenv = cms->d.authEnvelopedData;
  1017. /* Get BIO first to set up key */
  1018. ec = aenv->authEncryptedContentInfo;
  1019. /* Set tag for decryption */
  1020. if (ec->cipher == NULL) {
  1021. ec->tag = aenv->mac->data;
  1022. ec->taglen = aenv->mac->length;
  1023. }
  1024. ret = ossl_cms_EncryptedContent_init_bio(ec, ossl_cms_get0_cmsctx(cms));
  1025. /* If error or no cipher end of processing */
  1026. if (ret == NULL || ec->cipher == NULL)
  1027. return ret;
  1028. /* Now encrypt content key according to each RecipientInfo type */
  1029. rinfos = aenv->recipientInfos;
  1030. if (cms_env_encrypt_content_key(cms, rinfos) < 0) {
  1031. ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_SETTING_RECIPIENTINFO);
  1032. goto err;
  1033. }
  1034. /* And finally set the version */
  1035. aenv->version = 0;
  1036. ok = 1;
  1037. err:
  1038. cms_env_clear_ec(ec);
  1039. if (ok)
  1040. return ret;
  1041. BIO_free(ret);
  1042. return NULL;
  1043. }
  1044. int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain)
  1045. {
  1046. CMS_EnvelopedData *env = NULL;
  1047. EVP_CIPHER_CTX *ctx = NULL;
  1048. BIO *mbio = BIO_find_type(chain, BIO_TYPE_CIPHER);
  1049. env = ossl_cms_get0_enveloped(cms);
  1050. if (env == NULL)
  1051. return 0;
  1052. if (mbio == NULL) {
  1053. ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_NOT_FOUND);
  1054. return 0;
  1055. }
  1056. BIO_get_cipher_ctx(mbio, &ctx);
  1057. /*
  1058. * If the selected cipher supports unprotected attributes,
  1059. * deal with it using special ctrl function
  1060. */
  1061. if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
  1062. & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) {
  1063. if (env->unprotectedAttrs == NULL)
  1064. env->unprotectedAttrs = sk_X509_ATTRIBUTE_new_null();
  1065. if (env->unprotectedAttrs == NULL) {
  1066. ERR_raise(ERR_LIB_CMS, ERR_R_CRYPTO_LIB);
  1067. return 0;
  1068. }
  1069. if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED,
  1070. 1, env->unprotectedAttrs) <= 0) {
  1071. ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_FAILURE);
  1072. return 0;
  1073. }
  1074. }
  1075. cms_env_set_version(cms->d.envelopedData);
  1076. return 1;
  1077. }
  1078. int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio)
  1079. {
  1080. EVP_CIPHER_CTX *ctx;
  1081. unsigned char *tag = NULL;
  1082. int taglen, ok = 0;
  1083. BIO_get_cipher_ctx(cmsbio, &ctx);
  1084. /*
  1085. * The tag is set only for encryption. There is nothing to do for
  1086. * decryption.
  1087. */
  1088. if (!EVP_CIPHER_CTX_is_encrypting(ctx))
  1089. return 1;
  1090. taglen = EVP_CIPHER_CTX_get_tag_length(ctx);
  1091. if (taglen <= 0
  1092. || (tag = OPENSSL_malloc(taglen)) == NULL
  1093. || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen,
  1094. tag) <= 0) {
  1095. ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_GET_TAG);
  1096. goto err;
  1097. }
  1098. if (!ASN1_OCTET_STRING_set(cms->d.authEnvelopedData->mac, tag, taglen))
  1099. goto err;
  1100. ok = 1;
  1101. err:
  1102. OPENSSL_free(tag);
  1103. return ok;
  1104. }
  1105. /*
  1106. * Get RecipientInfo type (if any) supported by a key (public or private). To
  1107. * retain compatibility with previous behaviour if the ctrl value isn't
  1108. * supported we assume key transport.
  1109. */
  1110. int ossl_cms_pkey_get_ri_type(EVP_PKEY *pk)
  1111. {
  1112. /* Check types that we know about */
  1113. if (EVP_PKEY_is_a(pk, "DH"))
  1114. return CMS_RECIPINFO_AGREE;
  1115. else if (EVP_PKEY_is_a(pk, "DHX"))
  1116. return CMS_RECIPINFO_AGREE;
  1117. else if (EVP_PKEY_is_a(pk, "DSA"))
  1118. return CMS_RECIPINFO_NONE;
  1119. else if (EVP_PKEY_is_a(pk, "EC"))
  1120. return CMS_RECIPINFO_AGREE;
  1121. else if (EVP_PKEY_is_a(pk, "RSA"))
  1122. return CMS_RECIPINFO_TRANS;
  1123. /*
  1124. * Otherwise this might ben an engine implementation, so see if we can get
  1125. * the type from the ameth.
  1126. */
  1127. if (pk->ameth && pk->ameth->pkey_ctrl) {
  1128. int i, r;
  1129. i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_RI_TYPE, 0, &r);
  1130. if (i > 0)
  1131. return r;
  1132. }
  1133. return CMS_RECIPINFO_TRANS;
  1134. }
  1135. int ossl_cms_pkey_is_ri_type_supported(EVP_PKEY *pk, int ri_type)
  1136. {
  1137. int supportedRiType;
  1138. if (pk->ameth != NULL && pk->ameth->pkey_ctrl != NULL) {
  1139. int i, r;
  1140. i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_IS_RI_TYPE_SUPPORTED,
  1141. ri_type, &r);
  1142. if (i > 0)
  1143. return r;
  1144. }
  1145. supportedRiType = ossl_cms_pkey_get_ri_type(pk);
  1146. if (supportedRiType < 0)
  1147. return 0;
  1148. return (supportedRiType == ri_type);
  1149. }