cms_sd.c 30 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032
  1. /*
  2. * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include "internal/cryptlib.h"
  10. #include <openssl/asn1t.h>
  11. #include <openssl/pem.h>
  12. #include <openssl/x509.h>
  13. #include <openssl/x509v3.h>
  14. #include <openssl/err.h>
  15. #include <openssl/cms.h>
  16. #include <openssl/ess.h>
  17. #include "cms_local.h"
  18. #include "crypto/asn1.h"
  19. #include "crypto/evp.h"
  20. #include "crypto/cms.h"
  21. #include "crypto/ess.h"
  22. #include "crypto/x509.h" /* for ossl_x509_add_cert_new() */
  23. /* CMS SignedData Utilities */
  24. static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
  25. {
  26. if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) {
  27. ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA);
  28. return NULL;
  29. }
  30. return cms->d.signedData;
  31. }
  32. static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
  33. {
  34. if (cms->d.other == NULL) {
  35. cms->d.signedData = M_ASN1_new_of(CMS_SignedData);
  36. if (!cms->d.signedData) {
  37. ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
  38. return NULL;
  39. }
  40. cms->d.signedData->version = 1;
  41. cms->d.signedData->encapContentInfo->eContentType =
  42. OBJ_nid2obj(NID_pkcs7_data);
  43. cms->d.signedData->encapContentInfo->partial = 1;
  44. ASN1_OBJECT_free(cms->contentType);
  45. cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
  46. return cms->d.signedData;
  47. }
  48. return cms_get0_signed(cms);
  49. }
  50. /* Just initialise SignedData e.g. for certs only structure */
  51. int CMS_SignedData_init(CMS_ContentInfo *cms)
  52. {
  53. if (cms_signed_data_init(cms))
  54. return 1;
  55. else
  56. return 0;
  57. }
  58. /* Check structures and fixup version numbers (if necessary) */
  59. static void cms_sd_set_version(CMS_SignedData *sd)
  60. {
  61. int i;
  62. CMS_CertificateChoices *cch;
  63. CMS_RevocationInfoChoice *rch;
  64. CMS_SignerInfo *si;
  65. for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++) {
  66. cch = sk_CMS_CertificateChoices_value(sd->certificates, i);
  67. if (cch->type == CMS_CERTCHOICE_OTHER) {
  68. if (sd->version < 5)
  69. sd->version = 5;
  70. } else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
  71. if (sd->version < 4)
  72. sd->version = 4;
  73. } else if (cch->type == CMS_CERTCHOICE_V1ACERT) {
  74. if (sd->version < 3)
  75. sd->version = 3;
  76. }
  77. }
  78. for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++) {
  79. rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i);
  80. if (rch->type == CMS_REVCHOICE_OTHER) {
  81. if (sd->version < 5)
  82. sd->version = 5;
  83. }
  84. }
  85. if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data)
  86. && (sd->version < 3))
  87. sd->version = 3;
  88. for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) {
  89. si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
  90. if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
  91. if (si->version < 3)
  92. si->version = 3;
  93. if (sd->version < 3)
  94. sd->version = 3;
  95. } else if (si->version < 1)
  96. si->version = 1;
  97. }
  98. if (sd->version < 1)
  99. sd->version = 1;
  100. }
  101. /*
  102. * RFC 5652 Section 11.1 Content Type
  103. * The content-type attribute within signed-data MUST
  104. * 1) be present if there are signed attributes
  105. * 2) match the content type in the signed-data,
  106. * 3) be a signed attribute.
  107. * 4) not have more than one copy of the attribute.
  108. *
  109. * Note that since the CMS_SignerInfo_sign() always adds the "signing time"
  110. * attribute, the content type attribute MUST be added also.
  111. * Assumptions: This assumes that the attribute does not already exist.
  112. */
  113. static int cms_set_si_contentType_attr(CMS_ContentInfo *cms, CMS_SignerInfo *si)
  114. {
  115. ASN1_OBJECT *ctype = cms->d.signedData->encapContentInfo->eContentType;
  116. /* Add the contentType attribute */
  117. return CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
  118. V_ASN1_OBJECT, ctype, -1) > 0;
  119. }
  120. /* Copy an existing messageDigest value */
  121. static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
  122. {
  123. STACK_OF(CMS_SignerInfo) *sinfos;
  124. CMS_SignerInfo *sitmp;
  125. int i;
  126. sinfos = CMS_get0_SignerInfos(cms);
  127. for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
  128. ASN1_OCTET_STRING *messageDigest;
  129. sitmp = sk_CMS_SignerInfo_value(sinfos, i);
  130. if (sitmp == si)
  131. continue;
  132. if (CMS_signed_get_attr_count(sitmp) < 0)
  133. continue;
  134. if (OBJ_cmp(si->digestAlgorithm->algorithm,
  135. sitmp->digestAlgorithm->algorithm))
  136. continue;
  137. messageDigest = CMS_signed_get0_data_by_OBJ(sitmp,
  138. OBJ_nid2obj
  139. (NID_pkcs9_messageDigest),
  140. -3, V_ASN1_OCTET_STRING);
  141. if (!messageDigest) {
  142. ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
  143. return 0;
  144. }
  145. if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
  146. V_ASN1_OCTET_STRING,
  147. messageDigest, -1))
  148. return 1;
  149. else
  150. return 0;
  151. }
  152. ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_DIGEST);
  153. return 0;
  154. }
  155. int ossl_cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert,
  156. int type, const CMS_CTX *ctx)
  157. {
  158. switch (type) {
  159. case CMS_SIGNERINFO_ISSUER_SERIAL:
  160. if (!ossl_cms_set1_ias(&sid->d.issuerAndSerialNumber, cert))
  161. return 0;
  162. break;
  163. case CMS_SIGNERINFO_KEYIDENTIFIER:
  164. if (!ossl_cms_set1_keyid(&sid->d.subjectKeyIdentifier, cert))
  165. return 0;
  166. break;
  167. default:
  168. ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_ID);
  169. return 0;
  170. }
  171. sid->type = type;
  172. return 1;
  173. }
  174. int ossl_cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
  175. ASN1_OCTET_STRING **keyid,
  176. X509_NAME **issuer,
  177. ASN1_INTEGER **sno)
  178. {
  179. if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) {
  180. if (issuer)
  181. *issuer = sid->d.issuerAndSerialNumber->issuer;
  182. if (sno)
  183. *sno = sid->d.issuerAndSerialNumber->serialNumber;
  184. } else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
  185. if (keyid)
  186. *keyid = sid->d.subjectKeyIdentifier;
  187. } else
  188. return 0;
  189. return 1;
  190. }
  191. int ossl_cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
  192. {
  193. if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
  194. return ossl_cms_ias_cert_cmp(sid->d.issuerAndSerialNumber, cert);
  195. else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
  196. return ossl_cms_keyid_cert_cmp(sid->d.subjectKeyIdentifier, cert);
  197. else
  198. return -1;
  199. }
  200. static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd)
  201. {
  202. EVP_PKEY *pkey = si->pkey;
  203. int i;
  204. if (EVP_PKEY_is_a(pkey, "DSA") || EVP_PKEY_is_a(pkey, "EC"))
  205. return ossl_cms_ecdsa_dsa_sign(si, cmd);
  206. else if (EVP_PKEY_is_a(pkey, "RSA") || EVP_PKEY_is_a(pkey, "RSA-PSS"))
  207. return ossl_cms_rsa_sign(si, cmd);
  208. /* Something else? We'll give engines etc a chance to handle this */
  209. if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL)
  210. return 1;
  211. i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_SIGN, cmd, si);
  212. if (i == -2) {
  213. ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
  214. return 0;
  215. }
  216. if (i <= 0) {
  217. ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_FAILURE);
  218. return 0;
  219. }
  220. return 1;
  221. }
  222. CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
  223. X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
  224. unsigned int flags)
  225. {
  226. CMS_SignedData *sd;
  227. CMS_SignerInfo *si = NULL;
  228. X509_ALGOR *alg;
  229. int i, type;
  230. const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
  231. if (!X509_check_private_key(signer, pk)) {
  232. ERR_raise(ERR_LIB_CMS, CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
  233. return NULL;
  234. }
  235. sd = cms_signed_data_init(cms);
  236. if (!sd)
  237. goto err;
  238. si = M_ASN1_new_of(CMS_SignerInfo);
  239. if (!si)
  240. goto merr;
  241. /* Call for side-effect of computing hash and caching extensions */
  242. X509_check_purpose(signer, -1, -1);
  243. X509_up_ref(signer);
  244. EVP_PKEY_up_ref(pk);
  245. si->cms_ctx = ctx;
  246. si->pkey = pk;
  247. si->signer = signer;
  248. si->mctx = EVP_MD_CTX_new();
  249. si->pctx = NULL;
  250. if (si->mctx == NULL) {
  251. ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
  252. goto err;
  253. }
  254. if (flags & CMS_USE_KEYID) {
  255. si->version = 3;
  256. if (sd->version < 3)
  257. sd->version = 3;
  258. type = CMS_SIGNERINFO_KEYIDENTIFIER;
  259. } else {
  260. type = CMS_SIGNERINFO_ISSUER_SERIAL;
  261. si->version = 1;
  262. }
  263. if (!ossl_cms_set1_SignerIdentifier(si->sid, signer, type, ctx))
  264. goto err;
  265. if (md == NULL) {
  266. int def_nid;
  267. if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
  268. goto err;
  269. md = EVP_get_digestbynid(def_nid);
  270. if (md == NULL) {
  271. ERR_raise(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST);
  272. goto err;
  273. }
  274. }
  275. if (!md) {
  276. ERR_raise(ERR_LIB_CMS, CMS_R_NO_DIGEST_SET);
  277. goto err;
  278. }
  279. if (md == NULL) {
  280. ERR_raise(ERR_LIB_CMS, CMS_R_NO_DIGEST_SET);
  281. goto err;
  282. }
  283. X509_ALGOR_set_md(si->digestAlgorithm, md);
  284. /* See if digest is present in digestAlgorithms */
  285. for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
  286. const ASN1_OBJECT *aoid;
  287. alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
  288. X509_ALGOR_get0(&aoid, NULL, NULL, alg);
  289. if (OBJ_obj2nid(aoid) == EVP_MD_type(md))
  290. break;
  291. }
  292. if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) {
  293. alg = X509_ALGOR_new();
  294. if (alg == NULL)
  295. goto merr;
  296. X509_ALGOR_set_md(alg, md);
  297. if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) {
  298. X509_ALGOR_free(alg);
  299. goto merr;
  300. }
  301. }
  302. if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0))
  303. goto err;
  304. if (!(flags & CMS_NOATTR)) {
  305. /*
  306. * Initialize signed attributes structure so other attributes
  307. * such as signing time etc are added later even if we add none here.
  308. */
  309. if (!si->signedAttrs) {
  310. si->signedAttrs = sk_X509_ATTRIBUTE_new_null();
  311. if (!si->signedAttrs)
  312. goto merr;
  313. }
  314. if (!(flags & CMS_NOSMIMECAP)) {
  315. STACK_OF(X509_ALGOR) *smcap = NULL;
  316. i = CMS_add_standard_smimecap(&smcap);
  317. if (i)
  318. i = CMS_add_smimecap(si, smcap);
  319. sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
  320. if (!i)
  321. goto merr;
  322. }
  323. if (flags & CMS_CADES) {
  324. ESS_SIGNING_CERT *sc = NULL;
  325. ESS_SIGNING_CERT_V2 *sc2 = NULL;
  326. int add_sc;
  327. if (md == NULL || EVP_MD_is_a(md, SN_sha1)) {
  328. if ((sc = ossl_ess_signing_cert_new_init(signer,
  329. NULL, 1)) == NULL)
  330. goto err;
  331. add_sc = ossl_cms_add1_signing_cert(si, sc);
  332. ESS_SIGNING_CERT_free(sc);
  333. } else {
  334. if ((sc2 = ossl_ess_signing_cert_v2_new_init(md, signer,
  335. NULL, 1)) == NULL)
  336. goto err;
  337. add_sc = ossl_cms_add1_signing_cert_v2(si, sc2);
  338. ESS_SIGNING_CERT_V2_free(sc2);
  339. }
  340. if (!add_sc)
  341. goto err;
  342. }
  343. if (flags & CMS_REUSE_DIGEST) {
  344. if (!cms_copy_messageDigest(cms, si))
  345. goto err;
  346. if (!cms_set_si_contentType_attr(cms, si))
  347. goto err;
  348. if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) &&
  349. !CMS_SignerInfo_sign(si))
  350. goto err;
  351. }
  352. }
  353. if (!(flags & CMS_NOCERTS)) {
  354. /* NB ignore -1 return for duplicate cert */
  355. if (!CMS_add1_cert(cms, signer))
  356. goto merr;
  357. }
  358. if (flags & CMS_KEY_PARAM) {
  359. if (flags & CMS_NOATTR) {
  360. si->pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx),
  361. si->pkey,
  362. ossl_cms_ctx_get0_propq(ctx));
  363. if (si->pctx == NULL)
  364. goto err;
  365. if (EVP_PKEY_sign_init(si->pctx) <= 0)
  366. goto err;
  367. if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0)
  368. goto err;
  369. } else if (EVP_DigestSignInit_ex(si->mctx, &si->pctx, EVP_MD_name(md),
  370. ossl_cms_ctx_get0_libctx(ctx),
  371. ossl_cms_ctx_get0_propq(ctx),
  372. pk, NULL) <= 0) {
  373. goto err;
  374. }
  375. }
  376. if (!sd->signerInfos)
  377. sd->signerInfos = sk_CMS_SignerInfo_new_null();
  378. if (!sd->signerInfos || !sk_CMS_SignerInfo_push(sd->signerInfos, si))
  379. goto merr;
  380. return si;
  381. merr:
  382. ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
  383. err:
  384. M_ASN1_free_of(si, CMS_SignerInfo);
  385. return NULL;
  386. }
  387. void ossl_cms_SignerInfos_set_cmsctx(CMS_ContentInfo *cms)
  388. {
  389. int i;
  390. CMS_SignerInfo *si;
  391. STACK_OF(CMS_SignerInfo) *sinfos = CMS_get0_SignerInfos(cms);
  392. const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
  393. for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
  394. si = sk_CMS_SignerInfo_value(sinfos, i);
  395. if (si != NULL)
  396. si->cms_ctx = ctx;
  397. }
  398. }
  399. static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
  400. {
  401. ASN1_TIME *tt;
  402. int r = 0;
  403. if (t != NULL)
  404. tt = t;
  405. else
  406. tt = X509_gmtime_adj(NULL, 0);
  407. if (tt == NULL)
  408. goto merr;
  409. if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime,
  410. tt->type, tt, -1) <= 0)
  411. goto merr;
  412. r = 1;
  413. merr:
  414. if (t == NULL)
  415. ASN1_TIME_free(tt);
  416. if (!r)
  417. ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
  418. return r;
  419. }
  420. EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si)
  421. {
  422. return si->pctx;
  423. }
  424. EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si)
  425. {
  426. return si->mctx;
  427. }
  428. STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms)
  429. {
  430. CMS_SignedData *sd = cms_get0_signed(cms);
  431. return sd != NULL ? sd->signerInfos : NULL;
  432. }
  433. STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
  434. {
  435. STACK_OF(X509) *signers = NULL;
  436. STACK_OF(CMS_SignerInfo) *sinfos;
  437. CMS_SignerInfo *si;
  438. int i;
  439. sinfos = CMS_get0_SignerInfos(cms);
  440. for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
  441. si = sk_CMS_SignerInfo_value(sinfos, i);
  442. if (si->signer != NULL) {
  443. if (!ossl_x509_add_cert_new(&signers, si->signer,
  444. X509_ADD_FLAG_DEFAULT)) {
  445. sk_X509_free(signers);
  446. return NULL;
  447. }
  448. }
  449. }
  450. return signers;
  451. }
  452. void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
  453. {
  454. if (signer != NULL) {
  455. X509_up_ref(signer);
  456. EVP_PKEY_free(si->pkey);
  457. si->pkey = X509_get_pubkey(signer);
  458. }
  459. X509_free(si->signer);
  460. si->signer = signer;
  461. }
  462. int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
  463. ASN1_OCTET_STRING **keyid,
  464. X509_NAME **issuer, ASN1_INTEGER **sno)
  465. {
  466. return ossl_cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno);
  467. }
  468. int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert)
  469. {
  470. return ossl_cms_SignerIdentifier_cert_cmp(si->sid, cert);
  471. }
  472. int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
  473. unsigned int flags)
  474. {
  475. CMS_SignedData *sd;
  476. CMS_SignerInfo *si;
  477. CMS_CertificateChoices *cch;
  478. STACK_OF(CMS_CertificateChoices) *certs;
  479. X509 *x;
  480. int i, j;
  481. int ret = 0;
  482. sd = cms_get0_signed(cms);
  483. if (sd == NULL)
  484. return -1;
  485. certs = sd->certificates;
  486. for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) {
  487. si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
  488. if (si->signer != NULL)
  489. continue;
  490. for (j = 0; j < sk_X509_num(scerts); j++) {
  491. x = sk_X509_value(scerts, j);
  492. if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
  493. CMS_SignerInfo_set1_signer_cert(si, x);
  494. ret++;
  495. break;
  496. }
  497. }
  498. if (si->signer != NULL || (flags & CMS_NOINTERN))
  499. continue;
  500. for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) {
  501. cch = sk_CMS_CertificateChoices_value(certs, j);
  502. if (cch->type != 0)
  503. continue;
  504. x = cch->d.certificate;
  505. if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
  506. CMS_SignerInfo_set1_signer_cert(si, x);
  507. ret++;
  508. break;
  509. }
  510. }
  511. }
  512. return ret;
  513. }
  514. void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
  515. X509 **signer, X509_ALGOR **pdig,
  516. X509_ALGOR **psig)
  517. {
  518. if (pk != NULL)
  519. *pk = si->pkey;
  520. if (signer != NULL)
  521. *signer = si->signer;
  522. if (pdig != NULL)
  523. *pdig = si->digestAlgorithm;
  524. if (psig != NULL)
  525. *psig = si->signatureAlgorithm;
  526. }
  527. ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si)
  528. {
  529. return si->signature;
  530. }
  531. static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
  532. CMS_SignerInfo *si, BIO *chain)
  533. {
  534. EVP_MD_CTX *mctx = EVP_MD_CTX_new();
  535. int r = 0;
  536. EVP_PKEY_CTX *pctx = NULL;
  537. const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
  538. if (mctx == NULL) {
  539. ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
  540. return 0;
  541. }
  542. if (si->pkey == NULL) {
  543. ERR_raise(ERR_LIB_CMS, CMS_R_NO_PRIVATE_KEY);
  544. goto err;
  545. }
  546. if (!ossl_cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
  547. goto err;
  548. /* Set SignerInfo algorithm details if we used custom parameter */
  549. if (si->pctx && !cms_sd_asn1_ctrl(si, 0))
  550. goto err;
  551. /*
  552. * If any signed attributes calculate and add messageDigest attribute
  553. */
  554. if (CMS_signed_get_attr_count(si) >= 0) {
  555. unsigned char md[EVP_MAX_MD_SIZE];
  556. unsigned int mdlen;
  557. if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
  558. goto err;
  559. if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
  560. V_ASN1_OCTET_STRING, md, mdlen))
  561. goto err;
  562. /* Copy content type across */
  563. if (!cms_set_si_contentType_attr(cms, si))
  564. goto err;
  565. if (!CMS_SignerInfo_sign(si))
  566. goto err;
  567. } else if (si->pctx) {
  568. unsigned char *sig;
  569. size_t siglen;
  570. unsigned char md[EVP_MAX_MD_SIZE];
  571. unsigned int mdlen;
  572. pctx = si->pctx;
  573. if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
  574. goto err;
  575. siglen = EVP_PKEY_size(si->pkey);
  576. sig = OPENSSL_malloc(siglen);
  577. if (sig == NULL) {
  578. ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
  579. goto err;
  580. }
  581. if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0) {
  582. OPENSSL_free(sig);
  583. goto err;
  584. }
  585. ASN1_STRING_set0(si->signature, sig, siglen);
  586. } else {
  587. unsigned char *sig;
  588. unsigned int siglen;
  589. sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey));
  590. if (sig == NULL) {
  591. ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
  592. goto err;
  593. }
  594. if (!EVP_SignFinal_ex(mctx, sig, &siglen, si->pkey,
  595. ossl_cms_ctx_get0_libctx(ctx),
  596. ossl_cms_ctx_get0_propq(ctx))) {
  597. ERR_raise(ERR_LIB_CMS, CMS_R_SIGNFINAL_ERROR);
  598. OPENSSL_free(sig);
  599. goto err;
  600. }
  601. ASN1_STRING_set0(si->signature, sig, siglen);
  602. }
  603. r = 1;
  604. err:
  605. EVP_MD_CTX_free(mctx);
  606. EVP_PKEY_CTX_free(pctx);
  607. return r;
  608. }
  609. int ossl_cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
  610. {
  611. STACK_OF(CMS_SignerInfo) *sinfos;
  612. CMS_SignerInfo *si;
  613. int i;
  614. sinfos = CMS_get0_SignerInfos(cms);
  615. for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
  616. si = sk_CMS_SignerInfo_value(sinfos, i);
  617. if (!cms_SignerInfo_content_sign(cms, si, chain))
  618. return 0;
  619. }
  620. cms->d.signedData->encapContentInfo->partial = 0;
  621. return 1;
  622. }
  623. int CMS_SignerInfo_sign(CMS_SignerInfo *si)
  624. {
  625. EVP_MD_CTX *mctx = si->mctx;
  626. EVP_PKEY_CTX *pctx = NULL;
  627. unsigned char *abuf = NULL;
  628. int alen;
  629. size_t siglen;
  630. const CMS_CTX *ctx = si->cms_ctx;
  631. const char *md_name = OBJ_nid2sn(OBJ_obj2nid(si->digestAlgorithm->algorithm));
  632. if (md_name == NULL)
  633. return 0;
  634. if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) {
  635. if (!cms_add1_signingTime(si, NULL))
  636. goto err;
  637. }
  638. if (!ossl_cms_si_check_attributes(si))
  639. goto err;
  640. if (si->pctx)
  641. pctx = si->pctx;
  642. else {
  643. EVP_MD_CTX_reset(mctx);
  644. if (EVP_DigestSignInit_ex(mctx, &pctx, md_name,
  645. ossl_cms_ctx_get0_libctx(ctx),
  646. ossl_cms_ctx_get0_propq(ctx), si->pkey,
  647. NULL) <= 0)
  648. goto err;
  649. si->pctx = pctx;
  650. }
  651. alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
  652. ASN1_ITEM_rptr(CMS_Attributes_Sign));
  653. if (!abuf)
  654. goto err;
  655. if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0)
  656. goto err;
  657. if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0)
  658. goto err;
  659. OPENSSL_free(abuf);
  660. abuf = OPENSSL_malloc(siglen);
  661. if (abuf == NULL)
  662. goto err;
  663. if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0)
  664. goto err;
  665. EVP_MD_CTX_reset(mctx);
  666. ASN1_STRING_set0(si->signature, abuf, siglen);
  667. return 1;
  668. err:
  669. OPENSSL_free(abuf);
  670. EVP_MD_CTX_reset(mctx);
  671. return 0;
  672. }
  673. int CMS_SignerInfo_verify(CMS_SignerInfo *si)
  674. {
  675. EVP_MD_CTX *mctx = NULL;
  676. unsigned char *abuf = NULL;
  677. int alen, r = -1;
  678. const char *name;
  679. const EVP_MD *md;
  680. EVP_MD *fetched_md = NULL;
  681. const CMS_CTX *ctx = si->cms_ctx;
  682. OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(ctx);
  683. const char *propq = ossl_cms_ctx_get0_propq(ctx);
  684. if (si->pkey == NULL) {
  685. ERR_raise(ERR_LIB_CMS, CMS_R_NO_PUBLIC_KEY);
  686. return -1;
  687. }
  688. if (!ossl_cms_si_check_attributes(si))
  689. return -1;
  690. name = OBJ_nid2sn(OBJ_obj2nid(si->digestAlgorithm->algorithm));
  691. (void)ERR_set_mark();
  692. fetched_md = EVP_MD_fetch(libctx, name, propq);
  693. if (fetched_md != NULL)
  694. md = fetched_md;
  695. else
  696. md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
  697. if (md == NULL) {
  698. (void)ERR_clear_last_mark();
  699. ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_DIGEST_ALGORITHM);
  700. return -1;
  701. }
  702. (void)ERR_pop_to_mark();
  703. if (si->mctx == NULL && (si->mctx = EVP_MD_CTX_new()) == NULL) {
  704. ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
  705. goto err;
  706. }
  707. mctx = si->mctx;
  708. if (EVP_DigestVerifyInit_ex(mctx, &si->pctx, EVP_MD_name(md), libctx,
  709. propq, si->pkey, NULL) <= 0)
  710. goto err;
  711. if (!cms_sd_asn1_ctrl(si, 1))
  712. goto err;
  713. alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
  714. ASN1_ITEM_rptr(CMS_Attributes_Verify));
  715. if (abuf == NULL || alen < 0)
  716. goto err;
  717. r = EVP_DigestVerifyUpdate(mctx, abuf, alen);
  718. OPENSSL_free(abuf);
  719. if (r <= 0) {
  720. r = -1;
  721. goto err;
  722. }
  723. r = EVP_DigestVerifyFinal(mctx,
  724. si->signature->data, si->signature->length);
  725. if (r <= 0)
  726. ERR_raise(ERR_LIB_CMS, CMS_R_VERIFICATION_FAILURE);
  727. err:
  728. EVP_MD_free(fetched_md);
  729. EVP_MD_CTX_reset(mctx);
  730. return r;
  731. }
  732. /* Create a chain of digest BIOs from a CMS ContentInfo */
  733. BIO *ossl_cms_SignedData_init_bio(CMS_ContentInfo *cms)
  734. {
  735. int i;
  736. CMS_SignedData *sd;
  737. BIO *chain = NULL;
  738. sd = cms_get0_signed(cms);
  739. if (sd == NULL)
  740. return NULL;
  741. if (cms->d.signedData->encapContentInfo->partial)
  742. cms_sd_set_version(sd);
  743. for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
  744. X509_ALGOR *digestAlgorithm;
  745. BIO *mdbio;
  746. digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
  747. mdbio = ossl_cms_DigestAlgorithm_init_bio(digestAlgorithm,
  748. ossl_cms_get0_cmsctx(cms));
  749. if (mdbio == NULL)
  750. goto err;
  751. if (chain != NULL)
  752. BIO_push(chain, mdbio);
  753. else
  754. chain = mdbio;
  755. }
  756. return chain;
  757. err:
  758. BIO_free_all(chain);
  759. return NULL;
  760. }
  761. int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
  762. {
  763. ASN1_OCTET_STRING *os = NULL;
  764. EVP_MD_CTX *mctx = EVP_MD_CTX_new();
  765. EVP_PKEY_CTX *pkctx = NULL;
  766. int r = -1;
  767. unsigned char mval[EVP_MAX_MD_SIZE];
  768. unsigned int mlen;
  769. if (mctx == NULL) {
  770. ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
  771. goto err;
  772. }
  773. /* If we have any signed attributes look for messageDigest value */
  774. if (CMS_signed_get_attr_count(si) >= 0) {
  775. os = CMS_signed_get0_data_by_OBJ(si,
  776. OBJ_nid2obj(NID_pkcs9_messageDigest),
  777. -3, V_ASN1_OCTET_STRING);
  778. if (os == NULL) {
  779. ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
  780. goto err;
  781. }
  782. }
  783. if (!ossl_cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
  784. goto err;
  785. if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) {
  786. ERR_raise(ERR_LIB_CMS, CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
  787. goto err;
  788. }
  789. /* If messageDigest found compare it */
  790. if (os != NULL) {
  791. if (mlen != (unsigned int)os->length) {
  792. ERR_raise(ERR_LIB_CMS, CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
  793. goto err;
  794. }
  795. if (memcmp(mval, os->data, mlen)) {
  796. ERR_raise(ERR_LIB_CMS, CMS_R_VERIFICATION_FAILURE);
  797. r = 0;
  798. } else
  799. r = 1;
  800. } else {
  801. const EVP_MD *md = EVP_MD_CTX_md(mctx);
  802. const CMS_CTX *ctx = si->cms_ctx;
  803. pkctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx),
  804. si->pkey,
  805. ossl_cms_ctx_get0_propq(ctx));
  806. if (pkctx == NULL)
  807. goto err;
  808. if (EVP_PKEY_verify_init(pkctx) <= 0)
  809. goto err;
  810. if (EVP_PKEY_CTX_set_signature_md(pkctx, md) <= 0)
  811. goto err;
  812. si->pctx = pkctx;
  813. if (!cms_sd_asn1_ctrl(si, 1))
  814. goto err;
  815. r = EVP_PKEY_verify(pkctx, si->signature->data,
  816. si->signature->length, mval, mlen);
  817. if (r <= 0) {
  818. ERR_raise(ERR_LIB_CMS, CMS_R_VERIFICATION_FAILURE);
  819. r = 0;
  820. }
  821. }
  822. err:
  823. EVP_PKEY_CTX_free(pkctx);
  824. EVP_MD_CTX_free(mctx);
  825. return r;
  826. }
  827. int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
  828. {
  829. unsigned char *smder = NULL;
  830. int smderlen, r;
  831. smderlen = i2d_X509_ALGORS(algs, &smder);
  832. if (smderlen <= 0)
  833. return 0;
  834. r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities,
  835. V_ASN1_SEQUENCE, smder, smderlen);
  836. OPENSSL_free(smder);
  837. return r;
  838. }
  839. int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
  840. int algnid, int keysize)
  841. {
  842. X509_ALGOR *alg;
  843. ASN1_INTEGER *key = NULL;
  844. if (keysize > 0) {
  845. key = ASN1_INTEGER_new();
  846. if (key == NULL || !ASN1_INTEGER_set(key, keysize)) {
  847. ASN1_INTEGER_free(key);
  848. return 0;
  849. }
  850. }
  851. alg = X509_ALGOR_new();
  852. if (alg == NULL) {
  853. ASN1_INTEGER_free(key);
  854. return 0;
  855. }
  856. X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
  857. key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
  858. if (*algs == NULL)
  859. *algs = sk_X509_ALGOR_new_null();
  860. if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) {
  861. X509_ALGOR_free(alg);
  862. return 0;
  863. }
  864. return 1;
  865. }
  866. /* Check to see if a cipher exists and if so add S/MIME capabilities */
  867. static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
  868. {
  869. if (EVP_get_cipherbynid(nid))
  870. return CMS_add_simple_smimecap(sk, nid, arg);
  871. return 1;
  872. }
  873. static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
  874. {
  875. if (EVP_get_digestbynid(nid))
  876. return CMS_add_simple_smimecap(sk, nid, arg);
  877. return 1;
  878. }
  879. int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
  880. {
  881. if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
  882. || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1)
  883. || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1)
  884. || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
  885. || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
  886. || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
  887. || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
  888. || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
  889. || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128)
  890. || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64)
  891. || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1)
  892. || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40))
  893. return 0;
  894. return 1;
  895. }