cms_env.c 26 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975
  1. /* crypto/cms/cms_env.c */
  2. /*
  3. * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  4. * project.
  5. */
  6. /* ====================================================================
  7. * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
  8. *
  9. * Redistribution and use in source and binary forms, with or without
  10. * modification, are permitted provided that the following conditions
  11. * are met:
  12. *
  13. * 1. Redistributions of source code must retain the above copyright
  14. * notice, this list of conditions and the following disclaimer.
  15. *
  16. * 2. Redistributions in binary form must reproduce the above copyright
  17. * notice, this list of conditions and the following disclaimer in
  18. * the documentation and/or other materials provided with the
  19. * distribution.
  20. *
  21. * 3. All advertising materials mentioning features or use of this
  22. * software must display the following acknowledgment:
  23. * "This product includes software developed by the OpenSSL Project
  24. * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  25. *
  26. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  27. * endorse or promote products derived from this software without
  28. * prior written permission. For written permission, please contact
  29. * licensing@OpenSSL.org.
  30. *
  31. * 5. Products derived from this software may not be called "OpenSSL"
  32. * nor may "OpenSSL" appear in their names without prior written
  33. * permission of the OpenSSL Project.
  34. *
  35. * 6. Redistributions of any form whatsoever must retain the following
  36. * acknowledgment:
  37. * "This product includes software developed by the OpenSSL Project
  38. * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  39. *
  40. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  41. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  42. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  43. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  44. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  45. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  46. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  47. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  49. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  50. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  51. * OF THE POSSIBILITY OF SUCH DAMAGE.
  52. * ====================================================================
  53. */
  54. #include "cryptlib.h"
  55. #include <openssl/asn1t.h>
  56. #include <openssl/pem.h>
  57. #include <openssl/x509v3.h>
  58. #include <openssl/err.h>
  59. #include <openssl/cms.h>
  60. #include <openssl/rand.h>
  61. #include <openssl/aes.h>
  62. #include "cms_lcl.h"
  63. #include "asn1_locl.h"
  64. /* CMS EnvelopedData Utilities */
  65. DECLARE_ASN1_ITEM(CMS_EnvelopedData)
  66. DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
  67. DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
  68. DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
  69. DECLARE_STACK_OF(CMS_RecipientInfo)
  70. CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
  71. {
  72. if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
  73. CMSerr(CMS_F_CMS_GET0_ENVELOPED,
  74. CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
  75. return NULL;
  76. }
  77. return cms->d.envelopedData;
  78. }
  79. static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
  80. {
  81. if (cms->d.other == NULL) {
  82. cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
  83. if (!cms->d.envelopedData) {
  84. CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT, ERR_R_MALLOC_FAILURE);
  85. return NULL;
  86. }
  87. cms->d.envelopedData->version = 0;
  88. cms->d.envelopedData->encryptedContentInfo->contentType =
  89. OBJ_nid2obj(NID_pkcs7_data);
  90. ASN1_OBJECT_free(cms->contentType);
  91. cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
  92. return cms->d.envelopedData;
  93. }
  94. return cms_get0_enveloped(cms);
  95. }
  96. int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
  97. {
  98. EVP_PKEY *pkey;
  99. int i;
  100. if (ri->type == CMS_RECIPINFO_TRANS)
  101. pkey = ri->d.ktri->pkey;
  102. else if (ri->type == CMS_RECIPINFO_AGREE) {
  103. EVP_PKEY_CTX *pctx = ri->d.kari->pctx;
  104. if (!pctx)
  105. return 0;
  106. pkey = EVP_PKEY_CTX_get0_pkey(pctx);
  107. if (!pkey)
  108. return 0;
  109. } else
  110. return 0;
  111. if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
  112. return 1;
  113. i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri);
  114. if (i == -2) {
  115. CMSerr(CMS_F_CMS_ENV_ASN1_CTRL,
  116. CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
  117. return 0;
  118. }
  119. if (i <= 0) {
  120. CMSerr(CMS_F_CMS_ENV_ASN1_CTRL, CMS_R_CTRL_FAILURE);
  121. return 0;
  122. }
  123. return 1;
  124. }
  125. STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
  126. {
  127. CMS_EnvelopedData *env;
  128. env = cms_get0_enveloped(cms);
  129. if (!env)
  130. return NULL;
  131. return env->recipientInfos;
  132. }
  133. int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
  134. {
  135. return ri->type;
  136. }
  137. EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri)
  138. {
  139. if (ri->type == CMS_RECIPINFO_TRANS)
  140. return ri->d.ktri->pctx;
  141. else if (ri->type == CMS_RECIPINFO_AGREE)
  142. return ri->d.kari->pctx;
  143. return NULL;
  144. }
  145. CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
  146. {
  147. CMS_ContentInfo *cms;
  148. CMS_EnvelopedData *env;
  149. cms = CMS_ContentInfo_new();
  150. if (!cms)
  151. goto merr;
  152. env = cms_enveloped_data_init(cms);
  153. if (!env)
  154. goto merr;
  155. if (!cms_EncryptedContent_init(env->encryptedContentInfo,
  156. cipher, NULL, 0))
  157. goto merr;
  158. return cms;
  159. merr:
  160. if (cms)
  161. CMS_ContentInfo_free(cms);
  162. CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
  163. return NULL;
  164. }
  165. /* Key Transport Recipient Info (KTRI) routines */
  166. /* Initialise a ktri based on passed certificate and key */
  167. static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
  168. EVP_PKEY *pk, unsigned int flags)
  169. {
  170. CMS_KeyTransRecipientInfo *ktri;
  171. int idtype;
  172. ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
  173. if (!ri->d.ktri)
  174. return 0;
  175. ri->type = CMS_RECIPINFO_TRANS;
  176. ktri = ri->d.ktri;
  177. if (flags & CMS_USE_KEYID) {
  178. ktri->version = 2;
  179. idtype = CMS_RECIPINFO_KEYIDENTIFIER;
  180. } else {
  181. ktri->version = 0;
  182. idtype = CMS_RECIPINFO_ISSUER_SERIAL;
  183. }
  184. /*
  185. * Not a typo: RecipientIdentifier and SignerIdentifier are the same
  186. * structure.
  187. */
  188. if (!cms_set1_SignerIdentifier(ktri->rid, recip, idtype))
  189. return 0;
  190. CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
  191. CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
  192. ktri->pkey = pk;
  193. ktri->recip = recip;
  194. if (flags & CMS_KEY_PARAM) {
  195. ktri->pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
  196. if (!ktri->pctx)
  197. return 0;
  198. if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
  199. return 0;
  200. } else if (!cms_env_asn1_ctrl(ri, 0))
  201. return 0;
  202. return 1;
  203. }
  204. /*
  205. * Add a recipient certificate using appropriate type of RecipientInfo
  206. */
  207. CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
  208. X509 *recip, unsigned int flags)
  209. {
  210. CMS_RecipientInfo *ri = NULL;
  211. CMS_EnvelopedData *env;
  212. EVP_PKEY *pk = NULL;
  213. env = cms_get0_enveloped(cms);
  214. if (!env)
  215. goto err;
  216. /* Initialize recipient info */
  217. ri = M_ASN1_new_of(CMS_RecipientInfo);
  218. if (!ri)
  219. goto merr;
  220. pk = X509_get_pubkey(recip);
  221. if (!pk) {
  222. CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, CMS_R_ERROR_GETTING_PUBLIC_KEY);
  223. goto err;
  224. }
  225. switch (cms_pkey_get_ri_type(pk)) {
  226. case CMS_RECIPINFO_TRANS:
  227. if (!cms_RecipientInfo_ktri_init(ri, recip, pk, flags))
  228. goto err;
  229. break;
  230. case CMS_RECIPINFO_AGREE:
  231. if (!cms_RecipientInfo_kari_init(ri, recip, pk, flags))
  232. goto err;
  233. break;
  234. default:
  235. CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
  236. CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
  237. goto err;
  238. }
  239. if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
  240. goto merr;
  241. EVP_PKEY_free(pk);
  242. return ri;
  243. merr:
  244. CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
  245. err:
  246. if (ri)
  247. M_ASN1_free_of(ri, CMS_RecipientInfo);
  248. if (pk)
  249. EVP_PKEY_free(pk);
  250. return NULL;
  251. }
  252. int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
  253. EVP_PKEY **pk, X509 **recip,
  254. X509_ALGOR **palg)
  255. {
  256. CMS_KeyTransRecipientInfo *ktri;
  257. if (ri->type != CMS_RECIPINFO_TRANS) {
  258. CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
  259. CMS_R_NOT_KEY_TRANSPORT);
  260. return 0;
  261. }
  262. ktri = ri->d.ktri;
  263. if (pk)
  264. *pk = ktri->pkey;
  265. if (recip)
  266. *recip = ktri->recip;
  267. if (palg)
  268. *palg = ktri->keyEncryptionAlgorithm;
  269. return 1;
  270. }
  271. int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
  272. ASN1_OCTET_STRING **keyid,
  273. X509_NAME **issuer,
  274. ASN1_INTEGER **sno)
  275. {
  276. CMS_KeyTransRecipientInfo *ktri;
  277. if (ri->type != CMS_RECIPINFO_TRANS) {
  278. CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
  279. CMS_R_NOT_KEY_TRANSPORT);
  280. return 0;
  281. }
  282. ktri = ri->d.ktri;
  283. return cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer, sno);
  284. }
  285. int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
  286. {
  287. if (ri->type != CMS_RECIPINFO_TRANS) {
  288. CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
  289. CMS_R_NOT_KEY_TRANSPORT);
  290. return -2;
  291. }
  292. return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
  293. }
  294. int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
  295. {
  296. if (ri->type != CMS_RECIPINFO_TRANS) {
  297. CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT);
  298. return 0;
  299. }
  300. ri->d.ktri->pkey = pkey;
  301. return 1;
  302. }
  303. /* Encrypt content key in key transport recipient info */
  304. static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
  305. CMS_RecipientInfo *ri)
  306. {
  307. CMS_KeyTransRecipientInfo *ktri;
  308. CMS_EncryptedContentInfo *ec;
  309. EVP_PKEY_CTX *pctx;
  310. unsigned char *ek = NULL;
  311. size_t eklen;
  312. int ret = 0;
  313. if (ri->type != CMS_RECIPINFO_TRANS) {
  314. CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_NOT_KEY_TRANSPORT);
  315. return 0;
  316. }
  317. ktri = ri->d.ktri;
  318. ec = cms->d.envelopedData->encryptedContentInfo;
  319. pctx = ktri->pctx;
  320. if (pctx) {
  321. if (!cms_env_asn1_ctrl(ri, 0))
  322. goto err;
  323. } else {
  324. pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
  325. if (!pctx)
  326. return 0;
  327. if (EVP_PKEY_encrypt_init(pctx) <= 0)
  328. goto err;
  329. }
  330. if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
  331. EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) {
  332. CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR);
  333. goto err;
  334. }
  335. if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
  336. goto err;
  337. ek = OPENSSL_malloc(eklen);
  338. if (ek == NULL) {
  339. CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
  340. goto err;
  341. }
  342. if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
  343. goto err;
  344. ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
  345. ek = NULL;
  346. ret = 1;
  347. err:
  348. if (pctx) {
  349. EVP_PKEY_CTX_free(pctx);
  350. ktri->pctx = NULL;
  351. }
  352. if (ek)
  353. OPENSSL_free(ek);
  354. return ret;
  355. }
  356. /* Decrypt content key from KTRI */
  357. static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
  358. CMS_RecipientInfo *ri)
  359. {
  360. CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
  361. EVP_PKEY *pkey = ktri->pkey;
  362. unsigned char *ek = NULL;
  363. size_t eklen;
  364. int ret = 0;
  365. CMS_EncryptedContentInfo *ec;
  366. ec = cms->d.envelopedData->encryptedContentInfo;
  367. if (ktri->pkey == NULL) {
  368. CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_NO_PRIVATE_KEY);
  369. return 0;
  370. }
  371. ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL);
  372. if (!ktri->pctx)
  373. return 0;
  374. if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0)
  375. goto err;
  376. if (!cms_env_asn1_ctrl(ri, 1))
  377. goto err;
  378. if (EVP_PKEY_CTX_ctrl(ktri->pctx, -1, EVP_PKEY_OP_DECRYPT,
  379. EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) {
  380. CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR);
  381. goto err;
  382. }
  383. if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen,
  384. ktri->encryptedKey->data,
  385. ktri->encryptedKey->length) <= 0)
  386. goto err;
  387. ek = OPENSSL_malloc(eklen);
  388. if (ek == NULL) {
  389. CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, ERR_R_MALLOC_FAILURE);
  390. goto err;
  391. }
  392. if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen,
  393. ktri->encryptedKey->data,
  394. ktri->encryptedKey->length) <= 0) {
  395. CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
  396. goto err;
  397. }
  398. ret = 1;
  399. if (ec->key) {
  400. OPENSSL_cleanse(ec->key, ec->keylen);
  401. OPENSSL_free(ec->key);
  402. }
  403. ec->key = ek;
  404. ec->keylen = eklen;
  405. err:
  406. if (ktri->pctx) {
  407. EVP_PKEY_CTX_free(ktri->pctx);
  408. ktri->pctx = NULL;
  409. }
  410. if (!ret && ek)
  411. OPENSSL_free(ek);
  412. return ret;
  413. }
  414. /* Key Encrypted Key (KEK) RecipientInfo routines */
  415. int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
  416. const unsigned char *id, size_t idlen)
  417. {
  418. ASN1_OCTET_STRING tmp_os;
  419. CMS_KEKRecipientInfo *kekri;
  420. if (ri->type != CMS_RECIPINFO_KEK) {
  421. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK);
  422. return -2;
  423. }
  424. kekri = ri->d.kekri;
  425. tmp_os.type = V_ASN1_OCTET_STRING;
  426. tmp_os.flags = 0;
  427. tmp_os.data = (unsigned char *)id;
  428. tmp_os.length = (int)idlen;
  429. return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
  430. }
  431. /* For now hard code AES key wrap info */
  432. static size_t aes_wrap_keylen(int nid)
  433. {
  434. switch (nid) {
  435. case NID_id_aes128_wrap:
  436. return 16;
  437. case NID_id_aes192_wrap:
  438. return 24;
  439. case NID_id_aes256_wrap:
  440. return 32;
  441. default:
  442. return 0;
  443. }
  444. }
  445. CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
  446. unsigned char *key, size_t keylen,
  447. unsigned char *id, size_t idlen,
  448. ASN1_GENERALIZEDTIME *date,
  449. ASN1_OBJECT *otherTypeId,
  450. ASN1_TYPE *otherType)
  451. {
  452. CMS_RecipientInfo *ri = NULL;
  453. CMS_EnvelopedData *env;
  454. CMS_KEKRecipientInfo *kekri;
  455. env = cms_get0_enveloped(cms);
  456. if (!env)
  457. goto err;
  458. if (nid == NID_undef) {
  459. switch (keylen) {
  460. case 16:
  461. nid = NID_id_aes128_wrap;
  462. break;
  463. case 24:
  464. nid = NID_id_aes192_wrap;
  465. break;
  466. case 32:
  467. nid = NID_id_aes256_wrap;
  468. break;
  469. default:
  470. CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, CMS_R_INVALID_KEY_LENGTH);
  471. goto err;
  472. }
  473. } else {
  474. size_t exp_keylen = aes_wrap_keylen(nid);
  475. if (!exp_keylen) {
  476. CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
  477. CMS_R_UNSUPPORTED_KEK_ALGORITHM);
  478. goto err;
  479. }
  480. if (keylen != exp_keylen) {
  481. CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, CMS_R_INVALID_KEY_LENGTH);
  482. goto err;
  483. }
  484. }
  485. /* Initialize recipient info */
  486. ri = M_ASN1_new_of(CMS_RecipientInfo);
  487. if (!ri)
  488. goto merr;
  489. ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
  490. if (!ri->d.kekri)
  491. goto merr;
  492. ri->type = CMS_RECIPINFO_KEK;
  493. kekri = ri->d.kekri;
  494. if (otherTypeId) {
  495. kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
  496. if (kekri->kekid->other == NULL)
  497. goto merr;
  498. }
  499. if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
  500. goto merr;
  501. /* After this point no calls can fail */
  502. kekri->version = 4;
  503. kekri->key = key;
  504. kekri->keylen = keylen;
  505. ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
  506. kekri->kekid->date = date;
  507. if (kekri->kekid->other) {
  508. kekri->kekid->other->keyAttrId = otherTypeId;
  509. kekri->kekid->other->keyAttr = otherType;
  510. }
  511. X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
  512. OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
  513. return ri;
  514. merr:
  515. CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
  516. err:
  517. if (ri)
  518. M_ASN1_free_of(ri, CMS_RecipientInfo);
  519. return NULL;
  520. }
  521. int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
  522. X509_ALGOR **palg,
  523. ASN1_OCTET_STRING **pid,
  524. ASN1_GENERALIZEDTIME **pdate,
  525. ASN1_OBJECT **potherid,
  526. ASN1_TYPE **pothertype)
  527. {
  528. CMS_KEKIdentifier *rkid;
  529. if (ri->type != CMS_RECIPINFO_KEK) {
  530. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
  531. return 0;
  532. }
  533. rkid = ri->d.kekri->kekid;
  534. if (palg)
  535. *palg = ri->d.kekri->keyEncryptionAlgorithm;
  536. if (pid)
  537. *pid = rkid->keyIdentifier;
  538. if (pdate)
  539. *pdate = rkid->date;
  540. if (potherid) {
  541. if (rkid->other)
  542. *potherid = rkid->other->keyAttrId;
  543. else
  544. *potherid = NULL;
  545. }
  546. if (pothertype) {
  547. if (rkid->other)
  548. *pothertype = rkid->other->keyAttr;
  549. else
  550. *pothertype = NULL;
  551. }
  552. return 1;
  553. }
  554. int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
  555. unsigned char *key, size_t keylen)
  556. {
  557. CMS_KEKRecipientInfo *kekri;
  558. if (ri->type != CMS_RECIPINFO_KEK) {
  559. CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK);
  560. return 0;
  561. }
  562. kekri = ri->d.kekri;
  563. kekri->key = key;
  564. kekri->keylen = keylen;
  565. return 1;
  566. }
  567. /* Encrypt content key in KEK recipient info */
  568. static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
  569. CMS_RecipientInfo *ri)
  570. {
  571. CMS_EncryptedContentInfo *ec;
  572. CMS_KEKRecipientInfo *kekri;
  573. AES_KEY actx;
  574. unsigned char *wkey = NULL;
  575. int wkeylen;
  576. int r = 0;
  577. ec = cms->d.envelopedData->encryptedContentInfo;
  578. kekri = ri->d.kekri;
  579. if (!kekri->key) {
  580. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY);
  581. return 0;
  582. }
  583. if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
  584. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
  585. CMS_R_ERROR_SETTING_KEY);
  586. goto err;
  587. }
  588. wkey = OPENSSL_malloc(ec->keylen + 8);
  589. if (!wkey) {
  590. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
  591. goto err;
  592. }
  593. wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
  594. if (wkeylen <= 0) {
  595. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
  596. goto err;
  597. }
  598. ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
  599. r = 1;
  600. err:
  601. if (!r && wkey)
  602. OPENSSL_free(wkey);
  603. OPENSSL_cleanse(&actx, sizeof(actx));
  604. return r;
  605. }
  606. /* Decrypt content key in KEK recipient info */
  607. static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
  608. CMS_RecipientInfo *ri)
  609. {
  610. CMS_EncryptedContentInfo *ec;
  611. CMS_KEKRecipientInfo *kekri;
  612. AES_KEY actx;
  613. unsigned char *ukey = NULL;
  614. int ukeylen;
  615. int r = 0, wrap_nid;
  616. ec = cms->d.envelopedData->encryptedContentInfo;
  617. kekri = ri->d.kekri;
  618. if (!kekri->key) {
  619. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY);
  620. return 0;
  621. }
  622. wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
  623. if (aes_wrap_keylen(wrap_nid) != kekri->keylen) {
  624. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
  625. CMS_R_INVALID_KEY_LENGTH);
  626. return 0;
  627. }
  628. /* If encrypted key length is invalid don't bother */
  629. if (kekri->encryptedKey->length < 16) {
  630. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
  631. CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
  632. goto err;
  633. }
  634. if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
  635. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
  636. CMS_R_ERROR_SETTING_KEY);
  637. goto err;
  638. }
  639. ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
  640. if (!ukey) {
  641. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, ERR_R_MALLOC_FAILURE);
  642. goto err;
  643. }
  644. ukeylen = AES_unwrap_key(&actx, NULL, ukey,
  645. kekri->encryptedKey->data,
  646. kekri->encryptedKey->length);
  647. if (ukeylen <= 0) {
  648. CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_UNWRAP_ERROR);
  649. goto err;
  650. }
  651. ec->key = ukey;
  652. ec->keylen = ukeylen;
  653. r = 1;
  654. err:
  655. if (!r && ukey)
  656. OPENSSL_free(ukey);
  657. OPENSSL_cleanse(&actx, sizeof(actx));
  658. return r;
  659. }
  660. int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
  661. {
  662. switch (ri->type) {
  663. case CMS_RECIPINFO_TRANS:
  664. return cms_RecipientInfo_ktri_decrypt(cms, ri);
  665. case CMS_RECIPINFO_KEK:
  666. return cms_RecipientInfo_kekri_decrypt(cms, ri);
  667. case CMS_RECIPINFO_PASS:
  668. return cms_RecipientInfo_pwri_crypt(cms, ri, 0);
  669. default:
  670. CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
  671. CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
  672. return 0;
  673. }
  674. }
  675. int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
  676. {
  677. switch (ri->type) {
  678. case CMS_RECIPINFO_TRANS:
  679. return cms_RecipientInfo_ktri_encrypt(cms, ri);
  680. case CMS_RECIPINFO_AGREE:
  681. return cms_RecipientInfo_kari_encrypt(cms, ri);
  682. case CMS_RECIPINFO_KEK:
  683. return cms_RecipientInfo_kekri_encrypt(cms, ri);
  684. break;
  685. case CMS_RECIPINFO_PASS:
  686. return cms_RecipientInfo_pwri_crypt(cms, ri, 1);
  687. break;
  688. default:
  689. CMSerr(CMS_F_CMS_RECIPIENTINFO_ENCRYPT,
  690. CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
  691. return 0;
  692. }
  693. }
  694. /* Check structures and fixup version numbers (if necessary) */
  695. static void cms_env_set_originfo_version(CMS_EnvelopedData *env)
  696. {
  697. CMS_OriginatorInfo *org = env->originatorInfo;
  698. int i;
  699. if (org == NULL)
  700. return;
  701. for (i = 0; i < sk_CMS_CertificateChoices_num(org->certificates); i++) {
  702. CMS_CertificateChoices *cch;
  703. cch = sk_CMS_CertificateChoices_value(org->certificates, i);
  704. if (cch->type == CMS_CERTCHOICE_OTHER) {
  705. env->version = 4;
  706. return;
  707. } else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
  708. if (env->version < 3)
  709. env->version = 3;
  710. }
  711. }
  712. for (i = 0; i < sk_CMS_RevocationInfoChoice_num(org->crls); i++) {
  713. CMS_RevocationInfoChoice *rch;
  714. rch = sk_CMS_RevocationInfoChoice_value(org->crls, i);
  715. if (rch->type == CMS_REVCHOICE_OTHER) {
  716. env->version = 4;
  717. return;
  718. }
  719. }
  720. }
  721. static void cms_env_set_version(CMS_EnvelopedData *env)
  722. {
  723. int i;
  724. CMS_RecipientInfo *ri;
  725. /*
  726. * Can't set version higher than 4 so if 4 or more already nothing to do.
  727. */
  728. if (env->version >= 4)
  729. return;
  730. cms_env_set_originfo_version(env);
  731. if (env->version >= 3)
  732. return;
  733. for (i = 0; i < sk_CMS_RecipientInfo_num(env->recipientInfos); i++) {
  734. ri = sk_CMS_RecipientInfo_value(env->recipientInfos, i);
  735. if (ri->type == CMS_RECIPINFO_PASS || ri->type == CMS_RECIPINFO_OTHER) {
  736. env->version = 3;
  737. return;
  738. } else if (ri->type != CMS_RECIPINFO_TRANS
  739. || ri->d.ktri->version != 0) {
  740. env->version = 2;
  741. }
  742. }
  743. if (env->version == 2)
  744. return;
  745. if (env->originatorInfo || env->unprotectedAttrs)
  746. env->version = 2;
  747. env->version = 0;
  748. }
  749. BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
  750. {
  751. CMS_EncryptedContentInfo *ec;
  752. STACK_OF(CMS_RecipientInfo) *rinfos;
  753. CMS_RecipientInfo *ri;
  754. int i, ok = 0;
  755. BIO *ret;
  756. /* Get BIO first to set up key */
  757. ec = cms->d.envelopedData->encryptedContentInfo;
  758. ret = cms_EncryptedContent_init_bio(ec);
  759. /* If error or no cipher end of processing */
  760. if (!ret || !ec->cipher)
  761. return ret;
  762. /* Now encrypt content key according to each RecipientInfo type */
  763. rinfos = cms->d.envelopedData->recipientInfos;
  764. for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) {
  765. ri = sk_CMS_RecipientInfo_value(rinfos, i);
  766. if (CMS_RecipientInfo_encrypt(cms, ri) <= 0) {
  767. CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
  768. CMS_R_ERROR_SETTING_RECIPIENTINFO);
  769. goto err;
  770. }
  771. }
  772. cms_env_set_version(cms->d.envelopedData);
  773. ok = 1;
  774. err:
  775. ec->cipher = NULL;
  776. if (ec->key) {
  777. OPENSSL_cleanse(ec->key, ec->keylen);
  778. OPENSSL_free(ec->key);
  779. ec->key = NULL;
  780. ec->keylen = 0;
  781. }
  782. if (ok)
  783. return ret;
  784. BIO_free(ret);
  785. return NULL;
  786. }
  787. /*
  788. * Get RecipientInfo type (if any) supported by a key (public or private). To
  789. * retain compatibility with previous behaviour if the ctrl value isn't
  790. * supported we assume key transport.
  791. */
  792. int cms_pkey_get_ri_type(EVP_PKEY *pk)
  793. {
  794. if (pk->ameth && pk->ameth->pkey_ctrl) {
  795. int i, r;
  796. i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_RI_TYPE, 0, &r);
  797. if (i > 0)
  798. return r;
  799. }
  800. return CMS_RECIPINFO_TRANS;
  801. }