2 * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright Nokia 2007-2019
4 * Copyright Siemens AG 2015-2019
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
12 /* CMP functions for PKIHeader handling */
14 #include "cmp_local.h"
16 #include <openssl/rand.h>
18 /* explicit #includes not strictly needed since implied by the above: */
19 #include <openssl/asn1t.h>
20 #include <openssl/cmp.h>
21 #include <openssl/err.h>
23 int ossl_cmp_hdr_set_pvno(OSSL_CMP_PKIHEADER *hdr, int pvno)
25 if (!ossl_assert(hdr != NULL))
27 return ASN1_INTEGER_set(hdr->pvno, pvno);
30 int ossl_cmp_hdr_get_pvno(const OSSL_CMP_PKIHEADER *hdr)
34 if (!ossl_assert(hdr != NULL))
36 if (!ASN1_INTEGER_get_int64(&pvno, hdr->pvno) || pvno < 0 || pvno > INT_MAX)
41 int ossl_cmp_hdr_get_protection_nid(const OSSL_CMP_PKIHEADER *hdr)
43 if (!ossl_assert(hdr != NULL)
44 || hdr->protectionAlg == NULL)
46 return OBJ_obj2nid(hdr->protectionAlg->algorithm);
49 ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const
50 OSSL_CMP_PKIHEADER *hdr)
53 ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
56 return hdr->transactionID;
59 ASN1_OCTET_STRING *ossl_cmp_hdr_get0_senderNonce(const OSSL_CMP_PKIHEADER *hdr)
61 if (!ossl_assert(hdr != NULL))
63 return hdr->senderNonce;
66 ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr)
69 ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
72 return hdr->recipNonce;
75 /* a NULL-DN as an empty sequence of RDNs */
76 int ossl_cmp_general_name_is_NULL_DN(GENERAL_NAME *name)
79 || (name->type == GEN_DIRNAME && IS_NULL_DN(name->d.directoryName));
82 /* assign to *tgt a copy of src (which may be NULL to indicate an empty DN) */
83 static int set1_general_name(GENERAL_NAME **tgt, const X509_NAME *src)
87 if (!ossl_assert(tgt != NULL))
89 if ((name = GENERAL_NAME_new()) == NULL)
91 name->type = GEN_DIRNAME;
93 if (src == NULL) { /* NULL-DN */
94 if ((name->d.directoryName = X509_NAME_new()) == NULL)
96 } else if (!X509_NAME_set(&name->d.directoryName, src)) {
100 GENERAL_NAME_free(*tgt);
106 GENERAL_NAME_free(name);
111 * Set the sender name in PKIHeader.
112 * when nm is NULL, sender is set to an empty string
113 * returns 1 on success, 0 on error
115 int ossl_cmp_hdr_set1_sender(OSSL_CMP_PKIHEADER *hdr, const X509_NAME *nm)
117 if (!ossl_assert(hdr != NULL))
119 return set1_general_name(&hdr->sender, nm);
122 int ossl_cmp_hdr_set1_recipient(OSSL_CMP_PKIHEADER *hdr, const X509_NAME *nm)
124 if (!ossl_assert(hdr != NULL))
126 return set1_general_name(&hdr->recipient, nm);
129 int ossl_cmp_hdr_update_messageTime(OSSL_CMP_PKIHEADER *hdr)
131 if (!ossl_assert(hdr != NULL))
133 if (hdr->messageTime == NULL
134 && (hdr->messageTime = ASN1_GENERALIZEDTIME_new()) == NULL)
136 return ASN1_GENERALIZEDTIME_set(hdr->messageTime, time(NULL)) != NULL;
139 /* assign to *tgt a random byte array of given length */
140 static int set_random(ASN1_OCTET_STRING **tgt, OSSL_CMP_CTX *ctx, size_t len)
142 unsigned char *bytes = OPENSSL_malloc(len);
145 if (bytes == NULL || RAND_bytes_ex(ctx->libctx, bytes, len, 0) <= 0)
146 ERR_raise(ERR_LIB_CMP, CMP_R_FAILURE_OBTAINING_RANDOM);
148 res = ossl_cmp_asn1_octet_string_set1_bytes(tgt, bytes, len);
153 int ossl_cmp_hdr_set1_senderKID(OSSL_CMP_PKIHEADER *hdr,
154 const ASN1_OCTET_STRING *senderKID)
156 if (!ossl_assert(hdr != NULL))
158 return ossl_cmp_asn1_octet_string_set1(&hdr->senderKID, senderKID);
161 /* push the given text string to the given PKIFREETEXT ft */
162 int ossl_cmp_hdr_push0_freeText(OSSL_CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text)
164 if (!ossl_assert(hdr != NULL && text != NULL))
167 if (hdr->freeText == NULL
168 && (hdr->freeText = sk_ASN1_UTF8STRING_new_null()) == NULL)
171 return sk_ASN1_UTF8STRING_push(hdr->freeText, text);
174 int ossl_cmp_hdr_push1_freeText(OSSL_CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text)
176 if (!ossl_assert(hdr != NULL && text != NULL))
179 if (hdr->freeText == NULL
180 && (hdr->freeText = sk_ASN1_UTF8STRING_new_null()) == NULL)
184 ossl_cmp_sk_ASN1_UTF8STRING_push_str(hdr->freeText, (char *)text->data,
188 int ossl_cmp_hdr_generalInfo_push0_item(OSSL_CMP_PKIHEADER *hdr,
191 if (!ossl_assert(hdr != NULL && itav != NULL))
193 return OSSL_CMP_ITAV_push0_stack_item(&hdr->generalInfo, itav);
196 int ossl_cmp_hdr_generalInfo_push1_items(OSSL_CMP_PKIHEADER *hdr,
197 const STACK_OF(OSSL_CMP_ITAV) *itavs)
202 if (!ossl_assert(hdr != NULL))
205 for (i = 0; i < sk_OSSL_CMP_ITAV_num(itavs); i++) {
206 itav = OSSL_CMP_ITAV_dup(sk_OSSL_CMP_ITAV_value(itavs, i));
210 if (!ossl_cmp_hdr_generalInfo_push0_item(hdr, itav)) {
211 OSSL_CMP_ITAV_free(itav);
218 int ossl_cmp_hdr_set_implicitConfirm(OSSL_CMP_PKIHEADER *hdr)
223 if (!ossl_assert(hdr != NULL))
225 asn1null = (ASN1_TYPE *)ASN1_NULL_new();
226 if (asn1null == NULL)
228 if ((itav = OSSL_CMP_ITAV_create(OBJ_nid2obj(NID_id_it_implicitConfirm),
231 if (!ossl_cmp_hdr_generalInfo_push0_item(hdr, itav))
236 ASN1_TYPE_free(asn1null);
237 OSSL_CMP_ITAV_free(itav);
241 /* return 1 if implicitConfirm in the generalInfo field of the header is set */
242 int ossl_cmp_hdr_has_implicitConfirm(const OSSL_CMP_PKIHEADER *hdr)
248 if (!ossl_assert(hdr != NULL))
251 itavCount = sk_OSSL_CMP_ITAV_num(hdr->generalInfo);
252 for (i = 0; i < itavCount; i++) {
253 itav = sk_OSSL_CMP_ITAV_value(hdr->generalInfo, i);
255 && OBJ_obj2nid(itav->infoType) == NID_id_it_implicitConfirm)
263 * set ctx->transactionID in CMP header
264 * if ctx->transactionID is NULL, a random one is created with 128 bit
265 * according to section 5.1.1:
267 * It is RECOMMENDED that the clients fill the transactionID field with
268 * 128 bits of (pseudo-) random data for the start of a transaction to
269 * reduce the probability of having the transactionID in use at the server.
271 int ossl_cmp_hdr_set_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr)
273 if (ctx->transactionID == NULL) {
276 if (!set_random(&ctx->transactionID, ctx,
277 OSSL_CMP_TRANSACTIONID_LENGTH))
279 tid = i2s_ASN1_OCTET_STRING(NULL, ctx->transactionID);
281 ossl_cmp_log1(DEBUG, ctx,
282 "Starting new transaction with ID=%s", tid);
286 return ossl_cmp_asn1_octet_string_set1(&hdr->transactionID,
290 /* fill in all fields of the hdr according to the info given in ctx */
291 int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr)
293 const X509_NAME *sender;
294 const X509_NAME *rcp = NULL;
296 if (!ossl_assert(ctx != NULL && hdr != NULL))
299 /* set the CMP version */
300 if (!ossl_cmp_hdr_set_pvno(hdr, OSSL_CMP_PVNO))
304 * If no protection cert nor oldCert nor CSR nor subject is given,
305 * sender name is not known to the client and thus set to NULL-DN
307 sender = ctx->cert != NULL ? X509_get_subject_name(ctx->cert) :
308 ctx->oldCert != NULL ? X509_get_subject_name(ctx->oldCert) :
309 ctx->p10CSR != NULL ? X509_REQ_get_subject_name(ctx->p10CSR) :
311 if (!ossl_cmp_hdr_set1_sender(hdr, sender))
314 /* determine recipient entry in PKIHeader */
315 if (ctx->recipient != NULL)
316 rcp = ctx->recipient;
317 else if (ctx->srvCert != NULL)
318 rcp = X509_get_subject_name(ctx->srvCert);
319 else if (ctx->issuer != NULL)
321 else if (ctx->oldCert != NULL)
322 rcp = X509_get_issuer_name(ctx->oldCert);
323 else if (ctx->cert != NULL)
324 rcp = X509_get_issuer_name(ctx->cert);
325 if (!ossl_cmp_hdr_set1_recipient(hdr, rcp))
328 /* set current time as message time */
329 if (!ossl_cmp_hdr_update_messageTime(hdr))
332 if (ctx->recipNonce != NULL
333 && !ossl_cmp_asn1_octet_string_set1(&hdr->recipNonce,
337 if (!ossl_cmp_hdr_set_transactionID(ctx, hdr))
341 * set random senderNonce
342 * according to section 5.1.1:
344 * senderNonce present
345 * -- 128 (pseudo-)random bits
346 * The senderNonce and recipNonce fields protect the PKIMessage against
347 * replay attacks. The senderNonce will typically be 128 bits of
348 * (pseudo-) random data generated by the sender, whereas the recipNonce
349 * is copied from the senderNonce of the previous message in the
352 if (!set_random(&hdr->senderNonce, ctx, OSSL_CMP_SENDERNONCE_LENGTH))
355 /* store senderNonce - for cmp with recipNonce in next outgoing msg */
356 if (!OSSL_CMP_CTX_set1_senderNonce(ctx, hdr->senderNonce))
360 * freeText [7] PKIFreeText OPTIONAL,
361 * -- this may be used to indicate context-specific instructions
362 * -- (this field is intended for human consumption)
364 if (ctx->freeText != NULL
365 && !ossl_cmp_hdr_push1_freeText(hdr, ctx->freeText))