crypto/cms/cms_env.c

   1 /* crypto/cms/cms_env.c */
   2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
   3  * project.
   4  */
   5 /* ====================================================================
   6  * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted provided that the following conditions
  10  * are met:
  11  *
  12  * 1. Redistributions of source code must retain the above copyright
  13  *    notice, this list of conditions and the following disclaimer.
  14  *
  15  * 2. Redistributions in binary form must reproduce the above copyright
  16  *    notice, this list of conditions and the following disclaimer in
  17  *    the documentation and/or other materials provided with the
  18  *    distribution.
  19  *
  20  * 3. All advertising materials mentioning features or use of this
  21  *    software must display the following acknowledgment:
  22  *    "This product includes software developed by the OpenSSL Project
  23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  24  *
  25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  26  *    endorse or promote products derived from this software without
  27  *    prior written permission. For written permission, please contact
  28  *    licensing@OpenSSL.org.
  29  *
  30  * 5. Products derived from this software may not be called "OpenSSL"
  31  *    nor may "OpenSSL" appear in their names without prior written
  32  *    permission of the OpenSSL Project.
  33  *
  34  * 6. Redistributions of any form whatsoever must retain the following
  35  *    acknowledgment:
  36  *    "This product includes software developed by the OpenSSL Project
  37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  38  *
  39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
  43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  50  * OF THE POSSIBILITY OF SUCH DAMAGE.
  51  * ====================================================================
  52  */
  53
  54 #include "cryptlib.h"
  55 #include <openssl/asn1t.h>
  56 #include <openssl/pem.h>
  57 #include <openssl/x509v3.h>
  58 #include <openssl/err.h>
  59 #include <openssl/cms.h>
  60 #include <openssl/rand.h>
  61 #include "cms_lcl.h"
  62 #include "asn1_locl.h"
  63
  64 /* CMS EnvelopedData Utilities */
  65
  66 DECLARE_ASN1_ITEM(CMS_EnvelopedData)
  67 DECLARE_ASN1_ITEM(CMS_RecipientInfo)
  68 DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
  69
  70 DECLARE_STACK_OF(CMS_RecipientInfo)
  71
  72 static CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
  73         {
  74         if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped)
  75                 {
  76                 CMSerr(CMS_F_CMS_GET0_ENVELOPED,
  77                                 CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
  78                 return NULL;
  79                 }
  80         return cms->d.envelopedData;
  81         }
  82
  83 static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
  84         {
  85         if (cms->d.other == NULL)
  86                 {
  87                 cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
  88                 if (!cms->d.envelopedData)
  89                         {
  90                         CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT,
  91                                                         ERR_R_MALLOC_FAILURE);
  92                         return NULL;
  93                         }
  94                 cms->d.envelopedData->version = 0;
  95                 cms->d.envelopedData->encryptedContentInfo->contentType =
  96                                                 OBJ_nid2obj(NID_pkcs7_data);
  97                 ASN1_OBJECT_free(cms->contentType);
  98                 cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
  99                 return cms->d.envelopedData;
 100                 }
 101         return cms_get0_enveloped(cms);
 102         }
 103
 104 /* Add a recipient certificate. For now only handle key transport.
 105  * If we ever handle key agreement will need updating.
 106  */
 107
 108 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
 109                                         X509 *recip, unsigned int flags)
 110         {
 111         CMS_RecipientInfo *ri = NULL;
 112         CMS_KeyTransRecipientInfo *ktri;
 113         CMS_EnvelopedData *env;
 114         EVP_PKEY *pk = NULL;
 115         int i, type;
 116         /* Init enveloped data */
 117         env = cms_enveloped_data_init(cms);
 118         if (!env)
 119                 goto err;
 120
 121         /* Initialized recipient info */
 122         ri = M_ASN1_new_of(CMS_RecipientInfo);
 123         if (!ri)
 124                 goto merr;
 125
 126         /* Initialize and add key transrport recipient info */
 127
 128         ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
 129         if (!ri->d.ktri)
 130                 goto merr;
 131         ri->type = CMS_RECIPINFO_TRANS;
 132
 133         ktri = ri->d.ktri;
 134
 135         X509_check_purpose(recip, -1, -1);
 136         pk = X509_get_pubkey(recip);
 137         if (!pk)
 138                 {
 139                 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
 140                                 CMS_R_ERROR_GETTING_PUBLIC_KEY);
 141                 goto err;
 142                 }
 143         CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
 144         CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
 145         ktri->pkey = pk;
 146         ktri->recip = recip;
 147
 148         if (flags & CMS_USE_KEYID)
 149                 {
 150                 ktri->version = 2;
 151                 type = CMS_RECIPINFO_KEYIDENTIFIER;
 152                 }
 153         else
 154                 {
 155                 ktri->version = 0;
 156                 type = CMS_RECIPINFO_ISSUER_SERIAL;
 157                 }
 158
 159         /* Not a typo: RecipientIdentifier and SignerIdentifier are the
 160          * same structure.
 161          */
 162
 163         if (!cms_set1_SignerIdentifier(ktri->rid, recip, type))
 164                 goto err;
 165
 166         if (pk->ameth && pk->ameth->pkey_ctrl)
 167                 {
 168                 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_ENVELOPE,
 169                                                 0, ri);
 170                 if (i == -2)
 171                         {
 172                         CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
 173                                 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
 174                         goto err;
 175                         }
 176                 if (i <= 0)
 177                         {
 178                         CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
 179                                 CMS_R_CTRL_FAILURE);
 180                         goto err;
 181                         }
 182                 }
 183
 184         if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
 185                 goto merr;
 186
 187         return ri;
 188
 189         merr:
 190         CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
 191         err:
 192         if (ri)
 193                 M_ASN1_free_of(ri, CMS_RecipientInfo);
 194         return NULL;
 195
 196         }
 197
 198 int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
 199                                         EVP_PKEY **pk, X509 **recip,
 200                                         X509_ALGOR **palg)
 201         {
 202         CMS_KeyTransRecipientInfo *ktri;
 203         if (ri->type != CMS_RECIPINFO_TRANS)
 204                 {
 205                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
 206                         CMS_R_NOT_KEY_TRANSPORT);
 207                 return 0;
 208                 }
 209
 210         ktri = ri->d.ktri;
 211
 212         if (pk)
 213                 *pk = ktri->pkey;
 214         if (recip)
 215                 *recip = ktri->recip;
 216         if (palg)
 217                 *palg = ktri->keyEncryptionAlgorithm;
 218         return 1;
 219         }
 220
 221 int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
 222                                         ASN1_OCTET_STRING **keyid,
 223                                         X509_NAME **issuer, ASN1_INTEGER **sno)
 224         {
 225         CMS_KeyTransRecipientInfo *ktri;
 226         if (ri->type != CMS_RECIPINFO_TRANS)
 227                 {
 228                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
 229                         CMS_R_NOT_KEY_TRANSPORT);
 230                 return 0;
 231                 }
 232
 233         return cms_SignerIdentifier_get0_signer_id(ktri->rid,
 234                                                         keyid, issuer, sno);
 235         }
 236
 237 int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
 238         {
 239         CMS_KeyTransRecipientInfo *ktri;
 240         if (ri->type != CMS_RECIPINFO_TRANS)
 241                 {
 242                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
 243                         CMS_R_NOT_KEY_TRANSPORT);
 244                 return 0;
 245                 }
 246
 247         return cms_SignerIdentifier_cert_cmp(ktri->rid, cert);
 248         }