crypto/cms: add CAdES-BES signed attributes validation
[openssl.git] / crypto / ess / ess_asn1.c
1 /*
2  * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9
10 #include <openssl/err.h>
11 #include <openssl/asn1t.h>
12 #include <openssl/cms.h>
13 #include <openssl/ess.h>
14 #include <openssl/x509v3.h>
15 #include "crypto/ess.h"
16 #include "crypto/cms.h"
17
18 /* ASN1 stuff for ESS Structure */
19
20 ASN1_SEQUENCE(ESS_ISSUER_SERIAL) = {
21         ASN1_SEQUENCE_OF(ESS_ISSUER_SERIAL, issuer, GENERAL_NAME),
22         ASN1_SIMPLE(ESS_ISSUER_SERIAL, serial, ASN1_INTEGER)
23 } static_ASN1_SEQUENCE_END(ESS_ISSUER_SERIAL)
24
25 IMPLEMENT_ASN1_FUNCTIONS(ESS_ISSUER_SERIAL)
26 IMPLEMENT_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL)
27
28 ASN1_SEQUENCE(ESS_CERT_ID) = {
29         ASN1_SIMPLE(ESS_CERT_ID, hash, ASN1_OCTET_STRING),
30         ASN1_OPT(ESS_CERT_ID, issuer_serial, ESS_ISSUER_SERIAL)
31 } static_ASN1_SEQUENCE_END(ESS_CERT_ID)
32
33 IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID)
34 IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID)
35
36 ASN1_SEQUENCE(ESS_SIGNING_CERT) = {
37         ASN1_SEQUENCE_OF(ESS_SIGNING_CERT, cert_ids, ESS_CERT_ID),
38         ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT, policy_info, POLICYINFO)
39 } static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT)
40
41 IMPLEMENT_ASN1_FUNCTIONS(ESS_SIGNING_CERT)
42 IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT)
43
44 ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
45         ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR),
46         ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING),
47         ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
48 } static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
49
50 IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID_V2)
51 IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
52
53 ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
54         ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2),
55         ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO)
56 } static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)
57
58 IMPLEMENT_ASN1_FUNCTIONS(ESS_SIGNING_CERT_V2)
59 IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)
60
61 /* No cms support means no CMS_SignerInfo* definitions */
62 #ifndef OPENSSL_NO_CMS
63
64 /*
65  * Returns < 0 if attribute is not found, 1 if found, or 
66  * -1 on attribute parsing failure.
67  */
68 int cms_signerinfo_get_signing_cert_v2(CMS_SignerInfo *si,
69                                        ESS_SIGNING_CERT_V2 **psc)
70 {
71     ASN1_STRING *str;
72     ESS_SIGNING_CERT_V2 *sc;
73     ASN1_OBJECT *obj = OBJ_nid2obj(NID_id_smime_aa_signingCertificateV2);
74
75     if (psc != NULL)
76         *psc = NULL;
77     str = CMS_signed_get0_data_by_OBJ(si, obj, -3, V_ASN1_SEQUENCE);
78     if (str == NULL)
79         return 0;
80
81     sc = ASN1_item_unpack(str, ASN1_ITEM_rptr(ESS_SIGNING_CERT_V2));
82     if (sc == NULL)
83         return -1;
84     if (psc != NULL)
85         *psc = sc;
86     else
87         ESS_SIGNING_CERT_V2_free(sc);
88     return 1;
89 }
90
91 /*
92  * Returns < 0 if attribute is not found, 1 if found, or 
93  * -1 on attribute parsing failure.
94  */
95 int cms_signerinfo_get_signing_cert(CMS_SignerInfo *si,
96                                     ESS_SIGNING_CERT **psc)
97 {
98     ASN1_STRING *str;
99     ESS_SIGNING_CERT *sc;
100     ASN1_OBJECT *obj = OBJ_nid2obj(NID_id_smime_aa_signingCertificate);
101
102     if (psc != NULL)
103         *psc = NULL;
104     str = CMS_signed_get0_data_by_OBJ(si, obj, -3, V_ASN1_SEQUENCE);
105     if (str == NULL)
106         return 0;
107
108     sc = ASN1_item_unpack(str, ASN1_ITEM_rptr(ESS_SIGNING_CERT));
109     if (sc == NULL)
110         return -1;
111     if (psc != NULL)
112         *psc = sc;
113     else
114         ESS_SIGNING_CERT_free(sc);
115     return 1;
116 }
117 #endif  /* !OPENSSL_NO_CMS */