projects / openssl.git / blob
? search:


238198543da3fd4e89b7e2ab047dd2e87c1a8625
[openssl.git] / crypto / cms / cms_env.c
1 /* crypto/cms/cms_env.c */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3  * project.
4  */
5 /* ====================================================================
6  * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer. 
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in
17  *    the documentation and/or other materials provided with the
18  *    distribution.
19  *
20  * 3. All advertising materials mentioning features or use of this
21  *    software must display the following acknowledgment:
22  *    "This product includes software developed by the OpenSSL Project
23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24  *
25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26  *    endorse or promote products derived from this software without
27  *    prior written permission. For written permission, please contact
28  *    licensing@OpenSSL.org.
29  *
30  * 5. Products derived from this software may not be called "OpenSSL"
31  *    nor may "OpenSSL" appear in their names without prior written
32  *    permission of the OpenSSL Project.
33  *
34  * 6. Redistributions of any form whatsoever must retain the following
35  *    acknowledgment:
36  *    "This product includes software developed by the OpenSSL Project
37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38  *
39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50  * OF THE POSSIBILITY OF SUCH DAMAGE.
51  * ====================================================================
52  */
53
54 #include "cryptlib.h"
55 #include <openssl/asn1t.h>
56 #include <openssl/pem.h>
57 #include <openssl/x509v3.h>
58 #include <openssl/err.h>
59 #include <openssl/cms.h>
60 #include "cms_lcl.h"
61 #include "asn1_locl.h"
62
63 /* CMS EnvelopedData Utilities */
64
65 DECLARE_ASN1_ITEM(CMS_EnvelopedData)
66 DECLARE_ASN1_ITEM(CMS_RecipientInfo)
67 DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
68
69 #if 0
70 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(CMS_EnvelopedData)
71 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(CMS_RecipientInfo)
72 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(CMS_KeyTransRecipientInfo)
73 #endif
74
75 DECLARE_STACK_OF(CMS_RecipientInfo)
76
77 static CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
78         {
79         if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped)
80                 {
81                 CMSerr(CMS_F_CMS_GET0_ENVELOPED,
82                                 CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
83                 return NULL;
84                 }
85         return cms->d.envelopedData;
86         }
87
88 static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
89         {
90         if (cms->d.other == NULL)
91                 {
92                 cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
93                 if (!cms->d.envelopedData)
94                         {
95                         CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT,
96                                                         ERR_R_MALLOC_FAILURE);
97                         return NULL;
98                         }
99                 cms->d.envelopedData->version = 0;
100                 cms->d.envelopedData->encryptedContentInfo->contentType =
101                                                 OBJ_nid2obj(NID_pkcs7_data);
102                 ASN1_OBJECT_free(cms->contentType);
103                 cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
104                 return cms->d.envelopedData;
105                 }
106         return cms_get0_enveloped(cms);
107         }
108
109 /* Add a recipient certificate. For now only handle key transport.
110  * If we ever handle key agreement will need updating.
111  */
112
113 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
114                                         X509 *recip, unsigned int flags)
115         {
116         CMS_RecipientInfo *ri = NULL;
117         CMS_KeyTransRecipientInfo *ktri;
118         CMS_EnvelopedData *env;
119         EVP_PKEY *pk = NULL;
120         int i, type;
121         /* Init enveloped data */
122         env = cms_enveloped_data_init(cms);
123         if (!env)
124                 goto err;
125
126         /* Initialized recipient info */
127         ri = M_ASN1_new_of(CMS_RecipientInfo);
128         if (!ri)
129                 goto merr;
130
131         /* Initialize and add key transrport recipient info */
132
133         ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
134         if (!ri->d.ktri)
135                 goto merr;
136         ri->type = CMS_RECIPINFO_TRANS;
137
138         ktri = ri->d.ktri;
139
140         X509_check_purpose(recip, -1, -1);
141         pk = X509_get_pubkey(recip);
142         if (!pk)
143                 {
144                 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
145                                 CMS_R_ERROR_GETTING_PUBLIC_KEY);
146                 goto err;
147                 }
148         CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
149         CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
150         ktri->pkey = pk;
151         ktri->recip = recip;
152
153         if (flags & CMS_USE_KEYID)
154                 {
155                 ktri->version = 2;
156                 type = CMS_RECIPINFO_KEYIDENTIFIER;
157                 }
158         else
159                 {
160                 ktri->version = 0;
161                 type = CMS_RECIPINFO_ISSUER_SERIAL;
162                 }
163
164         /* Not a typo: RecipientIdentifier and SignerIdentifier are the
165          * same structure.
166          */
167
168         if (!cms_set1_SignerIdentifier(ktri->rid, recip, type))
169                 goto err;
170
171         if (pk->ameth && pk->ameth->pkey_ctrl)
172                 {
173                 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_ENVELOPE,
174                                                 0, ri);
175                 if (i == -2)
176                         {
177                         CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
178                                 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
179                         goto err;
180                         }
181                 if (i <= 0)
182                         {
183                         CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
184                                 CMS_R_CTRL_FAILURE);
185                         goto err;
186                         }
187                 }
188
189         if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
190                 goto merr;
191
192         return ri;
193
194         merr:
195         CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
196         err:
197         if (ri)
198                 M_ASN1_free_of(ri, CMS_RecipientInfo);
199         return NULL;
200
201         }
202
203 int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
204                                         EVP_PKEY **pk, X509 **recip,
205                                         X509_ALGOR **palg)
206         {
207         CMS_KeyTransRecipientInfo *ktri;
208         if (ri->type != CMS_RECIPINFO_TRANS)
209                 {
210                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
211                         CMS_R_NOT_KEY_TRANSPORT);
212                 return 0;
213                 }
214
215         ktri = ri->d.ktri;
216
217         if (pk)
218                 *pk = ktri->pkey;
219         if (recip)
220                 *recip = ktri->recip;
221         if (palg)
222                 *palg = ktri->keyEncryptionAlgorithm;
223         return 1;
224         }
225
226 int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
227                                         ASN1_OCTET_STRING **keyid,
228                                         X509_NAME **issuer, ASN1_INTEGER **sno)
229         {
230         CMS_KeyTransRecipientInfo *ktri;
231         if (ri->type != CMS_RECIPINFO_TRANS)
232                 {
233                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
234                         CMS_R_NOT_KEY_TRANSPORT);
235                 return 0;
236                 }
237
238         return cms_SignerIdentifier_get0_signer_id(ktri->rid,
239                                                         keyid, issuer, sno);
240         }
241
242 int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
243         {
244         CMS_KeyTransRecipientInfo *ktri;
245         if (ri->type != CMS_RECIPINFO_TRANS)
246                 {
247                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
248                         CMS_R_NOT_KEY_TRANSPORT);
249                 return 0;
250                 }
251
252         return cms_SignerIdentifier_cert_cmp(ktri->rid, cert);
253         }
Unnamed repository; edit this file 'description' to name the repository.