1 /* 2 * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <openssl/asn1t.h> 11 #include <openssl/pem.h> 12 #include <openssl/x509v3.h> 13 #include <openssl/err.h> 14 #include <openssl/cms.h> 15 #include "cms_lcl.h" 16 #include "internal/nelem.h" 17 18 /*- 19 * Attribute flags. 20 * CMS attribute restrictions are discussed in 21 * - RFC 5652 Section 11. 22 * ESS attribute restrictions are discussed in 23 * - RFC 2634 Section 1.3.4 AND 24 * - RFC 5035 Section 5.4 25 */ 26 /* This is a signed attribute */ 27 #define CMS_ATTR_F_SIGNED 0x01 28 /* This is an unsigned attribute */ 29 #define CMS_ATTR_F_UNSIGNED 0x02 30 /* Must be present if there are any other attributes of the same type */ 31 #define CMS_ATTR_F_REQUIRED_COND 0x10 32 /* There can only be one instance of this attribute */ 33 #define CMS_ATTR_F_ONLY_ONE 0x20 34 /* The Attribute's value must have exactly one entry */ 35 #define CMS_ATTR_F_ONE_ATTR_VALUE 0x40 36 37 /* Attributes rules for different attributes */ 38 static const struct { 39 int nid; /* The attribute id */ 40 int flags; 41 } cms_attribute_properties[] = { 42 /* See RFC Section 11 */ 43 { NID_pkcs9_contentType, CMS_ATTR_F_SIGNED 44 | CMS_ATTR_F_ONLY_ONE 45 | CMS_ATTR_F_ONE_ATTR_VALUE 46 | CMS_ATTR_F_REQUIRED_COND }, 47 { NID_pkcs9_messageDigest, CMS_ATTR_F_SIGNED 48 | CMS_ATTR_F_ONLY_ONE 49 | CMS_ATTR_F_ONE_ATTR_VALUE 50 | CMS_ATTR_F_REQUIRED_COND }, 51 { NID_pkcs9_signingTime, CMS_ATTR_F_SIGNED 52 | CMS_ATTR_F_ONLY_ONE 53 | CMS_ATTR_F_ONE_ATTR_VALUE }, 54 { NID_pkcs9_countersignature, CMS_ATTR_F_UNSIGNED }, 55 /* ESS */ 56 { NID_id_smime_aa_signingCertificate, CMS_ATTR_F_SIGNED 57 | CMS_ATTR_F_ONLY_ONE 58 | CMS_ATTR_F_ONE_ATTR_VALUE }, 59 { NID_id_smime_aa_signingCertificateV2, CMS_ATTR_F_SIGNED 60 | CMS_ATTR_F_ONLY_ONE 61 | CMS_ATTR_F_ONE_ATTR_VALUE }, 62 { NID_id_smime_aa_receiptRequest, CMS_ATTR_F_SIGNED 63 | CMS_ATTR_F_ONLY_ONE 64 | CMS_ATTR_F_ONE_ATTR_VALUE } 65 }; 66 67 /* CMS SignedData Attribute utilities */ 68 69 int CMS_signed_get_attr_count(const CMS_SignerInfo *si) 70 { 71 return X509at_get_attr_count(si->signedAttrs); 72 } 73 74 int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos) 75 { 76 return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos); 77 } 78 79 int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, 80 int lastpos) 81 { 82 return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos); 83 } 84 85 X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc) 86 { 87 return X509at_get_attr(si->signedAttrs, loc); 88 } 89 90 X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc) 91 { 92 return X509at_delete_attr(si->signedAttrs, loc); 93 } 94 95 int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) 96 { 97 if (X509at_add1_attr(&si->signedAttrs, attr)) 98 return 1; 99 return 0; 100 } 101 102 int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, 103 const ASN1_OBJECT *obj, int type, 104 const void *bytes, int len) 105 { 106 if (X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len)) 107 return 1; 108 return 0; 109 } 110 111 int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, 112 int nid, int type, const void *bytes, int len) 113 { 114 if (X509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len)) 115 return 1; 116 return 0; 117 } 118 119 int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, 120 const char *attrname, int type, 121 const void *bytes, int len) 122 { 123 if (X509at_add1_attr_by_txt(&si->signedAttrs, attrname, type, bytes, len)) 124 return 1; 125 return 0; 126 } 127 128 void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid, 129 int lastpos, int type) 130 { 131 return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type); 132 } 133 134 int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si) 135 { 136 return X509at_get_attr_count(si->unsignedAttrs); 137 } 138 139 int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, 140 int lastpos) 141 { 142 return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos); 143 } 144 145 int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, 146 const ASN1_OBJECT *obj, int lastpos) 147 { 148 return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos); 149 } 150 151 X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc) 152 { 153 return X509at_get_attr(si->unsignedAttrs, loc); 154 } 155 156 X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc) 157 { 158 return X509at_delete_attr(si->unsignedAttrs, loc); 159 } 160 161 int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) 162 { 163 if (X509at_add1_attr(&si->unsignedAttrs, attr)) 164 return 1; 165 return 0; 166 } 167 168 int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, 169 const ASN1_OBJECT *obj, int type, 170 const void *bytes, int len) 171 { 172 if (X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len)) 173 return 1; 174 return 0; 175 } 176 177 int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, 178 int nid, int type, 179 const void *bytes, int len) 180 { 181 if (X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len)) 182 return 1; 183 return 0; 184 } 185 186 int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, 187 const char *attrname, int type, 188 const void *bytes, int len) 189 { 190 if (X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname, 191 type, bytes, len)) 192 return 1; 193 return 0; 194 } 195 196 void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, 197 int lastpos, int type) 198 { 199 return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type); 200 } 201 202 /* 203 * Retrieve an attribute by nid from a stack of attributes starting at index 204 * *lastpos + 1. 205 * Returns the attribute or NULL if there is no attribute. 206 * If an attribute was found *lastpos returns the index of the found attribute. 207 */ 208 static X509_ATTRIBUTE *cms_attrib_get(int nid, 209 const STACK_OF(X509_ATTRIBUTE) *attrs, 210 int *lastpos) 211 { 212 X509_ATTRIBUTE *at; 213 int loc; 214 215 loc = X509at_get_attr_by_NID(attrs, nid, *lastpos); 216 if (loc < 0) 217 return NULL; 218 219 at = X509at_get_attr(attrs, loc); 220 *lastpos = loc; 221 return at; 222 } 223 224 static int cms_check_attribute(int nid, int flags, int type, 225 const STACK_OF(X509_ATTRIBUTE) *attrs, 226 int have_attrs) 227 { 228 int lastpos = -1; 229 X509_ATTRIBUTE *at = cms_attrib_get(nid, attrs, &lastpos); 230 231 if (at != NULL) { 232 int count = X509_ATTRIBUTE_count(at); 233 234 /* Is this attribute allowed? */ 235 if (((flags & type) == 0) 236 /* check if multiple attributes of the same type are allowed */ 237 || (((flags & CMS_ATTR_F_ONLY_ONE) != 0) 238 && cms_attrib_get(nid, attrs, &lastpos) != NULL) 239 /* Check if attribute should have exactly one value in its set */ 240 || (((flags & CMS_ATTR_F_ONE_ATTR_VALUE) != 0) 241 && count != 1) 242 /* There should be at least one value */ 243 || count == 0) 244 return 0; 245 } else { 246 /* fail if a required attribute is missing */ 247 if (have_attrs 248 && ((flags & CMS_ATTR_F_REQUIRED_COND) != 0) 249 && (flags & type) != 0) 250 return 0; 251 } 252 return 1; 253 } 254 255 /* 256 * Check that the signerinfo attributes obey the attribute rules which includes 257 * the following checks 258 * - If any signed attributes exist then there must be a Content Type 259 * and Message Digest attribute in the signed attributes. 260 * - The countersignature attribute is an optional unsigned attribute only. 261 * - Content Type, Message Digest, and Signing time attributes are signed 262 * attributes. Only one instance of each is allowed, with each of these 263 * attributes containing a single attribute value in its set. 264 */ 265 int CMS_si_check_attributes(const CMS_SignerInfo *si) 266 { 267 int i; 268 int have_signed_attrs = (CMS_signed_get_attr_count(si) > 0); 269 int have_unsigned_attrs = (CMS_unsigned_get_attr_count(si) > 0); 270 271 for (i = 0; i < (int)OSSL_NELEM(cms_attribute_properties); ++i) { 272 int nid = cms_attribute_properties[i].nid; 273 int flags = cms_attribute_properties[i].flags; 274 275 if (!cms_check_attribute(nid, flags, CMS_ATTR_F_SIGNED, 276 si->signedAttrs, have_signed_attrs) 277 || !cms_check_attribute(nid, flags, CMS_ATTR_F_UNSIGNED, 278 si->unsignedAttrs, have_unsigned_attrs)) { 279 CMSerr(CMS_F_CMS_SI_CHECK_ATTRIBUTES, CMS_R_ATTRIBUTE_ERROR); 280 return 0; 281 } 282 } 283 return 1; 284 } 285