1 /* 2 * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include "internal/cryptlib.h" 12 #include <openssl/asn1t.h> 13 #include <openssl/pkcs7.h> 14 #include <openssl/x509.h> 15 16 /* PKCS#7 ASN1 module */ 17 18 /* This is the ANY DEFINED BY table for the top level PKCS#7 structure */ 19 20 ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0); 21 22 ASN1_ADB(PKCS7) = { 23 ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)), 24 ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)), 25 ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)), 26 ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)), 27 ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)), 28 ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) 29 } ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL); 30 31 /* PKCS#7 streaming support */ 32 static int pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 33 void *exarg) 34 { 35 ASN1_STREAM_ARG *sarg = exarg; 36 PKCS7 **pp7 = (PKCS7 **)pval; 37 38 switch (operation) { 39 40 case ASN1_OP_STREAM_PRE: 41 if (PKCS7_stream(&sarg->boundary, *pp7) <= 0) 42 return 0; 43 /* fall thru */ 44 case ASN1_OP_DETACHED_PRE: 45 sarg->ndef_bio = PKCS7_dataInit(*pp7, sarg->out); 46 if (!sarg->ndef_bio) 47 return 0; 48 break; 49 50 case ASN1_OP_STREAM_POST: 51 case ASN1_OP_DETACHED_POST: 52 if (PKCS7_dataFinal(*pp7, sarg->ndef_bio) <= 0) 53 return 0; 54 break; 55 56 } 57 return 1; 58 } 59 60 ASN1_NDEF_SEQUENCE_cb(PKCS7, pk7_cb) = { 61 ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT), 62 ASN1_ADB_OBJECT(PKCS7) 63 }ASN1_NDEF_SEQUENCE_END_cb(PKCS7, PKCS7) 64 65 IMPLEMENT_ASN1_FUNCTIONS(PKCS7) 66 67 IMPLEMENT_ASN1_NDEF_FUNCTION(PKCS7) 68 69 IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7) 70 71 ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = { 72 ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER), 73 ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR), 74 ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7), 75 ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0), 76 ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1), 77 ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO) 78 } ASN1_NDEF_SEQUENCE_END(PKCS7_SIGNED) 79 80 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED) 81 82 /* Minor tweak to operation: free up EVP_PKEY */ 83 static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 84 void *exarg) 85 { 86 if (operation == ASN1_OP_FREE_POST) { 87 PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval; 88 EVP_PKEY_free(si->pkey); 89 } 90 return 1; 91 } 92 93 ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = { 94 ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER), 95 ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), 96 ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR), 97 /* NB this should be a SET OF but we use a SEQUENCE OF so the 98 * original order * is retained when the structure is reencoded. 99 * Since the attributes are implicitly tagged this will not affect 100 * the encoding. 101 */ 102 ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0), 103 ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR), 104 ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING), 105 ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1) 106 } ASN1_SEQUENCE_END_cb(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO) 107 108 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) 109 110 ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = { 111 ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME), 112 ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER) 113 } ASN1_SEQUENCE_END(PKCS7_ISSUER_AND_SERIAL) 114 115 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) 116 117 ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = { 118 ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER), 119 ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), 120 ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT) 121 } ASN1_NDEF_SEQUENCE_END(PKCS7_ENVELOPE) 122 123 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE) 124 125 /* Minor tweak to operation: free up X509 */ 126 static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 127 void *exarg) 128 { 129 if (operation == ASN1_OP_FREE_POST) { 130 PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval; 131 X509_free(ri->cert); 132 } 133 return 1; 134 } 135 136 ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = { 137 ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER), 138 ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), 139 ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR), 140 ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING) 141 } ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO) 142 143 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) 144 145 ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = { 146 ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT), 147 ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR), 148 ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING_NDEF, 0) 149 } ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT) 150 151 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) 152 153 ASN1_NDEF_SEQUENCE(PKCS7_SIGN_ENVELOPE) = { 154 ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER), 155 ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), 156 ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR), 157 ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT), 158 ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0), 159 ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1), 160 ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO) 161 } ASN1_NDEF_SEQUENCE_END(PKCS7_SIGN_ENVELOPE) 162 163 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) 164 165 ASN1_NDEF_SEQUENCE(PKCS7_ENCRYPT) = { 166 ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER), 167 ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT) 168 } ASN1_NDEF_SEQUENCE_END(PKCS7_ENCRYPT) 169 170 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT) 171 172 ASN1_NDEF_SEQUENCE(PKCS7_DIGEST) = { 173 ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER), 174 ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR), 175 ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7), 176 ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING) 177 } ASN1_NDEF_SEQUENCE_END(PKCS7_DIGEST) 178 179 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST) 180 181 /* Specials for authenticated attributes */ 182 183 /* 184 * When signing attributes we want to reorder them to match the sorted 185 * encoding. 186 */ 187 188 ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) = 189 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) 190 ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN) 191 192 /* 193 * When verifying attributes we need to use the received order. So we use 194 * SEQUENCE OF and tag it to SET OF 195 */ 196 197 ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = 198 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, 199 V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) 200 ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY) 201 202 IMPLEMENT_ASN1_PRINT_FUNCTION(PKCS7) 203