1 /* $OpenBSD: cms_asn1.c,v 1.18 2019/08/11 10:43:57 jsing Exp $ */ 2 /* 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 4 * project. 5 */ 6 /* ==================================================================== 7 * Copyright (c) 2008 The OpenSSL Project. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. All advertising materials mentioning features or use of this 22 * software must display the following acknowledgment: 23 * "This product includes software developed by the OpenSSL Project 24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 * 26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 * endorse or promote products derived from this software without 28 * prior written permission. For written permission, please contact 29 * licensing@OpenSSL.org. 30 * 31 * 5. Products derived from this software may not be called "OpenSSL" 32 * nor may "OpenSSL" appear in their names without prior written 33 * permission of the OpenSSL Project. 34 * 35 * 6. Redistributions of any form whatsoever must retain the following 36 * acknowledgment: 37 * "This product includes software developed by the OpenSSL Project 38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 * OF THE POSSIBILITY OF SUCH DAMAGE. 52 * ==================================================================== 53 */ 54 55 #include <openssl/asn1t.h> 56 #include <openssl/pem.h> 57 #include <openssl/x509v3.h> 58 #include <openssl/cms.h> 59 #include "cms_lcl.h" 60 61 62 static const ASN1_TEMPLATE CMS_IssuerAndSerialNumber_seq_tt[] = { 63 { 64 .flags = 0, 65 .tag = 0, 66 .offset = offsetof(CMS_IssuerAndSerialNumber, issuer), 67 .field_name = "issuer", 68 .item = &X509_NAME_it, 69 }, 70 { 71 .flags = 0, 72 .tag = 0, 73 .offset = offsetof(CMS_IssuerAndSerialNumber, serialNumber), 74 .field_name = "serialNumber", 75 .item = &ASN1_INTEGER_it, 76 }, 77 }; 78 79 const ASN1_ITEM CMS_IssuerAndSerialNumber_it = { 80 .itype = ASN1_ITYPE_SEQUENCE, 81 .utype = V_ASN1_SEQUENCE, 82 .templates = CMS_IssuerAndSerialNumber_seq_tt, 83 .tcount = sizeof(CMS_IssuerAndSerialNumber_seq_tt) / sizeof(ASN1_TEMPLATE), 84 .funcs = NULL, 85 .size = sizeof(CMS_IssuerAndSerialNumber), 86 .sname = "CMS_IssuerAndSerialNumber", 87 }; 88 89 static const ASN1_TEMPLATE CMS_OtherCertificateFormat_seq_tt[] = { 90 { 91 .flags = 0, 92 .tag = 0, 93 .offset = offsetof(CMS_OtherCertificateFormat, otherCertFormat), 94 .field_name = "otherCertFormat", 95 .item = &ASN1_OBJECT_it, 96 }, 97 { 98 .flags = ASN1_TFLG_OPTIONAL, 99 .tag = 0, 100 .offset = offsetof(CMS_OtherCertificateFormat, otherCert), 101 .field_name = "otherCert", 102 .item = &ASN1_ANY_it, 103 }, 104 }; 105 106 static const ASN1_ITEM CMS_OtherCertificateFormat_it = { 107 .itype = ASN1_ITYPE_SEQUENCE, 108 .utype = V_ASN1_SEQUENCE, 109 .templates = CMS_OtherCertificateFormat_seq_tt, 110 .tcount = sizeof(CMS_OtherCertificateFormat_seq_tt) / sizeof(ASN1_TEMPLATE), 111 .funcs = NULL, 112 .size = sizeof(CMS_OtherCertificateFormat), 113 .sname = "CMS_OtherCertificateFormat", 114 }; 115 116 static const ASN1_TEMPLATE CMS_CertificateChoices_ch_tt[] = { 117 { 118 .flags = 0, 119 .tag = 0, 120 .offset = offsetof(CMS_CertificateChoices, d.certificate), 121 .field_name = "d.certificate", 122 .item = &X509_it, 123 }, 124 { 125 .flags = ASN1_TFLG_IMPLICIT, 126 .tag = 0, 127 .offset = offsetof(CMS_CertificateChoices, d.extendedCertificate), 128 .field_name = "d.extendedCertificate", 129 .item = &ASN1_SEQUENCE_it, 130 }, 131 { 132 .flags = ASN1_TFLG_IMPLICIT, 133 .tag = 1, 134 .offset = offsetof(CMS_CertificateChoices, d.v1AttrCert), 135 .field_name = "d.v1AttrCert", 136 .item = &ASN1_SEQUENCE_it, 137 }, 138 { 139 .flags = ASN1_TFLG_IMPLICIT, 140 .tag = 2, 141 .offset = offsetof(CMS_CertificateChoices, d.v2AttrCert), 142 .field_name = "d.v2AttrCert", 143 .item = &ASN1_SEQUENCE_it, 144 }, 145 { 146 .flags = ASN1_TFLG_IMPLICIT, 147 .tag = 3, 148 .offset = offsetof(CMS_CertificateChoices, d.other), 149 .field_name = "d.other", 150 .item = &CMS_OtherCertificateFormat_it, 151 }, 152 }; 153 154 const ASN1_ITEM CMS_CertificateChoices_it = { 155 .itype = ASN1_ITYPE_CHOICE, 156 .utype = offsetof(CMS_CertificateChoices, type), 157 .templates = CMS_CertificateChoices_ch_tt, 158 .tcount = sizeof(CMS_CertificateChoices_ch_tt) / sizeof(ASN1_TEMPLATE), 159 .funcs = NULL, 160 .size = sizeof(CMS_CertificateChoices), 161 .sname = "CMS_CertificateChoices", 162 }; 163 164 static const ASN1_TEMPLATE CMS_SignerIdentifier_ch_tt[] = { 165 { 166 .flags = 0, 167 .tag = 0, 168 .offset = offsetof(CMS_SignerIdentifier, d.issuerAndSerialNumber), 169 .field_name = "d.issuerAndSerialNumber", 170 .item = &CMS_IssuerAndSerialNumber_it, 171 }, 172 { 173 .flags = ASN1_TFLG_IMPLICIT, 174 .tag = 0, 175 .offset = offsetof(CMS_SignerIdentifier, d.subjectKeyIdentifier), 176 .field_name = "d.subjectKeyIdentifier", 177 .item = &ASN1_OCTET_STRING_it, 178 }, 179 }; 180 181 static const ASN1_ITEM CMS_SignerIdentifier_it = { 182 .itype = ASN1_ITYPE_CHOICE, 183 .utype = offsetof(CMS_SignerIdentifier, type), 184 .templates = CMS_SignerIdentifier_ch_tt, 185 .tcount = sizeof(CMS_SignerIdentifier_ch_tt) / sizeof(ASN1_TEMPLATE), 186 .funcs = NULL, 187 .size = sizeof(CMS_SignerIdentifier), 188 .sname = "CMS_SignerIdentifier", 189 }; 190 191 static const ASN1_TEMPLATE CMS_EncapsulatedContentInfo_seq_tt[] = { 192 { 193 .flags = 0, 194 .tag = 0, 195 .offset = offsetof(CMS_EncapsulatedContentInfo, eContentType), 196 .field_name = "eContentType", 197 .item = &ASN1_OBJECT_it, 198 }, 199 { 200 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL | ASN1_TFLG_NDEF, 201 .tag = 0, 202 .offset = offsetof(CMS_EncapsulatedContentInfo, eContent), 203 .field_name = "eContent", 204 .item = &ASN1_OCTET_STRING_NDEF_it, 205 }, 206 }; 207 208 static const ASN1_ITEM CMS_EncapsulatedContentInfo_it = { 209 .itype = ASN1_ITYPE_NDEF_SEQUENCE, 210 .utype = V_ASN1_SEQUENCE, 211 .templates = CMS_EncapsulatedContentInfo_seq_tt, 212 .tcount = sizeof(CMS_EncapsulatedContentInfo_seq_tt) / sizeof(ASN1_TEMPLATE), 213 .funcs = NULL, 214 .size = sizeof(CMS_EncapsulatedContentInfo), 215 .sname = "CMS_EncapsulatedContentInfo", 216 }; 217 218 /* Minor tweak to operation: free up signer key, cert */ 219 static int 220 cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) 221 { 222 if (operation == ASN1_OP_FREE_POST) { 223 CMS_SignerInfo *si = (CMS_SignerInfo *)*pval; 224 EVP_PKEY_free(si->pkey); 225 X509_free(si->signer); 226 EVP_MD_CTX_free(si->mctx); 227 } 228 return 1; 229 } 230 231 static const ASN1_AUX CMS_SignerInfo_aux = { 232 .app_data = NULL, 233 .flags = 0, 234 .ref_offset = 0, 235 .ref_lock = 0, 236 .asn1_cb = cms_si_cb, 237 .enc_offset = 0, 238 }; 239 static const ASN1_TEMPLATE CMS_SignerInfo_seq_tt[] = { 240 { 241 .flags = 0, 242 .tag = 0, 243 .offset = offsetof(CMS_SignerInfo, version), 244 .field_name = "version", 245 .item = &LONG_it, 246 }, 247 { 248 .flags = 0, 249 .tag = 0, 250 .offset = offsetof(CMS_SignerInfo, sid), 251 .field_name = "sid", 252 .item = &CMS_SignerIdentifier_it, 253 }, 254 { 255 .flags = 0, 256 .tag = 0, 257 .offset = offsetof(CMS_SignerInfo, digestAlgorithm), 258 .field_name = "digestAlgorithm", 259 .item = &X509_ALGOR_it, 260 }, 261 { 262 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, 263 .tag = 0, 264 .offset = offsetof(CMS_SignerInfo, signedAttrs), 265 .field_name = "signedAttrs", 266 .item = &X509_ATTRIBUTE_it, 267 }, 268 { 269 .flags = 0, 270 .tag = 0, 271 .offset = offsetof(CMS_SignerInfo, signatureAlgorithm), 272 .field_name = "signatureAlgorithm", 273 .item = &X509_ALGOR_it, 274 }, 275 { 276 .flags = 0, 277 .tag = 0, 278 .offset = offsetof(CMS_SignerInfo, signature), 279 .field_name = "signature", 280 .item = &ASN1_OCTET_STRING_it, 281 }, 282 { 283 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, 284 .tag = 1, 285 .offset = offsetof(CMS_SignerInfo, unsignedAttrs), 286 .field_name = "unsignedAttrs", 287 .item = &X509_ATTRIBUTE_it, 288 }, 289 }; 290 291 const ASN1_ITEM CMS_SignerInfo_it = { 292 .itype = ASN1_ITYPE_SEQUENCE, 293 .utype = V_ASN1_SEQUENCE, 294 .templates = CMS_SignerInfo_seq_tt, 295 .tcount = sizeof(CMS_SignerInfo_seq_tt) / sizeof(ASN1_TEMPLATE), 296 .funcs = &CMS_SignerInfo_aux, 297 .size = sizeof(CMS_SignerInfo), 298 .sname = "CMS_SignerInfo", 299 }; 300 301 static const ASN1_TEMPLATE CMS_OtherRevocationInfoFormat_seq_tt[] = { 302 { 303 .flags = 0, 304 .tag = 0, 305 .offset = offsetof(CMS_OtherRevocationInfoFormat, otherRevInfoFormat), 306 .field_name = "otherRevInfoFormat", 307 .item = &ASN1_OBJECT_it, 308 }, 309 { 310 .flags = ASN1_TFLG_OPTIONAL, 311 .tag = 0, 312 .offset = offsetof(CMS_OtherRevocationInfoFormat, otherRevInfo), 313 .field_name = "otherRevInfo", 314 .item = &ASN1_ANY_it, 315 }, 316 }; 317 318 static const ASN1_ITEM CMS_OtherRevocationInfoFormat_it = { 319 .itype = ASN1_ITYPE_SEQUENCE, 320 .utype = V_ASN1_SEQUENCE, 321 .templates = CMS_OtherRevocationInfoFormat_seq_tt, 322 .tcount = sizeof(CMS_OtherRevocationInfoFormat_seq_tt) / sizeof(ASN1_TEMPLATE), 323 .funcs = NULL, 324 .size = sizeof(CMS_OtherRevocationInfoFormat), 325 .sname = "CMS_OtherRevocationInfoFormat", 326 }; 327 328 static const ASN1_TEMPLATE CMS_RevocationInfoChoice_ch_tt[] = { 329 { 330 .flags = 0, 331 .tag = 0, 332 .offset = offsetof(CMS_RevocationInfoChoice, d.crl), 333 .field_name = "d.crl", 334 .item = &X509_CRL_it, 335 }, 336 { 337 .flags = ASN1_TFLG_IMPLICIT, 338 .tag = 1, 339 .offset = offsetof(CMS_RevocationInfoChoice, d.other), 340 .field_name = "d.other", 341 .item = &CMS_OtherRevocationInfoFormat_it, 342 }, 343 }; 344 345 const ASN1_ITEM CMS_RevocationInfoChoice_it = { 346 .itype = ASN1_ITYPE_CHOICE, 347 .utype = offsetof(CMS_RevocationInfoChoice, type), 348 .templates = CMS_RevocationInfoChoice_ch_tt, 349 .tcount = sizeof(CMS_RevocationInfoChoice_ch_tt) / sizeof(ASN1_TEMPLATE), 350 .funcs = NULL, 351 .size = sizeof(CMS_RevocationInfoChoice), 352 .sname = "CMS_RevocationInfoChoice", 353 }; 354 355 static const ASN1_TEMPLATE CMS_SignedData_seq_tt[] = { 356 { 357 .flags = 0, 358 .tag = 0, 359 .offset = offsetof(CMS_SignedData, version), 360 .field_name = "version", 361 .item = &LONG_it, 362 }, 363 { 364 .flags = ASN1_TFLG_SET_OF, 365 .tag = 0, 366 .offset = offsetof(CMS_SignedData, digestAlgorithms), 367 .field_name = "digestAlgorithms", 368 .item = &X509_ALGOR_it, 369 }, 370 { 371 .flags = 0, 372 .tag = 0, 373 .offset = offsetof(CMS_SignedData, encapContentInfo), 374 .field_name = "encapContentInfo", 375 .item = &CMS_EncapsulatedContentInfo_it, 376 }, 377 { 378 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, 379 .tag = 0, 380 .offset = offsetof(CMS_SignedData, certificates), 381 .field_name = "certificates", 382 .item = &CMS_CertificateChoices_it, 383 }, 384 { 385 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, 386 .tag = 1, 387 .offset = offsetof(CMS_SignedData, crls), 388 .field_name = "crls", 389 .item = &CMS_RevocationInfoChoice_it, 390 }, 391 { 392 .flags = ASN1_TFLG_SET_OF, 393 .tag = 0, 394 .offset = offsetof(CMS_SignedData, signerInfos), 395 .field_name = "signerInfos", 396 .item = &CMS_SignerInfo_it, 397 }, 398 }; 399 400 const ASN1_ITEM CMS_SignedData_it = { 401 .itype = ASN1_ITYPE_NDEF_SEQUENCE, 402 .utype = V_ASN1_SEQUENCE, 403 .templates = CMS_SignedData_seq_tt, 404 .tcount = sizeof(CMS_SignedData_seq_tt) / sizeof(ASN1_TEMPLATE), 405 .funcs = NULL, 406 .size = sizeof(CMS_SignedData), 407 .sname = "CMS_SignedData", 408 }; 409 410 static const ASN1_TEMPLATE CMS_OriginatorInfo_seq_tt[] = { 411 { 412 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, 413 .tag = 0, 414 .offset = offsetof(CMS_OriginatorInfo, certificates), 415 .field_name = "certificates", 416 .item = &CMS_CertificateChoices_it, 417 }, 418 { 419 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, 420 .tag = 1, 421 .offset = offsetof(CMS_OriginatorInfo, crls), 422 .field_name = "crls", 423 .item = &CMS_RevocationInfoChoice_it, 424 }, 425 }; 426 427 static const ASN1_ITEM CMS_OriginatorInfo_it = { 428 .itype = ASN1_ITYPE_SEQUENCE, 429 .utype = V_ASN1_SEQUENCE, 430 .templates = CMS_OriginatorInfo_seq_tt, 431 .tcount = sizeof(CMS_OriginatorInfo_seq_tt) / sizeof(ASN1_TEMPLATE), 432 .funcs = NULL, 433 .size = sizeof(CMS_OriginatorInfo), 434 .sname = "CMS_OriginatorInfo", 435 }; 436 437 static const ASN1_TEMPLATE CMS_EncryptedContentInfo_seq_tt[] = { 438 { 439 .flags = 0, 440 .tag = 0, 441 .offset = offsetof(CMS_EncryptedContentInfo, contentType), 442 .field_name = "contentType", 443 .item = &ASN1_OBJECT_it, 444 }, 445 { 446 .flags = 0, 447 .tag = 0, 448 .offset = offsetof(CMS_EncryptedContentInfo, contentEncryptionAlgorithm), 449 .field_name = "contentEncryptionAlgorithm", 450 .item = &X509_ALGOR_it, 451 }, 452 { 453 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, 454 .tag = 0, 455 .offset = offsetof(CMS_EncryptedContentInfo, encryptedContent), 456 .field_name = "encryptedContent", 457 .item = &ASN1_OCTET_STRING_NDEF_it, 458 }, 459 }; 460 461 static const ASN1_ITEM CMS_EncryptedContentInfo_it = { 462 .itype = ASN1_ITYPE_NDEF_SEQUENCE, 463 .utype = V_ASN1_SEQUENCE, 464 .templates = CMS_EncryptedContentInfo_seq_tt, 465 .tcount = sizeof(CMS_EncryptedContentInfo_seq_tt) / sizeof(ASN1_TEMPLATE), 466 .funcs = NULL, 467 .size = sizeof(CMS_EncryptedContentInfo), 468 .sname = "CMS_EncryptedContentInfo", 469 }; 470 471 static const ASN1_TEMPLATE CMS_KeyTransRecipientInfo_seq_tt[] = { 472 { 473 .flags = 0, 474 .tag = 0, 475 .offset = offsetof(CMS_KeyTransRecipientInfo, version), 476 .field_name = "version", 477 .item = &LONG_it, 478 }, 479 { 480 .flags = 0, 481 .tag = 0, 482 .offset = offsetof(CMS_KeyTransRecipientInfo, rid), 483 .field_name = "rid", 484 .item = &CMS_SignerIdentifier_it, 485 }, 486 { 487 .flags = 0, 488 .tag = 0, 489 .offset = offsetof(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm), 490 .field_name = "keyEncryptionAlgorithm", 491 .item = &X509_ALGOR_it, 492 }, 493 { 494 .flags = 0, 495 .tag = 0, 496 .offset = offsetof(CMS_KeyTransRecipientInfo, encryptedKey), 497 .field_name = "encryptedKey", 498 .item = &ASN1_OCTET_STRING_it, 499 }, 500 }; 501 502 const ASN1_ITEM CMS_KeyTransRecipientInfo_it = { 503 .itype = ASN1_ITYPE_SEQUENCE, 504 .utype = V_ASN1_SEQUENCE, 505 .templates = CMS_KeyTransRecipientInfo_seq_tt, 506 .tcount = sizeof(CMS_KeyTransRecipientInfo_seq_tt) / sizeof(ASN1_TEMPLATE), 507 .funcs = NULL, 508 .size = sizeof(CMS_KeyTransRecipientInfo), 509 .sname = "CMS_KeyTransRecipientInfo", 510 }; 511 512 static const ASN1_TEMPLATE CMS_OtherKeyAttribute_seq_tt[] = { 513 { 514 .flags = 0, 515 .tag = 0, 516 .offset = offsetof(CMS_OtherKeyAttribute, keyAttrId), 517 .field_name = "keyAttrId", 518 .item = &ASN1_OBJECT_it, 519 }, 520 { 521 .flags = ASN1_TFLG_OPTIONAL, 522 .tag = 0, 523 .offset = offsetof(CMS_OtherKeyAttribute, keyAttr), 524 .field_name = "keyAttr", 525 .item = &ASN1_ANY_it, 526 }, 527 }; 528 529 const ASN1_ITEM CMS_OtherKeyAttribute_it = { 530 .itype = ASN1_ITYPE_SEQUENCE, 531 .utype = V_ASN1_SEQUENCE, 532 .templates = CMS_OtherKeyAttribute_seq_tt, 533 .tcount = sizeof(CMS_OtherKeyAttribute_seq_tt) / sizeof(ASN1_TEMPLATE), 534 .funcs = NULL, 535 .size = sizeof(CMS_OtherKeyAttribute), 536 .sname = "CMS_OtherKeyAttribute", 537 }; 538 539 static const ASN1_TEMPLATE CMS_RecipientKeyIdentifier_seq_tt[] = { 540 { 541 .flags = 0, 542 .tag = 0, 543 .offset = offsetof(CMS_RecipientKeyIdentifier, subjectKeyIdentifier), 544 .field_name = "subjectKeyIdentifier", 545 .item = &ASN1_OCTET_STRING_it, 546 }, 547 { 548 .flags = ASN1_TFLG_OPTIONAL, 549 .tag = 0, 550 .offset = offsetof(CMS_RecipientKeyIdentifier, date), 551 .field_name = "date", 552 .item = &ASN1_GENERALIZEDTIME_it, 553 }, 554 { 555 .flags = ASN1_TFLG_OPTIONAL, 556 .tag = 0, 557 .offset = offsetof(CMS_RecipientKeyIdentifier, other), 558 .field_name = "other", 559 .item = &CMS_OtherKeyAttribute_it, 560 }, 561 }; 562 563 const ASN1_ITEM CMS_RecipientKeyIdentifier_it = { 564 .itype = ASN1_ITYPE_SEQUENCE, 565 .utype = V_ASN1_SEQUENCE, 566 .templates = CMS_RecipientKeyIdentifier_seq_tt, 567 .tcount = sizeof(CMS_RecipientKeyIdentifier_seq_tt) / sizeof(ASN1_TEMPLATE), 568 .funcs = NULL, 569 .size = sizeof(CMS_RecipientKeyIdentifier), 570 .sname = "CMS_RecipientKeyIdentifier", 571 }; 572 573 static const ASN1_TEMPLATE CMS_KeyAgreeRecipientIdentifier_ch_tt[] = { 574 { 575 .flags = 0, 576 .tag = 0, 577 .offset = offsetof(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber), 578 .field_name = "d.issuerAndSerialNumber", 579 .item = &CMS_IssuerAndSerialNumber_it, 580 }, 581 { 582 .flags = ASN1_TFLG_IMPLICIT, 583 .tag = 0, 584 .offset = offsetof(CMS_KeyAgreeRecipientIdentifier, d.rKeyId), 585 .field_name = "d.rKeyId", 586 .item = &CMS_RecipientKeyIdentifier_it, 587 }, 588 }; 589 590 static const ASN1_ITEM CMS_KeyAgreeRecipientIdentifier_it = { 591 .itype = ASN1_ITYPE_CHOICE, 592 .utype = offsetof(CMS_KeyAgreeRecipientIdentifier, type), 593 .templates = CMS_KeyAgreeRecipientIdentifier_ch_tt, 594 .tcount = sizeof(CMS_KeyAgreeRecipientIdentifier_ch_tt) / sizeof(ASN1_TEMPLATE), 595 .funcs = NULL, 596 .size = sizeof(CMS_KeyAgreeRecipientIdentifier), 597 .sname = "CMS_KeyAgreeRecipientIdentifier", 598 }; 599 600 static int 601 cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) 602 { 603 CMS_RecipientEncryptedKey *rek = (CMS_RecipientEncryptedKey *)*pval; 604 if (operation == ASN1_OP_FREE_POST) { 605 EVP_PKEY_free(rek->pkey); 606 } 607 return 1; 608 } 609 610 static const ASN1_AUX CMS_RecipientEncryptedKey_aux = { 611 .app_data = NULL, 612 .flags = 0, 613 .ref_offset = 0, 614 .ref_lock = 0, 615 .asn1_cb = cms_rek_cb, 616 .enc_offset = 0, 617 }; 618 static const ASN1_TEMPLATE CMS_RecipientEncryptedKey_seq_tt[] = { 619 { 620 .flags = 0, 621 .tag = 0, 622 .offset = offsetof(CMS_RecipientEncryptedKey, rid), 623 .field_name = "rid", 624 .item = &CMS_KeyAgreeRecipientIdentifier_it, 625 }, 626 { 627 .flags = 0, 628 .tag = 0, 629 .offset = offsetof(CMS_RecipientEncryptedKey, encryptedKey), 630 .field_name = "encryptedKey", 631 .item = &ASN1_OCTET_STRING_it, 632 }, 633 }; 634 635 const ASN1_ITEM CMS_RecipientEncryptedKey_it = { 636 .itype = ASN1_ITYPE_SEQUENCE, 637 .utype = V_ASN1_SEQUENCE, 638 .templates = CMS_RecipientEncryptedKey_seq_tt, 639 .tcount = sizeof(CMS_RecipientEncryptedKey_seq_tt) / sizeof(ASN1_TEMPLATE), 640 .funcs = &CMS_RecipientEncryptedKey_aux, 641 .size = sizeof(CMS_RecipientEncryptedKey), 642 .sname = "CMS_RecipientEncryptedKey", 643 }; 644 645 static const ASN1_TEMPLATE CMS_OriginatorPublicKey_seq_tt[] = { 646 { 647 .flags = 0, 648 .tag = 0, 649 .offset = offsetof(CMS_OriginatorPublicKey, algorithm), 650 .field_name = "algorithm", 651 .item = &X509_ALGOR_it, 652 }, 653 { 654 .flags = 0, 655 .tag = 0, 656 .offset = offsetof(CMS_OriginatorPublicKey, publicKey), 657 .field_name = "publicKey", 658 .item = &ASN1_BIT_STRING_it, 659 }, 660 }; 661 662 const ASN1_ITEM CMS_OriginatorPublicKey_it = { 663 .itype = ASN1_ITYPE_SEQUENCE, 664 .utype = V_ASN1_SEQUENCE, 665 .templates = CMS_OriginatorPublicKey_seq_tt, 666 .tcount = sizeof(CMS_OriginatorPublicKey_seq_tt) / sizeof(ASN1_TEMPLATE), 667 .funcs = NULL, 668 .size = sizeof(CMS_OriginatorPublicKey), 669 .sname = "CMS_OriginatorPublicKey", 670 }; 671 672 static const ASN1_TEMPLATE CMS_OriginatorIdentifierOrKey_ch_tt[] = { 673 { 674 .flags = 0, 675 .tag = 0, 676 .offset = offsetof(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber), 677 .field_name = "d.issuerAndSerialNumber", 678 .item = &CMS_IssuerAndSerialNumber_it, 679 }, 680 { 681 .flags = ASN1_TFLG_IMPLICIT, 682 .tag = 0, 683 .offset = offsetof(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier), 684 .field_name = "d.subjectKeyIdentifier", 685 .item = &ASN1_OCTET_STRING_it, 686 }, 687 { 688 .flags = ASN1_TFLG_IMPLICIT, 689 .tag = 1, 690 .offset = offsetof(CMS_OriginatorIdentifierOrKey, d.originatorKey), 691 .field_name = "d.originatorKey", 692 .item = &CMS_OriginatorPublicKey_it, 693 }, 694 }; 695 696 static const ASN1_ITEM CMS_OriginatorIdentifierOrKey_it = { 697 .itype = ASN1_ITYPE_CHOICE, 698 .utype = offsetof(CMS_OriginatorIdentifierOrKey, type), 699 .templates = CMS_OriginatorIdentifierOrKey_ch_tt, 700 .tcount = sizeof(CMS_OriginatorIdentifierOrKey_ch_tt) / sizeof(ASN1_TEMPLATE), 701 .funcs = NULL, 702 .size = sizeof(CMS_OriginatorIdentifierOrKey), 703 .sname = "CMS_OriginatorIdentifierOrKey", 704 }; 705 706 static int 707 cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) 708 { 709 CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval; 710 if (operation == ASN1_OP_NEW_POST) { 711 kari->ctx = EVP_CIPHER_CTX_new(); 712 if (kari->ctx == NULL) 713 return 0; 714 EVP_CIPHER_CTX_set_flags(kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); 715 kari->pctx = NULL; 716 } else if (operation == ASN1_OP_FREE_POST) { 717 EVP_PKEY_CTX_free(kari->pctx); 718 EVP_CIPHER_CTX_free(kari->ctx); 719 } 720 return 1; 721 } 722 723 static const ASN1_AUX CMS_KeyAgreeRecipientInfo_aux = { 724 .app_data = NULL, 725 .flags = 0, 726 .ref_offset = 0, 727 .ref_lock = 0, 728 .asn1_cb = cms_kari_cb, 729 .enc_offset = 0, 730 }; 731 static const ASN1_TEMPLATE CMS_KeyAgreeRecipientInfo_seq_tt[] = { 732 { 733 .flags = 0, 734 .tag = 0, 735 .offset = offsetof(CMS_KeyAgreeRecipientInfo, version), 736 .field_name = "version", 737 .item = &LONG_it, 738 }, 739 { 740 .flags = ASN1_TFLG_EXPLICIT, 741 .tag = 0, 742 .offset = offsetof(CMS_KeyAgreeRecipientInfo, originator), 743 .field_name = "originator", 744 .item = &CMS_OriginatorIdentifierOrKey_it, 745 }, 746 { 747 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, 748 .tag = 1, 749 .offset = offsetof(CMS_KeyAgreeRecipientInfo, ukm), 750 .field_name = "ukm", 751 .item = &ASN1_OCTET_STRING_it, 752 }, 753 { 754 .flags = 0, 755 .tag = 0, 756 .offset = offsetof(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm), 757 .field_name = "keyEncryptionAlgorithm", 758 .item = &X509_ALGOR_it, 759 }, 760 { 761 .flags = ASN1_TFLG_SEQUENCE_OF, 762 .tag = 0, 763 .offset = offsetof(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys), 764 .field_name = "recipientEncryptedKeys", 765 .item = &CMS_RecipientEncryptedKey_it, 766 }, 767 }; 768 769 const ASN1_ITEM CMS_KeyAgreeRecipientInfo_it = { 770 .itype = ASN1_ITYPE_SEQUENCE, 771 .utype = V_ASN1_SEQUENCE, 772 .templates = CMS_KeyAgreeRecipientInfo_seq_tt, 773 .tcount = sizeof(CMS_KeyAgreeRecipientInfo_seq_tt) / sizeof(ASN1_TEMPLATE), 774 .funcs = &CMS_KeyAgreeRecipientInfo_aux, 775 .size = sizeof(CMS_KeyAgreeRecipientInfo), 776 .sname = "CMS_KeyAgreeRecipientInfo", 777 }; 778 779 static const ASN1_TEMPLATE CMS_KEKIdentifier_seq_tt[] = { 780 { 781 .flags = 0, 782 .tag = 0, 783 .offset = offsetof(CMS_KEKIdentifier, keyIdentifier), 784 .field_name = "keyIdentifier", 785 .item = &ASN1_OCTET_STRING_it, 786 }, 787 { 788 .flags = ASN1_TFLG_OPTIONAL, 789 .tag = 0, 790 .offset = offsetof(CMS_KEKIdentifier, date), 791 .field_name = "date", 792 .item = &ASN1_GENERALIZEDTIME_it, 793 }, 794 { 795 .flags = ASN1_TFLG_OPTIONAL, 796 .tag = 0, 797 .offset = offsetof(CMS_KEKIdentifier, other), 798 .field_name = "other", 799 .item = &CMS_OtherKeyAttribute_it, 800 }, 801 }; 802 803 static const ASN1_ITEM CMS_KEKIdentifier_it = { 804 .itype = ASN1_ITYPE_SEQUENCE, 805 .utype = V_ASN1_SEQUENCE, 806 .templates = CMS_KEKIdentifier_seq_tt, 807 .tcount = sizeof(CMS_KEKIdentifier_seq_tt) / sizeof(ASN1_TEMPLATE), 808 .funcs = NULL, 809 .size = sizeof(CMS_KEKIdentifier), 810 .sname = "CMS_KEKIdentifier", 811 }; 812 813 static const ASN1_TEMPLATE CMS_KEKRecipientInfo_seq_tt[] = { 814 { 815 .flags = 0, 816 .tag = 0, 817 .offset = offsetof(CMS_KEKRecipientInfo, version), 818 .field_name = "version", 819 .item = &LONG_it, 820 }, 821 { 822 .flags = 0, 823 .tag = 0, 824 .offset = offsetof(CMS_KEKRecipientInfo, kekid), 825 .field_name = "kekid", 826 .item = &CMS_KEKIdentifier_it, 827 }, 828 { 829 .flags = 0, 830 .tag = 0, 831 .offset = offsetof(CMS_KEKRecipientInfo, keyEncryptionAlgorithm), 832 .field_name = "keyEncryptionAlgorithm", 833 .item = &X509_ALGOR_it, 834 }, 835 { 836 .flags = 0, 837 .tag = 0, 838 .offset = offsetof(CMS_KEKRecipientInfo, encryptedKey), 839 .field_name = "encryptedKey", 840 .item = &ASN1_OCTET_STRING_it, 841 }, 842 }; 843 844 const ASN1_ITEM CMS_KEKRecipientInfo_it = { 845 .itype = ASN1_ITYPE_SEQUENCE, 846 .utype = V_ASN1_SEQUENCE, 847 .templates = CMS_KEKRecipientInfo_seq_tt, 848 .tcount = sizeof(CMS_KEKRecipientInfo_seq_tt) / sizeof(ASN1_TEMPLATE), 849 .funcs = NULL, 850 .size = sizeof(CMS_KEKRecipientInfo), 851 .sname = "CMS_KEKRecipientInfo", 852 }; 853 854 static const ASN1_TEMPLATE CMS_PasswordRecipientInfo_seq_tt[] = { 855 { 856 .flags = 0, 857 .tag = 0, 858 .offset = offsetof(CMS_PasswordRecipientInfo, version), 859 .field_name = "version", 860 .item = &LONG_it, 861 }, 862 { 863 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, 864 .tag = 0, 865 .offset = offsetof(CMS_PasswordRecipientInfo, keyDerivationAlgorithm), 866 .field_name = "keyDerivationAlgorithm", 867 .item = &X509_ALGOR_it, 868 }, 869 { 870 .flags = 0, 871 .tag = 0, 872 .offset = offsetof(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm), 873 .field_name = "keyEncryptionAlgorithm", 874 .item = &X509_ALGOR_it, 875 }, 876 { 877 .flags = 0, 878 .tag = 0, 879 .offset = offsetof(CMS_PasswordRecipientInfo, encryptedKey), 880 .field_name = "encryptedKey", 881 .item = &ASN1_OCTET_STRING_it, 882 }, 883 }; 884 885 const ASN1_ITEM CMS_PasswordRecipientInfo_it = { 886 .itype = ASN1_ITYPE_SEQUENCE, 887 .utype = V_ASN1_SEQUENCE, 888 .templates = CMS_PasswordRecipientInfo_seq_tt, 889 .tcount = sizeof(CMS_PasswordRecipientInfo_seq_tt) / sizeof(ASN1_TEMPLATE), 890 .funcs = NULL, 891 .size = sizeof(CMS_PasswordRecipientInfo), 892 .sname = "CMS_PasswordRecipientInfo", 893 }; 894 895 static const ASN1_TEMPLATE CMS_OtherRecipientInfo_seq_tt[] = { 896 { 897 .flags = 0, 898 .tag = 0, 899 .offset = offsetof(CMS_OtherRecipientInfo, oriType), 900 .field_name = "oriType", 901 .item = &ASN1_OBJECT_it, 902 }, 903 { 904 .flags = ASN1_TFLG_OPTIONAL, 905 .tag = 0, 906 .offset = offsetof(CMS_OtherRecipientInfo, oriValue), 907 .field_name = "oriValue", 908 .item = &ASN1_ANY_it, 909 }, 910 }; 911 912 static const ASN1_ITEM CMS_OtherRecipientInfo_it = { 913 .itype = ASN1_ITYPE_SEQUENCE, 914 .utype = V_ASN1_SEQUENCE, 915 .templates = CMS_OtherRecipientInfo_seq_tt, 916 .tcount = sizeof(CMS_OtherRecipientInfo_seq_tt) / sizeof(ASN1_TEMPLATE), 917 .funcs = NULL, 918 .size = sizeof(CMS_OtherRecipientInfo), 919 .sname = "CMS_OtherRecipientInfo", 920 }; 921 922 /* Free up RecipientInfo additional data */ 923 static int 924 cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) 925 { 926 if (operation == ASN1_OP_FREE_PRE) { 927 CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval; 928 if (ri->type == CMS_RECIPINFO_TRANS) { 929 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; 930 EVP_PKEY_free(ktri->pkey); 931 X509_free(ktri->recip); 932 EVP_PKEY_CTX_free(ktri->pctx); 933 } else if (ri->type == CMS_RECIPINFO_KEK) { 934 CMS_KEKRecipientInfo *kekri = ri->d.kekri; 935 freezero(kekri->key, kekri->keylen); 936 } else if (ri->type == CMS_RECIPINFO_PASS) { 937 CMS_PasswordRecipientInfo *pwri = ri->d.pwri; 938 freezero(pwri->pass, pwri->passlen); 939 } 940 } 941 return 1; 942 } 943 944 static const ASN1_AUX CMS_RecipientInfo_aux = { 945 .app_data = NULL, 946 .flags = 0, 947 .ref_offset = 0, 948 .ref_lock = 0, 949 .asn1_cb = cms_ri_cb, 950 .enc_offset = 0, 951 }; 952 static const ASN1_TEMPLATE CMS_RecipientInfo_ch_tt[] = { 953 { 954 .flags = 0, 955 .tag = 0, 956 .offset = offsetof(CMS_RecipientInfo, d.ktri), 957 .field_name = "d.ktri", 958 .item = &CMS_KeyTransRecipientInfo_it, 959 }, 960 { 961 .flags = ASN1_TFLG_IMPLICIT, 962 .tag = 1, 963 .offset = offsetof(CMS_RecipientInfo, d.kari), 964 .field_name = "d.kari", 965 .item = &CMS_KeyAgreeRecipientInfo_it, 966 }, 967 { 968 .flags = ASN1_TFLG_IMPLICIT, 969 .tag = 2, 970 .offset = offsetof(CMS_RecipientInfo, d.kekri), 971 .field_name = "d.kekri", 972 .item = &CMS_KEKRecipientInfo_it, 973 }, 974 { 975 .flags = ASN1_TFLG_IMPLICIT, 976 .tag = 3, 977 .offset = offsetof(CMS_RecipientInfo, d.pwri), 978 .field_name = "d.pwri", 979 .item = &CMS_PasswordRecipientInfo_it, 980 }, 981 { 982 .flags = ASN1_TFLG_IMPLICIT, 983 .tag = 4, 984 .offset = offsetof(CMS_RecipientInfo, d.ori), 985 .field_name = "d.ori", 986 .item = &CMS_OtherRecipientInfo_it, 987 }, 988 }; 989 990 const ASN1_ITEM CMS_RecipientInfo_it = { 991 .itype = ASN1_ITYPE_CHOICE, 992 .utype = offsetof(CMS_RecipientInfo, type), 993 .templates = CMS_RecipientInfo_ch_tt, 994 .tcount = sizeof(CMS_RecipientInfo_ch_tt) / sizeof(ASN1_TEMPLATE), 995 .funcs = &CMS_RecipientInfo_aux, 996 .size = sizeof(CMS_RecipientInfo), 997 .sname = "CMS_RecipientInfo", 998 }; 999 1000 static const ASN1_TEMPLATE CMS_EnvelopedData_seq_tt[] = { 1001 { 1002 .flags = 0, 1003 .tag = 0, 1004 .offset = offsetof(CMS_EnvelopedData, version), 1005 .field_name = "version", 1006 .item = &LONG_it, 1007 }, 1008 { 1009 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, 1010 .tag = 0, 1011 .offset = offsetof(CMS_EnvelopedData, originatorInfo), 1012 .field_name = "originatorInfo", 1013 .item = &CMS_OriginatorInfo_it, 1014 }, 1015 { 1016 .flags = ASN1_TFLG_SET_OF, 1017 .tag = 0, 1018 .offset = offsetof(CMS_EnvelopedData, recipientInfos), 1019 .field_name = "recipientInfos", 1020 .item = &CMS_RecipientInfo_it, 1021 }, 1022 { 1023 .flags = 0, 1024 .tag = 0, 1025 .offset = offsetof(CMS_EnvelopedData, encryptedContentInfo), 1026 .field_name = "encryptedContentInfo", 1027 .item = &CMS_EncryptedContentInfo_it, 1028 }, 1029 { 1030 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, 1031 .tag = 1, 1032 .offset = offsetof(CMS_EnvelopedData, unprotectedAttrs), 1033 .field_name = "unprotectedAttrs", 1034 .item = &X509_ATTRIBUTE_it, 1035 }, 1036 }; 1037 1038 const ASN1_ITEM CMS_EnvelopedData_it = { 1039 .itype = ASN1_ITYPE_NDEF_SEQUENCE, 1040 .utype = V_ASN1_SEQUENCE, 1041 .templates = CMS_EnvelopedData_seq_tt, 1042 .tcount = sizeof(CMS_EnvelopedData_seq_tt) / sizeof(ASN1_TEMPLATE), 1043 .funcs = NULL, 1044 .size = sizeof(CMS_EnvelopedData), 1045 .sname = "CMS_EnvelopedData", 1046 }; 1047 1048 static const ASN1_TEMPLATE CMS_DigestedData_seq_tt[] = { 1049 { 1050 .flags = 0, 1051 .tag = 0, 1052 .offset = offsetof(CMS_DigestedData, version), 1053 .field_name = "version", 1054 .item = &LONG_it, 1055 }, 1056 { 1057 .flags = 0, 1058 .tag = 0, 1059 .offset = offsetof(CMS_DigestedData, digestAlgorithm), 1060 .field_name = "digestAlgorithm", 1061 .item = &X509_ALGOR_it, 1062 }, 1063 { 1064 .flags = 0, 1065 .tag = 0, 1066 .offset = offsetof(CMS_DigestedData, encapContentInfo), 1067 .field_name = "encapContentInfo", 1068 .item = &CMS_EncapsulatedContentInfo_it, 1069 }, 1070 { 1071 .flags = 0, 1072 .tag = 0, 1073 .offset = offsetof(CMS_DigestedData, digest), 1074 .field_name = "digest", 1075 .item = &ASN1_OCTET_STRING_it, 1076 }, 1077 }; 1078 1079 const ASN1_ITEM CMS_DigestedData_it = { 1080 .itype = ASN1_ITYPE_NDEF_SEQUENCE, 1081 .utype = V_ASN1_SEQUENCE, 1082 .templates = CMS_DigestedData_seq_tt, 1083 .tcount = sizeof(CMS_DigestedData_seq_tt) / sizeof(ASN1_TEMPLATE), 1084 .funcs = NULL, 1085 .size = sizeof(CMS_DigestedData), 1086 .sname = "CMS_DigestedData", 1087 }; 1088 1089 static const ASN1_TEMPLATE CMS_EncryptedData_seq_tt[] = { 1090 { 1091 .flags = 0, 1092 .tag = 0, 1093 .offset = offsetof(CMS_EncryptedData, version), 1094 .field_name = "version", 1095 .item = &LONG_it, 1096 }, 1097 { 1098 .flags = 0, 1099 .tag = 0, 1100 .offset = offsetof(CMS_EncryptedData, encryptedContentInfo), 1101 .field_name = "encryptedContentInfo", 1102 .item = &CMS_EncryptedContentInfo_it, 1103 }, 1104 { 1105 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, 1106 .tag = 1, 1107 .offset = offsetof(CMS_EncryptedData, unprotectedAttrs), 1108 .field_name = "unprotectedAttrs", 1109 .item = &X509_ATTRIBUTE_it, 1110 }, 1111 }; 1112 1113 const ASN1_ITEM CMS_EncryptedData_it = { 1114 .itype = ASN1_ITYPE_NDEF_SEQUENCE, 1115 .utype = V_ASN1_SEQUENCE, 1116 .templates = CMS_EncryptedData_seq_tt, 1117 .tcount = sizeof(CMS_EncryptedData_seq_tt) / sizeof(ASN1_TEMPLATE), 1118 .funcs = NULL, 1119 .size = sizeof(CMS_EncryptedData), 1120 .sname = "CMS_EncryptedData", 1121 }; 1122 1123 static const ASN1_TEMPLATE CMS_AuthenticatedData_seq_tt[] = { 1124 { 1125 .flags = 0, 1126 .tag = 0, 1127 .offset = offsetof(CMS_AuthenticatedData, version), 1128 .field_name = "version", 1129 .item = &LONG_it, 1130 }, 1131 { 1132 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, 1133 .tag = 0, 1134 .offset = offsetof(CMS_AuthenticatedData, originatorInfo), 1135 .field_name = "originatorInfo", 1136 .item = &CMS_OriginatorInfo_it, 1137 }, 1138 { 1139 .flags = ASN1_TFLG_SET_OF, 1140 .tag = 0, 1141 .offset = offsetof(CMS_AuthenticatedData, recipientInfos), 1142 .field_name = "recipientInfos", 1143 .item = &CMS_RecipientInfo_it, 1144 }, 1145 { 1146 .flags = 0, 1147 .tag = 0, 1148 .offset = offsetof(CMS_AuthenticatedData, macAlgorithm), 1149 .field_name = "macAlgorithm", 1150 .item = &X509_ALGOR_it, 1151 }, 1152 { 1153 .flags = ASN1_TFLG_IMPLICIT, 1154 .tag = 1, 1155 .offset = offsetof(CMS_AuthenticatedData, digestAlgorithm), 1156 .field_name = "digestAlgorithm", 1157 .item = &X509_ALGOR_it, 1158 }, 1159 { 1160 .flags = 0, 1161 .tag = 0, 1162 .offset = offsetof(CMS_AuthenticatedData, encapContentInfo), 1163 .field_name = "encapContentInfo", 1164 .item = &CMS_EncapsulatedContentInfo_it, 1165 }, 1166 { 1167 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, 1168 .tag = 2, 1169 .offset = offsetof(CMS_AuthenticatedData, authAttrs), 1170 .field_name = "authAttrs", 1171 .item = &X509_ALGOR_it, 1172 }, 1173 { 1174 .flags = 0, 1175 .tag = 0, 1176 .offset = offsetof(CMS_AuthenticatedData, mac), 1177 .field_name = "mac", 1178 .item = &ASN1_OCTET_STRING_it, 1179 }, 1180 { 1181 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, 1182 .tag = 3, 1183 .offset = offsetof(CMS_AuthenticatedData, unauthAttrs), 1184 .field_name = "unauthAttrs", 1185 .item = &X509_ALGOR_it, 1186 }, 1187 }; 1188 1189 static const ASN1_ITEM CMS_AuthenticatedData_it = { 1190 .itype = ASN1_ITYPE_NDEF_SEQUENCE, 1191 .utype = V_ASN1_SEQUENCE, 1192 .templates = CMS_AuthenticatedData_seq_tt, 1193 .tcount = sizeof(CMS_AuthenticatedData_seq_tt) / sizeof(ASN1_TEMPLATE), 1194 .funcs = NULL, 1195 .size = sizeof(CMS_AuthenticatedData), 1196 .sname = "CMS_AuthenticatedData", 1197 }; 1198 1199 static const ASN1_TEMPLATE CMS_CompressedData_seq_tt[] = { 1200 { 1201 .flags = 0, 1202 .tag = 0, 1203 .offset = offsetof(CMS_CompressedData, version), 1204 .field_name = "version", 1205 .item = &LONG_it, 1206 }, 1207 { 1208 .flags = 0, 1209 .tag = 0, 1210 .offset = offsetof(CMS_CompressedData, compressionAlgorithm), 1211 .field_name = "compressionAlgorithm", 1212 .item = &X509_ALGOR_it, 1213 }, 1214 { 1215 .flags = 0, 1216 .tag = 0, 1217 .offset = offsetof(CMS_CompressedData, encapContentInfo), 1218 .field_name = "encapContentInfo", 1219 .item = &CMS_EncapsulatedContentInfo_it, 1220 }, 1221 }; 1222 1223 const ASN1_ITEM CMS_CompressedData_it = { 1224 .itype = ASN1_ITYPE_NDEF_SEQUENCE, 1225 .utype = V_ASN1_SEQUENCE, 1226 .templates = CMS_CompressedData_seq_tt, 1227 .tcount = sizeof(CMS_CompressedData_seq_tt) / sizeof(ASN1_TEMPLATE), 1228 .funcs = NULL, 1229 .size = sizeof(CMS_CompressedData), 1230 .sname = "CMS_CompressedData", 1231 }; 1232 1233 /* This is the ANY DEFINED BY table for the top level ContentInfo structure */ 1234 1235 static const ASN1_TEMPLATE cms_default_tt = { 1236 .flags = ASN1_TFLG_EXPLICIT, 1237 .tag = 0, 1238 .offset = offsetof(CMS_ContentInfo, d.other), 1239 .field_name = "d.other", 1240 .item = &ASN1_ANY_it, 1241 }; 1242 1243 static const ASN1_ADB_TABLE CMS_ContentInfo_adbtbl[] = { 1244 { 1245 .value = NID_pkcs7_data, 1246 .tt = { 1247 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_NDEF, 1248 .tag = 0, 1249 .offset = offsetof(CMS_ContentInfo, d.data), 1250 .field_name = "d.data", 1251 .item = &ASN1_OCTET_STRING_NDEF_it, 1252 }, 1253 1254 }, 1255 { 1256 .value = NID_pkcs7_signed, 1257 .tt = { 1258 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_NDEF, 1259 .tag = 0, 1260 .offset = offsetof(CMS_ContentInfo, d.signedData), 1261 .field_name = "d.signedData", 1262 .item = &CMS_SignedData_it, 1263 }, 1264 1265 }, 1266 { 1267 .value = NID_pkcs7_enveloped, 1268 .tt = { 1269 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_NDEF, 1270 .tag = 0, 1271 .offset = offsetof(CMS_ContentInfo, d.envelopedData), 1272 .field_name = "d.envelopedData", 1273 .item = &CMS_EnvelopedData_it, 1274 }, 1275 1276 }, 1277 { 1278 .value = NID_pkcs7_digest, 1279 .tt = { 1280 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_NDEF, 1281 .tag = 0, 1282 .offset = offsetof(CMS_ContentInfo, d.digestedData), 1283 .field_name = "d.digestedData", 1284 .item = &CMS_DigestedData_it, 1285 }, 1286 1287 }, 1288 { 1289 .value = NID_pkcs7_encrypted, 1290 .tt = { 1291 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_NDEF, 1292 .tag = 0, 1293 .offset = offsetof(CMS_ContentInfo, d.encryptedData), 1294 .field_name = "d.encryptedData", 1295 .item = &CMS_EncryptedData_it, 1296 }, 1297 1298 }, 1299 { 1300 .value = NID_id_smime_ct_authData, 1301 .tt = { 1302 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_NDEF, 1303 .tag = 0, 1304 .offset = offsetof(CMS_ContentInfo, d.authenticatedData), 1305 .field_name = "d.authenticatedData", 1306 .item = &CMS_AuthenticatedData_it, 1307 }, 1308 1309 }, 1310 { 1311 .value = NID_id_smime_ct_compressedData, 1312 .tt = { 1313 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_NDEF, 1314 .tag = 0, 1315 .offset = offsetof(CMS_ContentInfo, d.compressedData), 1316 .field_name = "d.compressedData", 1317 .item = &CMS_CompressedData_it, 1318 }, 1319 1320 }, 1321 }; 1322 1323 static const ASN1_ADB CMS_ContentInfo_adb = { 1324 .flags = 0, 1325 .offset = offsetof(CMS_ContentInfo, contentType), 1326 .app_items = 0, 1327 .tbl = CMS_ContentInfo_adbtbl, 1328 .tblcount = sizeof(CMS_ContentInfo_adbtbl) / sizeof(ASN1_ADB_TABLE), 1329 .default_tt = &cms_default_tt, 1330 .null_tt = NULL, 1331 }; 1332 1333 /* CMS streaming support */ 1334 static int 1335 cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) 1336 { 1337 ASN1_STREAM_ARG *sarg = exarg; 1338 CMS_ContentInfo *cms = NULL; 1339 if (pval) 1340 cms = (CMS_ContentInfo *)*pval; 1341 else 1342 return 1; 1343 switch (operation) { 1344 1345 case ASN1_OP_STREAM_PRE: 1346 if (CMS_stream(&sarg->boundary, cms) <= 0) 1347 return 0; 1348 /* fall thru */ 1349 case ASN1_OP_DETACHED_PRE: 1350 sarg->ndef_bio = CMS_dataInit(cms, sarg->out); 1351 if (!sarg->ndef_bio) 1352 return 0; 1353 break; 1354 1355 case ASN1_OP_STREAM_POST: 1356 case ASN1_OP_DETACHED_POST: 1357 if (CMS_dataFinal(cms, sarg->ndef_bio) <= 0) 1358 return 0; 1359 break; 1360 1361 } 1362 return 1; 1363 } 1364 1365 static const ASN1_AUX CMS_ContentInfo_aux = { 1366 .app_data = NULL, 1367 .flags = 0, 1368 .ref_offset = 0, 1369 .ref_lock = 0, 1370 .asn1_cb = cms_cb, 1371 .enc_offset = 0, 1372 }; 1373 static const ASN1_TEMPLATE CMS_ContentInfo_seq_tt[] = { 1374 { 1375 .flags = 0, 1376 .tag = 0, 1377 .offset = offsetof(CMS_ContentInfo, contentType), 1378 .field_name = "contentType", 1379 .item = &ASN1_OBJECT_it, 1380 }, 1381 { 1382 .flags = ASN1_TFLG_ADB_OID, 1383 .tag = -1, 1384 .offset = 0, 1385 .field_name = "CMS_ContentInfo", 1386 .item = (const ASN1_ITEM *)&CMS_ContentInfo_adb, 1387 }, 1388 }; 1389 1390 const ASN1_ITEM CMS_ContentInfo_it = { 1391 .itype = ASN1_ITYPE_NDEF_SEQUENCE, 1392 .utype = V_ASN1_SEQUENCE, 1393 .templates = CMS_ContentInfo_seq_tt, 1394 .tcount = sizeof(CMS_ContentInfo_seq_tt) / sizeof(ASN1_TEMPLATE), 1395 .funcs = &CMS_ContentInfo_aux, 1396 .size = sizeof(CMS_ContentInfo), 1397 .sname = "CMS_ContentInfo", 1398 }; 1399 1400 /* Specials for signed attributes */ 1401 1402 /* 1403 * When signing attributes we want to reorder them to match the sorted 1404 * encoding. 1405 */ 1406 1407 static const ASN1_TEMPLATE CMS_Attributes_Sign_item_tt = { 1408 .flags = ASN1_TFLG_SET_ORDER, 1409 .tag = 0, 1410 .offset = 0, 1411 .field_name = "CMS_ATTRIBUTES", 1412 .item = &X509_ATTRIBUTE_it, 1413 }; 1414 1415 const ASN1_ITEM CMS_Attributes_Sign_it = { 1416 .itype = ASN1_ITYPE_PRIMITIVE, 1417 .utype = -1, 1418 .templates = &CMS_Attributes_Sign_item_tt, 1419 .tcount = 0, 1420 .funcs = NULL, 1421 .size = 0, 1422 .sname = "CMS_Attributes_Sign", 1423 }; 1424 1425 /* 1426 * When verifying attributes we need to use the received order. So we use 1427 * SEQUENCE OF and tag it to SET OF 1428 */ 1429 1430 static const ASN1_TEMPLATE CMS_Attributes_Verify_item_tt = { 1431 .flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, 1432 .tag = V_ASN1_SET, 1433 .offset = 0, 1434 .field_name = "CMS_ATTRIBUTES", 1435 .item = &X509_ATTRIBUTE_it, 1436 }; 1437 1438 const ASN1_ITEM CMS_Attributes_Verify_it = { 1439 .itype = ASN1_ITYPE_PRIMITIVE, 1440 .utype = -1, 1441 .templates = &CMS_Attributes_Verify_item_tt, 1442 .tcount = 0, 1443 .funcs = NULL, 1444 .size = 0, 1445 .sname = "CMS_Attributes_Verify", 1446 }; 1447 1448 1449 1450 static const ASN1_TEMPLATE CMS_ReceiptsFrom_ch_tt[] = { 1451 { 1452 .flags = ASN1_TFLG_IMPLICIT, 1453 .tag = 0, 1454 .offset = offsetof(CMS_ReceiptsFrom, d.allOrFirstTier), 1455 .field_name = "d.allOrFirstTier", 1456 .item = &LONG_it, 1457 }, 1458 { 1459 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF, 1460 .tag = 1, 1461 .offset = offsetof(CMS_ReceiptsFrom, d.receiptList), 1462 .field_name = "d.receiptList", 1463 .item = &GENERAL_NAMES_it, 1464 }, 1465 }; 1466 1467 static const ASN1_ITEM CMS_ReceiptsFrom_it = { 1468 .itype = ASN1_ITYPE_CHOICE, 1469 .utype = offsetof(CMS_ReceiptsFrom, type), 1470 .templates = CMS_ReceiptsFrom_ch_tt, 1471 .tcount = sizeof(CMS_ReceiptsFrom_ch_tt) / sizeof(ASN1_TEMPLATE), 1472 .funcs = NULL, 1473 .size = sizeof(CMS_ReceiptsFrom), 1474 .sname = "CMS_ReceiptsFrom", 1475 }; 1476 1477 static const ASN1_TEMPLATE CMS_ReceiptRequest_seq_tt[] = { 1478 { 1479 .flags = 0, 1480 .tag = 0, 1481 .offset = offsetof(CMS_ReceiptRequest, signedContentIdentifier), 1482 .field_name = "signedContentIdentifier", 1483 .item = &ASN1_OCTET_STRING_it, 1484 }, 1485 { 1486 .flags = 0, 1487 .tag = 0, 1488 .offset = offsetof(CMS_ReceiptRequest, receiptsFrom), 1489 .field_name = "receiptsFrom", 1490 .item = &CMS_ReceiptsFrom_it, 1491 }, 1492 { 1493 .flags = ASN1_TFLG_SEQUENCE_OF, 1494 .tag = 0, 1495 .offset = offsetof(CMS_ReceiptRequest, receiptsTo), 1496 .field_name = "receiptsTo", 1497 .item = &GENERAL_NAMES_it, 1498 }, 1499 }; 1500 1501 const ASN1_ITEM CMS_ReceiptRequest_it = { 1502 .itype = ASN1_ITYPE_SEQUENCE, 1503 .utype = V_ASN1_SEQUENCE, 1504 .templates = CMS_ReceiptRequest_seq_tt, 1505 .tcount = sizeof(CMS_ReceiptRequest_seq_tt) / sizeof(ASN1_TEMPLATE), 1506 .funcs = NULL, 1507 .size = sizeof(CMS_ReceiptRequest), 1508 .sname = "CMS_ReceiptRequest", 1509 }; 1510 1511 static const ASN1_TEMPLATE CMS_Receipt_seq_tt[] = { 1512 { 1513 .flags = 0, 1514 .tag = 0, 1515 .offset = offsetof(CMS_Receipt, version), 1516 .field_name = "version", 1517 .item = &LONG_it, 1518 }, 1519 { 1520 .flags = 0, 1521 .tag = 0, 1522 .offset = offsetof(CMS_Receipt, contentType), 1523 .field_name = "contentType", 1524 .item = &ASN1_OBJECT_it, 1525 }, 1526 { 1527 .flags = 0, 1528 .tag = 0, 1529 .offset = offsetof(CMS_Receipt, signedContentIdentifier), 1530 .field_name = "signedContentIdentifier", 1531 .item = &ASN1_OCTET_STRING_it, 1532 }, 1533 { 1534 .flags = 0, 1535 .tag = 0, 1536 .offset = offsetof(CMS_Receipt, originatorSignatureValue), 1537 .field_name = "originatorSignatureValue", 1538 .item = &ASN1_OCTET_STRING_it, 1539 }, 1540 }; 1541 1542 const ASN1_ITEM CMS_Receipt_it = { 1543 .itype = ASN1_ITYPE_SEQUENCE, 1544 .utype = V_ASN1_SEQUENCE, 1545 .templates = CMS_Receipt_seq_tt, 1546 .tcount = sizeof(CMS_Receipt_seq_tt) / sizeof(ASN1_TEMPLATE), 1547 .funcs = NULL, 1548 .size = sizeof(CMS_Receipt), 1549 .sname = "CMS_Receipt", 1550 }; 1551 1552 /* 1553 * Utilities to encode the CMS_SharedInfo structure used during key 1554 * derivation. 1555 */ 1556 1557 typedef struct { 1558 X509_ALGOR *keyInfo; 1559 ASN1_OCTET_STRING *entityUInfo; 1560 ASN1_OCTET_STRING *suppPubInfo; 1561 } CMS_SharedInfo; 1562 1563 static const ASN1_TEMPLATE CMS_SharedInfo_seq_tt[] = { 1564 { 1565 .flags = 0, 1566 .tag = 0, 1567 .offset = offsetof(CMS_SharedInfo, keyInfo), 1568 .field_name = "keyInfo", 1569 .item = &X509_ALGOR_it, 1570 }, 1571 { 1572 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, 1573 .tag = 0, 1574 .offset = offsetof(CMS_SharedInfo, entityUInfo), 1575 .field_name = "entityUInfo", 1576 .item = &ASN1_OCTET_STRING_it, 1577 }, 1578 { 1579 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, 1580 .tag = 2, 1581 .offset = offsetof(CMS_SharedInfo, suppPubInfo), 1582 .field_name = "suppPubInfo", 1583 .item = &ASN1_OCTET_STRING_it, 1584 }, 1585 }; 1586 1587 static const ASN1_ITEM CMS_SharedInfo_it = { 1588 .itype = ASN1_ITYPE_SEQUENCE, 1589 .utype = V_ASN1_SEQUENCE, 1590 .templates = CMS_SharedInfo_seq_tt, 1591 .tcount = sizeof(CMS_SharedInfo_seq_tt) / sizeof(ASN1_TEMPLATE), 1592 .funcs = NULL, 1593 .size = sizeof(CMS_SharedInfo), 1594 .sname = "CMS_SharedInfo", 1595 }; 1596 1597 int 1598 CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, 1599 ASN1_OCTET_STRING *ukm, int keylen) 1600 { 1601 union { 1602 CMS_SharedInfo *pecsi; 1603 ASN1_VALUE *a; 1604 } intsi = { 1605 NULL 1606 }; 1607 1608 ASN1_OCTET_STRING oklen; 1609 unsigned char kl[4]; 1610 CMS_SharedInfo ecsi; 1611 1612 keylen <<= 3; 1613 kl[0] = (keylen >> 24) & 0xff; 1614 kl[1] = (keylen >> 16) & 0xff; 1615 kl[2] = (keylen >> 8) & 0xff; 1616 kl[3] = keylen & 0xff; 1617 oklen.length = 4; 1618 oklen.data = kl; 1619 oklen.type = V_ASN1_OCTET_STRING; 1620 oklen.flags = 0; 1621 ecsi.keyInfo = kekalg; 1622 ecsi.entityUInfo = ukm; 1623 ecsi.suppPubInfo = &oklen; 1624 intsi.pecsi = &ecsi; 1625 1626 return ASN1_item_i2d(intsi.a, pder, &CMS_SharedInfo_it); 1627 } 1628