1 /* 2 * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright Nokia 2007-2019 4 * Copyright Siemens AG 2015-2019 5 * 6 * Licensed under the Apache License 2.0 (the "License"). You may not use 7 * this file except in compliance with the License. You can obtain a copy 8 * in the file LICENSE in the source distribution or at 9 * https://www.openssl.org/source/license.html 10 */ 11 12 /* CMP functions for PKIHeader handling */ 13 14 #include "cmp_local.h" 15 16 #include <openssl/rand.h> 17 18 /* explicit #includes not strictly needed since implied by the above: */ 19 #include <openssl/asn1t.h> 20 #include <openssl/cmp.h> 21 #include <openssl/err.h> 22 23 int ossl_cmp_hdr_set_pvno(OSSL_CMP_PKIHEADER *hdr, int pvno) 24 { 25 if (!ossl_assert(hdr != NULL)) 26 return 0; 27 return ASN1_INTEGER_set(hdr->pvno, pvno); 28 } 29 30 int ossl_cmp_hdr_get_pvno(const OSSL_CMP_PKIHEADER *hdr) 31 { 32 int64_t pvno; 33 34 if (!ossl_assert(hdr != NULL)) 35 return -1; 36 if (!ASN1_INTEGER_get_int64(&pvno, hdr->pvno) || pvno < 0 || pvno > INT_MAX) 37 return -1; 38 return (int)pvno; 39 } 40 41 int ossl_cmp_hdr_get_protection_nid(const OSSL_CMP_PKIHEADER *hdr) 42 { 43 if (!ossl_assert(hdr != NULL) 44 || hdr->protectionAlg == NULL) 45 return NID_undef; 46 return OBJ_obj2nid(hdr->protectionAlg->algorithm); 47 } 48 49 ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const 50 OSSL_CMP_PKIHEADER *hdr) 51 { 52 if (hdr == NULL) { 53 ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); 54 return NULL; 55 } 56 return hdr->transactionID; 57 } 58 59 ASN1_OCTET_STRING *ossl_cmp_hdr_get0_senderNonce(const OSSL_CMP_PKIHEADER *hdr) 60 { 61 if (!ossl_assert(hdr != NULL)) 62 return NULL; 63 return hdr->senderNonce; 64 } 65 66 ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr) 67 { 68 if (hdr == NULL) { 69 ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); 70 return NULL; 71 } 72 return hdr->recipNonce; 73 } 74 75 /* a NULL-DN as an empty sequence of RDNs */ 76 int ossl_cmp_general_name_is_NULL_DN(GENERAL_NAME *name) 77 { 78 return name == NULL 79 || (name->type == GEN_DIRNAME && IS_NULL_DN(name->d.directoryName)); 80 } 81 82 /* assign to *tgt a copy of src (which may be NULL to indicate an empty DN) */ 83 static int set1_general_name(GENERAL_NAME **tgt, const X509_NAME *src) 84 { 85 GENERAL_NAME *name; 86 87 if (!ossl_assert(tgt != NULL)) 88 return 0; 89 if ((name = GENERAL_NAME_new()) == NULL) 90 goto err; 91 name->type = GEN_DIRNAME; 92 93 if (src == NULL) { /* NULL-DN */ 94 if ((name->d.directoryName = X509_NAME_new()) == NULL) 95 goto err; 96 } else if (!X509_NAME_set(&name->d.directoryName, src)) { 97 goto err; 98 } 99 100 GENERAL_NAME_free(*tgt); 101 *tgt = name; 102 103 return 1; 104 105 err: 106 GENERAL_NAME_free(name); 107 return 0; 108 } 109 110 /* 111 * Set the sender name in PKIHeader. 112 * when nm is NULL, sender is set to an empty string 113 * returns 1 on success, 0 on error 114 */ 115 int ossl_cmp_hdr_set1_sender(OSSL_CMP_PKIHEADER *hdr, const X509_NAME *nm) 116 { 117 if (!ossl_assert(hdr != NULL)) 118 return 0; 119 return set1_general_name(&hdr->sender, nm); 120 } 121 122 int ossl_cmp_hdr_set1_recipient(OSSL_CMP_PKIHEADER *hdr, const X509_NAME *nm) 123 { 124 if (!ossl_assert(hdr != NULL)) 125 return 0; 126 return set1_general_name(&hdr->recipient, nm); 127 } 128 129 int ossl_cmp_hdr_update_messageTime(OSSL_CMP_PKIHEADER *hdr) 130 { 131 if (!ossl_assert(hdr != NULL)) 132 return 0; 133 if (hdr->messageTime == NULL 134 && (hdr->messageTime = ASN1_GENERALIZEDTIME_new()) == NULL) 135 return 0; 136 return ASN1_GENERALIZEDTIME_set(hdr->messageTime, time(NULL)) != NULL; 137 } 138 139 /* assign to *tgt a random byte array of given length */ 140 static int set_random(ASN1_OCTET_STRING **tgt, OSSL_CMP_CTX *ctx, size_t len) 141 { 142 unsigned char *bytes = OPENSSL_malloc(len); 143 int res = 0; 144 145 if (bytes == NULL || RAND_bytes_ex(ctx->libctx, bytes, len, 0) <= 0) 146 ERR_raise(ERR_LIB_CMP, CMP_R_FAILURE_OBTAINING_RANDOM); 147 else 148 res = ossl_cmp_asn1_octet_string_set1_bytes(tgt, bytes, len); 149 OPENSSL_free(bytes); 150 return res; 151 } 152 153 int ossl_cmp_hdr_set1_senderKID(OSSL_CMP_PKIHEADER *hdr, 154 const ASN1_OCTET_STRING *senderKID) 155 { 156 if (!ossl_assert(hdr != NULL)) 157 return 0; 158 return ossl_cmp_asn1_octet_string_set1(&hdr->senderKID, senderKID); 159 } 160 161 /* push the given text string to the given PKIFREETEXT ft */ 162 int ossl_cmp_hdr_push0_freeText(OSSL_CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text) 163 { 164 if (!ossl_assert(hdr != NULL && text != NULL)) 165 return 0; 166 167 if (hdr->freeText == NULL 168 && (hdr->freeText = sk_ASN1_UTF8STRING_new_null()) == NULL) 169 return 0; 170 171 return sk_ASN1_UTF8STRING_push(hdr->freeText, text); 172 } 173 174 int ossl_cmp_hdr_push1_freeText(OSSL_CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text) 175 { 176 if (!ossl_assert(hdr != NULL && text != NULL)) 177 return 0; 178 179 if (hdr->freeText == NULL 180 && (hdr->freeText = sk_ASN1_UTF8STRING_new_null()) == NULL) 181 return 0; 182 183 return 184 ossl_cmp_sk_ASN1_UTF8STRING_push_str(hdr->freeText, (char *)text->data, 185 text->length); 186 } 187 188 int ossl_cmp_hdr_generalInfo_push0_item(OSSL_CMP_PKIHEADER *hdr, 189 OSSL_CMP_ITAV *itav) 190 { 191 if (!ossl_assert(hdr != NULL && itav != NULL)) 192 return 0; 193 return OSSL_CMP_ITAV_push0_stack_item(&hdr->generalInfo, itav); 194 } 195 196 int ossl_cmp_hdr_generalInfo_push1_items(OSSL_CMP_PKIHEADER *hdr, 197 const STACK_OF(OSSL_CMP_ITAV) *itavs) 198 { 199 int i; 200 OSSL_CMP_ITAV *itav; 201 202 if (!ossl_assert(hdr != NULL)) 203 return 0; 204 205 for (i = 0; i < sk_OSSL_CMP_ITAV_num(itavs); i++) { 206 itav = OSSL_CMP_ITAV_dup(sk_OSSL_CMP_ITAV_value(itavs, i)); 207 if (itav == NULL) 208 return 0; 209 210 if (!ossl_cmp_hdr_generalInfo_push0_item(hdr, itav)) { 211 OSSL_CMP_ITAV_free(itav); 212 return 0; 213 } 214 } 215 return 1; 216 } 217 218 int ossl_cmp_hdr_set_implicitConfirm(OSSL_CMP_PKIHEADER *hdr) 219 { 220 OSSL_CMP_ITAV *itav; 221 ASN1_TYPE *asn1null; 222 223 if (!ossl_assert(hdr != NULL)) 224 return 0; 225 asn1null = (ASN1_TYPE *)ASN1_NULL_new(); 226 if (asn1null == NULL) 227 return 0; 228 if ((itav = OSSL_CMP_ITAV_create(OBJ_nid2obj(NID_id_it_implicitConfirm), 229 asn1null)) == NULL) 230 goto err; 231 if (!ossl_cmp_hdr_generalInfo_push0_item(hdr, itav)) 232 goto err; 233 return 1; 234 235 err: 236 ASN1_TYPE_free(asn1null); 237 OSSL_CMP_ITAV_free(itav); 238 return 0; 239 } 240 241 /* return 1 if implicitConfirm in the generalInfo field of the header is set */ 242 int ossl_cmp_hdr_has_implicitConfirm(const OSSL_CMP_PKIHEADER *hdr) 243 { 244 int itavCount; 245 int i; 246 OSSL_CMP_ITAV *itav; 247 248 if (!ossl_assert(hdr != NULL)) 249 return 0; 250 251 itavCount = sk_OSSL_CMP_ITAV_num(hdr->generalInfo); 252 for (i = 0; i < itavCount; i++) { 253 itav = sk_OSSL_CMP_ITAV_value(hdr->generalInfo, i); 254 if (itav != NULL 255 && OBJ_obj2nid(itav->infoType) == NID_id_it_implicitConfirm) 256 return 1; 257 } 258 259 return 0; 260 } 261 262 /* 263 * set ctx->transactionID in CMP header 264 * if ctx->transactionID is NULL, a random one is created with 128 bit 265 * according to section 5.1.1: 266 * 267 * It is RECOMMENDED that the clients fill the transactionID field with 268 * 128 bits of (pseudo-) random data for the start of a transaction to 269 * reduce the probability of having the transactionID in use at the server. 270 */ 271 int ossl_cmp_hdr_set_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr) 272 { 273 if (ctx->transactionID == NULL) { 274 char *tid; 275 276 if (!set_random(&ctx->transactionID, ctx, 277 OSSL_CMP_TRANSACTIONID_LENGTH)) 278 return 0; 279 tid = OPENSSL_buf2hexstr(ctx->transactionID->data, 280 ctx->transactionID->length); 281 if (tid != NULL) 282 ossl_cmp_log1(DEBUG, ctx, 283 "Starting new transaction with ID=%s", tid); 284 OPENSSL_free(tid); 285 } 286 287 return ossl_cmp_asn1_octet_string_set1(&hdr->transactionID, 288 ctx->transactionID); 289 } 290 291 /* fill in all fields of the hdr according to the info given in ctx */ 292 int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr) 293 { 294 const X509_NAME *sender; 295 const X509_NAME *rcp = NULL; 296 297 if (!ossl_assert(ctx != NULL && hdr != NULL)) 298 return 0; 299 300 /* set the CMP version */ 301 if (!ossl_cmp_hdr_set_pvno(hdr, OSSL_CMP_PVNO)) 302 return 0; 303 304 /* 305 * If neither protection cert nor oldCert nor subject are given, 306 * sender name is not known to the client and thus set to NULL-DN 307 */ 308 sender = ctx->cert != NULL ? X509_get_subject_name(ctx->cert) : 309 ctx->oldCert != NULL ? X509_get_subject_name(ctx->oldCert) : 310 ctx->subjectName; 311 if (!ossl_cmp_hdr_set1_sender(hdr, sender)) 312 return 0; 313 314 /* determine recipient entry in PKIHeader */ 315 if (ctx->recipient != NULL) 316 rcp = ctx->recipient; 317 else if (ctx->srvCert != NULL) 318 rcp = X509_get_subject_name(ctx->srvCert); 319 else if (ctx->issuer != NULL) 320 rcp = ctx->issuer; 321 else if (ctx->oldCert != NULL) 322 rcp = X509_get_issuer_name(ctx->oldCert); 323 else if (ctx->cert != NULL) 324 rcp = X509_get_issuer_name(ctx->cert); 325 if (!ossl_cmp_hdr_set1_recipient(hdr, rcp)) 326 return 0; 327 328 /* set current time as message time */ 329 if (!ossl_cmp_hdr_update_messageTime(hdr)) 330 return 0; 331 332 if (ctx->recipNonce != NULL 333 && !ossl_cmp_asn1_octet_string_set1(&hdr->recipNonce, 334 ctx->recipNonce)) 335 return 0; 336 337 if (!ossl_cmp_hdr_set_transactionID(ctx, hdr)) 338 return 0; 339 340 /*- 341 * set random senderNonce 342 * according to section 5.1.1: 343 * 344 * senderNonce present 345 * -- 128 (pseudo-)random bits 346 * The senderNonce and recipNonce fields protect the PKIMessage against 347 * replay attacks. The senderNonce will typically be 128 bits of 348 * (pseudo-) random data generated by the sender, whereas the recipNonce 349 * is copied from the senderNonce of the previous message in the 350 * transaction. 351 */ 352 if (!set_random(&hdr->senderNonce, ctx, OSSL_CMP_SENDERNONCE_LENGTH)) 353 return 0; 354 355 /* store senderNonce - for cmp with recipNonce in next outgoing msg */ 356 if (!OSSL_CMP_CTX_set1_senderNonce(ctx, hdr->senderNonce)) 357 return 0; 358 359 /*- 360 * freeText [7] PKIFreeText OPTIONAL, 361 * -- this may be used to indicate context-specific instructions 362 * -- (this field is intended for human consumption) 363 */ 364 if (ctx->freeText != NULL 365 && !ossl_cmp_hdr_push1_freeText(hdr, ctx->freeText)) 366 return 0; 367 368 return 1; 369 } 370