1 /* 2 * Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <openssl/asn1t.h> 11 #include <openssl/pem.h> 12 #include <openssl/x509v3.h> 13 #include <openssl/err.h> 14 #include <openssl/cms.h> 15 #include "internal/nelem.h" 16 #include "crypto/x509.h" 17 #include "cms_local.h" 18 19 /*- 20 * Attribute flags. 21 * CMS attribute restrictions are discussed in 22 * - RFC 5652 Section 11. 23 * ESS attribute restrictions are discussed in 24 * - RFC 2634 Section 1.3.4 AND 25 * - RFC 5035 Section 5.4 26 */ 27 /* This is a signed attribute */ 28 #define CMS_ATTR_F_SIGNED 0x01 29 /* This is an unsigned attribute */ 30 #define CMS_ATTR_F_UNSIGNED 0x02 31 /* Must be present if there are any other attributes of the same type */ 32 #define CMS_ATTR_F_REQUIRED_COND 0x10 33 /* There can only be one instance of this attribute */ 34 #define CMS_ATTR_F_ONLY_ONE 0x20 35 /* The Attribute's value must have exactly one entry */ 36 #define CMS_ATTR_F_ONE_ATTR_VALUE 0x40 37 38 /* Attributes rules for different attributes */ 39 static const struct { 40 int nid; /* The attribute id */ 41 int flags; 42 } cms_attribute_properties[] = { 43 /* See RFC Section 11 */ 44 { NID_pkcs9_contentType, CMS_ATTR_F_SIGNED 45 | CMS_ATTR_F_ONLY_ONE 46 | CMS_ATTR_F_ONE_ATTR_VALUE 47 | CMS_ATTR_F_REQUIRED_COND }, 48 { NID_pkcs9_messageDigest, CMS_ATTR_F_SIGNED 49 | CMS_ATTR_F_ONLY_ONE 50 | CMS_ATTR_F_ONE_ATTR_VALUE 51 | CMS_ATTR_F_REQUIRED_COND }, 52 { NID_pkcs9_signingTime, CMS_ATTR_F_SIGNED 53 | CMS_ATTR_F_ONLY_ONE 54 | CMS_ATTR_F_ONE_ATTR_VALUE }, 55 { NID_pkcs9_countersignature, CMS_ATTR_F_UNSIGNED }, 56 /* ESS */ 57 { NID_id_smime_aa_signingCertificate, CMS_ATTR_F_SIGNED 58 | CMS_ATTR_F_ONLY_ONE 59 | CMS_ATTR_F_ONE_ATTR_VALUE }, 60 { NID_id_smime_aa_signingCertificateV2, CMS_ATTR_F_SIGNED 61 | CMS_ATTR_F_ONLY_ONE 62 | CMS_ATTR_F_ONE_ATTR_VALUE }, 63 { NID_id_smime_aa_receiptRequest, CMS_ATTR_F_SIGNED 64 | CMS_ATTR_F_ONLY_ONE 65 | CMS_ATTR_F_ONE_ATTR_VALUE } 66 }; 67 68 /* CMS SignedData Attribute utilities */ 69 70 int CMS_signed_get_attr_count(const CMS_SignerInfo *si) 71 { 72 return X509at_get_attr_count(si->signedAttrs); 73 } 74 75 int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos) 76 { 77 return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos); 78 } 79 80 int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, 81 int lastpos) 82 { 83 return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos); 84 } 85 86 X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc) 87 { 88 return X509at_get_attr(si->signedAttrs, loc); 89 } 90 91 X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc) 92 { 93 return X509at_delete_attr(si->signedAttrs, loc); 94 } 95 96 int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) 97 { 98 if (ossl_x509at_add1_attr(&si->signedAttrs, attr)) 99 return 1; 100 return 0; 101 } 102 103 int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, 104 const ASN1_OBJECT *obj, int type, 105 const void *bytes, int len) 106 { 107 if (ossl_x509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len)) 108 return 1; 109 return 0; 110 } 111 112 int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, 113 int nid, int type, const void *bytes, int len) 114 { 115 if (ossl_x509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len)) 116 return 1; 117 return 0; 118 } 119 120 int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, 121 const char *attrname, int type, 122 const void *bytes, int len) 123 { 124 if (ossl_x509at_add1_attr_by_txt(&si->signedAttrs, attrname, type, bytes, 125 len)) 126 return 1; 127 return 0; 128 } 129 130 void *CMS_signed_get0_data_by_OBJ(const CMS_SignerInfo *si, 131 const ASN1_OBJECT *oid, 132 int lastpos, int type) 133 { 134 return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type); 135 } 136 137 int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si) 138 { 139 return X509at_get_attr_count(si->unsignedAttrs); 140 } 141 142 int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, 143 int lastpos) 144 { 145 return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos); 146 } 147 148 int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, 149 const ASN1_OBJECT *obj, int lastpos) 150 { 151 return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos); 152 } 153 154 X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc) 155 { 156 return X509at_get_attr(si->unsignedAttrs, loc); 157 } 158 159 X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc) 160 { 161 return X509at_delete_attr(si->unsignedAttrs, loc); 162 } 163 164 int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) 165 { 166 if (ossl_x509at_add1_attr(&si->unsignedAttrs, attr)) 167 return 1; 168 return 0; 169 } 170 171 int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, 172 const ASN1_OBJECT *obj, int type, 173 const void *bytes, int len) 174 { 175 if (ossl_x509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len)) 176 return 1; 177 return 0; 178 } 179 180 int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, 181 int nid, int type, 182 const void *bytes, int len) 183 { 184 if (ossl_x509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len)) 185 return 1; 186 return 0; 187 } 188 189 int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, 190 const char *attrname, int type, 191 const void *bytes, int len) 192 { 193 if (ossl_x509at_add1_attr_by_txt(&si->unsignedAttrs, attrname, 194 type, bytes, len)) 195 return 1; 196 return 0; 197 } 198 199 void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, 200 int lastpos, int type) 201 { 202 return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type); 203 } 204 205 /* 206 * Retrieve an attribute by nid from a stack of attributes starting at index 207 * *lastpos + 1. 208 * Returns the attribute or NULL if there is no attribute. 209 * If an attribute was found *lastpos returns the index of the found attribute. 210 */ 211 static X509_ATTRIBUTE *cms_attrib_get(int nid, 212 const STACK_OF(X509_ATTRIBUTE) *attrs, 213 int *lastpos) 214 { 215 X509_ATTRIBUTE *at; 216 int loc; 217 218 loc = X509at_get_attr_by_NID(attrs, nid, *lastpos); 219 if (loc < 0) 220 return NULL; 221 222 at = X509at_get_attr(attrs, loc); 223 *lastpos = loc; 224 return at; 225 } 226 227 static int cms_check_attribute(int nid, int flags, int type, 228 const STACK_OF(X509_ATTRIBUTE) *attrs, 229 int have_attrs) 230 { 231 int lastpos = -1; 232 X509_ATTRIBUTE *at = cms_attrib_get(nid, attrs, &lastpos); 233 234 if (at != NULL) { 235 int count = X509_ATTRIBUTE_count(at); 236 237 /* Is this attribute allowed? */ 238 if (((flags & type) == 0) 239 /* check if multiple attributes of the same type are allowed */ 240 || (((flags & CMS_ATTR_F_ONLY_ONE) != 0) 241 && cms_attrib_get(nid, attrs, &lastpos) != NULL) 242 /* Check if attribute should have exactly one value in its set */ 243 || (((flags & CMS_ATTR_F_ONE_ATTR_VALUE) != 0) 244 && count != 1) 245 /* There should be at least one value */ 246 || count == 0) 247 return 0; 248 } else { 249 /* fail if a required attribute is missing */ 250 if (have_attrs 251 && ((flags & CMS_ATTR_F_REQUIRED_COND) != 0) 252 && (flags & type) != 0) 253 return 0; 254 } 255 return 1; 256 } 257 258 /* 259 * Check that the signerinfo attributes obey the attribute rules which includes 260 * the following checks 261 * - If any signed attributes exist then there must be a Content Type 262 * and Message Digest attribute in the signed attributes. 263 * - The countersignature attribute is an optional unsigned attribute only. 264 * - Content Type, Message Digest, and Signing time attributes are signed 265 * attributes. Only one instance of each is allowed, with each of these 266 * attributes containing a single attribute value in its set. 267 */ 268 int ossl_cms_si_check_attributes(const CMS_SignerInfo *si) 269 { 270 int i; 271 int have_signed_attrs = (CMS_signed_get_attr_count(si) > 0); 272 int have_unsigned_attrs = (CMS_unsigned_get_attr_count(si) > 0); 273 274 for (i = 0; i < (int)OSSL_NELEM(cms_attribute_properties); ++i) { 275 int nid = cms_attribute_properties[i].nid; 276 int flags = cms_attribute_properties[i].flags; 277 278 if (!cms_check_attribute(nid, flags, CMS_ATTR_F_SIGNED, 279 si->signedAttrs, have_signed_attrs) 280 || !cms_check_attribute(nid, flags, CMS_ATTR_F_UNSIGNED, 281 si->unsignedAttrs, have_unsigned_attrs)) { 282 ERR_raise(ERR_LIB_CMS, CMS_R_ATTRIBUTE_ERROR); 283 return 0; 284 } 285 } 286 return 1; 287 } 288