1 /* 2 * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <openssl/asn1t.h> 11 #include <openssl/pem.h> 12 #include <openssl/x509v3.h> 13 #include <openssl/err.h> 14 #include <openssl/cms.h> 15 #include "cms_local.h" 16 #include "internal/nelem.h" 17 18 /*- 19 * Attribute flags. 20 * CMS attribute restrictions are discussed in 21 * - RFC 5652 Section 11. 22 * ESS attribute restrictions are discussed in 23 * - RFC 2634 Section 1.3.4 AND 24 * - RFC 5035 Section 5.4 25 */ 26 /* This is a signed attribute */ 27 #define CMS_ATTR_F_SIGNED 0x01 28 /* This is an unsigned attribute */ 29 #define CMS_ATTR_F_UNSIGNED 0x02 30 /* Must be present if there are any other attributes of the same type */ 31 #define CMS_ATTR_F_REQUIRED_COND 0x10 32 /* There can only be one instance of this attribute */ 33 #define CMS_ATTR_F_ONLY_ONE 0x20 34 /* The Attribute's value must have exactly one entry */ 35 #define CMS_ATTR_F_ONE_ATTR_VALUE 0x40 36 37 /* Attributes rules for different attributes */ 38 static const struct { 39 int nid; /* The attribute id */ 40 int flags; 41 } cms_attribute_properties[] = { 42 /* See RFC Section 11 */ 43 { NID_pkcs9_contentType, CMS_ATTR_F_SIGNED 44 | CMS_ATTR_F_ONLY_ONE 45 | CMS_ATTR_F_ONE_ATTR_VALUE 46 | CMS_ATTR_F_REQUIRED_COND }, 47 { NID_pkcs9_messageDigest, CMS_ATTR_F_SIGNED 48 | CMS_ATTR_F_ONLY_ONE 49 | CMS_ATTR_F_ONE_ATTR_VALUE 50 | CMS_ATTR_F_REQUIRED_COND }, 51 { NID_pkcs9_signingTime, CMS_ATTR_F_SIGNED 52 | CMS_ATTR_F_ONLY_ONE 53 | CMS_ATTR_F_ONE_ATTR_VALUE }, 54 { NID_pkcs9_countersignature, CMS_ATTR_F_UNSIGNED }, 55 /* ESS */ 56 { NID_id_smime_aa_signingCertificate, CMS_ATTR_F_SIGNED 57 | CMS_ATTR_F_ONLY_ONE 58 | CMS_ATTR_F_ONE_ATTR_VALUE }, 59 { NID_id_smime_aa_signingCertificateV2, CMS_ATTR_F_SIGNED 60 | CMS_ATTR_F_ONLY_ONE 61 | CMS_ATTR_F_ONE_ATTR_VALUE }, 62 { NID_id_smime_aa_receiptRequest, CMS_ATTR_F_SIGNED 63 | CMS_ATTR_F_ONLY_ONE 64 | CMS_ATTR_F_ONE_ATTR_VALUE } 65 }; 66 67 /* CMS SignedData Attribute utilities */ 68 69 int CMS_signed_get_attr_count(const CMS_SignerInfo *si) 70 { 71 return X509at_get_attr_count(si->signedAttrs); 72 } 73 74 int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos) 75 { 76 return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos); 77 } 78 79 int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, 80 int lastpos) 81 { 82 return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos); 83 } 84 85 X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc) 86 { 87 return X509at_get_attr(si->signedAttrs, loc); 88 } 89 90 X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc) 91 { 92 return X509at_delete_attr(si->signedAttrs, loc); 93 } 94 95 int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) 96 { 97 if (X509at_add1_attr(&si->signedAttrs, attr)) 98 return 1; 99 return 0; 100 } 101 102 int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, 103 const ASN1_OBJECT *obj, int type, 104 const void *bytes, int len) 105 { 106 if (X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len)) 107 return 1; 108 return 0; 109 } 110 111 int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, 112 int nid, int type, const void *bytes, int len) 113 { 114 if (X509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len)) 115 return 1; 116 return 0; 117 } 118 119 int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, 120 const char *attrname, int type, 121 const void *bytes, int len) 122 { 123 if (X509at_add1_attr_by_txt(&si->signedAttrs, attrname, type, bytes, len)) 124 return 1; 125 return 0; 126 } 127 128 void *CMS_signed_get0_data_by_OBJ(const CMS_SignerInfo *si, 129 const ASN1_OBJECT *oid, 130 int lastpos, int type) 131 { 132 return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type); 133 } 134 135 int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si) 136 { 137 return X509at_get_attr_count(si->unsignedAttrs); 138 } 139 140 int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, 141 int lastpos) 142 { 143 return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos); 144 } 145 146 int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, 147 const ASN1_OBJECT *obj, int lastpos) 148 { 149 return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos); 150 } 151 152 X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc) 153 { 154 return X509at_get_attr(si->unsignedAttrs, loc); 155 } 156 157 X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc) 158 { 159 return X509at_delete_attr(si->unsignedAttrs, loc); 160 } 161 162 int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) 163 { 164 if (X509at_add1_attr(&si->unsignedAttrs, attr)) 165 return 1; 166 return 0; 167 } 168 169 int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, 170 const ASN1_OBJECT *obj, int type, 171 const void *bytes, int len) 172 { 173 if (X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len)) 174 return 1; 175 return 0; 176 } 177 178 int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, 179 int nid, int type, 180 const void *bytes, int len) 181 { 182 if (X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len)) 183 return 1; 184 return 0; 185 } 186 187 int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, 188 const char *attrname, int type, 189 const void *bytes, int len) 190 { 191 if (X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname, 192 type, bytes, len)) 193 return 1; 194 return 0; 195 } 196 197 void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, 198 int lastpos, int type) 199 { 200 return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type); 201 } 202 203 /* 204 * Retrieve an attribute by nid from a stack of attributes starting at index 205 * *lastpos + 1. 206 * Returns the attribute or NULL if there is no attribute. 207 * If an attribute was found *lastpos returns the index of the found attribute. 208 */ 209 static X509_ATTRIBUTE *cms_attrib_get(int nid, 210 const STACK_OF(X509_ATTRIBUTE) *attrs, 211 int *lastpos) 212 { 213 X509_ATTRIBUTE *at; 214 int loc; 215 216 loc = X509at_get_attr_by_NID(attrs, nid, *lastpos); 217 if (loc < 0) 218 return NULL; 219 220 at = X509at_get_attr(attrs, loc); 221 *lastpos = loc; 222 return at; 223 } 224 225 static int cms_check_attribute(int nid, int flags, int type, 226 const STACK_OF(X509_ATTRIBUTE) *attrs, 227 int have_attrs) 228 { 229 int lastpos = -1; 230 X509_ATTRIBUTE *at = cms_attrib_get(nid, attrs, &lastpos); 231 232 if (at != NULL) { 233 int count = X509_ATTRIBUTE_count(at); 234 235 /* Is this attribute allowed? */ 236 if (((flags & type) == 0) 237 /* check if multiple attributes of the same type are allowed */ 238 || (((flags & CMS_ATTR_F_ONLY_ONE) != 0) 239 && cms_attrib_get(nid, attrs, &lastpos) != NULL) 240 /* Check if attribute should have exactly one value in its set */ 241 || (((flags & CMS_ATTR_F_ONE_ATTR_VALUE) != 0) 242 && count != 1) 243 /* There should be at least one value */ 244 || count == 0) 245 return 0; 246 } else { 247 /* fail if a required attribute is missing */ 248 if (have_attrs 249 && ((flags & CMS_ATTR_F_REQUIRED_COND) != 0) 250 && (flags & type) != 0) 251 return 0; 252 } 253 return 1; 254 } 255 256 /* 257 * Check that the signerinfo attributes obey the attribute rules which includes 258 * the following checks 259 * - If any signed attributes exist then there must be a Content Type 260 * and Message Digest attribute in the signed attributes. 261 * - The countersignature attribute is an optional unsigned attribute only. 262 * - Content Type, Message Digest, and Signing time attributes are signed 263 * attributes. Only one instance of each is allowed, with each of these 264 * attributes containing a single attribute value in its set. 265 */ 266 int ossl_cms_si_check_attributes(const CMS_SignerInfo *si) 267 { 268 int i; 269 int have_signed_attrs = (CMS_signed_get_attr_count(si) > 0); 270 int have_unsigned_attrs = (CMS_unsigned_get_attr_count(si) > 0); 271 272 for (i = 0; i < (int)OSSL_NELEM(cms_attribute_properties); ++i) { 273 int nid = cms_attribute_properties[i].nid; 274 int flags = cms_attribute_properties[i].flags; 275 276 if (!cms_check_attribute(nid, flags, CMS_ATTR_F_SIGNED, 277 si->signedAttrs, have_signed_attrs) 278 || !cms_check_attribute(nid, flags, CMS_ATTR_F_UNSIGNED, 279 si->unsignedAttrs, have_unsigned_attrs)) { 280 ERR_raise(ERR_LIB_CMS, CMS_R_ATTRIBUTE_ERROR); 281 return 0; 282 } 283 } 284 return 1; 285 } 286