1 /* 2 * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include "internal/cryptlib.h" 11 #include <openssl/asn1t.h> 12 #include <openssl/pem.h> 13 #include <openssl/x509.h> 14 #include <openssl/x509v3.h> 15 #include <openssl/err.h> 16 #include <openssl/cms.h> 17 #include <openssl/ess.h> 18 #include "internal/sizes.h" 19 #include "crypto/asn1.h" 20 #include "crypto/evp.h" 21 #include "crypto/ess.h" 22 #include "crypto/x509.h" /* for ossl_x509_add_cert_new() */ 23 #include "cms_local.h" 24 25 /* CMS SignedData Utilities */ 26 27 static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms) 28 { 29 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) { 30 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA); 31 return NULL; 32 } 33 return cms->d.signedData; 34 } 35 36 static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms) 37 { 38 if (cms->d.other == NULL) { 39 cms->d.signedData = M_ASN1_new_of(CMS_SignedData); 40 if (!cms->d.signedData) { 41 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); 42 return NULL; 43 } 44 cms->d.signedData->version = 1; 45 cms->d.signedData->encapContentInfo->eContentType = 46 OBJ_nid2obj(NID_pkcs7_data); 47 cms->d.signedData->encapContentInfo->partial = 1; 48 ASN1_OBJECT_free(cms->contentType); 49 cms->contentType = OBJ_nid2obj(NID_pkcs7_signed); 50 return cms->d.signedData; 51 } 52 return cms_get0_signed(cms); 53 } 54 55 /* Just initialise SignedData e.g. for certs only structure */ 56 57 int CMS_SignedData_init(CMS_ContentInfo *cms) 58 { 59 if (cms_signed_data_init(cms)) 60 return 1; 61 else 62 return 0; 63 } 64 65 66 /* Check structures and fixup version numbers (if necessary) */ 67 68 static void cms_sd_set_version(CMS_SignedData *sd) 69 { 70 int i; 71 CMS_CertificateChoices *cch; 72 CMS_RevocationInfoChoice *rch; 73 CMS_SignerInfo *si; 74 75 for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++) { 76 cch = sk_CMS_CertificateChoices_value(sd->certificates, i); 77 if (cch->type == CMS_CERTCHOICE_OTHER) { 78 if (sd->version < 5) 79 sd->version = 5; 80 } else if (cch->type == CMS_CERTCHOICE_V2ACERT) { 81 if (sd->version < 4) 82 sd->version = 4; 83 } else if (cch->type == CMS_CERTCHOICE_V1ACERT) { 84 if (sd->version < 3) 85 sd->version = 3; 86 } 87 } 88 89 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++) { 90 rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i); 91 if (rch->type == CMS_REVCHOICE_OTHER) { 92 if (sd->version < 5) 93 sd->version = 5; 94 } 95 } 96 97 if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data) 98 && (sd->version < 3)) 99 sd->version = 3; 100 101 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) { 102 si = sk_CMS_SignerInfo_value(sd->signerInfos, i); 103 if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) { 104 if (si->version < 3) 105 si->version = 3; 106 if (sd->version < 3) 107 sd->version = 3; 108 } else if (si->version < 1) 109 si->version = 1; 110 } 111 112 if (sd->version < 1) 113 sd->version = 1; 114 115 } 116 117 /* 118 * RFC 5652 Section 11.1 Content Type 119 * The content-type attribute within signed-data MUST 120 * 1) be present if there are signed attributes 121 * 2) match the content type in the signed-data, 122 * 3) be a signed attribute. 123 * 4) not have more than one copy of the attribute. 124 * 125 * Note that since the CMS_SignerInfo_sign() always adds the "signing time" 126 * attribute, the content type attribute MUST be added also. 127 * Assumptions: This assumes that the attribute does not already exist. 128 */ 129 static int cms_set_si_contentType_attr(CMS_ContentInfo *cms, CMS_SignerInfo *si) 130 { 131 ASN1_OBJECT *ctype = cms->d.signedData->encapContentInfo->eContentType; 132 133 /* Add the contentType attribute */ 134 return CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType, 135 V_ASN1_OBJECT, ctype, -1) > 0; 136 } 137 138 /* Copy an existing messageDigest value */ 139 140 static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si) 141 { 142 STACK_OF(CMS_SignerInfo) *sinfos; 143 CMS_SignerInfo *sitmp; 144 int i; 145 146 sinfos = CMS_get0_SignerInfos(cms); 147 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { 148 ASN1_OCTET_STRING *messageDigest; 149 150 sitmp = sk_CMS_SignerInfo_value(sinfos, i); 151 if (sitmp == si) 152 continue; 153 if (CMS_signed_get_attr_count(sitmp) < 0) 154 continue; 155 if (OBJ_cmp(si->digestAlgorithm->algorithm, 156 sitmp->digestAlgorithm->algorithm)) 157 continue; 158 messageDigest = CMS_signed_get0_data_by_OBJ(sitmp, 159 OBJ_nid2obj 160 (NID_pkcs9_messageDigest), 161 -3, V_ASN1_OCTET_STRING); 162 if (!messageDigest) { 163 ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); 164 return 0; 165 } 166 167 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, 168 V_ASN1_OCTET_STRING, 169 messageDigest, -1)) 170 return 1; 171 else 172 return 0; 173 } 174 ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_DIGEST); 175 return 0; 176 } 177 178 int ossl_cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, 179 int type, const CMS_CTX *ctx) 180 { 181 switch (type) { 182 case CMS_SIGNERINFO_ISSUER_SERIAL: 183 if (!ossl_cms_set1_ias(&sid->d.issuerAndSerialNumber, cert)) 184 return 0; 185 break; 186 187 case CMS_SIGNERINFO_KEYIDENTIFIER: 188 if (!ossl_cms_set1_keyid(&sid->d.subjectKeyIdentifier, cert)) 189 return 0; 190 break; 191 192 default: 193 ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_ID); 194 return 0; 195 } 196 197 sid->type = type; 198 199 return 1; 200 } 201 202 int ossl_cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, 203 ASN1_OCTET_STRING **keyid, 204 X509_NAME **issuer, 205 ASN1_INTEGER **sno) 206 { 207 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) { 208 if (issuer) 209 *issuer = sid->d.issuerAndSerialNumber->issuer; 210 if (sno) 211 *sno = sid->d.issuerAndSerialNumber->serialNumber; 212 } else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) { 213 if (keyid) 214 *keyid = sid->d.subjectKeyIdentifier; 215 } else 216 return 0; 217 return 1; 218 } 219 220 int ossl_cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert) 221 { 222 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) 223 return ossl_cms_ias_cert_cmp(sid->d.issuerAndSerialNumber, cert); 224 else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) 225 return ossl_cms_keyid_cert_cmp(sid->d.subjectKeyIdentifier, cert); 226 else 227 return -1; 228 } 229 230 static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd) 231 { 232 EVP_PKEY *pkey = si->pkey; 233 int i; 234 235 if (EVP_PKEY_is_a(pkey, "DSA") || EVP_PKEY_is_a(pkey, "EC")) 236 return ossl_cms_ecdsa_dsa_sign(si, cmd) > 0; 237 else if (EVP_PKEY_is_a(pkey, "RSA") || EVP_PKEY_is_a(pkey, "RSA-PSS")) 238 return ossl_cms_rsa_sign(si, cmd) > 0; 239 240 /* Something else? We'll give engines etc a chance to handle this */ 241 if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL) 242 return 1; 243 i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_SIGN, cmd, si); 244 if (i == -2) { 245 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 246 return 0; 247 } 248 if (i <= 0) { 249 ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_FAILURE); 250 return 0; 251 } 252 return 1; 253 } 254 255 /* Add SigningCertificate signed attribute to the signer info. */ 256 static int ossl_cms_add1_signing_cert(CMS_SignerInfo *si, 257 const ESS_SIGNING_CERT *sc) 258 { 259 ASN1_STRING *seq = NULL; 260 unsigned char *p, *pp = NULL; 261 int ret, len = i2d_ESS_SIGNING_CERT(sc, NULL); 262 263 if (len <= 0 || (pp = OPENSSL_malloc(len)) == NULL) 264 return 0; 265 266 p = pp; 267 i2d_ESS_SIGNING_CERT(sc, &p); 268 if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) { 269 ASN1_STRING_free(seq); 270 OPENSSL_free(pp); 271 return 0; 272 } 273 OPENSSL_free(pp); 274 ret = CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_signingCertificate, 275 V_ASN1_SEQUENCE, seq, -1); 276 ASN1_STRING_free(seq); 277 return ret; 278 } 279 280 /* Add SigningCertificateV2 signed attribute to the signer info. */ 281 static int ossl_cms_add1_signing_cert_v2(CMS_SignerInfo *si, 282 const ESS_SIGNING_CERT_V2 *sc) 283 { 284 ASN1_STRING *seq = NULL; 285 unsigned char *p, *pp = NULL; 286 int ret, len = i2d_ESS_SIGNING_CERT_V2(sc, NULL); 287 288 if (len <= 0 || (pp = OPENSSL_malloc(len)) == NULL) 289 return 0; 290 291 p = pp; 292 i2d_ESS_SIGNING_CERT_V2(sc, &p); 293 if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) { 294 ASN1_STRING_free(seq); 295 OPENSSL_free(pp); 296 return 0; 297 } 298 OPENSSL_free(pp); 299 ret = CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_signingCertificateV2, 300 V_ASN1_SEQUENCE, seq, -1); 301 ASN1_STRING_free(seq); 302 return ret; 303 } 304 305 CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, 306 X509 *signer, EVP_PKEY *pk, const EVP_MD *md, 307 unsigned int flags) 308 { 309 CMS_SignedData *sd; 310 CMS_SignerInfo *si = NULL; 311 X509_ALGOR *alg; 312 int i, type; 313 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); 314 315 if (!X509_check_private_key(signer, pk)) { 316 ERR_raise(ERR_LIB_CMS, CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); 317 return NULL; 318 } 319 sd = cms_signed_data_init(cms); 320 if (!sd) 321 goto err; 322 si = M_ASN1_new_of(CMS_SignerInfo); 323 if (!si) 324 goto merr; 325 /* Call for side-effect of computing hash and caching extensions */ 326 X509_check_purpose(signer, -1, -1); 327 328 X509_up_ref(signer); 329 EVP_PKEY_up_ref(pk); 330 331 si->cms_ctx = ctx; 332 si->pkey = pk; 333 si->signer = signer; 334 si->mctx = EVP_MD_CTX_new(); 335 si->pctx = NULL; 336 337 if (si->mctx == NULL) { 338 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); 339 goto err; 340 } 341 342 if (flags & CMS_USE_KEYID) { 343 si->version = 3; 344 if (sd->version < 3) 345 sd->version = 3; 346 type = CMS_SIGNERINFO_KEYIDENTIFIER; 347 } else { 348 type = CMS_SIGNERINFO_ISSUER_SERIAL; 349 si->version = 1; 350 } 351 352 if (!ossl_cms_set1_SignerIdentifier(si->sid, signer, type, ctx)) 353 goto err; 354 355 if (md == NULL) { 356 int def_nid; 357 358 if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) { 359 ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST, 360 "pkey nid=%d", EVP_PKEY_get_id(pk)); 361 goto err; 362 } 363 md = EVP_get_digestbynid(def_nid); 364 if (md == NULL) { 365 ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST, 366 "default md nid=%d", def_nid); 367 goto err; 368 } 369 } 370 371 if (!md) { 372 ERR_raise(ERR_LIB_CMS, CMS_R_NO_DIGEST_SET); 373 goto err; 374 } 375 376 if (md == NULL) { 377 ERR_raise(ERR_LIB_CMS, CMS_R_NO_DIGEST_SET); 378 goto err; 379 } 380 381 X509_ALGOR_set_md(si->digestAlgorithm, md); 382 383 /* See if digest is present in digestAlgorithms */ 384 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) { 385 const ASN1_OBJECT *aoid; 386 char name[OSSL_MAX_NAME_SIZE]; 387 388 alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i); 389 X509_ALGOR_get0(&aoid, NULL, NULL, alg); 390 OBJ_obj2txt(name, sizeof(name), aoid, 0); 391 if (EVP_MD_is_a(md, name)) 392 break; 393 } 394 395 if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) { 396 alg = X509_ALGOR_new(); 397 if (alg == NULL) 398 goto merr; 399 X509_ALGOR_set_md(alg, md); 400 if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) { 401 X509_ALGOR_free(alg); 402 goto merr; 403 } 404 } 405 406 if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0)) { 407 ERR_raise_data(ERR_LIB_CMS, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM, 408 "pkey nid=%d", EVP_PKEY_get_id(pk)); 409 goto err; 410 } 411 if (!(flags & CMS_NOATTR)) { 412 /* 413 * Initialize signed attributes structure so other attributes 414 * such as signing time etc are added later even if we add none here. 415 */ 416 if (!si->signedAttrs) { 417 si->signedAttrs = sk_X509_ATTRIBUTE_new_null(); 418 if (!si->signedAttrs) 419 goto merr; 420 } 421 422 if (!(flags & CMS_NOSMIMECAP)) { 423 STACK_OF(X509_ALGOR) *smcap = NULL; 424 i = CMS_add_standard_smimecap(&smcap); 425 if (i) 426 i = CMS_add_smimecap(si, smcap); 427 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); 428 if (!i) 429 goto merr; 430 } 431 if (flags & CMS_CADES) { 432 ESS_SIGNING_CERT *sc = NULL; 433 ESS_SIGNING_CERT_V2 *sc2 = NULL; 434 int add_sc; 435 436 if (md == NULL || EVP_MD_is_a(md, SN_sha1)) { 437 if ((sc = OSSL_ESS_signing_cert_new_init(signer, 438 NULL, 1)) == NULL) 439 goto err; 440 add_sc = ossl_cms_add1_signing_cert(si, sc); 441 ESS_SIGNING_CERT_free(sc); 442 } else { 443 if ((sc2 = OSSL_ESS_signing_cert_v2_new_init(md, signer, 444 NULL, 1)) == NULL) 445 goto err; 446 add_sc = ossl_cms_add1_signing_cert_v2(si, sc2); 447 ESS_SIGNING_CERT_V2_free(sc2); 448 } 449 if (!add_sc) 450 goto err; 451 } 452 if (flags & CMS_REUSE_DIGEST) { 453 if (!cms_copy_messageDigest(cms, si)) 454 goto err; 455 if (!cms_set_si_contentType_attr(cms, si)) 456 goto err; 457 if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) && 458 !CMS_SignerInfo_sign(si)) 459 goto err; 460 } 461 } 462 463 if (!(flags & CMS_NOCERTS)) { 464 /* NB ignore -1 return for duplicate cert */ 465 if (!CMS_add1_cert(cms, signer)) 466 goto merr; 467 } 468 469 if (flags & CMS_KEY_PARAM) { 470 if (flags & CMS_NOATTR) { 471 si->pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), 472 si->pkey, 473 ossl_cms_ctx_get0_propq(ctx)); 474 if (si->pctx == NULL) 475 goto err; 476 if (EVP_PKEY_sign_init(si->pctx) <= 0) 477 goto err; 478 if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0) 479 goto err; 480 } else if (EVP_DigestSignInit_ex(si->mctx, &si->pctx, 481 EVP_MD_get0_name(md), 482 ossl_cms_ctx_get0_libctx(ctx), 483 ossl_cms_ctx_get0_propq(ctx), 484 pk, NULL) <= 0) { 485 goto err; 486 } 487 } 488 489 if (!sd->signerInfos) 490 sd->signerInfos = sk_CMS_SignerInfo_new_null(); 491 if (!sd->signerInfos || !sk_CMS_SignerInfo_push(sd->signerInfos, si)) 492 goto merr; 493 494 return si; 495 496 merr: 497 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); 498 err: 499 M_ASN1_free_of(si, CMS_SignerInfo); 500 return NULL; 501 502 } 503 504 void ossl_cms_SignerInfos_set_cmsctx(CMS_ContentInfo *cms) 505 { 506 int i; 507 CMS_SignerInfo *si; 508 STACK_OF(CMS_SignerInfo) *sinfos; 509 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); 510 511 ERR_set_mark(); 512 sinfos = CMS_get0_SignerInfos(cms); 513 ERR_pop_to_mark(); /* removes error in case sinfos == NULL */ 514 515 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { 516 si = sk_CMS_SignerInfo_value(sinfos, i); 517 if (si != NULL) 518 si->cms_ctx = ctx; 519 } 520 } 521 522 static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t) 523 { 524 ASN1_TIME *tt; 525 int r = 0; 526 527 if (t != NULL) 528 tt = t; 529 else 530 tt = X509_gmtime_adj(NULL, 0); 531 532 if (tt == NULL) 533 goto merr; 534 535 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime, 536 tt->type, tt, -1) <= 0) 537 goto merr; 538 539 r = 1; 540 merr: 541 if (t == NULL) 542 ASN1_TIME_free(tt); 543 544 if (!r) 545 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); 546 547 return r; 548 549 } 550 551 EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si) 552 { 553 return si->pctx; 554 } 555 556 EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si) 557 { 558 return si->mctx; 559 } 560 561 STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms) 562 { 563 CMS_SignedData *sd = cms_get0_signed(cms); 564 565 return sd != NULL ? sd->signerInfos : NULL; 566 } 567 568 STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms) 569 { 570 STACK_OF(X509) *signers = NULL; 571 STACK_OF(CMS_SignerInfo) *sinfos; 572 CMS_SignerInfo *si; 573 int i; 574 575 sinfos = CMS_get0_SignerInfos(cms); 576 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { 577 si = sk_CMS_SignerInfo_value(sinfos, i); 578 if (si->signer != NULL) { 579 if (!ossl_x509_add_cert_new(&signers, si->signer, 580 X509_ADD_FLAG_DEFAULT)) { 581 sk_X509_free(signers); 582 return NULL; 583 } 584 } 585 } 586 return signers; 587 } 588 589 void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer) 590 { 591 if (signer != NULL) { 592 X509_up_ref(signer); 593 EVP_PKEY_free(si->pkey); 594 si->pkey = X509_get_pubkey(signer); 595 } 596 X509_free(si->signer); 597 si->signer = signer; 598 } 599 600 int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, 601 ASN1_OCTET_STRING **keyid, 602 X509_NAME **issuer, ASN1_INTEGER **sno) 603 { 604 return ossl_cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno); 605 } 606 607 int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert) 608 { 609 return ossl_cms_SignerIdentifier_cert_cmp(si->sid, cert); 610 } 611 612 int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts, 613 unsigned int flags) 614 { 615 CMS_SignedData *sd; 616 CMS_SignerInfo *si; 617 CMS_CertificateChoices *cch; 618 STACK_OF(CMS_CertificateChoices) *certs; 619 X509 *x; 620 int i, j; 621 int ret = 0; 622 623 sd = cms_get0_signed(cms); 624 if (sd == NULL) 625 return -1; 626 certs = sd->certificates; 627 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) { 628 si = sk_CMS_SignerInfo_value(sd->signerInfos, i); 629 if (si->signer != NULL) 630 continue; 631 632 for (j = 0; j < sk_X509_num(scerts); j++) { 633 x = sk_X509_value(scerts, j); 634 if (CMS_SignerInfo_cert_cmp(si, x) == 0) { 635 CMS_SignerInfo_set1_signer_cert(si, x); 636 ret++; 637 break; 638 } 639 } 640 641 if (si->signer != NULL || (flags & CMS_NOINTERN)) 642 continue; 643 644 for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) { 645 cch = sk_CMS_CertificateChoices_value(certs, j); 646 if (cch->type != 0) 647 continue; 648 x = cch->d.certificate; 649 if (CMS_SignerInfo_cert_cmp(si, x) == 0) { 650 CMS_SignerInfo_set1_signer_cert(si, x); 651 ret++; 652 break; 653 } 654 } 655 } 656 return ret; 657 } 658 659 void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, 660 X509 **signer, X509_ALGOR **pdig, 661 X509_ALGOR **psig) 662 { 663 if (pk != NULL) 664 *pk = si->pkey; 665 if (signer != NULL) 666 *signer = si->signer; 667 if (pdig != NULL) 668 *pdig = si->digestAlgorithm; 669 if (psig != NULL) 670 *psig = si->signatureAlgorithm; 671 } 672 673 ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si) 674 { 675 return si->signature; 676 } 677 678 static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, 679 CMS_SignerInfo *si, BIO *chain) 680 { 681 EVP_MD_CTX *mctx = EVP_MD_CTX_new(); 682 int r = 0; 683 EVP_PKEY_CTX *pctx = NULL; 684 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); 685 686 if (mctx == NULL) { 687 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); 688 return 0; 689 } 690 691 if (si->pkey == NULL) { 692 ERR_raise(ERR_LIB_CMS, CMS_R_NO_PRIVATE_KEY); 693 goto err; 694 } 695 696 if (!ossl_cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) 697 goto err; 698 /* Set SignerInfo algorithm details if we used custom parameter */ 699 if (si->pctx && !cms_sd_asn1_ctrl(si, 0)) 700 goto err; 701 702 /* 703 * If any signed attributes calculate and add messageDigest attribute 704 */ 705 706 if (CMS_signed_get_attr_count(si) >= 0) { 707 unsigned char md[EVP_MAX_MD_SIZE]; 708 unsigned int mdlen; 709 710 if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) 711 goto err; 712 if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, 713 V_ASN1_OCTET_STRING, md, mdlen)) 714 goto err; 715 /* Copy content type across */ 716 if (!cms_set_si_contentType_attr(cms, si)) 717 goto err; 718 719 if (!CMS_SignerInfo_sign(si)) 720 goto err; 721 } else if (si->pctx) { 722 unsigned char *sig; 723 size_t siglen; 724 unsigned char md[EVP_MAX_MD_SIZE]; 725 unsigned int mdlen; 726 727 pctx = si->pctx; 728 if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) 729 goto err; 730 siglen = EVP_PKEY_get_size(si->pkey); 731 sig = OPENSSL_malloc(siglen); 732 if (sig == NULL) { 733 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); 734 goto err; 735 } 736 if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0) { 737 OPENSSL_free(sig); 738 goto err; 739 } 740 ASN1_STRING_set0(si->signature, sig, siglen); 741 } else { 742 unsigned char *sig; 743 unsigned int siglen; 744 745 sig = OPENSSL_malloc(EVP_PKEY_get_size(si->pkey)); 746 if (sig == NULL) { 747 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); 748 goto err; 749 } 750 if (!EVP_SignFinal_ex(mctx, sig, &siglen, si->pkey, 751 ossl_cms_ctx_get0_libctx(ctx), 752 ossl_cms_ctx_get0_propq(ctx))) { 753 ERR_raise(ERR_LIB_CMS, CMS_R_SIGNFINAL_ERROR); 754 OPENSSL_free(sig); 755 goto err; 756 } 757 ASN1_STRING_set0(si->signature, sig, siglen); 758 } 759 760 r = 1; 761 762 err: 763 EVP_MD_CTX_free(mctx); 764 EVP_PKEY_CTX_free(pctx); 765 return r; 766 767 } 768 769 int ossl_cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) 770 { 771 STACK_OF(CMS_SignerInfo) *sinfos; 772 CMS_SignerInfo *si; 773 int i; 774 775 sinfos = CMS_get0_SignerInfos(cms); 776 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { 777 si = sk_CMS_SignerInfo_value(sinfos, i); 778 if (!cms_SignerInfo_content_sign(cms, si, chain)) 779 return 0; 780 } 781 cms->d.signedData->encapContentInfo->partial = 0; 782 return 1; 783 } 784 785 int CMS_SignerInfo_sign(CMS_SignerInfo *si) 786 { 787 EVP_MD_CTX *mctx = si->mctx; 788 EVP_PKEY_CTX *pctx = NULL; 789 unsigned char *abuf = NULL; 790 int alen; 791 size_t siglen; 792 const CMS_CTX *ctx = si->cms_ctx; 793 char md_name[OSSL_MAX_NAME_SIZE]; 794 795 if (OBJ_obj2txt(md_name, sizeof(md_name), 796 si->digestAlgorithm->algorithm, 0) <= 0) 797 return 0; 798 799 if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) { 800 if (!cms_add1_signingTime(si, NULL)) 801 goto err; 802 } 803 804 if (!ossl_cms_si_check_attributes(si)) 805 goto err; 806 807 if (si->pctx) 808 pctx = si->pctx; 809 else { 810 EVP_MD_CTX_reset(mctx); 811 if (EVP_DigestSignInit_ex(mctx, &pctx, md_name, 812 ossl_cms_ctx_get0_libctx(ctx), 813 ossl_cms_ctx_get0_propq(ctx), si->pkey, 814 NULL) <= 0) 815 goto err; 816 si->pctx = pctx; 817 } 818 819 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, 820 ASN1_ITEM_rptr(CMS_Attributes_Sign)); 821 if (!abuf) 822 goto err; 823 if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0) 824 goto err; 825 if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0) 826 goto err; 827 OPENSSL_free(abuf); 828 abuf = OPENSSL_malloc(siglen); 829 if (abuf == NULL) 830 goto err; 831 if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0) 832 goto err; 833 834 EVP_MD_CTX_reset(mctx); 835 836 ASN1_STRING_set0(si->signature, abuf, siglen); 837 838 return 1; 839 840 err: 841 OPENSSL_free(abuf); 842 EVP_MD_CTX_reset(mctx); 843 return 0; 844 } 845 846 int CMS_SignerInfo_verify(CMS_SignerInfo *si) 847 { 848 EVP_MD_CTX *mctx = NULL; 849 unsigned char *abuf = NULL; 850 int alen, r = -1; 851 char name[OSSL_MAX_NAME_SIZE]; 852 const EVP_MD *md; 853 EVP_MD *fetched_md = NULL; 854 const CMS_CTX *ctx = si->cms_ctx; 855 OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(ctx); 856 const char *propq = ossl_cms_ctx_get0_propq(ctx); 857 858 if (si->pkey == NULL) { 859 ERR_raise(ERR_LIB_CMS, CMS_R_NO_PUBLIC_KEY); 860 return -1; 861 } 862 863 if (!ossl_cms_si_check_attributes(si)) 864 return -1; 865 866 OBJ_obj2txt(name, sizeof(name), si->digestAlgorithm->algorithm, 0); 867 868 (void)ERR_set_mark(); 869 fetched_md = EVP_MD_fetch(libctx, name, propq); 870 871 if (fetched_md != NULL) 872 md = fetched_md; 873 else 874 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); 875 if (md == NULL) { 876 (void)ERR_clear_last_mark(); 877 ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_DIGEST_ALGORITHM); 878 return -1; 879 } 880 (void)ERR_pop_to_mark(); 881 882 if (si->mctx == NULL && (si->mctx = EVP_MD_CTX_new()) == NULL) { 883 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); 884 goto err; 885 } 886 mctx = si->mctx; 887 if (EVP_DigestVerifyInit_ex(mctx, &si->pctx, EVP_MD_get0_name(md), libctx, 888 propq, si->pkey, NULL) <= 0) 889 goto err; 890 891 if (!cms_sd_asn1_ctrl(si, 1)) 892 goto err; 893 894 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, 895 ASN1_ITEM_rptr(CMS_Attributes_Verify)); 896 if (abuf == NULL || alen < 0) 897 goto err; 898 r = EVP_DigestVerifyUpdate(mctx, abuf, alen); 899 OPENSSL_free(abuf); 900 if (r <= 0) { 901 r = -1; 902 goto err; 903 } 904 r = EVP_DigestVerifyFinal(mctx, 905 si->signature->data, si->signature->length); 906 if (r <= 0) 907 ERR_raise(ERR_LIB_CMS, CMS_R_VERIFICATION_FAILURE); 908 err: 909 EVP_MD_free(fetched_md); 910 EVP_MD_CTX_reset(mctx); 911 return r; 912 } 913 914 /* Create a chain of digest BIOs from a CMS ContentInfo */ 915 916 BIO *ossl_cms_SignedData_init_bio(CMS_ContentInfo *cms) 917 { 918 int i; 919 CMS_SignedData *sd; 920 BIO *chain = NULL; 921 922 sd = cms_get0_signed(cms); 923 if (sd == NULL) 924 return NULL; 925 if (cms->d.signedData->encapContentInfo->partial) 926 cms_sd_set_version(sd); 927 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) { 928 X509_ALGOR *digestAlgorithm; 929 BIO *mdbio; 930 931 digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i); 932 mdbio = ossl_cms_DigestAlgorithm_init_bio(digestAlgorithm, 933 ossl_cms_get0_cmsctx(cms)); 934 if (mdbio == NULL) 935 goto err; 936 if (chain != NULL) 937 BIO_push(chain, mdbio); 938 else 939 chain = mdbio; 940 } 941 return chain; 942 err: 943 BIO_free_all(chain); 944 return NULL; 945 } 946 947 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) 948 { 949 ASN1_OCTET_STRING *os = NULL; 950 EVP_MD_CTX *mctx = EVP_MD_CTX_new(); 951 EVP_PKEY_CTX *pkctx = NULL; 952 int r = -1; 953 unsigned char mval[EVP_MAX_MD_SIZE]; 954 unsigned int mlen; 955 956 if (mctx == NULL) { 957 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); 958 goto err; 959 } 960 /* If we have any signed attributes look for messageDigest value */ 961 if (CMS_signed_get_attr_count(si) >= 0) { 962 os = CMS_signed_get0_data_by_OBJ(si, 963 OBJ_nid2obj(NID_pkcs9_messageDigest), 964 -3, V_ASN1_OCTET_STRING); 965 if (os == NULL) { 966 ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); 967 goto err; 968 } 969 } 970 971 if (!ossl_cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) 972 goto err; 973 974 if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) { 975 ERR_raise(ERR_LIB_CMS, CMS_R_UNABLE_TO_FINALIZE_CONTEXT); 976 goto err; 977 } 978 979 /* If messageDigest found compare it */ 980 981 if (os != NULL) { 982 if (mlen != (unsigned int)os->length) { 983 ERR_raise(ERR_LIB_CMS, CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH); 984 goto err; 985 } 986 987 if (memcmp(mval, os->data, mlen)) { 988 ERR_raise(ERR_LIB_CMS, CMS_R_VERIFICATION_FAILURE); 989 r = 0; 990 } else 991 r = 1; 992 } else { 993 const EVP_MD *md = EVP_MD_CTX_get0_md(mctx); 994 const CMS_CTX *ctx = si->cms_ctx; 995 996 pkctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), 997 si->pkey, 998 ossl_cms_ctx_get0_propq(ctx)); 999 if (pkctx == NULL) 1000 goto err; 1001 if (EVP_PKEY_verify_init(pkctx) <= 0) 1002 goto err; 1003 if (EVP_PKEY_CTX_set_signature_md(pkctx, md) <= 0) 1004 goto err; 1005 si->pctx = pkctx; 1006 if (!cms_sd_asn1_ctrl(si, 1)) 1007 goto err; 1008 r = EVP_PKEY_verify(pkctx, si->signature->data, 1009 si->signature->length, mval, mlen); 1010 if (r <= 0) { 1011 ERR_raise(ERR_LIB_CMS, CMS_R_VERIFICATION_FAILURE); 1012 r = 0; 1013 } 1014 } 1015 1016 err: 1017 EVP_PKEY_CTX_free(pkctx); 1018 EVP_MD_CTX_free(mctx); 1019 return r; 1020 1021 } 1022 1023 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs) 1024 { 1025 unsigned char *smder = NULL; 1026 int smderlen, r; 1027 1028 smderlen = i2d_X509_ALGORS(algs, &smder); 1029 if (smderlen <= 0) 1030 return 0; 1031 r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities, 1032 V_ASN1_SEQUENCE, smder, smderlen); 1033 OPENSSL_free(smder); 1034 return r; 1035 } 1036 1037 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, 1038 int algnid, int keysize) 1039 { 1040 X509_ALGOR *alg = NULL; 1041 ASN1_INTEGER *key = NULL; 1042 1043 if (keysize > 0) { 1044 key = ASN1_INTEGER_new(); 1045 if (key == NULL || !ASN1_INTEGER_set(key, keysize)) 1046 goto err; 1047 } 1048 alg = X509_ALGOR_new(); 1049 if (alg == NULL) 1050 goto err; 1051 1052 if (!X509_ALGOR_set0(alg, OBJ_nid2obj(algnid), 1053 key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key)) 1054 goto err; 1055 key = NULL; 1056 if (*algs == NULL) 1057 *algs = sk_X509_ALGOR_new_null(); 1058 if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) 1059 goto err; 1060 return 1; 1061 1062 err: 1063 ASN1_INTEGER_free(key); 1064 X509_ALGOR_free(alg); 1065 return 0; 1066 } 1067 1068 /* Check to see if a cipher exists and if so add S/MIME capabilities */ 1069 1070 static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) 1071 { 1072 if (EVP_get_cipherbynid(nid)) 1073 return CMS_add_simple_smimecap(sk, nid, arg); 1074 return 1; 1075 } 1076 1077 static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) 1078 { 1079 if (EVP_get_digestbynid(nid)) 1080 return CMS_add_simple_smimecap(sk, nid, arg); 1081 return 1; 1082 } 1083 1084 int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap) 1085 { 1086 if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) 1087 || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1) 1088 || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1) 1089 || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) 1090 || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) 1091 || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) 1092 || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) 1093 || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) 1094 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128) 1095 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64) 1096 || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1) 1097 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40)) 1098 return 0; 1099 return 1; 1100 } 1101