1 /* 2 * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include "internal/cryptlib.h" 11 #include <openssl/asn1t.h> 12 #include <openssl/pem.h> 13 #include <openssl/x509.h> 14 #include <openssl/x509v3.h> 15 #include <openssl/err.h> 16 #include <openssl/cms.h> 17 #include <openssl/ess.h> 18 #include "internal/sizes.h" 19 #include "crypto/asn1.h" 20 #include "crypto/evp.h" 21 #include "crypto/ess.h" 22 #include "crypto/x509.h" /* for ossl_x509_add_cert_new() */ 23 #include "cms_local.h" 24 25 /* CMS SignedData Utilities */ 26 27 static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms) 28 { 29 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) { 30 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA); 31 return NULL; 32 } 33 return cms->d.signedData; 34 } 35 36 static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms) 37 { 38 if (cms->d.other == NULL) { 39 cms->d.signedData = M_ASN1_new_of(CMS_SignedData); 40 if (!cms->d.signedData) { 41 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); 42 return NULL; 43 } 44 cms->d.signedData->version = 1; 45 cms->d.signedData->encapContentInfo->eContentType = 46 OBJ_nid2obj(NID_pkcs7_data); 47 cms->d.signedData->encapContentInfo->partial = 1; 48 ASN1_OBJECT_free(cms->contentType); 49 cms->contentType = OBJ_nid2obj(NID_pkcs7_signed); 50 return cms->d.signedData; 51 } 52 return cms_get0_signed(cms); 53 } 54 55 /* Just initialise SignedData e.g. for certs only structure */ 56 57 int CMS_SignedData_init(CMS_ContentInfo *cms) 58 { 59 if (cms_signed_data_init(cms)) 60 return 1; 61 else 62 return 0; 63 } 64 65 66 /* Check structures and fixup version numbers (if necessary) */ 67 68 static void cms_sd_set_version(CMS_SignedData *sd) 69 { 70 int i; 71 CMS_CertificateChoices *cch; 72 CMS_RevocationInfoChoice *rch; 73 CMS_SignerInfo *si; 74 75 for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++) { 76 cch = sk_CMS_CertificateChoices_value(sd->certificates, i); 77 if (cch->type == CMS_CERTCHOICE_OTHER) { 78 if (sd->version < 5) 79 sd->version = 5; 80 } else if (cch->type == CMS_CERTCHOICE_V2ACERT) { 81 if (sd->version < 4) 82 sd->version = 4; 83 } else if (cch->type == CMS_CERTCHOICE_V1ACERT) { 84 if (sd->version < 3) 85 sd->version = 3; 86 } 87 } 88 89 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++) { 90 rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i); 91 if (rch->type == CMS_REVCHOICE_OTHER) { 92 if (sd->version < 5) 93 sd->version = 5; 94 } 95 } 96 97 if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data) 98 && (sd->version < 3)) 99 sd->version = 3; 100 101 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) { 102 si = sk_CMS_SignerInfo_value(sd->signerInfos, i); 103 if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) { 104 if (si->version < 3) 105 si->version = 3; 106 if (sd->version < 3) 107 sd->version = 3; 108 } else if (si->version < 1) 109 si->version = 1; 110 } 111 112 if (sd->version < 1) 113 sd->version = 1; 114 115 } 116 117 /* 118 * RFC 5652 Section 11.1 Content Type 119 * The content-type attribute within signed-data MUST 120 * 1) be present if there are signed attributes 121 * 2) match the content type in the signed-data, 122 * 3) be a signed attribute. 123 * 4) not have more than one copy of the attribute. 124 * 125 * Note that since the CMS_SignerInfo_sign() always adds the "signing time" 126 * attribute, the content type attribute MUST be added also. 127 * Assumptions: This assumes that the attribute does not already exist. 128 */ 129 static int cms_set_si_contentType_attr(CMS_ContentInfo *cms, CMS_SignerInfo *si) 130 { 131 ASN1_OBJECT *ctype = cms->d.signedData->encapContentInfo->eContentType; 132 133 /* Add the contentType attribute */ 134 return CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType, 135 V_ASN1_OBJECT, ctype, -1) > 0; 136 } 137 138 /* Copy an existing messageDigest value */ 139 140 static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si) 141 { 142 STACK_OF(CMS_SignerInfo) *sinfos; 143 CMS_SignerInfo *sitmp; 144 int i; 145 146 sinfos = CMS_get0_SignerInfos(cms); 147 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { 148 ASN1_OCTET_STRING *messageDigest; 149 150 sitmp = sk_CMS_SignerInfo_value(sinfos, i); 151 if (sitmp == si) 152 continue; 153 if (CMS_signed_get_attr_count(sitmp) < 0) 154 continue; 155 if (OBJ_cmp(si->digestAlgorithm->algorithm, 156 sitmp->digestAlgorithm->algorithm)) 157 continue; 158 messageDigest = CMS_signed_get0_data_by_OBJ(sitmp, 159 OBJ_nid2obj 160 (NID_pkcs9_messageDigest), 161 -3, V_ASN1_OCTET_STRING); 162 if (!messageDigest) { 163 ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); 164 return 0; 165 } 166 167 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, 168 V_ASN1_OCTET_STRING, 169 messageDigest, -1)) 170 return 1; 171 else 172 return 0; 173 } 174 ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_DIGEST); 175 return 0; 176 } 177 178 int ossl_cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, 179 int type, const CMS_CTX *ctx) 180 { 181 switch (type) { 182 case CMS_SIGNERINFO_ISSUER_SERIAL: 183 if (!ossl_cms_set1_ias(&sid->d.issuerAndSerialNumber, cert)) 184 return 0; 185 break; 186 187 case CMS_SIGNERINFO_KEYIDENTIFIER: 188 if (!ossl_cms_set1_keyid(&sid->d.subjectKeyIdentifier, cert)) 189 return 0; 190 break; 191 192 default: 193 ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_ID); 194 return 0; 195 } 196 197 sid->type = type; 198 199 return 1; 200 } 201 202 int ossl_cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, 203 ASN1_OCTET_STRING **keyid, 204 X509_NAME **issuer, 205 ASN1_INTEGER **sno) 206 { 207 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) { 208 if (issuer) 209 *issuer = sid->d.issuerAndSerialNumber->issuer; 210 if (sno) 211 *sno = sid->d.issuerAndSerialNumber->serialNumber; 212 } else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) { 213 if (keyid) 214 *keyid = sid->d.subjectKeyIdentifier; 215 } else 216 return 0; 217 return 1; 218 } 219 220 int ossl_cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert) 221 { 222 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) 223 return ossl_cms_ias_cert_cmp(sid->d.issuerAndSerialNumber, cert); 224 else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) 225 return ossl_cms_keyid_cert_cmp(sid->d.subjectKeyIdentifier, cert); 226 else 227 return -1; 228 } 229 230 static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd) 231 { 232 EVP_PKEY *pkey = si->pkey; 233 int i; 234 235 if (EVP_PKEY_is_a(pkey, "DSA") || EVP_PKEY_is_a(pkey, "EC")) 236 return ossl_cms_ecdsa_dsa_sign(si, cmd); 237 else if (EVP_PKEY_is_a(pkey, "RSA") || EVP_PKEY_is_a(pkey, "RSA-PSS")) 238 return ossl_cms_rsa_sign(si, cmd); 239 240 /* Something else? We'll give engines etc a chance to handle this */ 241 if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL) 242 return 1; 243 i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_SIGN, cmd, si); 244 if (i == -2) { 245 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 246 return 0; 247 } 248 if (i <= 0) { 249 ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_FAILURE); 250 return 0; 251 } 252 return 1; 253 } 254 255 /* Add SigningCertificate signed attribute to the signer info. */ 256 static int ossl_cms_add1_signing_cert(CMS_SignerInfo *si, 257 const ESS_SIGNING_CERT *sc) 258 { 259 ASN1_STRING *seq = NULL; 260 unsigned char *p, *pp = NULL; 261 int ret, len = i2d_ESS_SIGNING_CERT(sc, NULL); 262 263 if (len <= 0 || (pp = OPENSSL_malloc(len)) == NULL) 264 return 0; 265 266 p = pp; 267 i2d_ESS_SIGNING_CERT(sc, &p); 268 if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) { 269 ASN1_STRING_free(seq); 270 OPENSSL_free(pp); 271 return 0; 272 } 273 OPENSSL_free(pp); 274 ret = CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_signingCertificate, 275 V_ASN1_SEQUENCE, seq, -1); 276 ASN1_STRING_free(seq); 277 return ret; 278 } 279 280 /* Add SigningCertificateV2 signed attribute to the signer info. */ 281 static int ossl_cms_add1_signing_cert_v2(CMS_SignerInfo *si, 282 const ESS_SIGNING_CERT_V2 *sc) 283 { 284 ASN1_STRING *seq = NULL; 285 unsigned char *p, *pp = NULL; 286 int ret, len = i2d_ESS_SIGNING_CERT_V2(sc, NULL); 287 288 if (len <= 0 || (pp = OPENSSL_malloc(len)) == NULL) 289 return 0; 290 291 p = pp; 292 i2d_ESS_SIGNING_CERT_V2(sc, &p); 293 if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) { 294 ASN1_STRING_free(seq); 295 OPENSSL_free(pp); 296 return 0; 297 } 298 OPENSSL_free(pp); 299 ret = CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_signingCertificateV2, 300 V_ASN1_SEQUENCE, seq, -1); 301 ASN1_STRING_free(seq); 302 return ret; 303 } 304 305 CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, 306 X509 *signer, EVP_PKEY *pk, const EVP_MD *md, 307 unsigned int flags) 308 { 309 CMS_SignedData *sd; 310 CMS_SignerInfo *si = NULL; 311 X509_ALGOR *alg; 312 int i, type; 313 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); 314 315 if (!X509_check_private_key(signer, pk)) { 316 ERR_raise(ERR_LIB_CMS, CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); 317 return NULL; 318 } 319 sd = cms_signed_data_init(cms); 320 if (!sd) 321 goto err; 322 si = M_ASN1_new_of(CMS_SignerInfo); 323 if (!si) 324 goto merr; 325 /* Call for side-effect of computing hash and caching extensions */ 326 X509_check_purpose(signer, -1, -1); 327 328 X509_up_ref(signer); 329 EVP_PKEY_up_ref(pk); 330 331 si->cms_ctx = ctx; 332 si->pkey = pk; 333 si->signer = signer; 334 si->mctx = EVP_MD_CTX_new(); 335 si->pctx = NULL; 336 337 if (si->mctx == NULL) { 338 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); 339 goto err; 340 } 341 342 if (flags & CMS_USE_KEYID) { 343 si->version = 3; 344 if (sd->version < 3) 345 sd->version = 3; 346 type = CMS_SIGNERINFO_KEYIDENTIFIER; 347 } else { 348 type = CMS_SIGNERINFO_ISSUER_SERIAL; 349 si->version = 1; 350 } 351 352 if (!ossl_cms_set1_SignerIdentifier(si->sid, signer, type, ctx)) 353 goto err; 354 355 if (md == NULL) { 356 int def_nid; 357 if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) 358 goto err; 359 md = EVP_get_digestbynid(def_nid); 360 if (md == NULL) { 361 ERR_raise(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST); 362 goto err; 363 } 364 } 365 366 if (!md) { 367 ERR_raise(ERR_LIB_CMS, CMS_R_NO_DIGEST_SET); 368 goto err; 369 } 370 371 if (md == NULL) { 372 ERR_raise(ERR_LIB_CMS, CMS_R_NO_DIGEST_SET); 373 goto err; 374 } 375 376 X509_ALGOR_set_md(si->digestAlgorithm, md); 377 378 /* See if digest is present in digestAlgorithms */ 379 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) { 380 const ASN1_OBJECT *aoid; 381 char name[OSSL_MAX_NAME_SIZE]; 382 383 alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i); 384 X509_ALGOR_get0(&aoid, NULL, NULL, alg); 385 OBJ_obj2txt(name, sizeof(name), aoid, 0); 386 if (EVP_MD_is_a(md, name)) 387 break; 388 } 389 390 if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) { 391 alg = X509_ALGOR_new(); 392 if (alg == NULL) 393 goto merr; 394 X509_ALGOR_set_md(alg, md); 395 if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) { 396 X509_ALGOR_free(alg); 397 goto merr; 398 } 399 } 400 401 if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0)) 402 goto err; 403 if (!(flags & CMS_NOATTR)) { 404 /* 405 * Initialize signed attributes structure so other attributes 406 * such as signing time etc are added later even if we add none here. 407 */ 408 if (!si->signedAttrs) { 409 si->signedAttrs = sk_X509_ATTRIBUTE_new_null(); 410 if (!si->signedAttrs) 411 goto merr; 412 } 413 414 if (!(flags & CMS_NOSMIMECAP)) { 415 STACK_OF(X509_ALGOR) *smcap = NULL; 416 i = CMS_add_standard_smimecap(&smcap); 417 if (i) 418 i = CMS_add_smimecap(si, smcap); 419 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); 420 if (!i) 421 goto merr; 422 } 423 if (flags & CMS_CADES) { 424 ESS_SIGNING_CERT *sc = NULL; 425 ESS_SIGNING_CERT_V2 *sc2 = NULL; 426 int add_sc; 427 428 if (md == NULL || EVP_MD_is_a(md, SN_sha1)) { 429 if ((sc = OSSL_ESS_signing_cert_new_init(signer, 430 NULL, 1)) == NULL) 431 goto err; 432 add_sc = ossl_cms_add1_signing_cert(si, sc); 433 ESS_SIGNING_CERT_free(sc); 434 } else { 435 if ((sc2 = OSSL_ESS_signing_cert_v2_new_init(md, signer, 436 NULL, 1)) == NULL) 437 goto err; 438 add_sc = ossl_cms_add1_signing_cert_v2(si, sc2); 439 ESS_SIGNING_CERT_V2_free(sc2); 440 } 441 if (!add_sc) 442 goto err; 443 } 444 if (flags & CMS_REUSE_DIGEST) { 445 if (!cms_copy_messageDigest(cms, si)) 446 goto err; 447 if (!cms_set_si_contentType_attr(cms, si)) 448 goto err; 449 if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) && 450 !CMS_SignerInfo_sign(si)) 451 goto err; 452 } 453 } 454 455 if (!(flags & CMS_NOCERTS)) { 456 /* NB ignore -1 return for duplicate cert */ 457 if (!CMS_add1_cert(cms, signer)) 458 goto merr; 459 } 460 461 if (flags & CMS_KEY_PARAM) { 462 if (flags & CMS_NOATTR) { 463 si->pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), 464 si->pkey, 465 ossl_cms_ctx_get0_propq(ctx)); 466 if (si->pctx == NULL) 467 goto err; 468 if (EVP_PKEY_sign_init(si->pctx) <= 0) 469 goto err; 470 if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0) 471 goto err; 472 } else if (EVP_DigestSignInit_ex(si->mctx, &si->pctx, 473 EVP_MD_get0_name(md), 474 ossl_cms_ctx_get0_libctx(ctx), 475 ossl_cms_ctx_get0_propq(ctx), 476 pk, NULL) <= 0) { 477 goto err; 478 } 479 } 480 481 if (!sd->signerInfos) 482 sd->signerInfos = sk_CMS_SignerInfo_new_null(); 483 if (!sd->signerInfos || !sk_CMS_SignerInfo_push(sd->signerInfos, si)) 484 goto merr; 485 486 return si; 487 488 merr: 489 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); 490 err: 491 M_ASN1_free_of(si, CMS_SignerInfo); 492 return NULL; 493 494 } 495 496 void ossl_cms_SignerInfos_set_cmsctx(CMS_ContentInfo *cms) 497 { 498 int i; 499 CMS_SignerInfo *si; 500 STACK_OF(CMS_SignerInfo) *sinfos; 501 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); 502 503 ERR_set_mark(); 504 sinfos = CMS_get0_SignerInfos(cms); 505 ERR_pop_to_mark(); /* removes error in case sinfos == NULL */ 506 507 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { 508 si = sk_CMS_SignerInfo_value(sinfos, i); 509 if (si != NULL) 510 si->cms_ctx = ctx; 511 } 512 } 513 514 static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t) 515 { 516 ASN1_TIME *tt; 517 int r = 0; 518 519 if (t != NULL) 520 tt = t; 521 else 522 tt = X509_gmtime_adj(NULL, 0); 523 524 if (tt == NULL) 525 goto merr; 526 527 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime, 528 tt->type, tt, -1) <= 0) 529 goto merr; 530 531 r = 1; 532 merr: 533 if (t == NULL) 534 ASN1_TIME_free(tt); 535 536 if (!r) 537 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); 538 539 return r; 540 541 } 542 543 EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si) 544 { 545 return si->pctx; 546 } 547 548 EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si) 549 { 550 return si->mctx; 551 } 552 553 STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms) 554 { 555 CMS_SignedData *sd = cms_get0_signed(cms); 556 557 return sd != NULL ? sd->signerInfos : NULL; 558 } 559 560 STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms) 561 { 562 STACK_OF(X509) *signers = NULL; 563 STACK_OF(CMS_SignerInfo) *sinfos; 564 CMS_SignerInfo *si; 565 int i; 566 567 sinfos = CMS_get0_SignerInfos(cms); 568 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { 569 si = sk_CMS_SignerInfo_value(sinfos, i); 570 if (si->signer != NULL) { 571 if (!ossl_x509_add_cert_new(&signers, si->signer, 572 X509_ADD_FLAG_DEFAULT)) { 573 sk_X509_free(signers); 574 return NULL; 575 } 576 } 577 } 578 return signers; 579 } 580 581 void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer) 582 { 583 if (signer != NULL) { 584 X509_up_ref(signer); 585 EVP_PKEY_free(si->pkey); 586 si->pkey = X509_get_pubkey(signer); 587 } 588 X509_free(si->signer); 589 si->signer = signer; 590 } 591 592 int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, 593 ASN1_OCTET_STRING **keyid, 594 X509_NAME **issuer, ASN1_INTEGER **sno) 595 { 596 return ossl_cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno); 597 } 598 599 int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert) 600 { 601 return ossl_cms_SignerIdentifier_cert_cmp(si->sid, cert); 602 } 603 604 int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts, 605 unsigned int flags) 606 { 607 CMS_SignedData *sd; 608 CMS_SignerInfo *si; 609 CMS_CertificateChoices *cch; 610 STACK_OF(CMS_CertificateChoices) *certs; 611 X509 *x; 612 int i, j; 613 int ret = 0; 614 615 sd = cms_get0_signed(cms); 616 if (sd == NULL) 617 return -1; 618 certs = sd->certificates; 619 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) { 620 si = sk_CMS_SignerInfo_value(sd->signerInfos, i); 621 if (si->signer != NULL) 622 continue; 623 624 for (j = 0; j < sk_X509_num(scerts); j++) { 625 x = sk_X509_value(scerts, j); 626 if (CMS_SignerInfo_cert_cmp(si, x) == 0) { 627 CMS_SignerInfo_set1_signer_cert(si, x); 628 ret++; 629 break; 630 } 631 } 632 633 if (si->signer != NULL || (flags & CMS_NOINTERN)) 634 continue; 635 636 for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) { 637 cch = sk_CMS_CertificateChoices_value(certs, j); 638 if (cch->type != 0) 639 continue; 640 x = cch->d.certificate; 641 if (CMS_SignerInfo_cert_cmp(si, x) == 0) { 642 CMS_SignerInfo_set1_signer_cert(si, x); 643 ret++; 644 break; 645 } 646 } 647 } 648 return ret; 649 } 650 651 void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, 652 X509 **signer, X509_ALGOR **pdig, 653 X509_ALGOR **psig) 654 { 655 if (pk != NULL) 656 *pk = si->pkey; 657 if (signer != NULL) 658 *signer = si->signer; 659 if (pdig != NULL) 660 *pdig = si->digestAlgorithm; 661 if (psig != NULL) 662 *psig = si->signatureAlgorithm; 663 } 664 665 ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si) 666 { 667 return si->signature; 668 } 669 670 static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, 671 CMS_SignerInfo *si, BIO *chain) 672 { 673 EVP_MD_CTX *mctx = EVP_MD_CTX_new(); 674 int r = 0; 675 EVP_PKEY_CTX *pctx = NULL; 676 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); 677 678 if (mctx == NULL) { 679 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); 680 return 0; 681 } 682 683 if (si->pkey == NULL) { 684 ERR_raise(ERR_LIB_CMS, CMS_R_NO_PRIVATE_KEY); 685 goto err; 686 } 687 688 if (!ossl_cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) 689 goto err; 690 /* Set SignerInfo algorithm details if we used custom parameter */ 691 if (si->pctx && !cms_sd_asn1_ctrl(si, 0)) 692 goto err; 693 694 /* 695 * If any signed attributes calculate and add messageDigest attribute 696 */ 697 698 if (CMS_signed_get_attr_count(si) >= 0) { 699 unsigned char md[EVP_MAX_MD_SIZE]; 700 unsigned int mdlen; 701 702 if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) 703 goto err; 704 if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, 705 V_ASN1_OCTET_STRING, md, mdlen)) 706 goto err; 707 /* Copy content type across */ 708 if (!cms_set_si_contentType_attr(cms, si)) 709 goto err; 710 711 if (!CMS_SignerInfo_sign(si)) 712 goto err; 713 } else if (si->pctx) { 714 unsigned char *sig; 715 size_t siglen; 716 unsigned char md[EVP_MAX_MD_SIZE]; 717 unsigned int mdlen; 718 719 pctx = si->pctx; 720 if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) 721 goto err; 722 siglen = EVP_PKEY_get_size(si->pkey); 723 sig = OPENSSL_malloc(siglen); 724 if (sig == NULL) { 725 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); 726 goto err; 727 } 728 if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0) { 729 OPENSSL_free(sig); 730 goto err; 731 } 732 ASN1_STRING_set0(si->signature, sig, siglen); 733 } else { 734 unsigned char *sig; 735 unsigned int siglen; 736 737 sig = OPENSSL_malloc(EVP_PKEY_get_size(si->pkey)); 738 if (sig == NULL) { 739 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); 740 goto err; 741 } 742 if (!EVP_SignFinal_ex(mctx, sig, &siglen, si->pkey, 743 ossl_cms_ctx_get0_libctx(ctx), 744 ossl_cms_ctx_get0_propq(ctx))) { 745 ERR_raise(ERR_LIB_CMS, CMS_R_SIGNFINAL_ERROR); 746 OPENSSL_free(sig); 747 goto err; 748 } 749 ASN1_STRING_set0(si->signature, sig, siglen); 750 } 751 752 r = 1; 753 754 err: 755 EVP_MD_CTX_free(mctx); 756 EVP_PKEY_CTX_free(pctx); 757 return r; 758 759 } 760 761 int ossl_cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) 762 { 763 STACK_OF(CMS_SignerInfo) *sinfos; 764 CMS_SignerInfo *si; 765 int i; 766 767 sinfos = CMS_get0_SignerInfos(cms); 768 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { 769 si = sk_CMS_SignerInfo_value(sinfos, i); 770 if (!cms_SignerInfo_content_sign(cms, si, chain)) 771 return 0; 772 } 773 cms->d.signedData->encapContentInfo->partial = 0; 774 return 1; 775 } 776 777 int CMS_SignerInfo_sign(CMS_SignerInfo *si) 778 { 779 EVP_MD_CTX *mctx = si->mctx; 780 EVP_PKEY_CTX *pctx = NULL; 781 unsigned char *abuf = NULL; 782 int alen; 783 size_t siglen; 784 const CMS_CTX *ctx = si->cms_ctx; 785 char md_name[OSSL_MAX_NAME_SIZE]; 786 787 if (OBJ_obj2txt(md_name, sizeof(md_name), 788 si->digestAlgorithm->algorithm, 0) <= 0) 789 return 0; 790 791 if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) { 792 if (!cms_add1_signingTime(si, NULL)) 793 goto err; 794 } 795 796 if (!ossl_cms_si_check_attributes(si)) 797 goto err; 798 799 if (si->pctx) 800 pctx = si->pctx; 801 else { 802 EVP_MD_CTX_reset(mctx); 803 if (EVP_DigestSignInit_ex(mctx, &pctx, md_name, 804 ossl_cms_ctx_get0_libctx(ctx), 805 ossl_cms_ctx_get0_propq(ctx), si->pkey, 806 NULL) <= 0) 807 goto err; 808 si->pctx = pctx; 809 } 810 811 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, 812 ASN1_ITEM_rptr(CMS_Attributes_Sign)); 813 if (!abuf) 814 goto err; 815 if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0) 816 goto err; 817 if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0) 818 goto err; 819 OPENSSL_free(abuf); 820 abuf = OPENSSL_malloc(siglen); 821 if (abuf == NULL) 822 goto err; 823 if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0) 824 goto err; 825 826 EVP_MD_CTX_reset(mctx); 827 828 ASN1_STRING_set0(si->signature, abuf, siglen); 829 830 return 1; 831 832 err: 833 OPENSSL_free(abuf); 834 EVP_MD_CTX_reset(mctx); 835 return 0; 836 } 837 838 int CMS_SignerInfo_verify(CMS_SignerInfo *si) 839 { 840 EVP_MD_CTX *mctx = NULL; 841 unsigned char *abuf = NULL; 842 int alen, r = -1; 843 char name[OSSL_MAX_NAME_SIZE]; 844 const EVP_MD *md; 845 EVP_MD *fetched_md = NULL; 846 const CMS_CTX *ctx = si->cms_ctx; 847 OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(ctx); 848 const char *propq = ossl_cms_ctx_get0_propq(ctx); 849 850 if (si->pkey == NULL) { 851 ERR_raise(ERR_LIB_CMS, CMS_R_NO_PUBLIC_KEY); 852 return -1; 853 } 854 855 if (!ossl_cms_si_check_attributes(si)) 856 return -1; 857 858 OBJ_obj2txt(name, sizeof(name), si->digestAlgorithm->algorithm, 0); 859 860 (void)ERR_set_mark(); 861 fetched_md = EVP_MD_fetch(libctx, name, propq); 862 863 if (fetched_md != NULL) 864 md = fetched_md; 865 else 866 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); 867 if (md == NULL) { 868 (void)ERR_clear_last_mark(); 869 ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_DIGEST_ALGORITHM); 870 return -1; 871 } 872 (void)ERR_pop_to_mark(); 873 874 if (si->mctx == NULL && (si->mctx = EVP_MD_CTX_new()) == NULL) { 875 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); 876 goto err; 877 } 878 mctx = si->mctx; 879 if (EVP_DigestVerifyInit_ex(mctx, &si->pctx, EVP_MD_get0_name(md), libctx, 880 propq, si->pkey, NULL) <= 0) 881 goto err; 882 883 if (!cms_sd_asn1_ctrl(si, 1)) 884 goto err; 885 886 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, 887 ASN1_ITEM_rptr(CMS_Attributes_Verify)); 888 if (abuf == NULL || alen < 0) 889 goto err; 890 r = EVP_DigestVerifyUpdate(mctx, abuf, alen); 891 OPENSSL_free(abuf); 892 if (r <= 0) { 893 r = -1; 894 goto err; 895 } 896 r = EVP_DigestVerifyFinal(mctx, 897 si->signature->data, si->signature->length); 898 if (r <= 0) 899 ERR_raise(ERR_LIB_CMS, CMS_R_VERIFICATION_FAILURE); 900 err: 901 EVP_MD_free(fetched_md); 902 EVP_MD_CTX_reset(mctx); 903 return r; 904 } 905 906 /* Create a chain of digest BIOs from a CMS ContentInfo */ 907 908 BIO *ossl_cms_SignedData_init_bio(CMS_ContentInfo *cms) 909 { 910 int i; 911 CMS_SignedData *sd; 912 BIO *chain = NULL; 913 914 sd = cms_get0_signed(cms); 915 if (sd == NULL) 916 return NULL; 917 if (cms->d.signedData->encapContentInfo->partial) 918 cms_sd_set_version(sd); 919 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) { 920 X509_ALGOR *digestAlgorithm; 921 BIO *mdbio; 922 923 digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i); 924 mdbio = ossl_cms_DigestAlgorithm_init_bio(digestAlgorithm, 925 ossl_cms_get0_cmsctx(cms)); 926 if (mdbio == NULL) 927 goto err; 928 if (chain != NULL) 929 BIO_push(chain, mdbio); 930 else 931 chain = mdbio; 932 } 933 return chain; 934 err: 935 BIO_free_all(chain); 936 return NULL; 937 } 938 939 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) 940 { 941 ASN1_OCTET_STRING *os = NULL; 942 EVP_MD_CTX *mctx = EVP_MD_CTX_new(); 943 EVP_PKEY_CTX *pkctx = NULL; 944 int r = -1; 945 unsigned char mval[EVP_MAX_MD_SIZE]; 946 unsigned int mlen; 947 948 if (mctx == NULL) { 949 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); 950 goto err; 951 } 952 /* If we have any signed attributes look for messageDigest value */ 953 if (CMS_signed_get_attr_count(si) >= 0) { 954 os = CMS_signed_get0_data_by_OBJ(si, 955 OBJ_nid2obj(NID_pkcs9_messageDigest), 956 -3, V_ASN1_OCTET_STRING); 957 if (os == NULL) { 958 ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); 959 goto err; 960 } 961 } 962 963 if (!ossl_cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) 964 goto err; 965 966 if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) { 967 ERR_raise(ERR_LIB_CMS, CMS_R_UNABLE_TO_FINALIZE_CONTEXT); 968 goto err; 969 } 970 971 /* If messageDigest found compare it */ 972 973 if (os != NULL) { 974 if (mlen != (unsigned int)os->length) { 975 ERR_raise(ERR_LIB_CMS, CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH); 976 goto err; 977 } 978 979 if (memcmp(mval, os->data, mlen)) { 980 ERR_raise(ERR_LIB_CMS, CMS_R_VERIFICATION_FAILURE); 981 r = 0; 982 } else 983 r = 1; 984 } else { 985 const EVP_MD *md = EVP_MD_CTX_get0_md(mctx); 986 const CMS_CTX *ctx = si->cms_ctx; 987 988 pkctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), 989 si->pkey, 990 ossl_cms_ctx_get0_propq(ctx)); 991 if (pkctx == NULL) 992 goto err; 993 if (EVP_PKEY_verify_init(pkctx) <= 0) 994 goto err; 995 if (EVP_PKEY_CTX_set_signature_md(pkctx, md) <= 0) 996 goto err; 997 si->pctx = pkctx; 998 if (!cms_sd_asn1_ctrl(si, 1)) 999 goto err; 1000 r = EVP_PKEY_verify(pkctx, si->signature->data, 1001 si->signature->length, mval, mlen); 1002 if (r <= 0) { 1003 ERR_raise(ERR_LIB_CMS, CMS_R_VERIFICATION_FAILURE); 1004 r = 0; 1005 } 1006 } 1007 1008 err: 1009 EVP_PKEY_CTX_free(pkctx); 1010 EVP_MD_CTX_free(mctx); 1011 return r; 1012 1013 } 1014 1015 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs) 1016 { 1017 unsigned char *smder = NULL; 1018 int smderlen, r; 1019 1020 smderlen = i2d_X509_ALGORS(algs, &smder); 1021 if (smderlen <= 0) 1022 return 0; 1023 r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities, 1024 V_ASN1_SEQUENCE, smder, smderlen); 1025 OPENSSL_free(smder); 1026 return r; 1027 } 1028 1029 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, 1030 int algnid, int keysize) 1031 { 1032 X509_ALGOR *alg; 1033 ASN1_INTEGER *key = NULL; 1034 1035 if (keysize > 0) { 1036 key = ASN1_INTEGER_new(); 1037 if (key == NULL || !ASN1_INTEGER_set(key, keysize)) { 1038 ASN1_INTEGER_free(key); 1039 return 0; 1040 } 1041 } 1042 alg = X509_ALGOR_new(); 1043 if (alg == NULL) { 1044 ASN1_INTEGER_free(key); 1045 return 0; 1046 } 1047 1048 X509_ALGOR_set0(alg, OBJ_nid2obj(algnid), 1049 key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key); 1050 if (*algs == NULL) 1051 *algs = sk_X509_ALGOR_new_null(); 1052 if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) { 1053 X509_ALGOR_free(alg); 1054 return 0; 1055 } 1056 return 1; 1057 } 1058 1059 /* Check to see if a cipher exists and if so add S/MIME capabilities */ 1060 1061 static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) 1062 { 1063 if (EVP_get_cipherbynid(nid)) 1064 return CMS_add_simple_smimecap(sk, nid, arg); 1065 return 1; 1066 } 1067 1068 static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) 1069 { 1070 if (EVP_get_digestbynid(nid)) 1071 return CMS_add_simple_smimecap(sk, nid, arg); 1072 return 1; 1073 } 1074 1075 int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap) 1076 { 1077 if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) 1078 || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1) 1079 || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1) 1080 || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) 1081 || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) 1082 || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) 1083 || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) 1084 || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) 1085 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128) 1086 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64) 1087 || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1) 1088 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40)) 1089 return 0; 1090 return 1; 1091 } 1092