1 /* crypto/cms/cms_sd.c */ 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 */ 53 54 #include "cryptlib.h" 55 #include <openssl/asn1t.h> 56 #include <openssl/pem.h> 57 #include <openssl/x509v3.h> 58 #include <openssl/err.h> 59 #include <openssl/cms.h> 60 #include "cms_lcl.h" 61 62 /* CMS SignedData Utilities */ 63 64 DECLARE_ASN1_ITEM(CMS_SignedData) 65 66 static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms) 67 { 68 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) 69 { 70 CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA); 71 return NULL; 72 } 73 return cms->d.signedData; 74 } 75 76 static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms) 77 { 78 if (cms->d.other == NULL) 79 { 80 cms->d.signedData = M_ASN1_new_of(CMS_SignedData); 81 if (!cms->d.signedData) 82 { 83 CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE); 84 return NULL; 85 } 86 cms->d.signedData->version = 1; 87 cms->d.signedData->encapContentInfo->eContentType = 88 OBJ_nid2obj(NID_pkcs7_data); 89 cms->d.signedData->encapContentInfo->partial = 1; 90 ASN1_OBJECT_free(cms->contentType); 91 cms->contentType = OBJ_nid2obj(NID_pkcs7_signed); 92 return cms->d.signedData; 93 } 94 return cms_get0_signed(cms); 95 } 96 97 /* Just initialize SignedData e.g. for certs only structure */ 98 99 int CMS_SignedData_init(CMS_ContentInfo *cms) 100 { 101 if (cms_signed_data_init(cms)) 102 return 1; 103 else 104 return 0; 105 } 106 107 /* Check structures and fixup version numbers (if necessary) */ 108 109 static void cms_sd_set_version(CMS_SignedData *sd) 110 { 111 int i; 112 CMS_CertificateChoices *cch; 113 CMS_RevocationInfoChoice *rch; 114 CMS_SignerInfo *si; 115 116 for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++) 117 { 118 cch = sk_CMS_CertificateChoices_value(sd->certificates, i); 119 if (cch->type == CMS_CERTCHOICE_OTHER) 120 { 121 if (sd->version < 5) 122 sd->version = 5; 123 } 124 else if (cch->type == CMS_CERTCHOICE_V2ACERT) 125 { 126 if (sd->version < 4) 127 sd->version = 4; 128 } 129 else if (cch->type == CMS_CERTCHOICE_V1ACERT) 130 { 131 if (sd->version < 3) 132 sd->version = 3; 133 } 134 } 135 136 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++) 137 { 138 rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i); 139 if (rch->type == CMS_REVCHOICE_OTHER) 140 { 141 if (sd->version < 5) 142 sd->version = 5; 143 } 144 } 145 146 if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data) 147 && (sd->version < 3)) 148 sd->version = 3; 149 150 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) 151 { 152 si = sk_CMS_SignerInfo_value(sd->signerInfos, i); 153 if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) 154 { 155 if (si->version < 3) 156 si->version = 3; 157 if (sd->version < 3) 158 sd->version = 3; 159 } 160 else 161 sd->version = 1; 162 } 163 164 if (sd->version < 1) 165 sd->version = 1; 166 167 } 168 169 /* Copy an existing messageDigest value */ 170 171 static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si) 172 { 173 STACK_OF(CMS_SignerInfo) *sinfos; 174 CMS_SignerInfo *sitmp; 175 int i; 176 sinfos = CMS_get0_SignerInfos(cms); 177 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) 178 { 179 ASN1_OCTET_STRING *messageDigest; 180 sitmp = sk_CMS_SignerInfo_value(sinfos, i); 181 if (sitmp == si) 182 continue; 183 if (CMS_signed_get_attr_count(sitmp) < 0) 184 continue; 185 if (OBJ_cmp(si->digestAlgorithm->algorithm, 186 sitmp->digestAlgorithm->algorithm)) 187 continue; 188 messageDigest = CMS_signed_get0_data_by_OBJ(sitmp, 189 OBJ_nid2obj(NID_pkcs9_messageDigest), 190 -3, V_ASN1_OCTET_STRING); 191 if (!messageDigest) 192 { 193 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, 194 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); 195 return 0; 196 } 197 198 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, 199 V_ASN1_OCTET_STRING, 200 messageDigest, -1)) 201 return 1; 202 else 203 return 0; 204 } 205 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST); 206 return 0; 207 } 208 209 int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type) 210 { 211 switch(type) 212 { 213 case CMS_SIGNERINFO_ISSUER_SERIAL: 214 sid->d.issuerAndSerialNumber = 215 M_ASN1_new_of(CMS_IssuerAndSerialNumber); 216 if (!sid->d.issuerAndSerialNumber) 217 goto merr; 218 if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer, 219 X509_get_issuer_name(cert))) 220 goto merr; 221 ASN1_STRING_free(sid->d.issuerAndSerialNumber->serialNumber); 222 sid->d.issuerAndSerialNumber->serialNumber = 223 ASN1_STRING_dup(X509_get_serialNumber(cert)); 224 if(!sid->d.issuerAndSerialNumber->serialNumber) 225 goto merr; 226 break; 227 228 case CMS_SIGNERINFO_KEYIDENTIFIER: 229 if (!cert->skid) 230 { 231 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, 232 CMS_R_CERTIFICATE_HAS_NO_KEYID); 233 return 0; 234 } 235 sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid); 236 if (!sid->d.subjectKeyIdentifier) 237 goto merr; 238 break; 239 240 default: 241 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID); 242 return 0; 243 } 244 245 sid->type = type; 246 247 return 1; 248 249 merr: 250 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, ERR_R_MALLOC_FAILURE); 251 return 0; 252 253 } 254 255 int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, 256 ASN1_OCTET_STRING **keyid, 257 X509_NAME **issuer, ASN1_INTEGER **sno) 258 { 259 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) 260 { 261 if (issuer) 262 *issuer = sid->d.issuerAndSerialNumber->issuer; 263 if (sno) 264 *sno = sid->d.issuerAndSerialNumber->serialNumber; 265 } 266 else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) 267 { 268 if (keyid) 269 *keyid = sid->d.subjectKeyIdentifier; 270 } 271 else 272 return 0; 273 return 1; 274 } 275 276 int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert) 277 { 278 int ret; 279 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) 280 { 281 ret = X509_NAME_cmp(sid->d.issuerAndSerialNumber->issuer, 282 X509_get_issuer_name(cert)); 283 if (ret) 284 return ret; 285 return ASN1_INTEGER_cmp(sid->d.issuerAndSerialNumber->serialNumber, 286 X509_get_serialNumber(cert)); 287 } 288 else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) 289 { 290 X509_check_purpose(cert, -1, -1); 291 if (!cert->skid) 292 return -1; 293 return ASN1_OCTET_STRING_cmp(sid->d.subjectKeyIdentifier, 294 cert->skid); 295 } 296 else 297 return -1; 298 } 299 300 CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, 301 X509 *signer, EVP_PKEY *pk, const EVP_MD *md, 302 unsigned int flags) 303 { 304 CMS_SignedData *sd; 305 CMS_SignerInfo *si = NULL; 306 X509_ALGOR *alg; 307 int i, type; 308 if(!X509_check_private_key(signer, pk)) 309 { 310 CMSerr(CMS_F_CMS_ADD1_SIGNER, 311 CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); 312 return NULL; 313 } 314 sd = cms_signed_data_init(cms); 315 if (!sd) 316 goto err; 317 si = M_ASN1_new_of(CMS_SignerInfo); 318 if (!si) 319 goto merr; 320 X509_check_purpose(signer, -1, -1); 321 322 CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY); 323 CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509); 324 325 si->pkey = pk; 326 si->signer = signer; 327 328 if (flags & CMS_USE_KEYID) 329 { 330 si->version = 3; 331 if (sd->version < 3) 332 sd->version = 3; 333 type = CMS_SIGNERINFO_KEYIDENTIFIER; 334 } 335 else 336 { 337 type = CMS_SIGNERINFO_ISSUER_SERIAL; 338 si->version = 1; 339 } 340 341 if (!cms_set1_SignerIdentifier(si->sid, signer, type)) 342 goto err; 343 344 /* Since no EVP_PKEY_METHOD in 0.9.8 hard code SHA1 as default */ 345 if (md == NULL) 346 md = EVP_sha1(); 347 348 /* OpenSSL 0.9.8 only supports SHA1 with non-RSA keys */ 349 350 if ((pk->type != EVP_PKEY_RSA) && (EVP_MD_type(md) != NID_sha1)) 351 { 352 CMSerr(CMS_F_CMS_ADD1_SIGNER, 353 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 354 goto err; 355 } 356 357 cms_DigestAlgorithm_set(si->digestAlgorithm, md); 358 359 /* See if digest is present in digestAlgorithms */ 360 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) 361 { 362 ASN1_OBJECT *aoid; 363 alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i); 364 X509_ALGOR_get0(&aoid, NULL, NULL, alg); 365 if (OBJ_obj2nid(aoid) == EVP_MD_type(md)) 366 break; 367 } 368 369 if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) 370 { 371 alg = X509_ALGOR_new(); 372 if (!alg) 373 goto merr; 374 cms_DigestAlgorithm_set(alg, md); 375 if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) 376 { 377 X509_ALGOR_free(alg); 378 goto merr; 379 } 380 } 381 382 /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8, 383 * hard code algorithm parameters. 384 */ 385 386 switch (pk->type) 387 { 388 389 case EVP_PKEY_RSA: 390 X509_ALGOR_set0(si->signatureAlgorithm, 391 OBJ_nid2obj(NID_rsaEncryption), 392 V_ASN1_NULL, 0); 393 break; 394 395 case EVP_PKEY_DSA: 396 X509_ALGOR_set0(si->signatureAlgorithm, 397 OBJ_nid2obj(NID_dsaWithSHA1), 398 V_ASN1_UNDEF, 0); 399 break; 400 401 402 case EVP_PKEY_EC: 403 X509_ALGOR_set0(si->signatureAlgorithm, 404 OBJ_nid2obj(NID_ecdsa_with_SHA1), 405 V_ASN1_UNDEF, 0); 406 break; 407 408 default: 409 CMSerr(CMS_F_CMS_ADD1_SIGNER, 410 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 411 goto err; 412 413 } 414 415 if (!(flags & CMS_NOATTR)) 416 { 417 /* Initialialize signed attributes strutucture so other 418 * attributes such as signing time etc are added later 419 * even if we add none here. 420 */ 421 if (!si->signedAttrs) 422 { 423 si->signedAttrs = sk_X509_ATTRIBUTE_new_null(); 424 if (!si->signedAttrs) 425 goto merr; 426 } 427 428 if (!(flags & CMS_NOSMIMECAP)) 429 { 430 STACK_OF(X509_ALGOR) *smcap = NULL; 431 i = CMS_add_standard_smimecap(&smcap); 432 if (i) 433 i = CMS_add_smimecap(si, smcap); 434 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); 435 if (!i) 436 goto merr; 437 } 438 if (flags & CMS_REUSE_DIGEST) 439 { 440 if (!cms_copy_messageDigest(cms, si)) 441 goto err; 442 if (!(flags & CMS_PARTIAL) && 443 !CMS_SignerInfo_sign(si)) 444 goto err; 445 } 446 } 447 448 if (!(flags & CMS_NOCERTS)) 449 { 450 /* NB ignore -1 return for duplicate cert */ 451 if (!CMS_add1_cert(cms, signer)) 452 goto merr; 453 } 454 455 if (!sd->signerInfos) 456 sd->signerInfos = sk_CMS_SignerInfo_new_null(); 457 if (!sd->signerInfos || 458 !sk_CMS_SignerInfo_push(sd->signerInfos, si)) 459 goto merr; 460 461 return si; 462 463 merr: 464 CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE); 465 err: 466 if (si) 467 M_ASN1_free_of(si, CMS_SignerInfo); 468 return NULL; 469 470 } 471 472 static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t) 473 { 474 ASN1_TIME *tt; 475 int r = 0; 476 if (t) 477 tt = t; 478 else 479 tt = X509_gmtime_adj(NULL, 0); 480 481 if (!tt) 482 goto merr; 483 484 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime, 485 tt->type, tt, -1) <= 0) 486 goto merr; 487 488 r = 1; 489 490 merr: 491 492 if (!t) 493 ASN1_TIME_free(tt); 494 495 if (!r) 496 CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE); 497 498 return r; 499 500 } 501 502 STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms) 503 { 504 CMS_SignedData *sd; 505 sd = cms_get0_signed(cms); 506 if (!sd) 507 return NULL; 508 return sd->signerInfos; 509 } 510 511 STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms) 512 { 513 STACK_OF(X509) *signers = NULL; 514 STACK_OF(CMS_SignerInfo) *sinfos; 515 CMS_SignerInfo *si; 516 int i; 517 sinfos = CMS_get0_SignerInfos(cms); 518 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) 519 { 520 si = sk_CMS_SignerInfo_value(sinfos, i); 521 if (si->signer) 522 { 523 if (!signers) 524 { 525 signers = sk_X509_new_null(); 526 if (!signers) 527 return NULL; 528 } 529 if (!sk_X509_push(signers, si->signer)) 530 { 531 sk_X509_free(signers); 532 return NULL; 533 } 534 } 535 } 536 return signers; 537 } 538 539 void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer) 540 { 541 if (signer) 542 { 543 CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509); 544 if (si->pkey) 545 EVP_PKEY_free(si->pkey); 546 si->pkey = X509_get_pubkey(signer); 547 } 548 if (si->signer) 549 X509_free(si->signer); 550 si->signer = signer; 551 } 552 553 int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, 554 ASN1_OCTET_STRING **keyid, 555 X509_NAME **issuer, ASN1_INTEGER **sno) 556 { 557 return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno); 558 } 559 560 int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert) 561 { 562 return cms_SignerIdentifier_cert_cmp(si->sid, cert); 563 } 564 565 int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts, 566 unsigned int flags) 567 { 568 CMS_SignedData *sd; 569 CMS_SignerInfo *si; 570 CMS_CertificateChoices *cch; 571 STACK_OF(CMS_CertificateChoices) *certs; 572 X509 *x; 573 int i, j; 574 int ret = 0; 575 sd = cms_get0_signed(cms); 576 if (!sd) 577 return -1; 578 certs = sd->certificates; 579 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) 580 { 581 si = sk_CMS_SignerInfo_value(sd->signerInfos, i); 582 if (si->signer) 583 continue; 584 585 for (j = 0; j < sk_X509_num(scerts); j++) 586 { 587 x = sk_X509_value(scerts, j); 588 if (CMS_SignerInfo_cert_cmp(si, x) == 0) 589 { 590 CMS_SignerInfo_set1_signer_cert(si, x); 591 ret++; 592 break; 593 } 594 } 595 596 if (si->signer || (flags & CMS_NOINTERN)) 597 continue; 598 599 for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) 600 { 601 cch = sk_CMS_CertificateChoices_value(certs, j); 602 if (cch->type != 0) 603 continue; 604 x = cch->d.certificate; 605 if (CMS_SignerInfo_cert_cmp(si, x) == 0) 606 { 607 CMS_SignerInfo_set1_signer_cert(si, x); 608 ret++; 609 break; 610 } 611 } 612 } 613 return ret; 614 } 615 616 void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer, 617 X509_ALGOR **pdig, X509_ALGOR **psig) 618 { 619 if (pk) 620 *pk = si->pkey; 621 if (signer) 622 *signer = si->signer; 623 if (pdig) 624 *pdig = si->digestAlgorithm; 625 if (psig) 626 *psig = si->signatureAlgorithm; 627 } 628 629 /* In OpenSSL 0.9.8 we have the link between digest types and public 630 * key types so we need to fixup the digest type if the public key 631 * type is not appropriate. 632 */ 633 634 static void cms_fixup_mctx(EVP_MD_CTX *mctx, EVP_PKEY *pkey) 635 { 636 if (EVP_MD_CTX_type(mctx) != NID_sha1) 637 return; 638 #ifndef OPENSSL_NO_DSA 639 if (pkey->type == EVP_PKEY_DSA) 640 mctx->digest = EVP_dss1(); 641 #endif 642 #ifndef OPENSSL_NO_ECDSA 643 if (pkey->type == EVP_PKEY_EC) 644 mctx->digest = EVP_ecdsa(); 645 #endif 646 } 647 648 static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, 649 CMS_SignerInfo *si, BIO *chain) 650 { 651 EVP_MD_CTX mctx; 652 int r = 0; 653 EVP_MD_CTX_init(&mctx); 654 655 656 if (!si->pkey) 657 { 658 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY); 659 return 0; 660 } 661 662 if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) 663 goto err; 664 665 /* If any signed attributes calculate and add messageDigest attribute */ 666 667 if (CMS_signed_get_attr_count(si) >= 0) 668 { 669 ASN1_OBJECT *ctype = 670 cms->d.signedData->encapContentInfo->eContentType; 671 unsigned char md[EVP_MAX_MD_SIZE]; 672 unsigned int mdlen; 673 EVP_DigestFinal_ex(&mctx, md, &mdlen); 674 if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, 675 V_ASN1_OCTET_STRING, 676 md, mdlen)) 677 goto err; 678 /* Copy content type across */ 679 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType, 680 V_ASN1_OBJECT, ctype, -1) <= 0) 681 goto err; 682 if (!CMS_SignerInfo_sign(si)) 683 goto err; 684 } 685 else 686 { 687 unsigned char *sig; 688 unsigned int siglen; 689 sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey)); 690 if (!sig) 691 { 692 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, 693 ERR_R_MALLOC_FAILURE); 694 goto err; 695 } 696 cms_fixup_mctx(&mctx, si->pkey); 697 if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) 698 { 699 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, 700 CMS_R_SIGNFINAL_ERROR); 701 OPENSSL_free(sig); 702 goto err; 703 } 704 ASN1_STRING_set0(si->signature, sig, siglen); 705 } 706 707 r = 1; 708 709 err: 710 EVP_MD_CTX_cleanup(&mctx); 711 return r; 712 713 } 714 715 int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) 716 { 717 STACK_OF(CMS_SignerInfo) *sinfos; 718 CMS_SignerInfo *si; 719 int i; 720 sinfos = CMS_get0_SignerInfos(cms); 721 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) 722 { 723 si = sk_CMS_SignerInfo_value(sinfos, i); 724 if (!cms_SignerInfo_content_sign(cms, si, chain)) 725 return 0; 726 } 727 cms->d.signedData->encapContentInfo->partial = 0; 728 return 1; 729 } 730 731 int CMS_SignerInfo_sign(CMS_SignerInfo *si) 732 { 733 EVP_MD_CTX mctx; 734 unsigned char *abuf = NULL; 735 int alen; 736 unsigned int siglen; 737 const EVP_MD *md = NULL; 738 739 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); 740 if (md == NULL) 741 return 0; 742 743 EVP_MD_CTX_init(&mctx); 744 745 if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) 746 { 747 if (!cms_add1_signingTime(si, NULL)) 748 goto err; 749 } 750 751 if (EVP_SignInit_ex(&mctx, md, NULL) <= 0) 752 goto err; 753 754 #if 0 755 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 756 EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) 757 { 758 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); 759 goto err; 760 } 761 #endif 762 763 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, 764 ASN1_ITEM_rptr(CMS_Attributes_Sign)); 765 if(!abuf) 766 goto err; 767 if (EVP_SignUpdate(&mctx, abuf, alen) <= 0) 768 goto err; 769 siglen = EVP_PKEY_size(si->pkey); 770 OPENSSL_free(abuf); 771 abuf = OPENSSL_malloc(siglen); 772 if(!abuf) 773 goto err; 774 cms_fixup_mctx(&mctx, si->pkey); 775 if (EVP_SignFinal(&mctx, abuf, &siglen, si->pkey) <= 0) 776 goto err; 777 #if 0 778 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 779 EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) 780 { 781 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); 782 goto err; 783 } 784 #endif 785 EVP_MD_CTX_cleanup(&mctx); 786 787 ASN1_STRING_set0(si->signature, abuf, siglen); 788 789 return 1; 790 791 err: 792 if (abuf) 793 OPENSSL_free(abuf); 794 EVP_MD_CTX_cleanup(&mctx); 795 return 0; 796 797 } 798 799 int CMS_SignerInfo_verify(CMS_SignerInfo *si) 800 { 801 EVP_MD_CTX mctx; 802 unsigned char *abuf = NULL; 803 int alen, r = -1; 804 const EVP_MD *md = NULL; 805 806 if (!si->pkey) 807 { 808 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY); 809 return -1; 810 } 811 812 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); 813 if (md == NULL) 814 return -1; 815 EVP_MD_CTX_init(&mctx); 816 if (EVP_VerifyInit_ex(&mctx, md, NULL) <= 0) 817 goto err; 818 819 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, 820 ASN1_ITEM_rptr(CMS_Attributes_Verify)); 821 if(!abuf) 822 goto err; 823 r = EVP_VerifyUpdate(&mctx, abuf, alen); 824 OPENSSL_free(abuf); 825 if (r <= 0) 826 { 827 r = -1; 828 goto err; 829 } 830 cms_fixup_mctx(&mctx, si->pkey); 831 r = EVP_VerifyFinal(&mctx, 832 si->signature->data, si->signature->length, si->pkey); 833 if (r <= 0) 834 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE); 835 err: 836 EVP_MD_CTX_cleanup(&mctx); 837 return r; 838 } 839 840 /* Create a chain of digest BIOs from a CMS ContentInfo */ 841 842 BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms) 843 { 844 int i; 845 CMS_SignedData *sd; 846 BIO *chain = NULL; 847 sd = cms_get0_signed(cms); 848 if (!sd) 849 return NULL; 850 if (cms->d.signedData->encapContentInfo->partial) 851 cms_sd_set_version(sd); 852 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) 853 { 854 X509_ALGOR *digestAlgorithm; 855 BIO *mdbio; 856 digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i); 857 mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm); 858 if (!mdbio) 859 goto err; 860 if (chain) 861 BIO_push(chain, mdbio); 862 else 863 chain = mdbio; 864 } 865 return chain; 866 err: 867 if (chain) 868 BIO_free_all(chain); 869 return NULL; 870 } 871 872 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) 873 { 874 ASN1_OCTET_STRING *os = NULL; 875 EVP_MD_CTX mctx; 876 int r = -1; 877 EVP_MD_CTX_init(&mctx); 878 /* If we have any signed attributes look for messageDigest value */ 879 if (CMS_signed_get_attr_count(si) >= 0) 880 { 881 os = CMS_signed_get0_data_by_OBJ(si, 882 OBJ_nid2obj(NID_pkcs9_messageDigest), 883 -3, V_ASN1_OCTET_STRING); 884 if (!os) 885 { 886 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 887 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); 888 goto err; 889 } 890 } 891 892 if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) 893 goto err; 894 895 /* If messageDigest found compare it */ 896 897 if (os) 898 { 899 unsigned char mval[EVP_MAX_MD_SIZE]; 900 unsigned int mlen; 901 if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0) 902 { 903 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 904 CMS_R_UNABLE_TO_FINALIZE_CONTEXT); 905 goto err; 906 } 907 if (mlen != (unsigned int)os->length) 908 { 909 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 910 CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH); 911 goto err; 912 } 913 914 if (memcmp(mval, os->data, mlen)) 915 { 916 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 917 CMS_R_VERIFICATION_FAILURE); 918 r = 0; 919 } 920 else 921 r = 1; 922 } 923 else 924 { 925 cms_fixup_mctx(&mctx, si->pkey); 926 r = EVP_VerifyFinal(&mctx, si->signature->data, 927 si->signature->length, si->pkey); 928 if (r <= 0) 929 { 930 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 931 CMS_R_VERIFICATION_FAILURE); 932 r = 0; 933 } 934 } 935 936 err: 937 EVP_MD_CTX_cleanup(&mctx); 938 return r; 939 940 } 941 942 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs) 943 { 944 unsigned char *smder = NULL; 945 int smderlen, r; 946 smderlen = i2d_X509_ALGORS(algs, &smder); 947 if (smderlen <= 0) 948 return 0; 949 r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities, 950 V_ASN1_SEQUENCE, smder, smderlen); 951 OPENSSL_free(smder); 952 return r; 953 } 954 955 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, 956 int algnid, int keysize) 957 { 958 X509_ALGOR *alg; 959 ASN1_INTEGER *key = NULL; 960 if (keysize > 0) 961 { 962 key = ASN1_INTEGER_new(); 963 if (!key || !ASN1_INTEGER_set(key, keysize)) 964 return 0; 965 } 966 alg = X509_ALGOR_new(); 967 if (!alg) 968 { 969 if (key) 970 ASN1_INTEGER_free(key); 971 return 0; 972 } 973 974 X509_ALGOR_set0(alg, OBJ_nid2obj(algnid), 975 key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key); 976 if (!*algs) 977 *algs = sk_X509_ALGOR_new_null(); 978 if (!*algs || !sk_X509_ALGOR_push(*algs, alg)) 979 { 980 X509_ALGOR_free(alg); 981 return 0; 982 } 983 return 1; 984 } 985 986 /* Check to see if a cipher exists and if so add S/MIME capabilities */ 987 988 static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) 989 { 990 if (EVP_get_cipherbynid(nid)) 991 return CMS_add_simple_smimecap(sk, nid, arg); 992 return 1; 993 } 994 #if 0 995 static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) 996 { 997 if (EVP_get_digestbynid(nid)) 998 return CMS_add_simple_smimecap(sk, nid, arg); 999 return 1; 1000 } 1001 #endif 1002 int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap) 1003 { 1004 if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) 1005 || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) 1006 || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) 1007 || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) 1008 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128) 1009 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64) 1010 || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1) 1011 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40)) 1012 return 0; 1013 return 1; 1014 } 1015