1 /* 2 * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include "internal/cryptlib.h" 11 #include <openssl/asn1t.h> 12 #include <openssl/pem.h> 13 #include <openssl/x509.h> 14 #include <openssl/x509v3.h> 15 #include <openssl/err.h> 16 #include <openssl/cms.h> 17 #include "cms_local.h" 18 #include "crypto/asn1.h" 19 #include "crypto/evp.h" 20 21 /* CMS SignedData Utilities */ 22 23 static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms) 24 { 25 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) { 26 CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA); 27 return NULL; 28 } 29 return cms->d.signedData; 30 } 31 32 static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms) 33 { 34 if (cms->d.other == NULL) { 35 cms->d.signedData = M_ASN1_new_of(CMS_SignedData); 36 if (!cms->d.signedData) { 37 CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE); 38 return NULL; 39 } 40 cms->d.signedData->version = 1; 41 cms->d.signedData->encapContentInfo->eContentType = 42 OBJ_nid2obj(NID_pkcs7_data); 43 cms->d.signedData->encapContentInfo->partial = 1; 44 ASN1_OBJECT_free(cms->contentType); 45 cms->contentType = OBJ_nid2obj(NID_pkcs7_signed); 46 return cms->d.signedData; 47 } 48 return cms_get0_signed(cms); 49 } 50 51 /* Just initialise SignedData e.g. for certs only structure */ 52 53 int CMS_SignedData_init(CMS_ContentInfo *cms) 54 { 55 if (cms_signed_data_init(cms)) 56 return 1; 57 else 58 return 0; 59 } 60 61 /* Check structures and fixup version numbers (if necessary) */ 62 63 static void cms_sd_set_version(CMS_SignedData *sd) 64 { 65 int i; 66 CMS_CertificateChoices *cch; 67 CMS_RevocationInfoChoice *rch; 68 CMS_SignerInfo *si; 69 70 for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++) { 71 cch = sk_CMS_CertificateChoices_value(sd->certificates, i); 72 if (cch->type == CMS_CERTCHOICE_OTHER) { 73 if (sd->version < 5) 74 sd->version = 5; 75 } else if (cch->type == CMS_CERTCHOICE_V2ACERT) { 76 if (sd->version < 4) 77 sd->version = 4; 78 } else if (cch->type == CMS_CERTCHOICE_V1ACERT) { 79 if (sd->version < 3) 80 sd->version = 3; 81 } 82 } 83 84 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++) { 85 rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i); 86 if (rch->type == CMS_REVCHOICE_OTHER) { 87 if (sd->version < 5) 88 sd->version = 5; 89 } 90 } 91 92 if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data) 93 && (sd->version < 3)) 94 sd->version = 3; 95 96 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) { 97 si = sk_CMS_SignerInfo_value(sd->signerInfos, i); 98 if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) { 99 if (si->version < 3) 100 si->version = 3; 101 if (sd->version < 3) 102 sd->version = 3; 103 } else if (si->version < 1) 104 si->version = 1; 105 } 106 107 if (sd->version < 1) 108 sd->version = 1; 109 110 } 111 112 /* 113 * RFC 5652 Section 11.1 Content Type 114 * The content-type attribute within signed-data MUST 115 * 1) be present if there are signed attributes 116 * 2) match the content type in the signed-data, 117 * 3) be a signed attribute. 118 * 4) not have more than one copy of the attribute. 119 * 120 * Note that since the CMS_SignerInfo_sign() always adds the "signing time" 121 * attribute, the content type attribute MUST be added also. 122 * Assumptions: This assumes that the attribute does not already exist. 123 */ 124 static int cms_set_si_contentType_attr(CMS_ContentInfo *cms, CMS_SignerInfo *si) 125 { 126 ASN1_OBJECT *ctype = cms->d.signedData->encapContentInfo->eContentType; 127 128 /* Add the contentType attribute */ 129 return CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType, 130 V_ASN1_OBJECT, ctype, -1) > 0; 131 } 132 133 /* Copy an existing messageDigest value */ 134 135 static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si) 136 { 137 STACK_OF(CMS_SignerInfo) *sinfos; 138 CMS_SignerInfo *sitmp; 139 int i; 140 sinfos = CMS_get0_SignerInfos(cms); 141 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { 142 ASN1_OCTET_STRING *messageDigest; 143 sitmp = sk_CMS_SignerInfo_value(sinfos, i); 144 if (sitmp == si) 145 continue; 146 if (CMS_signed_get_attr_count(sitmp) < 0) 147 continue; 148 if (OBJ_cmp(si->digestAlgorithm->algorithm, 149 sitmp->digestAlgorithm->algorithm)) 150 continue; 151 messageDigest = CMS_signed_get0_data_by_OBJ(sitmp, 152 OBJ_nid2obj 153 (NID_pkcs9_messageDigest), 154 -3, V_ASN1_OCTET_STRING); 155 if (!messageDigest) { 156 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, 157 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); 158 return 0; 159 } 160 161 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, 162 V_ASN1_OCTET_STRING, 163 messageDigest, -1)) 164 return 1; 165 else 166 return 0; 167 } 168 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST); 169 return 0; 170 } 171 172 int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type) 173 { 174 switch (type) { 175 case CMS_SIGNERINFO_ISSUER_SERIAL: 176 if (!cms_set1_ias(&sid->d.issuerAndSerialNumber, cert)) 177 return 0; 178 break; 179 180 case CMS_SIGNERINFO_KEYIDENTIFIER: 181 if (!cms_set1_keyid(&sid->d.subjectKeyIdentifier, cert)) 182 return 0; 183 break; 184 185 default: 186 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID); 187 return 0; 188 } 189 190 sid->type = type; 191 192 return 1; 193 } 194 195 int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, 196 ASN1_OCTET_STRING **keyid, 197 X509_NAME **issuer, 198 ASN1_INTEGER **sno) 199 { 200 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) { 201 if (issuer) 202 *issuer = sid->d.issuerAndSerialNumber->issuer; 203 if (sno) 204 *sno = sid->d.issuerAndSerialNumber->serialNumber; 205 } else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) { 206 if (keyid) 207 *keyid = sid->d.subjectKeyIdentifier; 208 } else 209 return 0; 210 return 1; 211 } 212 213 int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert) 214 { 215 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) 216 return cms_ias_cert_cmp(sid->d.issuerAndSerialNumber, cert); 217 else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) 218 return cms_keyid_cert_cmp(sid->d.subjectKeyIdentifier, cert); 219 else 220 return -1; 221 } 222 223 static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd) 224 { 225 EVP_PKEY *pkey = si->pkey; 226 int i; 227 if (!pkey->ameth || !pkey->ameth->pkey_ctrl) 228 return 1; 229 i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_SIGN, cmd, si); 230 if (i == -2) { 231 CMSerr(CMS_F_CMS_SD_ASN1_CTRL, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 232 return 0; 233 } 234 if (i <= 0) { 235 CMSerr(CMS_F_CMS_SD_ASN1_CTRL, CMS_R_CTRL_FAILURE); 236 return 0; 237 } 238 return 1; 239 } 240 241 CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, 242 X509 *signer, EVP_PKEY *pk, const EVP_MD *md, 243 unsigned int flags) 244 { 245 CMS_SignedData *sd; 246 CMS_SignerInfo *si = NULL; 247 X509_ALGOR *alg; 248 int i, type; 249 if (!X509_check_private_key(signer, pk)) { 250 CMSerr(CMS_F_CMS_ADD1_SIGNER, 251 CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); 252 return NULL; 253 } 254 sd = cms_signed_data_init(cms); 255 if (!sd) 256 goto err; 257 si = M_ASN1_new_of(CMS_SignerInfo); 258 if (!si) 259 goto merr; 260 /* Call for side-effect of computing hash and caching extensions */ 261 X509_check_purpose(signer, -1, -1); 262 263 X509_up_ref(signer); 264 EVP_PKEY_up_ref(pk); 265 266 si->pkey = pk; 267 si->signer = signer; 268 si->mctx = EVP_MD_CTX_new(); 269 si->pctx = NULL; 270 271 if (si->mctx == NULL) { 272 CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE); 273 goto err; 274 } 275 276 if (flags & CMS_USE_KEYID) { 277 si->version = 3; 278 if (sd->version < 3) 279 sd->version = 3; 280 type = CMS_SIGNERINFO_KEYIDENTIFIER; 281 } else { 282 type = CMS_SIGNERINFO_ISSUER_SERIAL; 283 si->version = 1; 284 } 285 286 if (!cms_set1_SignerIdentifier(si->sid, signer, type)) 287 goto err; 288 289 if (md == NULL) { 290 int def_nid; 291 if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) 292 goto err; 293 md = EVP_get_digestbynid(def_nid); 294 if (md == NULL) { 295 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST); 296 goto err; 297 } 298 } 299 300 if (!md) { 301 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET); 302 goto err; 303 } 304 305 X509_ALGOR_set_md(si->digestAlgorithm, md); 306 307 /* See if digest is present in digestAlgorithms */ 308 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) { 309 const ASN1_OBJECT *aoid; 310 alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i); 311 X509_ALGOR_get0(&aoid, NULL, NULL, alg); 312 if (OBJ_obj2nid(aoid) == EVP_MD_type(md)) 313 break; 314 } 315 316 if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) { 317 alg = X509_ALGOR_new(); 318 if (alg == NULL) 319 goto merr; 320 X509_ALGOR_set_md(alg, md); 321 if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) { 322 X509_ALGOR_free(alg); 323 goto merr; 324 } 325 } 326 327 if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0)) 328 goto err; 329 if (!(flags & CMS_NOATTR)) { 330 /* 331 * Initialize signed attributes structure so other attributes 332 * such as signing time etc are added later even if we add none here. 333 */ 334 if (!si->signedAttrs) { 335 si->signedAttrs = sk_X509_ATTRIBUTE_new_null(); 336 if (!si->signedAttrs) 337 goto merr; 338 } 339 340 if (!(flags & CMS_NOSMIMECAP)) { 341 STACK_OF(X509_ALGOR) *smcap = NULL; 342 i = CMS_add_standard_smimecap(&smcap); 343 if (i) 344 i = CMS_add_smimecap(si, smcap); 345 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); 346 if (!i) 347 goto merr; 348 } 349 if (flags & CMS_REUSE_DIGEST) { 350 if (!cms_copy_messageDigest(cms, si)) 351 goto err; 352 if (!cms_set_si_contentType_attr(cms, si)) 353 goto err; 354 if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) && 355 !CMS_SignerInfo_sign(si)) 356 goto err; 357 } 358 } 359 360 if (!(flags & CMS_NOCERTS)) { 361 /* NB ignore -1 return for duplicate cert */ 362 if (!CMS_add1_cert(cms, signer)) 363 goto merr; 364 } 365 366 if (flags & CMS_KEY_PARAM) { 367 if (flags & CMS_NOATTR) { 368 si->pctx = EVP_PKEY_CTX_new(si->pkey, NULL); 369 if (si->pctx == NULL) 370 goto err; 371 if (EVP_PKEY_sign_init(si->pctx) <= 0) 372 goto err; 373 if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0) 374 goto err; 375 } else if (EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, pk) <= 376 0) 377 goto err; 378 } 379 380 if (!sd->signerInfos) 381 sd->signerInfos = sk_CMS_SignerInfo_new_null(); 382 if (!sd->signerInfos || !sk_CMS_SignerInfo_push(sd->signerInfos, si)) 383 goto merr; 384 385 return si; 386 387 merr: 388 CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE); 389 err: 390 M_ASN1_free_of(si, CMS_SignerInfo); 391 return NULL; 392 393 } 394 395 static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t) 396 { 397 ASN1_TIME *tt; 398 int r = 0; 399 if (t) 400 tt = t; 401 else 402 tt = X509_gmtime_adj(NULL, 0); 403 404 if (!tt) 405 goto merr; 406 407 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime, 408 tt->type, tt, -1) <= 0) 409 goto merr; 410 411 r = 1; 412 413 merr: 414 415 if (!t) 416 ASN1_TIME_free(tt); 417 418 if (!r) 419 CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE); 420 421 return r; 422 423 } 424 425 EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si) 426 { 427 return si->pctx; 428 } 429 430 EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si) 431 { 432 return si->mctx; 433 } 434 435 STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms) 436 { 437 CMS_SignedData *sd; 438 sd = cms_get0_signed(cms); 439 if (!sd) 440 return NULL; 441 return sd->signerInfos; 442 } 443 444 STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms) 445 { 446 STACK_OF(X509) *signers = NULL; 447 STACK_OF(CMS_SignerInfo) *sinfos; 448 CMS_SignerInfo *si; 449 int i; 450 sinfos = CMS_get0_SignerInfos(cms); 451 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { 452 si = sk_CMS_SignerInfo_value(sinfos, i); 453 if (si->signer) { 454 if (!signers) { 455 signers = sk_X509_new_null(); 456 if (!signers) 457 return NULL; 458 } 459 if (!sk_X509_push(signers, si->signer)) { 460 sk_X509_free(signers); 461 return NULL; 462 } 463 } 464 } 465 return signers; 466 } 467 468 void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer) 469 { 470 if (signer) { 471 X509_up_ref(signer); 472 EVP_PKEY_free(si->pkey); 473 si->pkey = X509_get_pubkey(signer); 474 } 475 X509_free(si->signer); 476 si->signer = signer; 477 } 478 479 int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, 480 ASN1_OCTET_STRING **keyid, 481 X509_NAME **issuer, ASN1_INTEGER **sno) 482 { 483 return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno); 484 } 485 486 int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert) 487 { 488 return cms_SignerIdentifier_cert_cmp(si->sid, cert); 489 } 490 491 int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts, 492 unsigned int flags) 493 { 494 CMS_SignedData *sd; 495 CMS_SignerInfo *si; 496 CMS_CertificateChoices *cch; 497 STACK_OF(CMS_CertificateChoices) *certs; 498 X509 *x; 499 int i, j; 500 int ret = 0; 501 sd = cms_get0_signed(cms); 502 if (!sd) 503 return -1; 504 certs = sd->certificates; 505 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) { 506 si = sk_CMS_SignerInfo_value(sd->signerInfos, i); 507 if (si->signer) 508 continue; 509 510 for (j = 0; j < sk_X509_num(scerts); j++) { 511 x = sk_X509_value(scerts, j); 512 if (CMS_SignerInfo_cert_cmp(si, x) == 0) { 513 CMS_SignerInfo_set1_signer_cert(si, x); 514 ret++; 515 break; 516 } 517 } 518 519 if (si->signer || (flags & CMS_NOINTERN)) 520 continue; 521 522 for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) { 523 cch = sk_CMS_CertificateChoices_value(certs, j); 524 if (cch->type != 0) 525 continue; 526 x = cch->d.certificate; 527 if (CMS_SignerInfo_cert_cmp(si, x) == 0) { 528 CMS_SignerInfo_set1_signer_cert(si, x); 529 ret++; 530 break; 531 } 532 } 533 } 534 return ret; 535 } 536 537 void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, 538 X509 **signer, X509_ALGOR **pdig, 539 X509_ALGOR **psig) 540 { 541 if (pk) 542 *pk = si->pkey; 543 if (signer) 544 *signer = si->signer; 545 if (pdig) 546 *pdig = si->digestAlgorithm; 547 if (psig) 548 *psig = si->signatureAlgorithm; 549 } 550 551 ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si) 552 { 553 return si->signature; 554 } 555 556 static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, 557 CMS_SignerInfo *si, BIO *chain) 558 { 559 EVP_MD_CTX *mctx = EVP_MD_CTX_new(); 560 int r = 0; 561 EVP_PKEY_CTX *pctx = NULL; 562 563 if (mctx == NULL) { 564 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); 565 return 0; 566 } 567 568 if (!si->pkey) { 569 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY); 570 goto err; 571 } 572 573 if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) 574 goto err; 575 /* Set SignerInfo algorithm details if we used custom parameter */ 576 if (si->pctx && !cms_sd_asn1_ctrl(si, 0)) 577 goto err; 578 579 /* 580 * If any signed attributes calculate and add messageDigest attribute 581 */ 582 583 if (CMS_signed_get_attr_count(si) >= 0) { 584 unsigned char md[EVP_MAX_MD_SIZE]; 585 unsigned int mdlen; 586 if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) 587 goto err; 588 if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, 589 V_ASN1_OCTET_STRING, md, mdlen)) 590 goto err; 591 /* Copy content type across */ 592 if (!cms_set_si_contentType_attr(cms, si)) 593 goto err; 594 595 if (!CMS_SignerInfo_sign(si)) 596 goto err; 597 } else if (si->pctx) { 598 unsigned char *sig; 599 size_t siglen; 600 unsigned char md[EVP_MAX_MD_SIZE]; 601 unsigned int mdlen; 602 pctx = si->pctx; 603 if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) 604 goto err; 605 siglen = EVP_PKEY_size(si->pkey); 606 sig = OPENSSL_malloc(siglen); 607 if (sig == NULL) { 608 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); 609 goto err; 610 } 611 if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0) { 612 OPENSSL_free(sig); 613 goto err; 614 } 615 ASN1_STRING_set0(si->signature, sig, siglen); 616 } else { 617 unsigned char *sig; 618 unsigned int siglen; 619 sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey)); 620 if (sig == NULL) { 621 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); 622 goto err; 623 } 624 if (!EVP_SignFinal(mctx, sig, &siglen, si->pkey)) { 625 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_SIGNFINAL_ERROR); 626 OPENSSL_free(sig); 627 goto err; 628 } 629 ASN1_STRING_set0(si->signature, sig, siglen); 630 } 631 632 r = 1; 633 634 err: 635 EVP_MD_CTX_free(mctx); 636 EVP_PKEY_CTX_free(pctx); 637 return r; 638 639 } 640 641 int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) 642 { 643 STACK_OF(CMS_SignerInfo) *sinfos; 644 CMS_SignerInfo *si; 645 int i; 646 sinfos = CMS_get0_SignerInfos(cms); 647 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { 648 si = sk_CMS_SignerInfo_value(sinfos, i); 649 if (!cms_SignerInfo_content_sign(cms, si, chain)) 650 return 0; 651 } 652 cms->d.signedData->encapContentInfo->partial = 0; 653 return 1; 654 } 655 656 int CMS_SignerInfo_sign(CMS_SignerInfo *si) 657 { 658 EVP_MD_CTX *mctx = si->mctx; 659 EVP_PKEY_CTX *pctx = NULL; 660 unsigned char *abuf = NULL; 661 int alen; 662 size_t siglen; 663 const EVP_MD *md = NULL; 664 665 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); 666 if (md == NULL) 667 return 0; 668 669 if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) { 670 if (!cms_add1_signingTime(si, NULL)) 671 goto err; 672 } 673 674 if (!CMS_si_check_attributes(si)) 675 goto err; 676 677 if (si->pctx) 678 pctx = si->pctx; 679 else { 680 EVP_MD_CTX_reset(mctx); 681 if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0) 682 goto err; 683 si->pctx = pctx; 684 } 685 686 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 687 EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) { 688 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); 689 goto err; 690 } 691 692 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, 693 ASN1_ITEM_rptr(CMS_Attributes_Sign)); 694 if (!abuf) 695 goto err; 696 if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0) 697 goto err; 698 if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0) 699 goto err; 700 OPENSSL_free(abuf); 701 abuf = OPENSSL_malloc(siglen); 702 if (abuf == NULL) 703 goto err; 704 if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0) 705 goto err; 706 707 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 708 EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) { 709 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); 710 goto err; 711 } 712 713 EVP_MD_CTX_reset(mctx); 714 715 ASN1_STRING_set0(si->signature, abuf, siglen); 716 717 return 1; 718 719 err: 720 OPENSSL_free(abuf); 721 EVP_MD_CTX_reset(mctx); 722 return 0; 723 } 724 725 int CMS_SignerInfo_verify(CMS_SignerInfo *si) 726 { 727 EVP_MD_CTX *mctx = NULL; 728 unsigned char *abuf = NULL; 729 int alen, r = -1; 730 const EVP_MD *md = NULL; 731 732 if (!si->pkey) { 733 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY); 734 return -1; 735 } 736 737 if (!CMS_si_check_attributes(si)) 738 return -1; 739 740 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); 741 if (md == NULL) 742 return -1; 743 if (si->mctx == NULL && (si->mctx = EVP_MD_CTX_new()) == NULL) { 744 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, ERR_R_MALLOC_FAILURE); 745 return -1; 746 } 747 mctx = si->mctx; 748 if (EVP_DigestVerifyInit(mctx, &si->pctx, md, NULL, si->pkey) <= 0) 749 goto err; 750 751 if (!cms_sd_asn1_ctrl(si, 1)) 752 goto err; 753 754 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, 755 ASN1_ITEM_rptr(CMS_Attributes_Verify)); 756 if (!abuf) 757 goto err; 758 r = EVP_DigestVerifyUpdate(mctx, abuf, alen); 759 OPENSSL_free(abuf); 760 if (r <= 0) { 761 r = -1; 762 goto err; 763 } 764 r = EVP_DigestVerifyFinal(mctx, 765 si->signature->data, si->signature->length); 766 if (r <= 0) 767 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE); 768 err: 769 EVP_MD_CTX_reset(mctx); 770 return r; 771 } 772 773 /* Create a chain of digest BIOs from a CMS ContentInfo */ 774 775 BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms) 776 { 777 int i; 778 CMS_SignedData *sd; 779 BIO *chain = NULL; 780 sd = cms_get0_signed(cms); 781 if (!sd) 782 return NULL; 783 if (cms->d.signedData->encapContentInfo->partial) 784 cms_sd_set_version(sd); 785 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) { 786 X509_ALGOR *digestAlgorithm; 787 BIO *mdbio; 788 digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i); 789 mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm); 790 if (!mdbio) 791 goto err; 792 if (chain) 793 BIO_push(chain, mdbio); 794 else 795 chain = mdbio; 796 } 797 return chain; 798 err: 799 BIO_free_all(chain); 800 return NULL; 801 } 802 803 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) 804 { 805 ASN1_OCTET_STRING *os = NULL; 806 EVP_MD_CTX *mctx = EVP_MD_CTX_new(); 807 EVP_PKEY_CTX *pkctx = NULL; 808 int r = -1; 809 unsigned char mval[EVP_MAX_MD_SIZE]; 810 unsigned int mlen; 811 812 if (mctx == NULL) { 813 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, ERR_R_MALLOC_FAILURE); 814 goto err; 815 } 816 /* If we have any signed attributes look for messageDigest value */ 817 if (CMS_signed_get_attr_count(si) >= 0) { 818 os = CMS_signed_get0_data_by_OBJ(si, 819 OBJ_nid2obj(NID_pkcs9_messageDigest), 820 -3, V_ASN1_OCTET_STRING); 821 if (!os) { 822 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 823 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); 824 goto err; 825 } 826 } 827 828 if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) 829 goto err; 830 831 if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) { 832 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 833 CMS_R_UNABLE_TO_FINALIZE_CONTEXT); 834 goto err; 835 } 836 837 /* If messageDigest found compare it */ 838 839 if (os) { 840 if (mlen != (unsigned int)os->length) { 841 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 842 CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH); 843 goto err; 844 } 845 846 if (memcmp(mval, os->data, mlen)) { 847 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 848 CMS_R_VERIFICATION_FAILURE); 849 r = 0; 850 } else 851 r = 1; 852 } else { 853 const EVP_MD *md = EVP_MD_CTX_md(mctx); 854 pkctx = EVP_PKEY_CTX_new(si->pkey, NULL); 855 if (pkctx == NULL) 856 goto err; 857 if (EVP_PKEY_verify_init(pkctx) <= 0) 858 goto err; 859 if (EVP_PKEY_CTX_set_signature_md(pkctx, md) <= 0) 860 goto err; 861 si->pctx = pkctx; 862 if (!cms_sd_asn1_ctrl(si, 1)) 863 goto err; 864 r = EVP_PKEY_verify(pkctx, si->signature->data, 865 si->signature->length, mval, mlen); 866 if (r <= 0) { 867 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 868 CMS_R_VERIFICATION_FAILURE); 869 r = 0; 870 } 871 } 872 873 err: 874 EVP_PKEY_CTX_free(pkctx); 875 EVP_MD_CTX_free(mctx); 876 return r; 877 878 } 879 880 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs) 881 { 882 unsigned char *smder = NULL; 883 int smderlen, r; 884 smderlen = i2d_X509_ALGORS(algs, &smder); 885 if (smderlen <= 0) 886 return 0; 887 r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities, 888 V_ASN1_SEQUENCE, smder, smderlen); 889 OPENSSL_free(smder); 890 return r; 891 } 892 893 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, 894 int algnid, int keysize) 895 { 896 X509_ALGOR *alg; 897 ASN1_INTEGER *key = NULL; 898 if (keysize > 0) { 899 key = ASN1_INTEGER_new(); 900 if (key == NULL || !ASN1_INTEGER_set(key, keysize)) 901 return 0; 902 } 903 alg = X509_ALGOR_new(); 904 if (alg == NULL) { 905 ASN1_INTEGER_free(key); 906 return 0; 907 } 908 909 X509_ALGOR_set0(alg, OBJ_nid2obj(algnid), 910 key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key); 911 if (*algs == NULL) 912 *algs = sk_X509_ALGOR_new_null(); 913 if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) { 914 X509_ALGOR_free(alg); 915 return 0; 916 } 917 return 1; 918 } 919 920 /* Check to see if a cipher exists and if so add S/MIME capabilities */ 921 922 static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) 923 { 924 if (EVP_get_cipherbynid(nid)) 925 return CMS_add_simple_smimecap(sk, nid, arg); 926 return 1; 927 } 928 929 static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) 930 { 931 if (EVP_get_digestbynid(nid)) 932 return CMS_add_simple_smimecap(sk, nid, arg); 933 return 1; 934 } 935 936 int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap) 937 { 938 if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) 939 || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1) 940 || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1) 941 || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) 942 || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) 943 || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) 944 || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) 945 || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) 946 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128) 947 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64) 948 || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1) 949 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40)) 950 return 0; 951 return 1; 952 } 953