xref: /minix3/crypto/external/bsd/heimdal/dist/lib/hx509/cms.c (revision 0a6a1f1d05b60e214de2f05a7310ddd1f0e590e7)
1*0a6a1f1dSLionel Sambuc /*	$NetBSD: cms.c,v 1.1.1.2 2014/04/24 12:45:41 pettai Exp $	*/
2ebfedea0SLionel Sambuc 
3ebfedea0SLionel Sambuc /*
4ebfedea0SLionel Sambuc  * Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan
5ebfedea0SLionel Sambuc  * (Royal Institute of Technology, Stockholm, Sweden).
6ebfedea0SLionel Sambuc  * All rights reserved.
7ebfedea0SLionel Sambuc  *
8ebfedea0SLionel Sambuc  * Redistribution and use in source and binary forms, with or without
9ebfedea0SLionel Sambuc  * modification, are permitted provided that the following conditions
10ebfedea0SLionel Sambuc  * are met:
11ebfedea0SLionel Sambuc  *
12ebfedea0SLionel Sambuc  * 1. Redistributions of source code must retain the above copyright
13ebfedea0SLionel Sambuc  *    notice, this list of conditions and the following disclaimer.
14ebfedea0SLionel Sambuc  *
15ebfedea0SLionel Sambuc  * 2. Redistributions in binary form must reproduce the above copyright
16ebfedea0SLionel Sambuc  *    notice, this list of conditions and the following disclaimer in the
17ebfedea0SLionel Sambuc  *    documentation and/or other materials provided with the distribution.
18ebfedea0SLionel Sambuc  *
19ebfedea0SLionel Sambuc  * 3. Neither the name of the Institute nor the names of its contributors
20ebfedea0SLionel Sambuc  *    may be used to endorse or promote products derived from this software
21ebfedea0SLionel Sambuc  *    without specific prior written permission.
22ebfedea0SLionel Sambuc  *
23ebfedea0SLionel Sambuc  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24ebfedea0SLionel Sambuc  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25ebfedea0SLionel Sambuc  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26ebfedea0SLionel Sambuc  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27ebfedea0SLionel Sambuc  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28ebfedea0SLionel Sambuc  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29ebfedea0SLionel Sambuc  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30ebfedea0SLionel Sambuc  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31ebfedea0SLionel Sambuc  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32ebfedea0SLionel Sambuc  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33ebfedea0SLionel Sambuc  * SUCH DAMAGE.
34ebfedea0SLionel Sambuc  */
35ebfedea0SLionel Sambuc 
36ebfedea0SLionel Sambuc #include "hx_locl.h"
37ebfedea0SLionel Sambuc 
38ebfedea0SLionel Sambuc /**
39ebfedea0SLionel Sambuc  * @page page_cms CMS/PKCS7 message functions.
40ebfedea0SLionel Sambuc  *
41ebfedea0SLionel Sambuc  * CMS is defined in RFC 3369 and is an continuation of the RSA Labs
42ebfedea0SLionel Sambuc  * standard PKCS7. The basic messages in CMS is
43ebfedea0SLionel Sambuc  *
44ebfedea0SLionel Sambuc  * - SignedData
45ebfedea0SLionel Sambuc  *   Data signed with private key (RSA, DSA, ECDSA) or secret
46ebfedea0SLionel Sambuc  *   (symmetric) key
47ebfedea0SLionel Sambuc  * - EnvelopedData
48ebfedea0SLionel Sambuc  *   Data encrypted with private key (RSA)
49ebfedea0SLionel Sambuc  * - EncryptedData
50ebfedea0SLionel Sambuc  *   Data encrypted with secret (symmetric) key.
51ebfedea0SLionel Sambuc  * - ContentInfo
52ebfedea0SLionel Sambuc  *   Wrapper structure including type and data.
53ebfedea0SLionel Sambuc  *
54ebfedea0SLionel Sambuc  *
55ebfedea0SLionel Sambuc  * See the library functions here: @ref hx509_cms
56ebfedea0SLionel Sambuc  */
57ebfedea0SLionel Sambuc 
58ebfedea0SLionel Sambuc #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
59ebfedea0SLionel Sambuc #define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0)
60ebfedea0SLionel Sambuc 
61ebfedea0SLionel Sambuc /**
62ebfedea0SLionel Sambuc  * Wrap data and oid in a ContentInfo and encode it.
63ebfedea0SLionel Sambuc  *
64ebfedea0SLionel Sambuc  * @param oid type of the content.
65ebfedea0SLionel Sambuc  * @param buf data to be wrapped. If a NULL pointer is passed in, the
66ebfedea0SLionel Sambuc  * optional content field in the ContentInfo is not going be filled
67ebfedea0SLionel Sambuc  * in.
68ebfedea0SLionel Sambuc  * @param res the encoded buffer, the result should be freed with
69ebfedea0SLionel Sambuc  * der_free_octet_string().
70ebfedea0SLionel Sambuc  *
71ebfedea0SLionel Sambuc  * @return Returns an hx509 error code.
72ebfedea0SLionel Sambuc  *
73ebfedea0SLionel Sambuc  * @ingroup hx509_cms
74ebfedea0SLionel Sambuc  */
75ebfedea0SLionel Sambuc 
76ebfedea0SLionel Sambuc int
hx509_cms_wrap_ContentInfo(const heim_oid * oid,const heim_octet_string * buf,heim_octet_string * res)77ebfedea0SLionel Sambuc hx509_cms_wrap_ContentInfo(const heim_oid *oid,
78ebfedea0SLionel Sambuc 			   const heim_octet_string *buf,
79ebfedea0SLionel Sambuc 			   heim_octet_string *res)
80ebfedea0SLionel Sambuc {
81ebfedea0SLionel Sambuc     ContentInfo ci;
82ebfedea0SLionel Sambuc     size_t size;
83ebfedea0SLionel Sambuc     int ret;
84ebfedea0SLionel Sambuc 
85ebfedea0SLionel Sambuc     memset(res, 0, sizeof(*res));
86ebfedea0SLionel Sambuc     memset(&ci, 0, sizeof(ci));
87ebfedea0SLionel Sambuc 
88ebfedea0SLionel Sambuc     ret = der_copy_oid(oid, &ci.contentType);
89ebfedea0SLionel Sambuc     if (ret)
90ebfedea0SLionel Sambuc 	return ret;
91ebfedea0SLionel Sambuc     if (buf) {
92ebfedea0SLionel Sambuc 	ALLOC(ci.content, 1);
93ebfedea0SLionel Sambuc 	if (ci.content == NULL) {
94ebfedea0SLionel Sambuc 	    free_ContentInfo(&ci);
95ebfedea0SLionel Sambuc 	    return ENOMEM;
96ebfedea0SLionel Sambuc 	}
97ebfedea0SLionel Sambuc 	ci.content->data = malloc(buf->length);
98ebfedea0SLionel Sambuc 	if (ci.content->data == NULL) {
99ebfedea0SLionel Sambuc 	    free_ContentInfo(&ci);
100ebfedea0SLionel Sambuc 	    return ENOMEM;
101ebfedea0SLionel Sambuc 	}
102ebfedea0SLionel Sambuc 	memcpy(ci.content->data, buf->data, buf->length);
103ebfedea0SLionel Sambuc 	ci.content->length = buf->length;
104ebfedea0SLionel Sambuc     }
105ebfedea0SLionel Sambuc 
106ebfedea0SLionel Sambuc     ASN1_MALLOC_ENCODE(ContentInfo, res->data, res->length, &ci, &size, ret);
107ebfedea0SLionel Sambuc     free_ContentInfo(&ci);
108ebfedea0SLionel Sambuc     if (ret)
109ebfedea0SLionel Sambuc 	return ret;
110ebfedea0SLionel Sambuc     if (res->length != size)
111ebfedea0SLionel Sambuc 	_hx509_abort("internal ASN.1 encoder error");
112ebfedea0SLionel Sambuc 
113ebfedea0SLionel Sambuc     return 0;
114ebfedea0SLionel Sambuc }
115ebfedea0SLionel Sambuc 
116ebfedea0SLionel Sambuc /**
117ebfedea0SLionel Sambuc  * Decode an ContentInfo and unwrap data and oid it.
118ebfedea0SLionel Sambuc  *
119ebfedea0SLionel Sambuc  * @param in the encoded buffer.
120ebfedea0SLionel Sambuc  * @param oid type of the content.
121ebfedea0SLionel Sambuc  * @param out data to be wrapped.
122ebfedea0SLionel Sambuc  * @param have_data since the data is optional, this flags show dthe
123ebfedea0SLionel Sambuc  * diffrence between no data and the zero length data.
124ebfedea0SLionel Sambuc  *
125ebfedea0SLionel Sambuc  * @return Returns an hx509 error code.
126ebfedea0SLionel Sambuc  *
127ebfedea0SLionel Sambuc  * @ingroup hx509_cms
128ebfedea0SLionel Sambuc  */
129ebfedea0SLionel Sambuc 
130ebfedea0SLionel Sambuc int
hx509_cms_unwrap_ContentInfo(const heim_octet_string * in,heim_oid * oid,heim_octet_string * out,int * have_data)131ebfedea0SLionel Sambuc hx509_cms_unwrap_ContentInfo(const heim_octet_string *in,
132ebfedea0SLionel Sambuc 			     heim_oid *oid,
133ebfedea0SLionel Sambuc 			     heim_octet_string *out,
134ebfedea0SLionel Sambuc 			     int *have_data)
135ebfedea0SLionel Sambuc {
136ebfedea0SLionel Sambuc     ContentInfo ci;
137ebfedea0SLionel Sambuc     size_t size;
138ebfedea0SLionel Sambuc     int ret;
139ebfedea0SLionel Sambuc 
140ebfedea0SLionel Sambuc     memset(oid, 0, sizeof(*oid));
141ebfedea0SLionel Sambuc     memset(out, 0, sizeof(*out));
142ebfedea0SLionel Sambuc 
143ebfedea0SLionel Sambuc     ret = decode_ContentInfo(in->data, in->length, &ci, &size);
144ebfedea0SLionel Sambuc     if (ret)
145ebfedea0SLionel Sambuc 	return ret;
146ebfedea0SLionel Sambuc 
147ebfedea0SLionel Sambuc     ret = der_copy_oid(&ci.contentType, oid);
148ebfedea0SLionel Sambuc     if (ret) {
149ebfedea0SLionel Sambuc 	free_ContentInfo(&ci);
150ebfedea0SLionel Sambuc 	return ret;
151ebfedea0SLionel Sambuc     }
152ebfedea0SLionel Sambuc     if (ci.content) {
153ebfedea0SLionel Sambuc 	ret = der_copy_octet_string(ci.content, out);
154ebfedea0SLionel Sambuc 	if (ret) {
155ebfedea0SLionel Sambuc 	    der_free_oid(oid);
156ebfedea0SLionel Sambuc 	    free_ContentInfo(&ci);
157ebfedea0SLionel Sambuc 	    return ret;
158ebfedea0SLionel Sambuc 	}
159ebfedea0SLionel Sambuc     } else
160ebfedea0SLionel Sambuc 	memset(out, 0, sizeof(*out));
161ebfedea0SLionel Sambuc 
162ebfedea0SLionel Sambuc     if (have_data)
163ebfedea0SLionel Sambuc 	*have_data = (ci.content != NULL) ? 1 : 0;
164ebfedea0SLionel Sambuc 
165ebfedea0SLionel Sambuc     free_ContentInfo(&ci);
166ebfedea0SLionel Sambuc 
167ebfedea0SLionel Sambuc     return 0;
168ebfedea0SLionel Sambuc }
169ebfedea0SLionel Sambuc 
170ebfedea0SLionel Sambuc #define CMS_ID_SKI	0
171ebfedea0SLionel Sambuc #define CMS_ID_NAME	1
172ebfedea0SLionel Sambuc 
173ebfedea0SLionel Sambuc static int
fill_CMSIdentifier(const hx509_cert cert,int type,CMSIdentifier * id)174ebfedea0SLionel Sambuc fill_CMSIdentifier(const hx509_cert cert,
175ebfedea0SLionel Sambuc 		   int type,
176ebfedea0SLionel Sambuc 		   CMSIdentifier *id)
177ebfedea0SLionel Sambuc {
178ebfedea0SLionel Sambuc     int ret;
179ebfedea0SLionel Sambuc 
180ebfedea0SLionel Sambuc     switch (type) {
181ebfedea0SLionel Sambuc     case CMS_ID_SKI:
182ebfedea0SLionel Sambuc 	id->element = choice_CMSIdentifier_subjectKeyIdentifier;
183ebfedea0SLionel Sambuc 	ret = _hx509_find_extension_subject_key_id(_hx509_get_cert(cert),
184ebfedea0SLionel Sambuc 						   &id->u.subjectKeyIdentifier);
185ebfedea0SLionel Sambuc 	if (ret == 0)
186ebfedea0SLionel Sambuc 	    break;
187ebfedea0SLionel Sambuc 	/* FALL THOUGH */
188ebfedea0SLionel Sambuc     case CMS_ID_NAME: {
189ebfedea0SLionel Sambuc 	hx509_name name;
190ebfedea0SLionel Sambuc 
191ebfedea0SLionel Sambuc 	id->element = choice_CMSIdentifier_issuerAndSerialNumber;
192ebfedea0SLionel Sambuc 	ret = hx509_cert_get_issuer(cert, &name);
193ebfedea0SLionel Sambuc 	if (ret)
194ebfedea0SLionel Sambuc 	    return ret;
195ebfedea0SLionel Sambuc 	ret = hx509_name_to_Name(name, &id->u.issuerAndSerialNumber.issuer);
196ebfedea0SLionel Sambuc 	hx509_name_free(&name);
197ebfedea0SLionel Sambuc 	if (ret)
198ebfedea0SLionel Sambuc 	    return ret;
199ebfedea0SLionel Sambuc 
200ebfedea0SLionel Sambuc 	ret = hx509_cert_get_serialnumber(cert, &id->u.issuerAndSerialNumber.serialNumber);
201ebfedea0SLionel Sambuc 	break;
202ebfedea0SLionel Sambuc     }
203ebfedea0SLionel Sambuc     default:
204ebfedea0SLionel Sambuc 	_hx509_abort("CMS fill identifier with unknown type");
205ebfedea0SLionel Sambuc     }
206ebfedea0SLionel Sambuc     return ret;
207ebfedea0SLionel Sambuc }
208ebfedea0SLionel Sambuc 
209ebfedea0SLionel Sambuc static int
unparse_CMSIdentifier(hx509_context context,CMSIdentifier * id,char ** str)210ebfedea0SLionel Sambuc unparse_CMSIdentifier(hx509_context context,
211ebfedea0SLionel Sambuc 		      CMSIdentifier *id,
212ebfedea0SLionel Sambuc 		      char **str)
213ebfedea0SLionel Sambuc {
214ebfedea0SLionel Sambuc     int ret;
215ebfedea0SLionel Sambuc 
216ebfedea0SLionel Sambuc     *str = NULL;
217ebfedea0SLionel Sambuc     switch (id->element) {
218ebfedea0SLionel Sambuc     case choice_CMSIdentifier_issuerAndSerialNumber: {
219ebfedea0SLionel Sambuc 	IssuerAndSerialNumber *iasn;
220ebfedea0SLionel Sambuc 	char *serial, *name;
221ebfedea0SLionel Sambuc 
222ebfedea0SLionel Sambuc 	iasn = &id->u.issuerAndSerialNumber;
223ebfedea0SLionel Sambuc 
224ebfedea0SLionel Sambuc 	ret = _hx509_Name_to_string(&iasn->issuer, &name);
225ebfedea0SLionel Sambuc 	if(ret)
226ebfedea0SLionel Sambuc 	    return ret;
227ebfedea0SLionel Sambuc 	ret = der_print_hex_heim_integer(&iasn->serialNumber, &serial);
228ebfedea0SLionel Sambuc 	if (ret) {
229ebfedea0SLionel Sambuc 	    free(name);
230ebfedea0SLionel Sambuc 	    return ret;
231ebfedea0SLionel Sambuc 	}
232ebfedea0SLionel Sambuc 	asprintf(str, "certificate issued by %s with serial number %s",
233ebfedea0SLionel Sambuc 		 name, serial);
234ebfedea0SLionel Sambuc 	free(name);
235ebfedea0SLionel Sambuc 	free(serial);
236ebfedea0SLionel Sambuc 	break;
237ebfedea0SLionel Sambuc     }
238ebfedea0SLionel Sambuc     case choice_CMSIdentifier_subjectKeyIdentifier: {
239ebfedea0SLionel Sambuc 	KeyIdentifier *ki  = &id->u.subjectKeyIdentifier;
240ebfedea0SLionel Sambuc 	char *keyid;
241ebfedea0SLionel Sambuc 	ssize_t len;
242ebfedea0SLionel Sambuc 
243ebfedea0SLionel Sambuc 	len = hex_encode(ki->data, ki->length, &keyid);
244ebfedea0SLionel Sambuc 	if (len < 0)
245ebfedea0SLionel Sambuc 	    return ENOMEM;
246ebfedea0SLionel Sambuc 
247ebfedea0SLionel Sambuc 	asprintf(str, "certificate with id %s", keyid);
248ebfedea0SLionel Sambuc 	free(keyid);
249ebfedea0SLionel Sambuc 	break;
250ebfedea0SLionel Sambuc     }
251ebfedea0SLionel Sambuc     default:
252ebfedea0SLionel Sambuc 	asprintf(str, "certificate have unknown CMSidentifier type");
253ebfedea0SLionel Sambuc 	break;
254ebfedea0SLionel Sambuc     }
255ebfedea0SLionel Sambuc     if (*str == NULL)
256ebfedea0SLionel Sambuc 	return ENOMEM;
257ebfedea0SLionel Sambuc     return 0;
258ebfedea0SLionel Sambuc }
259ebfedea0SLionel Sambuc 
260ebfedea0SLionel Sambuc static int
find_CMSIdentifier(hx509_context context,CMSIdentifier * client,hx509_certs certs,time_t time_now,hx509_cert * signer_cert,int match)261ebfedea0SLionel Sambuc find_CMSIdentifier(hx509_context context,
262ebfedea0SLionel Sambuc 		   CMSIdentifier *client,
263ebfedea0SLionel Sambuc 		   hx509_certs certs,
264ebfedea0SLionel Sambuc 		   time_t time_now,
265ebfedea0SLionel Sambuc 		   hx509_cert *signer_cert,
266ebfedea0SLionel Sambuc 		   int match)
267ebfedea0SLionel Sambuc {
268ebfedea0SLionel Sambuc     hx509_query q;
269ebfedea0SLionel Sambuc     hx509_cert cert;
270ebfedea0SLionel Sambuc     Certificate c;
271ebfedea0SLionel Sambuc     int ret;
272ebfedea0SLionel Sambuc 
273ebfedea0SLionel Sambuc     memset(&c, 0, sizeof(c));
274ebfedea0SLionel Sambuc     _hx509_query_clear(&q);
275ebfedea0SLionel Sambuc 
276ebfedea0SLionel Sambuc     *signer_cert = NULL;
277ebfedea0SLionel Sambuc 
278ebfedea0SLionel Sambuc     switch (client->element) {
279ebfedea0SLionel Sambuc     case choice_CMSIdentifier_issuerAndSerialNumber:
280ebfedea0SLionel Sambuc 	q.serial = &client->u.issuerAndSerialNumber.serialNumber;
281ebfedea0SLionel Sambuc 	q.issuer_name = &client->u.issuerAndSerialNumber.issuer;
282ebfedea0SLionel Sambuc 	q.match = HX509_QUERY_MATCH_SERIALNUMBER|HX509_QUERY_MATCH_ISSUER_NAME;
283ebfedea0SLionel Sambuc 	break;
284ebfedea0SLionel Sambuc     case choice_CMSIdentifier_subjectKeyIdentifier:
285ebfedea0SLionel Sambuc 	q.subject_id = &client->u.subjectKeyIdentifier;
286ebfedea0SLionel Sambuc 	q.match = HX509_QUERY_MATCH_SUBJECT_KEY_ID;
287ebfedea0SLionel Sambuc 	break;
288ebfedea0SLionel Sambuc     default:
289ebfedea0SLionel Sambuc 	hx509_set_error_string(context, 0, HX509_CMS_NO_RECIPIENT_CERTIFICATE,
290ebfedea0SLionel Sambuc 			       "unknown CMS identifier element");
291ebfedea0SLionel Sambuc 	return HX509_CMS_NO_RECIPIENT_CERTIFICATE;
292ebfedea0SLionel Sambuc     }
293ebfedea0SLionel Sambuc 
294ebfedea0SLionel Sambuc     q.match |= match;
295ebfedea0SLionel Sambuc 
296ebfedea0SLionel Sambuc     q.match |= HX509_QUERY_MATCH_TIME;
297ebfedea0SLionel Sambuc     if (time_now)
298ebfedea0SLionel Sambuc 	q.timenow = time_now;
299ebfedea0SLionel Sambuc     else
300ebfedea0SLionel Sambuc 	q.timenow = time(NULL);
301ebfedea0SLionel Sambuc 
302ebfedea0SLionel Sambuc     ret = hx509_certs_find(context, certs, &q, &cert);
303ebfedea0SLionel Sambuc     if (ret == HX509_CERT_NOT_FOUND) {
304ebfedea0SLionel Sambuc 	char *str;
305ebfedea0SLionel Sambuc 
306ebfedea0SLionel Sambuc 	ret = unparse_CMSIdentifier(context, client, &str);
307ebfedea0SLionel Sambuc 	if (ret == 0) {
308ebfedea0SLionel Sambuc 	    hx509_set_error_string(context, 0,
309ebfedea0SLionel Sambuc 				   HX509_CMS_NO_RECIPIENT_CERTIFICATE,
310ebfedea0SLionel Sambuc 				   "Failed to find %s", str);
311ebfedea0SLionel Sambuc 	} else
312ebfedea0SLionel Sambuc 	    hx509_clear_error_string(context);
313ebfedea0SLionel Sambuc 	return HX509_CMS_NO_RECIPIENT_CERTIFICATE;
314ebfedea0SLionel Sambuc     } else if (ret) {
315ebfedea0SLionel Sambuc 	hx509_set_error_string(context, HX509_ERROR_APPEND,
316ebfedea0SLionel Sambuc 			       HX509_CMS_NO_RECIPIENT_CERTIFICATE,
317ebfedea0SLionel Sambuc 			       "Failed to find CMS id in cert store");
318ebfedea0SLionel Sambuc 	return HX509_CMS_NO_RECIPIENT_CERTIFICATE;
319ebfedea0SLionel Sambuc     }
320ebfedea0SLionel Sambuc 
321ebfedea0SLionel Sambuc     *signer_cert = cert;
322ebfedea0SLionel Sambuc 
323ebfedea0SLionel Sambuc     return 0;
324ebfedea0SLionel Sambuc }
325ebfedea0SLionel Sambuc 
326ebfedea0SLionel Sambuc /**
327ebfedea0SLionel Sambuc  * Decode and unencrypt EnvelopedData.
328ebfedea0SLionel Sambuc  *
329ebfedea0SLionel Sambuc  * Extract data and parameteres from from the EnvelopedData. Also
330ebfedea0SLionel Sambuc  * supports using detached EnvelopedData.
331ebfedea0SLionel Sambuc  *
332ebfedea0SLionel Sambuc  * @param context A hx509 context.
333ebfedea0SLionel Sambuc  * @param certs Certificate that can decrypt the EnvelopedData
334ebfedea0SLionel Sambuc  * encryption key.
335ebfedea0SLionel Sambuc  * @param flags HX509_CMS_UE flags to control the behavior.
336ebfedea0SLionel Sambuc  * @param data pointer the structure the contains the DER/BER encoded
337ebfedea0SLionel Sambuc  * EnvelopedData stucture.
338ebfedea0SLionel Sambuc  * @param length length of the data that data point to.
339ebfedea0SLionel Sambuc  * @param encryptedContent in case of detached signature, this
340ebfedea0SLionel Sambuc  * contains the actual encrypted data, othersize its should be NULL.
341ebfedea0SLionel Sambuc  * @param time_now set the current time, if zero the library uses now as the date.
342ebfedea0SLionel Sambuc  * @param contentType output type oid, should be freed with der_free_oid().
343ebfedea0SLionel Sambuc  * @param content the data, free with der_free_octet_string().
344ebfedea0SLionel Sambuc  *
345ebfedea0SLionel Sambuc  * @ingroup hx509_cms
346ebfedea0SLionel Sambuc  */
347ebfedea0SLionel Sambuc 
348ebfedea0SLionel Sambuc int
hx509_cms_unenvelope(hx509_context context,hx509_certs certs,int flags,const void * data,size_t length,const heim_octet_string * encryptedContent,time_t time_now,heim_oid * contentType,heim_octet_string * content)349ebfedea0SLionel Sambuc hx509_cms_unenvelope(hx509_context context,
350ebfedea0SLionel Sambuc 		     hx509_certs certs,
351ebfedea0SLionel Sambuc 		     int flags,
352ebfedea0SLionel Sambuc 		     const void *data,
353ebfedea0SLionel Sambuc 		     size_t length,
354ebfedea0SLionel Sambuc 		     const heim_octet_string *encryptedContent,
355ebfedea0SLionel Sambuc 		     time_t time_now,
356ebfedea0SLionel Sambuc 		     heim_oid *contentType,
357ebfedea0SLionel Sambuc 		     heim_octet_string *content)
358ebfedea0SLionel Sambuc {
359ebfedea0SLionel Sambuc     heim_octet_string key;
360ebfedea0SLionel Sambuc     EnvelopedData ed;
361ebfedea0SLionel Sambuc     hx509_cert cert;
362ebfedea0SLionel Sambuc     AlgorithmIdentifier *ai;
363ebfedea0SLionel Sambuc     const heim_octet_string *enccontent;
364ebfedea0SLionel Sambuc     heim_octet_string *params, params_data;
365ebfedea0SLionel Sambuc     heim_octet_string ivec;
366ebfedea0SLionel Sambuc     size_t size;
367*0a6a1f1dSLionel Sambuc     int ret, matched = 0, findflags = 0;
368*0a6a1f1dSLionel Sambuc     size_t i;
369ebfedea0SLionel Sambuc 
370ebfedea0SLionel Sambuc 
371ebfedea0SLionel Sambuc     memset(&key, 0, sizeof(key));
372ebfedea0SLionel Sambuc     memset(&ed, 0, sizeof(ed));
373ebfedea0SLionel Sambuc     memset(&ivec, 0, sizeof(ivec));
374ebfedea0SLionel Sambuc     memset(content, 0, sizeof(*content));
375ebfedea0SLionel Sambuc     memset(contentType, 0, sizeof(*contentType));
376ebfedea0SLionel Sambuc 
377ebfedea0SLionel Sambuc     if ((flags & HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT) == 0)
378ebfedea0SLionel Sambuc 	findflags |= HX509_QUERY_KU_ENCIPHERMENT;
379ebfedea0SLionel Sambuc 
380ebfedea0SLionel Sambuc     ret = decode_EnvelopedData(data, length, &ed, &size);
381ebfedea0SLionel Sambuc     if (ret) {
382ebfedea0SLionel Sambuc 	hx509_set_error_string(context, 0, ret,
383ebfedea0SLionel Sambuc 			       "Failed to decode EnvelopedData");
384ebfedea0SLionel Sambuc 	return ret;
385ebfedea0SLionel Sambuc     }
386ebfedea0SLionel Sambuc 
387ebfedea0SLionel Sambuc     if (ed.recipientInfos.len == 0) {
388ebfedea0SLionel Sambuc 	ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE;
389ebfedea0SLionel Sambuc 	hx509_set_error_string(context, 0, ret,
390ebfedea0SLionel Sambuc 			       "No recipient info in enveloped data");
391ebfedea0SLionel Sambuc 	goto out;
392ebfedea0SLionel Sambuc     }
393ebfedea0SLionel Sambuc 
394ebfedea0SLionel Sambuc     enccontent = ed.encryptedContentInfo.encryptedContent;
395ebfedea0SLionel Sambuc     if (enccontent == NULL) {
396ebfedea0SLionel Sambuc 	if (encryptedContent == NULL) {
397ebfedea0SLionel Sambuc 	    ret = HX509_CMS_NO_DATA_AVAILABLE;
398ebfedea0SLionel Sambuc 	    hx509_set_error_string(context, 0, ret,
399ebfedea0SLionel Sambuc 				   "Content missing from encrypted data");
400ebfedea0SLionel Sambuc 	    goto out;
401ebfedea0SLionel Sambuc 	}
402ebfedea0SLionel Sambuc 	enccontent = encryptedContent;
403ebfedea0SLionel Sambuc     } else if (encryptedContent != NULL) {
404ebfedea0SLionel Sambuc 	ret = HX509_CMS_NO_DATA_AVAILABLE;
405ebfedea0SLionel Sambuc 	hx509_set_error_string(context, 0, ret,
406ebfedea0SLionel Sambuc 			       "Both internal and external encrypted data");
407ebfedea0SLionel Sambuc 	goto out;
408ebfedea0SLionel Sambuc     }
409ebfedea0SLionel Sambuc 
410ebfedea0SLionel Sambuc     cert = NULL;
411ebfedea0SLionel Sambuc     for (i = 0; i < ed.recipientInfos.len; i++) {
412ebfedea0SLionel Sambuc 	KeyTransRecipientInfo *ri;
413ebfedea0SLionel Sambuc 	char *str;
414ebfedea0SLionel Sambuc 	int ret2;
415ebfedea0SLionel Sambuc 
416ebfedea0SLionel Sambuc 	ri = &ed.recipientInfos.val[i];
417ebfedea0SLionel Sambuc 
418ebfedea0SLionel Sambuc 	ret = find_CMSIdentifier(context, &ri->rid, certs,
419ebfedea0SLionel Sambuc 				 time_now, &cert,
420ebfedea0SLionel Sambuc 				 HX509_QUERY_PRIVATE_KEY|findflags);
421ebfedea0SLionel Sambuc 	if (ret)
422ebfedea0SLionel Sambuc 	    continue;
423ebfedea0SLionel Sambuc 
424ebfedea0SLionel Sambuc 	matched = 1; /* found a matching certificate, let decrypt */
425ebfedea0SLionel Sambuc 
426ebfedea0SLionel Sambuc 	ret = _hx509_cert_private_decrypt(context,
427ebfedea0SLionel Sambuc 					  &ri->encryptedKey,
428ebfedea0SLionel Sambuc 					  &ri->keyEncryptionAlgorithm.algorithm,
429ebfedea0SLionel Sambuc 					  cert, &key);
430ebfedea0SLionel Sambuc 
431ebfedea0SLionel Sambuc 	hx509_cert_free(cert);
432ebfedea0SLionel Sambuc 	if (ret == 0)
433ebfedea0SLionel Sambuc 	    break; /* succuessfully decrypted cert */
434ebfedea0SLionel Sambuc 	cert = NULL;
435ebfedea0SLionel Sambuc 	ret2 = unparse_CMSIdentifier(context, &ri->rid, &str);
436ebfedea0SLionel Sambuc 	if (ret2 == 0) {
437ebfedea0SLionel Sambuc 	    hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
438ebfedea0SLionel Sambuc 				   "Failed to decrypt with %s", str);
439ebfedea0SLionel Sambuc 	    free(str);
440ebfedea0SLionel Sambuc 	}
441ebfedea0SLionel Sambuc     }
442ebfedea0SLionel Sambuc 
443ebfedea0SLionel Sambuc     if (!matched) {
444ebfedea0SLionel Sambuc 	ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE;
445ebfedea0SLionel Sambuc 	hx509_set_error_string(context, 0, ret,
446ebfedea0SLionel Sambuc 			       "No private key matched any certificate");
447ebfedea0SLionel Sambuc 	goto out;
448ebfedea0SLionel Sambuc     }
449ebfedea0SLionel Sambuc 
450ebfedea0SLionel Sambuc     if (cert == NULL) {
451ebfedea0SLionel Sambuc 	ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE;
452ebfedea0SLionel Sambuc 	hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
453ebfedea0SLionel Sambuc 			       "No private key decrypted the transfer key");
454ebfedea0SLionel Sambuc 	goto out;
455ebfedea0SLionel Sambuc     }
456ebfedea0SLionel Sambuc 
457ebfedea0SLionel Sambuc     ret = der_copy_oid(&ed.encryptedContentInfo.contentType, contentType);
458ebfedea0SLionel Sambuc     if (ret) {
459ebfedea0SLionel Sambuc 	hx509_set_error_string(context, 0, ret,
460ebfedea0SLionel Sambuc 			       "Failed to copy EnvelopedData content oid");
461ebfedea0SLionel Sambuc 	goto out;
462ebfedea0SLionel Sambuc     }
463ebfedea0SLionel Sambuc 
464ebfedea0SLionel Sambuc     ai = &ed.encryptedContentInfo.contentEncryptionAlgorithm;
465ebfedea0SLionel Sambuc     if (ai->parameters) {
466ebfedea0SLionel Sambuc 	params_data.data = ai->parameters->data;
467ebfedea0SLionel Sambuc 	params_data.length = ai->parameters->length;
468ebfedea0SLionel Sambuc 	params = &params_data;
469ebfedea0SLionel Sambuc     } else
470ebfedea0SLionel Sambuc 	params = NULL;
471ebfedea0SLionel Sambuc 
472ebfedea0SLionel Sambuc     {
473ebfedea0SLionel Sambuc 	hx509_crypto crypto;
474ebfedea0SLionel Sambuc 
475ebfedea0SLionel Sambuc 	ret = hx509_crypto_init(context, NULL, &ai->algorithm, &crypto);
476ebfedea0SLionel Sambuc 	if (ret)
477ebfedea0SLionel Sambuc 	    goto out;
478ebfedea0SLionel Sambuc 
479ebfedea0SLionel Sambuc 	if (flags & HX509_CMS_UE_ALLOW_WEAK)
480ebfedea0SLionel Sambuc 	    hx509_crypto_allow_weak(crypto);
481ebfedea0SLionel Sambuc 
482ebfedea0SLionel Sambuc 	if (params) {
483ebfedea0SLionel Sambuc 	    ret = hx509_crypto_set_params(context, crypto, params, &ivec);
484ebfedea0SLionel Sambuc 	    if (ret) {
485ebfedea0SLionel Sambuc 		hx509_crypto_destroy(crypto);
486ebfedea0SLionel Sambuc 		goto out;
487ebfedea0SLionel Sambuc 	    }
488ebfedea0SLionel Sambuc 	}
489ebfedea0SLionel Sambuc 
490ebfedea0SLionel Sambuc 	ret = hx509_crypto_set_key_data(crypto, key.data, key.length);
491ebfedea0SLionel Sambuc 	if (ret) {
492ebfedea0SLionel Sambuc 	    hx509_crypto_destroy(crypto);
493ebfedea0SLionel Sambuc 	    hx509_set_error_string(context, 0, ret,
494ebfedea0SLionel Sambuc 				   "Failed to set key for decryption "
495ebfedea0SLionel Sambuc 				   "of EnvelopedData");
496ebfedea0SLionel Sambuc 	    goto out;
497ebfedea0SLionel Sambuc 	}
498ebfedea0SLionel Sambuc 
499ebfedea0SLionel Sambuc 	ret = hx509_crypto_decrypt(crypto,
500ebfedea0SLionel Sambuc 				   enccontent->data,
501ebfedea0SLionel Sambuc 				   enccontent->length,
502ebfedea0SLionel Sambuc 				   ivec.length ? &ivec : NULL,
503ebfedea0SLionel Sambuc 				   content);
504ebfedea0SLionel Sambuc 	hx509_crypto_destroy(crypto);
505ebfedea0SLionel Sambuc 	if (ret) {
506ebfedea0SLionel Sambuc 	    hx509_set_error_string(context, 0, ret,
507ebfedea0SLionel Sambuc 				   "Failed to decrypt EnvelopedData");
508ebfedea0SLionel Sambuc 	    goto out;
509ebfedea0SLionel Sambuc 	}
510ebfedea0SLionel Sambuc     }
511ebfedea0SLionel Sambuc 
512ebfedea0SLionel Sambuc out:
513ebfedea0SLionel Sambuc 
514ebfedea0SLionel Sambuc     free_EnvelopedData(&ed);
515ebfedea0SLionel Sambuc     der_free_octet_string(&key);
516ebfedea0SLionel Sambuc     if (ivec.length)
517ebfedea0SLionel Sambuc 	der_free_octet_string(&ivec);
518ebfedea0SLionel Sambuc     if (ret) {
519ebfedea0SLionel Sambuc 	der_free_oid(contentType);
520ebfedea0SLionel Sambuc 	der_free_octet_string(content);
521ebfedea0SLionel Sambuc     }
522ebfedea0SLionel Sambuc 
523ebfedea0SLionel Sambuc     return ret;
524ebfedea0SLionel Sambuc }
525ebfedea0SLionel Sambuc 
526ebfedea0SLionel Sambuc /**
527ebfedea0SLionel Sambuc  * Encrypt end encode EnvelopedData.
528ebfedea0SLionel Sambuc  *
529ebfedea0SLionel Sambuc  * Encrypt and encode EnvelopedData. The data is encrypted with a
530ebfedea0SLionel Sambuc  * random key and the the random key is encrypted with the
531ebfedea0SLionel Sambuc  * certificates private key. This limits what private key type can be
532ebfedea0SLionel Sambuc  * used to RSA.
533ebfedea0SLionel Sambuc  *
534ebfedea0SLionel Sambuc  * @param context A hx509 context.
535ebfedea0SLionel Sambuc  * @param flags flags to control the behavior.
536ebfedea0SLionel Sambuc  *    - HX509_CMS_EV_NO_KU_CHECK - Dont check KU on certificate
537ebfedea0SLionel Sambuc  *    - HX509_CMS_EV_ALLOW_WEAK - Allow weak crytpo
538ebfedea0SLionel Sambuc  *    - HX509_CMS_EV_ID_NAME - prefer issuer name and serial number
539ebfedea0SLionel Sambuc  * @param cert Certificate to encrypt the EnvelopedData encryption key
540ebfedea0SLionel Sambuc  * with.
541ebfedea0SLionel Sambuc  * @param data pointer the data to encrypt.
542ebfedea0SLionel Sambuc  * @param length length of the data that data point to.
543ebfedea0SLionel Sambuc  * @param encryption_type Encryption cipher to use for the bulk data,
544ebfedea0SLionel Sambuc  * use NULL to get default.
545ebfedea0SLionel Sambuc  * @param contentType type of the data that is encrypted
546ebfedea0SLionel Sambuc  * @param content the output of the function,
547ebfedea0SLionel Sambuc  * free with der_free_octet_string().
548ebfedea0SLionel Sambuc  *
549ebfedea0SLionel Sambuc  * @ingroup hx509_cms
550ebfedea0SLionel Sambuc  */
551ebfedea0SLionel Sambuc 
552ebfedea0SLionel Sambuc int
hx509_cms_envelope_1(hx509_context context,int flags,hx509_cert cert,const void * data,size_t length,const heim_oid * encryption_type,const heim_oid * contentType,heim_octet_string * content)553ebfedea0SLionel Sambuc hx509_cms_envelope_1(hx509_context context,
554ebfedea0SLionel Sambuc 		     int flags,
555ebfedea0SLionel Sambuc 		     hx509_cert cert,
556ebfedea0SLionel Sambuc 		     const void *data,
557ebfedea0SLionel Sambuc 		     size_t length,
558ebfedea0SLionel Sambuc 		     const heim_oid *encryption_type,
559ebfedea0SLionel Sambuc 		     const heim_oid *contentType,
560ebfedea0SLionel Sambuc 		     heim_octet_string *content)
561ebfedea0SLionel Sambuc {
562ebfedea0SLionel Sambuc     KeyTransRecipientInfo *ri;
563ebfedea0SLionel Sambuc     heim_octet_string ivec;
564ebfedea0SLionel Sambuc     heim_octet_string key;
565ebfedea0SLionel Sambuc     hx509_crypto crypto = NULL;
566ebfedea0SLionel Sambuc     int ret, cmsidflag;
567ebfedea0SLionel Sambuc     EnvelopedData ed;
568ebfedea0SLionel Sambuc     size_t size;
569ebfedea0SLionel Sambuc 
570ebfedea0SLionel Sambuc     memset(&ivec, 0, sizeof(ivec));
571ebfedea0SLionel Sambuc     memset(&key, 0, sizeof(key));
572ebfedea0SLionel Sambuc     memset(&ed, 0, sizeof(ed));
573ebfedea0SLionel Sambuc     memset(content, 0, sizeof(*content));
574ebfedea0SLionel Sambuc 
575ebfedea0SLionel Sambuc     if (encryption_type == NULL)
576ebfedea0SLionel Sambuc 	encryption_type = &asn1_oid_id_aes_256_cbc;
577ebfedea0SLionel Sambuc 
578ebfedea0SLionel Sambuc     if ((flags & HX509_CMS_EV_NO_KU_CHECK) == 0) {
579ebfedea0SLionel Sambuc 	ret = _hx509_check_key_usage(context, cert, 1 << 2, TRUE);
580ebfedea0SLionel Sambuc 	if (ret)
581ebfedea0SLionel Sambuc 	    goto out;
582ebfedea0SLionel Sambuc     }
583ebfedea0SLionel Sambuc 
584ebfedea0SLionel Sambuc     ret = hx509_crypto_init(context, NULL, encryption_type, &crypto);
585ebfedea0SLionel Sambuc     if (ret)
586ebfedea0SLionel Sambuc 	goto out;
587ebfedea0SLionel Sambuc 
588ebfedea0SLionel Sambuc     if (flags & HX509_CMS_EV_ALLOW_WEAK)
589ebfedea0SLionel Sambuc 	hx509_crypto_allow_weak(crypto);
590ebfedea0SLionel Sambuc 
591ebfedea0SLionel Sambuc     ret = hx509_crypto_set_random_key(crypto, &key);
592ebfedea0SLionel Sambuc     if (ret) {
593ebfedea0SLionel Sambuc 	hx509_set_error_string(context, 0, ret,
594ebfedea0SLionel Sambuc 			       "Create random key for EnvelopedData content");
595ebfedea0SLionel Sambuc 	goto out;
596ebfedea0SLionel Sambuc     }
597ebfedea0SLionel Sambuc 
598ebfedea0SLionel Sambuc     ret = hx509_crypto_random_iv(crypto, &ivec);
599ebfedea0SLionel Sambuc     if (ret) {
600ebfedea0SLionel Sambuc 	hx509_set_error_string(context, 0, ret,
601ebfedea0SLionel Sambuc 			       "Failed to create a random iv");
602ebfedea0SLionel Sambuc 	goto out;
603ebfedea0SLionel Sambuc     }
604ebfedea0SLionel Sambuc 
605ebfedea0SLionel Sambuc     ret = hx509_crypto_encrypt(crypto,
606ebfedea0SLionel Sambuc 			       data,
607ebfedea0SLionel Sambuc 			       length,
608ebfedea0SLionel Sambuc 			       &ivec,
609ebfedea0SLionel Sambuc 			       &ed.encryptedContentInfo.encryptedContent);
610ebfedea0SLionel Sambuc     if (ret) {
611ebfedea0SLionel Sambuc 	hx509_set_error_string(context, 0, ret,
612ebfedea0SLionel Sambuc 			       "Failed to encrypt EnvelopedData content");
613ebfedea0SLionel Sambuc 	goto out;
614ebfedea0SLionel Sambuc     }
615ebfedea0SLionel Sambuc 
616ebfedea0SLionel Sambuc     {
617ebfedea0SLionel Sambuc 	AlgorithmIdentifier *enc_alg;
618ebfedea0SLionel Sambuc 	enc_alg = &ed.encryptedContentInfo.contentEncryptionAlgorithm;
619ebfedea0SLionel Sambuc 	ret = der_copy_oid(encryption_type, &enc_alg->algorithm);
620ebfedea0SLionel Sambuc 	if (ret) {
621ebfedea0SLionel Sambuc 	    hx509_set_error_string(context, 0, ret,
622ebfedea0SLionel Sambuc 				   "Failed to set crypto oid "
623ebfedea0SLionel Sambuc 				   "for EnvelopedData");
624ebfedea0SLionel Sambuc 	    goto out;
625ebfedea0SLionel Sambuc 	}
626ebfedea0SLionel Sambuc 	ALLOC(enc_alg->parameters, 1);
627ebfedea0SLionel Sambuc 	if (enc_alg->parameters == NULL) {
628ebfedea0SLionel Sambuc 	    ret = ENOMEM;
629ebfedea0SLionel Sambuc 	    hx509_set_error_string(context, 0, ret,
630ebfedea0SLionel Sambuc 				   "Failed to allocate crypto paramaters "
631ebfedea0SLionel Sambuc 				   "for EnvelopedData");
632ebfedea0SLionel Sambuc 	    goto out;
633ebfedea0SLionel Sambuc 	}
634ebfedea0SLionel Sambuc 
635ebfedea0SLionel Sambuc 	ret = hx509_crypto_get_params(context,
636ebfedea0SLionel Sambuc 				      crypto,
637ebfedea0SLionel Sambuc 				      &ivec,
638ebfedea0SLionel Sambuc 				      enc_alg->parameters);
639ebfedea0SLionel Sambuc 	if (ret) {
640ebfedea0SLionel Sambuc 	    goto out;
641ebfedea0SLionel Sambuc 	}
642ebfedea0SLionel Sambuc     }
643ebfedea0SLionel Sambuc 
644ebfedea0SLionel Sambuc     ALLOC_SEQ(&ed.recipientInfos, 1);
645ebfedea0SLionel Sambuc     if (ed.recipientInfos.val == NULL) {
646ebfedea0SLionel Sambuc 	ret = ENOMEM;
647ebfedea0SLionel Sambuc 	hx509_set_error_string(context, 0, ret,
648ebfedea0SLionel Sambuc 			       "Failed to allocate recipients info "
649ebfedea0SLionel Sambuc 			       "for EnvelopedData");
650ebfedea0SLionel Sambuc 	goto out;
651ebfedea0SLionel Sambuc     }
652ebfedea0SLionel Sambuc 
653ebfedea0SLionel Sambuc     ri = &ed.recipientInfos.val[0];
654ebfedea0SLionel Sambuc 
655ebfedea0SLionel Sambuc     if (flags & HX509_CMS_EV_ID_NAME) {
656ebfedea0SLionel Sambuc 	ri->version = 0;
657ebfedea0SLionel Sambuc 	cmsidflag = CMS_ID_NAME;
658ebfedea0SLionel Sambuc     } else {
659ebfedea0SLionel Sambuc 	ri->version = 2;
660ebfedea0SLionel Sambuc 	cmsidflag = CMS_ID_SKI;
661ebfedea0SLionel Sambuc     }
662ebfedea0SLionel Sambuc 
663ebfedea0SLionel Sambuc     ret = fill_CMSIdentifier(cert, cmsidflag, &ri->rid);
664ebfedea0SLionel Sambuc     if (ret) {
665ebfedea0SLionel Sambuc 	hx509_set_error_string(context, 0, ret,
666ebfedea0SLionel Sambuc 			       "Failed to set CMS identifier info "
667ebfedea0SLionel Sambuc 			       "for EnvelopedData");
668ebfedea0SLionel Sambuc 	goto out;
669ebfedea0SLionel Sambuc     }
670ebfedea0SLionel Sambuc 
671ebfedea0SLionel Sambuc     ret = hx509_cert_public_encrypt(context,
672ebfedea0SLionel Sambuc 				     &key, cert,
673ebfedea0SLionel Sambuc 				     &ri->keyEncryptionAlgorithm.algorithm,
674ebfedea0SLionel Sambuc 				     &ri->encryptedKey);
675ebfedea0SLionel Sambuc     if (ret) {
676ebfedea0SLionel Sambuc 	hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
677ebfedea0SLionel Sambuc 			       "Failed to encrypt transport key for "
678ebfedea0SLionel Sambuc 			       "EnvelopedData");
679ebfedea0SLionel Sambuc 	goto out;
680ebfedea0SLionel Sambuc     }
681ebfedea0SLionel Sambuc 
682ebfedea0SLionel Sambuc     /*
683ebfedea0SLionel Sambuc      *
684ebfedea0SLionel Sambuc      */
685ebfedea0SLionel Sambuc 
686ebfedea0SLionel Sambuc     ed.version = 0;
687ebfedea0SLionel Sambuc     ed.originatorInfo = NULL;
688ebfedea0SLionel Sambuc 
689ebfedea0SLionel Sambuc     ret = der_copy_oid(contentType, &ed.encryptedContentInfo.contentType);
690ebfedea0SLionel Sambuc     if (ret) {
691ebfedea0SLionel Sambuc 	hx509_set_error_string(context, 0, ret,
692ebfedea0SLionel Sambuc 			       "Failed to copy content oid for "
693ebfedea0SLionel Sambuc 			       "EnvelopedData");
694ebfedea0SLionel Sambuc 	goto out;
695ebfedea0SLionel Sambuc     }
696ebfedea0SLionel Sambuc 
697ebfedea0SLionel Sambuc     ed.unprotectedAttrs = NULL;
698ebfedea0SLionel Sambuc 
699ebfedea0SLionel Sambuc     ASN1_MALLOC_ENCODE(EnvelopedData, content->data, content->length,
700ebfedea0SLionel Sambuc 		       &ed, &size, ret);
701ebfedea0SLionel Sambuc     if (ret) {
702ebfedea0SLionel Sambuc 	hx509_set_error_string(context, 0, ret,
703ebfedea0SLionel Sambuc 			       "Failed to encode EnvelopedData");
704ebfedea0SLionel Sambuc 	goto out;
705ebfedea0SLionel Sambuc     }
706ebfedea0SLionel Sambuc     if (size != content->length)
707ebfedea0SLionel Sambuc 	_hx509_abort("internal ASN.1 encoder error");
708ebfedea0SLionel Sambuc 
709ebfedea0SLionel Sambuc out:
710ebfedea0SLionel Sambuc     if (crypto)
711ebfedea0SLionel Sambuc 	hx509_crypto_destroy(crypto);
712ebfedea0SLionel Sambuc     if (ret)
713ebfedea0SLionel Sambuc 	der_free_octet_string(content);
714ebfedea0SLionel Sambuc     der_free_octet_string(&key);
715ebfedea0SLionel Sambuc     der_free_octet_string(&ivec);
716ebfedea0SLionel Sambuc     free_EnvelopedData(&ed);
717ebfedea0SLionel Sambuc 
718ebfedea0SLionel Sambuc     return ret;
719ebfedea0SLionel Sambuc }
720ebfedea0SLionel Sambuc 
721ebfedea0SLionel Sambuc static int
any_to_certs(hx509_context context,const SignedData * sd,hx509_certs certs)722ebfedea0SLionel Sambuc any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs)
723ebfedea0SLionel Sambuc {
724*0a6a1f1dSLionel Sambuc     int ret;
725*0a6a1f1dSLionel Sambuc     size_t i;
726ebfedea0SLionel Sambuc 
727ebfedea0SLionel Sambuc     if (sd->certificates == NULL)
728ebfedea0SLionel Sambuc 	return 0;
729ebfedea0SLionel Sambuc 
730ebfedea0SLionel Sambuc     for (i = 0; i < sd->certificates->len; i++) {
731ebfedea0SLionel Sambuc 	hx509_cert c;
732ebfedea0SLionel Sambuc 
733ebfedea0SLionel Sambuc 	ret = hx509_cert_init_data(context,
734ebfedea0SLionel Sambuc 				   sd->certificates->val[i].data,
735ebfedea0SLionel Sambuc 				   sd->certificates->val[i].length,
736ebfedea0SLionel Sambuc 				   &c);
737ebfedea0SLionel Sambuc 	if (ret)
738ebfedea0SLionel Sambuc 	    return ret;
739ebfedea0SLionel Sambuc 	ret = hx509_certs_add(context, certs, c);
740ebfedea0SLionel Sambuc 	hx509_cert_free(c);
741ebfedea0SLionel Sambuc 	if (ret)
742ebfedea0SLionel Sambuc 	    return ret;
743ebfedea0SLionel Sambuc     }
744ebfedea0SLionel Sambuc 
745ebfedea0SLionel Sambuc     return 0;
746ebfedea0SLionel Sambuc }
747ebfedea0SLionel Sambuc 
748ebfedea0SLionel Sambuc static const Attribute *
find_attribute(const CMSAttributes * attr,const heim_oid * oid)749ebfedea0SLionel Sambuc find_attribute(const CMSAttributes *attr, const heim_oid *oid)
750ebfedea0SLionel Sambuc {
751*0a6a1f1dSLionel Sambuc     size_t i;
752ebfedea0SLionel Sambuc     for (i = 0; i < attr->len; i++)
753ebfedea0SLionel Sambuc 	if (der_heim_oid_cmp(&attr->val[i].type, oid) == 0)
754ebfedea0SLionel Sambuc 	    return &attr->val[i];
755ebfedea0SLionel Sambuc     return NULL;
756ebfedea0SLionel Sambuc }
757ebfedea0SLionel Sambuc 
758ebfedea0SLionel Sambuc /**
759ebfedea0SLionel Sambuc  * Decode SignedData and verify that the signature is correct.
760ebfedea0SLionel Sambuc  *
761ebfedea0SLionel Sambuc  * @param context A hx509 context.
762ebfedea0SLionel Sambuc  * @param ctx a hx509 verify context.
763ebfedea0SLionel Sambuc  * @param flags to control the behaivor of the function.
764ebfedea0SLionel Sambuc  *    - HX509_CMS_VS_NO_KU_CHECK - Don't check KeyUsage
765ebfedea0SLionel Sambuc  *    - HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH - allow oid mismatch
766ebfedea0SLionel Sambuc  *    - HX509_CMS_VS_ALLOW_ZERO_SIGNER - no signer, see below.
767ebfedea0SLionel Sambuc  * @param data pointer to CMS SignedData encoded data.
768ebfedea0SLionel Sambuc  * @param length length of the data that data point to.
769ebfedea0SLionel Sambuc  * @param signedContent external data used for signature.
770ebfedea0SLionel Sambuc  * @param pool certificate pool to build certificates paths.
771ebfedea0SLionel Sambuc  * @param contentType free with der_free_oid().
772ebfedea0SLionel Sambuc  * @param content the output of the function, free with
773ebfedea0SLionel Sambuc  * der_free_octet_string().
774ebfedea0SLionel Sambuc  * @param signer_certs list of the cerficates used to sign this
775ebfedea0SLionel Sambuc  * request, free with hx509_certs_free().
776ebfedea0SLionel Sambuc  *
777ebfedea0SLionel Sambuc  * @ingroup hx509_cms
778ebfedea0SLionel Sambuc  */
779ebfedea0SLionel Sambuc 
780ebfedea0SLionel Sambuc int
hx509_cms_verify_signed(hx509_context context,hx509_verify_ctx ctx,unsigned int flags,const void * data,size_t length,const heim_octet_string * signedContent,hx509_certs pool,heim_oid * contentType,heim_octet_string * content,hx509_certs * signer_certs)781ebfedea0SLionel Sambuc hx509_cms_verify_signed(hx509_context context,
782ebfedea0SLionel Sambuc 			hx509_verify_ctx ctx,
783ebfedea0SLionel Sambuc 			unsigned int flags,
784ebfedea0SLionel Sambuc 			const void *data,
785ebfedea0SLionel Sambuc 			size_t length,
786ebfedea0SLionel Sambuc 			const heim_octet_string *signedContent,
787ebfedea0SLionel Sambuc 			hx509_certs pool,
788ebfedea0SLionel Sambuc 			heim_oid *contentType,
789ebfedea0SLionel Sambuc 			heim_octet_string *content,
790ebfedea0SLionel Sambuc 			hx509_certs *signer_certs)
791ebfedea0SLionel Sambuc {
792ebfedea0SLionel Sambuc     SignerInfo *signer_info;
793ebfedea0SLionel Sambuc     hx509_cert cert = NULL;
794ebfedea0SLionel Sambuc     hx509_certs certs = NULL;
795ebfedea0SLionel Sambuc     SignedData sd;
796ebfedea0SLionel Sambuc     size_t size;
797*0a6a1f1dSLionel Sambuc     int ret, found_valid_sig;
798*0a6a1f1dSLionel Sambuc     size_t i;
799ebfedea0SLionel Sambuc 
800ebfedea0SLionel Sambuc     *signer_certs = NULL;
801ebfedea0SLionel Sambuc     content->data = NULL;
802ebfedea0SLionel Sambuc     content->length = 0;
803ebfedea0SLionel Sambuc     contentType->length = 0;
804ebfedea0SLionel Sambuc     contentType->components = NULL;
805ebfedea0SLionel Sambuc 
806ebfedea0SLionel Sambuc     memset(&sd, 0, sizeof(sd));
807ebfedea0SLionel Sambuc 
808ebfedea0SLionel Sambuc     ret = decode_SignedData(data, length, &sd, &size);
809ebfedea0SLionel Sambuc     if (ret) {
810ebfedea0SLionel Sambuc 	hx509_set_error_string(context, 0, ret,
811ebfedea0SLionel Sambuc 			       "Failed to decode SignedData");
812ebfedea0SLionel Sambuc 	goto out;
813ebfedea0SLionel Sambuc     }
814ebfedea0SLionel Sambuc 
815ebfedea0SLionel Sambuc     if (sd.encapContentInfo.eContent == NULL && signedContent == NULL) {
816ebfedea0SLionel Sambuc 	ret = HX509_CMS_NO_DATA_AVAILABLE;
817ebfedea0SLionel Sambuc 	hx509_set_error_string(context, 0, ret,
818ebfedea0SLionel Sambuc 			       "No content data in SignedData");
819ebfedea0SLionel Sambuc 	goto out;
820ebfedea0SLionel Sambuc     }
821ebfedea0SLionel Sambuc     if (sd.encapContentInfo.eContent && signedContent) {
822ebfedea0SLionel Sambuc 	ret = HX509_CMS_NO_DATA_AVAILABLE;
823ebfedea0SLionel Sambuc 	hx509_set_error_string(context, 0, ret,
824ebfedea0SLionel Sambuc 			       "Both external and internal SignedData");
825ebfedea0SLionel Sambuc 	goto out;
826ebfedea0SLionel Sambuc     }
827ebfedea0SLionel Sambuc 
828ebfedea0SLionel Sambuc     if (sd.encapContentInfo.eContent)
829ebfedea0SLionel Sambuc 	ret = der_copy_octet_string(sd.encapContentInfo.eContent, content);
830ebfedea0SLionel Sambuc     else
831ebfedea0SLionel Sambuc 	ret = der_copy_octet_string(signedContent, content);
832ebfedea0SLionel Sambuc     if (ret) {
833ebfedea0SLionel Sambuc 	hx509_set_error_string(context, 0, ret, "malloc: out of memory");
834ebfedea0SLionel Sambuc 	goto out;
835ebfedea0SLionel Sambuc     }
836ebfedea0SLionel Sambuc 
837ebfedea0SLionel Sambuc     ret = hx509_certs_init(context, "MEMORY:cms-cert-buffer",
838ebfedea0SLionel Sambuc 			   0, NULL, &certs);
839ebfedea0SLionel Sambuc     if (ret)
840ebfedea0SLionel Sambuc 	goto out;
841ebfedea0SLionel Sambuc 
842ebfedea0SLionel Sambuc     ret = hx509_certs_init(context, "MEMORY:cms-signer-certs",
843ebfedea0SLionel Sambuc 			   0, NULL, signer_certs);
844ebfedea0SLionel Sambuc     if (ret)
845ebfedea0SLionel Sambuc 	goto out;
846ebfedea0SLionel Sambuc 
847ebfedea0SLionel Sambuc     /* XXX Check CMS version */
848ebfedea0SLionel Sambuc 
849ebfedea0SLionel Sambuc     ret = any_to_certs(context, &sd, certs);
850ebfedea0SLionel Sambuc     if (ret)
851ebfedea0SLionel Sambuc 	goto out;
852ebfedea0SLionel Sambuc 
853ebfedea0SLionel Sambuc     if (pool) {
854ebfedea0SLionel Sambuc 	ret = hx509_certs_merge(context, certs, pool);
855ebfedea0SLionel Sambuc 	if (ret)
856ebfedea0SLionel Sambuc 	    goto out;
857ebfedea0SLionel Sambuc     }
858ebfedea0SLionel Sambuc 
859ebfedea0SLionel Sambuc     for (found_valid_sig = 0, i = 0; i < sd.signerInfos.len; i++) {
860ebfedea0SLionel Sambuc 	heim_octet_string signed_data;
861ebfedea0SLionel Sambuc 	const heim_oid *match_oid;
862ebfedea0SLionel Sambuc 	heim_oid decode_oid;
863ebfedea0SLionel Sambuc 
864ebfedea0SLionel Sambuc 	signer_info = &sd.signerInfos.val[i];
865ebfedea0SLionel Sambuc 	match_oid = NULL;
866ebfedea0SLionel Sambuc 
867ebfedea0SLionel Sambuc 	if (signer_info->signature.length == 0) {
868ebfedea0SLionel Sambuc 	    ret = HX509_CMS_MISSING_SIGNER_DATA;
869ebfedea0SLionel Sambuc 	    hx509_set_error_string(context, 0, ret,
870ebfedea0SLionel Sambuc 				   "SignerInfo %d in SignedData "
871ebfedea0SLionel Sambuc 				   "missing sigature", i);
872ebfedea0SLionel Sambuc 	    continue;
873ebfedea0SLionel Sambuc 	}
874ebfedea0SLionel Sambuc 
875ebfedea0SLionel Sambuc 	ret = find_CMSIdentifier(context, &signer_info->sid, certs,
876ebfedea0SLionel Sambuc 				 _hx509_verify_get_time(ctx), &cert,
877ebfedea0SLionel Sambuc 				 HX509_QUERY_KU_DIGITALSIGNATURE);
878ebfedea0SLionel Sambuc 	if (ret) {
879ebfedea0SLionel Sambuc 	    /**
880ebfedea0SLionel Sambuc 	     * If HX509_CMS_VS_NO_KU_CHECK is set, allow more liberal
881ebfedea0SLionel Sambuc 	     * search for matching certificates by not considering
882ebfedea0SLionel Sambuc 	     * KeyUsage bits on the certificates.
883ebfedea0SLionel Sambuc 	     */
884ebfedea0SLionel Sambuc 	    if ((flags & HX509_CMS_VS_NO_KU_CHECK) == 0)
885ebfedea0SLionel Sambuc 		continue;
886ebfedea0SLionel Sambuc 
887ebfedea0SLionel Sambuc 	    ret = find_CMSIdentifier(context, &signer_info->sid, certs,
888ebfedea0SLionel Sambuc 				     _hx509_verify_get_time(ctx), &cert,
889ebfedea0SLionel Sambuc 				     0);
890ebfedea0SLionel Sambuc 	    if (ret)
891ebfedea0SLionel Sambuc 		continue;
892ebfedea0SLionel Sambuc 
893ebfedea0SLionel Sambuc 	}
894ebfedea0SLionel Sambuc 
895ebfedea0SLionel Sambuc 	if (signer_info->signedAttrs) {
896ebfedea0SLionel Sambuc 	    const Attribute *attr;
897ebfedea0SLionel Sambuc 
898ebfedea0SLionel Sambuc 	    CMSAttributes sa;
899ebfedea0SLionel Sambuc 	    heim_octet_string os;
900ebfedea0SLionel Sambuc 
901ebfedea0SLionel Sambuc 	    sa.val = signer_info->signedAttrs->val;
902ebfedea0SLionel Sambuc 	    sa.len = signer_info->signedAttrs->len;
903ebfedea0SLionel Sambuc 
904ebfedea0SLionel Sambuc 	    /* verify that sigature exists */
905ebfedea0SLionel Sambuc 	    attr = find_attribute(&sa, &asn1_oid_id_pkcs9_messageDigest);
906ebfedea0SLionel Sambuc 	    if (attr == NULL) {
907ebfedea0SLionel Sambuc 		ret = HX509_CRYPTO_SIGNATURE_MISSING;
908ebfedea0SLionel Sambuc 		hx509_set_error_string(context, 0, ret,
909ebfedea0SLionel Sambuc 				       "SignerInfo have signed attributes "
910ebfedea0SLionel Sambuc 				       "but messageDigest (signature) "
911ebfedea0SLionel Sambuc 				       "is missing");
912ebfedea0SLionel Sambuc 		goto next_sigature;
913ebfedea0SLionel Sambuc 	    }
914ebfedea0SLionel Sambuc 	    if (attr->value.len != 1) {
915ebfedea0SLionel Sambuc 		ret = HX509_CRYPTO_SIGNATURE_MISSING;
916ebfedea0SLionel Sambuc 		hx509_set_error_string(context, 0, ret,
917ebfedea0SLionel Sambuc 				       "SignerInfo have more then one "
918ebfedea0SLionel Sambuc 				       "messageDigest (signature)");
919ebfedea0SLionel Sambuc 		goto next_sigature;
920ebfedea0SLionel Sambuc 	    }
921ebfedea0SLionel Sambuc 
922ebfedea0SLionel Sambuc 	    ret = decode_MessageDigest(attr->value.val[0].data,
923ebfedea0SLionel Sambuc 				       attr->value.val[0].length,
924ebfedea0SLionel Sambuc 				       &os,
925ebfedea0SLionel Sambuc 				       &size);
926ebfedea0SLionel Sambuc 	    if (ret) {
927ebfedea0SLionel Sambuc 		hx509_set_error_string(context, 0, ret,
928ebfedea0SLionel Sambuc 				       "Failed to decode "
929ebfedea0SLionel Sambuc 				       "messageDigest (signature)");
930ebfedea0SLionel Sambuc 		goto next_sigature;
931ebfedea0SLionel Sambuc 	    }
932ebfedea0SLionel Sambuc 
933ebfedea0SLionel Sambuc 	    ret = _hx509_verify_signature(context,
934ebfedea0SLionel Sambuc 					  NULL,
935ebfedea0SLionel Sambuc 					  &signer_info->digestAlgorithm,
936ebfedea0SLionel Sambuc 					  content,
937ebfedea0SLionel Sambuc 					  &os);
938ebfedea0SLionel Sambuc 	    der_free_octet_string(&os);
939ebfedea0SLionel Sambuc 	    if (ret) {
940ebfedea0SLionel Sambuc 		hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
941ebfedea0SLionel Sambuc 				       "Failed to verify messageDigest");
942ebfedea0SLionel Sambuc 		goto next_sigature;
943ebfedea0SLionel Sambuc 	    }
944ebfedea0SLionel Sambuc 
945ebfedea0SLionel Sambuc 	    /*
946ebfedea0SLionel Sambuc 	     * Fetch content oid inside signedAttrs or set it to
947ebfedea0SLionel Sambuc 	     * id-pkcs7-data.
948ebfedea0SLionel Sambuc 	     */
949ebfedea0SLionel Sambuc 	    attr = find_attribute(&sa, &asn1_oid_id_pkcs9_contentType);
950ebfedea0SLionel Sambuc 	    if (attr == NULL) {
951ebfedea0SLionel Sambuc 		match_oid = &asn1_oid_id_pkcs7_data;
952ebfedea0SLionel Sambuc 	    } else {
953ebfedea0SLionel Sambuc 		if (attr->value.len != 1) {
954ebfedea0SLionel Sambuc 		    ret = HX509_CMS_DATA_OID_MISMATCH;
955ebfedea0SLionel Sambuc 		    hx509_set_error_string(context, 0, ret,
956ebfedea0SLionel Sambuc 					   "More then one oid in signedAttrs");
957ebfedea0SLionel Sambuc 		    goto next_sigature;
958ebfedea0SLionel Sambuc 
959ebfedea0SLionel Sambuc 		}
960ebfedea0SLionel Sambuc 		ret = decode_ContentType(attr->value.val[0].data,
961ebfedea0SLionel Sambuc 					 attr->value.val[0].length,
962ebfedea0SLionel Sambuc 					 &decode_oid,
963ebfedea0SLionel Sambuc 					 &size);
964ebfedea0SLionel Sambuc 		if (ret) {
965ebfedea0SLionel Sambuc 		    hx509_set_error_string(context, 0, ret,
966ebfedea0SLionel Sambuc 					   "Failed to decode "
967ebfedea0SLionel Sambuc 					   "oid in signedAttrs");
968ebfedea0SLionel Sambuc 		    goto next_sigature;
969ebfedea0SLionel Sambuc 		}
970ebfedea0SLionel Sambuc 		match_oid = &decode_oid;
971ebfedea0SLionel Sambuc 	    }
972ebfedea0SLionel Sambuc 
973ebfedea0SLionel Sambuc 	    ASN1_MALLOC_ENCODE(CMSAttributes,
974ebfedea0SLionel Sambuc 			       signed_data.data,
975ebfedea0SLionel Sambuc 			       signed_data.length,
976ebfedea0SLionel Sambuc 			       &sa,
977ebfedea0SLionel Sambuc 			       &size, ret);
978ebfedea0SLionel Sambuc 	    if (ret) {
979ebfedea0SLionel Sambuc 		if (match_oid == &decode_oid)
980ebfedea0SLionel Sambuc 		    der_free_oid(&decode_oid);
981ebfedea0SLionel Sambuc 		hx509_clear_error_string(context);
982ebfedea0SLionel Sambuc 		goto next_sigature;
983ebfedea0SLionel Sambuc 	    }
984ebfedea0SLionel Sambuc 	    if (size != signed_data.length)
985ebfedea0SLionel Sambuc 		_hx509_abort("internal ASN.1 encoder error");
986ebfedea0SLionel Sambuc 
987ebfedea0SLionel Sambuc 	} else {
988ebfedea0SLionel Sambuc 	    signed_data.data = content->data;
989ebfedea0SLionel Sambuc 	    signed_data.length = content->length;
990ebfedea0SLionel Sambuc 	    match_oid = &asn1_oid_id_pkcs7_data;
991ebfedea0SLionel Sambuc 	}
992ebfedea0SLionel Sambuc 
993ebfedea0SLionel Sambuc 	/**
994ebfedea0SLionel Sambuc 	 * If HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH, allow
995ebfedea0SLionel Sambuc 	 * encapContentInfo mismatch with the oid in signedAttributes
996ebfedea0SLionel Sambuc 	 * (or if no signedAttributes where use, pkcs7-data oid).
997ebfedea0SLionel Sambuc 	 * This is only needed to work with broken CMS implementations
998ebfedea0SLionel Sambuc 	 * that doesn't follow CMS signedAttributes rules.
999ebfedea0SLionel Sambuc 	 */
1000ebfedea0SLionel Sambuc 
1001ebfedea0SLionel Sambuc 	if (der_heim_oid_cmp(match_oid, &sd.encapContentInfo.eContentType) &&
1002ebfedea0SLionel Sambuc 	    (flags & HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH) == 0) {
1003ebfedea0SLionel Sambuc 	    ret = HX509_CMS_DATA_OID_MISMATCH;
1004ebfedea0SLionel Sambuc 	    hx509_set_error_string(context, 0, ret,
1005ebfedea0SLionel Sambuc 				   "Oid in message mismatch from the expected");
1006ebfedea0SLionel Sambuc 	}
1007ebfedea0SLionel Sambuc 	if (match_oid == &decode_oid)
1008ebfedea0SLionel Sambuc 	    der_free_oid(&decode_oid);
1009ebfedea0SLionel Sambuc 
1010ebfedea0SLionel Sambuc 	if (ret == 0) {
1011ebfedea0SLionel Sambuc 	    ret = hx509_verify_signature(context,
1012ebfedea0SLionel Sambuc 					 cert,
1013ebfedea0SLionel Sambuc 					 &signer_info->signatureAlgorithm,
1014ebfedea0SLionel Sambuc 					 &signed_data,
1015ebfedea0SLionel Sambuc 					 &signer_info->signature);
1016ebfedea0SLionel Sambuc 	    if (ret)
1017ebfedea0SLionel Sambuc 		hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
1018ebfedea0SLionel Sambuc 				       "Failed to verify signature in "
1019ebfedea0SLionel Sambuc 				       "CMS SignedData");
1020ebfedea0SLionel Sambuc 	}
1021ebfedea0SLionel Sambuc         if (signer_info->signedAttrs)
1022ebfedea0SLionel Sambuc 	    free(signed_data.data);
1023ebfedea0SLionel Sambuc 	if (ret)
1024ebfedea0SLionel Sambuc 	    goto next_sigature;
1025ebfedea0SLionel Sambuc 
1026ebfedea0SLionel Sambuc 	/**
1027ebfedea0SLionel Sambuc 	 * If HX509_CMS_VS_NO_VALIDATE flags is set, do not verify the
1028ebfedea0SLionel Sambuc 	 * signing certificates and leave that up to the caller.
1029ebfedea0SLionel Sambuc 	 */
1030ebfedea0SLionel Sambuc 
1031ebfedea0SLionel Sambuc 	if ((flags & HX509_CMS_VS_NO_VALIDATE) == 0) {
1032ebfedea0SLionel Sambuc 	    ret = hx509_verify_path(context, ctx, cert, certs);
1033ebfedea0SLionel Sambuc 	    if (ret)
1034ebfedea0SLionel Sambuc 		goto next_sigature;
1035ebfedea0SLionel Sambuc 	}
1036ebfedea0SLionel Sambuc 
1037ebfedea0SLionel Sambuc 	ret = hx509_certs_add(context, *signer_certs, cert);
1038ebfedea0SLionel Sambuc 	if (ret)
1039ebfedea0SLionel Sambuc 	    goto next_sigature;
1040ebfedea0SLionel Sambuc 
1041ebfedea0SLionel Sambuc 	found_valid_sig++;
1042ebfedea0SLionel Sambuc 
1043ebfedea0SLionel Sambuc     next_sigature:
1044ebfedea0SLionel Sambuc 	if (cert)
1045ebfedea0SLionel Sambuc 	    hx509_cert_free(cert);
1046ebfedea0SLionel Sambuc 	cert = NULL;
1047ebfedea0SLionel Sambuc     }
1048ebfedea0SLionel Sambuc     /**
1049ebfedea0SLionel Sambuc      * If HX509_CMS_VS_ALLOW_ZERO_SIGNER is set, allow empty
1050ebfedea0SLionel Sambuc      * SignerInfo (no signatures). If SignedData have no signatures,
1051ebfedea0SLionel Sambuc      * the function will return 0 with signer_certs set to NULL. Zero
1052ebfedea0SLionel Sambuc      * signers is allowed by the standard, but since its only useful
1053ebfedea0SLionel Sambuc      * in corner cases, it make into a flag that the caller have to
1054ebfedea0SLionel Sambuc      * turn on.
1055ebfedea0SLionel Sambuc      */
1056ebfedea0SLionel Sambuc     if (sd.signerInfos.len == 0 && (flags & HX509_CMS_VS_ALLOW_ZERO_SIGNER)) {
1057ebfedea0SLionel Sambuc 	if (*signer_certs)
1058ebfedea0SLionel Sambuc 	    hx509_certs_free(signer_certs);
1059ebfedea0SLionel Sambuc     } else if (found_valid_sig == 0) {
1060ebfedea0SLionel Sambuc 	if (ret == 0) {
1061ebfedea0SLionel Sambuc 	    ret = HX509_CMS_SIGNER_NOT_FOUND;
1062ebfedea0SLionel Sambuc 	    hx509_set_error_string(context, 0, ret,
1063ebfedea0SLionel Sambuc 				   "No signers where found");
1064ebfedea0SLionel Sambuc 	}
1065ebfedea0SLionel Sambuc 	goto out;
1066ebfedea0SLionel Sambuc     }
1067ebfedea0SLionel Sambuc 
1068ebfedea0SLionel Sambuc     ret = der_copy_oid(&sd.encapContentInfo.eContentType, contentType);
1069ebfedea0SLionel Sambuc     if (ret) {
1070ebfedea0SLionel Sambuc 	hx509_clear_error_string(context);
1071ebfedea0SLionel Sambuc 	goto out;
1072ebfedea0SLionel Sambuc     }
1073ebfedea0SLionel Sambuc 
1074ebfedea0SLionel Sambuc out:
1075ebfedea0SLionel Sambuc     free_SignedData(&sd);
1076ebfedea0SLionel Sambuc     if (certs)
1077ebfedea0SLionel Sambuc 	hx509_certs_free(&certs);
1078ebfedea0SLionel Sambuc     if (ret) {
1079ebfedea0SLionel Sambuc 	if (content->data)
1080ebfedea0SLionel Sambuc 	    der_free_octet_string(content);
1081ebfedea0SLionel Sambuc 	if (*signer_certs)
1082ebfedea0SLionel Sambuc 	    hx509_certs_free(signer_certs);
1083ebfedea0SLionel Sambuc 	der_free_oid(contentType);
1084ebfedea0SLionel Sambuc 	der_free_octet_string(content);
1085ebfedea0SLionel Sambuc     }
1086ebfedea0SLionel Sambuc 
1087ebfedea0SLionel Sambuc     return ret;
1088ebfedea0SLionel Sambuc }
1089ebfedea0SLionel Sambuc 
1090ebfedea0SLionel Sambuc static int
add_one_attribute(Attribute ** attr,unsigned int * len,const heim_oid * oid,heim_octet_string * data)1091ebfedea0SLionel Sambuc add_one_attribute(Attribute **attr,
1092ebfedea0SLionel Sambuc 		  unsigned int *len,
1093ebfedea0SLionel Sambuc 		  const heim_oid *oid,
1094ebfedea0SLionel Sambuc 		  heim_octet_string *data)
1095ebfedea0SLionel Sambuc {
1096ebfedea0SLionel Sambuc     void *d;
1097ebfedea0SLionel Sambuc     int ret;
1098ebfedea0SLionel Sambuc 
1099ebfedea0SLionel Sambuc     d = realloc(*attr, sizeof((*attr)[0]) * (*len + 1));
1100ebfedea0SLionel Sambuc     if (d == NULL)
1101ebfedea0SLionel Sambuc 	return ENOMEM;
1102ebfedea0SLionel Sambuc     (*attr) = d;
1103ebfedea0SLionel Sambuc 
1104ebfedea0SLionel Sambuc     ret = der_copy_oid(oid, &(*attr)[*len].type);
1105ebfedea0SLionel Sambuc     if (ret)
1106ebfedea0SLionel Sambuc 	return ret;
1107ebfedea0SLionel Sambuc 
1108ebfedea0SLionel Sambuc     ALLOC_SEQ(&(*attr)[*len].value, 1);
1109ebfedea0SLionel Sambuc     if ((*attr)[*len].value.val == NULL) {
1110ebfedea0SLionel Sambuc 	der_free_oid(&(*attr)[*len].type);
1111ebfedea0SLionel Sambuc 	return ENOMEM;
1112ebfedea0SLionel Sambuc     }
1113ebfedea0SLionel Sambuc 
1114ebfedea0SLionel Sambuc     (*attr)[*len].value.val[0].data = data->data;
1115ebfedea0SLionel Sambuc     (*attr)[*len].value.val[0].length = data->length;
1116ebfedea0SLionel Sambuc 
1117ebfedea0SLionel Sambuc     *len += 1;
1118ebfedea0SLionel Sambuc 
1119ebfedea0SLionel Sambuc     return 0;
1120ebfedea0SLionel Sambuc }
1121ebfedea0SLionel Sambuc 
1122ebfedea0SLionel Sambuc /**
1123ebfedea0SLionel Sambuc  * Decode SignedData and verify that the signature is correct.
1124ebfedea0SLionel Sambuc  *
1125ebfedea0SLionel Sambuc  * @param context A hx509 context.
1126ebfedea0SLionel Sambuc  * @param flags
1127ebfedea0SLionel Sambuc  * @param eContentType the type of the data.
1128ebfedea0SLionel Sambuc  * @param data data to sign
1129ebfedea0SLionel Sambuc  * @param length length of the data that data point to.
1130ebfedea0SLionel Sambuc  * @param digest_alg digest algorithm to use, use NULL to get the
1131ebfedea0SLionel Sambuc  * default or the peer determined algorithm.
1132ebfedea0SLionel Sambuc  * @param cert certificate to use for sign the data.
1133ebfedea0SLionel Sambuc  * @param peer info about the peer the message to send the message to,
1134ebfedea0SLionel Sambuc  * like what digest algorithm to use.
1135ebfedea0SLionel Sambuc  * @param anchors trust anchors that the client will use, used to
1136ebfedea0SLionel Sambuc  * polulate the certificates included in the message
1137ebfedea0SLionel Sambuc  * @param pool certificates to use in try to build the path to the
1138ebfedea0SLionel Sambuc  * trust anchors.
1139ebfedea0SLionel Sambuc  * @param signed_data the output of the function, free with
1140ebfedea0SLionel Sambuc  * der_free_octet_string().
1141ebfedea0SLionel Sambuc  *
1142ebfedea0SLionel Sambuc  * @ingroup hx509_cms
1143ebfedea0SLionel Sambuc  */
1144ebfedea0SLionel Sambuc 
1145ebfedea0SLionel Sambuc int
hx509_cms_create_signed_1(hx509_context context,int flags,const heim_oid * eContentType,const void * data,size_t length,const AlgorithmIdentifier * digest_alg,hx509_cert cert,hx509_peer_info peer,hx509_certs anchors,hx509_certs pool,heim_octet_string * signed_data)1146ebfedea0SLionel Sambuc hx509_cms_create_signed_1(hx509_context context,
1147ebfedea0SLionel Sambuc 			  int flags,
1148ebfedea0SLionel Sambuc 			  const heim_oid *eContentType,
1149ebfedea0SLionel Sambuc 			  const void *data, size_t length,
1150ebfedea0SLionel Sambuc 			  const AlgorithmIdentifier *digest_alg,
1151ebfedea0SLionel Sambuc 			  hx509_cert cert,
1152ebfedea0SLionel Sambuc 			  hx509_peer_info peer,
1153ebfedea0SLionel Sambuc 			  hx509_certs anchors,
1154ebfedea0SLionel Sambuc 			  hx509_certs pool,
1155ebfedea0SLionel Sambuc 			  heim_octet_string *signed_data)
1156ebfedea0SLionel Sambuc {
1157ebfedea0SLionel Sambuc     hx509_certs certs;
1158ebfedea0SLionel Sambuc     int ret = 0;
1159ebfedea0SLionel Sambuc 
1160ebfedea0SLionel Sambuc     signed_data->data = NULL;
1161ebfedea0SLionel Sambuc     signed_data->length = 0;
1162ebfedea0SLionel Sambuc 
1163ebfedea0SLionel Sambuc     ret = hx509_certs_init(context, "MEMORY:certs", 0, NULL, &certs);
1164ebfedea0SLionel Sambuc     if (ret)
1165ebfedea0SLionel Sambuc 	return ret;
1166ebfedea0SLionel Sambuc     ret = hx509_certs_add(context, certs, cert);
1167ebfedea0SLionel Sambuc     if (ret)
1168ebfedea0SLionel Sambuc 	goto out;
1169ebfedea0SLionel Sambuc 
1170ebfedea0SLionel Sambuc     ret = hx509_cms_create_signed(context, flags, eContentType, data, length,
1171ebfedea0SLionel Sambuc 				  digest_alg, certs, peer, anchors, pool,
1172ebfedea0SLionel Sambuc 				  signed_data);
1173ebfedea0SLionel Sambuc 
1174ebfedea0SLionel Sambuc  out:
1175ebfedea0SLionel Sambuc     hx509_certs_free(&certs);
1176ebfedea0SLionel Sambuc     return ret;
1177ebfedea0SLionel Sambuc }
1178ebfedea0SLionel Sambuc 
1179ebfedea0SLionel Sambuc struct sigctx {
1180ebfedea0SLionel Sambuc     SignedData sd;
1181ebfedea0SLionel Sambuc     const AlgorithmIdentifier *digest_alg;
1182ebfedea0SLionel Sambuc     const heim_oid *eContentType;
1183ebfedea0SLionel Sambuc     heim_octet_string content;
1184ebfedea0SLionel Sambuc     hx509_peer_info peer;
1185ebfedea0SLionel Sambuc     int cmsidflag;
1186ebfedea0SLionel Sambuc     int leafonly;
1187ebfedea0SLionel Sambuc     hx509_certs certs;
1188ebfedea0SLionel Sambuc     hx509_certs anchors;
1189ebfedea0SLionel Sambuc     hx509_certs pool;
1190ebfedea0SLionel Sambuc };
1191ebfedea0SLionel Sambuc 
1192ebfedea0SLionel Sambuc static int
sig_process(hx509_context context,void * ctx,hx509_cert cert)1193ebfedea0SLionel Sambuc sig_process(hx509_context context, void *ctx, hx509_cert cert)
1194ebfedea0SLionel Sambuc {
1195ebfedea0SLionel Sambuc     struct sigctx *sigctx = ctx;
1196ebfedea0SLionel Sambuc     heim_octet_string buf, sigdata = { 0, NULL };
1197ebfedea0SLionel Sambuc     SignerInfo *signer_info = NULL;
1198ebfedea0SLionel Sambuc     AlgorithmIdentifier digest;
1199ebfedea0SLionel Sambuc     size_t size;
1200ebfedea0SLionel Sambuc     void *ptr;
1201ebfedea0SLionel Sambuc     int ret;
1202ebfedea0SLionel Sambuc     SignedData *sd = &sigctx->sd;
1203ebfedea0SLionel Sambuc     hx509_path path;
1204ebfedea0SLionel Sambuc 
1205ebfedea0SLionel Sambuc     memset(&digest, 0, sizeof(digest));
1206ebfedea0SLionel Sambuc     memset(&path, 0, sizeof(path));
1207ebfedea0SLionel Sambuc 
1208ebfedea0SLionel Sambuc     if (_hx509_cert_private_key(cert) == NULL) {
1209ebfedea0SLionel Sambuc 	hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
1210ebfedea0SLionel Sambuc 			       "Private key missing for signing");
1211ebfedea0SLionel Sambuc 	return HX509_PRIVATE_KEY_MISSING;
1212ebfedea0SLionel Sambuc     }
1213ebfedea0SLionel Sambuc 
1214ebfedea0SLionel Sambuc     if (sigctx->digest_alg) {
1215ebfedea0SLionel Sambuc 	ret = copy_AlgorithmIdentifier(sigctx->digest_alg, &digest);
1216ebfedea0SLionel Sambuc 	if (ret)
1217ebfedea0SLionel Sambuc 	    hx509_clear_error_string(context);
1218ebfedea0SLionel Sambuc     } else {
1219ebfedea0SLionel Sambuc 	ret = hx509_crypto_select(context, HX509_SELECT_DIGEST,
1220ebfedea0SLionel Sambuc 				  _hx509_cert_private_key(cert),
1221ebfedea0SLionel Sambuc 				  sigctx->peer, &digest);
1222ebfedea0SLionel Sambuc     }
1223ebfedea0SLionel Sambuc     if (ret)
1224ebfedea0SLionel Sambuc 	goto out;
1225ebfedea0SLionel Sambuc 
1226ebfedea0SLionel Sambuc     /*
1227ebfedea0SLionel Sambuc      * Allocate on more signerInfo and do the signature processing
1228ebfedea0SLionel Sambuc      */
1229ebfedea0SLionel Sambuc 
1230ebfedea0SLionel Sambuc     ptr = realloc(sd->signerInfos.val,
1231ebfedea0SLionel Sambuc 		  (sd->signerInfos.len + 1) * sizeof(sd->signerInfos.val[0]));
1232ebfedea0SLionel Sambuc     if (ptr == NULL) {
1233ebfedea0SLionel Sambuc 	ret = ENOMEM;
1234ebfedea0SLionel Sambuc 	goto out;
1235ebfedea0SLionel Sambuc     }
1236ebfedea0SLionel Sambuc     sd->signerInfos.val = ptr;
1237ebfedea0SLionel Sambuc 
1238ebfedea0SLionel Sambuc     signer_info = &sd->signerInfos.val[sd->signerInfos.len];
1239ebfedea0SLionel Sambuc 
1240ebfedea0SLionel Sambuc     memset(signer_info, 0, sizeof(*signer_info));
1241ebfedea0SLionel Sambuc 
1242ebfedea0SLionel Sambuc     signer_info->version = 1;
1243ebfedea0SLionel Sambuc 
1244ebfedea0SLionel Sambuc     ret = fill_CMSIdentifier(cert, sigctx->cmsidflag, &signer_info->sid);
1245ebfedea0SLionel Sambuc     if (ret) {
1246ebfedea0SLionel Sambuc 	hx509_clear_error_string(context);
1247ebfedea0SLionel Sambuc 	goto out;
1248ebfedea0SLionel Sambuc     }
1249ebfedea0SLionel Sambuc 
1250ebfedea0SLionel Sambuc     signer_info->signedAttrs = NULL;
1251ebfedea0SLionel Sambuc     signer_info->unsignedAttrs = NULL;
1252ebfedea0SLionel Sambuc 
1253ebfedea0SLionel Sambuc     ret = copy_AlgorithmIdentifier(&digest, &signer_info->digestAlgorithm);
1254ebfedea0SLionel Sambuc     if (ret) {
1255ebfedea0SLionel Sambuc 	hx509_clear_error_string(context);
1256ebfedea0SLionel Sambuc 	goto out;
1257ebfedea0SLionel Sambuc     }
1258ebfedea0SLionel Sambuc 
1259ebfedea0SLionel Sambuc     /*
1260ebfedea0SLionel Sambuc      * If it isn't pkcs7-data send signedAttributes
1261ebfedea0SLionel Sambuc      */
1262ebfedea0SLionel Sambuc 
1263ebfedea0SLionel Sambuc     if (der_heim_oid_cmp(sigctx->eContentType, &asn1_oid_id_pkcs7_data) != 0) {
1264ebfedea0SLionel Sambuc 	CMSAttributes sa;
1265ebfedea0SLionel Sambuc 	heim_octet_string sig;
1266ebfedea0SLionel Sambuc 
1267ebfedea0SLionel Sambuc 	ALLOC(signer_info->signedAttrs, 1);
1268ebfedea0SLionel Sambuc 	if (signer_info->signedAttrs == NULL) {
1269ebfedea0SLionel Sambuc 	    ret = ENOMEM;
1270ebfedea0SLionel Sambuc 	    goto out;
1271ebfedea0SLionel Sambuc 	}
1272ebfedea0SLionel Sambuc 
1273ebfedea0SLionel Sambuc 	ret = _hx509_create_signature(context,
1274ebfedea0SLionel Sambuc 				      NULL,
1275ebfedea0SLionel Sambuc 				      &digest,
1276ebfedea0SLionel Sambuc 				      &sigctx->content,
1277ebfedea0SLionel Sambuc 				      NULL,
1278ebfedea0SLionel Sambuc 				      &sig);
1279ebfedea0SLionel Sambuc 	if (ret)
1280ebfedea0SLionel Sambuc 	    goto out;
1281ebfedea0SLionel Sambuc 
1282ebfedea0SLionel Sambuc 	ASN1_MALLOC_ENCODE(MessageDigest,
1283ebfedea0SLionel Sambuc 			   buf.data,
1284ebfedea0SLionel Sambuc 			   buf.length,
1285ebfedea0SLionel Sambuc 			   &sig,
1286ebfedea0SLionel Sambuc 			   &size,
1287ebfedea0SLionel Sambuc 			   ret);
1288ebfedea0SLionel Sambuc 	der_free_octet_string(&sig);
1289ebfedea0SLionel Sambuc 	if (ret) {
1290ebfedea0SLionel Sambuc 	    hx509_clear_error_string(context);
1291ebfedea0SLionel Sambuc 	    goto out;
1292ebfedea0SLionel Sambuc 	}
1293ebfedea0SLionel Sambuc 	if (size != buf.length)
1294ebfedea0SLionel Sambuc 	    _hx509_abort("internal ASN.1 encoder error");
1295ebfedea0SLionel Sambuc 
1296ebfedea0SLionel Sambuc 	ret = add_one_attribute(&signer_info->signedAttrs->val,
1297ebfedea0SLionel Sambuc 				&signer_info->signedAttrs->len,
1298ebfedea0SLionel Sambuc 				&asn1_oid_id_pkcs9_messageDigest,
1299ebfedea0SLionel Sambuc 				&buf);
1300ebfedea0SLionel Sambuc 	if (ret) {
1301ebfedea0SLionel Sambuc 	    free(buf.data);
1302ebfedea0SLionel Sambuc 	    hx509_clear_error_string(context);
1303ebfedea0SLionel Sambuc 	    goto out;
1304ebfedea0SLionel Sambuc 	}
1305ebfedea0SLionel Sambuc 
1306ebfedea0SLionel Sambuc 
1307ebfedea0SLionel Sambuc 	ASN1_MALLOC_ENCODE(ContentType,
1308ebfedea0SLionel Sambuc 			   buf.data,
1309ebfedea0SLionel Sambuc 			   buf.length,
1310ebfedea0SLionel Sambuc 			   sigctx->eContentType,
1311ebfedea0SLionel Sambuc 			   &size,
1312ebfedea0SLionel Sambuc 			   ret);
1313ebfedea0SLionel Sambuc 	if (ret)
1314ebfedea0SLionel Sambuc 	    goto out;
1315ebfedea0SLionel Sambuc 	if (size != buf.length)
1316ebfedea0SLionel Sambuc 	    _hx509_abort("internal ASN.1 encoder error");
1317ebfedea0SLionel Sambuc 
1318ebfedea0SLionel Sambuc 	ret = add_one_attribute(&signer_info->signedAttrs->val,
1319ebfedea0SLionel Sambuc 				&signer_info->signedAttrs->len,
1320ebfedea0SLionel Sambuc 				&asn1_oid_id_pkcs9_contentType,
1321ebfedea0SLionel Sambuc 				&buf);
1322ebfedea0SLionel Sambuc 	if (ret) {
1323ebfedea0SLionel Sambuc 	    free(buf.data);
1324ebfedea0SLionel Sambuc 	    hx509_clear_error_string(context);
1325ebfedea0SLionel Sambuc 	    goto out;
1326ebfedea0SLionel Sambuc 	}
1327ebfedea0SLionel Sambuc 
1328ebfedea0SLionel Sambuc 	sa.val = signer_info->signedAttrs->val;
1329ebfedea0SLionel Sambuc 	sa.len = signer_info->signedAttrs->len;
1330ebfedea0SLionel Sambuc 
1331ebfedea0SLionel Sambuc 	ASN1_MALLOC_ENCODE(CMSAttributes,
1332ebfedea0SLionel Sambuc 			   sigdata.data,
1333ebfedea0SLionel Sambuc 			   sigdata.length,
1334ebfedea0SLionel Sambuc 			   &sa,
1335ebfedea0SLionel Sambuc 			   &size,
1336ebfedea0SLionel Sambuc 			   ret);
1337ebfedea0SLionel Sambuc 	if (ret) {
1338ebfedea0SLionel Sambuc 	    hx509_clear_error_string(context);
1339ebfedea0SLionel Sambuc 	    goto out;
1340ebfedea0SLionel Sambuc 	}
1341ebfedea0SLionel Sambuc 	if (size != sigdata.length)
1342ebfedea0SLionel Sambuc 	    _hx509_abort("internal ASN.1 encoder error");
1343ebfedea0SLionel Sambuc     } else {
1344ebfedea0SLionel Sambuc 	sigdata.data = sigctx->content.data;
1345ebfedea0SLionel Sambuc 	sigdata.length = sigctx->content.length;
1346ebfedea0SLionel Sambuc     }
1347ebfedea0SLionel Sambuc 
1348ebfedea0SLionel Sambuc     {
1349ebfedea0SLionel Sambuc 	AlgorithmIdentifier sigalg;
1350ebfedea0SLionel Sambuc 
1351ebfedea0SLionel Sambuc 	ret = hx509_crypto_select(context, HX509_SELECT_PUBLIC_SIG,
1352ebfedea0SLionel Sambuc 				  _hx509_cert_private_key(cert), sigctx->peer,
1353ebfedea0SLionel Sambuc 				  &sigalg);
1354ebfedea0SLionel Sambuc 	if (ret)
1355ebfedea0SLionel Sambuc 	    goto out;
1356ebfedea0SLionel Sambuc 
1357ebfedea0SLionel Sambuc 	ret = _hx509_create_signature(context,
1358ebfedea0SLionel Sambuc 				      _hx509_cert_private_key(cert),
1359ebfedea0SLionel Sambuc 				      &sigalg,
1360ebfedea0SLionel Sambuc 				      &sigdata,
1361ebfedea0SLionel Sambuc 				      &signer_info->signatureAlgorithm,
1362ebfedea0SLionel Sambuc 				      &signer_info->signature);
1363ebfedea0SLionel Sambuc 	free_AlgorithmIdentifier(&sigalg);
1364ebfedea0SLionel Sambuc 	if (ret)
1365ebfedea0SLionel Sambuc 	    goto out;
1366ebfedea0SLionel Sambuc     }
1367ebfedea0SLionel Sambuc 
1368ebfedea0SLionel Sambuc     sigctx->sd.signerInfos.len++;
1369ebfedea0SLionel Sambuc     signer_info = NULL;
1370ebfedea0SLionel Sambuc 
1371ebfedea0SLionel Sambuc     /*
1372ebfedea0SLionel Sambuc      * Provide best effort path
1373ebfedea0SLionel Sambuc      */
1374ebfedea0SLionel Sambuc     if (sigctx->certs) {
1375ebfedea0SLionel Sambuc 	unsigned int i;
1376ebfedea0SLionel Sambuc 
1377ebfedea0SLionel Sambuc 	if (sigctx->pool && sigctx->leafonly == 0) {
1378ebfedea0SLionel Sambuc 	    _hx509_calculate_path(context,
1379ebfedea0SLionel Sambuc 				  HX509_CALCULATE_PATH_NO_ANCHOR,
1380ebfedea0SLionel Sambuc 				  time(NULL),
1381ebfedea0SLionel Sambuc 				  sigctx->anchors,
1382ebfedea0SLionel Sambuc 				  0,
1383ebfedea0SLionel Sambuc 				  cert,
1384ebfedea0SLionel Sambuc 				  sigctx->pool,
1385ebfedea0SLionel Sambuc 				  &path);
1386ebfedea0SLionel Sambuc 	} else
1387ebfedea0SLionel Sambuc 	    _hx509_path_append(context, &path, cert);
1388ebfedea0SLionel Sambuc 
1389ebfedea0SLionel Sambuc 	for (i = 0; i < path.len; i++) {
1390ebfedea0SLionel Sambuc 	    /* XXX remove dups */
1391ebfedea0SLionel Sambuc 	    ret = hx509_certs_add(context, sigctx->certs, path.val[i]);
1392ebfedea0SLionel Sambuc 	    if (ret) {
1393ebfedea0SLionel Sambuc 		hx509_clear_error_string(context);
1394ebfedea0SLionel Sambuc 		goto out;
1395ebfedea0SLionel Sambuc 	    }
1396ebfedea0SLionel Sambuc 	}
1397ebfedea0SLionel Sambuc     }
1398ebfedea0SLionel Sambuc 
1399ebfedea0SLionel Sambuc  out:
1400ebfedea0SLionel Sambuc     if (signer_info)
1401ebfedea0SLionel Sambuc 	free_SignerInfo(signer_info);
1402ebfedea0SLionel Sambuc     if (sigdata.data != sigctx->content.data)
1403ebfedea0SLionel Sambuc 	der_free_octet_string(&sigdata);
1404ebfedea0SLionel Sambuc     _hx509_path_free(&path);
1405ebfedea0SLionel Sambuc     free_AlgorithmIdentifier(&digest);
1406ebfedea0SLionel Sambuc 
1407ebfedea0SLionel Sambuc     return ret;
1408ebfedea0SLionel Sambuc }
1409ebfedea0SLionel Sambuc 
1410ebfedea0SLionel Sambuc static int
cert_process(hx509_context context,void * ctx,hx509_cert cert)1411ebfedea0SLionel Sambuc cert_process(hx509_context context, void *ctx, hx509_cert cert)
1412ebfedea0SLionel Sambuc {
1413ebfedea0SLionel Sambuc     struct sigctx *sigctx = ctx;
1414ebfedea0SLionel Sambuc     const unsigned int i = sigctx->sd.certificates->len;
1415ebfedea0SLionel Sambuc     void *ptr;
1416ebfedea0SLionel Sambuc     int ret;
1417ebfedea0SLionel Sambuc 
1418ebfedea0SLionel Sambuc     ptr = realloc(sigctx->sd.certificates->val,
1419ebfedea0SLionel Sambuc 		  (i + 1) * sizeof(sigctx->sd.certificates->val[0]));
1420ebfedea0SLionel Sambuc     if (ptr == NULL)
1421ebfedea0SLionel Sambuc 	return ENOMEM;
1422ebfedea0SLionel Sambuc     sigctx->sd.certificates->val = ptr;
1423ebfedea0SLionel Sambuc 
1424ebfedea0SLionel Sambuc     ret = hx509_cert_binary(context, cert,
1425ebfedea0SLionel Sambuc 			    &sigctx->sd.certificates->val[i]);
1426ebfedea0SLionel Sambuc     if (ret == 0)
1427ebfedea0SLionel Sambuc 	sigctx->sd.certificates->len++;
1428ebfedea0SLionel Sambuc 
1429ebfedea0SLionel Sambuc     return ret;
1430ebfedea0SLionel Sambuc }
1431ebfedea0SLionel Sambuc 
1432ebfedea0SLionel Sambuc static int
cmp_AlgorithmIdentifier(const AlgorithmIdentifier * p,const AlgorithmIdentifier * q)1433ebfedea0SLionel Sambuc cmp_AlgorithmIdentifier(const AlgorithmIdentifier *p, const AlgorithmIdentifier *q)
1434ebfedea0SLionel Sambuc {
1435ebfedea0SLionel Sambuc     return der_heim_oid_cmp(&p->algorithm, &q->algorithm);
1436ebfedea0SLionel Sambuc }
1437ebfedea0SLionel Sambuc 
1438ebfedea0SLionel Sambuc int
hx509_cms_create_signed(hx509_context context,int flags,const heim_oid * eContentType,const void * data,size_t length,const AlgorithmIdentifier * digest_alg,hx509_certs certs,hx509_peer_info peer,hx509_certs anchors,hx509_certs pool,heim_octet_string * signed_data)1439ebfedea0SLionel Sambuc hx509_cms_create_signed(hx509_context context,
1440ebfedea0SLionel Sambuc 			int flags,
1441ebfedea0SLionel Sambuc 			const heim_oid *eContentType,
1442ebfedea0SLionel Sambuc 			const void *data, size_t length,
1443ebfedea0SLionel Sambuc 			const AlgorithmIdentifier *digest_alg,
1444ebfedea0SLionel Sambuc 			hx509_certs certs,
1445ebfedea0SLionel Sambuc 			hx509_peer_info peer,
1446ebfedea0SLionel Sambuc 			hx509_certs anchors,
1447ebfedea0SLionel Sambuc 			hx509_certs pool,
1448ebfedea0SLionel Sambuc 			heim_octet_string *signed_data)
1449ebfedea0SLionel Sambuc {
1450ebfedea0SLionel Sambuc     unsigned int i, j;
1451ebfedea0SLionel Sambuc     hx509_name name;
1452ebfedea0SLionel Sambuc     int ret;
1453ebfedea0SLionel Sambuc     size_t size;
1454ebfedea0SLionel Sambuc     struct sigctx sigctx;
1455ebfedea0SLionel Sambuc 
1456ebfedea0SLionel Sambuc     memset(&sigctx, 0, sizeof(sigctx));
1457ebfedea0SLionel Sambuc     memset(&name, 0, sizeof(name));
1458ebfedea0SLionel Sambuc 
1459ebfedea0SLionel Sambuc     if (eContentType == NULL)
1460ebfedea0SLionel Sambuc 	eContentType = &asn1_oid_id_pkcs7_data;
1461ebfedea0SLionel Sambuc 
1462ebfedea0SLionel Sambuc     sigctx.digest_alg = digest_alg;
1463ebfedea0SLionel Sambuc     sigctx.content.data = rk_UNCONST(data);
1464ebfedea0SLionel Sambuc     sigctx.content.length = length;
1465ebfedea0SLionel Sambuc     sigctx.eContentType = eContentType;
1466ebfedea0SLionel Sambuc     sigctx.peer = peer;
1467ebfedea0SLionel Sambuc     /**
1468ebfedea0SLionel Sambuc      * Use HX509_CMS_SIGNATURE_ID_NAME to preferred use of issuer name
1469ebfedea0SLionel Sambuc      * and serial number if possible. Otherwise subject key identifier
1470ebfedea0SLionel Sambuc      * will preferred.
1471ebfedea0SLionel Sambuc      */
1472ebfedea0SLionel Sambuc     if (flags & HX509_CMS_SIGNATURE_ID_NAME)
1473ebfedea0SLionel Sambuc 	sigctx.cmsidflag = CMS_ID_NAME;
1474ebfedea0SLionel Sambuc     else
1475ebfedea0SLionel Sambuc 	sigctx.cmsidflag = CMS_ID_SKI;
1476ebfedea0SLionel Sambuc 
1477ebfedea0SLionel Sambuc     /**
1478ebfedea0SLionel Sambuc      * Use HX509_CMS_SIGNATURE_LEAF_ONLY to only request leaf
1479ebfedea0SLionel Sambuc      * certificates to be added to the SignedData.
1480ebfedea0SLionel Sambuc      */
1481ebfedea0SLionel Sambuc     sigctx.leafonly = (flags & HX509_CMS_SIGNATURE_LEAF_ONLY) ? 1 : 0;
1482ebfedea0SLionel Sambuc 
1483ebfedea0SLionel Sambuc     /**
1484ebfedea0SLionel Sambuc      * Use HX509_CMS_NO_CERTS to make the SignedData contain no
1485ebfedea0SLionel Sambuc      * certificates, overrides HX509_CMS_SIGNATURE_LEAF_ONLY.
1486ebfedea0SLionel Sambuc      */
1487ebfedea0SLionel Sambuc 
1488ebfedea0SLionel Sambuc     if ((flags & HX509_CMS_SIGNATURE_NO_CERTS) == 0) {
1489ebfedea0SLionel Sambuc 	ret = hx509_certs_init(context, "MEMORY:certs", 0, NULL, &sigctx.certs);
1490ebfedea0SLionel Sambuc 	if (ret)
1491ebfedea0SLionel Sambuc 	    return ret;
1492ebfedea0SLionel Sambuc     }
1493ebfedea0SLionel Sambuc 
1494ebfedea0SLionel Sambuc     sigctx.anchors = anchors;
1495ebfedea0SLionel Sambuc     sigctx.pool = pool;
1496ebfedea0SLionel Sambuc 
1497ebfedea0SLionel Sambuc     sigctx.sd.version = CMSVersion_v3;
1498ebfedea0SLionel Sambuc 
1499ebfedea0SLionel Sambuc     der_copy_oid(eContentType, &sigctx.sd.encapContentInfo.eContentType);
1500ebfedea0SLionel Sambuc 
1501ebfedea0SLionel Sambuc     /**
1502ebfedea0SLionel Sambuc      * Use HX509_CMS_SIGNATURE_DETACHED to create detached signatures.
1503ebfedea0SLionel Sambuc      */
1504ebfedea0SLionel Sambuc     if ((flags & HX509_CMS_SIGNATURE_DETACHED) == 0) {
1505ebfedea0SLionel Sambuc 	ALLOC(sigctx.sd.encapContentInfo.eContent, 1);
1506ebfedea0SLionel Sambuc 	if (sigctx.sd.encapContentInfo.eContent == NULL) {
1507ebfedea0SLionel Sambuc 	    hx509_clear_error_string(context);
1508ebfedea0SLionel Sambuc 	    ret = ENOMEM;
1509ebfedea0SLionel Sambuc 	    goto out;
1510ebfedea0SLionel Sambuc 	}
1511ebfedea0SLionel Sambuc 
1512ebfedea0SLionel Sambuc 	sigctx.sd.encapContentInfo.eContent->data = malloc(length);
1513ebfedea0SLionel Sambuc 	if (sigctx.sd.encapContentInfo.eContent->data == NULL) {
1514ebfedea0SLionel Sambuc 	    hx509_clear_error_string(context);
1515ebfedea0SLionel Sambuc 	    ret = ENOMEM;
1516ebfedea0SLionel Sambuc 	    goto out;
1517ebfedea0SLionel Sambuc 	}
1518ebfedea0SLionel Sambuc 	memcpy(sigctx.sd.encapContentInfo.eContent->data, data, length);
1519ebfedea0SLionel Sambuc 	sigctx.sd.encapContentInfo.eContent->length = length;
1520ebfedea0SLionel Sambuc     }
1521ebfedea0SLionel Sambuc 
1522ebfedea0SLionel Sambuc     /**
1523ebfedea0SLionel Sambuc      * Use HX509_CMS_SIGNATURE_NO_SIGNER to create no sigInfo (no
1524ebfedea0SLionel Sambuc      * signatures).
1525ebfedea0SLionel Sambuc      */
1526ebfedea0SLionel Sambuc     if ((flags & HX509_CMS_SIGNATURE_NO_SIGNER) == 0) {
1527ebfedea0SLionel Sambuc 	ret = hx509_certs_iter_f(context, certs, sig_process, &sigctx);
1528ebfedea0SLionel Sambuc 	if (ret)
1529ebfedea0SLionel Sambuc 	    goto out;
1530ebfedea0SLionel Sambuc     }
1531ebfedea0SLionel Sambuc 
1532ebfedea0SLionel Sambuc     if (sigctx.sd.signerInfos.len) {
1533*0a6a1f1dSLionel Sambuc 
1534*0a6a1f1dSLionel Sambuc 	/*
1535*0a6a1f1dSLionel Sambuc 	 * For each signerInfo, collect all different digest types.
1536*0a6a1f1dSLionel Sambuc 	 */
1537ebfedea0SLionel Sambuc 	for (i = 0; i < sigctx.sd.signerInfos.len; i++) {
1538ebfedea0SLionel Sambuc 	    AlgorithmIdentifier *di =
1539ebfedea0SLionel Sambuc 		&sigctx.sd.signerInfos.val[i].digestAlgorithm;
1540ebfedea0SLionel Sambuc 
1541ebfedea0SLionel Sambuc 	    for (j = 0; j < sigctx.sd.digestAlgorithms.len; j++)
1542ebfedea0SLionel Sambuc 		if (cmp_AlgorithmIdentifier(di, &sigctx.sd.digestAlgorithms.val[j]) == 0)
1543ebfedea0SLionel Sambuc 		    break;
1544*0a6a1f1dSLionel Sambuc 	    if (j == sigctx.sd.digestAlgorithms.len) {
1545ebfedea0SLionel Sambuc 		ret = add_DigestAlgorithmIdentifiers(&sigctx.sd.digestAlgorithms, di);
1546ebfedea0SLionel Sambuc 		if (ret) {
1547ebfedea0SLionel Sambuc 		    hx509_clear_error_string(context);
1548ebfedea0SLionel Sambuc 		    goto out;
1549ebfedea0SLionel Sambuc 		}
1550ebfedea0SLionel Sambuc 	    }
1551ebfedea0SLionel Sambuc 	}
1552ebfedea0SLionel Sambuc     }
1553ebfedea0SLionel Sambuc 
1554*0a6a1f1dSLionel Sambuc     /*
1555*0a6a1f1dSLionel Sambuc      * Add certs we think are needed, build as part of sig_process
1556*0a6a1f1dSLionel Sambuc      */
1557ebfedea0SLionel Sambuc     if (sigctx.certs) {
1558ebfedea0SLionel Sambuc 	ALLOC(sigctx.sd.certificates, 1);
1559ebfedea0SLionel Sambuc 	if (sigctx.sd.certificates == NULL) {
1560ebfedea0SLionel Sambuc 	    hx509_clear_error_string(context);
1561ebfedea0SLionel Sambuc 	    ret = ENOMEM;
1562ebfedea0SLionel Sambuc 	    goto out;
1563ebfedea0SLionel Sambuc 	}
1564ebfedea0SLionel Sambuc 
1565ebfedea0SLionel Sambuc 	ret = hx509_certs_iter_f(context, sigctx.certs, cert_process, &sigctx);
1566ebfedea0SLionel Sambuc 	if (ret)
1567ebfedea0SLionel Sambuc 	    goto out;
1568ebfedea0SLionel Sambuc     }
1569ebfedea0SLionel Sambuc 
1570ebfedea0SLionel Sambuc     ASN1_MALLOC_ENCODE(SignedData,
1571ebfedea0SLionel Sambuc 		       signed_data->data, signed_data->length,
1572ebfedea0SLionel Sambuc 		       &sigctx.sd, &size, ret);
1573ebfedea0SLionel Sambuc     if (ret) {
1574ebfedea0SLionel Sambuc 	hx509_clear_error_string(context);
1575ebfedea0SLionel Sambuc 	goto out;
1576ebfedea0SLionel Sambuc     }
1577ebfedea0SLionel Sambuc     if (signed_data->length != size)
1578ebfedea0SLionel Sambuc 	_hx509_abort("internal ASN.1 encoder error");
1579ebfedea0SLionel Sambuc 
1580ebfedea0SLionel Sambuc out:
1581ebfedea0SLionel Sambuc     hx509_certs_free(&sigctx.certs);
1582ebfedea0SLionel Sambuc     free_SignedData(&sigctx.sd);
1583ebfedea0SLionel Sambuc 
1584ebfedea0SLionel Sambuc     return ret;
1585ebfedea0SLionel Sambuc }
1586ebfedea0SLionel Sambuc 
1587ebfedea0SLionel Sambuc int
hx509_cms_decrypt_encrypted(hx509_context context,hx509_lock lock,const void * data,size_t length,heim_oid * contentType,heim_octet_string * content)1588ebfedea0SLionel Sambuc hx509_cms_decrypt_encrypted(hx509_context context,
1589ebfedea0SLionel Sambuc 			    hx509_lock lock,
1590ebfedea0SLionel Sambuc 			    const void *data,
1591ebfedea0SLionel Sambuc 			    size_t length,
1592ebfedea0SLionel Sambuc 			    heim_oid *contentType,
1593ebfedea0SLionel Sambuc 			    heim_octet_string *content)
1594ebfedea0SLionel Sambuc {
1595ebfedea0SLionel Sambuc     heim_octet_string cont;
1596ebfedea0SLionel Sambuc     CMSEncryptedData ed;
1597ebfedea0SLionel Sambuc     AlgorithmIdentifier *ai;
1598ebfedea0SLionel Sambuc     int ret;
1599ebfedea0SLionel Sambuc 
1600ebfedea0SLionel Sambuc     memset(content, 0, sizeof(*content));
1601ebfedea0SLionel Sambuc     memset(&cont, 0, sizeof(cont));
1602ebfedea0SLionel Sambuc 
1603ebfedea0SLionel Sambuc     ret = decode_CMSEncryptedData(data, length, &ed, NULL);
1604ebfedea0SLionel Sambuc     if (ret) {
1605ebfedea0SLionel Sambuc 	hx509_set_error_string(context, 0, ret,
1606ebfedea0SLionel Sambuc 			       "Failed to decode CMSEncryptedData");
1607ebfedea0SLionel Sambuc 	return ret;
1608ebfedea0SLionel Sambuc     }
1609ebfedea0SLionel Sambuc 
1610ebfedea0SLionel Sambuc     if (ed.encryptedContentInfo.encryptedContent == NULL) {
1611ebfedea0SLionel Sambuc 	ret = HX509_CMS_NO_DATA_AVAILABLE;
1612ebfedea0SLionel Sambuc 	hx509_set_error_string(context, 0, ret,
1613ebfedea0SLionel Sambuc 			       "No content in EncryptedData");
1614ebfedea0SLionel Sambuc 	goto out;
1615ebfedea0SLionel Sambuc     }
1616ebfedea0SLionel Sambuc 
1617ebfedea0SLionel Sambuc     ret = der_copy_oid(&ed.encryptedContentInfo.contentType, contentType);
1618ebfedea0SLionel Sambuc     if (ret) {
1619ebfedea0SLionel Sambuc 	hx509_clear_error_string(context);
1620ebfedea0SLionel Sambuc 	goto out;
1621ebfedea0SLionel Sambuc     }
1622ebfedea0SLionel Sambuc 
1623ebfedea0SLionel Sambuc     ai = &ed.encryptedContentInfo.contentEncryptionAlgorithm;
1624ebfedea0SLionel Sambuc     if (ai->parameters == NULL) {
1625ebfedea0SLionel Sambuc 	ret = HX509_ALG_NOT_SUPP;
1626ebfedea0SLionel Sambuc 	hx509_clear_error_string(context);
1627ebfedea0SLionel Sambuc 	goto out;
1628ebfedea0SLionel Sambuc     }
1629ebfedea0SLionel Sambuc 
1630ebfedea0SLionel Sambuc     ret = _hx509_pbe_decrypt(context,
1631ebfedea0SLionel Sambuc 			     lock,
1632ebfedea0SLionel Sambuc 			     ai,
1633ebfedea0SLionel Sambuc 			     ed.encryptedContentInfo.encryptedContent,
1634ebfedea0SLionel Sambuc 			     &cont);
1635ebfedea0SLionel Sambuc     if (ret)
1636ebfedea0SLionel Sambuc 	goto out;
1637ebfedea0SLionel Sambuc 
1638ebfedea0SLionel Sambuc     *content = cont;
1639ebfedea0SLionel Sambuc 
1640ebfedea0SLionel Sambuc out:
1641ebfedea0SLionel Sambuc     if (ret) {
1642ebfedea0SLionel Sambuc 	if (cont.data)
1643ebfedea0SLionel Sambuc 	    free(cont.data);
1644ebfedea0SLionel Sambuc     }
1645ebfedea0SLionel Sambuc     free_CMSEncryptedData(&ed);
1646ebfedea0SLionel Sambuc     return ret;
1647ebfedea0SLionel Sambuc }
1648