1*0a6a1f1dSLionel Sambuc /* $NetBSD: cms.c,v 1.1.1.2 2014/04/24 12:45:41 pettai Exp $ */
2ebfedea0SLionel Sambuc
3ebfedea0SLionel Sambuc /*
4ebfedea0SLionel Sambuc * Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan
5ebfedea0SLionel Sambuc * (Royal Institute of Technology, Stockholm, Sweden).
6ebfedea0SLionel Sambuc * All rights reserved.
7ebfedea0SLionel Sambuc *
8ebfedea0SLionel Sambuc * Redistribution and use in source and binary forms, with or without
9ebfedea0SLionel Sambuc * modification, are permitted provided that the following conditions
10ebfedea0SLionel Sambuc * are met:
11ebfedea0SLionel Sambuc *
12ebfedea0SLionel Sambuc * 1. Redistributions of source code must retain the above copyright
13ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer.
14ebfedea0SLionel Sambuc *
15ebfedea0SLionel Sambuc * 2. Redistributions in binary form must reproduce the above copyright
16ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer in the
17ebfedea0SLionel Sambuc * documentation and/or other materials provided with the distribution.
18ebfedea0SLionel Sambuc *
19ebfedea0SLionel Sambuc * 3. Neither the name of the Institute nor the names of its contributors
20ebfedea0SLionel Sambuc * may be used to endorse or promote products derived from this software
21ebfedea0SLionel Sambuc * without specific prior written permission.
22ebfedea0SLionel Sambuc *
23ebfedea0SLionel Sambuc * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24ebfedea0SLionel Sambuc * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25ebfedea0SLionel Sambuc * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26ebfedea0SLionel Sambuc * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27ebfedea0SLionel Sambuc * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28ebfedea0SLionel Sambuc * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29ebfedea0SLionel Sambuc * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30ebfedea0SLionel Sambuc * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31ebfedea0SLionel Sambuc * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32ebfedea0SLionel Sambuc * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33ebfedea0SLionel Sambuc * SUCH DAMAGE.
34ebfedea0SLionel Sambuc */
35ebfedea0SLionel Sambuc
36ebfedea0SLionel Sambuc #include "hx_locl.h"
37ebfedea0SLionel Sambuc
38ebfedea0SLionel Sambuc /**
39ebfedea0SLionel Sambuc * @page page_cms CMS/PKCS7 message functions.
40ebfedea0SLionel Sambuc *
41ebfedea0SLionel Sambuc * CMS is defined in RFC 3369 and is an continuation of the RSA Labs
42ebfedea0SLionel Sambuc * standard PKCS7. The basic messages in CMS is
43ebfedea0SLionel Sambuc *
44ebfedea0SLionel Sambuc * - SignedData
45ebfedea0SLionel Sambuc * Data signed with private key (RSA, DSA, ECDSA) or secret
46ebfedea0SLionel Sambuc * (symmetric) key
47ebfedea0SLionel Sambuc * - EnvelopedData
48ebfedea0SLionel Sambuc * Data encrypted with private key (RSA)
49ebfedea0SLionel Sambuc * - EncryptedData
50ebfedea0SLionel Sambuc * Data encrypted with secret (symmetric) key.
51ebfedea0SLionel Sambuc * - ContentInfo
52ebfedea0SLionel Sambuc * Wrapper structure including type and data.
53ebfedea0SLionel Sambuc *
54ebfedea0SLionel Sambuc *
55ebfedea0SLionel Sambuc * See the library functions here: @ref hx509_cms
56ebfedea0SLionel Sambuc */
57ebfedea0SLionel Sambuc
58ebfedea0SLionel Sambuc #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
59ebfedea0SLionel Sambuc #define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0)
60ebfedea0SLionel Sambuc
61ebfedea0SLionel Sambuc /**
62ebfedea0SLionel Sambuc * Wrap data and oid in a ContentInfo and encode it.
63ebfedea0SLionel Sambuc *
64ebfedea0SLionel Sambuc * @param oid type of the content.
65ebfedea0SLionel Sambuc * @param buf data to be wrapped. If a NULL pointer is passed in, the
66ebfedea0SLionel Sambuc * optional content field in the ContentInfo is not going be filled
67ebfedea0SLionel Sambuc * in.
68ebfedea0SLionel Sambuc * @param res the encoded buffer, the result should be freed with
69ebfedea0SLionel Sambuc * der_free_octet_string().
70ebfedea0SLionel Sambuc *
71ebfedea0SLionel Sambuc * @return Returns an hx509 error code.
72ebfedea0SLionel Sambuc *
73ebfedea0SLionel Sambuc * @ingroup hx509_cms
74ebfedea0SLionel Sambuc */
75ebfedea0SLionel Sambuc
76ebfedea0SLionel Sambuc int
hx509_cms_wrap_ContentInfo(const heim_oid * oid,const heim_octet_string * buf,heim_octet_string * res)77ebfedea0SLionel Sambuc hx509_cms_wrap_ContentInfo(const heim_oid *oid,
78ebfedea0SLionel Sambuc const heim_octet_string *buf,
79ebfedea0SLionel Sambuc heim_octet_string *res)
80ebfedea0SLionel Sambuc {
81ebfedea0SLionel Sambuc ContentInfo ci;
82ebfedea0SLionel Sambuc size_t size;
83ebfedea0SLionel Sambuc int ret;
84ebfedea0SLionel Sambuc
85ebfedea0SLionel Sambuc memset(res, 0, sizeof(*res));
86ebfedea0SLionel Sambuc memset(&ci, 0, sizeof(ci));
87ebfedea0SLionel Sambuc
88ebfedea0SLionel Sambuc ret = der_copy_oid(oid, &ci.contentType);
89ebfedea0SLionel Sambuc if (ret)
90ebfedea0SLionel Sambuc return ret;
91ebfedea0SLionel Sambuc if (buf) {
92ebfedea0SLionel Sambuc ALLOC(ci.content, 1);
93ebfedea0SLionel Sambuc if (ci.content == NULL) {
94ebfedea0SLionel Sambuc free_ContentInfo(&ci);
95ebfedea0SLionel Sambuc return ENOMEM;
96ebfedea0SLionel Sambuc }
97ebfedea0SLionel Sambuc ci.content->data = malloc(buf->length);
98ebfedea0SLionel Sambuc if (ci.content->data == NULL) {
99ebfedea0SLionel Sambuc free_ContentInfo(&ci);
100ebfedea0SLionel Sambuc return ENOMEM;
101ebfedea0SLionel Sambuc }
102ebfedea0SLionel Sambuc memcpy(ci.content->data, buf->data, buf->length);
103ebfedea0SLionel Sambuc ci.content->length = buf->length;
104ebfedea0SLionel Sambuc }
105ebfedea0SLionel Sambuc
106ebfedea0SLionel Sambuc ASN1_MALLOC_ENCODE(ContentInfo, res->data, res->length, &ci, &size, ret);
107ebfedea0SLionel Sambuc free_ContentInfo(&ci);
108ebfedea0SLionel Sambuc if (ret)
109ebfedea0SLionel Sambuc return ret;
110ebfedea0SLionel Sambuc if (res->length != size)
111ebfedea0SLionel Sambuc _hx509_abort("internal ASN.1 encoder error");
112ebfedea0SLionel Sambuc
113ebfedea0SLionel Sambuc return 0;
114ebfedea0SLionel Sambuc }
115ebfedea0SLionel Sambuc
116ebfedea0SLionel Sambuc /**
117ebfedea0SLionel Sambuc * Decode an ContentInfo and unwrap data and oid it.
118ebfedea0SLionel Sambuc *
119ebfedea0SLionel Sambuc * @param in the encoded buffer.
120ebfedea0SLionel Sambuc * @param oid type of the content.
121ebfedea0SLionel Sambuc * @param out data to be wrapped.
122ebfedea0SLionel Sambuc * @param have_data since the data is optional, this flags show dthe
123ebfedea0SLionel Sambuc * diffrence between no data and the zero length data.
124ebfedea0SLionel Sambuc *
125ebfedea0SLionel Sambuc * @return Returns an hx509 error code.
126ebfedea0SLionel Sambuc *
127ebfedea0SLionel Sambuc * @ingroup hx509_cms
128ebfedea0SLionel Sambuc */
129ebfedea0SLionel Sambuc
130ebfedea0SLionel Sambuc int
hx509_cms_unwrap_ContentInfo(const heim_octet_string * in,heim_oid * oid,heim_octet_string * out,int * have_data)131ebfedea0SLionel Sambuc hx509_cms_unwrap_ContentInfo(const heim_octet_string *in,
132ebfedea0SLionel Sambuc heim_oid *oid,
133ebfedea0SLionel Sambuc heim_octet_string *out,
134ebfedea0SLionel Sambuc int *have_data)
135ebfedea0SLionel Sambuc {
136ebfedea0SLionel Sambuc ContentInfo ci;
137ebfedea0SLionel Sambuc size_t size;
138ebfedea0SLionel Sambuc int ret;
139ebfedea0SLionel Sambuc
140ebfedea0SLionel Sambuc memset(oid, 0, sizeof(*oid));
141ebfedea0SLionel Sambuc memset(out, 0, sizeof(*out));
142ebfedea0SLionel Sambuc
143ebfedea0SLionel Sambuc ret = decode_ContentInfo(in->data, in->length, &ci, &size);
144ebfedea0SLionel Sambuc if (ret)
145ebfedea0SLionel Sambuc return ret;
146ebfedea0SLionel Sambuc
147ebfedea0SLionel Sambuc ret = der_copy_oid(&ci.contentType, oid);
148ebfedea0SLionel Sambuc if (ret) {
149ebfedea0SLionel Sambuc free_ContentInfo(&ci);
150ebfedea0SLionel Sambuc return ret;
151ebfedea0SLionel Sambuc }
152ebfedea0SLionel Sambuc if (ci.content) {
153ebfedea0SLionel Sambuc ret = der_copy_octet_string(ci.content, out);
154ebfedea0SLionel Sambuc if (ret) {
155ebfedea0SLionel Sambuc der_free_oid(oid);
156ebfedea0SLionel Sambuc free_ContentInfo(&ci);
157ebfedea0SLionel Sambuc return ret;
158ebfedea0SLionel Sambuc }
159ebfedea0SLionel Sambuc } else
160ebfedea0SLionel Sambuc memset(out, 0, sizeof(*out));
161ebfedea0SLionel Sambuc
162ebfedea0SLionel Sambuc if (have_data)
163ebfedea0SLionel Sambuc *have_data = (ci.content != NULL) ? 1 : 0;
164ebfedea0SLionel Sambuc
165ebfedea0SLionel Sambuc free_ContentInfo(&ci);
166ebfedea0SLionel Sambuc
167ebfedea0SLionel Sambuc return 0;
168ebfedea0SLionel Sambuc }
169ebfedea0SLionel Sambuc
170ebfedea0SLionel Sambuc #define CMS_ID_SKI 0
171ebfedea0SLionel Sambuc #define CMS_ID_NAME 1
172ebfedea0SLionel Sambuc
173ebfedea0SLionel Sambuc static int
fill_CMSIdentifier(const hx509_cert cert,int type,CMSIdentifier * id)174ebfedea0SLionel Sambuc fill_CMSIdentifier(const hx509_cert cert,
175ebfedea0SLionel Sambuc int type,
176ebfedea0SLionel Sambuc CMSIdentifier *id)
177ebfedea0SLionel Sambuc {
178ebfedea0SLionel Sambuc int ret;
179ebfedea0SLionel Sambuc
180ebfedea0SLionel Sambuc switch (type) {
181ebfedea0SLionel Sambuc case CMS_ID_SKI:
182ebfedea0SLionel Sambuc id->element = choice_CMSIdentifier_subjectKeyIdentifier;
183ebfedea0SLionel Sambuc ret = _hx509_find_extension_subject_key_id(_hx509_get_cert(cert),
184ebfedea0SLionel Sambuc &id->u.subjectKeyIdentifier);
185ebfedea0SLionel Sambuc if (ret == 0)
186ebfedea0SLionel Sambuc break;
187ebfedea0SLionel Sambuc /* FALL THOUGH */
188ebfedea0SLionel Sambuc case CMS_ID_NAME: {
189ebfedea0SLionel Sambuc hx509_name name;
190ebfedea0SLionel Sambuc
191ebfedea0SLionel Sambuc id->element = choice_CMSIdentifier_issuerAndSerialNumber;
192ebfedea0SLionel Sambuc ret = hx509_cert_get_issuer(cert, &name);
193ebfedea0SLionel Sambuc if (ret)
194ebfedea0SLionel Sambuc return ret;
195ebfedea0SLionel Sambuc ret = hx509_name_to_Name(name, &id->u.issuerAndSerialNumber.issuer);
196ebfedea0SLionel Sambuc hx509_name_free(&name);
197ebfedea0SLionel Sambuc if (ret)
198ebfedea0SLionel Sambuc return ret;
199ebfedea0SLionel Sambuc
200ebfedea0SLionel Sambuc ret = hx509_cert_get_serialnumber(cert, &id->u.issuerAndSerialNumber.serialNumber);
201ebfedea0SLionel Sambuc break;
202ebfedea0SLionel Sambuc }
203ebfedea0SLionel Sambuc default:
204ebfedea0SLionel Sambuc _hx509_abort("CMS fill identifier with unknown type");
205ebfedea0SLionel Sambuc }
206ebfedea0SLionel Sambuc return ret;
207ebfedea0SLionel Sambuc }
208ebfedea0SLionel Sambuc
209ebfedea0SLionel Sambuc static int
unparse_CMSIdentifier(hx509_context context,CMSIdentifier * id,char ** str)210ebfedea0SLionel Sambuc unparse_CMSIdentifier(hx509_context context,
211ebfedea0SLionel Sambuc CMSIdentifier *id,
212ebfedea0SLionel Sambuc char **str)
213ebfedea0SLionel Sambuc {
214ebfedea0SLionel Sambuc int ret;
215ebfedea0SLionel Sambuc
216ebfedea0SLionel Sambuc *str = NULL;
217ebfedea0SLionel Sambuc switch (id->element) {
218ebfedea0SLionel Sambuc case choice_CMSIdentifier_issuerAndSerialNumber: {
219ebfedea0SLionel Sambuc IssuerAndSerialNumber *iasn;
220ebfedea0SLionel Sambuc char *serial, *name;
221ebfedea0SLionel Sambuc
222ebfedea0SLionel Sambuc iasn = &id->u.issuerAndSerialNumber;
223ebfedea0SLionel Sambuc
224ebfedea0SLionel Sambuc ret = _hx509_Name_to_string(&iasn->issuer, &name);
225ebfedea0SLionel Sambuc if(ret)
226ebfedea0SLionel Sambuc return ret;
227ebfedea0SLionel Sambuc ret = der_print_hex_heim_integer(&iasn->serialNumber, &serial);
228ebfedea0SLionel Sambuc if (ret) {
229ebfedea0SLionel Sambuc free(name);
230ebfedea0SLionel Sambuc return ret;
231ebfedea0SLionel Sambuc }
232ebfedea0SLionel Sambuc asprintf(str, "certificate issued by %s with serial number %s",
233ebfedea0SLionel Sambuc name, serial);
234ebfedea0SLionel Sambuc free(name);
235ebfedea0SLionel Sambuc free(serial);
236ebfedea0SLionel Sambuc break;
237ebfedea0SLionel Sambuc }
238ebfedea0SLionel Sambuc case choice_CMSIdentifier_subjectKeyIdentifier: {
239ebfedea0SLionel Sambuc KeyIdentifier *ki = &id->u.subjectKeyIdentifier;
240ebfedea0SLionel Sambuc char *keyid;
241ebfedea0SLionel Sambuc ssize_t len;
242ebfedea0SLionel Sambuc
243ebfedea0SLionel Sambuc len = hex_encode(ki->data, ki->length, &keyid);
244ebfedea0SLionel Sambuc if (len < 0)
245ebfedea0SLionel Sambuc return ENOMEM;
246ebfedea0SLionel Sambuc
247ebfedea0SLionel Sambuc asprintf(str, "certificate with id %s", keyid);
248ebfedea0SLionel Sambuc free(keyid);
249ebfedea0SLionel Sambuc break;
250ebfedea0SLionel Sambuc }
251ebfedea0SLionel Sambuc default:
252ebfedea0SLionel Sambuc asprintf(str, "certificate have unknown CMSidentifier type");
253ebfedea0SLionel Sambuc break;
254ebfedea0SLionel Sambuc }
255ebfedea0SLionel Sambuc if (*str == NULL)
256ebfedea0SLionel Sambuc return ENOMEM;
257ebfedea0SLionel Sambuc return 0;
258ebfedea0SLionel Sambuc }
259ebfedea0SLionel Sambuc
260ebfedea0SLionel Sambuc static int
find_CMSIdentifier(hx509_context context,CMSIdentifier * client,hx509_certs certs,time_t time_now,hx509_cert * signer_cert,int match)261ebfedea0SLionel Sambuc find_CMSIdentifier(hx509_context context,
262ebfedea0SLionel Sambuc CMSIdentifier *client,
263ebfedea0SLionel Sambuc hx509_certs certs,
264ebfedea0SLionel Sambuc time_t time_now,
265ebfedea0SLionel Sambuc hx509_cert *signer_cert,
266ebfedea0SLionel Sambuc int match)
267ebfedea0SLionel Sambuc {
268ebfedea0SLionel Sambuc hx509_query q;
269ebfedea0SLionel Sambuc hx509_cert cert;
270ebfedea0SLionel Sambuc Certificate c;
271ebfedea0SLionel Sambuc int ret;
272ebfedea0SLionel Sambuc
273ebfedea0SLionel Sambuc memset(&c, 0, sizeof(c));
274ebfedea0SLionel Sambuc _hx509_query_clear(&q);
275ebfedea0SLionel Sambuc
276ebfedea0SLionel Sambuc *signer_cert = NULL;
277ebfedea0SLionel Sambuc
278ebfedea0SLionel Sambuc switch (client->element) {
279ebfedea0SLionel Sambuc case choice_CMSIdentifier_issuerAndSerialNumber:
280ebfedea0SLionel Sambuc q.serial = &client->u.issuerAndSerialNumber.serialNumber;
281ebfedea0SLionel Sambuc q.issuer_name = &client->u.issuerAndSerialNumber.issuer;
282ebfedea0SLionel Sambuc q.match = HX509_QUERY_MATCH_SERIALNUMBER|HX509_QUERY_MATCH_ISSUER_NAME;
283ebfedea0SLionel Sambuc break;
284ebfedea0SLionel Sambuc case choice_CMSIdentifier_subjectKeyIdentifier:
285ebfedea0SLionel Sambuc q.subject_id = &client->u.subjectKeyIdentifier;
286ebfedea0SLionel Sambuc q.match = HX509_QUERY_MATCH_SUBJECT_KEY_ID;
287ebfedea0SLionel Sambuc break;
288ebfedea0SLionel Sambuc default:
289ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, HX509_CMS_NO_RECIPIENT_CERTIFICATE,
290ebfedea0SLionel Sambuc "unknown CMS identifier element");
291ebfedea0SLionel Sambuc return HX509_CMS_NO_RECIPIENT_CERTIFICATE;
292ebfedea0SLionel Sambuc }
293ebfedea0SLionel Sambuc
294ebfedea0SLionel Sambuc q.match |= match;
295ebfedea0SLionel Sambuc
296ebfedea0SLionel Sambuc q.match |= HX509_QUERY_MATCH_TIME;
297ebfedea0SLionel Sambuc if (time_now)
298ebfedea0SLionel Sambuc q.timenow = time_now;
299ebfedea0SLionel Sambuc else
300ebfedea0SLionel Sambuc q.timenow = time(NULL);
301ebfedea0SLionel Sambuc
302ebfedea0SLionel Sambuc ret = hx509_certs_find(context, certs, &q, &cert);
303ebfedea0SLionel Sambuc if (ret == HX509_CERT_NOT_FOUND) {
304ebfedea0SLionel Sambuc char *str;
305ebfedea0SLionel Sambuc
306ebfedea0SLionel Sambuc ret = unparse_CMSIdentifier(context, client, &str);
307ebfedea0SLionel Sambuc if (ret == 0) {
308ebfedea0SLionel Sambuc hx509_set_error_string(context, 0,
309ebfedea0SLionel Sambuc HX509_CMS_NO_RECIPIENT_CERTIFICATE,
310ebfedea0SLionel Sambuc "Failed to find %s", str);
311ebfedea0SLionel Sambuc } else
312ebfedea0SLionel Sambuc hx509_clear_error_string(context);
313ebfedea0SLionel Sambuc return HX509_CMS_NO_RECIPIENT_CERTIFICATE;
314ebfedea0SLionel Sambuc } else if (ret) {
315ebfedea0SLionel Sambuc hx509_set_error_string(context, HX509_ERROR_APPEND,
316ebfedea0SLionel Sambuc HX509_CMS_NO_RECIPIENT_CERTIFICATE,
317ebfedea0SLionel Sambuc "Failed to find CMS id in cert store");
318ebfedea0SLionel Sambuc return HX509_CMS_NO_RECIPIENT_CERTIFICATE;
319ebfedea0SLionel Sambuc }
320ebfedea0SLionel Sambuc
321ebfedea0SLionel Sambuc *signer_cert = cert;
322ebfedea0SLionel Sambuc
323ebfedea0SLionel Sambuc return 0;
324ebfedea0SLionel Sambuc }
325ebfedea0SLionel Sambuc
326ebfedea0SLionel Sambuc /**
327ebfedea0SLionel Sambuc * Decode and unencrypt EnvelopedData.
328ebfedea0SLionel Sambuc *
329ebfedea0SLionel Sambuc * Extract data and parameteres from from the EnvelopedData. Also
330ebfedea0SLionel Sambuc * supports using detached EnvelopedData.
331ebfedea0SLionel Sambuc *
332ebfedea0SLionel Sambuc * @param context A hx509 context.
333ebfedea0SLionel Sambuc * @param certs Certificate that can decrypt the EnvelopedData
334ebfedea0SLionel Sambuc * encryption key.
335ebfedea0SLionel Sambuc * @param flags HX509_CMS_UE flags to control the behavior.
336ebfedea0SLionel Sambuc * @param data pointer the structure the contains the DER/BER encoded
337ebfedea0SLionel Sambuc * EnvelopedData stucture.
338ebfedea0SLionel Sambuc * @param length length of the data that data point to.
339ebfedea0SLionel Sambuc * @param encryptedContent in case of detached signature, this
340ebfedea0SLionel Sambuc * contains the actual encrypted data, othersize its should be NULL.
341ebfedea0SLionel Sambuc * @param time_now set the current time, if zero the library uses now as the date.
342ebfedea0SLionel Sambuc * @param contentType output type oid, should be freed with der_free_oid().
343ebfedea0SLionel Sambuc * @param content the data, free with der_free_octet_string().
344ebfedea0SLionel Sambuc *
345ebfedea0SLionel Sambuc * @ingroup hx509_cms
346ebfedea0SLionel Sambuc */
347ebfedea0SLionel Sambuc
348ebfedea0SLionel Sambuc int
hx509_cms_unenvelope(hx509_context context,hx509_certs certs,int flags,const void * data,size_t length,const heim_octet_string * encryptedContent,time_t time_now,heim_oid * contentType,heim_octet_string * content)349ebfedea0SLionel Sambuc hx509_cms_unenvelope(hx509_context context,
350ebfedea0SLionel Sambuc hx509_certs certs,
351ebfedea0SLionel Sambuc int flags,
352ebfedea0SLionel Sambuc const void *data,
353ebfedea0SLionel Sambuc size_t length,
354ebfedea0SLionel Sambuc const heim_octet_string *encryptedContent,
355ebfedea0SLionel Sambuc time_t time_now,
356ebfedea0SLionel Sambuc heim_oid *contentType,
357ebfedea0SLionel Sambuc heim_octet_string *content)
358ebfedea0SLionel Sambuc {
359ebfedea0SLionel Sambuc heim_octet_string key;
360ebfedea0SLionel Sambuc EnvelopedData ed;
361ebfedea0SLionel Sambuc hx509_cert cert;
362ebfedea0SLionel Sambuc AlgorithmIdentifier *ai;
363ebfedea0SLionel Sambuc const heim_octet_string *enccontent;
364ebfedea0SLionel Sambuc heim_octet_string *params, params_data;
365ebfedea0SLionel Sambuc heim_octet_string ivec;
366ebfedea0SLionel Sambuc size_t size;
367*0a6a1f1dSLionel Sambuc int ret, matched = 0, findflags = 0;
368*0a6a1f1dSLionel Sambuc size_t i;
369ebfedea0SLionel Sambuc
370ebfedea0SLionel Sambuc
371ebfedea0SLionel Sambuc memset(&key, 0, sizeof(key));
372ebfedea0SLionel Sambuc memset(&ed, 0, sizeof(ed));
373ebfedea0SLionel Sambuc memset(&ivec, 0, sizeof(ivec));
374ebfedea0SLionel Sambuc memset(content, 0, sizeof(*content));
375ebfedea0SLionel Sambuc memset(contentType, 0, sizeof(*contentType));
376ebfedea0SLionel Sambuc
377ebfedea0SLionel Sambuc if ((flags & HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT) == 0)
378ebfedea0SLionel Sambuc findflags |= HX509_QUERY_KU_ENCIPHERMENT;
379ebfedea0SLionel Sambuc
380ebfedea0SLionel Sambuc ret = decode_EnvelopedData(data, length, &ed, &size);
381ebfedea0SLionel Sambuc if (ret) {
382ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
383ebfedea0SLionel Sambuc "Failed to decode EnvelopedData");
384ebfedea0SLionel Sambuc return ret;
385ebfedea0SLionel Sambuc }
386ebfedea0SLionel Sambuc
387ebfedea0SLionel Sambuc if (ed.recipientInfos.len == 0) {
388ebfedea0SLionel Sambuc ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE;
389ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
390ebfedea0SLionel Sambuc "No recipient info in enveloped data");
391ebfedea0SLionel Sambuc goto out;
392ebfedea0SLionel Sambuc }
393ebfedea0SLionel Sambuc
394ebfedea0SLionel Sambuc enccontent = ed.encryptedContentInfo.encryptedContent;
395ebfedea0SLionel Sambuc if (enccontent == NULL) {
396ebfedea0SLionel Sambuc if (encryptedContent == NULL) {
397ebfedea0SLionel Sambuc ret = HX509_CMS_NO_DATA_AVAILABLE;
398ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
399ebfedea0SLionel Sambuc "Content missing from encrypted data");
400ebfedea0SLionel Sambuc goto out;
401ebfedea0SLionel Sambuc }
402ebfedea0SLionel Sambuc enccontent = encryptedContent;
403ebfedea0SLionel Sambuc } else if (encryptedContent != NULL) {
404ebfedea0SLionel Sambuc ret = HX509_CMS_NO_DATA_AVAILABLE;
405ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
406ebfedea0SLionel Sambuc "Both internal and external encrypted data");
407ebfedea0SLionel Sambuc goto out;
408ebfedea0SLionel Sambuc }
409ebfedea0SLionel Sambuc
410ebfedea0SLionel Sambuc cert = NULL;
411ebfedea0SLionel Sambuc for (i = 0; i < ed.recipientInfos.len; i++) {
412ebfedea0SLionel Sambuc KeyTransRecipientInfo *ri;
413ebfedea0SLionel Sambuc char *str;
414ebfedea0SLionel Sambuc int ret2;
415ebfedea0SLionel Sambuc
416ebfedea0SLionel Sambuc ri = &ed.recipientInfos.val[i];
417ebfedea0SLionel Sambuc
418ebfedea0SLionel Sambuc ret = find_CMSIdentifier(context, &ri->rid, certs,
419ebfedea0SLionel Sambuc time_now, &cert,
420ebfedea0SLionel Sambuc HX509_QUERY_PRIVATE_KEY|findflags);
421ebfedea0SLionel Sambuc if (ret)
422ebfedea0SLionel Sambuc continue;
423ebfedea0SLionel Sambuc
424ebfedea0SLionel Sambuc matched = 1; /* found a matching certificate, let decrypt */
425ebfedea0SLionel Sambuc
426ebfedea0SLionel Sambuc ret = _hx509_cert_private_decrypt(context,
427ebfedea0SLionel Sambuc &ri->encryptedKey,
428ebfedea0SLionel Sambuc &ri->keyEncryptionAlgorithm.algorithm,
429ebfedea0SLionel Sambuc cert, &key);
430ebfedea0SLionel Sambuc
431ebfedea0SLionel Sambuc hx509_cert_free(cert);
432ebfedea0SLionel Sambuc if (ret == 0)
433ebfedea0SLionel Sambuc break; /* succuessfully decrypted cert */
434ebfedea0SLionel Sambuc cert = NULL;
435ebfedea0SLionel Sambuc ret2 = unparse_CMSIdentifier(context, &ri->rid, &str);
436ebfedea0SLionel Sambuc if (ret2 == 0) {
437ebfedea0SLionel Sambuc hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
438ebfedea0SLionel Sambuc "Failed to decrypt with %s", str);
439ebfedea0SLionel Sambuc free(str);
440ebfedea0SLionel Sambuc }
441ebfedea0SLionel Sambuc }
442ebfedea0SLionel Sambuc
443ebfedea0SLionel Sambuc if (!matched) {
444ebfedea0SLionel Sambuc ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE;
445ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
446ebfedea0SLionel Sambuc "No private key matched any certificate");
447ebfedea0SLionel Sambuc goto out;
448ebfedea0SLionel Sambuc }
449ebfedea0SLionel Sambuc
450ebfedea0SLionel Sambuc if (cert == NULL) {
451ebfedea0SLionel Sambuc ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE;
452ebfedea0SLionel Sambuc hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
453ebfedea0SLionel Sambuc "No private key decrypted the transfer key");
454ebfedea0SLionel Sambuc goto out;
455ebfedea0SLionel Sambuc }
456ebfedea0SLionel Sambuc
457ebfedea0SLionel Sambuc ret = der_copy_oid(&ed.encryptedContentInfo.contentType, contentType);
458ebfedea0SLionel Sambuc if (ret) {
459ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
460ebfedea0SLionel Sambuc "Failed to copy EnvelopedData content oid");
461ebfedea0SLionel Sambuc goto out;
462ebfedea0SLionel Sambuc }
463ebfedea0SLionel Sambuc
464ebfedea0SLionel Sambuc ai = &ed.encryptedContentInfo.contentEncryptionAlgorithm;
465ebfedea0SLionel Sambuc if (ai->parameters) {
466ebfedea0SLionel Sambuc params_data.data = ai->parameters->data;
467ebfedea0SLionel Sambuc params_data.length = ai->parameters->length;
468ebfedea0SLionel Sambuc params = ¶ms_data;
469ebfedea0SLionel Sambuc } else
470ebfedea0SLionel Sambuc params = NULL;
471ebfedea0SLionel Sambuc
472ebfedea0SLionel Sambuc {
473ebfedea0SLionel Sambuc hx509_crypto crypto;
474ebfedea0SLionel Sambuc
475ebfedea0SLionel Sambuc ret = hx509_crypto_init(context, NULL, &ai->algorithm, &crypto);
476ebfedea0SLionel Sambuc if (ret)
477ebfedea0SLionel Sambuc goto out;
478ebfedea0SLionel Sambuc
479ebfedea0SLionel Sambuc if (flags & HX509_CMS_UE_ALLOW_WEAK)
480ebfedea0SLionel Sambuc hx509_crypto_allow_weak(crypto);
481ebfedea0SLionel Sambuc
482ebfedea0SLionel Sambuc if (params) {
483ebfedea0SLionel Sambuc ret = hx509_crypto_set_params(context, crypto, params, &ivec);
484ebfedea0SLionel Sambuc if (ret) {
485ebfedea0SLionel Sambuc hx509_crypto_destroy(crypto);
486ebfedea0SLionel Sambuc goto out;
487ebfedea0SLionel Sambuc }
488ebfedea0SLionel Sambuc }
489ebfedea0SLionel Sambuc
490ebfedea0SLionel Sambuc ret = hx509_crypto_set_key_data(crypto, key.data, key.length);
491ebfedea0SLionel Sambuc if (ret) {
492ebfedea0SLionel Sambuc hx509_crypto_destroy(crypto);
493ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
494ebfedea0SLionel Sambuc "Failed to set key for decryption "
495ebfedea0SLionel Sambuc "of EnvelopedData");
496ebfedea0SLionel Sambuc goto out;
497ebfedea0SLionel Sambuc }
498ebfedea0SLionel Sambuc
499ebfedea0SLionel Sambuc ret = hx509_crypto_decrypt(crypto,
500ebfedea0SLionel Sambuc enccontent->data,
501ebfedea0SLionel Sambuc enccontent->length,
502ebfedea0SLionel Sambuc ivec.length ? &ivec : NULL,
503ebfedea0SLionel Sambuc content);
504ebfedea0SLionel Sambuc hx509_crypto_destroy(crypto);
505ebfedea0SLionel Sambuc if (ret) {
506ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
507ebfedea0SLionel Sambuc "Failed to decrypt EnvelopedData");
508ebfedea0SLionel Sambuc goto out;
509ebfedea0SLionel Sambuc }
510ebfedea0SLionel Sambuc }
511ebfedea0SLionel Sambuc
512ebfedea0SLionel Sambuc out:
513ebfedea0SLionel Sambuc
514ebfedea0SLionel Sambuc free_EnvelopedData(&ed);
515ebfedea0SLionel Sambuc der_free_octet_string(&key);
516ebfedea0SLionel Sambuc if (ivec.length)
517ebfedea0SLionel Sambuc der_free_octet_string(&ivec);
518ebfedea0SLionel Sambuc if (ret) {
519ebfedea0SLionel Sambuc der_free_oid(contentType);
520ebfedea0SLionel Sambuc der_free_octet_string(content);
521ebfedea0SLionel Sambuc }
522ebfedea0SLionel Sambuc
523ebfedea0SLionel Sambuc return ret;
524ebfedea0SLionel Sambuc }
525ebfedea0SLionel Sambuc
526ebfedea0SLionel Sambuc /**
527ebfedea0SLionel Sambuc * Encrypt end encode EnvelopedData.
528ebfedea0SLionel Sambuc *
529ebfedea0SLionel Sambuc * Encrypt and encode EnvelopedData. The data is encrypted with a
530ebfedea0SLionel Sambuc * random key and the the random key is encrypted with the
531ebfedea0SLionel Sambuc * certificates private key. This limits what private key type can be
532ebfedea0SLionel Sambuc * used to RSA.
533ebfedea0SLionel Sambuc *
534ebfedea0SLionel Sambuc * @param context A hx509 context.
535ebfedea0SLionel Sambuc * @param flags flags to control the behavior.
536ebfedea0SLionel Sambuc * - HX509_CMS_EV_NO_KU_CHECK - Dont check KU on certificate
537ebfedea0SLionel Sambuc * - HX509_CMS_EV_ALLOW_WEAK - Allow weak crytpo
538ebfedea0SLionel Sambuc * - HX509_CMS_EV_ID_NAME - prefer issuer name and serial number
539ebfedea0SLionel Sambuc * @param cert Certificate to encrypt the EnvelopedData encryption key
540ebfedea0SLionel Sambuc * with.
541ebfedea0SLionel Sambuc * @param data pointer the data to encrypt.
542ebfedea0SLionel Sambuc * @param length length of the data that data point to.
543ebfedea0SLionel Sambuc * @param encryption_type Encryption cipher to use for the bulk data,
544ebfedea0SLionel Sambuc * use NULL to get default.
545ebfedea0SLionel Sambuc * @param contentType type of the data that is encrypted
546ebfedea0SLionel Sambuc * @param content the output of the function,
547ebfedea0SLionel Sambuc * free with der_free_octet_string().
548ebfedea0SLionel Sambuc *
549ebfedea0SLionel Sambuc * @ingroup hx509_cms
550ebfedea0SLionel Sambuc */
551ebfedea0SLionel Sambuc
552ebfedea0SLionel Sambuc int
hx509_cms_envelope_1(hx509_context context,int flags,hx509_cert cert,const void * data,size_t length,const heim_oid * encryption_type,const heim_oid * contentType,heim_octet_string * content)553ebfedea0SLionel Sambuc hx509_cms_envelope_1(hx509_context context,
554ebfedea0SLionel Sambuc int flags,
555ebfedea0SLionel Sambuc hx509_cert cert,
556ebfedea0SLionel Sambuc const void *data,
557ebfedea0SLionel Sambuc size_t length,
558ebfedea0SLionel Sambuc const heim_oid *encryption_type,
559ebfedea0SLionel Sambuc const heim_oid *contentType,
560ebfedea0SLionel Sambuc heim_octet_string *content)
561ebfedea0SLionel Sambuc {
562ebfedea0SLionel Sambuc KeyTransRecipientInfo *ri;
563ebfedea0SLionel Sambuc heim_octet_string ivec;
564ebfedea0SLionel Sambuc heim_octet_string key;
565ebfedea0SLionel Sambuc hx509_crypto crypto = NULL;
566ebfedea0SLionel Sambuc int ret, cmsidflag;
567ebfedea0SLionel Sambuc EnvelopedData ed;
568ebfedea0SLionel Sambuc size_t size;
569ebfedea0SLionel Sambuc
570ebfedea0SLionel Sambuc memset(&ivec, 0, sizeof(ivec));
571ebfedea0SLionel Sambuc memset(&key, 0, sizeof(key));
572ebfedea0SLionel Sambuc memset(&ed, 0, sizeof(ed));
573ebfedea0SLionel Sambuc memset(content, 0, sizeof(*content));
574ebfedea0SLionel Sambuc
575ebfedea0SLionel Sambuc if (encryption_type == NULL)
576ebfedea0SLionel Sambuc encryption_type = &asn1_oid_id_aes_256_cbc;
577ebfedea0SLionel Sambuc
578ebfedea0SLionel Sambuc if ((flags & HX509_CMS_EV_NO_KU_CHECK) == 0) {
579ebfedea0SLionel Sambuc ret = _hx509_check_key_usage(context, cert, 1 << 2, TRUE);
580ebfedea0SLionel Sambuc if (ret)
581ebfedea0SLionel Sambuc goto out;
582ebfedea0SLionel Sambuc }
583ebfedea0SLionel Sambuc
584ebfedea0SLionel Sambuc ret = hx509_crypto_init(context, NULL, encryption_type, &crypto);
585ebfedea0SLionel Sambuc if (ret)
586ebfedea0SLionel Sambuc goto out;
587ebfedea0SLionel Sambuc
588ebfedea0SLionel Sambuc if (flags & HX509_CMS_EV_ALLOW_WEAK)
589ebfedea0SLionel Sambuc hx509_crypto_allow_weak(crypto);
590ebfedea0SLionel Sambuc
591ebfedea0SLionel Sambuc ret = hx509_crypto_set_random_key(crypto, &key);
592ebfedea0SLionel Sambuc if (ret) {
593ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
594ebfedea0SLionel Sambuc "Create random key for EnvelopedData content");
595ebfedea0SLionel Sambuc goto out;
596ebfedea0SLionel Sambuc }
597ebfedea0SLionel Sambuc
598ebfedea0SLionel Sambuc ret = hx509_crypto_random_iv(crypto, &ivec);
599ebfedea0SLionel Sambuc if (ret) {
600ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
601ebfedea0SLionel Sambuc "Failed to create a random iv");
602ebfedea0SLionel Sambuc goto out;
603ebfedea0SLionel Sambuc }
604ebfedea0SLionel Sambuc
605ebfedea0SLionel Sambuc ret = hx509_crypto_encrypt(crypto,
606ebfedea0SLionel Sambuc data,
607ebfedea0SLionel Sambuc length,
608ebfedea0SLionel Sambuc &ivec,
609ebfedea0SLionel Sambuc &ed.encryptedContentInfo.encryptedContent);
610ebfedea0SLionel Sambuc if (ret) {
611ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
612ebfedea0SLionel Sambuc "Failed to encrypt EnvelopedData content");
613ebfedea0SLionel Sambuc goto out;
614ebfedea0SLionel Sambuc }
615ebfedea0SLionel Sambuc
616ebfedea0SLionel Sambuc {
617ebfedea0SLionel Sambuc AlgorithmIdentifier *enc_alg;
618ebfedea0SLionel Sambuc enc_alg = &ed.encryptedContentInfo.contentEncryptionAlgorithm;
619ebfedea0SLionel Sambuc ret = der_copy_oid(encryption_type, &enc_alg->algorithm);
620ebfedea0SLionel Sambuc if (ret) {
621ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
622ebfedea0SLionel Sambuc "Failed to set crypto oid "
623ebfedea0SLionel Sambuc "for EnvelopedData");
624ebfedea0SLionel Sambuc goto out;
625ebfedea0SLionel Sambuc }
626ebfedea0SLionel Sambuc ALLOC(enc_alg->parameters, 1);
627ebfedea0SLionel Sambuc if (enc_alg->parameters == NULL) {
628ebfedea0SLionel Sambuc ret = ENOMEM;
629ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
630ebfedea0SLionel Sambuc "Failed to allocate crypto paramaters "
631ebfedea0SLionel Sambuc "for EnvelopedData");
632ebfedea0SLionel Sambuc goto out;
633ebfedea0SLionel Sambuc }
634ebfedea0SLionel Sambuc
635ebfedea0SLionel Sambuc ret = hx509_crypto_get_params(context,
636ebfedea0SLionel Sambuc crypto,
637ebfedea0SLionel Sambuc &ivec,
638ebfedea0SLionel Sambuc enc_alg->parameters);
639ebfedea0SLionel Sambuc if (ret) {
640ebfedea0SLionel Sambuc goto out;
641ebfedea0SLionel Sambuc }
642ebfedea0SLionel Sambuc }
643ebfedea0SLionel Sambuc
644ebfedea0SLionel Sambuc ALLOC_SEQ(&ed.recipientInfos, 1);
645ebfedea0SLionel Sambuc if (ed.recipientInfos.val == NULL) {
646ebfedea0SLionel Sambuc ret = ENOMEM;
647ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
648ebfedea0SLionel Sambuc "Failed to allocate recipients info "
649ebfedea0SLionel Sambuc "for EnvelopedData");
650ebfedea0SLionel Sambuc goto out;
651ebfedea0SLionel Sambuc }
652ebfedea0SLionel Sambuc
653ebfedea0SLionel Sambuc ri = &ed.recipientInfos.val[0];
654ebfedea0SLionel Sambuc
655ebfedea0SLionel Sambuc if (flags & HX509_CMS_EV_ID_NAME) {
656ebfedea0SLionel Sambuc ri->version = 0;
657ebfedea0SLionel Sambuc cmsidflag = CMS_ID_NAME;
658ebfedea0SLionel Sambuc } else {
659ebfedea0SLionel Sambuc ri->version = 2;
660ebfedea0SLionel Sambuc cmsidflag = CMS_ID_SKI;
661ebfedea0SLionel Sambuc }
662ebfedea0SLionel Sambuc
663ebfedea0SLionel Sambuc ret = fill_CMSIdentifier(cert, cmsidflag, &ri->rid);
664ebfedea0SLionel Sambuc if (ret) {
665ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
666ebfedea0SLionel Sambuc "Failed to set CMS identifier info "
667ebfedea0SLionel Sambuc "for EnvelopedData");
668ebfedea0SLionel Sambuc goto out;
669ebfedea0SLionel Sambuc }
670ebfedea0SLionel Sambuc
671ebfedea0SLionel Sambuc ret = hx509_cert_public_encrypt(context,
672ebfedea0SLionel Sambuc &key, cert,
673ebfedea0SLionel Sambuc &ri->keyEncryptionAlgorithm.algorithm,
674ebfedea0SLionel Sambuc &ri->encryptedKey);
675ebfedea0SLionel Sambuc if (ret) {
676ebfedea0SLionel Sambuc hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
677ebfedea0SLionel Sambuc "Failed to encrypt transport key for "
678ebfedea0SLionel Sambuc "EnvelopedData");
679ebfedea0SLionel Sambuc goto out;
680ebfedea0SLionel Sambuc }
681ebfedea0SLionel Sambuc
682ebfedea0SLionel Sambuc /*
683ebfedea0SLionel Sambuc *
684ebfedea0SLionel Sambuc */
685ebfedea0SLionel Sambuc
686ebfedea0SLionel Sambuc ed.version = 0;
687ebfedea0SLionel Sambuc ed.originatorInfo = NULL;
688ebfedea0SLionel Sambuc
689ebfedea0SLionel Sambuc ret = der_copy_oid(contentType, &ed.encryptedContentInfo.contentType);
690ebfedea0SLionel Sambuc if (ret) {
691ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
692ebfedea0SLionel Sambuc "Failed to copy content oid for "
693ebfedea0SLionel Sambuc "EnvelopedData");
694ebfedea0SLionel Sambuc goto out;
695ebfedea0SLionel Sambuc }
696ebfedea0SLionel Sambuc
697ebfedea0SLionel Sambuc ed.unprotectedAttrs = NULL;
698ebfedea0SLionel Sambuc
699ebfedea0SLionel Sambuc ASN1_MALLOC_ENCODE(EnvelopedData, content->data, content->length,
700ebfedea0SLionel Sambuc &ed, &size, ret);
701ebfedea0SLionel Sambuc if (ret) {
702ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
703ebfedea0SLionel Sambuc "Failed to encode EnvelopedData");
704ebfedea0SLionel Sambuc goto out;
705ebfedea0SLionel Sambuc }
706ebfedea0SLionel Sambuc if (size != content->length)
707ebfedea0SLionel Sambuc _hx509_abort("internal ASN.1 encoder error");
708ebfedea0SLionel Sambuc
709ebfedea0SLionel Sambuc out:
710ebfedea0SLionel Sambuc if (crypto)
711ebfedea0SLionel Sambuc hx509_crypto_destroy(crypto);
712ebfedea0SLionel Sambuc if (ret)
713ebfedea0SLionel Sambuc der_free_octet_string(content);
714ebfedea0SLionel Sambuc der_free_octet_string(&key);
715ebfedea0SLionel Sambuc der_free_octet_string(&ivec);
716ebfedea0SLionel Sambuc free_EnvelopedData(&ed);
717ebfedea0SLionel Sambuc
718ebfedea0SLionel Sambuc return ret;
719ebfedea0SLionel Sambuc }
720ebfedea0SLionel Sambuc
721ebfedea0SLionel Sambuc static int
any_to_certs(hx509_context context,const SignedData * sd,hx509_certs certs)722ebfedea0SLionel Sambuc any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs)
723ebfedea0SLionel Sambuc {
724*0a6a1f1dSLionel Sambuc int ret;
725*0a6a1f1dSLionel Sambuc size_t i;
726ebfedea0SLionel Sambuc
727ebfedea0SLionel Sambuc if (sd->certificates == NULL)
728ebfedea0SLionel Sambuc return 0;
729ebfedea0SLionel Sambuc
730ebfedea0SLionel Sambuc for (i = 0; i < sd->certificates->len; i++) {
731ebfedea0SLionel Sambuc hx509_cert c;
732ebfedea0SLionel Sambuc
733ebfedea0SLionel Sambuc ret = hx509_cert_init_data(context,
734ebfedea0SLionel Sambuc sd->certificates->val[i].data,
735ebfedea0SLionel Sambuc sd->certificates->val[i].length,
736ebfedea0SLionel Sambuc &c);
737ebfedea0SLionel Sambuc if (ret)
738ebfedea0SLionel Sambuc return ret;
739ebfedea0SLionel Sambuc ret = hx509_certs_add(context, certs, c);
740ebfedea0SLionel Sambuc hx509_cert_free(c);
741ebfedea0SLionel Sambuc if (ret)
742ebfedea0SLionel Sambuc return ret;
743ebfedea0SLionel Sambuc }
744ebfedea0SLionel Sambuc
745ebfedea0SLionel Sambuc return 0;
746ebfedea0SLionel Sambuc }
747ebfedea0SLionel Sambuc
748ebfedea0SLionel Sambuc static const Attribute *
find_attribute(const CMSAttributes * attr,const heim_oid * oid)749ebfedea0SLionel Sambuc find_attribute(const CMSAttributes *attr, const heim_oid *oid)
750ebfedea0SLionel Sambuc {
751*0a6a1f1dSLionel Sambuc size_t i;
752ebfedea0SLionel Sambuc for (i = 0; i < attr->len; i++)
753ebfedea0SLionel Sambuc if (der_heim_oid_cmp(&attr->val[i].type, oid) == 0)
754ebfedea0SLionel Sambuc return &attr->val[i];
755ebfedea0SLionel Sambuc return NULL;
756ebfedea0SLionel Sambuc }
757ebfedea0SLionel Sambuc
758ebfedea0SLionel Sambuc /**
759ebfedea0SLionel Sambuc * Decode SignedData and verify that the signature is correct.
760ebfedea0SLionel Sambuc *
761ebfedea0SLionel Sambuc * @param context A hx509 context.
762ebfedea0SLionel Sambuc * @param ctx a hx509 verify context.
763ebfedea0SLionel Sambuc * @param flags to control the behaivor of the function.
764ebfedea0SLionel Sambuc * - HX509_CMS_VS_NO_KU_CHECK - Don't check KeyUsage
765ebfedea0SLionel Sambuc * - HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH - allow oid mismatch
766ebfedea0SLionel Sambuc * - HX509_CMS_VS_ALLOW_ZERO_SIGNER - no signer, see below.
767ebfedea0SLionel Sambuc * @param data pointer to CMS SignedData encoded data.
768ebfedea0SLionel Sambuc * @param length length of the data that data point to.
769ebfedea0SLionel Sambuc * @param signedContent external data used for signature.
770ebfedea0SLionel Sambuc * @param pool certificate pool to build certificates paths.
771ebfedea0SLionel Sambuc * @param contentType free with der_free_oid().
772ebfedea0SLionel Sambuc * @param content the output of the function, free with
773ebfedea0SLionel Sambuc * der_free_octet_string().
774ebfedea0SLionel Sambuc * @param signer_certs list of the cerficates used to sign this
775ebfedea0SLionel Sambuc * request, free with hx509_certs_free().
776ebfedea0SLionel Sambuc *
777ebfedea0SLionel Sambuc * @ingroup hx509_cms
778ebfedea0SLionel Sambuc */
779ebfedea0SLionel Sambuc
780ebfedea0SLionel Sambuc int
hx509_cms_verify_signed(hx509_context context,hx509_verify_ctx ctx,unsigned int flags,const void * data,size_t length,const heim_octet_string * signedContent,hx509_certs pool,heim_oid * contentType,heim_octet_string * content,hx509_certs * signer_certs)781ebfedea0SLionel Sambuc hx509_cms_verify_signed(hx509_context context,
782ebfedea0SLionel Sambuc hx509_verify_ctx ctx,
783ebfedea0SLionel Sambuc unsigned int flags,
784ebfedea0SLionel Sambuc const void *data,
785ebfedea0SLionel Sambuc size_t length,
786ebfedea0SLionel Sambuc const heim_octet_string *signedContent,
787ebfedea0SLionel Sambuc hx509_certs pool,
788ebfedea0SLionel Sambuc heim_oid *contentType,
789ebfedea0SLionel Sambuc heim_octet_string *content,
790ebfedea0SLionel Sambuc hx509_certs *signer_certs)
791ebfedea0SLionel Sambuc {
792ebfedea0SLionel Sambuc SignerInfo *signer_info;
793ebfedea0SLionel Sambuc hx509_cert cert = NULL;
794ebfedea0SLionel Sambuc hx509_certs certs = NULL;
795ebfedea0SLionel Sambuc SignedData sd;
796ebfedea0SLionel Sambuc size_t size;
797*0a6a1f1dSLionel Sambuc int ret, found_valid_sig;
798*0a6a1f1dSLionel Sambuc size_t i;
799ebfedea0SLionel Sambuc
800ebfedea0SLionel Sambuc *signer_certs = NULL;
801ebfedea0SLionel Sambuc content->data = NULL;
802ebfedea0SLionel Sambuc content->length = 0;
803ebfedea0SLionel Sambuc contentType->length = 0;
804ebfedea0SLionel Sambuc contentType->components = NULL;
805ebfedea0SLionel Sambuc
806ebfedea0SLionel Sambuc memset(&sd, 0, sizeof(sd));
807ebfedea0SLionel Sambuc
808ebfedea0SLionel Sambuc ret = decode_SignedData(data, length, &sd, &size);
809ebfedea0SLionel Sambuc if (ret) {
810ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
811ebfedea0SLionel Sambuc "Failed to decode SignedData");
812ebfedea0SLionel Sambuc goto out;
813ebfedea0SLionel Sambuc }
814ebfedea0SLionel Sambuc
815ebfedea0SLionel Sambuc if (sd.encapContentInfo.eContent == NULL && signedContent == NULL) {
816ebfedea0SLionel Sambuc ret = HX509_CMS_NO_DATA_AVAILABLE;
817ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
818ebfedea0SLionel Sambuc "No content data in SignedData");
819ebfedea0SLionel Sambuc goto out;
820ebfedea0SLionel Sambuc }
821ebfedea0SLionel Sambuc if (sd.encapContentInfo.eContent && signedContent) {
822ebfedea0SLionel Sambuc ret = HX509_CMS_NO_DATA_AVAILABLE;
823ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
824ebfedea0SLionel Sambuc "Both external and internal SignedData");
825ebfedea0SLionel Sambuc goto out;
826ebfedea0SLionel Sambuc }
827ebfedea0SLionel Sambuc
828ebfedea0SLionel Sambuc if (sd.encapContentInfo.eContent)
829ebfedea0SLionel Sambuc ret = der_copy_octet_string(sd.encapContentInfo.eContent, content);
830ebfedea0SLionel Sambuc else
831ebfedea0SLionel Sambuc ret = der_copy_octet_string(signedContent, content);
832ebfedea0SLionel Sambuc if (ret) {
833ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret, "malloc: out of memory");
834ebfedea0SLionel Sambuc goto out;
835ebfedea0SLionel Sambuc }
836ebfedea0SLionel Sambuc
837ebfedea0SLionel Sambuc ret = hx509_certs_init(context, "MEMORY:cms-cert-buffer",
838ebfedea0SLionel Sambuc 0, NULL, &certs);
839ebfedea0SLionel Sambuc if (ret)
840ebfedea0SLionel Sambuc goto out;
841ebfedea0SLionel Sambuc
842ebfedea0SLionel Sambuc ret = hx509_certs_init(context, "MEMORY:cms-signer-certs",
843ebfedea0SLionel Sambuc 0, NULL, signer_certs);
844ebfedea0SLionel Sambuc if (ret)
845ebfedea0SLionel Sambuc goto out;
846ebfedea0SLionel Sambuc
847ebfedea0SLionel Sambuc /* XXX Check CMS version */
848ebfedea0SLionel Sambuc
849ebfedea0SLionel Sambuc ret = any_to_certs(context, &sd, certs);
850ebfedea0SLionel Sambuc if (ret)
851ebfedea0SLionel Sambuc goto out;
852ebfedea0SLionel Sambuc
853ebfedea0SLionel Sambuc if (pool) {
854ebfedea0SLionel Sambuc ret = hx509_certs_merge(context, certs, pool);
855ebfedea0SLionel Sambuc if (ret)
856ebfedea0SLionel Sambuc goto out;
857ebfedea0SLionel Sambuc }
858ebfedea0SLionel Sambuc
859ebfedea0SLionel Sambuc for (found_valid_sig = 0, i = 0; i < sd.signerInfos.len; i++) {
860ebfedea0SLionel Sambuc heim_octet_string signed_data;
861ebfedea0SLionel Sambuc const heim_oid *match_oid;
862ebfedea0SLionel Sambuc heim_oid decode_oid;
863ebfedea0SLionel Sambuc
864ebfedea0SLionel Sambuc signer_info = &sd.signerInfos.val[i];
865ebfedea0SLionel Sambuc match_oid = NULL;
866ebfedea0SLionel Sambuc
867ebfedea0SLionel Sambuc if (signer_info->signature.length == 0) {
868ebfedea0SLionel Sambuc ret = HX509_CMS_MISSING_SIGNER_DATA;
869ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
870ebfedea0SLionel Sambuc "SignerInfo %d in SignedData "
871ebfedea0SLionel Sambuc "missing sigature", i);
872ebfedea0SLionel Sambuc continue;
873ebfedea0SLionel Sambuc }
874ebfedea0SLionel Sambuc
875ebfedea0SLionel Sambuc ret = find_CMSIdentifier(context, &signer_info->sid, certs,
876ebfedea0SLionel Sambuc _hx509_verify_get_time(ctx), &cert,
877ebfedea0SLionel Sambuc HX509_QUERY_KU_DIGITALSIGNATURE);
878ebfedea0SLionel Sambuc if (ret) {
879ebfedea0SLionel Sambuc /**
880ebfedea0SLionel Sambuc * If HX509_CMS_VS_NO_KU_CHECK is set, allow more liberal
881ebfedea0SLionel Sambuc * search for matching certificates by not considering
882ebfedea0SLionel Sambuc * KeyUsage bits on the certificates.
883ebfedea0SLionel Sambuc */
884ebfedea0SLionel Sambuc if ((flags & HX509_CMS_VS_NO_KU_CHECK) == 0)
885ebfedea0SLionel Sambuc continue;
886ebfedea0SLionel Sambuc
887ebfedea0SLionel Sambuc ret = find_CMSIdentifier(context, &signer_info->sid, certs,
888ebfedea0SLionel Sambuc _hx509_verify_get_time(ctx), &cert,
889ebfedea0SLionel Sambuc 0);
890ebfedea0SLionel Sambuc if (ret)
891ebfedea0SLionel Sambuc continue;
892ebfedea0SLionel Sambuc
893ebfedea0SLionel Sambuc }
894ebfedea0SLionel Sambuc
895ebfedea0SLionel Sambuc if (signer_info->signedAttrs) {
896ebfedea0SLionel Sambuc const Attribute *attr;
897ebfedea0SLionel Sambuc
898ebfedea0SLionel Sambuc CMSAttributes sa;
899ebfedea0SLionel Sambuc heim_octet_string os;
900ebfedea0SLionel Sambuc
901ebfedea0SLionel Sambuc sa.val = signer_info->signedAttrs->val;
902ebfedea0SLionel Sambuc sa.len = signer_info->signedAttrs->len;
903ebfedea0SLionel Sambuc
904ebfedea0SLionel Sambuc /* verify that sigature exists */
905ebfedea0SLionel Sambuc attr = find_attribute(&sa, &asn1_oid_id_pkcs9_messageDigest);
906ebfedea0SLionel Sambuc if (attr == NULL) {
907ebfedea0SLionel Sambuc ret = HX509_CRYPTO_SIGNATURE_MISSING;
908ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
909ebfedea0SLionel Sambuc "SignerInfo have signed attributes "
910ebfedea0SLionel Sambuc "but messageDigest (signature) "
911ebfedea0SLionel Sambuc "is missing");
912ebfedea0SLionel Sambuc goto next_sigature;
913ebfedea0SLionel Sambuc }
914ebfedea0SLionel Sambuc if (attr->value.len != 1) {
915ebfedea0SLionel Sambuc ret = HX509_CRYPTO_SIGNATURE_MISSING;
916ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
917ebfedea0SLionel Sambuc "SignerInfo have more then one "
918ebfedea0SLionel Sambuc "messageDigest (signature)");
919ebfedea0SLionel Sambuc goto next_sigature;
920ebfedea0SLionel Sambuc }
921ebfedea0SLionel Sambuc
922ebfedea0SLionel Sambuc ret = decode_MessageDigest(attr->value.val[0].data,
923ebfedea0SLionel Sambuc attr->value.val[0].length,
924ebfedea0SLionel Sambuc &os,
925ebfedea0SLionel Sambuc &size);
926ebfedea0SLionel Sambuc if (ret) {
927ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
928ebfedea0SLionel Sambuc "Failed to decode "
929ebfedea0SLionel Sambuc "messageDigest (signature)");
930ebfedea0SLionel Sambuc goto next_sigature;
931ebfedea0SLionel Sambuc }
932ebfedea0SLionel Sambuc
933ebfedea0SLionel Sambuc ret = _hx509_verify_signature(context,
934ebfedea0SLionel Sambuc NULL,
935ebfedea0SLionel Sambuc &signer_info->digestAlgorithm,
936ebfedea0SLionel Sambuc content,
937ebfedea0SLionel Sambuc &os);
938ebfedea0SLionel Sambuc der_free_octet_string(&os);
939ebfedea0SLionel Sambuc if (ret) {
940ebfedea0SLionel Sambuc hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
941ebfedea0SLionel Sambuc "Failed to verify messageDigest");
942ebfedea0SLionel Sambuc goto next_sigature;
943ebfedea0SLionel Sambuc }
944ebfedea0SLionel Sambuc
945ebfedea0SLionel Sambuc /*
946ebfedea0SLionel Sambuc * Fetch content oid inside signedAttrs or set it to
947ebfedea0SLionel Sambuc * id-pkcs7-data.
948ebfedea0SLionel Sambuc */
949ebfedea0SLionel Sambuc attr = find_attribute(&sa, &asn1_oid_id_pkcs9_contentType);
950ebfedea0SLionel Sambuc if (attr == NULL) {
951ebfedea0SLionel Sambuc match_oid = &asn1_oid_id_pkcs7_data;
952ebfedea0SLionel Sambuc } else {
953ebfedea0SLionel Sambuc if (attr->value.len != 1) {
954ebfedea0SLionel Sambuc ret = HX509_CMS_DATA_OID_MISMATCH;
955ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
956ebfedea0SLionel Sambuc "More then one oid in signedAttrs");
957ebfedea0SLionel Sambuc goto next_sigature;
958ebfedea0SLionel Sambuc
959ebfedea0SLionel Sambuc }
960ebfedea0SLionel Sambuc ret = decode_ContentType(attr->value.val[0].data,
961ebfedea0SLionel Sambuc attr->value.val[0].length,
962ebfedea0SLionel Sambuc &decode_oid,
963ebfedea0SLionel Sambuc &size);
964ebfedea0SLionel Sambuc if (ret) {
965ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
966ebfedea0SLionel Sambuc "Failed to decode "
967ebfedea0SLionel Sambuc "oid in signedAttrs");
968ebfedea0SLionel Sambuc goto next_sigature;
969ebfedea0SLionel Sambuc }
970ebfedea0SLionel Sambuc match_oid = &decode_oid;
971ebfedea0SLionel Sambuc }
972ebfedea0SLionel Sambuc
973ebfedea0SLionel Sambuc ASN1_MALLOC_ENCODE(CMSAttributes,
974ebfedea0SLionel Sambuc signed_data.data,
975ebfedea0SLionel Sambuc signed_data.length,
976ebfedea0SLionel Sambuc &sa,
977ebfedea0SLionel Sambuc &size, ret);
978ebfedea0SLionel Sambuc if (ret) {
979ebfedea0SLionel Sambuc if (match_oid == &decode_oid)
980ebfedea0SLionel Sambuc der_free_oid(&decode_oid);
981ebfedea0SLionel Sambuc hx509_clear_error_string(context);
982ebfedea0SLionel Sambuc goto next_sigature;
983ebfedea0SLionel Sambuc }
984ebfedea0SLionel Sambuc if (size != signed_data.length)
985ebfedea0SLionel Sambuc _hx509_abort("internal ASN.1 encoder error");
986ebfedea0SLionel Sambuc
987ebfedea0SLionel Sambuc } else {
988ebfedea0SLionel Sambuc signed_data.data = content->data;
989ebfedea0SLionel Sambuc signed_data.length = content->length;
990ebfedea0SLionel Sambuc match_oid = &asn1_oid_id_pkcs7_data;
991ebfedea0SLionel Sambuc }
992ebfedea0SLionel Sambuc
993ebfedea0SLionel Sambuc /**
994ebfedea0SLionel Sambuc * If HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH, allow
995ebfedea0SLionel Sambuc * encapContentInfo mismatch with the oid in signedAttributes
996ebfedea0SLionel Sambuc * (or if no signedAttributes where use, pkcs7-data oid).
997ebfedea0SLionel Sambuc * This is only needed to work with broken CMS implementations
998ebfedea0SLionel Sambuc * that doesn't follow CMS signedAttributes rules.
999ebfedea0SLionel Sambuc */
1000ebfedea0SLionel Sambuc
1001ebfedea0SLionel Sambuc if (der_heim_oid_cmp(match_oid, &sd.encapContentInfo.eContentType) &&
1002ebfedea0SLionel Sambuc (flags & HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH) == 0) {
1003ebfedea0SLionel Sambuc ret = HX509_CMS_DATA_OID_MISMATCH;
1004ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
1005ebfedea0SLionel Sambuc "Oid in message mismatch from the expected");
1006ebfedea0SLionel Sambuc }
1007ebfedea0SLionel Sambuc if (match_oid == &decode_oid)
1008ebfedea0SLionel Sambuc der_free_oid(&decode_oid);
1009ebfedea0SLionel Sambuc
1010ebfedea0SLionel Sambuc if (ret == 0) {
1011ebfedea0SLionel Sambuc ret = hx509_verify_signature(context,
1012ebfedea0SLionel Sambuc cert,
1013ebfedea0SLionel Sambuc &signer_info->signatureAlgorithm,
1014ebfedea0SLionel Sambuc &signed_data,
1015ebfedea0SLionel Sambuc &signer_info->signature);
1016ebfedea0SLionel Sambuc if (ret)
1017ebfedea0SLionel Sambuc hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
1018ebfedea0SLionel Sambuc "Failed to verify signature in "
1019ebfedea0SLionel Sambuc "CMS SignedData");
1020ebfedea0SLionel Sambuc }
1021ebfedea0SLionel Sambuc if (signer_info->signedAttrs)
1022ebfedea0SLionel Sambuc free(signed_data.data);
1023ebfedea0SLionel Sambuc if (ret)
1024ebfedea0SLionel Sambuc goto next_sigature;
1025ebfedea0SLionel Sambuc
1026ebfedea0SLionel Sambuc /**
1027ebfedea0SLionel Sambuc * If HX509_CMS_VS_NO_VALIDATE flags is set, do not verify the
1028ebfedea0SLionel Sambuc * signing certificates and leave that up to the caller.
1029ebfedea0SLionel Sambuc */
1030ebfedea0SLionel Sambuc
1031ebfedea0SLionel Sambuc if ((flags & HX509_CMS_VS_NO_VALIDATE) == 0) {
1032ebfedea0SLionel Sambuc ret = hx509_verify_path(context, ctx, cert, certs);
1033ebfedea0SLionel Sambuc if (ret)
1034ebfedea0SLionel Sambuc goto next_sigature;
1035ebfedea0SLionel Sambuc }
1036ebfedea0SLionel Sambuc
1037ebfedea0SLionel Sambuc ret = hx509_certs_add(context, *signer_certs, cert);
1038ebfedea0SLionel Sambuc if (ret)
1039ebfedea0SLionel Sambuc goto next_sigature;
1040ebfedea0SLionel Sambuc
1041ebfedea0SLionel Sambuc found_valid_sig++;
1042ebfedea0SLionel Sambuc
1043ebfedea0SLionel Sambuc next_sigature:
1044ebfedea0SLionel Sambuc if (cert)
1045ebfedea0SLionel Sambuc hx509_cert_free(cert);
1046ebfedea0SLionel Sambuc cert = NULL;
1047ebfedea0SLionel Sambuc }
1048ebfedea0SLionel Sambuc /**
1049ebfedea0SLionel Sambuc * If HX509_CMS_VS_ALLOW_ZERO_SIGNER is set, allow empty
1050ebfedea0SLionel Sambuc * SignerInfo (no signatures). If SignedData have no signatures,
1051ebfedea0SLionel Sambuc * the function will return 0 with signer_certs set to NULL. Zero
1052ebfedea0SLionel Sambuc * signers is allowed by the standard, but since its only useful
1053ebfedea0SLionel Sambuc * in corner cases, it make into a flag that the caller have to
1054ebfedea0SLionel Sambuc * turn on.
1055ebfedea0SLionel Sambuc */
1056ebfedea0SLionel Sambuc if (sd.signerInfos.len == 0 && (flags & HX509_CMS_VS_ALLOW_ZERO_SIGNER)) {
1057ebfedea0SLionel Sambuc if (*signer_certs)
1058ebfedea0SLionel Sambuc hx509_certs_free(signer_certs);
1059ebfedea0SLionel Sambuc } else if (found_valid_sig == 0) {
1060ebfedea0SLionel Sambuc if (ret == 0) {
1061ebfedea0SLionel Sambuc ret = HX509_CMS_SIGNER_NOT_FOUND;
1062ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
1063ebfedea0SLionel Sambuc "No signers where found");
1064ebfedea0SLionel Sambuc }
1065ebfedea0SLionel Sambuc goto out;
1066ebfedea0SLionel Sambuc }
1067ebfedea0SLionel Sambuc
1068ebfedea0SLionel Sambuc ret = der_copy_oid(&sd.encapContentInfo.eContentType, contentType);
1069ebfedea0SLionel Sambuc if (ret) {
1070ebfedea0SLionel Sambuc hx509_clear_error_string(context);
1071ebfedea0SLionel Sambuc goto out;
1072ebfedea0SLionel Sambuc }
1073ebfedea0SLionel Sambuc
1074ebfedea0SLionel Sambuc out:
1075ebfedea0SLionel Sambuc free_SignedData(&sd);
1076ebfedea0SLionel Sambuc if (certs)
1077ebfedea0SLionel Sambuc hx509_certs_free(&certs);
1078ebfedea0SLionel Sambuc if (ret) {
1079ebfedea0SLionel Sambuc if (content->data)
1080ebfedea0SLionel Sambuc der_free_octet_string(content);
1081ebfedea0SLionel Sambuc if (*signer_certs)
1082ebfedea0SLionel Sambuc hx509_certs_free(signer_certs);
1083ebfedea0SLionel Sambuc der_free_oid(contentType);
1084ebfedea0SLionel Sambuc der_free_octet_string(content);
1085ebfedea0SLionel Sambuc }
1086ebfedea0SLionel Sambuc
1087ebfedea0SLionel Sambuc return ret;
1088ebfedea0SLionel Sambuc }
1089ebfedea0SLionel Sambuc
1090ebfedea0SLionel Sambuc static int
add_one_attribute(Attribute ** attr,unsigned int * len,const heim_oid * oid,heim_octet_string * data)1091ebfedea0SLionel Sambuc add_one_attribute(Attribute **attr,
1092ebfedea0SLionel Sambuc unsigned int *len,
1093ebfedea0SLionel Sambuc const heim_oid *oid,
1094ebfedea0SLionel Sambuc heim_octet_string *data)
1095ebfedea0SLionel Sambuc {
1096ebfedea0SLionel Sambuc void *d;
1097ebfedea0SLionel Sambuc int ret;
1098ebfedea0SLionel Sambuc
1099ebfedea0SLionel Sambuc d = realloc(*attr, sizeof((*attr)[0]) * (*len + 1));
1100ebfedea0SLionel Sambuc if (d == NULL)
1101ebfedea0SLionel Sambuc return ENOMEM;
1102ebfedea0SLionel Sambuc (*attr) = d;
1103ebfedea0SLionel Sambuc
1104ebfedea0SLionel Sambuc ret = der_copy_oid(oid, &(*attr)[*len].type);
1105ebfedea0SLionel Sambuc if (ret)
1106ebfedea0SLionel Sambuc return ret;
1107ebfedea0SLionel Sambuc
1108ebfedea0SLionel Sambuc ALLOC_SEQ(&(*attr)[*len].value, 1);
1109ebfedea0SLionel Sambuc if ((*attr)[*len].value.val == NULL) {
1110ebfedea0SLionel Sambuc der_free_oid(&(*attr)[*len].type);
1111ebfedea0SLionel Sambuc return ENOMEM;
1112ebfedea0SLionel Sambuc }
1113ebfedea0SLionel Sambuc
1114ebfedea0SLionel Sambuc (*attr)[*len].value.val[0].data = data->data;
1115ebfedea0SLionel Sambuc (*attr)[*len].value.val[0].length = data->length;
1116ebfedea0SLionel Sambuc
1117ebfedea0SLionel Sambuc *len += 1;
1118ebfedea0SLionel Sambuc
1119ebfedea0SLionel Sambuc return 0;
1120ebfedea0SLionel Sambuc }
1121ebfedea0SLionel Sambuc
1122ebfedea0SLionel Sambuc /**
1123ebfedea0SLionel Sambuc * Decode SignedData and verify that the signature is correct.
1124ebfedea0SLionel Sambuc *
1125ebfedea0SLionel Sambuc * @param context A hx509 context.
1126ebfedea0SLionel Sambuc * @param flags
1127ebfedea0SLionel Sambuc * @param eContentType the type of the data.
1128ebfedea0SLionel Sambuc * @param data data to sign
1129ebfedea0SLionel Sambuc * @param length length of the data that data point to.
1130ebfedea0SLionel Sambuc * @param digest_alg digest algorithm to use, use NULL to get the
1131ebfedea0SLionel Sambuc * default or the peer determined algorithm.
1132ebfedea0SLionel Sambuc * @param cert certificate to use for sign the data.
1133ebfedea0SLionel Sambuc * @param peer info about the peer the message to send the message to,
1134ebfedea0SLionel Sambuc * like what digest algorithm to use.
1135ebfedea0SLionel Sambuc * @param anchors trust anchors that the client will use, used to
1136ebfedea0SLionel Sambuc * polulate the certificates included in the message
1137ebfedea0SLionel Sambuc * @param pool certificates to use in try to build the path to the
1138ebfedea0SLionel Sambuc * trust anchors.
1139ebfedea0SLionel Sambuc * @param signed_data the output of the function, free with
1140ebfedea0SLionel Sambuc * der_free_octet_string().
1141ebfedea0SLionel Sambuc *
1142ebfedea0SLionel Sambuc * @ingroup hx509_cms
1143ebfedea0SLionel Sambuc */
1144ebfedea0SLionel Sambuc
1145ebfedea0SLionel Sambuc int
hx509_cms_create_signed_1(hx509_context context,int flags,const heim_oid * eContentType,const void * data,size_t length,const AlgorithmIdentifier * digest_alg,hx509_cert cert,hx509_peer_info peer,hx509_certs anchors,hx509_certs pool,heim_octet_string * signed_data)1146ebfedea0SLionel Sambuc hx509_cms_create_signed_1(hx509_context context,
1147ebfedea0SLionel Sambuc int flags,
1148ebfedea0SLionel Sambuc const heim_oid *eContentType,
1149ebfedea0SLionel Sambuc const void *data, size_t length,
1150ebfedea0SLionel Sambuc const AlgorithmIdentifier *digest_alg,
1151ebfedea0SLionel Sambuc hx509_cert cert,
1152ebfedea0SLionel Sambuc hx509_peer_info peer,
1153ebfedea0SLionel Sambuc hx509_certs anchors,
1154ebfedea0SLionel Sambuc hx509_certs pool,
1155ebfedea0SLionel Sambuc heim_octet_string *signed_data)
1156ebfedea0SLionel Sambuc {
1157ebfedea0SLionel Sambuc hx509_certs certs;
1158ebfedea0SLionel Sambuc int ret = 0;
1159ebfedea0SLionel Sambuc
1160ebfedea0SLionel Sambuc signed_data->data = NULL;
1161ebfedea0SLionel Sambuc signed_data->length = 0;
1162ebfedea0SLionel Sambuc
1163ebfedea0SLionel Sambuc ret = hx509_certs_init(context, "MEMORY:certs", 0, NULL, &certs);
1164ebfedea0SLionel Sambuc if (ret)
1165ebfedea0SLionel Sambuc return ret;
1166ebfedea0SLionel Sambuc ret = hx509_certs_add(context, certs, cert);
1167ebfedea0SLionel Sambuc if (ret)
1168ebfedea0SLionel Sambuc goto out;
1169ebfedea0SLionel Sambuc
1170ebfedea0SLionel Sambuc ret = hx509_cms_create_signed(context, flags, eContentType, data, length,
1171ebfedea0SLionel Sambuc digest_alg, certs, peer, anchors, pool,
1172ebfedea0SLionel Sambuc signed_data);
1173ebfedea0SLionel Sambuc
1174ebfedea0SLionel Sambuc out:
1175ebfedea0SLionel Sambuc hx509_certs_free(&certs);
1176ebfedea0SLionel Sambuc return ret;
1177ebfedea0SLionel Sambuc }
1178ebfedea0SLionel Sambuc
1179ebfedea0SLionel Sambuc struct sigctx {
1180ebfedea0SLionel Sambuc SignedData sd;
1181ebfedea0SLionel Sambuc const AlgorithmIdentifier *digest_alg;
1182ebfedea0SLionel Sambuc const heim_oid *eContentType;
1183ebfedea0SLionel Sambuc heim_octet_string content;
1184ebfedea0SLionel Sambuc hx509_peer_info peer;
1185ebfedea0SLionel Sambuc int cmsidflag;
1186ebfedea0SLionel Sambuc int leafonly;
1187ebfedea0SLionel Sambuc hx509_certs certs;
1188ebfedea0SLionel Sambuc hx509_certs anchors;
1189ebfedea0SLionel Sambuc hx509_certs pool;
1190ebfedea0SLionel Sambuc };
1191ebfedea0SLionel Sambuc
1192ebfedea0SLionel Sambuc static int
sig_process(hx509_context context,void * ctx,hx509_cert cert)1193ebfedea0SLionel Sambuc sig_process(hx509_context context, void *ctx, hx509_cert cert)
1194ebfedea0SLionel Sambuc {
1195ebfedea0SLionel Sambuc struct sigctx *sigctx = ctx;
1196ebfedea0SLionel Sambuc heim_octet_string buf, sigdata = { 0, NULL };
1197ebfedea0SLionel Sambuc SignerInfo *signer_info = NULL;
1198ebfedea0SLionel Sambuc AlgorithmIdentifier digest;
1199ebfedea0SLionel Sambuc size_t size;
1200ebfedea0SLionel Sambuc void *ptr;
1201ebfedea0SLionel Sambuc int ret;
1202ebfedea0SLionel Sambuc SignedData *sd = &sigctx->sd;
1203ebfedea0SLionel Sambuc hx509_path path;
1204ebfedea0SLionel Sambuc
1205ebfedea0SLionel Sambuc memset(&digest, 0, sizeof(digest));
1206ebfedea0SLionel Sambuc memset(&path, 0, sizeof(path));
1207ebfedea0SLionel Sambuc
1208ebfedea0SLionel Sambuc if (_hx509_cert_private_key(cert) == NULL) {
1209ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
1210ebfedea0SLionel Sambuc "Private key missing for signing");
1211ebfedea0SLionel Sambuc return HX509_PRIVATE_KEY_MISSING;
1212ebfedea0SLionel Sambuc }
1213ebfedea0SLionel Sambuc
1214ebfedea0SLionel Sambuc if (sigctx->digest_alg) {
1215ebfedea0SLionel Sambuc ret = copy_AlgorithmIdentifier(sigctx->digest_alg, &digest);
1216ebfedea0SLionel Sambuc if (ret)
1217ebfedea0SLionel Sambuc hx509_clear_error_string(context);
1218ebfedea0SLionel Sambuc } else {
1219ebfedea0SLionel Sambuc ret = hx509_crypto_select(context, HX509_SELECT_DIGEST,
1220ebfedea0SLionel Sambuc _hx509_cert_private_key(cert),
1221ebfedea0SLionel Sambuc sigctx->peer, &digest);
1222ebfedea0SLionel Sambuc }
1223ebfedea0SLionel Sambuc if (ret)
1224ebfedea0SLionel Sambuc goto out;
1225ebfedea0SLionel Sambuc
1226ebfedea0SLionel Sambuc /*
1227ebfedea0SLionel Sambuc * Allocate on more signerInfo and do the signature processing
1228ebfedea0SLionel Sambuc */
1229ebfedea0SLionel Sambuc
1230ebfedea0SLionel Sambuc ptr = realloc(sd->signerInfos.val,
1231ebfedea0SLionel Sambuc (sd->signerInfos.len + 1) * sizeof(sd->signerInfos.val[0]));
1232ebfedea0SLionel Sambuc if (ptr == NULL) {
1233ebfedea0SLionel Sambuc ret = ENOMEM;
1234ebfedea0SLionel Sambuc goto out;
1235ebfedea0SLionel Sambuc }
1236ebfedea0SLionel Sambuc sd->signerInfos.val = ptr;
1237ebfedea0SLionel Sambuc
1238ebfedea0SLionel Sambuc signer_info = &sd->signerInfos.val[sd->signerInfos.len];
1239ebfedea0SLionel Sambuc
1240ebfedea0SLionel Sambuc memset(signer_info, 0, sizeof(*signer_info));
1241ebfedea0SLionel Sambuc
1242ebfedea0SLionel Sambuc signer_info->version = 1;
1243ebfedea0SLionel Sambuc
1244ebfedea0SLionel Sambuc ret = fill_CMSIdentifier(cert, sigctx->cmsidflag, &signer_info->sid);
1245ebfedea0SLionel Sambuc if (ret) {
1246ebfedea0SLionel Sambuc hx509_clear_error_string(context);
1247ebfedea0SLionel Sambuc goto out;
1248ebfedea0SLionel Sambuc }
1249ebfedea0SLionel Sambuc
1250ebfedea0SLionel Sambuc signer_info->signedAttrs = NULL;
1251ebfedea0SLionel Sambuc signer_info->unsignedAttrs = NULL;
1252ebfedea0SLionel Sambuc
1253ebfedea0SLionel Sambuc ret = copy_AlgorithmIdentifier(&digest, &signer_info->digestAlgorithm);
1254ebfedea0SLionel Sambuc if (ret) {
1255ebfedea0SLionel Sambuc hx509_clear_error_string(context);
1256ebfedea0SLionel Sambuc goto out;
1257ebfedea0SLionel Sambuc }
1258ebfedea0SLionel Sambuc
1259ebfedea0SLionel Sambuc /*
1260ebfedea0SLionel Sambuc * If it isn't pkcs7-data send signedAttributes
1261ebfedea0SLionel Sambuc */
1262ebfedea0SLionel Sambuc
1263ebfedea0SLionel Sambuc if (der_heim_oid_cmp(sigctx->eContentType, &asn1_oid_id_pkcs7_data) != 0) {
1264ebfedea0SLionel Sambuc CMSAttributes sa;
1265ebfedea0SLionel Sambuc heim_octet_string sig;
1266ebfedea0SLionel Sambuc
1267ebfedea0SLionel Sambuc ALLOC(signer_info->signedAttrs, 1);
1268ebfedea0SLionel Sambuc if (signer_info->signedAttrs == NULL) {
1269ebfedea0SLionel Sambuc ret = ENOMEM;
1270ebfedea0SLionel Sambuc goto out;
1271ebfedea0SLionel Sambuc }
1272ebfedea0SLionel Sambuc
1273ebfedea0SLionel Sambuc ret = _hx509_create_signature(context,
1274ebfedea0SLionel Sambuc NULL,
1275ebfedea0SLionel Sambuc &digest,
1276ebfedea0SLionel Sambuc &sigctx->content,
1277ebfedea0SLionel Sambuc NULL,
1278ebfedea0SLionel Sambuc &sig);
1279ebfedea0SLionel Sambuc if (ret)
1280ebfedea0SLionel Sambuc goto out;
1281ebfedea0SLionel Sambuc
1282ebfedea0SLionel Sambuc ASN1_MALLOC_ENCODE(MessageDigest,
1283ebfedea0SLionel Sambuc buf.data,
1284ebfedea0SLionel Sambuc buf.length,
1285ebfedea0SLionel Sambuc &sig,
1286ebfedea0SLionel Sambuc &size,
1287ebfedea0SLionel Sambuc ret);
1288ebfedea0SLionel Sambuc der_free_octet_string(&sig);
1289ebfedea0SLionel Sambuc if (ret) {
1290ebfedea0SLionel Sambuc hx509_clear_error_string(context);
1291ebfedea0SLionel Sambuc goto out;
1292ebfedea0SLionel Sambuc }
1293ebfedea0SLionel Sambuc if (size != buf.length)
1294ebfedea0SLionel Sambuc _hx509_abort("internal ASN.1 encoder error");
1295ebfedea0SLionel Sambuc
1296ebfedea0SLionel Sambuc ret = add_one_attribute(&signer_info->signedAttrs->val,
1297ebfedea0SLionel Sambuc &signer_info->signedAttrs->len,
1298ebfedea0SLionel Sambuc &asn1_oid_id_pkcs9_messageDigest,
1299ebfedea0SLionel Sambuc &buf);
1300ebfedea0SLionel Sambuc if (ret) {
1301ebfedea0SLionel Sambuc free(buf.data);
1302ebfedea0SLionel Sambuc hx509_clear_error_string(context);
1303ebfedea0SLionel Sambuc goto out;
1304ebfedea0SLionel Sambuc }
1305ebfedea0SLionel Sambuc
1306ebfedea0SLionel Sambuc
1307ebfedea0SLionel Sambuc ASN1_MALLOC_ENCODE(ContentType,
1308ebfedea0SLionel Sambuc buf.data,
1309ebfedea0SLionel Sambuc buf.length,
1310ebfedea0SLionel Sambuc sigctx->eContentType,
1311ebfedea0SLionel Sambuc &size,
1312ebfedea0SLionel Sambuc ret);
1313ebfedea0SLionel Sambuc if (ret)
1314ebfedea0SLionel Sambuc goto out;
1315ebfedea0SLionel Sambuc if (size != buf.length)
1316ebfedea0SLionel Sambuc _hx509_abort("internal ASN.1 encoder error");
1317ebfedea0SLionel Sambuc
1318ebfedea0SLionel Sambuc ret = add_one_attribute(&signer_info->signedAttrs->val,
1319ebfedea0SLionel Sambuc &signer_info->signedAttrs->len,
1320ebfedea0SLionel Sambuc &asn1_oid_id_pkcs9_contentType,
1321ebfedea0SLionel Sambuc &buf);
1322ebfedea0SLionel Sambuc if (ret) {
1323ebfedea0SLionel Sambuc free(buf.data);
1324ebfedea0SLionel Sambuc hx509_clear_error_string(context);
1325ebfedea0SLionel Sambuc goto out;
1326ebfedea0SLionel Sambuc }
1327ebfedea0SLionel Sambuc
1328ebfedea0SLionel Sambuc sa.val = signer_info->signedAttrs->val;
1329ebfedea0SLionel Sambuc sa.len = signer_info->signedAttrs->len;
1330ebfedea0SLionel Sambuc
1331ebfedea0SLionel Sambuc ASN1_MALLOC_ENCODE(CMSAttributes,
1332ebfedea0SLionel Sambuc sigdata.data,
1333ebfedea0SLionel Sambuc sigdata.length,
1334ebfedea0SLionel Sambuc &sa,
1335ebfedea0SLionel Sambuc &size,
1336ebfedea0SLionel Sambuc ret);
1337ebfedea0SLionel Sambuc if (ret) {
1338ebfedea0SLionel Sambuc hx509_clear_error_string(context);
1339ebfedea0SLionel Sambuc goto out;
1340ebfedea0SLionel Sambuc }
1341ebfedea0SLionel Sambuc if (size != sigdata.length)
1342ebfedea0SLionel Sambuc _hx509_abort("internal ASN.1 encoder error");
1343ebfedea0SLionel Sambuc } else {
1344ebfedea0SLionel Sambuc sigdata.data = sigctx->content.data;
1345ebfedea0SLionel Sambuc sigdata.length = sigctx->content.length;
1346ebfedea0SLionel Sambuc }
1347ebfedea0SLionel Sambuc
1348ebfedea0SLionel Sambuc {
1349ebfedea0SLionel Sambuc AlgorithmIdentifier sigalg;
1350ebfedea0SLionel Sambuc
1351ebfedea0SLionel Sambuc ret = hx509_crypto_select(context, HX509_SELECT_PUBLIC_SIG,
1352ebfedea0SLionel Sambuc _hx509_cert_private_key(cert), sigctx->peer,
1353ebfedea0SLionel Sambuc &sigalg);
1354ebfedea0SLionel Sambuc if (ret)
1355ebfedea0SLionel Sambuc goto out;
1356ebfedea0SLionel Sambuc
1357ebfedea0SLionel Sambuc ret = _hx509_create_signature(context,
1358ebfedea0SLionel Sambuc _hx509_cert_private_key(cert),
1359ebfedea0SLionel Sambuc &sigalg,
1360ebfedea0SLionel Sambuc &sigdata,
1361ebfedea0SLionel Sambuc &signer_info->signatureAlgorithm,
1362ebfedea0SLionel Sambuc &signer_info->signature);
1363ebfedea0SLionel Sambuc free_AlgorithmIdentifier(&sigalg);
1364ebfedea0SLionel Sambuc if (ret)
1365ebfedea0SLionel Sambuc goto out;
1366ebfedea0SLionel Sambuc }
1367ebfedea0SLionel Sambuc
1368ebfedea0SLionel Sambuc sigctx->sd.signerInfos.len++;
1369ebfedea0SLionel Sambuc signer_info = NULL;
1370ebfedea0SLionel Sambuc
1371ebfedea0SLionel Sambuc /*
1372ebfedea0SLionel Sambuc * Provide best effort path
1373ebfedea0SLionel Sambuc */
1374ebfedea0SLionel Sambuc if (sigctx->certs) {
1375ebfedea0SLionel Sambuc unsigned int i;
1376ebfedea0SLionel Sambuc
1377ebfedea0SLionel Sambuc if (sigctx->pool && sigctx->leafonly == 0) {
1378ebfedea0SLionel Sambuc _hx509_calculate_path(context,
1379ebfedea0SLionel Sambuc HX509_CALCULATE_PATH_NO_ANCHOR,
1380ebfedea0SLionel Sambuc time(NULL),
1381ebfedea0SLionel Sambuc sigctx->anchors,
1382ebfedea0SLionel Sambuc 0,
1383ebfedea0SLionel Sambuc cert,
1384ebfedea0SLionel Sambuc sigctx->pool,
1385ebfedea0SLionel Sambuc &path);
1386ebfedea0SLionel Sambuc } else
1387ebfedea0SLionel Sambuc _hx509_path_append(context, &path, cert);
1388ebfedea0SLionel Sambuc
1389ebfedea0SLionel Sambuc for (i = 0; i < path.len; i++) {
1390ebfedea0SLionel Sambuc /* XXX remove dups */
1391ebfedea0SLionel Sambuc ret = hx509_certs_add(context, sigctx->certs, path.val[i]);
1392ebfedea0SLionel Sambuc if (ret) {
1393ebfedea0SLionel Sambuc hx509_clear_error_string(context);
1394ebfedea0SLionel Sambuc goto out;
1395ebfedea0SLionel Sambuc }
1396ebfedea0SLionel Sambuc }
1397ebfedea0SLionel Sambuc }
1398ebfedea0SLionel Sambuc
1399ebfedea0SLionel Sambuc out:
1400ebfedea0SLionel Sambuc if (signer_info)
1401ebfedea0SLionel Sambuc free_SignerInfo(signer_info);
1402ebfedea0SLionel Sambuc if (sigdata.data != sigctx->content.data)
1403ebfedea0SLionel Sambuc der_free_octet_string(&sigdata);
1404ebfedea0SLionel Sambuc _hx509_path_free(&path);
1405ebfedea0SLionel Sambuc free_AlgorithmIdentifier(&digest);
1406ebfedea0SLionel Sambuc
1407ebfedea0SLionel Sambuc return ret;
1408ebfedea0SLionel Sambuc }
1409ebfedea0SLionel Sambuc
1410ebfedea0SLionel Sambuc static int
cert_process(hx509_context context,void * ctx,hx509_cert cert)1411ebfedea0SLionel Sambuc cert_process(hx509_context context, void *ctx, hx509_cert cert)
1412ebfedea0SLionel Sambuc {
1413ebfedea0SLionel Sambuc struct sigctx *sigctx = ctx;
1414ebfedea0SLionel Sambuc const unsigned int i = sigctx->sd.certificates->len;
1415ebfedea0SLionel Sambuc void *ptr;
1416ebfedea0SLionel Sambuc int ret;
1417ebfedea0SLionel Sambuc
1418ebfedea0SLionel Sambuc ptr = realloc(sigctx->sd.certificates->val,
1419ebfedea0SLionel Sambuc (i + 1) * sizeof(sigctx->sd.certificates->val[0]));
1420ebfedea0SLionel Sambuc if (ptr == NULL)
1421ebfedea0SLionel Sambuc return ENOMEM;
1422ebfedea0SLionel Sambuc sigctx->sd.certificates->val = ptr;
1423ebfedea0SLionel Sambuc
1424ebfedea0SLionel Sambuc ret = hx509_cert_binary(context, cert,
1425ebfedea0SLionel Sambuc &sigctx->sd.certificates->val[i]);
1426ebfedea0SLionel Sambuc if (ret == 0)
1427ebfedea0SLionel Sambuc sigctx->sd.certificates->len++;
1428ebfedea0SLionel Sambuc
1429ebfedea0SLionel Sambuc return ret;
1430ebfedea0SLionel Sambuc }
1431ebfedea0SLionel Sambuc
1432ebfedea0SLionel Sambuc static int
cmp_AlgorithmIdentifier(const AlgorithmIdentifier * p,const AlgorithmIdentifier * q)1433ebfedea0SLionel Sambuc cmp_AlgorithmIdentifier(const AlgorithmIdentifier *p, const AlgorithmIdentifier *q)
1434ebfedea0SLionel Sambuc {
1435ebfedea0SLionel Sambuc return der_heim_oid_cmp(&p->algorithm, &q->algorithm);
1436ebfedea0SLionel Sambuc }
1437ebfedea0SLionel Sambuc
1438ebfedea0SLionel Sambuc int
hx509_cms_create_signed(hx509_context context,int flags,const heim_oid * eContentType,const void * data,size_t length,const AlgorithmIdentifier * digest_alg,hx509_certs certs,hx509_peer_info peer,hx509_certs anchors,hx509_certs pool,heim_octet_string * signed_data)1439ebfedea0SLionel Sambuc hx509_cms_create_signed(hx509_context context,
1440ebfedea0SLionel Sambuc int flags,
1441ebfedea0SLionel Sambuc const heim_oid *eContentType,
1442ebfedea0SLionel Sambuc const void *data, size_t length,
1443ebfedea0SLionel Sambuc const AlgorithmIdentifier *digest_alg,
1444ebfedea0SLionel Sambuc hx509_certs certs,
1445ebfedea0SLionel Sambuc hx509_peer_info peer,
1446ebfedea0SLionel Sambuc hx509_certs anchors,
1447ebfedea0SLionel Sambuc hx509_certs pool,
1448ebfedea0SLionel Sambuc heim_octet_string *signed_data)
1449ebfedea0SLionel Sambuc {
1450ebfedea0SLionel Sambuc unsigned int i, j;
1451ebfedea0SLionel Sambuc hx509_name name;
1452ebfedea0SLionel Sambuc int ret;
1453ebfedea0SLionel Sambuc size_t size;
1454ebfedea0SLionel Sambuc struct sigctx sigctx;
1455ebfedea0SLionel Sambuc
1456ebfedea0SLionel Sambuc memset(&sigctx, 0, sizeof(sigctx));
1457ebfedea0SLionel Sambuc memset(&name, 0, sizeof(name));
1458ebfedea0SLionel Sambuc
1459ebfedea0SLionel Sambuc if (eContentType == NULL)
1460ebfedea0SLionel Sambuc eContentType = &asn1_oid_id_pkcs7_data;
1461ebfedea0SLionel Sambuc
1462ebfedea0SLionel Sambuc sigctx.digest_alg = digest_alg;
1463ebfedea0SLionel Sambuc sigctx.content.data = rk_UNCONST(data);
1464ebfedea0SLionel Sambuc sigctx.content.length = length;
1465ebfedea0SLionel Sambuc sigctx.eContentType = eContentType;
1466ebfedea0SLionel Sambuc sigctx.peer = peer;
1467ebfedea0SLionel Sambuc /**
1468ebfedea0SLionel Sambuc * Use HX509_CMS_SIGNATURE_ID_NAME to preferred use of issuer name
1469ebfedea0SLionel Sambuc * and serial number if possible. Otherwise subject key identifier
1470ebfedea0SLionel Sambuc * will preferred.
1471ebfedea0SLionel Sambuc */
1472ebfedea0SLionel Sambuc if (flags & HX509_CMS_SIGNATURE_ID_NAME)
1473ebfedea0SLionel Sambuc sigctx.cmsidflag = CMS_ID_NAME;
1474ebfedea0SLionel Sambuc else
1475ebfedea0SLionel Sambuc sigctx.cmsidflag = CMS_ID_SKI;
1476ebfedea0SLionel Sambuc
1477ebfedea0SLionel Sambuc /**
1478ebfedea0SLionel Sambuc * Use HX509_CMS_SIGNATURE_LEAF_ONLY to only request leaf
1479ebfedea0SLionel Sambuc * certificates to be added to the SignedData.
1480ebfedea0SLionel Sambuc */
1481ebfedea0SLionel Sambuc sigctx.leafonly = (flags & HX509_CMS_SIGNATURE_LEAF_ONLY) ? 1 : 0;
1482ebfedea0SLionel Sambuc
1483ebfedea0SLionel Sambuc /**
1484ebfedea0SLionel Sambuc * Use HX509_CMS_NO_CERTS to make the SignedData contain no
1485ebfedea0SLionel Sambuc * certificates, overrides HX509_CMS_SIGNATURE_LEAF_ONLY.
1486ebfedea0SLionel Sambuc */
1487ebfedea0SLionel Sambuc
1488ebfedea0SLionel Sambuc if ((flags & HX509_CMS_SIGNATURE_NO_CERTS) == 0) {
1489ebfedea0SLionel Sambuc ret = hx509_certs_init(context, "MEMORY:certs", 0, NULL, &sigctx.certs);
1490ebfedea0SLionel Sambuc if (ret)
1491ebfedea0SLionel Sambuc return ret;
1492ebfedea0SLionel Sambuc }
1493ebfedea0SLionel Sambuc
1494ebfedea0SLionel Sambuc sigctx.anchors = anchors;
1495ebfedea0SLionel Sambuc sigctx.pool = pool;
1496ebfedea0SLionel Sambuc
1497ebfedea0SLionel Sambuc sigctx.sd.version = CMSVersion_v3;
1498ebfedea0SLionel Sambuc
1499ebfedea0SLionel Sambuc der_copy_oid(eContentType, &sigctx.sd.encapContentInfo.eContentType);
1500ebfedea0SLionel Sambuc
1501ebfedea0SLionel Sambuc /**
1502ebfedea0SLionel Sambuc * Use HX509_CMS_SIGNATURE_DETACHED to create detached signatures.
1503ebfedea0SLionel Sambuc */
1504ebfedea0SLionel Sambuc if ((flags & HX509_CMS_SIGNATURE_DETACHED) == 0) {
1505ebfedea0SLionel Sambuc ALLOC(sigctx.sd.encapContentInfo.eContent, 1);
1506ebfedea0SLionel Sambuc if (sigctx.sd.encapContentInfo.eContent == NULL) {
1507ebfedea0SLionel Sambuc hx509_clear_error_string(context);
1508ebfedea0SLionel Sambuc ret = ENOMEM;
1509ebfedea0SLionel Sambuc goto out;
1510ebfedea0SLionel Sambuc }
1511ebfedea0SLionel Sambuc
1512ebfedea0SLionel Sambuc sigctx.sd.encapContentInfo.eContent->data = malloc(length);
1513ebfedea0SLionel Sambuc if (sigctx.sd.encapContentInfo.eContent->data == NULL) {
1514ebfedea0SLionel Sambuc hx509_clear_error_string(context);
1515ebfedea0SLionel Sambuc ret = ENOMEM;
1516ebfedea0SLionel Sambuc goto out;
1517ebfedea0SLionel Sambuc }
1518ebfedea0SLionel Sambuc memcpy(sigctx.sd.encapContentInfo.eContent->data, data, length);
1519ebfedea0SLionel Sambuc sigctx.sd.encapContentInfo.eContent->length = length;
1520ebfedea0SLionel Sambuc }
1521ebfedea0SLionel Sambuc
1522ebfedea0SLionel Sambuc /**
1523ebfedea0SLionel Sambuc * Use HX509_CMS_SIGNATURE_NO_SIGNER to create no sigInfo (no
1524ebfedea0SLionel Sambuc * signatures).
1525ebfedea0SLionel Sambuc */
1526ebfedea0SLionel Sambuc if ((flags & HX509_CMS_SIGNATURE_NO_SIGNER) == 0) {
1527ebfedea0SLionel Sambuc ret = hx509_certs_iter_f(context, certs, sig_process, &sigctx);
1528ebfedea0SLionel Sambuc if (ret)
1529ebfedea0SLionel Sambuc goto out;
1530ebfedea0SLionel Sambuc }
1531ebfedea0SLionel Sambuc
1532ebfedea0SLionel Sambuc if (sigctx.sd.signerInfos.len) {
1533*0a6a1f1dSLionel Sambuc
1534*0a6a1f1dSLionel Sambuc /*
1535*0a6a1f1dSLionel Sambuc * For each signerInfo, collect all different digest types.
1536*0a6a1f1dSLionel Sambuc */
1537ebfedea0SLionel Sambuc for (i = 0; i < sigctx.sd.signerInfos.len; i++) {
1538ebfedea0SLionel Sambuc AlgorithmIdentifier *di =
1539ebfedea0SLionel Sambuc &sigctx.sd.signerInfos.val[i].digestAlgorithm;
1540ebfedea0SLionel Sambuc
1541ebfedea0SLionel Sambuc for (j = 0; j < sigctx.sd.digestAlgorithms.len; j++)
1542ebfedea0SLionel Sambuc if (cmp_AlgorithmIdentifier(di, &sigctx.sd.digestAlgorithms.val[j]) == 0)
1543ebfedea0SLionel Sambuc break;
1544*0a6a1f1dSLionel Sambuc if (j == sigctx.sd.digestAlgorithms.len) {
1545ebfedea0SLionel Sambuc ret = add_DigestAlgorithmIdentifiers(&sigctx.sd.digestAlgorithms, di);
1546ebfedea0SLionel Sambuc if (ret) {
1547ebfedea0SLionel Sambuc hx509_clear_error_string(context);
1548ebfedea0SLionel Sambuc goto out;
1549ebfedea0SLionel Sambuc }
1550ebfedea0SLionel Sambuc }
1551ebfedea0SLionel Sambuc }
1552ebfedea0SLionel Sambuc }
1553ebfedea0SLionel Sambuc
1554*0a6a1f1dSLionel Sambuc /*
1555*0a6a1f1dSLionel Sambuc * Add certs we think are needed, build as part of sig_process
1556*0a6a1f1dSLionel Sambuc */
1557ebfedea0SLionel Sambuc if (sigctx.certs) {
1558ebfedea0SLionel Sambuc ALLOC(sigctx.sd.certificates, 1);
1559ebfedea0SLionel Sambuc if (sigctx.sd.certificates == NULL) {
1560ebfedea0SLionel Sambuc hx509_clear_error_string(context);
1561ebfedea0SLionel Sambuc ret = ENOMEM;
1562ebfedea0SLionel Sambuc goto out;
1563ebfedea0SLionel Sambuc }
1564ebfedea0SLionel Sambuc
1565ebfedea0SLionel Sambuc ret = hx509_certs_iter_f(context, sigctx.certs, cert_process, &sigctx);
1566ebfedea0SLionel Sambuc if (ret)
1567ebfedea0SLionel Sambuc goto out;
1568ebfedea0SLionel Sambuc }
1569ebfedea0SLionel Sambuc
1570ebfedea0SLionel Sambuc ASN1_MALLOC_ENCODE(SignedData,
1571ebfedea0SLionel Sambuc signed_data->data, signed_data->length,
1572ebfedea0SLionel Sambuc &sigctx.sd, &size, ret);
1573ebfedea0SLionel Sambuc if (ret) {
1574ebfedea0SLionel Sambuc hx509_clear_error_string(context);
1575ebfedea0SLionel Sambuc goto out;
1576ebfedea0SLionel Sambuc }
1577ebfedea0SLionel Sambuc if (signed_data->length != size)
1578ebfedea0SLionel Sambuc _hx509_abort("internal ASN.1 encoder error");
1579ebfedea0SLionel Sambuc
1580ebfedea0SLionel Sambuc out:
1581ebfedea0SLionel Sambuc hx509_certs_free(&sigctx.certs);
1582ebfedea0SLionel Sambuc free_SignedData(&sigctx.sd);
1583ebfedea0SLionel Sambuc
1584ebfedea0SLionel Sambuc return ret;
1585ebfedea0SLionel Sambuc }
1586ebfedea0SLionel Sambuc
1587ebfedea0SLionel Sambuc int
hx509_cms_decrypt_encrypted(hx509_context context,hx509_lock lock,const void * data,size_t length,heim_oid * contentType,heim_octet_string * content)1588ebfedea0SLionel Sambuc hx509_cms_decrypt_encrypted(hx509_context context,
1589ebfedea0SLionel Sambuc hx509_lock lock,
1590ebfedea0SLionel Sambuc const void *data,
1591ebfedea0SLionel Sambuc size_t length,
1592ebfedea0SLionel Sambuc heim_oid *contentType,
1593ebfedea0SLionel Sambuc heim_octet_string *content)
1594ebfedea0SLionel Sambuc {
1595ebfedea0SLionel Sambuc heim_octet_string cont;
1596ebfedea0SLionel Sambuc CMSEncryptedData ed;
1597ebfedea0SLionel Sambuc AlgorithmIdentifier *ai;
1598ebfedea0SLionel Sambuc int ret;
1599ebfedea0SLionel Sambuc
1600ebfedea0SLionel Sambuc memset(content, 0, sizeof(*content));
1601ebfedea0SLionel Sambuc memset(&cont, 0, sizeof(cont));
1602ebfedea0SLionel Sambuc
1603ebfedea0SLionel Sambuc ret = decode_CMSEncryptedData(data, length, &ed, NULL);
1604ebfedea0SLionel Sambuc if (ret) {
1605ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
1606ebfedea0SLionel Sambuc "Failed to decode CMSEncryptedData");
1607ebfedea0SLionel Sambuc return ret;
1608ebfedea0SLionel Sambuc }
1609ebfedea0SLionel Sambuc
1610ebfedea0SLionel Sambuc if (ed.encryptedContentInfo.encryptedContent == NULL) {
1611ebfedea0SLionel Sambuc ret = HX509_CMS_NO_DATA_AVAILABLE;
1612ebfedea0SLionel Sambuc hx509_set_error_string(context, 0, ret,
1613ebfedea0SLionel Sambuc "No content in EncryptedData");
1614ebfedea0SLionel Sambuc goto out;
1615ebfedea0SLionel Sambuc }
1616ebfedea0SLionel Sambuc
1617ebfedea0SLionel Sambuc ret = der_copy_oid(&ed.encryptedContentInfo.contentType, contentType);
1618ebfedea0SLionel Sambuc if (ret) {
1619ebfedea0SLionel Sambuc hx509_clear_error_string(context);
1620ebfedea0SLionel Sambuc goto out;
1621ebfedea0SLionel Sambuc }
1622ebfedea0SLionel Sambuc
1623ebfedea0SLionel Sambuc ai = &ed.encryptedContentInfo.contentEncryptionAlgorithm;
1624ebfedea0SLionel Sambuc if (ai->parameters == NULL) {
1625ebfedea0SLionel Sambuc ret = HX509_ALG_NOT_SUPP;
1626ebfedea0SLionel Sambuc hx509_clear_error_string(context);
1627ebfedea0SLionel Sambuc goto out;
1628ebfedea0SLionel Sambuc }
1629ebfedea0SLionel Sambuc
1630ebfedea0SLionel Sambuc ret = _hx509_pbe_decrypt(context,
1631ebfedea0SLionel Sambuc lock,
1632ebfedea0SLionel Sambuc ai,
1633ebfedea0SLionel Sambuc ed.encryptedContentInfo.encryptedContent,
1634ebfedea0SLionel Sambuc &cont);
1635ebfedea0SLionel Sambuc if (ret)
1636ebfedea0SLionel Sambuc goto out;
1637ebfedea0SLionel Sambuc
1638ebfedea0SLionel Sambuc *content = cont;
1639ebfedea0SLionel Sambuc
1640ebfedea0SLionel Sambuc out:
1641ebfedea0SLionel Sambuc if (ret) {
1642ebfedea0SLionel Sambuc if (cont.data)
1643ebfedea0SLionel Sambuc free(cont.data);
1644ebfedea0SLionel Sambuc }
1645ebfedea0SLionel Sambuc free_CMSEncryptedData(&ed);
1646ebfedea0SLionel Sambuc return ret;
1647ebfedea0SLionel Sambuc }
1648