search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Windows: Enable weak crypto by default
[heimdal.git] / lib / hx509 / cms.c
blob224c39086c4e064360d525c594a5b98844988116
1 /*
2 * Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "hx_locl.h"
35
36 /**
37 * @page page_cms CMS/PKCS7 message functions.
38 *
39 * CMS is defined in RFC 3369 and is an continuation of the RSA Labs
40 * standard PKCS7. The basic messages in CMS is
41 *
42 * - SignedData
43 * Data signed with private key (RSA, DSA, ECDSA) or secret
44 * (symmetric) key
45 * - EnvelopedData
46 * Data encrypted with private key (RSA)
47 * - EncryptedData
48 * Data encrypted with secret (symmetric) key.
49 * - ContentInfo
50 * Wrapper structure including type and data.
51 *
52 *
53 * See the library functions here: @ref hx509_cms
54 */
55
56 #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
57 #define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0)
58
59 /**
60 * Wrap data and oid in a ContentInfo and encode it.
61 *
62 * @param oid type of the content.
63 * @param buf data to be wrapped. If a NULL pointer is passed in, the
64 * optional content field in the ContentInfo is not going be filled
65 * in.
66 * @param res the encoded buffer, the result should be freed with
67 * der_free_octet_string().
68 *
69 * @return Returns an hx509 error code.
70 *
71 * @ingroup hx509_cms
72 */
73
74 int
75 hx509_cms_wrap_ContentInfo(const heim_oid *oid,
76 const heim_octet_string *buf,
77 heim_octet_string *res)
78 {
79 ContentInfo ci;
80 size_t size;
81 int ret;
82
83 memset(res, 0, sizeof(*res));
84 memset(&ci, 0, sizeof(ci));
85
86 ret = der_copy_oid(oid, &ci.contentType);
87 if (ret)
88 return ret;
89 if (buf) {
90 ALLOC(ci.content, 1);
91 if (ci.content == NULL) {
92 free_ContentInfo(&ci);
93 return ENOMEM;
94 }
95 ci.content->data = malloc(buf->length);
96 if (ci.content->data == NULL) {
97 free_ContentInfo(&ci);
98 return ENOMEM;
99 }
100 memcpy(ci.content->data, buf->data, buf->length);
101 ci.content->length = buf->length;
102 }
103
104 ASN1_MALLOC_ENCODE(ContentInfo, res->data, res->length, &ci, &size, ret);
105 free_ContentInfo(&ci);
106 if (ret)
107 return ret;
108 if (res->length != size)
109 _hx509_abort("internal ASN.1 encoder error");
110
111 return 0;
112 }
113
114 /**
115 * Decode an ContentInfo and unwrap data and oid it.
116 *
117 * @param in the encoded buffer.
118 * @param oid type of the content.
119 * @param out data to be wrapped.
120 * @param have_data since the data is optional, this flags show dthe
121 * diffrence between no data and the zero length data.
122 *
123 * @return Returns an hx509 error code.
124 *
125 * @ingroup hx509_cms
126 */
127
128 int
129 hx509_cms_unwrap_ContentInfo(const heim_octet_string *in,
130 heim_oid *oid,
131 heim_octet_string *out,
132 int *have_data)
133 {
134 ContentInfo ci;
135 size_t size;
136 int ret;
137
138 memset(oid, 0, sizeof(*oid));
139 memset(out, 0, sizeof(*out));
140
141 ret = decode_ContentInfo(in->data, in->length, &ci, &size);
142 if (ret)
143 return ret;
144
145 ret = der_copy_oid(&ci.contentType, oid);
146 if (ret) {
147 free_ContentInfo(&ci);
148 return ret;
149 }
150 if (ci.content) {
151 ret = der_copy_octet_string(ci.content, out);
152 if (ret) {
153 der_free_oid(oid);
154 free_ContentInfo(&ci);
155 return ret;
156 }
157 } else
158 memset(out, 0, sizeof(*out));
159
160 if (have_data)
161 *have_data = (ci.content != NULL) ? 1 : 0;
162
163 free_ContentInfo(&ci);
164
165 return 0;
166 }
167
168 #define CMS_ID_SKI 0
169 #define CMS_ID_NAME 1
170
171 static int
172 fill_CMSIdentifier(const hx509_cert cert,
173 int type,
174 CMSIdentifier *id)
175 {
176 int ret;
177
178 switch (type) {
179 case CMS_ID_SKI:
180 id->element = choice_CMSIdentifier_subjectKeyIdentifier;
181 ret = _hx509_find_extension_subject_key_id(_hx509_get_cert(cert),
182 &id->u.subjectKeyIdentifier);
183 if (ret == 0)
184 break;
185 /* FALL THOUGH */
186 case CMS_ID_NAME: {
187 hx509_name name;
188
189 id->element = choice_CMSIdentifier_issuerAndSerialNumber;
190 ret = hx509_cert_get_issuer(cert, &name);
191 if (ret)
192 return ret;
193 ret = hx509_name_to_Name(name, &id->u.issuerAndSerialNumber.issuer);
194 hx509_name_free(&name);
195 if (ret)
196 return ret;
197
198 ret = hx509_cert_get_serialnumber(cert, &id->u.issuerAndSerialNumber.serialNumber);
199 break;
200 }
201 default:
202 _hx509_abort("CMS fill identifier with unknown type");
203 }
204 return ret;
205 }
206
207 static int
208 unparse_CMSIdentifier(hx509_context context,
209 CMSIdentifier *id,
210 char **str)
211 {
212 int ret;
213
214 *str = NULL;
215 switch (id->element) {
216 case choice_CMSIdentifier_issuerAndSerialNumber: {
217 IssuerAndSerialNumber *iasn;
218 char *serial, *name;
219
220 iasn = &id->u.issuerAndSerialNumber;
221
222 ret = _hx509_Name_to_string(&iasn->issuer, &name);
223 if(ret)
224 return ret;
225 ret = der_print_hex_heim_integer(&iasn->serialNumber, &serial);
226 if (ret) {
227 free(name);
228 return ret;
229 }
230 asprintf(str, "certificate issued by %s with serial number %s",
231 name, serial);
232 free(name);
233 free(serial);
234 break;
235 }
236 case choice_CMSIdentifier_subjectKeyIdentifier: {
237 KeyIdentifier *ki = &id->u.subjectKeyIdentifier;
238 char *keyid;
239 ssize_t len;
240
241 len = hex_encode(ki->data, ki->length, &keyid);
242 if (len < 0)
243 return ENOMEM;
244
245 asprintf(str, "certificate with id %s", keyid);
246 free(keyid);
247 break;
248 }
249 default:
250 asprintf(str, "certificate have unknown CMSidentifier type");
251 break;
252 }
253 if (*str == NULL)
254 return ENOMEM;
255 return 0;
256 }
257
258 static int
259 find_CMSIdentifier(hx509_context context,
260 CMSIdentifier *client,
261 hx509_certs certs,
262 time_t time_now,
263 hx509_cert *signer_cert,
264 int match)
265 {
266 hx509_query q;
267 hx509_cert cert;
268 Certificate c;
269 int ret;
270
271 memset(&c, 0, sizeof(c));
272 _hx509_query_clear(&q);
273
274 *signer_cert = NULL;
275
276 switch (client->element) {
277 case choice_CMSIdentifier_issuerAndSerialNumber:
278 q.serial = &client->u.issuerAndSerialNumber.serialNumber;
279 q.issuer_name = &client->u.issuerAndSerialNumber.issuer;
280 q.match = HX509_QUERY_MATCH_SERIALNUMBER|HX509_QUERY_MATCH_ISSUER_NAME;
281 break;
282 case choice_CMSIdentifier_subjectKeyIdentifier:
283 q.subject_id = &client->u.subjectKeyIdentifier;
284 q.match = HX509_QUERY_MATCH_SUBJECT_KEY_ID;
285 break;
286 default:
287 hx509_set_error_string(context, 0, HX509_CMS_NO_RECIPIENT_CERTIFICATE,
288 "unknown CMS identifier element");
289 return HX509_CMS_NO_RECIPIENT_CERTIFICATE;
290 }
291
292 q.match |= match;
293
294 q.match |= HX509_QUERY_MATCH_TIME;
295 if (time_now)
296 q.timenow = time_now;
297 else
298 q.timenow = time(NULL);
299
300 ret = hx509_certs_find(context, certs, &q, &cert);
301 if (ret == HX509_CERT_NOT_FOUND) {
302 char *str;
303
304 ret = unparse_CMSIdentifier(context, client, &str);
305 if (ret == 0) {
306 hx509_set_error_string(context, 0,
307 HX509_CMS_NO_RECIPIENT_CERTIFICATE,
308 "Failed to find %s", str);
309 } else
310 hx509_clear_error_string(context);
311 return HX509_CMS_NO_RECIPIENT_CERTIFICATE;
312 } else if (ret) {
313 hx509_set_error_string(context, HX509_ERROR_APPEND,
314 HX509_CMS_NO_RECIPIENT_CERTIFICATE,
315 "Failed to find CMS id in cert store");
316 return HX509_CMS_NO_RECIPIENT_CERTIFICATE;
317 }
318
319 *signer_cert = cert;
320
321 return 0;
322 }
323
324 /**
325 * Decode and unencrypt EnvelopedData.
326 *
327 * Extract data and parameteres from from the EnvelopedData. Also
328 * supports using detached EnvelopedData.
329 *
330 * @param context A hx509 context.
331 * @param certs Certificate that can decrypt the EnvelopedData
332 * encryption key.
333 * @param flags HX509_CMS_UE flags to control the behavior.
334 * @param data pointer the structure the contains the DER/BER encoded
335 * EnvelopedData stucture.
336 * @param length length of the data that data point to.
337 * @param encryptedContent in case of detached signature, this
338 * contains the actual encrypted data, othersize its should be NULL.
339 * @param time_now set the current time, if zero the library uses now as the date.
340 * @param contentType output type oid, should be freed with der_free_oid().
341 * @param content the data, free with der_free_octet_string().
342 *
343 * @ingroup hx509_cms
344 */
345
346 int
347 hx509_cms_unenvelope(hx509_context context,
348 hx509_certs certs,
349 int flags,
350 const void *data,
351 size_t length,
352 const heim_octet_string *encryptedContent,
353 time_t time_now,
354 heim_oid *contentType,
355 heim_octet_string *content)
356 {
357 heim_octet_string key;
358 EnvelopedData ed;
359 hx509_cert cert;
360 AlgorithmIdentifier *ai;
361 const heim_octet_string *enccontent;
362 heim_octet_string *params, params_data;
363 heim_octet_string ivec;
364 size_t size;
365 int ret, i, matched = 0, findflags = 0;
366
367
368 memset(&key, 0, sizeof(key));
369 memset(&ed, 0, sizeof(ed));
370 memset(&ivec, 0, sizeof(ivec));
371 memset(content, 0, sizeof(*content));
372 memset(contentType, 0, sizeof(*contentType));
373
374 if ((flags & HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT) == 0)
375 findflags |= HX509_QUERY_KU_ENCIPHERMENT;
376
377 ret = decode_EnvelopedData(data, length, &ed, &size);
378 if (ret) {
379 hx509_set_error_string(context, 0, ret,
380 "Failed to decode EnvelopedData");
381 return ret;
382 }
383
384 if (ed.recipientInfos.len == 0) {
385 ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE;
386 hx509_set_error_string(context, 0, ret,
387 "No recipient info in enveloped data");
388 goto out;
389 }
390
391 enccontent = ed.encryptedContentInfo.encryptedContent;
392 if (enccontent == NULL) {
393 if (encryptedContent == NULL) {
394 ret = HX509_CMS_NO_DATA_AVAILABLE;
395 hx509_set_error_string(context, 0, ret,
396 "Content missing from encrypted data");
397 goto out;
398 }
399 enccontent = encryptedContent;
400 } else if (encryptedContent != NULL) {
401 ret = HX509_CMS_NO_DATA_AVAILABLE;
402 hx509_set_error_string(context, 0, ret,
403 "Both internal and external encrypted data");
404 goto out;
405 }
406
407 cert = NULL;
408 for (i = 0; i < ed.recipientInfos.len; i++) {
409 KeyTransRecipientInfo *ri;
410 char *str;
411 int ret2;
412
413 ri = &ed.recipientInfos.val[i];
414
415 ret = find_CMSIdentifier(context, &ri->rid, certs,
416 time_now, &cert,
417 HX509_QUERY_PRIVATE_KEY|findflags);
418 if (ret)
419 continue;
420
421 matched = 1; /* found a matching certificate, let decrypt */
422
423 ret = _hx509_cert_private_decrypt(context,
424 &ri->encryptedKey,
425 &ri->keyEncryptionAlgorithm.algorithm,
426 cert, &key);
427
428 hx509_cert_free(cert);
429 if (ret == 0)
430 break; /* succuessfully decrypted cert */
431 cert = NULL;
432 ret2 = unparse_CMSIdentifier(context, &ri->rid, &str);
433 if (ret2 == 0) {
434 hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
435 "Failed to decrypt with %s", str);
436 free(str);
437 }
438 }
439
440 if (!matched) {
441 ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE;
442 hx509_set_error_string(context, 0, ret,
443 "No private key matched any certificate");
444 goto out;
445 }
446
447 if (cert == NULL) {
448 ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE;
449 hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
450 "No private key decrypted the transfer key");
451 goto out;
452 }
453
454 ret = der_copy_oid(&ed.encryptedContentInfo.contentType, contentType);
455 if (ret) {
456 hx509_set_error_string(context, 0, ret,
457 "Failed to copy EnvelopedData content oid");
458 goto out;
459 }
460
461 ai = &ed.encryptedContentInfo.contentEncryptionAlgorithm;
462 if (ai->parameters) {
463 params_data.data = ai->parameters->data;
464 params_data.length = ai->parameters->length;
465 params = &params_data;
466 } else
467 params = NULL;
468
469 {
470 hx509_crypto crypto;
471
472 ret = hx509_crypto_init(context, NULL, &ai->algorithm, &crypto);
473 if (ret)
474 goto out;
475
476 if (flags & HX509_CMS_UE_ALLOW_WEAK)
477 hx509_crypto_allow_weak(crypto);
478
479 if (params) {
480 ret = hx509_crypto_set_params(context, crypto, params, &ivec);
481 if (ret) {
482 hx509_crypto_destroy(crypto);
483 goto out;
484 }
485 }
486
487 ret = hx509_crypto_set_key_data(crypto, key.data, key.length);
488 if (ret) {
489 hx509_crypto_destroy(crypto);
490 hx509_set_error_string(context, 0, ret,
491 "Failed to set key for decryption "
492 "of EnvelopedData");
493 goto out;
494 }
495
496 ret = hx509_crypto_decrypt(crypto,
497 enccontent->data,
498 enccontent->length,
499 ivec.length ? &ivec : NULL,
500 content);
501 hx509_crypto_destroy(crypto);
502 if (ret) {
503 hx509_set_error_string(context, 0, ret,
504 "Failed to decrypt EnvelopedData");
505 goto out;
506 }
507 }
508
509 out:
510
511 free_EnvelopedData(&ed);
512 der_free_octet_string(&key);
513 if (ivec.length)
514 der_free_octet_string(&ivec);
515 if (ret) {
516 der_free_oid(contentType);
517 der_free_octet_string(content);
518 }
519
520 return ret;
521 }
522
523 /**
524 * Encrypt end encode EnvelopedData.
525 *
526 * Encrypt and encode EnvelopedData. The data is encrypted with a
527 * random key and the the random key is encrypted with the
528 * certificates private key. This limits what private key type can be
529 * used to RSA.
530 *
531 * @param context A hx509 context.
532 * @param flags flags to control the behavior.
533 * - HX509_CMS_EV_NO_KU_CHECK - Dont check KU on certificate
534 * - HX509_CMS_EV_ALLOW_WEAK - Allow weak crytpo
535 * @param cert Certificate to encrypt the EnvelopedData encryption key
536 * with.
537 * @param data pointer the data to encrypt.
538 * @param length length of the data that data point to.
539 * @param encryption_type Encryption cipher to use for the bulk data,
540 * use NULL to get default.
541 * @param contentType type of the data that is encrypted
542 * @param content the output of the function,
543 * free with der_free_octet_string().
544 *
545 * @ingroup hx509_cms
546 */
547
548 int
549 hx509_cms_envelope_1(hx509_context context,
550 int flags,
551 hx509_cert cert,
552 const void *data,
553 size_t length,
554 const heim_oid *encryption_type,
555 const heim_oid *contentType,
556 heim_octet_string *content)
557 {
558 KeyTransRecipientInfo *ri;
559 heim_octet_string ivec;
560 heim_octet_string key;
561 hx509_crypto crypto = NULL;
562 EnvelopedData ed;
563 size_t size;
564 int ret;
565
566 memset(&ivec, 0, sizeof(ivec));
567 memset(&key, 0, sizeof(key));
568 memset(&ed, 0, sizeof(ed));
569 memset(content, 0, sizeof(*content));
570
571 if (encryption_type == NULL)
572 encryption_type = &asn1_oid_id_aes_256_cbc;
573
574 if ((flags & HX509_CMS_EV_NO_KU_CHECK) == 0) {
575 ret = _hx509_check_key_usage(context, cert, 1 << 2, TRUE);
576 if (ret)
577 goto out;
578 }
579
580 ret = hx509_crypto_init(context, NULL, encryption_type, &crypto);
581 if (ret)
582 goto out;
583
584 if (flags & HX509_CMS_EV_ALLOW_WEAK)
585 hx509_crypto_allow_weak(crypto);
586
587 ret = hx509_crypto_set_random_key(crypto, &key);
588 if (ret) {
589 hx509_set_error_string(context, 0, ret,
590 "Create random key for EnvelopedData content");
591 goto out;
592 }
593
594 ret = hx509_crypto_random_iv(crypto, &ivec);
595 if (ret) {
596 hx509_set_error_string(context, 0, ret,
597 "Failed to create a random iv");
598 goto out;
599 }
600
601 ret = hx509_crypto_encrypt(crypto,
602 data,
603 length,
604 &ivec,
605 &ed.encryptedContentInfo.encryptedContent);
606 if (ret) {
607 hx509_set_error_string(context, 0, ret,
608 "Failed to encrypt EnvelopedData content");
609 goto out;
610 }
611
612 {
613 AlgorithmIdentifier *enc_alg;
614 enc_alg = &ed.encryptedContentInfo.contentEncryptionAlgorithm;
615 ret = der_copy_oid(encryption_type, &enc_alg->algorithm);
616 if (ret) {
617 hx509_set_error_string(context, 0, ret,
618 "Failed to set crypto oid "
619 "for EnvelopedData");
620 goto out;
621 }
622 ALLOC(enc_alg->parameters, 1);
623 if (enc_alg->parameters == NULL) {
624 ret = ENOMEM;
625 hx509_set_error_string(context, 0, ret,
626 "Failed to allocate crypto paramaters "
627 "for EnvelopedData");
628 goto out;
629 }
630
631 ret = hx509_crypto_get_params(context,
632 crypto,
633 &ivec,
634 enc_alg->parameters);
635 if (ret) {
636 goto out;
637 }
638 }
639
640 ALLOC_SEQ(&ed.recipientInfos, 1);
641 if (ed.recipientInfos.val == NULL) {
642 ret = ENOMEM;
643 hx509_set_error_string(context, 0, ret,
644 "Failed to allocate recipients info "
645 "for EnvelopedData");
646 goto out;
647 }
648
649 ri = &ed.recipientInfos.val[0];
650
651 ri->version = 0;
652 ret = fill_CMSIdentifier(cert, CMS_ID_SKI, &ri->rid);
653 if (ret) {
654 hx509_set_error_string(context, 0, ret,
655 "Failed to set CMS identifier info "
656 "for EnvelopedData");
657 goto out;
658 }
659
660 ret = _hx509_cert_public_encrypt(context,
661 &key, cert,
662 &ri->keyEncryptionAlgorithm.algorithm,
663 &ri->encryptedKey);
664 if (ret) {
665 hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
666 "Failed to encrypt transport key for "
667 "EnvelopedData");
668 goto out;
669 }
670
671 /*
672 *
673 */
674
675 ed.version = 0;
676 ed.originatorInfo = NULL;
677
678 ret = der_copy_oid(contentType, &ed.encryptedContentInfo.contentType);
679 if (ret) {
680 hx509_set_error_string(context, 0, ret,
681 "Failed to copy content oid for "
682 "EnvelopedData");
683 goto out;
684 }
685
686 ed.unprotectedAttrs = NULL;
687
688 ASN1_MALLOC_ENCODE(EnvelopedData, content->data, content->length,
689 &ed, &size, ret);
690 if (ret) {
691 hx509_set_error_string(context, 0, ret,
692 "Failed to encode EnvelopedData");
693 goto out;
694 }
695 if (size != content->length)
696 _hx509_abort("internal ASN.1 encoder error");
697
698 out:
699 if (crypto)
700 hx509_crypto_destroy(crypto);
701 if (ret)
702 der_free_octet_string(content);
703 der_free_octet_string(&key);
704 der_free_octet_string(&ivec);
705 free_EnvelopedData(&ed);
706
707 return ret;
708 }
709
710 static int
711 any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs)
712 {
713 int ret, i;
714
715 if (sd->certificates == NULL)
716 return 0;
717
718 for (i = 0; i < sd->certificates->len; i++) {
719 hx509_cert c;
720
721 ret = hx509_cert_init_data(context,
722 sd->certificates->val[i].data,
723 sd->certificates->val[i].length,
724 &c);
725 if (ret)
726 return ret;
727 ret = hx509_certs_add(context, certs, c);
728 hx509_cert_free(c);
729 if (ret)
730 return ret;
731 }
732
733 return 0;
734 }
735
736 static const Attribute *
737 find_attribute(const CMSAttributes *attr, const heim_oid *oid)
738 {
739 int i;
740 for (i = 0; i < attr->len; i++)
741 if (der_heim_oid_cmp(&attr->val[i].type, oid) == 0)
742 return &attr->val[i];
743 return NULL;
744 }
745
746 /**
747 * Decode SignedData and verify that the signature is correct.
748 *
749 * @param context A hx509 context.
750 * @param ctx a hx509 verify context.
751 * @param flags to control the behaivor of the function.
752 * - HX509_CMS_VS_NO_KU_CHECK - Don't check KeyUsage
753 * - HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH - allow oid mismatch
754 * - HX509_CMS_VS_ALLOW_ZERO_SIGNER - no signer, see below.
755 * @param data pointer to CMS SignedData encoded data.
756 * @param length length of the data that data point to.
757 * @param signedContent external data used for signature.
758 * @param pool certificate pool to build certificates paths.
759 * @param contentType free with der_free_oid().
760 * @param content the output of the function, free with
761 * der_free_octet_string().
762 * @param signer_certs list of the cerficates used to sign this
763 * request, free with hx509_certs_free().
764 *
765 * @ingroup hx509_cms
766 */
767
768 int
769 hx509_cms_verify_signed(hx509_context context,
770 hx509_verify_ctx ctx,
771 unsigned int flags,
772 const void *data,
773 size_t length,
774 const heim_octet_string *signedContent,
775 hx509_certs pool,
776 heim_oid *contentType,
777 heim_octet_string *content,
778 hx509_certs *signer_certs)
779 {
780 SignerInfo *signer_info;
781 hx509_cert cert = NULL;
782 hx509_certs certs = NULL;
783 SignedData sd;
784 size_t size;
785 int ret, i, found_valid_sig;
786
787 *signer_certs = NULL;
788 content->data = NULL;
789 content->length = 0;
790 contentType->length = 0;
791 contentType->components = NULL;
792
793 memset(&sd, 0, sizeof(sd));
794
795 ret = decode_SignedData(data, length, &sd, &size);
796 if (ret) {
797 hx509_set_error_string(context, 0, ret,
798 "Failed to decode SignedData");
799 goto out;
800 }
801
802 if (sd.encapContentInfo.eContent == NULL && signedContent == NULL) {
803 ret = HX509_CMS_NO_DATA_AVAILABLE;
804 hx509_set_error_string(context, 0, ret,
805 "No content data in SignedData");
806 goto out;
807 }
808 if (sd.encapContentInfo.eContent && signedContent) {
809 ret = HX509_CMS_NO_DATA_AVAILABLE;
810 hx509_set_error_string(context, 0, ret,
811 "Both external and internal SignedData");
812 goto out;
813 }
814
815 if (sd.encapContentInfo.eContent)
816 ret = der_copy_octet_string(sd.encapContentInfo.eContent, content);
817 else
818 ret = der_copy_octet_string(signedContent, content);
819 if (ret) {
820 hx509_set_error_string(context, 0, ret, "malloc: out of memory");
821 goto out;
822 }
823
824 ret = hx509_certs_init(context, "MEMORY:cms-cert-buffer",
825 0, NULL, &certs);
826 if (ret)
827 goto out;
828
829 ret = hx509_certs_init(context, "MEMORY:cms-signer-certs",
830 0, NULL, signer_certs);
831 if (ret)
832 goto out;
833
834 /* XXX Check CMS version */
835
836 ret = any_to_certs(context, &sd, certs);
837 if (ret)
838 goto out;
839
840 if (pool) {
841 ret = hx509_certs_merge(context, certs, pool);
842 if (ret)
843 goto out;
844 }
845
846 for (found_valid_sig = 0, i = 0; i < sd.signerInfos.len; i++) {
847 heim_octet_string signed_data;
848 const heim_oid *match_oid;
849 heim_oid decode_oid;
850
851 signer_info = &sd.signerInfos.val[i];
852 match_oid = NULL;
853
854 if (signer_info->signature.length == 0) {
855 ret = HX509_CMS_MISSING_SIGNER_DATA;
856 hx509_set_error_string(context, 0, ret,
857 "SignerInfo %d in SignedData "
858 "missing sigature", i);
859 continue;
860 }
861
862 ret = find_CMSIdentifier(context, &signer_info->sid, certs,
863 _hx509_verify_get_time(ctx), &cert,
864 HX509_QUERY_KU_DIGITALSIGNATURE);
865 if (ret) {
866 /**
867 * If HX509_CMS_VS_NO_KU_CHECK is set, allow more liberal
868 * search for matching certificates by not considering
869 * KeyUsage bits on the certificates.
870 */
871 if ((flags & HX509_CMS_VS_NO_KU_CHECK) == 0)
872 continue;
873
874 ret = find_CMSIdentifier(context, &signer_info->sid, certs,
875 _hx509_verify_get_time(ctx), &cert,
876 0);
877 if (ret)
878 continue;
879
880 }
881
882 if (signer_info->signedAttrs) {
883 const Attribute *attr;
884
885 CMSAttributes sa;
886 heim_octet_string os;
887
888 sa.val = signer_info->signedAttrs->val;
889 sa.len = signer_info->signedAttrs->len;
890
891 /* verify that sigature exists */
892 attr = find_attribute(&sa, &asn1_oid_id_pkcs9_messageDigest);
893 if (attr == NULL) {
894 ret = HX509_CRYPTO_SIGNATURE_MISSING;
895 hx509_set_error_string(context, 0, ret,
896 "SignerInfo have signed attributes "
897 "but messageDigest (signature) "
898 "is missing");
899 goto next_sigature;
900 }
901 if (attr->value.len != 1) {
902 ret = HX509_CRYPTO_SIGNATURE_MISSING;
903 hx509_set_error_string(context, 0, ret,
904 "SignerInfo have more then one "
905 "messageDigest (signature)");
906 goto next_sigature;
907 }
908
909 ret = decode_MessageDigest(attr->value.val[0].data,
910 attr->value.val[0].length,
911 &os,
912 &size);
913 if (ret) {
914 hx509_set_error_string(context, 0, ret,
915 "Failed to decode "
916 "messageDigest (signature)");
917 goto next_sigature;
918 }
919
920 ret = _hx509_verify_signature(context,
921 NULL,
922 &signer_info->digestAlgorithm,
923 content,
924 &os);
925 der_free_octet_string(&os);
926 if (ret) {
927 hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
928 "Failed to verify messageDigest");
929 goto next_sigature;
930 }
931
932 /*
933 * Fetch content oid inside signedAttrs or set it to
934 * id-pkcs7-data.
935 */
936 attr = find_attribute(&sa, &asn1_oid_id_pkcs9_contentType);
937 if (attr == NULL) {
938 match_oid = &asn1_oid_id_pkcs7_data;
939 } else {
940 if (attr->value.len != 1) {
941 ret = HX509_CMS_DATA_OID_MISMATCH;
942 hx509_set_error_string(context, 0, ret,
943 "More then one oid in signedAttrs");
944 goto next_sigature;
945
946 }
947 ret = decode_ContentType(attr->value.val[0].data,
948 attr->value.val[0].length,
949 &decode_oid,
950 &size);
951 if (ret) {
952 hx509_set_error_string(context, 0, ret,
953 "Failed to decode "
954 "oid in signedAttrs");
955 goto next_sigature;
956 }
957 match_oid = &decode_oid;
958 }
959
960 ASN1_MALLOC_ENCODE(CMSAttributes,
961 signed_data.data,
962 signed_data.length,
963 &sa,
964 &size, ret);
965 if (ret) {
966 if (match_oid == &decode_oid)
967 der_free_oid(&decode_oid);
968 hx509_clear_error_string(context);
969 goto next_sigature;
970 }
971 if (size != signed_data.length)
972 _hx509_abort("internal ASN.1 encoder error");
973
974 } else {
975 signed_data.data = content->data;
976 signed_data.length = content->length;
977 match_oid = &asn1_oid_id_pkcs7_data;
978 }
979
980 /**
981 * If HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH, allow
982 * encapContentInfo mismatch with the oid in signedAttributes
983 * (or if no signedAttributes where use, pkcs7-data oid).
984 * This is only needed to work with broken CMS implementations
985 * that doesn't follow CMS signedAttributes rules.
986 */
987
988 if (der_heim_oid_cmp(match_oid, &sd.encapContentInfo.eContentType) &&
989 (flags & HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH) == 0) {
990 ret = HX509_CMS_DATA_OID_MISMATCH;
991 hx509_set_error_string(context, 0, ret,
992 "Oid in message mismatch from the expected");
993 }
994 if (match_oid == &decode_oid)
995 der_free_oid(&decode_oid);
996
997 if (ret == 0) {
998 ret = hx509_verify_signature(context,
999 cert,
1000 &signer_info->signatureAlgorithm,
1001 &signed_data,
1002 &signer_info->signature);
1003 if (ret)
1004 hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
1005 "Failed to verify signature in "
1006 "CMS SignedData");
1007 }
1008 if (signer_info->signedAttrs)
1009 free(signed_data.data);
1010 if (ret)
1011 goto next_sigature;
1012
1013 /**
1014 * If HX509_CMS_VS_NO_VALIDATE flags is set, do not verify the
1015 * signing certificates and leave that up to the caller.
1016 */
1017
1018 if ((flags & HX509_CMS_VS_NO_VALIDATE) == 0) {
1019 ret = hx509_verify_path(context, ctx, cert, certs);
1020 if (ret)
1021 goto next_sigature;
1022 }
1023
1024 ret = hx509_certs_add(context, *signer_certs, cert);
1025 if (ret)
1026 goto next_sigature;
1027
1028 found_valid_sig++;
1029
1030 next_sigature:
1031 if (cert)
1032 hx509_cert_free(cert);
1033 cert = NULL;
1034 }
1035 /**
1036 * If HX509_CMS_VS_ALLOW_ZERO_SIGNER is set, allow empty
1037 * SignerInfo (no signatures). If SignedData have no signatures,
1038 * the function will return 0 with signer_certs set to NULL. Zero
1039 * signers is allowed by the standard, but since its only useful
1040 * in corner cases, it make into a flag that the caller have to
1041 * turn on.
1042 */
1043 if (sd.signerInfos.len == 0 && (flags & HX509_CMS_VS_ALLOW_ZERO_SIGNER)) {
1044 if (*signer_certs)
1045 hx509_certs_free(signer_certs);
1046 } else if (found_valid_sig == 0) {
1047 if (ret == 0) {
1048 ret = HX509_CMS_SIGNER_NOT_FOUND;
1049 hx509_set_error_string(context, 0, ret,
1050 "No signers where found");
1051 }
1052 goto out;
1053 }
1054
1055 ret = der_copy_oid(&sd.encapContentInfo.eContentType, contentType);
1056 if (ret) {
1057 hx509_clear_error_string(context);
1058 goto out;
1059 }
1060
1061 out:
1062 free_SignedData(&sd);
1063 if (certs)
1064 hx509_certs_free(&certs);
1065 if (ret) {
1066 if (content->data)
1067 der_free_octet_string(content);
1068 if (*signer_certs)
1069 hx509_certs_free(signer_certs);
1070 der_free_oid(contentType);
1071 der_free_octet_string(content);
1072 }
1073
1074 return ret;
1075 }
1076
1077 static int
1078 add_one_attribute(Attribute **attr,
1079 unsigned int *len,
1080 const heim_oid *oid,
1081 heim_octet_string *data)
1082 {
1083 void *d;
1084 int ret;
1085
1086 d = realloc(*attr, sizeof((*attr)[0]) * (*len + 1));
1087 if (d == NULL)
1088 return ENOMEM;
1089 (*attr) = d;
1090
1091 ret = der_copy_oid(oid, &(*attr)[*len].type);
1092 if (ret)
1093 return ret;
1094
1095 ALLOC_SEQ(&(*attr)[*len].value, 1);
1096 if ((*attr)[*len].value.val == NULL) {
1097 der_free_oid(&(*attr)[*len].type);
1098 return ENOMEM;
1099 }
1100
1101 (*attr)[*len].value.val[0].data = data->data;
1102 (*attr)[*len].value.val[0].length = data->length;
1103
1104 *len += 1;
1105
1106 return 0;
1107 }
1108
1109 /**
1110 * Decode SignedData and verify that the signature is correct.
1111 *
1112 * @param context A hx509 context.
1113 * @param flags
1114 * @param eContentType the type of the data.
1115 * @param data data to sign
1116 * @param length length of the data that data point to.
1117 * @param digest_alg digest algorithm to use, use NULL to get the
1118 * default or the peer determined algorithm.
1119 * @param cert certificate to use for sign the data.
1120 * @param peer info about the peer the message to send the message to,
1121 * like what digest algorithm to use.
1122 * @param anchors trust anchors that the client will use, used to
1123 * polulate the certificates included in the message
1124 * @param pool certificates to use in try to build the path to the
1125 * trust anchors.
1126 * @param signed_data the output of the function, free with
1127 * der_free_octet_string().
1128 *
1129 * @ingroup hx509_cms
1130 */
1131
1132 int
1133 hx509_cms_create_signed_1(hx509_context context,
1134 int flags,
1135 const heim_oid *eContentType,
1136 const void *data, size_t length,
1137 const AlgorithmIdentifier *digest_alg,
1138 hx509_cert cert,
1139 hx509_peer_info peer,
1140 hx509_certs anchors,
1141 hx509_certs pool,
1142 heim_octet_string *signed_data)
1143 {
1144 hx509_certs certs;
1145 int ret = 0;
1146
1147 signed_data->data = NULL;
1148 signed_data->length = 0;
1149
1150 ret = hx509_certs_init(context, "MEMORY:certs", 0, NULL, &certs);
1151 if (ret)
1152 return ret;
1153 ret = hx509_certs_add(context, certs, cert);
1154 if (ret)
1155 goto out;
1156
1157 ret = hx509_cms_create_signed(context, flags, eContentType, data, length,
1158 digest_alg, certs, peer, anchors, pool,
1159 signed_data);
1160
1161 out:
1162 hx509_certs_free(&certs);
1163 return ret;
1164 }
1165
1166 struct sigctx {
1167 SignedData sd;
1168 const AlgorithmIdentifier *digest_alg;
1169 const heim_oid *eContentType;
1170 heim_octet_string content;
1171 hx509_peer_info peer;
1172 int cmsidflag;
1173 int leafonly;
1174 hx509_certs certs;
1175 hx509_certs anchors;
1176 hx509_certs pool;
1177 };
1178
1179 static int
1180 sig_process(hx509_context context, void *ctx, hx509_cert cert)
1181 {
1182 struct sigctx *sigctx = ctx;
1183 heim_octet_string buf, sigdata = { 0, NULL };
1184 SignerInfo *signer_info = NULL;
1185 AlgorithmIdentifier digest;
1186 size_t size;
1187 void *ptr;
1188 int ret;
1189 SignedData *sd = &sigctx->sd;
1190 hx509_path path;
1191
1192 memset(&digest, 0, sizeof(digest));
1193 memset(&path, 0, sizeof(path));
1194
1195 if (_hx509_cert_private_key(cert) == NULL) {
1196 hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
1197 "Private key missing for signing");
1198 return HX509_PRIVATE_KEY_MISSING;
1199 }
1200
1201 if (sigctx->digest_alg) {
1202 ret = copy_AlgorithmIdentifier(sigctx->digest_alg, &digest);
1203 if (ret)
1204 hx509_clear_error_string(context);
1205 } else {
1206 ret = hx509_crypto_select(context, HX509_SELECT_DIGEST,
1207 _hx509_cert_private_key(cert),
1208 sigctx->peer, &digest);
1209 }
1210 if (ret)
1211 goto out;
1212
1213 /*
1214 * Allocate on more signerInfo and do the signature processing
1215 */
1216
1217 ptr = realloc(sd->signerInfos.val,
1218 (sd->signerInfos.len + 1) * sizeof(sd->signerInfos.val[0]));
1219 if (ptr == NULL) {
1220 ret = ENOMEM;
1221 goto out;
1222 }
1223 sd->signerInfos.val = ptr;
1224
1225 signer_info = &sd->signerInfos.val[sd->signerInfos.len];
1226
1227 memset(signer_info, 0, sizeof(*signer_info));
1228
1229 signer_info->version = 1;
1230
1231 ret = fill_CMSIdentifier(cert, sigctx->cmsidflag, &signer_info->sid);
1232 if (ret) {
1233 hx509_clear_error_string(context);
1234 goto out;
1235 }
1236
1237 signer_info->signedAttrs = NULL;
1238 signer_info->unsignedAttrs = NULL;
1239
1240 ret = copy_AlgorithmIdentifier(&digest, &signer_info->digestAlgorithm);
1241 if (ret) {
1242 hx509_clear_error_string(context);
1243 goto out;
1244 }
1245
1246 /*
1247 * If it isn't pkcs7-data send signedAttributes
1248 */
1249
1250 if (der_heim_oid_cmp(sigctx->eContentType, &asn1_oid_id_pkcs7_data) != 0) {
1251 CMSAttributes sa;
1252 heim_octet_string sig;
1253
1254 ALLOC(signer_info->signedAttrs, 1);
1255 if (signer_info->signedAttrs == NULL) {
1256 ret = ENOMEM;
1257 goto out;
1258 }
1259
1260 ret = _hx509_create_signature(context,
1261 NULL,
1262 &digest,
1263 &sigctx->content,
1264 NULL,
1265 &sig);
1266 if (ret)
1267 goto out;
1268
1269 ASN1_MALLOC_ENCODE(MessageDigest,
1270 buf.data,
1271 buf.length,
1272 &sig,
1273 &size,
1274 ret);
1275 der_free_octet_string(&sig);
1276 if (ret) {
1277 hx509_clear_error_string(context);
1278 goto out;
1279 }
1280 if (size != buf.length)
1281 _hx509_abort("internal ASN.1 encoder error");
1282
1283 ret = add_one_attribute(&signer_info->signedAttrs->val,
1284 &signer_info->signedAttrs->len,
1285 &asn1_oid_id_pkcs9_messageDigest,
1286 &buf);
1287 if (ret) {
1288 free(buf.data);
1289 hx509_clear_error_string(context);
1290 goto out;
1291 }
1292
1293
1294 ASN1_MALLOC_ENCODE(ContentType,
1295 buf.data,
1296 buf.length,
1297 sigctx->eContentType,
1298 &size,
1299 ret);
1300 if (ret)
1301 goto out;
1302 if (size != buf.length)
1303 _hx509_abort("internal ASN.1 encoder error");
1304
1305 ret = add_one_attribute(&signer_info->signedAttrs->val,
1306 &signer_info->signedAttrs->len,
1307 &asn1_oid_id_pkcs9_contentType,
1308 &buf);
1309 if (ret) {
1310 free(buf.data);
1311 hx509_clear_error_string(context);
1312 goto out;
1313 }
1314
1315 sa.val = signer_info->signedAttrs->val;
1316 sa.len = signer_info->signedAttrs->len;
1317
1318 ASN1_MALLOC_ENCODE(CMSAttributes,
1319 sigdata.data,
1320 sigdata.length,
1321 &sa,
1322 &size,
1323 ret);
1324 if (ret) {
1325 hx509_clear_error_string(context);
1326 goto out;
1327 }
1328 if (size != sigdata.length)
1329 _hx509_abort("internal ASN.1 encoder error");
1330 } else {
1331 sigdata.data = sigctx->content.data;
1332 sigdata.length = sigctx->content.length;
1333 }
1334
1335 {
1336 AlgorithmIdentifier sigalg;
1337
1338 ret = hx509_crypto_select(context, HX509_SELECT_PUBLIC_SIG,
1339 _hx509_cert_private_key(cert), sigctx->peer,
1340 &sigalg);
1341 if (ret)
1342 goto out;
1343
1344 ret = _hx509_create_signature(context,
1345 _hx509_cert_private_key(cert),
1346 &sigalg,
1347 &sigdata,
1348 &signer_info->signatureAlgorithm,
1349 &signer_info->signature);
1350 free_AlgorithmIdentifier(&sigalg);
1351 if (ret)
1352 goto out;
1353 }
1354
1355 sigctx->sd.signerInfos.len++;
1356 signer_info = NULL;
1357
1358 /*
1359 * Provide best effort path
1360 */
1361 if (sigctx->certs) {
1362 unsigned int i;
1363
1364 if (sigctx->pool && sigctx->leafonly == 0) {
1365 _hx509_calculate_path(context,
1366 HX509_CALCULATE_PATH_NO_ANCHOR,
1367 time(NULL),
1368 sigctx->anchors,
1369 0,
1370 cert,
1371 sigctx->pool,
1372 &path);
1373 } else
1374 _hx509_path_append(context, &path, cert);
1375
1376 for (i = 0; i < path.len; i++) {
1377 /* XXX remove dups */
1378 ret = hx509_certs_add(context, sigctx->certs, path.val[i]);
1379 if (ret) {
1380 hx509_clear_error_string(context);
1381 goto out;
1382 }
1383 }
1384 }
1385
1386 out:
1387 if (signer_info)
1388 free_SignerInfo(signer_info);
1389 if (sigdata.data != sigctx->content.data)
1390 der_free_octet_string(&sigdata);
1391 _hx509_path_free(&path);
1392 free_AlgorithmIdentifier(&digest);
1393
1394 return ret;
1395 }
1396
1397 static int
1398 cert_process(hx509_context context, void *ctx, hx509_cert cert)
1399 {
1400 struct sigctx *sigctx = ctx;
1401 const unsigned int i = sigctx->sd.certificates->len;
1402 void *ptr;
1403 int ret;
1404
1405 ptr = realloc(sigctx->sd.certificates->val,
1406 (i + 1) * sizeof(sigctx->sd.certificates->val[0]));
1407 if (ptr == NULL)
1408 return ENOMEM;
1409 sigctx->sd.certificates->val = ptr;
1410
1411 ret = hx509_cert_binary(context, cert,
1412 &sigctx->sd.certificates->val[i]);
1413 if (ret == 0)
1414 sigctx->sd.certificates->len++;
1415
1416 return ret;
1417 }
1418
1419 static int
1420 cmp_AlgorithmIdentifier(const AlgorithmIdentifier *p, const AlgorithmIdentifier *q)
1421 {
1422 return der_heim_oid_cmp(&p->algorithm, &q->algorithm);
1423 }
1424
1425 int
1426 hx509_cms_create_signed(hx509_context context,
1427 int flags,
1428 const heim_oid *eContentType,
1429 const void *data, size_t length,
1430 const AlgorithmIdentifier *digest_alg,
1431 hx509_certs certs,
1432 hx509_peer_info peer,
1433 hx509_certs anchors,
1434 hx509_certs pool,
1435 heim_octet_string *signed_data)
1436 {
1437 unsigned int i, j;
1438 hx509_name name;
1439 int ret;
1440 size_t size;
1441 struct sigctx sigctx;
1442
1443 memset(&sigctx, 0, sizeof(sigctx));
1444 memset(&name, 0, sizeof(name));
1445
1446 if (eContentType == NULL)
1447 eContentType = &asn1_oid_id_pkcs7_data;
1448
1449 sigctx.digest_alg = digest_alg;
1450 sigctx.content.data = rk_UNCONST(data);
1451 sigctx.content.length = length;
1452 sigctx.eContentType = eContentType;
1453 sigctx.peer = peer;
1454 /**
1455 * Use HX509_CMS_SIGNATURE_ID_NAME to preferred use of issuer name
1456 * and serial number if possible. Otherwise subject key identifier
1457 * will preferred.
1458 */
1459 if (flags & HX509_CMS_SIGNATURE_ID_NAME)
1460 sigctx.cmsidflag = CMS_ID_NAME;
1461 else
1462 sigctx.cmsidflag = CMS_ID_SKI;
1463
1464 /**
1465 * Use HX509_CMS_SIGNATURE_LEAF_ONLY to only request leaf
1466 * certificates to be added to the SignedData.
1467 */
1468 sigctx.leafonly = (flags & HX509_CMS_SIGNATURE_LEAF_ONLY) ? 1 : 0;
1469
1470 /**
1471 * Use HX509_CMS_NO_CERTS to make the SignedData contain no
1472 * certificates, overrides HX509_CMS_SIGNATURE_LEAF_ONLY.
1473 */
1474
1475 if ((flags & HX509_CMS_SIGNATURE_NO_CERTS) == 0) {
1476 ret = hx509_certs_init(context, "MEMORY:certs", 0, NULL, &sigctx.certs);
1477 if (ret)
1478 return ret;
1479 }
1480
1481 sigctx.anchors = anchors;
1482 sigctx.pool = pool;
1483
1484 sigctx.sd.version = CMSVersion_v3;
1485
1486 der_copy_oid(eContentType, &sigctx.sd.encapContentInfo.eContentType);
1487
1488 /**
1489 * Use HX509_CMS_SIGNATURE_DETACHED to create detached signatures.
1490 */
1491 if ((flags & HX509_CMS_SIGNATURE_DETACHED) == 0) {
1492 ALLOC(sigctx.sd.encapContentInfo.eContent, 1);
1493 if (sigctx.sd.encapContentInfo.eContent == NULL) {
1494 hx509_clear_error_string(context);
1495 ret = ENOMEM;
1496 goto out;
1497 }
1498
1499 sigctx.sd.encapContentInfo.eContent->data = malloc(length);
1500 if (sigctx.sd.encapContentInfo.eContent->data == NULL) {
1501 hx509_clear_error_string(context);
1502 ret = ENOMEM;
1503 goto out;
1504 }
1505 memcpy(sigctx.sd.encapContentInfo.eContent->data, data, length);
1506 sigctx.sd.encapContentInfo.eContent->length = length;
1507 }
1508
1509 /**
1510 * Use HX509_CMS_SIGNATURE_NO_SIGNER to create no sigInfo (no
1511 * signatures).
1512 */
1513 if ((flags & HX509_CMS_SIGNATURE_NO_SIGNER) == 0) {
1514 ret = hx509_certs_iter_f(context, certs, sig_process, &sigctx);
1515 if (ret)
1516 goto out;
1517 }
1518
1519 if (sigctx.sd.signerInfos.len) {
1520 for (i = 0; i < sigctx.sd.signerInfos.len; i++) {
1521 AlgorithmIdentifier *di =
1522 &sigctx.sd.signerInfos.val[i].digestAlgorithm;
1523
1524 for (j = 0; j < sigctx.sd.digestAlgorithms.len; j++)
1525 if (cmp_AlgorithmIdentifier(di, &sigctx.sd.digestAlgorithms.val[j]) == 0)
1526 break;
1527 if (j < sigctx.sd.digestAlgorithms.len) {
1528 ret = add_DigestAlgorithmIdentifiers(&sigctx.sd.digestAlgorithms, di);
1529 if (ret) {
1530 hx509_clear_error_string(context);
1531 goto out;
1532 }
1533 }
1534 }
1535 }
1536
1537 if (sigctx.certs) {
1538 ALLOC(sigctx.sd.certificates, 1);
1539 if (sigctx.sd.certificates == NULL) {
1540 hx509_clear_error_string(context);
1541 ret = ENOMEM;
1542 goto out;
1543 }
1544
1545 ret = hx509_certs_iter_f(context, sigctx.certs, cert_process, &sigctx);
1546 if (ret)
1547 goto out;
1548 }
1549
1550 ASN1_MALLOC_ENCODE(SignedData,
1551 signed_data->data, signed_data->length,
1552 &sigctx.sd, &size, ret);
1553 if (ret) {
1554 hx509_clear_error_string(context);
1555 goto out;
1556 }
1557 if (signed_data->length != size)
1558 _hx509_abort("internal ASN.1 encoder error");
1559
1560 out:
1561 hx509_certs_free(&sigctx.certs);
1562 free_SignedData(&sigctx.sd);
1563
1564 return ret;
1565 }
1566
1567 int
1568 hx509_cms_decrypt_encrypted(hx509_context context,
1569 hx509_lock lock,
1570 const void *data,
1571 size_t length,
1572 heim_oid *contentType,
1573 heim_octet_string *content)
1574 {
1575 heim_octet_string cont;
1576 CMSEncryptedData ed;
1577 AlgorithmIdentifier *ai;
1578 int ret;
1579
1580 memset(content, 0, sizeof(*content));
1581 memset(&cont, 0, sizeof(cont));
1582
1583 ret = decode_CMSEncryptedData(data, length, &ed, NULL);
1584 if (ret) {
1585 hx509_set_error_string(context, 0, ret,
1586 "Failed to decode CMSEncryptedData");
1587 return ret;
1588 }
1589
1590 if (ed.encryptedContentInfo.encryptedContent == NULL) {
1591 ret = HX509_CMS_NO_DATA_AVAILABLE;
1592 hx509_set_error_string(context, 0, ret,
1593 "No content in EncryptedData");
1594 goto out;
1595 }
1596
1597 ret = der_copy_oid(&ed.encryptedContentInfo.contentType, contentType);
1598 if (ret) {
1599 hx509_clear_error_string(context);
1600 goto out;
1601 }
1602
1603 ai = &ed.encryptedContentInfo.contentEncryptionAlgorithm;
1604 if (ai->parameters == NULL) {
1605 ret = HX509_ALG_NOT_SUPP;
1606 hx509_clear_error_string(context);
1607 goto out;
1608 }
1609
1610 ret = _hx509_pbe_decrypt(context,
1611 lock,
1612 ai,
1613 ed.encryptedContentInfo.encryptedContent,
1614 &cont);
1615 if (ret)
1616 goto out;
1617
1618 *content = cont;
1619
1620 out:
1621 if (ret) {
1622 if (cont.data)
1623 free(cont.data);
1624 }
1625 free_CMSEncryptedData(&ed);
1626 return ret;
1627 }
Heimdal