search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add ability to specifiy PKCS#11 slot number when using hx509
[heimdal.git] / lib / hx509 / cms.c
blobc2438cc9036060be7b2e34b1c3dcdcc9ac6d7e5c
1 /*
2 * Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "hx_locl.h"
35
36 /**
37 * @page page_cms CMS/PKCS7 message functions.
38 *
39 * CMS is defined in RFC 3369 and is an continuation of the RSA Labs
40 * standard PKCS7. The basic messages in CMS is
41 *
42 * - SignedData
43 * Data signed with private key (RSA, DSA, ECDSA) or secret
44 * (symmetric) key
45 * - EnvelopedData
46 * Data encrypted with private key (RSA)
47 * - EncryptedData
48 * Data encrypted with secret (symmetric) key.
49 * - ContentInfo
50 * Wrapper structure including type and data.
51 *
52 *
53 * See the library functions here: @ref hx509_cms
54 */
55
56 #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
57 #define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0)
58
59 /**
60 * Wrap data and oid in a ContentInfo and encode it.
61 *
62 * @param oid type of the content.
63 * @param buf data to be wrapped. If a NULL pointer is passed in, the
64 * optional content field in the ContentInfo is not going be filled
65 * in.
66 * @param res the encoded buffer, the result should be freed with
67 * der_free_octet_string().
68 *
69 * @return Returns an hx509 error code.
70 *
71 * @ingroup hx509_cms
72 */
73
74 int
75 hx509_cms_wrap_ContentInfo(const heim_oid *oid,
76 const heim_octet_string *buf,
77 heim_octet_string *res)
78 {
79 ContentInfo ci;
80 size_t size;
81 int ret;
82
83 memset(res, 0, sizeof(*res));
84 memset(&ci, 0, sizeof(ci));
85
86 ret = der_copy_oid(oid, &ci.contentType);
87 if (ret)
88 return ret;
89 if (buf) {
90 ALLOC(ci.content, 1);
91 if (ci.content == NULL) {
92 free_ContentInfo(&ci);
93 return ENOMEM;
94 }
95 ci.content->data = malloc(buf->length);
96 if (ci.content->data == NULL) {
97 free_ContentInfo(&ci);
98 return ENOMEM;
99 }
100 memcpy(ci.content->data, buf->data, buf->length);
101 ci.content->length = buf->length;
102 }
103
104 ASN1_MALLOC_ENCODE(ContentInfo, res->data, res->length, &ci, &size, ret);
105 free_ContentInfo(&ci);
106 if (ret)
107 return ret;
108 if (res->length != size)
109 _hx509_abort("internal ASN.1 encoder error");
110
111 return 0;
112 }
113
114 /**
115 * Decode an ContentInfo and unwrap data and oid it.
116 *
117 * @param in the encoded buffer.
118 * @param oid type of the content.
119 * @param out data to be wrapped.
120 * @param have_data since the data is optional, this flags show dthe
121 * diffrence between no data and the zero length data.
122 *
123 * @return Returns an hx509 error code.
124 *
125 * @ingroup hx509_cms
126 */
127
128 int
129 hx509_cms_unwrap_ContentInfo(const heim_octet_string *in,
130 heim_oid *oid,
131 heim_octet_string *out,
132 int *have_data)
133 {
134 ContentInfo ci;
135 size_t size;
136 int ret;
137
138 memset(oid, 0, sizeof(*oid));
139 memset(out, 0, sizeof(*out));
140
141 ret = decode_ContentInfo(in->data, in->length, &ci, &size);
142 if (ret)
143 return ret;
144
145 ret = der_copy_oid(&ci.contentType, oid);
146 if (ret) {
147 free_ContentInfo(&ci);
148 return ret;
149 }
150 if (ci.content) {
151 ret = der_copy_octet_string(ci.content, out);
152 if (ret) {
153 der_free_oid(oid);
154 free_ContentInfo(&ci);
155 return ret;
156 }
157 } else
158 memset(out, 0, sizeof(*out));
159
160 if (have_data)
161 *have_data = (ci.content != NULL) ? 1 : 0;
162
163 free_ContentInfo(&ci);
164
165 return 0;
166 }
167
168 #define CMS_ID_SKI 0
169 #define CMS_ID_NAME 1
170
171 static int
172 fill_CMSIdentifier(const hx509_cert cert,
173 int type,
174 CMSIdentifier *id)
175 {
176 int ret;
177
178 switch (type) {
179 case CMS_ID_SKI:
180 id->element = choice_CMSIdentifier_subjectKeyIdentifier;
181 ret = _hx509_find_extension_subject_key_id(_hx509_get_cert(cert),
182 &id->u.subjectKeyIdentifier);
183 if (ret == 0)
184 break;
185 /* FALL THOUGH */
186 case CMS_ID_NAME: {
187 hx509_name name;
188
189 id->element = choice_CMSIdentifier_issuerAndSerialNumber;
190 ret = hx509_cert_get_issuer(cert, &name);
191 if (ret)
192 return ret;
193 ret = hx509_name_to_Name(name, &id->u.issuerAndSerialNumber.issuer);
194 hx509_name_free(&name);
195 if (ret)
196 return ret;
197
198 ret = hx509_cert_get_serialnumber(cert, &id->u.issuerAndSerialNumber.serialNumber);
199 break;
200 }
201 default:
202 _hx509_abort("CMS fill identifier with unknown type");
203 }
204 return ret;
205 }
206
207 static int
208 unparse_CMSIdentifier(hx509_context context,
209 CMSIdentifier *id,
210 char **str)
211 {
212 int ret = -1;
213
214 *str = NULL;
215 switch (id->element) {
216 case choice_CMSIdentifier_issuerAndSerialNumber: {
217 IssuerAndSerialNumber *iasn;
218 char *serial, *name;
219
220 iasn = &id->u.issuerAndSerialNumber;
221
222 ret = _hx509_Name_to_string(&iasn->issuer, &name);
223 if(ret)
224 return ret;
225 ret = der_print_hex_heim_integer(&iasn->serialNumber, &serial);
226 if (ret) {
227 free(name);
228 return ret;
229 }
230 ret = asprintf(str, "certificate issued by %s with serial number %s",
231 name, serial);
232 free(name);
233 free(serial);
234 break;
235 }
236 case choice_CMSIdentifier_subjectKeyIdentifier: {
237 KeyIdentifier *ki = &id->u.subjectKeyIdentifier;
238 char *keyid;
239 ssize_t len;
240
241 len = hex_encode(ki->data, ki->length, &keyid);
242 if (len < 0)
243 return ENOMEM;
244
245 ret = asprintf(str, "certificate with id %s", keyid);
246 free(keyid);
247 break;
248 }
249 default:
250 ret = asprintf(str, "certificate have unknown CMSidentifier type");
251 break;
252 }
253 /*
254 * In the following if, we check ret and *str which should be returned/set
255 * by asprintf(3) in every branch of the switch statement.
256 */
257 if (ret == -1 || *str == NULL)
258 return ENOMEM;
259 return 0;
260 }
261
262 static int
263 find_CMSIdentifier(hx509_context context,
264 CMSIdentifier *client,
265 hx509_certs certs,
266 time_t time_now,
267 hx509_cert *signer_cert,
268 int match)
269 {
270 hx509_query q;
271 hx509_cert cert;
272 Certificate c;
273 int ret;
274
275 memset(&c, 0, sizeof(c));
276 _hx509_query_clear(&q);
277
278 *signer_cert = NULL;
279
280 switch (client->element) {
281 case choice_CMSIdentifier_issuerAndSerialNumber:
282 q.serial = &client->u.issuerAndSerialNumber.serialNumber;
283 q.issuer_name = &client->u.issuerAndSerialNumber.issuer;
284 q.match = HX509_QUERY_MATCH_SERIALNUMBER|HX509_QUERY_MATCH_ISSUER_NAME;
285 break;
286 case choice_CMSIdentifier_subjectKeyIdentifier:
287 q.subject_id = &client->u.subjectKeyIdentifier;
288 q.match = HX509_QUERY_MATCH_SUBJECT_KEY_ID;
289 break;
290 default:
291 hx509_set_error_string(context, 0, HX509_CMS_NO_RECIPIENT_CERTIFICATE,
292 "unknown CMS identifier element");
293 return HX509_CMS_NO_RECIPIENT_CERTIFICATE;
294 }
295
296 q.match |= match;
297
298 q.match |= HX509_QUERY_MATCH_TIME;
299 if (time_now)
300 q.timenow = time_now;
301 else
302 q.timenow = time(NULL);
303
304 ret = hx509_certs_find(context, certs, &q, &cert);
305 if (ret == HX509_CERT_NOT_FOUND) {
306 char *str;
307
308 ret = unparse_CMSIdentifier(context, client, &str);
309 if (ret == 0) {
310 hx509_set_error_string(context, 0,
311 HX509_CMS_NO_RECIPIENT_CERTIFICATE,
312 "Failed to find %s", str);
313 } else
314 hx509_clear_error_string(context);
315 return HX509_CMS_NO_RECIPIENT_CERTIFICATE;
316 } else if (ret) {
317 hx509_set_error_string(context, HX509_ERROR_APPEND,
318 HX509_CMS_NO_RECIPIENT_CERTIFICATE,
319 "Failed to find CMS id in cert store");
320 return HX509_CMS_NO_RECIPIENT_CERTIFICATE;
321 }
322
323 *signer_cert = cert;
324
325 return 0;
326 }
327
328 /**
329 * Decode and unencrypt EnvelopedData.
330 *
331 * Extract data and parameteres from from the EnvelopedData. Also
332 * supports using detached EnvelopedData.
333 *
334 * @param context A hx509 context.
335 * @param certs Certificate that can decrypt the EnvelopedData
336 * encryption key.
337 * @param flags HX509_CMS_UE flags to control the behavior.
338 * @param data pointer the structure the contains the DER/BER encoded
339 * EnvelopedData stucture.
340 * @param length length of the data that data point to.
341 * @param encryptedContent in case of detached signature, this
342 * contains the actual encrypted data, othersize its should be NULL.
343 * @param time_now set the current time, if zero the library uses now as the date.
344 * @param contentType output type oid, should be freed with der_free_oid().
345 * @param content the data, free with der_free_octet_string().
346 *
347 * @ingroup hx509_cms
348 */
349
350 int
351 hx509_cms_unenvelope(hx509_context context,
352 hx509_certs certs,
353 int flags,
354 const void *data,
355 size_t length,
356 const heim_octet_string *encryptedContent,
357 time_t time_now,
358 heim_oid *contentType,
359 heim_octet_string *content)
360 {
361 heim_octet_string key;
362 EnvelopedData ed;
363 hx509_cert cert;
364 AlgorithmIdentifier *ai;
365 const heim_octet_string *enccontent;
366 heim_octet_string *params, params_data;
367 heim_octet_string ivec;
368 size_t size;
369 int ret, matched = 0, findflags = 0;
370 size_t i;
371
372
373 memset(&key, 0, sizeof(key));
374 memset(&ed, 0, sizeof(ed));
375 memset(&ivec, 0, sizeof(ivec));
376 memset(content, 0, sizeof(*content));
377 memset(contentType, 0, sizeof(*contentType));
378
379 if ((flags & HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT) == 0)
380 findflags |= HX509_QUERY_KU_ENCIPHERMENT;
381
382 ret = decode_EnvelopedData(data, length, &ed, &size);
383 if (ret) {
384 hx509_set_error_string(context, 0, ret,
385 "Failed to decode EnvelopedData");
386 return ret;
387 }
388
389 if (ed.recipientInfos.len == 0) {
390 ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE;
391 hx509_set_error_string(context, 0, ret,
392 "No recipient info in enveloped data");
393 goto out;
394 }
395
396 enccontent = ed.encryptedContentInfo.encryptedContent;
397 if (enccontent == NULL) {
398 if (encryptedContent == NULL) {
399 ret = HX509_CMS_NO_DATA_AVAILABLE;
400 hx509_set_error_string(context, 0, ret,
401 "Content missing from encrypted data");
402 goto out;
403 }
404 enccontent = encryptedContent;
405 } else if (encryptedContent != NULL) {
406 ret = HX509_CMS_NO_DATA_AVAILABLE;
407 hx509_set_error_string(context, 0, ret,
408 "Both internal and external encrypted data");
409 goto out;
410 }
411
412 cert = NULL;
413 for (i = 0; i < ed.recipientInfos.len; i++) {
414 KeyTransRecipientInfo *ri;
415 char *str;
416 int ret2;
417
418 ri = &ed.recipientInfos.val[i];
419
420 ret = find_CMSIdentifier(context, &ri->rid, certs,
421 time_now, &cert,
422 HX509_QUERY_PRIVATE_KEY|findflags);
423 if (ret)
424 continue;
425
426 matched = 1; /* found a matching certificate, let decrypt */
427
428 ret = _hx509_cert_private_decrypt(context,
429 &ri->encryptedKey,
430 &ri->keyEncryptionAlgorithm.algorithm,
431 cert, &key);
432
433 hx509_cert_free(cert);
434 if (ret == 0)
435 break; /* succuessfully decrypted cert */
436 cert = NULL;
437 ret2 = unparse_CMSIdentifier(context, &ri->rid, &str);
438 if (ret2 == 0) {
439 hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
440 "Failed to decrypt with %s", str);
441 free(str);
442 }
443 }
444
445 if (!matched) {
446 ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE;
447 hx509_set_error_string(context, 0, ret,
448 "No private key matched any certificate");
449 goto out;
450 }
451
452 if (cert == NULL) {
453 ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE;
454 hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
455 "No private key decrypted the transfer key");
456 goto out;
457 }
458
459 ret = der_copy_oid(&ed.encryptedContentInfo.contentType, contentType);
460 if (ret) {
461 hx509_set_error_string(context, 0, ret,
462 "Failed to copy EnvelopedData content oid");
463 goto out;
464 }
465
466 ai = &ed.encryptedContentInfo.contentEncryptionAlgorithm;
467 if (ai->parameters) {
468 params_data.data = ai->parameters->data;
469 params_data.length = ai->parameters->length;
470 params = &params_data;
471 } else
472 params = NULL;
473
474 {
475 hx509_crypto crypto;
476
477 ret = hx509_crypto_init(context, NULL, &ai->algorithm, &crypto);
478 if (ret)
479 goto out;
480
481 if (flags & HX509_CMS_UE_ALLOW_WEAK)
482 hx509_crypto_allow_weak(crypto);
483
484 if (params) {
485 ret = hx509_crypto_set_params(context, crypto, params, &ivec);
486 if (ret) {
487 hx509_crypto_destroy(crypto);
488 goto out;
489 }
490 }
491
492 ret = hx509_crypto_set_key_data(crypto, key.data, key.length);
493 if (ret) {
494 hx509_crypto_destroy(crypto);
495 hx509_set_error_string(context, 0, ret,
496 "Failed to set key for decryption "
497 "of EnvelopedData");
498 goto out;
499 }
500
501 ret = hx509_crypto_decrypt(crypto,
502 enccontent->data,
503 enccontent->length,
504 ivec.length ? &ivec : NULL,
505 content);
506 hx509_crypto_destroy(crypto);
507 if (ret) {
508 hx509_set_error_string(context, 0, ret,
509 "Failed to decrypt EnvelopedData");
510 goto out;
511 }
512 }
513
514 out:
515
516 free_EnvelopedData(&ed);
517 der_free_octet_string(&key);
518 if (ivec.length)
519 der_free_octet_string(&ivec);
520 if (ret) {
521 der_free_oid(contentType);
522 der_free_octet_string(content);
523 }
524
525 return ret;
526 }
527
528 /**
529 * Encrypt end encode EnvelopedData.
530 *
531 * Encrypt and encode EnvelopedData. The data is encrypted with a
532 * random key and the the random key is encrypted with the
533 * certificates private key. This limits what private key type can be
534 * used to RSA.
535 *
536 * @param context A hx509 context.
537 * @param flags flags to control the behavior.
538 * - HX509_CMS_EV_NO_KU_CHECK - Dont check KU on certificate
539 * - HX509_CMS_EV_ALLOW_WEAK - Allow weak crytpo
540 * - HX509_CMS_EV_ID_NAME - prefer issuer name and serial number
541 * @param cert Certificate to encrypt the EnvelopedData encryption key
542 * with.
543 * @param data pointer the data to encrypt.
544 * @param length length of the data that data point to.
545 * @param encryption_type Encryption cipher to use for the bulk data,
546 * use NULL to get default.
547 * @param contentType type of the data that is encrypted
548 * @param content the output of the function,
549 * free with der_free_octet_string().
550 *
551 * @ingroup hx509_cms
552 */
553
554 int
555 hx509_cms_envelope_1(hx509_context context,
556 int flags,
557 hx509_cert cert,
558 const void *data,
559 size_t length,
560 const heim_oid *encryption_type,
561 const heim_oid *contentType,
562 heim_octet_string *content)
563 {
564 KeyTransRecipientInfo *ri;
565 heim_octet_string ivec;
566 heim_octet_string key;
567 hx509_crypto crypto = NULL;
568 int ret, cmsidflag;
569 EnvelopedData ed;
570 size_t size;
571
572 memset(&ivec, 0, sizeof(ivec));
573 memset(&key, 0, sizeof(key));
574 memset(&ed, 0, sizeof(ed));
575 memset(content, 0, sizeof(*content));
576
577 if (encryption_type == NULL)
578 encryption_type = &asn1_oid_id_aes_256_cbc;
579
580 if ((flags & HX509_CMS_EV_NO_KU_CHECK) == 0) {
581 ret = _hx509_check_key_usage(context, cert, 1 << 2, TRUE);
582 if (ret)
583 goto out;
584 }
585
586 ret = hx509_crypto_init(context, NULL, encryption_type, &crypto);
587 if (ret)
588 goto out;
589
590 if (flags & HX509_CMS_EV_ALLOW_WEAK)
591 hx509_crypto_allow_weak(crypto);
592
593 ret = hx509_crypto_set_random_key(crypto, &key);
594 if (ret) {
595 hx509_set_error_string(context, 0, ret,
596 "Create random key for EnvelopedData content");
597 goto out;
598 }
599
600 ret = hx509_crypto_random_iv(crypto, &ivec);
601 if (ret) {
602 hx509_set_error_string(context, 0, ret,
603 "Failed to create a random iv");
604 goto out;
605 }
606
607 ret = hx509_crypto_encrypt(crypto,
608 data,
609 length,
610 &ivec,
611 &ed.encryptedContentInfo.encryptedContent);
612 if (ret) {
613 hx509_set_error_string(context, 0, ret,
614 "Failed to encrypt EnvelopedData content");
615 goto out;
616 }
617
618 {
619 AlgorithmIdentifier *enc_alg;
620 enc_alg = &ed.encryptedContentInfo.contentEncryptionAlgorithm;
621 ret = der_copy_oid(encryption_type, &enc_alg->algorithm);
622 if (ret) {
623 hx509_set_error_string(context, 0, ret,
624 "Failed to set crypto oid "
625 "for EnvelopedData");
626 goto out;
627 }
628 ALLOC(enc_alg->parameters, 1);
629 if (enc_alg->parameters == NULL) {
630 ret = ENOMEM;
631 hx509_set_error_string(context, 0, ret,
632 "Failed to allocate crypto paramaters "
633 "for EnvelopedData");
634 goto out;
635 }
636
637 ret = hx509_crypto_get_params(context,
638 crypto,
639 &ivec,
640 enc_alg->parameters);
641 if (ret) {
642 goto out;
643 }
644 }
645
646 ALLOC_SEQ(&ed.recipientInfos, 1);
647 if (ed.recipientInfos.val == NULL) {
648 ret = ENOMEM;
649 hx509_set_error_string(context, 0, ret,
650 "Failed to allocate recipients info "
651 "for EnvelopedData");
652 goto out;
653 }
654
655 ri = &ed.recipientInfos.val[0];
656
657 if (flags & HX509_CMS_EV_ID_NAME) {
658 ri->version = 0;
659 cmsidflag = CMS_ID_NAME;
660 } else {
661 ri->version = 2;
662 cmsidflag = CMS_ID_SKI;
663 }
664
665 ret = fill_CMSIdentifier(cert, cmsidflag, &ri->rid);
666 if (ret) {
667 hx509_set_error_string(context, 0, ret,
668 "Failed to set CMS identifier info "
669 "for EnvelopedData");
670 goto out;
671 }
672
673 ret = hx509_cert_public_encrypt(context,
674 &key, cert,
675 &ri->keyEncryptionAlgorithm.algorithm,
676 &ri->encryptedKey);
677 if (ret) {
678 hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
679 "Failed to encrypt transport key for "
680 "EnvelopedData");
681 goto out;
682 }
683
684 /*
685 *
686 */
687
688 ed.version = 0;
689 ed.originatorInfo = NULL;
690
691 ret = der_copy_oid(contentType, &ed.encryptedContentInfo.contentType);
692 if (ret) {
693 hx509_set_error_string(context, 0, ret,
694 "Failed to copy content oid for "
695 "EnvelopedData");
696 goto out;
697 }
698
699 ed.unprotectedAttrs = NULL;
700
701 ASN1_MALLOC_ENCODE(EnvelopedData, content->data, content->length,
702 &ed, &size, ret);
703 if (ret) {
704 hx509_set_error_string(context, 0, ret,
705 "Failed to encode EnvelopedData");
706 goto out;
707 }
708 if (size != content->length)
709 _hx509_abort("internal ASN.1 encoder error");
710
711 out:
712 if (crypto)
713 hx509_crypto_destroy(crypto);
714 if (ret)
715 der_free_octet_string(content);
716 der_free_octet_string(&key);
717 der_free_octet_string(&ivec);
718 free_EnvelopedData(&ed);
719
720 return ret;
721 }
722
723 static int
724 any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs)
725 {
726 int ret;
727 size_t i;
728
729 if (sd->certificates == NULL)
730 return 0;
731
732 for (i = 0; i < sd->certificates->len; i++) {
733 heim_error_t error;
734 hx509_cert c;
735
736 c = hx509_cert_init_data(context,
737 sd->certificates->val[i].data,
738 sd->certificates->val[i].length,
739 &error);
740 if (c == NULL) {
741 ret = heim_error_get_code(error);
742 heim_release(error);
743 return ret;
744 }
745 ret = hx509_certs_add(context, certs, c);
746 hx509_cert_free(c);
747 if (ret)
748 return ret;
749 }
750
751 return 0;
752 }
753
754 static const Attribute *
755 find_attribute(const CMSAttributes *attr, const heim_oid *oid)
756 {
757 size_t i;
758 for (i = 0; i < attr->len; i++)
759 if (der_heim_oid_cmp(&attr->val[i].type, oid) == 0)
760 return &attr->val[i];
761 return NULL;
762 }
763
764 /**
765 * Decode SignedData and verify that the signature is correct.
766 *
767 * @param context A hx509 context.
768 * @param ctx a hx509 verify context.
769 * @param flags to control the behaivor of the function.
770 * - HX509_CMS_VS_NO_KU_CHECK - Don't check KeyUsage
771 * - HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH - allow oid mismatch
772 * - HX509_CMS_VS_ALLOW_ZERO_SIGNER - no signer, see below.
773 * @param data pointer to CMS SignedData encoded data.
774 * @param length length of the data that data point to.
775 * @param signedContent external data used for signature.
776 * @param pool certificate pool to build certificates paths.
777 * @param contentType free with der_free_oid().
778 * @param content the output of the function, free with
779 * der_free_octet_string().
780 * @param signer_certs list of the cerficates used to sign this
781 * request, free with hx509_certs_free().
782 *
783 * @ingroup hx509_cms
784 */
785
786 int
787 hx509_cms_verify_signed(hx509_context context,
788 hx509_verify_ctx ctx,
789 unsigned int flags,
790 const void *data,
791 size_t length,
792 const heim_octet_string *signedContent,
793 hx509_certs pool,
794 heim_oid *contentType,
795 heim_octet_string *content,
796 hx509_certs *signer_certs)
797 {
798 SignerInfo *signer_info;
799 hx509_cert cert = NULL;
800 hx509_certs certs = NULL;
801 SignedData sd;
802 size_t size;
803 int ret, found_valid_sig;
804 size_t i;
805
806 *signer_certs = NULL;
807 content->data = NULL;
808 content->length = 0;
809 contentType->length = 0;
810 contentType->components = NULL;
811
812 memset(&sd, 0, sizeof(sd));
813
814 ret = decode_SignedData(data, length, &sd, &size);
815 if (ret) {
816 hx509_set_error_string(context, 0, ret,
817 "Failed to decode SignedData");
818 goto out;
819 }
820
821 if (sd.encapContentInfo.eContent == NULL && signedContent == NULL) {
822 ret = HX509_CMS_NO_DATA_AVAILABLE;
823 hx509_set_error_string(context, 0, ret,
824 "No content data in SignedData");
825 goto out;
826 }
827 if (sd.encapContentInfo.eContent && signedContent) {
828 ret = HX509_CMS_NO_DATA_AVAILABLE;
829 hx509_set_error_string(context, 0, ret,
830 "Both external and internal SignedData");
831 goto out;
832 }
833
834 if (sd.encapContentInfo.eContent)
835 ret = der_copy_octet_string(sd.encapContentInfo.eContent, content);
836 else
837 ret = der_copy_octet_string(signedContent, content);
838 if (ret) {
839 hx509_set_error_string(context, 0, ret, "malloc: out of memory");
840 goto out;
841 }
842
843 ret = hx509_certs_init(context, "MEMORY:cms-cert-buffer",
844 0, NULL, &certs);
845 if (ret)
846 goto out;
847
848 ret = hx509_certs_init(context, "MEMORY:cms-signer-certs",
849 0, NULL, signer_certs);
850 if (ret)
851 goto out;
852
853 /* XXX Check CMS version */
854
855 ret = any_to_certs(context, &sd, certs);
856 if (ret)
857 goto out;
858
859 if (pool) {
860 ret = hx509_certs_merge(context, certs, pool);
861 if (ret)
862 goto out;
863 }
864
865 for (found_valid_sig = 0, i = 0; i < sd.signerInfos.len; i++) {
866 heim_octet_string signed_data;
867 const heim_oid *match_oid;
868 heim_oid decode_oid;
869
870 signer_info = &sd.signerInfos.val[i];
871 match_oid = NULL;
872
873 if (signer_info->signature.length == 0) {
874 ret = HX509_CMS_MISSING_SIGNER_DATA;
875 hx509_set_error_string(context, 0, ret,
876 "SignerInfo %d in SignedData "
877 "missing sigature", i);
878 continue;
879 }
880
881 ret = find_CMSIdentifier(context, &signer_info->sid, certs,
882 _hx509_verify_get_time(ctx), &cert,
883 HX509_QUERY_KU_DIGITALSIGNATURE);
884 if (ret) {
885 /**
886 * If HX509_CMS_VS_NO_KU_CHECK is set, allow more liberal
887 * search for matching certificates by not considering
888 * KeyUsage bits on the certificates.
889 */
890 if ((flags & HX509_CMS_VS_NO_KU_CHECK) == 0)
891 continue;
892
893 ret = find_CMSIdentifier(context, &signer_info->sid, certs,
894 _hx509_verify_get_time(ctx), &cert,
895 0);
896 if (ret)
897 continue;
898
899 }
900
901 if (signer_info->signedAttrs) {
902 const Attribute *attr;
903
904 CMSAttributes sa;
905 heim_octet_string os;
906
907 sa.val = signer_info->signedAttrs->val;
908 sa.len = signer_info->signedAttrs->len;
909
910 /* verify that sigature exists */
911 attr = find_attribute(&sa, &asn1_oid_id_pkcs9_messageDigest);
912 if (attr == NULL) {
913 ret = HX509_CRYPTO_SIGNATURE_MISSING;
914 hx509_set_error_string(context, 0, ret,
915 "SignerInfo have signed attributes "
916 "but messageDigest (signature) "
917 "is missing");
918 goto next_sigature;
919 }
920 if (attr->value.len != 1) {
921 ret = HX509_CRYPTO_SIGNATURE_MISSING;
922 hx509_set_error_string(context, 0, ret,
923 "SignerInfo have more then one "
924 "messageDigest (signature)");
925 goto next_sigature;
926 }
927
928 ret = decode_MessageDigest(attr->value.val[0].data,
929 attr->value.val[0].length,
930 &os,
931 &size);
932 if (ret) {
933 hx509_set_error_string(context, 0, ret,
934 "Failed to decode "
935 "messageDigest (signature)");
936 goto next_sigature;
937 }
938
939 ret = _hx509_verify_signature(context,
940 NULL,
941 &signer_info->digestAlgorithm,
942 content,
943 &os);
944 der_free_octet_string(&os);
945 if (ret) {
946 hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
947 "Failed to verify messageDigest");
948 goto next_sigature;
949 }
950
951 /*
952 * Fetch content oid inside signedAttrs or set it to
953 * id-pkcs7-data.
954 */
955 attr = find_attribute(&sa, &asn1_oid_id_pkcs9_contentType);
956 if (attr == NULL) {
957 match_oid = &asn1_oid_id_pkcs7_data;
958 } else {
959 if (attr->value.len != 1) {
960 ret = HX509_CMS_DATA_OID_MISMATCH;
961 hx509_set_error_string(context, 0, ret,
962 "More then one oid in signedAttrs");
963 goto next_sigature;
964
965 }
966 ret = decode_ContentType(attr->value.val[0].data,
967 attr->value.val[0].length,
968 &decode_oid,
969 &size);
970 if (ret) {
971 hx509_set_error_string(context, 0, ret,
972 "Failed to decode "
973 "oid in signedAttrs");
974 goto next_sigature;
975 }
976 match_oid = &decode_oid;
977 }
978
979 ASN1_MALLOC_ENCODE(CMSAttributes,
980 signed_data.data,
981 signed_data.length,
982 &sa,
983 &size, ret);
984 if (ret) {
985 if (match_oid == &decode_oid)
986 der_free_oid(&decode_oid);
987 hx509_clear_error_string(context);
988 goto next_sigature;
989 }
990 if (size != signed_data.length)
991 _hx509_abort("internal ASN.1 encoder error");
992
993 } else {
994 signed_data.data = content->data;
995 signed_data.length = content->length;
996 match_oid = &asn1_oid_id_pkcs7_data;
997 }
998
999 /**
1000 * If HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH, allow
1001 * encapContentInfo mismatch with the oid in signedAttributes
1002 * (or if no signedAttributes where use, pkcs7-data oid).
1003 * This is only needed to work with broken CMS implementations
1004 * that doesn't follow CMS signedAttributes rules.
1005 */
1006
1007 if (der_heim_oid_cmp(match_oid, &sd.encapContentInfo.eContentType) &&
1008 (flags & HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH) == 0) {
1009 ret = HX509_CMS_DATA_OID_MISMATCH;
1010 hx509_set_error_string(context, 0, ret,
1011 "Oid in message mismatch from the expected");
1012 }
1013 if (match_oid == &decode_oid)
1014 der_free_oid(&decode_oid);
1015
1016 if (ret == 0) {
1017 ret = hx509_verify_signature(context,
1018 cert,
1019 &signer_info->signatureAlgorithm,
1020 &signed_data,
1021 &signer_info->signature);
1022 if (ret)
1023 hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
1024 "Failed to verify signature in "
1025 "CMS SignedData");
1026 }
1027 if (signer_info->signedAttrs)
1028 free(signed_data.data);
1029 if (ret)
1030 goto next_sigature;
1031
1032 /**
1033 * If HX509_CMS_VS_NO_VALIDATE flags is set, do not verify the
1034 * signing certificates and leave that up to the caller.
1035 */
1036
1037 if ((flags & HX509_CMS_VS_NO_VALIDATE) == 0) {
1038 ret = hx509_verify_path(context, ctx, cert, certs);
1039 if (ret)
1040 goto next_sigature;
1041 }
1042
1043 ret = hx509_certs_add(context, *signer_certs, cert);
1044 if (ret)
1045 goto next_sigature;
1046
1047 found_valid_sig++;
1048
1049 next_sigature:
1050 if (cert)
1051 hx509_cert_free(cert);
1052 cert = NULL;
1053 }
1054 /**
1055 * If HX509_CMS_VS_ALLOW_ZERO_SIGNER is set, allow empty
1056 * SignerInfo (no signatures). If SignedData have no signatures,
1057 * the function will return 0 with signer_certs set to NULL. Zero
1058 * signers is allowed by the standard, but since its only useful
1059 * in corner cases, it make into a flag that the caller have to
1060 * turn on.
1061 */
1062 if (sd.signerInfos.len == 0 && (flags & HX509_CMS_VS_ALLOW_ZERO_SIGNER)) {
1063 if (*signer_certs)
1064 hx509_certs_free(signer_certs);
1065 } else if (found_valid_sig == 0) {
1066 if (ret == 0) {
1067 ret = HX509_CMS_SIGNER_NOT_FOUND;
1068 hx509_set_error_string(context, 0, ret,
1069 "No signers where found");
1070 }
1071 goto out;
1072 }
1073
1074 ret = der_copy_oid(&sd.encapContentInfo.eContentType, contentType);
1075 if (ret) {
1076 hx509_clear_error_string(context);
1077 goto out;
1078 }
1079
1080 out:
1081 free_SignedData(&sd);
1082 if (certs)
1083 hx509_certs_free(&certs);
1084 if (ret) {
1085 if (content->data)
1086 der_free_octet_string(content);
1087 if (*signer_certs)
1088 hx509_certs_free(signer_certs);
1089 der_free_oid(contentType);
1090 der_free_octet_string(content);
1091 }
1092
1093 return ret;
1094 }
1095
1096 static int
1097 add_one_attribute(Attribute **attr,
1098 unsigned int *len,
1099 const heim_oid *oid,
1100 heim_octet_string *data)
1101 {
1102 void *d;
1103 int ret;
1104
1105 d = realloc(*attr, sizeof((*attr)[0]) * (*len + 1));
1106 if (d == NULL)
1107 return ENOMEM;
1108 (*attr) = d;
1109
1110 ret = der_copy_oid(oid, &(*attr)[*len].type);
1111 if (ret)
1112 return ret;
1113
1114 ALLOC_SEQ(&(*attr)[*len].value, 1);
1115 if ((*attr)[*len].value.val == NULL) {
1116 der_free_oid(&(*attr)[*len].type);
1117 return ENOMEM;
1118 }
1119
1120 (*attr)[*len].value.val[0].data = data->data;
1121 (*attr)[*len].value.val[0].length = data->length;
1122
1123 *len += 1;
1124
1125 return 0;
1126 }
1127
1128 /**
1129 * Decode SignedData and verify that the signature is correct.
1130 *
1131 * @param context A hx509 context.
1132 * @param flags
1133 * @param eContentType the type of the data.
1134 * @param data data to sign
1135 * @param length length of the data that data point to.
1136 * @param digest_alg digest algorithm to use, use NULL to get the
1137 * default or the peer determined algorithm.
1138 * @param cert certificate to use for sign the data.
1139 * @param peer info about the peer the message to send the message to,
1140 * like what digest algorithm to use.
1141 * @param anchors trust anchors that the client will use, used to
1142 * polulate the certificates included in the message
1143 * @param pool certificates to use in try to build the path to the
1144 * trust anchors.
1145 * @param signed_data the output of the function, free with
1146 * der_free_octet_string().
1147 *
1148 * @ingroup hx509_cms
1149 */
1150
1151 int
1152 hx509_cms_create_signed_1(hx509_context context,
1153 int flags,
1154 const heim_oid *eContentType,
1155 const void *data, size_t length,
1156 const AlgorithmIdentifier *digest_alg,
1157 hx509_cert cert,
1158 hx509_peer_info peer,
1159 hx509_certs anchors,
1160 hx509_certs pool,
1161 heim_octet_string *signed_data)
1162 {
1163 hx509_certs certs;
1164 int ret = 0;
1165
1166 signed_data->data = NULL;
1167 signed_data->length = 0;
1168
1169 ret = hx509_certs_init(context, "MEMORY:certs", 0, NULL, &certs);
1170 if (ret)
1171 return ret;
1172 ret = hx509_certs_add(context, certs, cert);
1173 if (ret)
1174 goto out;
1175
1176 ret = hx509_cms_create_signed(context, flags, eContentType, data, length,
1177 digest_alg, certs, peer, anchors, pool,
1178 signed_data);
1179
1180 out:
1181 hx509_certs_free(&certs);
1182 return ret;
1183 }
1184
1185 struct sigctx {
1186 SignedData sd;
1187 const AlgorithmIdentifier *digest_alg;
1188 const heim_oid *eContentType;
1189 heim_octet_string content;
1190 hx509_peer_info peer;
1191 int cmsidflag;
1192 int leafonly;
1193 hx509_certs certs;
1194 hx509_certs anchors;
1195 hx509_certs pool;
1196 };
1197
1198 static int
1199 sig_process(hx509_context context, void *ctx, hx509_cert cert)
1200 {
1201 struct sigctx *sigctx = ctx;
1202 heim_octet_string buf, sigdata = { 0, NULL };
1203 SignerInfo *signer_info = NULL;
1204 AlgorithmIdentifier digest;
1205 size_t size;
1206 void *ptr;
1207 int ret;
1208 SignedData *sd = &sigctx->sd;
1209 hx509_path path;
1210
1211 memset(&digest, 0, sizeof(digest));
1212 memset(&path, 0, sizeof(path));
1213
1214 if (_hx509_cert_private_key(cert) == NULL) {
1215 hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
1216 "Private key missing for signing");
1217 return HX509_PRIVATE_KEY_MISSING;
1218 }
1219
1220 if (sigctx->digest_alg) {
1221 ret = copy_AlgorithmIdentifier(sigctx->digest_alg, &digest);
1222 if (ret)
1223 hx509_clear_error_string(context);
1224 } else {
1225 ret = hx509_crypto_select(context, HX509_SELECT_DIGEST,
1226 _hx509_cert_private_key(cert),
1227 sigctx->peer, &digest);
1228 }
1229 if (ret)
1230 goto out;
1231
1232 /*
1233 * Allocate on more signerInfo and do the signature processing
1234 */
1235
1236 ptr = realloc(sd->signerInfos.val,
1237 (sd->signerInfos.len + 1) * sizeof(sd->signerInfos.val[0]));
1238 if (ptr == NULL) {
1239 ret = ENOMEM;
1240 goto out;
1241 }
1242 sd->signerInfos.val = ptr;
1243
1244 signer_info = &sd->signerInfos.val[sd->signerInfos.len];
1245
1246 memset(signer_info, 0, sizeof(*signer_info));
1247
1248 signer_info->version = 1;
1249
1250 ret = fill_CMSIdentifier(cert, sigctx->cmsidflag, &signer_info->sid);
1251 if (ret) {
1252 hx509_clear_error_string(context);
1253 goto out;
1254 }
1255
1256 signer_info->signedAttrs = NULL;
1257 signer_info->unsignedAttrs = NULL;
1258
1259 ret = copy_AlgorithmIdentifier(&digest, &signer_info->digestAlgorithm);
1260 if (ret) {
1261 hx509_clear_error_string(context);
1262 goto out;
1263 }
1264
1265 /*
1266 * If it isn't pkcs7-data send signedAttributes
1267 */
1268
1269 if (der_heim_oid_cmp(sigctx->eContentType, &asn1_oid_id_pkcs7_data) != 0) {
1270 CMSAttributes sa;
1271 heim_octet_string sig;
1272
1273 ALLOC(signer_info->signedAttrs, 1);
1274 if (signer_info->signedAttrs == NULL) {
1275 ret = ENOMEM;
1276 goto out;
1277 }
1278
1279 ret = _hx509_create_signature(context,
1280 NULL,
1281 &digest,
1282 &sigctx->content,
1283 NULL,
1284 &sig);
1285 if (ret)
1286 goto out;
1287
1288 ASN1_MALLOC_ENCODE(MessageDigest,
1289 buf.data,
1290 buf.length,
1291 &sig,
1292 &size,
1293 ret);
1294 der_free_octet_string(&sig);
1295 if (ret) {
1296 hx509_clear_error_string(context);
1297 goto out;
1298 }
1299 if (size != buf.length)
1300 _hx509_abort("internal ASN.1 encoder error");
1301
1302 ret = add_one_attribute(&signer_info->signedAttrs->val,
1303 &signer_info->signedAttrs->len,
1304 &asn1_oid_id_pkcs9_messageDigest,
1305 &buf);
1306 if (ret) {
1307 free(buf.data);
1308 hx509_clear_error_string(context);
1309 goto out;
1310 }
1311
1312
1313 ASN1_MALLOC_ENCODE(ContentType,
1314 buf.data,
1315 buf.length,
1316 sigctx->eContentType,
1317 &size,
1318 ret);
1319 if (ret)
1320 goto out;
1321 if (size != buf.length)
1322 _hx509_abort("internal ASN.1 encoder error");
1323
1324 ret = add_one_attribute(&signer_info->signedAttrs->val,
1325 &signer_info->signedAttrs->len,
1326 &asn1_oid_id_pkcs9_contentType,
1327 &buf);
1328 if (ret) {
1329 free(buf.data);
1330 hx509_clear_error_string(context);
1331 goto out;
1332 }
1333
1334 sa.val = signer_info->signedAttrs->val;
1335 sa.len = signer_info->signedAttrs->len;
1336
1337 ASN1_MALLOC_ENCODE(CMSAttributes,
1338 sigdata.data,
1339 sigdata.length,
1340 &sa,
1341 &size,
1342 ret);
1343 if (ret) {
1344 hx509_clear_error_string(context);
1345 goto out;
1346 }
1347 if (size != sigdata.length)
1348 _hx509_abort("internal ASN.1 encoder error");
1349 } else {
1350 sigdata.data = sigctx->content.data;
1351 sigdata.length = sigctx->content.length;
1352 }
1353
1354 {
1355 AlgorithmIdentifier sigalg;
1356
1357 ret = hx509_crypto_select(context, HX509_SELECT_PUBLIC_SIG,
1358 _hx509_cert_private_key(cert), sigctx->peer,
1359 &sigalg);
1360 if (ret)
1361 goto out;
1362
1363 ret = _hx509_create_signature(context,
1364 _hx509_cert_private_key(cert),
1365 &sigalg,
1366 &sigdata,
1367 &signer_info->signatureAlgorithm,
1368 &signer_info->signature);
1369 free_AlgorithmIdentifier(&sigalg);
1370 if (ret)
1371 goto out;
1372 }
1373
1374 sigctx->sd.signerInfos.len++;
1375 signer_info = NULL;
1376
1377 /*
1378 * Provide best effort path
1379 */
1380 if (sigctx->certs) {
1381 unsigned int i;
1382
1383 if (sigctx->pool && sigctx->leafonly == 0) {
1384 _hx509_calculate_path(context,
1385 HX509_CALCULATE_PATH_NO_ANCHOR,
1386 time(NULL),
1387 sigctx->anchors,
1388 0,
1389 cert,
1390 sigctx->pool,
1391 &path);
1392 } else
1393 _hx509_path_append(context, &path, cert);
1394
1395 for (i = 0; i < path.len; i++) {
1396 /* XXX remove dups */
1397 ret = hx509_certs_add(context, sigctx->certs, path.val[i]);
1398 if (ret) {
1399 hx509_clear_error_string(context);
1400 goto out;
1401 }
1402 }
1403 }
1404
1405 out:
1406 if (signer_info)
1407 free_SignerInfo(signer_info);
1408 if (sigdata.data != sigctx->content.data)
1409 der_free_octet_string(&sigdata);
1410 _hx509_path_free(&path);
1411 free_AlgorithmIdentifier(&digest);
1412
1413 return ret;
1414 }
1415
1416 static int
1417 cert_process(hx509_context context, void *ctx, hx509_cert cert)
1418 {
1419 struct sigctx *sigctx = ctx;
1420 const unsigned int i = sigctx->sd.certificates->len;
1421 void *ptr;
1422 int ret;
1423
1424 ptr = realloc(sigctx->sd.certificates->val,
1425 (i + 1) * sizeof(sigctx->sd.certificates->val[0]));
1426 if (ptr == NULL)
1427 return ENOMEM;
1428 sigctx->sd.certificates->val = ptr;
1429
1430 ret = hx509_cert_binary(context, cert,
1431 &sigctx->sd.certificates->val[i]);
1432 if (ret == 0)
1433 sigctx->sd.certificates->len++;
1434
1435 return ret;
1436 }
1437
1438 static int
1439 cmp_AlgorithmIdentifier(const AlgorithmIdentifier *p, const AlgorithmIdentifier *q)
1440 {
1441 return der_heim_oid_cmp(&p->algorithm, &q->algorithm);
1442 }
1443
1444 int
1445 hx509_cms_create_signed(hx509_context context,
1446 int flags,
1447 const heim_oid *eContentType,
1448 const void *data, size_t length,
1449 const AlgorithmIdentifier *digest_alg,
1450 hx509_certs certs,
1451 hx509_peer_info peer,
1452 hx509_certs anchors,
1453 hx509_certs pool,
1454 heim_octet_string *signed_data)
1455 {
1456 unsigned int i, j;
1457 hx509_name name;
1458 int ret;
1459 size_t size;
1460 struct sigctx sigctx;
1461
1462 memset(&sigctx, 0, sizeof(sigctx));
1463 memset(&name, 0, sizeof(name));
1464
1465 if (eContentType == NULL)
1466 eContentType = &asn1_oid_id_pkcs7_data;
1467
1468 sigctx.digest_alg = digest_alg;
1469 sigctx.content.data = rk_UNCONST(data);
1470 sigctx.content.length = length;
1471 sigctx.eContentType = eContentType;
1472 sigctx.peer = peer;
1473 /**
1474 * Use HX509_CMS_SIGNATURE_ID_NAME to preferred use of issuer name
1475 * and serial number if possible. Otherwise subject key identifier
1476 * will preferred.
1477 */
1478 if (flags & HX509_CMS_SIGNATURE_ID_NAME)
1479 sigctx.cmsidflag = CMS_ID_NAME;
1480 else
1481 sigctx.cmsidflag = CMS_ID_SKI;
1482
1483 /**
1484 * Use HX509_CMS_SIGNATURE_LEAF_ONLY to only request leaf
1485 * certificates to be added to the SignedData.
1486 */
1487 sigctx.leafonly = (flags & HX509_CMS_SIGNATURE_LEAF_ONLY) ? 1 : 0;
1488
1489 /**
1490 * Use HX509_CMS_NO_CERTS to make the SignedData contain no
1491 * certificates, overrides HX509_CMS_SIGNATURE_LEAF_ONLY.
1492 */
1493
1494 if ((flags & HX509_CMS_SIGNATURE_NO_CERTS) == 0) {
1495 ret = hx509_certs_init(context, "MEMORY:certs", 0, NULL, &sigctx.certs);
1496 if (ret)
1497 return ret;
1498 }
1499
1500 sigctx.anchors = anchors;
1501 sigctx.pool = pool;
1502
1503 sigctx.sd.version = CMSVersion_v3;
1504
1505 der_copy_oid(eContentType, &sigctx.sd.encapContentInfo.eContentType);
1506
1507 /**
1508 * Use HX509_CMS_SIGNATURE_DETACHED to create detached signatures.
1509 */
1510 if ((flags & HX509_CMS_SIGNATURE_DETACHED) == 0) {
1511 ALLOC(sigctx.sd.encapContentInfo.eContent, 1);
1512 if (sigctx.sd.encapContentInfo.eContent == NULL) {
1513 hx509_clear_error_string(context);
1514 ret = ENOMEM;
1515 goto out;
1516 }
1517
1518 sigctx.sd.encapContentInfo.eContent->data = malloc(length);
1519 if (sigctx.sd.encapContentInfo.eContent->data == NULL) {
1520 hx509_clear_error_string(context);
1521 ret = ENOMEM;
1522 goto out;
1523 }
1524 memcpy(sigctx.sd.encapContentInfo.eContent->data, data, length);
1525 sigctx.sd.encapContentInfo.eContent->length = length;
1526 }
1527
1528 /**
1529 * Use HX509_CMS_SIGNATURE_NO_SIGNER to create no sigInfo (no
1530 * signatures).
1531 */
1532 if ((flags & HX509_CMS_SIGNATURE_NO_SIGNER) == 0) {
1533 ret = hx509_certs_iter_f(context, certs, sig_process, &sigctx);
1534 if (ret)
1535 goto out;
1536 }
1537
1538 if (sigctx.sd.signerInfos.len) {
1539
1540 /*
1541 * For each signerInfo, collect all different digest types.
1542 */
1543 for (i = 0; i < sigctx.sd.signerInfos.len; i++) {
1544 AlgorithmIdentifier *di =
1545 &sigctx.sd.signerInfos.val[i].digestAlgorithm;
1546
1547 for (j = 0; j < sigctx.sd.digestAlgorithms.len; j++)
1548 if (cmp_AlgorithmIdentifier(di, &sigctx.sd.digestAlgorithms.val[j]) == 0)
1549 break;
1550 if (j == sigctx.sd.digestAlgorithms.len) {
1551 ret = add_DigestAlgorithmIdentifiers(&sigctx.sd.digestAlgorithms, di);
1552 if (ret) {
1553 hx509_clear_error_string(context);
1554 goto out;
1555 }
1556 }
1557 }
1558 }
1559
1560 /*
1561 * Add certs we think are needed, build as part of sig_process
1562 */
1563 if (sigctx.certs) {
1564 ALLOC(sigctx.sd.certificates, 1);
1565 if (sigctx.sd.certificates == NULL) {
1566 hx509_clear_error_string(context);
1567 ret = ENOMEM;
1568 goto out;
1569 }
1570
1571 ret = hx509_certs_iter_f(context, sigctx.certs, cert_process, &sigctx);
1572 if (ret)
1573 goto out;
1574 }
1575
1576 ASN1_MALLOC_ENCODE(SignedData,
1577 signed_data->data, signed_data->length,
1578 &sigctx.sd, &size, ret);
1579 if (ret) {
1580 hx509_clear_error_string(context);
1581 goto out;
1582 }
1583 if (signed_data->length != size)
1584 _hx509_abort("internal ASN.1 encoder error");
1585
1586 out:
1587 hx509_certs_free(&sigctx.certs);
1588 free_SignedData(&sigctx.sd);
1589
1590 return ret;
1591 }
1592
1593 int
1594 hx509_cms_decrypt_encrypted(hx509_context context,
1595 hx509_lock lock,
1596 const void *data,
1597 size_t length,
1598 heim_oid *contentType,
1599 heim_octet_string *content)
1600 {
1601 heim_octet_string cont;
1602 CMSEncryptedData ed;
1603 AlgorithmIdentifier *ai;
1604 int ret;
1605
1606 memset(content, 0, sizeof(*content));
1607 memset(&cont, 0, sizeof(cont));
1608
1609 ret = decode_CMSEncryptedData(data, length, &ed, NULL);
1610 if (ret) {
1611 hx509_set_error_string(context, 0, ret,
1612 "Failed to decode CMSEncryptedData");
1613 return ret;
1614 }
1615
1616 if (ed.encryptedContentInfo.encryptedContent == NULL) {
1617 ret = HX509_CMS_NO_DATA_AVAILABLE;
1618 hx509_set_error_string(context, 0, ret,
1619 "No content in EncryptedData");
1620 goto out;
1621 }
1622
1623 ret = der_copy_oid(&ed.encryptedContentInfo.contentType, contentType);
1624 if (ret) {
1625 hx509_clear_error_string(context);
1626 goto out;
1627 }
1628
1629 ai = &ed.encryptedContentInfo.contentEncryptionAlgorithm;
1630 if (ai->parameters == NULL) {
1631 ret = HX509_ALG_NOT_SUPP;
1632 hx509_clear_error_string(context);
1633 goto out;
1634 }
1635
1636 ret = _hx509_pbe_decrypt(context,
1637 lock,
1638 ai,
1639 ed.encryptedContentInfo.encryptedContent,
1640 &cont);
1641 if (ret)
1642 goto out;
1643
1644 *content = cont;
1645
1646 out:
1647 if (ret) {
1648 if (cont.data)
1649 free(cont.data);
1650 }
1651 free_CMSEncryptedData(&ed);
1652 return ret;
1653 }
Heimdal