2 * Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 * @page page_cms CMS/PKCS7 message functions.
40 * CMS is defined in RFC 3369 and is an continuation of the RSA Labs
41 * standard PKCS7. The basic messages in CMS is
44 * Data signed with private key (RSA, DSA, ECDSA) or secret
47 * Data encrypted with private key (RSA)
49 * Data encrypted with secret (symmetric) key.
51 * Wrapper structure including type and data.
54 * See the library functions here: @ref hx509_cms
57 #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
58 #define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0)
61 * Wrap data and oid in a ContentInfo and encode it.
63 * @param oid type of the content.
64 * @param buf data to be wrapped. If a NULL pointer is passed in, the
65 * optional content field in the ContentInfo is not going be filled
67 * @param res the encoded buffer, the result should be freed with
68 * der_free_octet_string().
70 * @return Returns an hx509 error code.
76 hx509_cms_wrap_ContentInfo(const heim_oid
*oid
,
77 const heim_octet_string
*buf
,
78 heim_octet_string
*res
)
84 memset(res
, 0, sizeof(*res
));
85 memset(&ci
, 0, sizeof(ci
));
87 ret
= der_copy_oid(oid
, &ci
.contentType
);
92 if (ci
.content
== NULL
) {
93 free_ContentInfo(&ci
);
96 ci
.content
->data
= malloc(buf
->length
);
97 if (ci
.content
->data
== NULL
) {
98 free_ContentInfo(&ci
);
101 memcpy(ci
.content
->data
, buf
->data
, buf
->length
);
102 ci
.content
->length
= buf
->length
;
105 ASN1_MALLOC_ENCODE(ContentInfo
, res
->data
, res
->length
, &ci
, &size
, ret
);
106 free_ContentInfo(&ci
);
109 if (res
->length
!= size
)
110 _hx509_abort("internal ASN.1 encoder error");
116 * Decode an ContentInfo and unwrap data and oid it.
118 * @param in the encoded buffer.
119 * @param oid type of the content.
120 * @param out data to be wrapped.
121 * @param have_data since the data is optional, this flags show dthe
122 * diffrence between no data and the zero length data.
124 * @return Returns an hx509 error code.
130 hx509_cms_unwrap_ContentInfo(const heim_octet_string
*in
,
132 heim_octet_string
*out
,
139 memset(oid
, 0, sizeof(*oid
));
140 memset(out
, 0, sizeof(*out
));
142 ret
= decode_ContentInfo(in
->data
, in
->length
, &ci
, &size
);
146 ret
= der_copy_oid(&ci
.contentType
, oid
);
148 free_ContentInfo(&ci
);
152 ret
= der_copy_octet_string(ci
.content
, out
);
155 free_ContentInfo(&ci
);
159 memset(out
, 0, sizeof(*out
));
162 *have_data
= (ci
.content
!= NULL
) ? 1 : 0;
164 free_ContentInfo(&ci
);
170 #define CMS_ID_NAME 1
173 fill_CMSIdentifier(const hx509_cert cert
,
181 id
->element
= choice_CMSIdentifier_subjectKeyIdentifier
;
182 ret
= _hx509_find_extension_subject_key_id(_hx509_get_cert(cert
),
183 &id
->u
.subjectKeyIdentifier
);
190 id
->element
= choice_CMSIdentifier_issuerAndSerialNumber
;
191 ret
= hx509_cert_get_issuer(cert
, &name
);
194 ret
= hx509_name_to_Name(name
, &id
->u
.issuerAndSerialNumber
.issuer
);
195 hx509_name_free(&name
);
199 ret
= hx509_cert_get_serialnumber(cert
, &id
->u
.issuerAndSerialNumber
.serialNumber
);
203 _hx509_abort("CMS fill identifier with unknown type");
209 unparse_CMSIdentifier(hx509_context context
,
216 switch (id
->element
) {
217 case choice_CMSIdentifier_issuerAndSerialNumber
: {
218 IssuerAndSerialNumber
*iasn
;
221 iasn
= &id
->u
.issuerAndSerialNumber
;
223 ret
= _hx509_Name_to_string(&iasn
->issuer
, &name
);
226 ret
= der_print_hex_heim_integer(&iasn
->serialNumber
, &serial
);
231 asprintf(str
, "certificate issued by %s with serial number %s",
237 case choice_CMSIdentifier_subjectKeyIdentifier
: {
238 KeyIdentifier
*ki
= &id
->u
.subjectKeyIdentifier
;
242 len
= hex_encode(ki
->data
, ki
->length
, &keyid
);
246 asprintf(str
, "certificate with id %s", keyid
);
251 asprintf(str
, "certificate have unknown CMSidentifier type");
260 find_CMSIdentifier(hx509_context context
,
261 CMSIdentifier
*client
,
263 hx509_cert
*signer_cert
,
271 memset(&c
, 0, sizeof(c
));
272 _hx509_query_clear(&q
);
276 switch (client
->element
) {
277 case choice_CMSIdentifier_issuerAndSerialNumber
:
278 q
.serial
= &client
->u
.issuerAndSerialNumber
.serialNumber
;
279 q
.issuer_name
= &client
->u
.issuerAndSerialNumber
.issuer
;
280 q
.match
= HX509_QUERY_MATCH_SERIALNUMBER
|HX509_QUERY_MATCH_ISSUER_NAME
;
282 case choice_CMSIdentifier_subjectKeyIdentifier
:
283 q
.subject_id
= &client
->u
.subjectKeyIdentifier
;
284 q
.match
= HX509_QUERY_MATCH_SUBJECT_KEY_ID
;
287 hx509_set_error_string(context
, 0, HX509_CMS_NO_RECIPIENT_CERTIFICATE
,
288 "unknown CMS identifier element");
289 return HX509_CMS_NO_RECIPIENT_CERTIFICATE
;
294 q
.match
|= HX509_QUERY_MATCH_TIME
;
295 q
.timenow
= time(NULL
);
297 ret
= hx509_certs_find(context
, certs
, &q
, &cert
);
298 if (ret
== HX509_CERT_NOT_FOUND
) {
301 ret
= unparse_CMSIdentifier(context
, client
, &str
);
303 hx509_set_error_string(context
, 0,
304 HX509_CMS_NO_RECIPIENT_CERTIFICATE
,
305 "Failed to find %s", str
);
307 hx509_clear_error_string(context
);
308 return HX509_CMS_NO_RECIPIENT_CERTIFICATE
;
310 hx509_set_error_string(context
, HX509_ERROR_APPEND
,
311 HX509_CMS_NO_RECIPIENT_CERTIFICATE
,
312 "Failed to find CMS id in cert store");
313 return HX509_CMS_NO_RECIPIENT_CERTIFICATE
;
322 * Decode and unencrypt EnvelopedData.
324 * Extract data and parameteres from from the EnvelopedData. Also
325 * supports using detached EnvelopedData.
327 * @param context A hx509 context.
328 * @param certs Certificate that can decrypt the EnvelopedData
330 * @param flags HX509_CMS_UE flags to control the behavior.
331 * @param data pointer the structure the contains the DER/BER encoded
332 * EnvelopedData stucture.
333 * @param length length of the data that data point to.
334 * @param encryptedContent in case of detached signature, this
335 * contains the actual encrypted data, othersize its should be NULL.
336 * @param contentType output type oid, should be freed with der_free_oid().
337 * @param content the data, free with der_free_octet_string().
343 hx509_cms_unenvelope(hx509_context context
,
348 const heim_octet_string
*encryptedContent
,
349 heim_oid
*contentType
,
350 heim_octet_string
*content
)
352 heim_octet_string key
;
355 AlgorithmIdentifier
*ai
;
356 const heim_octet_string
*enccontent
;
357 heim_octet_string
*params
, params_data
;
358 heim_octet_string ivec
;
360 int ret
, i
, matched
= 0, findflags
= 0;
363 memset(&key
, 0, sizeof(key
));
364 memset(&ed
, 0, sizeof(ed
));
365 memset(&ivec
, 0, sizeof(ivec
));
366 memset(content
, 0, sizeof(*content
));
367 memset(contentType
, 0, sizeof(*contentType
));
369 if ((flags
& HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT
) == 0)
370 findflags
|= HX509_QUERY_KU_ENCIPHERMENT
;
372 ret
= decode_EnvelopedData(data
, length
, &ed
, &size
);
374 hx509_set_error_string(context
, 0, ret
,
375 "Failed to decode EnvelopedData");
379 if (ed
.recipientInfos
.len
== 0) {
380 ret
= HX509_CMS_NO_RECIPIENT_CERTIFICATE
;
381 hx509_set_error_string(context
, 0, ret
,
382 "No recipient info in enveloped data");
386 enccontent
= ed
.encryptedContentInfo
.encryptedContent
;
387 if (enccontent
== NULL
) {
388 if (encryptedContent
== NULL
) {
389 ret
= HX509_CMS_NO_DATA_AVAILABLE
;
390 hx509_set_error_string(context
, 0, ret
,
391 "Content missing from encrypted data");
394 enccontent
= encryptedContent
;
395 } else if (encryptedContent
!= NULL
) {
396 ret
= HX509_CMS_NO_DATA_AVAILABLE
;
397 hx509_set_error_string(context
, 0, ret
,
398 "Both internal and external encrypted data");
403 for (i
= 0; i
< ed
.recipientInfos
.len
; i
++) {
404 KeyTransRecipientInfo
*ri
;
408 ri
= &ed
.recipientInfos
.val
[i
];
410 ret
= find_CMSIdentifier(context
, &ri
->rid
, certs
, &cert
,
411 HX509_QUERY_PRIVATE_KEY
|findflags
);
415 matched
= 1; /* found a matching certificate, let decrypt */
417 ret
= _hx509_cert_private_decrypt(context
,
419 &ri
->keyEncryptionAlgorithm
.algorithm
,
422 hx509_cert_free(cert
);
424 break; /* succuessfully decrypted cert */
426 ret2
= unparse_CMSIdentifier(context
, &ri
->rid
, &str
);
428 hx509_set_error_string(context
, HX509_ERROR_APPEND
, ret
,
429 "Failed to decrypt with %s", str
);
435 ret
= HX509_CMS_NO_RECIPIENT_CERTIFICATE
;
436 hx509_set_error_string(context
, 0, ret
,
437 "No private key matched any certificate");
442 ret
= HX509_CMS_NO_RECIPIENT_CERTIFICATE
;
443 hx509_set_error_string(context
, HX509_ERROR_APPEND
, ret
,
444 "No private key decrypted the transfer key");
448 ret
= der_copy_oid(&ed
.encryptedContentInfo
.contentType
, contentType
);
450 hx509_set_error_string(context
, 0, ret
,
451 "Failed to copy EnvelopedData content oid");
455 ai
= &ed
.encryptedContentInfo
.contentEncryptionAlgorithm
;
456 if (ai
->parameters
) {
457 params_data
.data
= ai
->parameters
->data
;
458 params_data
.length
= ai
->parameters
->length
;
459 params
= ¶ms_data
;
466 ret
= hx509_crypto_init(context
, NULL
, &ai
->algorithm
, &crypto
);
471 ret
= hx509_crypto_set_params(context
, crypto
, params
, &ivec
);
473 hx509_crypto_destroy(crypto
);
478 ret
= hx509_crypto_set_key_data(crypto
, key
.data
, key
.length
);
480 hx509_crypto_destroy(crypto
);
481 hx509_set_error_string(context
, 0, ret
,
482 "Failed to set key for decryption "
487 ret
= hx509_crypto_decrypt(crypto
,
490 ivec
.length
? &ivec
: NULL
,
492 hx509_crypto_destroy(crypto
);
494 hx509_set_error_string(context
, 0, ret
,
495 "Failed to decrypt EnvelopedData");
502 free_EnvelopedData(&ed
);
503 der_free_octet_string(&key
);
505 der_free_octet_string(&ivec
);
507 der_free_oid(contentType
);
508 der_free_octet_string(content
);
515 * Encrypt end encode EnvelopedData.
517 * Encrypt and encode EnvelopedData. The data is encrypted with a
518 * random key and the the random key is encrypted with the
519 * certificates private key. This limits what private key type can be
522 * @param context A hx509 context.
523 * @param flags flags to control the behavior, no flags today
524 * @param cert Certificate to encrypt the EnvelopedData encryption key
526 * @param data pointer the data to encrypt.
527 * @param length length of the data that data point to.
528 * @param encryption_type Encryption cipher to use for the bulk data,
529 * use NULL to get default.
530 * @param contentType type of the data that is encrypted
531 * @param content the output of the function,
532 * free with der_free_octet_string().
538 hx509_cms_envelope_1(hx509_context context
,
543 const heim_oid
*encryption_type
,
544 const heim_oid
*contentType
,
545 heim_octet_string
*content
)
547 KeyTransRecipientInfo
*ri
;
548 heim_octet_string ivec
;
549 heim_octet_string key
;
550 hx509_crypto crypto
= NULL
;
555 memset(&ivec
, 0, sizeof(ivec
));
556 memset(&key
, 0, sizeof(key
));
557 memset(&ed
, 0, sizeof(ed
));
558 memset(content
, 0, sizeof(*content
));
560 if (encryption_type
== NULL
)
561 encryption_type
= oid_id_aes_256_cbc();
563 ret
= _hx509_check_key_usage(context
, cert
, 1 << 2, TRUE
);
567 ret
= hx509_crypto_init(context
, NULL
, encryption_type
, &crypto
);
571 ret
= hx509_crypto_set_random_key(crypto
, &key
);
573 hx509_set_error_string(context
, 0, ret
,
574 "Create random key for EnvelopedData content");
578 ret
= hx509_crypto_random_iv(crypto
, &ivec
);
580 hx509_set_error_string(context
, 0, ret
,
581 "Failed to create a random iv");
585 ret
= hx509_crypto_encrypt(crypto
,
589 &ed
.encryptedContentInfo
.encryptedContent
);
591 hx509_set_error_string(context
, 0, ret
,
592 "Failed to encrypt EnvelopedData content");
597 AlgorithmIdentifier
*enc_alg
;
598 enc_alg
= &ed
.encryptedContentInfo
.contentEncryptionAlgorithm
;
599 ret
= der_copy_oid(encryption_type
, &enc_alg
->algorithm
);
601 hx509_set_error_string(context
, 0, ret
,
602 "Failed to set crypto oid "
603 "for EnvelopedData");
606 ALLOC(enc_alg
->parameters
, 1);
607 if (enc_alg
->parameters
== NULL
) {
609 hx509_set_error_string(context
, 0, ret
,
610 "Failed to allocate crypto paramaters "
611 "for EnvelopedData");
615 ret
= hx509_crypto_get_params(context
,
618 enc_alg
->parameters
);
624 ALLOC_SEQ(&ed
.recipientInfos
, 1);
625 if (ed
.recipientInfos
.val
== NULL
) {
627 hx509_set_error_string(context
, 0, ret
,
628 "Failed to allocate recipients info "
629 "for EnvelopedData");
633 ri
= &ed
.recipientInfos
.val
[0];
636 ret
= fill_CMSIdentifier(cert
, CMS_ID_SKI
, &ri
->rid
);
638 hx509_set_error_string(context
, 0, ret
,
639 "Failed to set CMS identifier info "
640 "for EnvelopedData");
644 ret
= _hx509_cert_public_encrypt(context
,
646 &ri
->keyEncryptionAlgorithm
.algorithm
,
649 hx509_set_error_string(context
, HX509_ERROR_APPEND
, ret
,
650 "Failed to encrypt transport key for "
660 ed
.originatorInfo
= NULL
;
662 ret
= der_copy_oid(contentType
, &ed
.encryptedContentInfo
.contentType
);
664 hx509_set_error_string(context
, 0, ret
,
665 "Failed to copy content oid for "
670 ed
.unprotectedAttrs
= NULL
;
672 ASN1_MALLOC_ENCODE(EnvelopedData
, content
->data
, content
->length
,
675 hx509_set_error_string(context
, 0, ret
,
676 "Failed to encode EnvelopedData");
679 if (size
!= content
->length
)
680 _hx509_abort("internal ASN.1 encoder error");
684 hx509_crypto_destroy(crypto
);
686 der_free_octet_string(content
);
687 der_free_octet_string(&key
);
688 der_free_octet_string(&ivec
);
689 free_EnvelopedData(&ed
);
695 any_to_certs(hx509_context context
, const SignedData
*sd
, hx509_certs certs
)
699 if (sd
->certificates
== NULL
)
702 for (i
= 0; i
< sd
->certificates
->len
; i
++) {
705 ret
= hx509_cert_init_data(context
,
706 sd
->certificates
->val
[i
].data
,
707 sd
->certificates
->val
[i
].length
,
711 ret
= hx509_certs_add(context
, certs
, c
);
720 static const Attribute
*
721 find_attribute(const CMSAttributes
*attr
, const heim_oid
*oid
)
724 for (i
= 0; i
< attr
->len
; i
++)
725 if (der_heim_oid_cmp(&attr
->val
[i
].type
, oid
) == 0)
726 return &attr
->val
[i
];
731 * Decode SignedData and verify that the signature is correct.
733 * @param context A hx509 context.
734 * @param ctx a hx509 version context
736 * @param length length of the data that data point to.
737 * @param signedContent
738 * @param pool certificate pool to build certificates paths.
739 * @param contentType free with der_free_oid()
740 * @param content the output of the function, free with
741 * der_free_octet_string().
742 * @param signer_certs list of the cerficates used to sign this
743 * request, free with hx509_certs_free().
749 hx509_cms_verify_signed(hx509_context context
,
750 hx509_verify_ctx ctx
,
753 const heim_octet_string
*signedContent
,
755 heim_oid
*contentType
,
756 heim_octet_string
*content
,
757 hx509_certs
*signer_certs
)
759 SignerInfo
*signer_info
;
760 hx509_cert cert
= NULL
;
761 hx509_certs certs
= NULL
;
764 int ret
, i
, found_valid_sig
;
766 *signer_certs
= NULL
;
767 content
->data
= NULL
;
769 contentType
->length
= 0;
770 contentType
->components
= NULL
;
772 memset(&sd
, 0, sizeof(sd
));
774 ret
= decode_SignedData(data
, length
, &sd
, &size
);
776 hx509_set_error_string(context
, 0, ret
,
777 "Failed to decode SignedData");
781 if (sd
.encapContentInfo
.eContent
== NULL
&& signedContent
== NULL
) {
782 ret
= HX509_CMS_NO_DATA_AVAILABLE
;
783 hx509_set_error_string(context
, 0, ret
,
784 "No content data in SignedData");
787 if (sd
.encapContentInfo
.eContent
&& signedContent
) {
788 ret
= HX509_CMS_NO_DATA_AVAILABLE
;
789 hx509_set_error_string(context
, 0, ret
,
790 "Both external and internal SignedData");
793 if (sd
.encapContentInfo
.eContent
)
794 signedContent
= sd
.encapContentInfo
.eContent
;
796 ret
= hx509_certs_init(context
, "MEMORY:cms-cert-buffer",
801 ret
= hx509_certs_init(context
, "MEMORY:cms-signer-certs",
802 0, NULL
, signer_certs
);
806 /* XXX Check CMS version */
808 ret
= any_to_certs(context
, &sd
, certs
);
813 ret
= hx509_certs_merge(context
, certs
, pool
);
818 for (found_valid_sig
= 0, i
= 0; i
< sd
.signerInfos
.len
; i
++) {
819 heim_octet_string
*signed_data
;
820 const heim_oid
*match_oid
;
823 signer_info
= &sd
.signerInfos
.val
[i
];
826 if (signer_info
->signature
.length
== 0) {
827 ret
= HX509_CMS_MISSING_SIGNER_DATA
;
828 hx509_set_error_string(context
, 0, ret
,
829 "SignerInfo %d in SignedData "
830 "missing sigature", i
);
834 ret
= find_CMSIdentifier(context
, &signer_info
->sid
, certs
, &cert
,
835 HX509_QUERY_KU_DIGITALSIGNATURE
);
839 if (signer_info
->signedAttrs
) {
840 const Attribute
*attr
;
843 heim_octet_string os
;
845 sa
.val
= signer_info
->signedAttrs
->val
;
846 sa
.len
= signer_info
->signedAttrs
->len
;
848 /* verify that sigature exists */
849 attr
= find_attribute(&sa
, oid_id_pkcs9_messageDigest());
851 ret
= HX509_CRYPTO_SIGNATURE_MISSING
;
852 hx509_set_error_string(context
, 0, ret
,
853 "SignerInfo have signed attributes "
854 "but messageDigest (signature) "
858 if (attr
->value
.len
!= 1) {
859 ret
= HX509_CRYPTO_SIGNATURE_MISSING
;
860 hx509_set_error_string(context
, 0, ret
,
861 "SignerInfo have more then one "
862 "messageDigest (signature)");
866 ret
= decode_MessageDigest(attr
->value
.val
[0].data
,
867 attr
->value
.val
[0].length
,
871 hx509_set_error_string(context
, 0, ret
,
873 "messageDigest (signature)");
877 ret
= _hx509_verify_signature(context
,
879 &signer_info
->digestAlgorithm
,
882 der_free_octet_string(&os
);
884 hx509_set_error_string(context
, HX509_ERROR_APPEND
, ret
,
885 "Failed to verify messageDigest");
890 * Fetch content oid inside signedAttrs or set it to
893 attr
= find_attribute(&sa
, oid_id_pkcs9_contentType());
895 match_oid
= oid_id_pkcs7_data();
897 if (attr
->value
.len
!= 1) {
898 ret
= HX509_CMS_DATA_OID_MISMATCH
;
899 hx509_set_error_string(context
, 0, ret
,
900 "More then one oid in signedAttrs");
904 ret
= decode_ContentType(attr
->value
.val
[0].data
,
905 attr
->value
.val
[0].length
,
909 hx509_set_error_string(context
, 0, ret
,
911 "oid in signedAttrs");
914 match_oid
= &decode_oid
;
917 ALLOC(signed_data
, 1);
918 if (signed_data
== NULL
) {
919 if (match_oid
== &decode_oid
)
920 der_free_oid(&decode_oid
);
922 hx509_clear_error_string(context
);
926 ASN1_MALLOC_ENCODE(CMSAttributes
,
932 if (match_oid
== &decode_oid
)
933 der_free_oid(&decode_oid
);
935 hx509_clear_error_string(context
);
938 if (size
!= signed_data
->length
)
939 _hx509_abort("internal ASN.1 encoder error");
942 signed_data
= rk_UNCONST(signedContent
);
943 match_oid
= oid_id_pkcs7_data();
946 if (der_heim_oid_cmp(match_oid
, &sd
.encapContentInfo
.eContentType
)) {
947 ret
= HX509_CMS_DATA_OID_MISMATCH
;
948 hx509_set_error_string(context
, 0, ret
,
949 "Oid in message mismatch from the expected");
951 if (match_oid
== &decode_oid
)
952 der_free_oid(&decode_oid
);
955 ret
= hx509_verify_signature(context
,
957 &signer_info
->signatureAlgorithm
,
959 &signer_info
->signature
);
961 hx509_set_error_string(context
, HX509_ERROR_APPEND
, ret
,
962 "Failed to verify sigature in "
965 if (signed_data
!= signedContent
) {
966 der_free_octet_string(signed_data
);
972 ret
= hx509_verify_path(context
, ctx
, cert
, certs
);
976 ret
= hx509_certs_add(context
, *signer_certs
, cert
);
984 hx509_cert_free(cert
);
987 if (found_valid_sig
== 0) {
989 ret
= HX509_CMS_SIGNER_NOT_FOUND
;
990 hx509_set_error_string(context
, 0, ret
,
991 "No signers where found");
996 ret
= der_copy_oid(&sd
.encapContentInfo
.eContentType
, contentType
);
998 hx509_clear_error_string(context
);
1002 content
->data
= malloc(signedContent
->length
);
1003 if (content
->data
== NULL
) {
1004 hx509_clear_error_string(context
);
1008 content
->length
= signedContent
->length
;
1009 memcpy(content
->data
, signedContent
->data
, content
->length
);
1012 free_SignedData(&sd
);
1014 hx509_certs_free(&certs
);
1017 hx509_certs_free(signer_certs
);
1018 der_free_oid(contentType
);
1019 der_free_octet_string(content
);
1026 add_one_attribute(Attribute
**attr
,
1028 const heim_oid
*oid
,
1029 heim_octet_string
*data
)
1034 d
= realloc(*attr
, sizeof((*attr
)[0]) * (*len
+ 1));
1039 ret
= der_copy_oid(oid
, &(*attr
)[*len
].type
);
1043 ALLOC_SEQ(&(*attr
)[*len
].value
, 1);
1044 if ((*attr
)[*len
].value
.val
== NULL
) {
1045 der_free_oid(&(*attr
)[*len
].type
);
1049 (*attr
)[*len
].value
.val
[0].data
= data
->data
;
1050 (*attr
)[*len
].value
.val
[0].length
= data
->length
;
1058 * Decode SignedData and verify that the signature is correct.
1060 * @param context A hx509 context.
1062 * @param eContentType the type of the data.
1063 * @param data data to sign
1064 * @param length length of the data that data point to.
1065 * @param digest_alg digest algorithm to use, use NULL to get the
1066 * default or the peer determined algorithm.
1067 * @param cert certificate to use for sign the data.
1068 * @param peer info about the peer the message to send the message to,
1069 * like what digest algorithm to use.
1070 * @param anchors trust anchors that the client will use, used to
1071 * polulate the certificates included in the message
1072 * @param pool certificates to use in try to build the path to the
1074 * @param signed_data the output of the function, free with
1075 * der_free_octet_string().
1077 * @ingroup hx509_cms
1081 hx509_cms_create_signed_1(hx509_context context
,
1083 const heim_oid
*eContentType
,
1084 const void *data
, size_t length
,
1085 const AlgorithmIdentifier
*digest_alg
,
1087 hx509_peer_info peer
,
1088 hx509_certs anchors
,
1090 heim_octet_string
*signed_data
)
1092 AlgorithmIdentifier digest
;
1094 SignerInfo
*signer_info
;
1095 heim_octet_string buf
, content
, sigdata
= { 0, NULL
};
1100 int cmsidflag
= CMS_ID_SKI
;
1102 memset(&sd
, 0, sizeof(sd
));
1103 memset(&name
, 0, sizeof(name
));
1104 memset(&path
, 0, sizeof(path
));
1105 memset(&digest
, 0, sizeof(digest
));
1107 content
.data
= rk_UNCONST(data
);
1108 content
.length
= length
;
1110 if (flags
& HX509_CMS_SIGATURE_ID_NAME
)
1111 cmsidflag
= CMS_ID_NAME
;
1113 if (_hx509_cert_private_key(cert
) == NULL
) {
1114 hx509_set_error_string(context
, 0, HX509_PRIVATE_KEY_MISSING
,
1115 "Private key missing for signing");
1116 return HX509_PRIVATE_KEY_MISSING
;
1119 if (digest_alg
== NULL
) {
1120 ret
= hx509_crypto_select(context
, HX509_SELECT_DIGEST
,
1121 _hx509_cert_private_key(cert
), peer
, &digest
);
1123 ret
= copy_AlgorithmIdentifier(digest_alg
, &digest
);
1125 hx509_clear_error_string(context
);
1130 sd
.version
= CMSVersion_v3
;
1132 if (eContentType
== NULL
)
1133 eContentType
= oid_id_pkcs7_data();
1135 der_copy_oid(eContentType
, &sd
.encapContentInfo
.eContentType
);
1138 if ((flags
& HX509_CMS_SIGATURE_DETACHED
) == 0) {
1139 ALLOC(sd
.encapContentInfo
.eContent
, 1);
1140 if (sd
.encapContentInfo
.eContent
== NULL
) {
1141 hx509_clear_error_string(context
);
1146 sd
.encapContentInfo
.eContent
->data
= malloc(length
);
1147 if (sd
.encapContentInfo
.eContent
->data
== NULL
) {
1148 hx509_clear_error_string(context
);
1152 memcpy(sd
.encapContentInfo
.eContent
->data
, data
, length
);
1153 sd
.encapContentInfo
.eContent
->length
= length
;
1156 ALLOC_SEQ(&sd
.signerInfos
, 1);
1157 if (sd
.signerInfos
.val
== NULL
) {
1158 hx509_clear_error_string(context
);
1163 signer_info
= &sd
.signerInfos
.val
[0];
1165 signer_info
->version
= 1;
1167 ret
= fill_CMSIdentifier(cert
, cmsidflag
, &signer_info
->sid
);
1169 hx509_clear_error_string(context
);
1173 signer_info
->signedAttrs
= NULL
;
1174 signer_info
->unsignedAttrs
= NULL
;
1177 ret
= copy_AlgorithmIdentifier(&digest
, &signer_info
->digestAlgorithm
);
1179 hx509_clear_error_string(context
);
1184 * If it isn't pkcs7-data send signedAttributes
1187 if (der_heim_oid_cmp(eContentType
, oid_id_pkcs7_data()) != 0) {
1189 heim_octet_string sig
;
1191 ALLOC(signer_info
->signedAttrs
, 1);
1192 if (signer_info
->signedAttrs
== NULL
) {
1197 ret
= _hx509_create_signature(context
,
1206 ASN1_MALLOC_ENCODE(MessageDigest
,
1212 der_free_octet_string(&sig
);
1214 hx509_clear_error_string(context
);
1217 if (size
!= buf
.length
)
1218 _hx509_abort("internal ASN.1 encoder error");
1220 ret
= add_one_attribute(&signer_info
->signedAttrs
->val
,
1221 &signer_info
->signedAttrs
->len
,
1222 oid_id_pkcs9_messageDigest(),
1225 hx509_clear_error_string(context
);
1230 ASN1_MALLOC_ENCODE(ContentType
,
1238 if (size
!= buf
.length
)
1239 _hx509_abort("internal ASN.1 encoder error");
1241 ret
= add_one_attribute(&signer_info
->signedAttrs
->val
,
1242 &signer_info
->signedAttrs
->len
,
1243 oid_id_pkcs9_contentType(),
1246 hx509_clear_error_string(context
);
1250 sa
.val
= signer_info
->signedAttrs
->val
;
1251 sa
.len
= signer_info
->signedAttrs
->len
;
1253 ASN1_MALLOC_ENCODE(CMSAttributes
,
1260 hx509_clear_error_string(context
);
1263 if (size
!= sigdata
.length
)
1264 _hx509_abort("internal ASN.1 encoder error");
1266 sigdata
.data
= content
.data
;
1267 sigdata
.length
= content
.length
;
1272 AlgorithmIdentifier sigalg
;
1274 ret
= hx509_crypto_select(context
, HX509_SELECT_PUBLIC_SIG
,
1275 _hx509_cert_private_key(cert
), peer
,
1280 ret
= _hx509_create_signature(context
,
1281 _hx509_cert_private_key(cert
),
1284 &signer_info
->signatureAlgorithm
,
1285 &signer_info
->signature
);
1286 free_AlgorithmIdentifier(&sigalg
);
1291 ALLOC_SEQ(&sd
.digestAlgorithms
, 1);
1292 if (sd
.digestAlgorithms
.val
== NULL
) {
1294 hx509_clear_error_string(context
);
1298 ret
= copy_AlgorithmIdentifier(&digest
, &sd
.digestAlgorithms
.val
[0]);
1300 hx509_clear_error_string(context
);
1305 * Provide best effort path
1308 _hx509_calculate_path(context
,
1309 HX509_CALCULATE_PATH_NO_ANCHOR
,
1317 _hx509_path_append(context
, &path
, cert
);
1323 ALLOC(sd
.certificates
, 1);
1324 if (sd
.certificates
== NULL
) {
1325 hx509_clear_error_string(context
);
1329 ALLOC_SEQ(sd
.certificates
, path
.len
);
1330 if (sd
.certificates
->val
== NULL
) {
1331 hx509_clear_error_string(context
);
1336 for (i
= 0; i
< path
.len
; i
++) {
1337 ret
= hx509_cert_binary(context
, path
.val
[i
],
1338 &sd
.certificates
->val
[i
]);
1340 hx509_clear_error_string(context
);
1346 ASN1_MALLOC_ENCODE(SignedData
,
1347 signed_data
->data
, signed_data
->length
,
1350 hx509_clear_error_string(context
);
1353 if (signed_data
->length
!= size
)
1354 _hx509_abort("internal ASN.1 encoder error");
1357 if (sigdata
.data
!= content
.data
)
1358 der_free_octet_string(&sigdata
);
1359 free_AlgorithmIdentifier(&digest
);
1360 _hx509_path_free(&path
);
1361 free_SignedData(&sd
);
1367 hx509_cms_decrypt_encrypted(hx509_context context
,
1371 heim_oid
*contentType
,
1372 heim_octet_string
*content
)
1374 heim_octet_string cont
;
1375 CMSEncryptedData ed
;
1376 AlgorithmIdentifier
*ai
;
1379 memset(content
, 0, sizeof(*content
));
1380 memset(&cont
, 0, sizeof(cont
));
1382 ret
= decode_CMSEncryptedData(data
, length
, &ed
, NULL
);
1384 hx509_set_error_string(context
, 0, ret
,
1385 "Failed to decode CMSEncryptedData");
1389 if (ed
.encryptedContentInfo
.encryptedContent
== NULL
) {
1390 ret
= HX509_CMS_NO_DATA_AVAILABLE
;
1391 hx509_set_error_string(context
, 0, ret
,
1392 "No content in EncryptedData");
1396 ret
= der_copy_oid(&ed
.encryptedContentInfo
.contentType
, contentType
);
1398 hx509_clear_error_string(context
);
1402 ai
= &ed
.encryptedContentInfo
.contentEncryptionAlgorithm
;
1403 if (ai
->parameters
== NULL
) {
1404 ret
= HX509_ALG_NOT_SUPP
;
1405 hx509_clear_error_string(context
);
1409 ret
= _hx509_pbe_decrypt(context
,
1412 ed
.encryptedContentInfo
.encryptedContent
,
1424 free_CMSEncryptedData(&ed
);