1 /*-
2 * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright Nokia 2007-2018
4 * Copyright Siemens AG 2015-2019
5 *
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 *
11 * CRMF implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb.
12 */
13
14 /*
15 * This file contains the functions that handle the individual items inside
16 * the CRMF structures
17 */
18
19 /*
20 * NAMING
21 *
22 * The 0 functions use the supplied structure pointer directly in the parent and
23 * it will be freed up when the parent is freed.
24 *
25 * The 1 functions use a copy of the supplied structure pointer (or in some
26 * cases increases its link count) in the parent and so both should be freed up.
27 */
28
29 #include <openssl/asn1t.h>
30
31 #include "crmf_local.h"
32 #include "internal/constant_time.h"
33 #include "internal/sizes.h"
34 #include "crypto/evp.h"
35 #include "crypto/x509.h"
36
37 /* explicit #includes not strictly needed since implied by the above: */
38 #include <openssl/crmf.h>
39 #include <openssl/err.h>
40 #include <openssl/evp.h>
41 #include <openssl/cms.h>
42
43 /*-
44 * atyp = Attribute Type
45 * valt = Value Type
46 * ctrlinf = "regCtrl" or "regInfo"
47 */
48 #define IMPLEMENT_CRMF_CTRL_FUNC(atyp, valt, ctrlinf) \
49 valt *OSSL_CRMF_MSG_get0_##ctrlinf##_##atyp(const OSSL_CRMF_MSG *msg) \
50 { \
51 int i; \
52 STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *controls; \
53 OSSL_CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL; \
54 \
55 if (msg == NULL || msg->certReq == NULL) \
56 return NULL; \
57 controls = msg->certReq->controls; \
58 for (i = 0; i < sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_num(controls); i++) { \
59 atav = sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_value(controls, i); \
60 if (OBJ_obj2nid(atav->type) == NID_id_##ctrlinf##_##atyp) \
61 return atav->value.atyp; \
62 } \
63 return NULL; \
64 } \
65 \
66 int OSSL_CRMF_MSG_set1_##ctrlinf##_##atyp(OSSL_CRMF_MSG *msg, const valt *in) \
67 { \
68 OSSL_CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL; \
69 \
70 if (msg == NULL || in == NULL) \
71 goto err; \
72 if ((atav = OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new()) == NULL) \
73 goto err; \
74 if ((atav->type = OBJ_nid2obj(NID_id_##ctrlinf##_##atyp)) == NULL) \
75 goto err; \
76 if ((atav->value.atyp = valt##_dup(in)) == NULL) \
77 goto err; \
78 if (!OSSL_CRMF_MSG_push0_##ctrlinf(msg, atav)) \
79 goto err; \
80 return 1; \
81 err: \
82 OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(atav); \
83 return 0; \
84 }
85
86 /*-
87 * Pushes the given control attribute into the controls stack of a CertRequest
88 * (section 6)
89 * returns 1 on success, 0 on error
90 */
OSSL_CRMF_MSG_push0_regCtrl(OSSL_CRMF_MSG * crm,OSSL_CRMF_ATTRIBUTETYPEANDVALUE * ctrl)91 static int OSSL_CRMF_MSG_push0_regCtrl(OSSL_CRMF_MSG *crm,
92 OSSL_CRMF_ATTRIBUTETYPEANDVALUE *ctrl)
93 {
94 int new = 0;
95
96 if (crm == NULL || crm->certReq == NULL || ctrl == NULL) {
97 ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
98 return 0;
99 }
100
101 if (crm->certReq->controls == NULL) {
102 crm->certReq->controls = sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new_null();
103 if (crm->certReq->controls == NULL)
104 goto err;
105 new = 1;
106 }
107 if (!sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_push(crm->certReq->controls, ctrl))
108 goto err;
109
110 return 1;
111 err:
112 if (new != 0) {
113 sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(crm->certReq->controls);
114 crm->certReq->controls = NULL;
115 }
116 return 0;
117 }
118
119 /* id-regCtrl-regToken Control (section 6.1) */
IMPLEMENT_CRMF_CTRL_FUNC(regToken,ASN1_STRING,regCtrl)120 IMPLEMENT_CRMF_CTRL_FUNC(regToken, ASN1_STRING, regCtrl)
121
122 /* id-regCtrl-authenticator Control (section 6.2) */
123 #define ASN1_UTF8STRING_dup ASN1_STRING_dup
124 IMPLEMENT_CRMF_CTRL_FUNC(authenticator, ASN1_UTF8STRING, regCtrl)
125
126 int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi,
127 int method, GENERAL_NAME *nm)
128 {
129 if (spi == NULL
130 || method < OSSL_CRMF_PUB_METHOD_DONTCARE
131 || method > OSSL_CRMF_PUB_METHOD_LDAP) {
132 ERR_raise(ERR_LIB_CRMF, ERR_R_PASSED_INVALID_ARGUMENT);
133 return 0;
134 }
135
136 if (!ASN1_INTEGER_set(spi->pubMethod, method))
137 return 0;
138 GENERAL_NAME_free(spi->pubLocation);
139 spi->pubLocation = nm;
140 return 1;
141 }
142
143 int
OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO * pi,OSSL_CRMF_SINGLEPUBINFO * spi)144 OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
145 OSSL_CRMF_SINGLEPUBINFO *spi)
146 {
147 if (pi == NULL || spi == NULL) {
148 ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
149 return 0;
150 }
151 if (pi->pubInfos == NULL)
152 pi->pubInfos = sk_OSSL_CRMF_SINGLEPUBINFO_new_null();
153 if (pi->pubInfos == NULL)
154 return 0;
155
156 return sk_OSSL_CRMF_SINGLEPUBINFO_push(pi->pubInfos, spi);
157 }
158
OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO * pi,int action)159 int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
160 int action)
161 {
162 if (pi == NULL
163 || action < OSSL_CRMF_PUB_ACTION_DONTPUBLISH
164 || action > OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH) {
165 ERR_raise(ERR_LIB_CRMF, ERR_R_PASSED_INVALID_ARGUMENT);
166 return 0;
167 }
168
169 return ASN1_INTEGER_set(pi->action, action);
170 }
171
172 /* id-regCtrl-pkiPublicationInfo Control (section 6.3) */
IMPLEMENT_CRMF_CTRL_FUNC(pkiPublicationInfo,OSSL_CRMF_PKIPUBLICATIONINFO,regCtrl)173 IMPLEMENT_CRMF_CTRL_FUNC(pkiPublicationInfo, OSSL_CRMF_PKIPUBLICATIONINFO,
174 regCtrl)
175
176 /* id-regCtrl-oldCertID Control (section 6.5) from the given */
177 IMPLEMENT_CRMF_CTRL_FUNC(oldCertID, OSSL_CRMF_CERTID, regCtrl)
178
179 OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer,
180 const ASN1_INTEGER *serial)
181 {
182 OSSL_CRMF_CERTID *cid = NULL;
183
184 if (issuer == NULL || serial == NULL) {
185 ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
186 return NULL;
187 }
188
189 if ((cid = OSSL_CRMF_CERTID_new()) == NULL)
190 goto err;
191
192 if (!X509_NAME_set(&cid->issuer->d.directoryName, issuer))
193 goto err;
194 cid->issuer->type = GEN_DIRNAME;
195
196 ASN1_INTEGER_free(cid->serialNumber);
197 if ((cid->serialNumber = ASN1_INTEGER_dup(serial)) == NULL)
198 goto err;
199
200 return cid;
201
202 err:
203 OSSL_CRMF_CERTID_free(cid);
204 return NULL;
205 }
206
207 /*
208 * id-regCtrl-protocolEncrKey Control (section 6.6)
209 */
IMPLEMENT_CRMF_CTRL_FUNC(protocolEncrKey,X509_PUBKEY,regCtrl)210 IMPLEMENT_CRMF_CTRL_FUNC(protocolEncrKey, X509_PUBKEY, regCtrl)
211
212 /*-
213 * Pushes the attribute given in regInfo in to the CertReqMsg->regInfo stack.
214 * (section 7)
215 * returns 1 on success, 0 on error
216 */
217 static int OSSL_CRMF_MSG_push0_regInfo(OSSL_CRMF_MSG *crm,
218 OSSL_CRMF_ATTRIBUTETYPEANDVALUE *ri)
219 {
220 STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *info = NULL;
221
222 if (crm == NULL || ri == NULL) {
223 ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
224 return 0;
225 }
226
227 if (crm->regInfo == NULL)
228 crm->regInfo = info = sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new_null();
229 if (crm->regInfo == NULL)
230 goto err;
231 if (!sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_push(crm->regInfo, ri))
232 goto err;
233 return 1;
234
235 err:
236 if (info != NULL)
237 crm->regInfo = NULL;
238 sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(info);
239 return 0;
240 }
241
242 /* id-regInfo-utf8Pairs to regInfo (section 7.1) */
IMPLEMENT_CRMF_CTRL_FUNC(utf8Pairs,ASN1_UTF8STRING,regInfo)243 IMPLEMENT_CRMF_CTRL_FUNC(utf8Pairs, ASN1_UTF8STRING, regInfo)
244
245 /* id-regInfo-certReq to regInfo (section 7.2) */
246 IMPLEMENT_CRMF_CTRL_FUNC(certReq, OSSL_CRMF_CERTREQUEST, regInfo)
247
248 /* retrieves the certificate template of crm */
249 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm)
250 {
251 if (crm == NULL || crm->certReq == NULL) {
252 ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
253 return NULL;
254 }
255 return crm->certReq->certTemplate;
256 }
257
OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG * crm,ASN1_TIME * notBefore,ASN1_TIME * notAfter)258 int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm,
259 ASN1_TIME *notBefore, ASN1_TIME *notAfter)
260 {
261 OSSL_CRMF_OPTIONALVALIDITY *vld;
262 OSSL_CRMF_CERTTEMPLATE *tmpl = OSSL_CRMF_MSG_get0_tmpl(crm);
263
264 if (tmpl == NULL) { /* also crm == NULL implies this */
265 ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
266 return 0;
267 }
268
269 if ((vld = OSSL_CRMF_OPTIONALVALIDITY_new()) == NULL)
270 return 0;
271 vld->notBefore = notBefore;
272 vld->notAfter = notAfter;
273 tmpl->validity = vld;
274 return 1;
275 }
276
OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG * crm,int rid)277 int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid)
278 {
279 if (crm == NULL || crm->certReq == NULL || crm->certReq->certReqId == NULL) {
280 ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
281 return 0;
282 }
283
284 return ASN1_INTEGER_set(crm->certReq->certReqId, rid);
285 }
286
287 /* get ASN.1 encoded integer, return -1 on error */
crmf_asn1_get_int(const ASN1_INTEGER * a)288 static int crmf_asn1_get_int(const ASN1_INTEGER *a)
289 {
290 int64_t res;
291
292 if (!ASN1_INTEGER_get_int64(&res, a)) {
293 ERR_raise(ERR_LIB_CRMF, ASN1_R_INVALID_NUMBER);
294 return -1;
295 }
296 if (res < INT_MIN) {
297 ERR_raise(ERR_LIB_CRMF, ASN1_R_TOO_SMALL);
298 return -1;
299 }
300 if (res > INT_MAX) {
301 ERR_raise(ERR_LIB_CRMF, ASN1_R_TOO_LARGE);
302 return -1;
303 }
304 return (int)res;
305 }
306
OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG * crm)307 int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm)
308 {
309 if (crm == NULL || /* not really needed: */ crm->certReq == NULL) {
310 ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
311 return -1;
312 }
313 return crmf_asn1_get_int(crm->certReq->certReqId);
314 }
315
OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG * crm,X509_EXTENSIONS * exts)316 int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm,
317 X509_EXTENSIONS *exts)
318 {
319 OSSL_CRMF_CERTTEMPLATE *tmpl = OSSL_CRMF_MSG_get0_tmpl(crm);
320
321 if (tmpl == NULL) { /* also crm == NULL implies this */
322 ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
323 return 0;
324 }
325
326 if (sk_X509_EXTENSION_num(exts) == 0) {
327 sk_X509_EXTENSION_free(exts);
328 exts = NULL; /* do not include empty extensions list */
329 }
330
331 sk_X509_EXTENSION_pop_free(tmpl->extensions, X509_EXTENSION_free);
332 tmpl->extensions = exts;
333 return 1;
334 }
335
OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG * crm,X509_EXTENSION * ext)336 int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm,
337 X509_EXTENSION *ext)
338 {
339 int new = 0;
340 OSSL_CRMF_CERTTEMPLATE *tmpl = OSSL_CRMF_MSG_get0_tmpl(crm);
341
342 if (tmpl == NULL || ext == NULL) { /* also crm == NULL implies this */
343 ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
344 return 0;
345 }
346
347 if (tmpl->extensions == NULL) {
348 if ((tmpl->extensions = sk_X509_EXTENSION_new_null()) == NULL)
349 goto err;
350 new = 1;
351 }
352
353 if (!sk_X509_EXTENSION_push(tmpl->extensions, ext))
354 goto err;
355 return 1;
356 err:
357 if (new != 0) {
358 sk_X509_EXTENSION_free(tmpl->extensions);
359 tmpl->extensions = NULL;
360 }
361 return 0;
362 }
363
create_popo_signature(OSSL_CRMF_POPOSIGNINGKEY * ps,const OSSL_CRMF_CERTREQUEST * cr,EVP_PKEY * pkey,const EVP_MD * digest,OSSL_LIB_CTX * libctx,const char * propq)364 static int create_popo_signature(OSSL_CRMF_POPOSIGNINGKEY *ps,
365 const OSSL_CRMF_CERTREQUEST *cr,
366 EVP_PKEY *pkey, const EVP_MD *digest,
367 OSSL_LIB_CTX *libctx, const char *propq)
368 {
369 char name[80] = "";
370 EVP_PKEY *pub;
371
372 if (ps == NULL || cr == NULL || pkey == NULL) {
373 ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
374 return 0;
375 }
376 pub = X509_PUBKEY_get0(cr->certTemplate->publicKey);
377 if (!ossl_x509_check_private_key(pub, pkey))
378 return 0;
379
380 if (ps->poposkInput != NULL) {
381 /* We do not support cases 1+2 defined in RFC 4211, section 4.1 */
382 ERR_raise(ERR_LIB_CRMF, CRMF_R_POPOSKINPUT_NOT_SUPPORTED);
383 return 0;
384 }
385
386 if (EVP_PKEY_get_default_digest_name(pkey, name, sizeof(name)) > 0
387 && strcmp(name, "UNDEF") == 0) /* at least for Ed25519, Ed448 */
388 digest = NULL;
389
390 return ASN1_item_sign_ex(ASN1_ITEM_rptr(OSSL_CRMF_CERTREQUEST),
391 ps->algorithmIdentifier, /* sets this X509_ALGOR */
392 NULL, ps->signature, /* sets the ASN1_BIT_STRING */
393 cr, NULL, pkey, digest, libctx, propq);
394 }
395
OSSL_CRMF_MSG_create_popo(int meth,OSSL_CRMF_MSG * crm,EVP_PKEY * pkey,const EVP_MD * digest,OSSL_LIB_CTX * libctx,const char * propq)396 int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm,
397 EVP_PKEY *pkey, const EVP_MD *digest,
398 OSSL_LIB_CTX *libctx, const char *propq)
399 {
400 OSSL_CRMF_POPO *pp = NULL;
401 ASN1_INTEGER *tag = NULL;
402
403 if (crm == NULL || (meth == OSSL_CRMF_POPO_SIGNATURE && pkey == NULL)) {
404 ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
405 return 0;
406 }
407
408 if (meth == OSSL_CRMF_POPO_NONE)
409 goto end;
410 if ((pp = OSSL_CRMF_POPO_new()) == NULL)
411 goto err;
412 pp->type = meth;
413
414 switch (meth) {
415 case OSSL_CRMF_POPO_RAVERIFIED:
416 if ((pp->value.raVerified = ASN1_NULL_new()) == NULL)
417 goto err;
418 break;
419
420 case OSSL_CRMF_POPO_SIGNATURE:
421 {
422 OSSL_CRMF_POPOSIGNINGKEY *ps = OSSL_CRMF_POPOSIGNINGKEY_new();
423
424 if (ps == NULL)
425 goto err;
426 if (!create_popo_signature(ps, crm->certReq, pkey, digest,
427 libctx, propq)) {
428 OSSL_CRMF_POPOSIGNINGKEY_free(ps);
429 goto err;
430 }
431 pp->value.signature = ps;
432 }
433 break;
434
435 case OSSL_CRMF_POPO_KEYENC:
436 if ((pp->value.keyEncipherment = OSSL_CRMF_POPOPRIVKEY_new()) == NULL)
437 goto err;
438 tag = ASN1_INTEGER_new();
439 pp->value.keyEncipherment->type =
440 OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE;
441 pp->value.keyEncipherment->value.subsequentMessage = tag;
442 if (tag == NULL
443 || !ASN1_INTEGER_set(tag, OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT))
444 goto err;
445 break;
446
447 default:
448 ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO);
449 goto err;
450 }
451
452 end:
453 OSSL_CRMF_POPO_free(crm->popo);
454 crm->popo = pp;
455
456 return 1;
457 err:
458 OSSL_CRMF_POPO_free(pp);
459 return 0;
460 }
461
462 /* verifies the Proof-of-Possession of the request with the given rid in reqs */
OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS * reqs,int rid,int acceptRAVerified,OSSL_LIB_CTX * libctx,const char * propq)463 int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
464 int rid, int acceptRAVerified,
465 OSSL_LIB_CTX *libctx, const char *propq)
466 {
467 OSSL_CRMF_MSG *req = NULL;
468 X509_PUBKEY *pubkey = NULL;
469 OSSL_CRMF_POPOSIGNINGKEY *sig = NULL;
470 const ASN1_ITEM *it;
471 void *asn;
472
473 if (reqs == NULL || (req = sk_OSSL_CRMF_MSG_value(reqs, rid)) == NULL) {
474 ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
475 return 0;
476 }
477
478 if (req->popo == NULL) {
479 ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_MISSING);
480 return 0;
481 }
482
483 switch (req->popo->type) {
484 case OSSL_CRMF_POPO_RAVERIFIED:
485 if (!acceptRAVerified) {
486 ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_RAVERIFIED_NOT_ACCEPTED);
487 return 0;
488 }
489 break;
490 case OSSL_CRMF_POPO_SIGNATURE:
491 pubkey = req->certReq->certTemplate->publicKey;
492 if (pubkey == NULL) {
493 ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_MISSING_PUBLIC_KEY);
494 return 0;
495 }
496 sig = req->popo->value.signature;
497 if (sig->poposkInput != NULL) {
498 /*
499 * According to RFC 4211: publicKey contains a copy of
500 * the public key from the certificate template. This MUST be
501 * exactly the same value as contained in the certificate template.
502 */
503 if (sig->poposkInput->publicKey == NULL) {
504 ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_MISSING_PUBLIC_KEY);
505 return 0;
506 }
507 if (X509_PUBKEY_eq(pubkey, sig->poposkInput->publicKey) != 1) {
508 ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY);
509 return 0;
510 }
511
512 /*
513 * Should check at this point the contents of the authInfo sub-field
514 * as requested in FR #19807 according to RFC 4211 section 4.1.
515 */
516
517 it = ASN1_ITEM_rptr(OSSL_CRMF_POPOSIGNINGKEYINPUT);
518 asn = sig->poposkInput;
519 } else {
520 if (req->certReq->certTemplate->subject == NULL) {
521 ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_MISSING_SUBJECT);
522 return 0;
523 }
524 it = ASN1_ITEM_rptr(OSSL_CRMF_CERTREQUEST);
525 asn = req->certReq;
526 }
527 if (ASN1_item_verify_ex(it, sig->algorithmIdentifier, sig->signature,
528 asn, NULL, X509_PUBKEY_get0(pubkey), libctx,
529 propq) < 1)
530 return 0;
531 break;
532 case OSSL_CRMF_POPO_KEYENC:
533 /*
534 * When OSSL_CMP_certrep_new() supports encrypted certs,
535 * should return 1 if the type of req->popo->value.keyEncipherment
536 * is OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE and
537 * its value.subsequentMessage == OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT
538 */
539 case OSSL_CRMF_POPO_KEYAGREE:
540 default:
541 ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_POPO_METHOD);
542 return 0;
543 }
544 return 1;
545 }
546
OSSL_CRMF_MSG_centralkeygen_requested(const OSSL_CRMF_MSG * crm,const X509_REQ * p10cr)547 int OSSL_CRMF_MSG_centralkeygen_requested(const OSSL_CRMF_MSG *crm, const X509_REQ *p10cr)
548 {
549 X509_PUBKEY *pubkey = NULL;
550 const unsigned char *pk = NULL;
551 int pklen, ret = 0;
552
553 if (crm == NULL && p10cr == NULL) {
554 ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
555 return -1;
556 }
557
558 if (crm != NULL)
559 pubkey = OSSL_CRMF_CERTTEMPLATE_get0_publicKey(OSSL_CRMF_MSG_get0_tmpl(crm));
560 else
561 pubkey = p10cr->req_info.pubkey;
562
563 if (pubkey == NULL
564 || (X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey)
565 && pklen == 0))
566 ret = 1;
567
568 /*
569 * In case of CRMF, POPO MUST be absent if central key generation
570 * is requested, otherwise MUST be present
571 */
572 if (crm != NULL && ret != (crm->popo == NULL)) {
573 ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_INCONSISTENT_CENTRAL_KEYGEN);
574 return -2;
575 }
576 return ret;
577 }
578
579 X509_PUBKEY
OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE * tmpl)580 *OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl)
581 {
582 return tmpl != NULL ? tmpl->publicKey : NULL;
583 }
584
585 const ASN1_INTEGER
OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE * tmpl)586 *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl)
587 {
588 return tmpl != NULL ? tmpl->serialNumber : NULL;
589 }
590
591 const X509_NAME
OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE * tmpl)592 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl)
593 {
594 return tmpl != NULL ? tmpl->subject : NULL;
595 }
596
597 const X509_NAME
OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE * tmpl)598 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl)
599 {
600 return tmpl != NULL ? tmpl->issuer : NULL;
601 }
602
603 X509_EXTENSIONS
OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE * tmpl)604 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl)
605 {
606 return tmpl != NULL ? tmpl->extensions : NULL;
607 }
608
OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID * cid)609 const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid)
610 {
611 return cid != NULL && cid->issuer->type == GEN_DIRNAME ?
612 cid->issuer->d.directoryName : NULL;
613 }
614
OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID * cid)615 const ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID
616 *cid)
617 {
618 return cid != NULL ? cid->serialNumber : NULL;
619 }
620
621 /*-
622 * Fill in the certificate template |tmpl|.
623 * Any other NULL argument will leave the respective field unchanged.
624 */
OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE * tmpl,EVP_PKEY * pubkey,const X509_NAME * subject,const X509_NAME * issuer,const ASN1_INTEGER * serial)625 int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl,
626 EVP_PKEY *pubkey,
627 const X509_NAME *subject,
628 const X509_NAME *issuer,
629 const ASN1_INTEGER *serial)
630 {
631 if (tmpl == NULL) {
632 ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
633 return 0;
634 }
635 if (subject != NULL && !X509_NAME_set((X509_NAME **)&tmpl->subject, subject))
636 return 0;
637 if (issuer != NULL && !X509_NAME_set((X509_NAME **)&tmpl->issuer, issuer))
638 return 0;
639 if (serial != NULL) {
640 ASN1_INTEGER_free(tmpl->serialNumber);
641 if ((tmpl->serialNumber = ASN1_INTEGER_dup(serial)) == NULL)
642 return 0;
643 }
644 if (pubkey != NULL && !X509_PUBKEY_set(&tmpl->publicKey, pubkey))
645 return 0;
646 return 1;
647 }
648
649 #ifndef OPENSSL_NO_CMS
DECLARE_ASN1_ITEM(CMS_SignedData)650 DECLARE_ASN1_ITEM(CMS_SignedData) /* copied from cms_local.h */
651
652 /* check for KGA authorization implied by CA flag or by explicit EKU cmKGA */
653 static int check_cmKGA(ossl_unused const X509_PURPOSE *purpose, const X509 *x, int ca)
654 {
655 STACK_OF(ASN1_OBJECT) *ekus;
656 int i, ret = 1;
657
658 if (ca)
659 return ret;
660 ekus = X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL);
661 for (i = 0; i < sk_ASN1_OBJECT_num(ekus); i++) {
662 if (OBJ_obj2nid(sk_ASN1_OBJECT_value(ekus, i)) == NID_cmKGA)
663 goto end;
664 }
665 ret = 0;
666
667 end:
668 sk_ASN1_OBJECT_pop_free(ekus, ASN1_OBJECT_free);
669 return ret;
670 }
671 #endif /* OPENSSL_NO_CMS */
672
OSSL_CRMF_ENCRYPTEDKEY_get1_pkey(const OSSL_CRMF_ENCRYPTEDKEY * encryptedKey,X509_STORE * ts,STACK_OF (X509)* extra,EVP_PKEY * pkey,X509 * cert,ASN1_OCTET_STRING * secret,OSSL_LIB_CTX * libctx,const char * propq)673 EVP_PKEY *OSSL_CRMF_ENCRYPTEDKEY_get1_pkey(const OSSL_CRMF_ENCRYPTEDKEY *encryptedKey,
674 X509_STORE *ts, STACK_OF(X509) *extra, EVP_PKEY *pkey,
675 X509 *cert, ASN1_OCTET_STRING *secret,
676 OSSL_LIB_CTX *libctx, const char *propq)
677 {
678 #ifndef OPENSSL_NO_CMS
679 BIO *bio = NULL;
680 CMS_SignedData *sd = NULL;
681 BIO *pkey_bio = NULL;
682 int purpose_id, bak_purpose_id;
683 X509_VERIFY_PARAM *vpm;
684 #endif
685 EVP_PKEY *ret = NULL;
686
687 if (encryptedKey == NULL) {
688 ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
689 return NULL;
690 }
691 if (encryptedKey->type != OSSL_CRMF_ENCRYPTEDKEY_ENVELOPEDDATA) {
692 unsigned char *p;
693 const unsigned char *p_copy;
694 int len;
695
696 p = OSSL_CRMF_ENCRYPTEDVALUE_decrypt(encryptedKey->value.encryptedValue,
697 libctx, propq, pkey, &len);
698 if ((p_copy = p) != NULL)
699 ret = d2i_AutoPrivateKey_ex(NULL, &p_copy, len, libctx, propq);
700 OPENSSL_free(p);
701 return ret;
702 }
703
704 #ifndef OPENSSL_NO_CMS
705 if (ts == NULL) {
706 ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
707 return NULL;
708 }
709 if ((bio = CMS_EnvelopedData_decrypt(encryptedKey->value.envelopedData,
710 NULL, pkey, cert, secret, 0,
711 libctx, propq)) == NULL) {
712 ERR_raise(ERR_LIB_CRMF, CRMF_R_ERROR_DECRYPTING_ENCRYPTEDKEY);
713 goto end;
714 }
715 sd = ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_SignedData), bio, NULL);
716 if (sd == NULL)
717 goto end;
718
719 if ((purpose_id = X509_PURPOSE_get_by_sname(SN_cmKGA)) < 0) {
720 purpose_id = X509_PURPOSE_get_unused_id(libctx);
721 if (!X509_PURPOSE_add(purpose_id, X509_TRUST_COMPAT, 0, check_cmKGA,
722 LN_cmKGA, SN_cmKGA, NULL))
723 goto end;
724 }
725 if ((vpm = X509_STORE_get0_param(ts)) == NULL)
726 goto end;
727
728 /* temporarily override X509_PURPOSE_SMIME_SIGN: */
729 bak_purpose_id = X509_VERIFY_PARAM_get_purpose(vpm);
730 if (!X509_STORE_set_purpose(ts, purpose_id)) {
731 ERR_raise(ERR_LIB_CRMF, CRMF_R_ERROR_SETTING_PURPOSE);
732 goto end;
733 }
734
735 pkey_bio = CMS_SignedData_verify(sd, NULL, NULL /* scerts */, ts,
736 extra, NULL, 0, libctx, propq);
737
738 if (!X509_STORE_set_purpose(ts, bak_purpose_id)) {
739 ERR_raise(ERR_LIB_CRMF, CRMF_R_ERROR_SETTING_PURPOSE);
740 goto end;
741 }
742
743 if (pkey_bio == NULL) {
744 ERR_raise(ERR_LIB_CRMF, CRMF_R_ERROR_VERIFYING_ENCRYPTEDKEY);
745 goto end;
746 }
747
748 /* unpack AsymmetricKeyPackage */
749 if ((ret = d2i_PrivateKey_ex_bio(pkey_bio, NULL, libctx, propq)) == NULL)
750 ERR_raise(ERR_LIB_CRMF, CRMF_R_ERROR_DECODING_ENCRYPTEDKEY);
751
752 end:
753 CMS_SignedData_free(sd);
754 BIO_free(bio);
755 BIO_free(pkey_bio);
756 return ret;
757 #else
758 /* prevent warning on unused parameters: */
759 ((void)ts, (void)extra, (void)cert, (void)secret);
760 ERR_raise(ERR_LIB_CRMF, CRMF_R_CMS_NOT_SUPPORTED);
761 return NULL;
762 #endif /* OPENSSL_NO_CMS */
763 }
764
765 unsigned char
OSSL_CRMF_ENCRYPTEDVALUE_decrypt(const OSSL_CRMF_ENCRYPTEDVALUE * enc,OSSL_LIB_CTX * libctx,const char * propq,EVP_PKEY * pkey,int * outlen)766 *OSSL_CRMF_ENCRYPTEDVALUE_decrypt(const OSSL_CRMF_ENCRYPTEDVALUE *enc,
767 OSSL_LIB_CTX *libctx, const char *propq,
768 EVP_PKEY *pkey, int *outlen)
769 {
770 EVP_CIPHER_CTX *evp_ctx = NULL; /* context for symmetric encryption */
771 unsigned char *ek = NULL; /* decrypted symmetric encryption key */
772 size_t eksize = 0; /* size of decrypted symmetric encryption key */
773 EVP_CIPHER *cipher = NULL; /* used cipher */
774 int cikeysize = 0; /* key size from cipher */
775 unsigned char *iv = NULL; /* initial vector for symmetric encryption */
776 unsigned char *out = NULL; /* decryption output buffer */
777 int n, ret = 0;
778 EVP_PKEY_CTX *pkctx = NULL; /* private key context */
779 char name[OSSL_MAX_NAME_SIZE];
780
781 if (outlen == NULL) {
782 ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
783 return NULL;
784 }
785 *outlen = 0;
786 if (enc == NULL || enc->symmAlg == NULL || enc->encSymmKey == NULL
787 || enc->encValue == NULL || pkey == NULL) {
788 ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
789 return NULL;
790 }
791
792 /* select symmetric cipher based on algorithm given in message */
793 OBJ_obj2txt(name, sizeof(name), enc->symmAlg->algorithm, 0);
794 (void)ERR_set_mark();
795 cipher = EVP_CIPHER_fetch(libctx, name, propq);
796 if (cipher == NULL)
797 cipher = (EVP_CIPHER *)EVP_get_cipherbyobj(enc->symmAlg->algorithm);
798 if (cipher == NULL) {
799 (void)ERR_clear_last_mark();
800 ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_CIPHER);
801 goto end;
802 }
803 (void)ERR_pop_to_mark();
804
805 cikeysize = EVP_CIPHER_get_key_length(cipher);
806 /* first the symmetric key needs to be decrypted */
807 pkctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
808 if (pkctx != NULL && EVP_PKEY_decrypt_init(pkctx) > 0) {
809 ASN1_BIT_STRING *encKey = enc->encSymmKey;
810 size_t failure;
811 int retval;
812
813 if (EVP_PKEY_decrypt(pkctx, NULL, &eksize,
814 encKey->data, encKey->length) <= 0
815 || (ek = OPENSSL_malloc(eksize)) == NULL)
816 goto end;
817 retval = EVP_PKEY_decrypt(pkctx, ek, &eksize, encKey->data, encKey->length);
818 failure = ~constant_time_is_zero_s(constant_time_msb(retval)
819 | constant_time_is_zero(retval));
820 failure |= ~constant_time_eq_s(eksize, (size_t)cikeysize);
821 if (failure) {
822 ERR_clear_error(); /* error state may have sensitive information */
823 ERR_raise(ERR_LIB_CRMF, CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY);
824 goto end;
825 }
826 } else {
827 goto end;
828 }
829 if ((iv = OPENSSL_malloc(EVP_CIPHER_get_iv_length(cipher))) == NULL)
830 goto end;
831 if (ASN1_TYPE_get_octetstring(enc->symmAlg->parameter, iv,
832 EVP_CIPHER_get_iv_length(cipher))
833 != EVP_CIPHER_get_iv_length(cipher)) {
834 ERR_raise(ERR_LIB_CRMF, CRMF_R_MALFORMED_IV);
835 goto end;
836 }
837
838 if ((out = OPENSSL_malloc(enc->encValue->length +
839 EVP_CIPHER_get_block_size(cipher))) == NULL
840 || (evp_ctx = EVP_CIPHER_CTX_new()) == NULL)
841 goto end;
842 EVP_CIPHER_CTX_set_padding(evp_ctx, 0);
843
844 if (!EVP_DecryptInit(evp_ctx, cipher, ek, iv)
845 || !EVP_DecryptUpdate(evp_ctx, out, outlen,
846 enc->encValue->data,
847 enc->encValue->length)
848 || !EVP_DecryptFinal(evp_ctx, out + *outlen, &n)) {
849 ERR_raise(ERR_LIB_CRMF, CRMF_R_ERROR_DECRYPTING_ENCRYPTEDVALUE);
850 goto end;
851 }
852 *outlen += n;
853 ret = 1;
854
855 end:
856 EVP_PKEY_CTX_free(pkctx);
857 EVP_CIPHER_CTX_free(evp_ctx);
858 EVP_CIPHER_free(cipher);
859 OPENSSL_clear_free(ek, eksize);
860 OPENSSL_free(iv);
861 if (ret)
862 return out;
863 OPENSSL_free(out);
864 return NULL;
865 }
866
867 /*
868 * Decrypts the certificate in the given encryptedValue using private key pkey.
869 * This is needed for the indirect PoP method as in RFC 4210 section 5.2.8.2.
870 *
871 * returns a pointer to the decrypted certificate
872 * returns NULL on error or if no certificate available
873 */
OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE * ecert,OSSL_LIB_CTX * libctx,const char * propq,EVP_PKEY * pkey)874 X509 *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert,
875 OSSL_LIB_CTX *libctx, const char *propq,
876 EVP_PKEY *pkey)
877 {
878 unsigned char *buf = NULL;
879 const unsigned char *p;
880 int len;
881 X509 *cert = NULL;
882
883 buf = OSSL_CRMF_ENCRYPTEDVALUE_decrypt(ecert, libctx, propq, pkey, &len);
884 if ((p = buf) == NULL || (cert = X509_new_ex(libctx, propq)) == NULL)
885 goto end;
886
887 if (d2i_X509(&cert, &p, len) == NULL) {
888 ERR_raise(ERR_LIB_CRMF, CRMF_R_ERROR_DECODING_CERTIFICATE);
889 X509_free(cert);
890 cert = NULL;
891 }
892
893 end:
894 OPENSSL_free(buf);
895 return cert;
896 }
897 /*-
898 * Decrypts the certificate in the given encryptedKey using private key pkey.
899 * This is needed for the indirect PoP method as in RFC 4210 section 5.2.8.2.
900 *
901 * returns a pointer to the decrypted certificate
902 * returns NULL on error or if no certificate available
903 */
OSSL_CRMF_ENCRYPTEDKEY_get1_encCert(const OSSL_CRMF_ENCRYPTEDKEY * ecert,OSSL_LIB_CTX * libctx,const char * propq,EVP_PKEY * pkey,unsigned int flags)904 X509 *OSSL_CRMF_ENCRYPTEDKEY_get1_encCert(const OSSL_CRMF_ENCRYPTEDKEY *ecert,
905 OSSL_LIB_CTX *libctx, const char *propq,
906 EVP_PKEY *pkey, unsigned int flags)
907 {
908 #ifndef OPENSSL_NO_CMS
909 BIO *bio;
910 X509 *cert = NULL;
911 #endif
912
913 if (ecert->type != OSSL_CRMF_ENCRYPTEDKEY_ENVELOPEDDATA)
914 return OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(ecert->value.encryptedValue,
915 libctx, propq, pkey);
916 #ifndef OPENSSL_NO_CMS
917 bio = CMS_EnvelopedData_decrypt(ecert->value.envelopedData, NULL,
918 pkey, NULL /* cert */, NULL, flags,
919 libctx, propq);
920 if (bio == NULL)
921 return NULL;
922 cert = d2i_X509_bio(bio, NULL);
923 if (cert == NULL)
924 ERR_raise(ERR_LIB_CRMF, CRMF_R_ERROR_DECODING_CERTIFICATE);
925 BIO_free(bio);
926 return cert;
927 #else
928 (void)flags; /* prevent warning on unused parameter */
929 ERR_raise(ERR_LIB_CRMF, CRMF_R_CMS_NOT_SUPPORTED);
930 return NULL;
931 #endif /* OPENSSL_NO_CMS */
932 }
933
934 #ifndef OPENSSL_NO_CMS
OSSL_CRMF_ENCRYPTEDKEY_init_envdata(CMS_EnvelopedData * envdata)935 OSSL_CRMF_ENCRYPTEDKEY *OSSL_CRMF_ENCRYPTEDKEY_init_envdata(CMS_EnvelopedData *envdata)
936 {
937 OSSL_CRMF_ENCRYPTEDKEY *ek = OSSL_CRMF_ENCRYPTEDKEY_new();
938
939 if (ek == NULL)
940 return NULL;
941 ek->type = OSSL_CRMF_ENCRYPTEDKEY_ENVELOPEDDATA;
942 ek->value.envelopedData = envdata;
943 return ek;
944 }
945 #endif
946