1 /*
2 * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include "internal/cryptlib.h"
11 #include <openssl/asn1t.h>
12 #include <openssl/pem.h>
13 #include <openssl/x509v3.h>
14 #include <openssl/err.h>
15 #include <openssl/cms.h>
16 #include <openssl/evp.h>
17 #include "internal/sizes.h"
18 #include "crypto/asn1.h"
19 #include "crypto/evp.h"
20 #include "crypto/x509.h"
21 #include "cms_local.h"
22
23 /* CMS EnvelopedData Utilities */
24 static void cms_env_set_version(CMS_EnvelopedData *env);
25
26 #define CMS_ENVELOPED_STANDARD 1
27 #define CMS_ENVELOPED_AUTH 2
28
cms_get_enveloped_type_simple(const CMS_ContentInfo * cms)29 static int cms_get_enveloped_type_simple(const CMS_ContentInfo *cms)
30 {
31 int nid = OBJ_obj2nid(cms->contentType);
32
33 switch (nid) {
34 case NID_pkcs7_enveloped:
35 return CMS_ENVELOPED_STANDARD;
36
37 case NID_id_smime_ct_authEnvelopedData:
38 return CMS_ENVELOPED_AUTH;
39
40 default:
41 return 0;
42 }
43 }
44
cms_get_enveloped_type(const CMS_ContentInfo * cms)45 static int cms_get_enveloped_type(const CMS_ContentInfo *cms)
46 {
47 int ret = cms_get_enveloped_type_simple(cms);
48
49 if (ret == 0)
50 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
51 return ret;
52 }
53
ossl_cms_get0_enveloped(CMS_ContentInfo * cms)54 CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms)
55 {
56 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
57 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
58 return NULL;
59 }
60 return cms->d.envelopedData;
61 }
62
ossl_cms_get0_auth_enveloped(CMS_ContentInfo * cms)63 CMS_AuthEnvelopedData *ossl_cms_get0_auth_enveloped(CMS_ContentInfo *cms)
64 {
65 if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_authEnvelopedData) {
66 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
67 return NULL;
68 }
69 return cms->d.authEnvelopedData;
70 }
71
cms_enveloped_data_init(CMS_ContentInfo * cms)72 static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
73 {
74 if (cms->d.other == NULL) {
75 cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
76 if (cms->d.envelopedData == NULL) {
77 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
78 return NULL;
79 }
80 cms->d.envelopedData->version = 0;
81 cms->d.envelopedData->encryptedContentInfo->contentType = OBJ_nid2obj(NID_pkcs7_data);
82 ASN1_OBJECT_free(cms->contentType);
83 cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
84 return cms->d.envelopedData;
85 }
86 return ossl_cms_get0_enveloped(cms);
87 }
88
89 static CMS_AuthEnvelopedData *
cms_auth_enveloped_data_init(CMS_ContentInfo * cms)90 cms_auth_enveloped_data_init(CMS_ContentInfo *cms)
91 {
92 if (cms->d.other == NULL) {
93 cms->d.authEnvelopedData = M_ASN1_new_of(CMS_AuthEnvelopedData);
94 if (cms->d.authEnvelopedData == NULL) {
95 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
96 return NULL;
97 }
98 /* Defined in RFC 5083 - Section 2.1. "AuthEnvelopedData Type" */
99 cms->d.authEnvelopedData->version = 0;
100 cms->d.authEnvelopedData->authEncryptedContentInfo->contentType = OBJ_nid2obj(NID_pkcs7_data);
101 ASN1_OBJECT_free(cms->contentType);
102 cms->contentType = OBJ_nid2obj(NID_id_smime_ct_authEnvelopedData);
103 return cms->d.authEnvelopedData;
104 }
105 return ossl_cms_get0_auth_enveloped(cms);
106 }
107
ossl_cms_env_asn1_ctrl(CMS_RecipientInfo * ri,int cmd)108 int ossl_cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
109 {
110 EVP_PKEY *pkey;
111 int i;
112 if (ri->type == CMS_RECIPINFO_TRANS)
113 pkey = ri->d.ktri->pkey;
114 else if (ri->type == CMS_RECIPINFO_AGREE) {
115 EVP_PKEY_CTX *pctx = ri->d.kari->pctx;
116
117 if (pctx == NULL)
118 return 0;
119 pkey = EVP_PKEY_CTX_get0_pkey(pctx);
120 if (pkey == NULL)
121 return 0;
122 } else
123 return 0;
124
125 if (EVP_PKEY_is_a(pkey, "DHX") || EVP_PKEY_is_a(pkey, "DH"))
126 return ossl_cms_dh_envelope(ri, cmd);
127 else if (EVP_PKEY_is_a(pkey, "EC"))
128 return ossl_cms_ecdh_envelope(ri, cmd);
129 else if (EVP_PKEY_is_a(pkey, "RSA"))
130 return ossl_cms_rsa_envelope(ri, cmd);
131
132 /* Something else? We'll give engines etc a chance to handle this */
133 if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL)
134 return 1;
135 i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri);
136 if (i == -2) {
137 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
138 return 0;
139 }
140 if (i <= 0) {
141 ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_FAILURE);
142 return 0;
143 }
144 return 1;
145 }
146
ossl_cms_get0_env_enc_content(const CMS_ContentInfo * cms)147 CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms)
148 {
149 switch (cms_get_enveloped_type(cms)) {
150 case CMS_ENVELOPED_STANDARD:
151 return cms->d.envelopedData == NULL ? NULL
152 : cms->d.envelopedData->encryptedContentInfo;
153
154 case CMS_ENVELOPED_AUTH:
155 return cms->d.authEnvelopedData == NULL ? NULL
156 : cms->d.authEnvelopedData->authEncryptedContentInfo;
157
158 default:
159 return NULL;
160 }
161 }
162
STACK_OF(CMS_RecipientInfo)163 STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
164 {
165 switch (cms_get_enveloped_type(cms)) {
166 case CMS_ENVELOPED_STANDARD:
167 return cms->d.envelopedData->recipientInfos;
168
169 case CMS_ENVELOPED_AUTH:
170 return cms->d.authEnvelopedData->recipientInfos;
171
172 default:
173 return NULL;
174 }
175 }
176
ossl_cms_RecipientInfos_set_cmsctx(CMS_ContentInfo * cms)177 void ossl_cms_RecipientInfos_set_cmsctx(CMS_ContentInfo *cms)
178 {
179 int i;
180 CMS_RecipientInfo *ri;
181 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
182 STACK_OF(CMS_RecipientInfo) *rinfos = CMS_get0_RecipientInfos(cms);
183
184 for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) {
185 ri = sk_CMS_RecipientInfo_value(rinfos, i);
186 if (ri != NULL) {
187 switch (ri->type) {
188 case CMS_RECIPINFO_AGREE:
189 ri->d.kari->cms_ctx = ctx;
190 break;
191 case CMS_RECIPINFO_TRANS:
192 ri->d.ktri->cms_ctx = ctx;
193 ossl_x509_set0_libctx(ri->d.ktri->recip,
194 ossl_cms_ctx_get0_libctx(ctx),
195 ossl_cms_ctx_get0_propq(ctx));
196 break;
197 case CMS_RECIPINFO_KEK:
198 ri->d.kekri->cms_ctx = ctx;
199 break;
200 case CMS_RECIPINFO_PASS:
201 ri->d.pwri->cms_ctx = ctx;
202 break;
203 default:
204 break;
205 }
206 }
207 }
208 }
209
CMS_RecipientInfo_type(CMS_RecipientInfo * ri)210 int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
211 {
212 return ri->type;
213 }
214
CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo * ri)215 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri)
216 {
217 if (ri->type == CMS_RECIPINFO_TRANS)
218 return ri->d.ktri->pctx;
219 else if (ri->type == CMS_RECIPINFO_AGREE)
220 return ri->d.kari->pctx;
221 return NULL;
222 }
223
CMS_EnvelopedData_create_ex(const EVP_CIPHER * cipher,OSSL_LIB_CTX * libctx,const char * propq)224 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
225 OSSL_LIB_CTX *libctx,
226 const char *propq)
227 {
228 CMS_ContentInfo *cms;
229 CMS_EnvelopedData *env;
230
231 cms = CMS_ContentInfo_new_ex(libctx, propq);
232 if (cms == NULL)
233 goto err;
234 env = cms_enveloped_data_init(cms);
235 if (env == NULL)
236 goto err;
237
238 if (!ossl_cms_EncryptedContent_init(env->encryptedContentInfo, cipher, NULL,
239 0, ossl_cms_get0_cmsctx(cms)))
240 goto err;
241 return cms;
242 err:
243 CMS_ContentInfo_free(cms);
244 ERR_raise(ERR_LIB_CMS, ERR_R_CMS_LIB);
245 return NULL;
246 }
247
CMS_EnvelopedData_create(const EVP_CIPHER * cipher)248 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
249 {
250 return CMS_EnvelopedData_create_ex(cipher, NULL, NULL);
251 }
252
CMS_EnvelopedData_decrypt(CMS_EnvelopedData * env,BIO * detached_data,EVP_PKEY * pkey,X509 * cert,ASN1_OCTET_STRING * secret,unsigned int flags,OSSL_LIB_CTX * libctx,const char * propq)253 BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
254 EVP_PKEY *pkey, X509 *cert,
255 ASN1_OCTET_STRING *secret, unsigned int flags,
256 OSSL_LIB_CTX *libctx, const char *propq)
257 {
258 CMS_ContentInfo *ci;
259 BIO *bio = NULL;
260 int res = 0;
261
262 if (env == NULL) {
263 ERR_raise(ERR_LIB_CMS, ERR_R_PASSED_NULL_PARAMETER);
264 return NULL;
265 }
266
267 if ((ci = CMS_ContentInfo_new_ex(libctx, propq)) == NULL
268 || (bio = BIO_new(BIO_s_mem())) == NULL)
269 goto end;
270 ci->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
271 ci->d.envelopedData = env;
272 if (secret != NULL
273 && CMS_decrypt_set1_password(ci, (unsigned char *)ASN1_STRING_get0_data(secret),
274 ASN1_STRING_length(secret))
275 != 1)
276 goto end;
277 res = CMS_decrypt(ci, secret == NULL ? pkey : NULL,
278 secret == NULL ? cert : NULL, detached_data, bio, flags);
279
280 end:
281 if (ci != NULL) {
282 ci->d.envelopedData = NULL; /* do not indirectly free |env| */
283 ci->contentType = NULL;
284 }
285 CMS_ContentInfo_free(ci);
286 if (!res) {
287 BIO_free(bio);
288 bio = NULL;
289 }
290 return bio;
291 }
292
293 CMS_ContentInfo *
CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER * cipher,OSSL_LIB_CTX * libctx,const char * propq)294 CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
295 const char *propq)
296 {
297 CMS_ContentInfo *cms;
298 CMS_AuthEnvelopedData *aenv;
299
300 cms = CMS_ContentInfo_new_ex(libctx, propq);
301 if (cms == NULL)
302 goto merr;
303 aenv = cms_auth_enveloped_data_init(cms);
304 if (aenv == NULL)
305 goto merr;
306 if (!ossl_cms_EncryptedContent_init(aenv->authEncryptedContentInfo,
307 cipher, NULL, 0,
308 ossl_cms_get0_cmsctx(cms)))
309 goto merr;
310 return cms;
311 merr:
312 CMS_ContentInfo_free(cms);
313 ERR_raise(ERR_LIB_CMS, ERR_R_CMS_LIB);
314 return NULL;
315 }
316
CMS_AuthEnvelopedData_create(const EVP_CIPHER * cipher)317 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher)
318 {
319 return CMS_AuthEnvelopedData_create_ex(cipher, NULL, NULL);
320 }
321
322 /* Key Transport Recipient Info (KTRI) routines */
323
324 /* Initialise a ktri based on passed certificate and key */
325
cms_RecipientInfo_ktri_init(CMS_RecipientInfo * ri,X509 * recip,EVP_PKEY * pk,unsigned int flags,const CMS_CTX * ctx)326 static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
327 EVP_PKEY *pk, unsigned int flags,
328 const CMS_CTX *ctx)
329 {
330 CMS_KeyTransRecipientInfo *ktri;
331 int idtype;
332
333 ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
334 if (!ri->d.ktri)
335 return 0;
336 ri->type = CMS_RECIPINFO_TRANS;
337
338 ktri = ri->d.ktri;
339 ktri->cms_ctx = ctx;
340
341 if (flags & CMS_USE_KEYID) {
342 ktri->version = 2;
343 idtype = CMS_RECIPINFO_KEYIDENTIFIER;
344 } else {
345 ktri->version = 0;
346 idtype = CMS_RECIPINFO_ISSUER_SERIAL;
347 }
348
349 /*
350 * Not a typo: RecipientIdentifier and SignerIdentifier are the same
351 * structure.
352 */
353
354 if (!ossl_cms_set1_SignerIdentifier(ktri->rid, recip, idtype, ctx))
355 return 0;
356
357 if (!X509_up_ref(recip))
358 return 0;
359 if (!EVP_PKEY_up_ref(pk)) {
360 X509_free(recip);
361 return 0;
362 }
363
364 ktri->pkey = pk;
365 ktri->recip = recip;
366
367 if (flags & CMS_KEY_PARAM) {
368 ktri->pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx),
369 ktri->pkey,
370 ossl_cms_ctx_get0_propq(ctx));
371 if (ktri->pctx == NULL)
372 return 0;
373 if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
374 return 0;
375 } else if (!ossl_cms_env_asn1_ctrl(ri, 0))
376 return 0;
377 return 1;
378 }
379
380 /*
381 * Add a recipient certificate using appropriate type of RecipientInfo
382 */
383
CMS_add1_recipient(CMS_ContentInfo * cms,X509 * recip,EVP_PKEY * originatorPrivKey,X509 * originator,unsigned int flags)384 CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip,
385 EVP_PKEY *originatorPrivKey,
386 X509 *originator, unsigned int flags)
387 {
388 CMS_RecipientInfo *ri = NULL;
389 STACK_OF(CMS_RecipientInfo) *ris;
390 EVP_PKEY *pk = NULL;
391 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
392
393 ris = CMS_get0_RecipientInfos(cms);
394 if (ris == NULL)
395 goto err;
396
397 /* Initialize recipient info */
398 ri = M_ASN1_new_of(CMS_RecipientInfo);
399 if (ri == NULL) {
400 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
401 goto err;
402 }
403
404 pk = X509_get0_pubkey(recip);
405 if (pk == NULL) {
406 ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_GETTING_PUBLIC_KEY);
407 goto err;
408 }
409
410 switch (ossl_cms_pkey_get_ri_type(pk)) {
411
412 case CMS_RECIPINFO_TRANS:
413 if (!cms_RecipientInfo_ktri_init(ri, recip, pk, flags, ctx))
414 goto err;
415 break;
416
417 case CMS_RECIPINFO_AGREE:
418 if (!ossl_cms_RecipientInfo_kari_init(ri, recip, pk, originator,
419 originatorPrivKey, flags, ctx))
420 goto err;
421 break;
422
423 default:
424 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
425 goto err;
426 }
427
428 if (!sk_CMS_RecipientInfo_push(ris, ri)) {
429 ERR_raise(ERR_LIB_CMS, ERR_R_CRYPTO_LIB);
430 goto err;
431 }
432
433 return ri;
434
435 err:
436 M_ASN1_free_of(ri, CMS_RecipientInfo);
437 return NULL;
438 }
439
CMS_add1_recipient_cert(CMS_ContentInfo * cms,X509 * recip,unsigned int flags)440 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip,
441 unsigned int flags)
442 {
443 return CMS_add1_recipient(cms, recip, NULL, NULL, flags);
444 }
445
CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo * ri,EVP_PKEY ** pk,X509 ** recip,X509_ALGOR ** palg)446 int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
447 EVP_PKEY **pk, X509 **recip,
448 X509_ALGOR **palg)
449 {
450 CMS_KeyTransRecipientInfo *ktri;
451 if (ri->type != CMS_RECIPINFO_TRANS) {
452 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
453 return 0;
454 }
455
456 ktri = ri->d.ktri;
457
458 if (pk)
459 *pk = ktri->pkey;
460 if (recip)
461 *recip = ktri->recip;
462 if (palg)
463 *palg = ktri->keyEncryptionAlgorithm;
464 return 1;
465 }
466
CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo * ri,ASN1_OCTET_STRING ** keyid,X509_NAME ** issuer,ASN1_INTEGER ** sno)467 int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
468 ASN1_OCTET_STRING **keyid,
469 X509_NAME **issuer,
470 ASN1_INTEGER **sno)
471 {
472 CMS_KeyTransRecipientInfo *ktri;
473 if (ri->type != CMS_RECIPINFO_TRANS) {
474 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
475 return 0;
476 }
477 ktri = ri->d.ktri;
478
479 return ossl_cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer,
480 sno);
481 }
482
CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo * ri,X509 * cert)483 int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
484 {
485 if (ri->type != CMS_RECIPINFO_TRANS) {
486 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
487 return -2;
488 }
489 return ossl_cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
490 }
491
CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo * ri,EVP_PKEY * pkey)492 int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
493 {
494 if (ri->type != CMS_RECIPINFO_TRANS) {
495 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
496 return 0;
497 }
498 EVP_PKEY_free(ri->d.ktri->pkey);
499 ri->d.ktri->pkey = pkey;
500 return 1;
501 }
502
503 /* Encrypt content key in key transport recipient info */
504
cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo * cms,CMS_RecipientInfo * ri)505 static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms,
506 CMS_RecipientInfo *ri)
507 {
508 CMS_KeyTransRecipientInfo *ktri;
509 CMS_EncryptedContentInfo *ec;
510 EVP_PKEY_CTX *pctx;
511 unsigned char *ek = NULL;
512 size_t eklen;
513 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
514
515 int ret = 0;
516
517 if (ri->type != CMS_RECIPINFO_TRANS) {
518 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
519 return 0;
520 }
521 ktri = ri->d.ktri;
522 ec = ossl_cms_get0_env_enc_content(cms);
523
524 pctx = ktri->pctx;
525
526 if (pctx) {
527 if (!ossl_cms_env_asn1_ctrl(ri, 0))
528 goto err;
529 } else {
530 pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx),
531 ktri->pkey,
532 ossl_cms_ctx_get0_propq(ctx));
533 if (pctx == NULL)
534 return 0;
535
536 if (EVP_PKEY_encrypt_init(pctx) <= 0)
537 goto err;
538 }
539
540 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
541 goto err;
542
543 ek = OPENSSL_malloc(eklen);
544 if (ek == NULL)
545 goto err;
546
547 if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
548 goto err;
549
550 ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
551 ek = NULL;
552
553 ret = 1;
554
555 err:
556 EVP_PKEY_CTX_free(pctx);
557 ktri->pctx = NULL;
558 OPENSSL_free(ek);
559 return ret;
560 }
561
562 /* Decrypt content key from KTRI */
563
cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo * cms,CMS_RecipientInfo * ri)564 static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
565 CMS_RecipientInfo *ri)
566 {
567 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
568 EVP_PKEY *pkey = ktri->pkey;
569 unsigned char *ek = NULL;
570 size_t eklen;
571 int ret = 0;
572 size_t fixlen = 0;
573 const EVP_CIPHER *cipher = NULL;
574 EVP_CIPHER *fetched_cipher = NULL;
575 CMS_EncryptedContentInfo *ec;
576 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
577 OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(ctx);
578 const char *propq = ossl_cms_ctx_get0_propq(ctx);
579
580 ec = ossl_cms_get0_env_enc_content(cms);
581
582 if (ktri->pkey == NULL) {
583 ERR_raise(ERR_LIB_CMS, CMS_R_NO_PRIVATE_KEY);
584 return 0;
585 }
586
587 if (cms->d.envelopedData->encryptedContentInfo->havenocert
588 && !cms->d.envelopedData->encryptedContentInfo->debug) {
589 X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
590 char name[OSSL_MAX_NAME_SIZE];
591
592 OBJ_obj2txt(name, sizeof(name), calg->algorithm, 0);
593
594 (void)ERR_set_mark();
595 fetched_cipher = EVP_CIPHER_fetch(libctx, name, propq);
596
597 if (fetched_cipher != NULL)
598 cipher = fetched_cipher;
599 else
600 cipher = EVP_get_cipherbyobj(calg->algorithm);
601 if (cipher == NULL) {
602 (void)ERR_clear_last_mark();
603 ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_CIPHER);
604 return 0;
605 }
606 (void)ERR_pop_to_mark();
607
608 fixlen = EVP_CIPHER_get_key_length(cipher);
609 EVP_CIPHER_free(fetched_cipher);
610 }
611
612 ktri->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
613 if (ktri->pctx == NULL)
614 goto err;
615
616 if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0)
617 goto err;
618
619 if (!ossl_cms_env_asn1_ctrl(ri, 1))
620 goto err;
621
622 if (EVP_PKEY_is_a(pkey, "RSA"))
623 /* upper layer CMS code incorrectly assumes that a successful RSA
624 * decryption means that the key matches ciphertext (which never
625 * was the case, implicit rejection or not), so to make it work
626 * disable implicit rejection for RSA keys */
627 EVP_PKEY_CTX_ctrl_str(ktri->pctx, "rsa_pkcs1_implicit_rejection", "0");
628
629 if (evp_pkey_decrypt_alloc(ktri->pctx, &ek, &eklen, fixlen,
630 ktri->encryptedKey->data,
631 ktri->encryptedKey->length)
632 <= 0)
633 goto err;
634
635 ret = 1;
636
637 OPENSSL_clear_free(ec->key, ec->keylen);
638 ec->key = ek;
639 ec->keylen = eklen;
640
641 err:
642 EVP_PKEY_CTX_free(ktri->pctx);
643 ktri->pctx = NULL;
644 if (!ret)
645 OPENSSL_free(ek);
646
647 return ret;
648 }
649
650 /* Key Encrypted Key (KEK) RecipientInfo routines */
651
CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo * ri,const unsigned char * id,size_t idlen)652 int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
653 const unsigned char *id, size_t idlen)
654 {
655 ASN1_OCTET_STRING tmp_os;
656 CMS_KEKRecipientInfo *kekri;
657 if (ri->type != CMS_RECIPINFO_KEK) {
658 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK);
659 return -2;
660 }
661 kekri = ri->d.kekri;
662 tmp_os.type = V_ASN1_OCTET_STRING;
663 tmp_os.flags = 0;
664 tmp_os.data = (unsigned char *)id;
665 tmp_os.length = (int)idlen;
666 return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
667 }
668
669 /* For now hard code AES key wrap info */
670
aes_wrap_keylen(int nid)671 static size_t aes_wrap_keylen(int nid)
672 {
673 switch (nid) {
674 case NID_id_aes128_wrap:
675 return 16;
676
677 case NID_id_aes192_wrap:
678 return 24;
679
680 case NID_id_aes256_wrap:
681 return 32;
682
683 default:
684 return 0;
685 }
686 }
687
CMS_add0_recipient_key(CMS_ContentInfo * cms,int nid,unsigned char * key,size_t keylen,unsigned char * id,size_t idlen,ASN1_GENERALIZEDTIME * date,ASN1_OBJECT * otherTypeId,ASN1_TYPE * otherType)688 CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
689 unsigned char *key, size_t keylen,
690 unsigned char *id, size_t idlen,
691 ASN1_GENERALIZEDTIME *date,
692 ASN1_OBJECT *otherTypeId,
693 ASN1_TYPE *otherType)
694 {
695 CMS_RecipientInfo *ri = NULL;
696 CMS_KEKRecipientInfo *kekri;
697 STACK_OF(CMS_RecipientInfo) *ris = CMS_get0_RecipientInfos(cms);
698
699 if (ris == NULL)
700 goto err;
701
702 if (nid == NID_undef) {
703 switch (keylen) {
704 case 16:
705 nid = NID_id_aes128_wrap;
706 break;
707
708 case 24:
709 nid = NID_id_aes192_wrap;
710 break;
711
712 case 32:
713 nid = NID_id_aes256_wrap;
714 break;
715
716 default:
717 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
718 goto err;
719 }
720
721 } else {
722
723 size_t exp_keylen = aes_wrap_keylen(nid);
724
725 if (!exp_keylen) {
726 ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_KEK_ALGORITHM);
727 goto err;
728 }
729
730 if (keylen != exp_keylen) {
731 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
732 goto err;
733 }
734 }
735
736 /* Initialize recipient info */
737 ri = M_ASN1_new_of(CMS_RecipientInfo);
738 if (!ri) {
739 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
740 goto err;
741 }
742
743 ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
744 if (!ri->d.kekri) {
745 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
746 goto err;
747 }
748 ri->type = CMS_RECIPINFO_KEK;
749
750 kekri = ri->d.kekri;
751
752 if (otherTypeId) {
753 kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
754 if (kekri->kekid->other == NULL) {
755 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
756 goto err;
757 }
758 }
759
760 if (!sk_CMS_RecipientInfo_push(ris, ri)) {
761 ERR_raise(ERR_LIB_CMS, ERR_R_CRYPTO_LIB);
762 goto err;
763 }
764
765 /* After this point no calls can fail */
766
767 kekri->version = 4;
768
769 kekri->key = key;
770 kekri->keylen = keylen;
771
772 ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
773
774 kekri->kekid->date = date;
775
776 if (kekri->kekid->other) {
777 kekri->kekid->other->keyAttrId = otherTypeId;
778 kekri->kekid->other->keyAttr = otherType;
779 }
780
781 (void)X509_ALGOR_set0(kekri->keyEncryptionAlgorithm, OBJ_nid2obj(nid),
782 V_ASN1_UNDEF, NULL); /* cannot fail */
783
784 return ri;
785
786 err:
787 M_ASN1_free_of(ri, CMS_RecipientInfo);
788 return NULL;
789 }
790
CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo * ri,X509_ALGOR ** palg,ASN1_OCTET_STRING ** pid,ASN1_GENERALIZEDTIME ** pdate,ASN1_OBJECT ** potherid,ASN1_TYPE ** pothertype)791 int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
792 X509_ALGOR **palg,
793 ASN1_OCTET_STRING **pid,
794 ASN1_GENERALIZEDTIME **pdate,
795 ASN1_OBJECT **potherid,
796 ASN1_TYPE **pothertype)
797 {
798 CMS_KEKIdentifier *rkid;
799 if (ri->type != CMS_RECIPINFO_KEK) {
800 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK);
801 return 0;
802 }
803 rkid = ri->d.kekri->kekid;
804 if (palg)
805 *palg = ri->d.kekri->keyEncryptionAlgorithm;
806 if (pid)
807 *pid = rkid->keyIdentifier;
808 if (pdate)
809 *pdate = rkid->date;
810 if (potherid) {
811 if (rkid->other)
812 *potherid = rkid->other->keyAttrId;
813 else
814 *potherid = NULL;
815 }
816 if (pothertype) {
817 if (rkid->other)
818 *pothertype = rkid->other->keyAttr;
819 else
820 *pothertype = NULL;
821 }
822 return 1;
823 }
824
CMS_RecipientInfo_set0_key(CMS_RecipientInfo * ri,unsigned char * key,size_t keylen)825 int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
826 unsigned char *key, size_t keylen)
827 {
828 CMS_KEKRecipientInfo *kekri;
829 if (ri->type != CMS_RECIPINFO_KEK) {
830 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK);
831 return 0;
832 }
833
834 kekri = ri->d.kekri;
835 kekri->key = key;
836 kekri->keylen = keylen;
837 return 1;
838 }
839
cms_get_key_wrap_cipher(size_t keylen,const CMS_CTX * ctx)840 static EVP_CIPHER *cms_get_key_wrap_cipher(size_t keylen, const CMS_CTX *ctx)
841 {
842 const char *alg = NULL;
843
844 switch (keylen) {
845 case 16:
846 alg = "AES-128-WRAP";
847 break;
848 case 24:
849 alg = "AES-192-WRAP";
850 break;
851 case 32:
852 alg = "AES-256-WRAP";
853 break;
854 default:
855 return NULL;
856 }
857 return EVP_CIPHER_fetch(ossl_cms_ctx_get0_libctx(ctx), alg,
858 ossl_cms_ctx_get0_propq(ctx));
859 }
860
861 /* Encrypt content key in KEK recipient info */
862
cms_RecipientInfo_kekri_encrypt(const CMS_ContentInfo * cms,CMS_RecipientInfo * ri)863 static int cms_RecipientInfo_kekri_encrypt(const CMS_ContentInfo *cms,
864 CMS_RecipientInfo *ri)
865 {
866 CMS_EncryptedContentInfo *ec;
867 CMS_KEKRecipientInfo *kekri;
868 unsigned char *wkey = NULL;
869 int wkeylen;
870 int r = 0;
871 EVP_CIPHER *cipher = NULL;
872 int outlen = 0;
873 EVP_CIPHER_CTX *ctx = NULL;
874 const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms);
875
876 ec = ossl_cms_get0_env_enc_content(cms);
877 if (ec == NULL)
878 return 0;
879
880 kekri = ri->d.kekri;
881
882 if (kekri->key == NULL) {
883 ERR_raise(ERR_LIB_CMS, CMS_R_NO_KEY);
884 return 0;
885 }
886
887 cipher = cms_get_key_wrap_cipher(kekri->keylen, cms_ctx);
888 if (cipher == NULL) {
889 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
890 goto err;
891 }
892
893 /* 8 byte prefix for AES wrap ciphers */
894 wkey = OPENSSL_malloc(ec->keylen + 8);
895 if (wkey == NULL)
896 goto err;
897
898 ctx = EVP_CIPHER_CTX_new();
899 if (ctx == NULL) {
900 ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB);
901 goto err;
902 }
903
904 EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
905 if (!EVP_EncryptInit_ex(ctx, cipher, NULL, kekri->key, NULL)
906 || !EVP_EncryptUpdate(ctx, wkey, &wkeylen, ec->key, ec->keylen)
907 || !EVP_EncryptFinal_ex(ctx, wkey + wkeylen, &outlen)) {
908 ERR_raise(ERR_LIB_CMS, CMS_R_WRAP_ERROR);
909 goto err;
910 }
911 wkeylen += outlen;
912 if (!ossl_assert((size_t)wkeylen == ec->keylen + 8)) {
913 ERR_raise(ERR_LIB_CMS, CMS_R_WRAP_ERROR);
914 goto err;
915 }
916
917 ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
918
919 r = 1;
920
921 err:
922 EVP_CIPHER_free(cipher);
923 if (!r)
924 OPENSSL_free(wkey);
925 EVP_CIPHER_CTX_free(ctx);
926
927 return r;
928 }
929
930 /* Decrypt content key in KEK recipient info */
931
cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo * cms,CMS_RecipientInfo * ri)932 static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
933 CMS_RecipientInfo *ri)
934 {
935 CMS_EncryptedContentInfo *ec;
936 CMS_KEKRecipientInfo *kekri;
937 unsigned char *ukey = NULL;
938 int ukeylen;
939 int r = 0, wrap_nid;
940 EVP_CIPHER *cipher = NULL;
941 int outlen = 0;
942 EVP_CIPHER_CTX *ctx = NULL;
943 const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms);
944
945 ec = ossl_cms_get0_env_enc_content(cms);
946 if (ec == NULL)
947 return 0;
948
949 kekri = ri->d.kekri;
950
951 if (!kekri->key) {
952 ERR_raise(ERR_LIB_CMS, CMS_R_NO_KEY);
953 return 0;
954 }
955
956 wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
957 if (aes_wrap_keylen(wrap_nid) != kekri->keylen) {
958 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
959 return 0;
960 }
961
962 /* If encrypted key length is invalid don't bother */
963
964 if (kekri->encryptedKey->length < 16) {
965 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
966 goto err;
967 }
968
969 cipher = cms_get_key_wrap_cipher(kekri->keylen, cms_ctx);
970 if (cipher == NULL) {
971 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
972 goto err;
973 }
974
975 ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
976 if (ukey == NULL)
977 goto err;
978
979 ctx = EVP_CIPHER_CTX_new();
980 if (ctx == NULL) {
981 ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB);
982 goto err;
983 }
984
985 if (!EVP_DecryptInit_ex(ctx, cipher, NULL, kekri->key, NULL)
986 || !EVP_DecryptUpdate(ctx, ukey, &ukeylen,
987 kekri->encryptedKey->data,
988 kekri->encryptedKey->length)
989 || !EVP_DecryptFinal_ex(ctx, ukey + ukeylen, &outlen)) {
990 ERR_raise(ERR_LIB_CMS, CMS_R_UNWRAP_ERROR);
991 goto err;
992 }
993 ukeylen += outlen;
994
995 OPENSSL_clear_free(ec->key, ec->keylen);
996 ec->key = ukey;
997 ec->keylen = ukeylen;
998
999 r = 1;
1000
1001 err:
1002 EVP_CIPHER_free(cipher);
1003 if (!r)
1004 OPENSSL_free(ukey);
1005 EVP_CIPHER_CTX_free(ctx);
1006
1007 return r;
1008 }
1009
CMS_RecipientInfo_decrypt(CMS_ContentInfo * cms,CMS_RecipientInfo * ri)1010 int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
1011 {
1012 switch (ri->type) {
1013 case CMS_RECIPINFO_TRANS:
1014 return cms_RecipientInfo_ktri_decrypt(cms, ri);
1015
1016 case CMS_RECIPINFO_KEK:
1017 return cms_RecipientInfo_kekri_decrypt(cms, ri);
1018
1019 case CMS_RECIPINFO_PASS:
1020 return ossl_cms_RecipientInfo_pwri_crypt(cms, ri, 0);
1021
1022 default:
1023 ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE);
1024 return 0;
1025 }
1026 }
1027
CMS_RecipientInfo_encrypt(const CMS_ContentInfo * cms,CMS_RecipientInfo * ri)1028 int CMS_RecipientInfo_encrypt(const CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
1029 {
1030 switch (ri->type) {
1031 case CMS_RECIPINFO_TRANS:
1032 return cms_RecipientInfo_ktri_encrypt(cms, ri);
1033
1034 case CMS_RECIPINFO_AGREE:
1035 return ossl_cms_RecipientInfo_kari_encrypt(cms, ri);
1036
1037 case CMS_RECIPINFO_KEK:
1038 return cms_RecipientInfo_kekri_encrypt(cms, ri);
1039
1040 case CMS_RECIPINFO_PASS:
1041 return ossl_cms_RecipientInfo_pwri_crypt(cms, ri, 1);
1042
1043 default:
1044 ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
1045 return 0;
1046 }
1047 }
1048
1049 /* Check structures and fixup version numbers (if necessary) */
1050
cms_env_set_originfo_version(CMS_EnvelopedData * env)1051 static void cms_env_set_originfo_version(CMS_EnvelopedData *env)
1052 {
1053 CMS_OriginatorInfo *org = env->originatorInfo;
1054 int i;
1055 if (org == NULL)
1056 return;
1057 for (i = 0; i < sk_CMS_CertificateChoices_num(org->certificates); i++) {
1058 CMS_CertificateChoices *cch;
1059 cch = sk_CMS_CertificateChoices_value(org->certificates, i);
1060 if (cch->type == CMS_CERTCHOICE_OTHER) {
1061 env->version = 4;
1062 return;
1063 } else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
1064 if (env->version < 3)
1065 env->version = 3;
1066 }
1067 }
1068
1069 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(org->crls); i++) {
1070 CMS_RevocationInfoChoice *rch;
1071 rch = sk_CMS_RevocationInfoChoice_value(org->crls, i);
1072 if (rch->type == CMS_REVCHOICE_OTHER) {
1073 env->version = 4;
1074 return;
1075 }
1076 }
1077 }
1078
cms_env_set_version(CMS_EnvelopedData * env)1079 static void cms_env_set_version(CMS_EnvelopedData *env)
1080 {
1081 int i;
1082 CMS_RecipientInfo *ri;
1083
1084 /*
1085 * Can't set version higher than 4 so if 4 or more already nothing to do.
1086 */
1087 if (env->version >= 4)
1088 return;
1089
1090 cms_env_set_originfo_version(env);
1091
1092 if (env->version >= 3)
1093 return;
1094
1095 for (i = 0; i < sk_CMS_RecipientInfo_num(env->recipientInfos); i++) {
1096 ri = sk_CMS_RecipientInfo_value(env->recipientInfos, i);
1097 if (ri->type == CMS_RECIPINFO_PASS || ri->type == CMS_RECIPINFO_OTHER) {
1098 env->version = 3;
1099 return;
1100 } else if (ri->type != CMS_RECIPINFO_TRANS
1101 || ri->d.ktri->version != 0) {
1102 env->version = 2;
1103 }
1104 }
1105 if (env->originatorInfo || env->unprotectedAttrs)
1106 env->version = 2;
1107 if (env->version == 2)
1108 return;
1109 env->version = 0;
1110 }
1111
cms_env_encrypt_content_key(const CMS_ContentInfo * cms,STACK_OF (CMS_RecipientInfo)* ris)1112 static int cms_env_encrypt_content_key(const CMS_ContentInfo *cms,
1113 STACK_OF(CMS_RecipientInfo) *ris)
1114 {
1115 int i;
1116 CMS_RecipientInfo *ri;
1117
1118 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
1119 ri = sk_CMS_RecipientInfo_value(ris, i);
1120 if (CMS_RecipientInfo_encrypt(cms, ri) <= 0)
1121 return -1;
1122 }
1123 return 1;
1124 }
1125
cms_env_clear_ec(CMS_EncryptedContentInfo * ec)1126 static void cms_env_clear_ec(CMS_EncryptedContentInfo *ec)
1127 {
1128 ec->cipher = NULL;
1129 OPENSSL_clear_free(ec->key, ec->keylen);
1130 ec->key = NULL;
1131 ec->keylen = 0;
1132 }
1133
cms_EnvelopedData_Decryption_init_bio(CMS_ContentInfo * cms)1134 static BIO *cms_EnvelopedData_Decryption_init_bio(CMS_ContentInfo *cms)
1135 {
1136 CMS_EncryptedContentInfo *ec = cms->d.envelopedData->encryptedContentInfo;
1137 BIO *contentBio = ossl_cms_EncryptedContent_init_bio(ec,
1138 ossl_cms_get0_cmsctx(cms),
1139 0);
1140 EVP_CIPHER_CTX *ctx = NULL;
1141
1142 if (contentBio == NULL)
1143 return NULL;
1144
1145 BIO_get_cipher_ctx(contentBio, &ctx);
1146 if (ctx == NULL) {
1147 BIO_free(contentBio);
1148 return NULL;
1149 }
1150 /*
1151 * If the selected cipher supports unprotected attributes,
1152 * deal with it using special ctrl function
1153 */
1154 if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
1155 & EVP_CIPH_FLAG_CIPHER_WITH_MAC)
1156 != 0
1157 && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED, 0,
1158 cms->d.envelopedData->unprotectedAttrs)
1159 <= 0) {
1160 BIO_free(contentBio);
1161 return NULL;
1162 }
1163 return contentBio;
1164 }
1165
cms_EnvelopedData_Encryption_init_bio(CMS_ContentInfo * cms)1166 static BIO *cms_EnvelopedData_Encryption_init_bio(CMS_ContentInfo *cms)
1167 {
1168 CMS_EncryptedContentInfo *ec;
1169 STACK_OF(CMS_RecipientInfo) *rinfos;
1170 int ok = 0;
1171 BIO *ret;
1172 CMS_EnvelopedData *env = cms->d.envelopedData;
1173
1174 /* Get BIO first to set up key */
1175
1176 ec = env->encryptedContentInfo;
1177 ret = ossl_cms_EncryptedContent_init_bio(ec, ossl_cms_get0_cmsctx(cms), 0);
1178
1179 /* If error end of processing */
1180 if (!ret)
1181 return ret;
1182
1183 /* Now encrypt content key according to each RecipientInfo type */
1184 rinfos = env->recipientInfos;
1185 if (cms_env_encrypt_content_key(cms, rinfos) < 0) {
1186 ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_SETTING_RECIPIENTINFO);
1187 goto err;
1188 }
1189
1190 /* And finally set the version */
1191 cms_env_set_version(env);
1192
1193 ok = 1;
1194
1195 err:
1196 cms_env_clear_ec(ec);
1197 if (ok)
1198 return ret;
1199 BIO_free(ret);
1200 return NULL;
1201 }
1202
ossl_cms_EnvelopedData_init_bio(CMS_ContentInfo * cms)1203 BIO *ossl_cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
1204 {
1205 if (cms->d.envelopedData->encryptedContentInfo->cipher != NULL) {
1206 /* If cipher is set it's encryption */
1207 return cms_EnvelopedData_Encryption_init_bio(cms);
1208 }
1209
1210 /* If cipher is not set it's decryption */
1211 return cms_EnvelopedData_Decryption_init_bio(cms);
1212 }
1213
ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo * cms)1214 BIO *ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms)
1215 {
1216 CMS_EncryptedContentInfo *ec;
1217 STACK_OF(CMS_RecipientInfo) *rinfos;
1218 int ok = 0;
1219 BIO *ret;
1220 CMS_AuthEnvelopedData *aenv = cms->d.authEnvelopedData;
1221
1222 /* Get BIO first to set up key */
1223 ec = aenv->authEncryptedContentInfo;
1224 /* Set tag for decryption */
1225 if (ec->cipher == NULL) {
1226 ec->tag = aenv->mac->data;
1227 ec->taglen = aenv->mac->length;
1228 }
1229 ret = ossl_cms_EncryptedContent_init_bio(ec, ossl_cms_get0_cmsctx(cms), 1);
1230
1231 /* If error or no cipher end of processing */
1232 if (ret == NULL || ec->cipher == NULL)
1233 return ret;
1234
1235 /* Now encrypt content key according to each RecipientInfo type */
1236 rinfos = aenv->recipientInfos;
1237 if (cms_env_encrypt_content_key(cms, rinfos) < 0) {
1238 ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_SETTING_RECIPIENTINFO);
1239 goto err;
1240 }
1241
1242 /* And finally set the version */
1243 aenv->version = 0;
1244
1245 ok = 1;
1246
1247 err:
1248 cms_env_clear_ec(ec);
1249 if (ok)
1250 return ret;
1251 BIO_free(ret);
1252 return NULL;
1253 }
1254
ossl_cms_EnvelopedData_final(CMS_ContentInfo * cms,BIO * chain)1255 int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain)
1256 {
1257 CMS_EnvelopedData *env = NULL;
1258 EVP_CIPHER_CTX *ctx = NULL;
1259 BIO *mbio = BIO_find_type(chain, BIO_TYPE_CIPHER);
1260
1261 env = ossl_cms_get0_enveloped(cms);
1262 if (env == NULL)
1263 return 0;
1264
1265 if (mbio == NULL) {
1266 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_NOT_FOUND);
1267 return 0;
1268 }
1269
1270 BIO_get_cipher_ctx(mbio, &ctx);
1271
1272 /*
1273 * If the selected cipher supports unprotected attributes,
1274 * deal with it using special ctrl function
1275 */
1276 if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
1277 & EVP_CIPH_FLAG_CIPHER_WITH_MAC)
1278 != 0) {
1279 if (env->unprotectedAttrs == NULL)
1280 env->unprotectedAttrs = sk_X509_ATTRIBUTE_new_null();
1281
1282 if (env->unprotectedAttrs == NULL) {
1283 ERR_raise(ERR_LIB_CMS, ERR_R_CRYPTO_LIB);
1284 return 0;
1285 }
1286
1287 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED,
1288 1, env->unprotectedAttrs)
1289 <= 0) {
1290 ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_FAILURE);
1291 return 0;
1292 }
1293 }
1294
1295 cms_env_set_version(cms->d.envelopedData);
1296 return 1;
1297 }
1298
ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo * cms,BIO * cmsbio)1299 int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio)
1300 {
1301 EVP_CIPHER_CTX *ctx;
1302 unsigned char *tag = NULL;
1303 int taglen, ok = 0;
1304
1305 BIO_get_cipher_ctx(cmsbio, &ctx);
1306
1307 /*
1308 * The tag is set only for encryption. There is nothing to do for
1309 * decryption.
1310 */
1311 if (!EVP_CIPHER_CTX_is_encrypting(ctx))
1312 return 1;
1313
1314 taglen = EVP_CIPHER_CTX_get_tag_length(ctx);
1315 if (taglen <= 0
1316 || (tag = OPENSSL_malloc(taglen)) == NULL
1317 || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen,
1318 tag)
1319 <= 0) {
1320 ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_GET_TAG);
1321 goto err;
1322 }
1323
1324 if (!ASN1_OCTET_STRING_set(cms->d.authEnvelopedData->mac, tag, taglen))
1325 goto err;
1326
1327 ok = 1;
1328 err:
1329 OPENSSL_free(tag);
1330 return ok;
1331 }
1332
1333 /*
1334 * Get RecipientInfo type (if any) supported by a key (public or private). To
1335 * retain compatibility with previous behaviour if the ctrl value isn't
1336 * supported we assume key transport.
1337 */
ossl_cms_pkey_get_ri_type(EVP_PKEY * pk)1338 int ossl_cms_pkey_get_ri_type(EVP_PKEY *pk)
1339 {
1340 /* Check types that we know about */
1341 if (EVP_PKEY_is_a(pk, "DH"))
1342 return CMS_RECIPINFO_AGREE;
1343 else if (EVP_PKEY_is_a(pk, "DHX"))
1344 return CMS_RECIPINFO_AGREE;
1345 else if (EVP_PKEY_is_a(pk, "DSA"))
1346 return CMS_RECIPINFO_NONE;
1347 else if (EVP_PKEY_is_a(pk, "EC"))
1348 return CMS_RECIPINFO_AGREE;
1349 else if (EVP_PKEY_is_a(pk, "RSA"))
1350 return CMS_RECIPINFO_TRANS;
1351
1352 /*
1353 * Otherwise this might ben an engine implementation, so see if we can get
1354 * the type from the ameth.
1355 */
1356 if (pk->ameth && pk->ameth->pkey_ctrl) {
1357 int i, r;
1358 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_RI_TYPE, 0, &r);
1359 if (i > 0)
1360 return r;
1361 }
1362 return CMS_RECIPINFO_TRANS;
1363 }
1364
ossl_cms_pkey_is_ri_type_supported(EVP_PKEY * pk,int ri_type)1365 int ossl_cms_pkey_is_ri_type_supported(EVP_PKEY *pk, int ri_type)
1366 {
1367 int supportedRiType;
1368
1369 if (pk->ameth != NULL && pk->ameth->pkey_ctrl != NULL) {
1370 int i, r;
1371
1372 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_IS_RI_TYPE_SUPPORTED,
1373 ri_type, &r);
1374 if (i > 0)
1375 return r;
1376 }
1377
1378 supportedRiType = ossl_cms_pkey_get_ri_type(pk);
1379 if (supportedRiType < 0)
1380 return 0;
1381
1382 return (supportedRiType == ri_type);
1383 }
1384