1 /* 2 * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include "internal/cryptlib.h" 11 #include <openssl/asn1t.h> 12 #include <openssl/pem.h> 13 #include <openssl/x509v3.h> 14 #include <openssl/err.h> 15 #include <openssl/cms.h> 16 #include <openssl/evp.h> 17 #include "internal/sizes.h" 18 #include "crypto/asn1.h" 19 #include "crypto/evp.h" 20 #include "crypto/x509.h" 21 #include "cms_local.h" 22 23 /* CMS EnvelopedData Utilities */ 24 static void cms_env_set_version(CMS_EnvelopedData *env); 25 26 #define CMS_ENVELOPED_STANDARD 1 27 #define CMS_ENVELOPED_AUTH 2 28 29 static int cms_get_enveloped_type_simple(const CMS_ContentInfo *cms) 30 { 31 int nid = OBJ_obj2nid(cms->contentType); 32 33 switch (nid) { 34 case NID_pkcs7_enveloped: 35 return CMS_ENVELOPED_STANDARD; 36 37 case NID_id_smime_ct_authEnvelopedData: 38 return CMS_ENVELOPED_AUTH; 39 40 default: 41 return 0; 42 } 43 } 44 45 static int cms_get_enveloped_type(const CMS_ContentInfo *cms) 46 { 47 int ret = cms_get_enveloped_type_simple(cms); 48 49 if (ret == 0) 50 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); 51 return ret; 52 } 53 54 CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms) 55 { 56 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) { 57 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); 58 return NULL; 59 } 60 return cms->d.envelopedData; 61 } 62 63 CMS_AuthEnvelopedData *ossl_cms_get0_auth_enveloped(CMS_ContentInfo *cms) 64 { 65 if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_authEnvelopedData) { 66 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); 67 return NULL; 68 } 69 return cms->d.authEnvelopedData; 70 } 71 72 static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms) 73 { 74 if (cms->d.other == NULL) { 75 cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData); 76 if (cms->d.envelopedData == NULL) { 77 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB); 78 return NULL; 79 } 80 cms->d.envelopedData->version = 0; 81 cms->d.envelopedData->encryptedContentInfo->contentType = OBJ_nid2obj(NID_pkcs7_data); 82 ASN1_OBJECT_free(cms->contentType); 83 cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped); 84 return cms->d.envelopedData; 85 } 86 return ossl_cms_get0_enveloped(cms); 87 } 88 89 static CMS_AuthEnvelopedData * 90 cms_auth_enveloped_data_init(CMS_ContentInfo *cms) 91 { 92 if (cms->d.other == NULL) { 93 cms->d.authEnvelopedData = M_ASN1_new_of(CMS_AuthEnvelopedData); 94 if (cms->d.authEnvelopedData == NULL) { 95 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB); 96 return NULL; 97 } 98 /* Defined in RFC 5083 - Section 2.1. "AuthEnvelopedData Type" */ 99 cms->d.authEnvelopedData->version = 0; 100 cms->d.authEnvelopedData->authEncryptedContentInfo->contentType = OBJ_nid2obj(NID_pkcs7_data); 101 ASN1_OBJECT_free(cms->contentType); 102 cms->contentType = OBJ_nid2obj(NID_id_smime_ct_authEnvelopedData); 103 return cms->d.authEnvelopedData; 104 } 105 return ossl_cms_get0_auth_enveloped(cms); 106 } 107 108 int ossl_cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd) 109 { 110 EVP_PKEY *pkey; 111 int i; 112 if (ri->type == CMS_RECIPINFO_TRANS) 113 pkey = ri->d.ktri->pkey; 114 else if (ri->type == CMS_RECIPINFO_AGREE) { 115 EVP_PKEY_CTX *pctx = ri->d.kari->pctx; 116 117 if (pctx == NULL) 118 return 0; 119 pkey = EVP_PKEY_CTX_get0_pkey(pctx); 120 if (pkey == NULL) 121 return 0; 122 } else 123 return 0; 124 125 if (EVP_PKEY_is_a(pkey, "DHX") || EVP_PKEY_is_a(pkey, "DH")) 126 return ossl_cms_dh_envelope(ri, cmd); 127 else if (EVP_PKEY_is_a(pkey, "EC")) 128 return ossl_cms_ecdh_envelope(ri, cmd); 129 else if (EVP_PKEY_is_a(pkey, "RSA")) 130 return ossl_cms_rsa_envelope(ri, cmd); 131 132 /* Something else? We'll give engines etc a chance to handle this */ 133 if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL) 134 return 1; 135 i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri); 136 if (i == -2) { 137 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 138 return 0; 139 } 140 if (i <= 0) { 141 ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_FAILURE); 142 return 0; 143 } 144 return 1; 145 } 146 147 CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms) 148 { 149 switch (cms_get_enveloped_type(cms)) { 150 case CMS_ENVELOPED_STANDARD: 151 return cms->d.envelopedData == NULL ? NULL 152 : cms->d.envelopedData->encryptedContentInfo; 153 154 case CMS_ENVELOPED_AUTH: 155 return cms->d.authEnvelopedData == NULL ? NULL 156 : cms->d.authEnvelopedData->authEncryptedContentInfo; 157 158 default: 159 return NULL; 160 } 161 } 162 163 STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms) 164 { 165 switch (cms_get_enveloped_type(cms)) { 166 case CMS_ENVELOPED_STANDARD: 167 return cms->d.envelopedData->recipientInfos; 168 169 case CMS_ENVELOPED_AUTH: 170 return cms->d.authEnvelopedData->recipientInfos; 171 172 default: 173 return NULL; 174 } 175 } 176 177 void ossl_cms_RecipientInfos_set_cmsctx(CMS_ContentInfo *cms) 178 { 179 int i; 180 CMS_RecipientInfo *ri; 181 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); 182 STACK_OF(CMS_RecipientInfo) *rinfos = CMS_get0_RecipientInfos(cms); 183 184 for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) { 185 ri = sk_CMS_RecipientInfo_value(rinfos, i); 186 if (ri != NULL) { 187 switch (ri->type) { 188 case CMS_RECIPINFO_AGREE: 189 ri->d.kari->cms_ctx = ctx; 190 break; 191 case CMS_RECIPINFO_TRANS: 192 ri->d.ktri->cms_ctx = ctx; 193 ossl_x509_set0_libctx(ri->d.ktri->recip, 194 ossl_cms_ctx_get0_libctx(ctx), 195 ossl_cms_ctx_get0_propq(ctx)); 196 break; 197 case CMS_RECIPINFO_KEK: 198 ri->d.kekri->cms_ctx = ctx; 199 break; 200 case CMS_RECIPINFO_PASS: 201 ri->d.pwri->cms_ctx = ctx; 202 break; 203 default: 204 break; 205 } 206 } 207 } 208 } 209 210 int CMS_RecipientInfo_type(CMS_RecipientInfo *ri) 211 { 212 return ri->type; 213 } 214 215 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri) 216 { 217 if (ri->type == CMS_RECIPINFO_TRANS) 218 return ri->d.ktri->pctx; 219 else if (ri->type == CMS_RECIPINFO_AGREE) 220 return ri->d.kari->pctx; 221 return NULL; 222 } 223 224 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher, 225 OSSL_LIB_CTX *libctx, 226 const char *propq) 227 { 228 CMS_ContentInfo *cms; 229 CMS_EnvelopedData *env; 230 231 cms = CMS_ContentInfo_new_ex(libctx, propq); 232 if (cms == NULL) 233 goto err; 234 env = cms_enveloped_data_init(cms); 235 if (env == NULL) 236 goto err; 237 238 if (!ossl_cms_EncryptedContent_init(env->encryptedContentInfo, cipher, NULL, 239 0, ossl_cms_get0_cmsctx(cms))) 240 goto err; 241 return cms; 242 err: 243 CMS_ContentInfo_free(cms); 244 ERR_raise(ERR_LIB_CMS, ERR_R_CMS_LIB); 245 return NULL; 246 } 247 248 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher) 249 { 250 return CMS_EnvelopedData_create_ex(cipher, NULL, NULL); 251 } 252 253 BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data, 254 EVP_PKEY *pkey, X509 *cert, 255 ASN1_OCTET_STRING *secret, unsigned int flags, 256 OSSL_LIB_CTX *libctx, const char *propq) 257 { 258 CMS_ContentInfo *ci; 259 BIO *bio = NULL; 260 int res = 0; 261 262 if (env == NULL) { 263 ERR_raise(ERR_LIB_CMS, ERR_R_PASSED_NULL_PARAMETER); 264 return NULL; 265 } 266 267 if ((ci = CMS_ContentInfo_new_ex(libctx, propq)) == NULL 268 || (bio = BIO_new(BIO_s_mem())) == NULL) 269 goto end; 270 ci->contentType = OBJ_nid2obj(NID_pkcs7_enveloped); 271 ci->d.envelopedData = env; 272 if (secret != NULL 273 && CMS_decrypt_set1_password(ci, (unsigned char *)ASN1_STRING_get0_data(secret), 274 ASN1_STRING_length(secret)) 275 != 1) 276 goto end; 277 res = CMS_decrypt(ci, secret == NULL ? pkey : NULL, 278 secret == NULL ? cert : NULL, detached_data, bio, flags); 279 280 end: 281 if (ci != NULL) { 282 ci->d.envelopedData = NULL; /* do not indirectly free |env| */ 283 ci->contentType = NULL; 284 } 285 CMS_ContentInfo_free(ci); 286 if (!res) { 287 BIO_free(bio); 288 bio = NULL; 289 } 290 return bio; 291 } 292 293 CMS_ContentInfo * 294 CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx, 295 const char *propq) 296 { 297 CMS_ContentInfo *cms; 298 CMS_AuthEnvelopedData *aenv; 299 300 cms = CMS_ContentInfo_new_ex(libctx, propq); 301 if (cms == NULL) 302 goto merr; 303 aenv = cms_auth_enveloped_data_init(cms); 304 if (aenv == NULL) 305 goto merr; 306 if (!ossl_cms_EncryptedContent_init(aenv->authEncryptedContentInfo, 307 cipher, NULL, 0, 308 ossl_cms_get0_cmsctx(cms))) 309 goto merr; 310 return cms; 311 merr: 312 CMS_ContentInfo_free(cms); 313 ERR_raise(ERR_LIB_CMS, ERR_R_CMS_LIB); 314 return NULL; 315 } 316 317 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher) 318 { 319 return CMS_AuthEnvelopedData_create_ex(cipher, NULL, NULL); 320 } 321 322 /* Key Transport Recipient Info (KTRI) routines */ 323 324 /* Initialise a ktri based on passed certificate and key */ 325 326 static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip, 327 EVP_PKEY *pk, unsigned int flags, 328 const CMS_CTX *ctx) 329 { 330 CMS_KeyTransRecipientInfo *ktri; 331 int idtype; 332 333 ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo); 334 if (!ri->d.ktri) 335 return 0; 336 ri->type = CMS_RECIPINFO_TRANS; 337 338 ktri = ri->d.ktri; 339 ktri->cms_ctx = ctx; 340 341 if (flags & CMS_USE_KEYID) { 342 ktri->version = 2; 343 idtype = CMS_RECIPINFO_KEYIDENTIFIER; 344 } else { 345 ktri->version = 0; 346 idtype = CMS_RECIPINFO_ISSUER_SERIAL; 347 } 348 349 /* 350 * Not a typo: RecipientIdentifier and SignerIdentifier are the same 351 * structure. 352 */ 353 354 if (!ossl_cms_set1_SignerIdentifier(ktri->rid, recip, idtype, ctx)) 355 return 0; 356 357 if (!X509_up_ref(recip)) 358 return 0; 359 if (!EVP_PKEY_up_ref(pk)) { 360 X509_free(recip); 361 return 0; 362 } 363 364 ktri->pkey = pk; 365 ktri->recip = recip; 366 367 if (flags & CMS_KEY_PARAM) { 368 ktri->pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), 369 ktri->pkey, 370 ossl_cms_ctx_get0_propq(ctx)); 371 if (ktri->pctx == NULL) 372 return 0; 373 if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0) 374 return 0; 375 } else if (!ossl_cms_env_asn1_ctrl(ri, 0)) 376 return 0; 377 return 1; 378 } 379 380 /* 381 * Add a recipient certificate using appropriate type of RecipientInfo 382 */ 383 384 CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip, 385 EVP_PKEY *originatorPrivKey, 386 X509 *originator, unsigned int flags) 387 { 388 CMS_RecipientInfo *ri = NULL; 389 STACK_OF(CMS_RecipientInfo) *ris; 390 EVP_PKEY *pk = NULL; 391 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); 392 393 ris = CMS_get0_RecipientInfos(cms); 394 if (ris == NULL) 395 goto err; 396 397 /* Initialize recipient info */ 398 ri = M_ASN1_new_of(CMS_RecipientInfo); 399 if (ri == NULL) { 400 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB); 401 goto err; 402 } 403 404 pk = X509_get0_pubkey(recip); 405 if (pk == NULL) { 406 ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_GETTING_PUBLIC_KEY); 407 goto err; 408 } 409 410 switch (ossl_cms_pkey_get_ri_type(pk)) { 411 412 case CMS_RECIPINFO_TRANS: 413 if (!cms_RecipientInfo_ktri_init(ri, recip, pk, flags, ctx)) 414 goto err; 415 break; 416 417 case CMS_RECIPINFO_AGREE: 418 if (!ossl_cms_RecipientInfo_kari_init(ri, recip, pk, originator, 419 originatorPrivKey, flags, ctx)) 420 goto err; 421 break; 422 423 default: 424 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 425 goto err; 426 } 427 428 if (!sk_CMS_RecipientInfo_push(ris, ri)) { 429 ERR_raise(ERR_LIB_CMS, ERR_R_CRYPTO_LIB); 430 goto err; 431 } 432 433 return ri; 434 435 err: 436 M_ASN1_free_of(ri, CMS_RecipientInfo); 437 return NULL; 438 } 439 440 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, 441 unsigned int flags) 442 { 443 return CMS_add1_recipient(cms, recip, NULL, NULL, flags); 444 } 445 446 int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, 447 EVP_PKEY **pk, X509 **recip, 448 X509_ALGOR **palg) 449 { 450 CMS_KeyTransRecipientInfo *ktri; 451 if (ri->type != CMS_RECIPINFO_TRANS) { 452 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT); 453 return 0; 454 } 455 456 ktri = ri->d.ktri; 457 458 if (pk) 459 *pk = ktri->pkey; 460 if (recip) 461 *recip = ktri->recip; 462 if (palg) 463 *palg = ktri->keyEncryptionAlgorithm; 464 return 1; 465 } 466 467 int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, 468 ASN1_OCTET_STRING **keyid, 469 X509_NAME **issuer, 470 ASN1_INTEGER **sno) 471 { 472 CMS_KeyTransRecipientInfo *ktri; 473 if (ri->type != CMS_RECIPINFO_TRANS) { 474 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT); 475 return 0; 476 } 477 ktri = ri->d.ktri; 478 479 return ossl_cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer, 480 sno); 481 } 482 483 int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert) 484 { 485 if (ri->type != CMS_RECIPINFO_TRANS) { 486 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT); 487 return -2; 488 } 489 return ossl_cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert); 490 } 491 492 int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey) 493 { 494 if (ri->type != CMS_RECIPINFO_TRANS) { 495 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT); 496 return 0; 497 } 498 EVP_PKEY_free(ri->d.ktri->pkey); 499 ri->d.ktri->pkey = pkey; 500 return 1; 501 } 502 503 /* Encrypt content key in key transport recipient info */ 504 505 static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms, 506 CMS_RecipientInfo *ri) 507 { 508 CMS_KeyTransRecipientInfo *ktri; 509 CMS_EncryptedContentInfo *ec; 510 EVP_PKEY_CTX *pctx; 511 unsigned char *ek = NULL; 512 size_t eklen; 513 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); 514 515 int ret = 0; 516 517 if (ri->type != CMS_RECIPINFO_TRANS) { 518 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT); 519 return 0; 520 } 521 ktri = ri->d.ktri; 522 ec = ossl_cms_get0_env_enc_content(cms); 523 524 pctx = ktri->pctx; 525 526 if (pctx) { 527 if (!ossl_cms_env_asn1_ctrl(ri, 0)) 528 goto err; 529 } else { 530 pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), 531 ktri->pkey, 532 ossl_cms_ctx_get0_propq(ctx)); 533 if (pctx == NULL) 534 return 0; 535 536 if (EVP_PKEY_encrypt_init(pctx) <= 0) 537 goto err; 538 } 539 540 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0) 541 goto err; 542 543 ek = OPENSSL_malloc(eklen); 544 if (ek == NULL) 545 goto err; 546 547 if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0) 548 goto err; 549 550 ASN1_STRING_set0(ktri->encryptedKey, ek, eklen); 551 ek = NULL; 552 553 ret = 1; 554 555 err: 556 EVP_PKEY_CTX_free(pctx); 557 ktri->pctx = NULL; 558 OPENSSL_free(ek); 559 return ret; 560 } 561 562 /* Decrypt content key from KTRI */ 563 564 static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, 565 CMS_RecipientInfo *ri) 566 { 567 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; 568 EVP_PKEY *pkey = ktri->pkey; 569 unsigned char *ek = NULL; 570 size_t eklen; 571 int ret = 0; 572 size_t fixlen = 0; 573 const EVP_CIPHER *cipher = NULL; 574 EVP_CIPHER *fetched_cipher = NULL; 575 CMS_EncryptedContentInfo *ec; 576 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); 577 OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(ctx); 578 const char *propq = ossl_cms_ctx_get0_propq(ctx); 579 580 ec = ossl_cms_get0_env_enc_content(cms); 581 582 if (ktri->pkey == NULL) { 583 ERR_raise(ERR_LIB_CMS, CMS_R_NO_PRIVATE_KEY); 584 return 0; 585 } 586 587 if (cms->d.envelopedData->encryptedContentInfo->havenocert 588 && !cms->d.envelopedData->encryptedContentInfo->debug) { 589 X509_ALGOR *calg = ec->contentEncryptionAlgorithm; 590 char name[OSSL_MAX_NAME_SIZE]; 591 592 OBJ_obj2txt(name, sizeof(name), calg->algorithm, 0); 593 594 (void)ERR_set_mark(); 595 fetched_cipher = EVP_CIPHER_fetch(libctx, name, propq); 596 597 if (fetched_cipher != NULL) 598 cipher = fetched_cipher; 599 else 600 cipher = EVP_get_cipherbyobj(calg->algorithm); 601 if (cipher == NULL) { 602 (void)ERR_clear_last_mark(); 603 ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_CIPHER); 604 return 0; 605 } 606 (void)ERR_pop_to_mark(); 607 608 fixlen = EVP_CIPHER_get_key_length(cipher); 609 EVP_CIPHER_free(fetched_cipher); 610 } 611 612 ktri->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq); 613 if (ktri->pctx == NULL) 614 goto err; 615 616 if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0) 617 goto err; 618 619 if (!ossl_cms_env_asn1_ctrl(ri, 1)) 620 goto err; 621 622 if (EVP_PKEY_is_a(pkey, "RSA")) 623 /* upper layer CMS code incorrectly assumes that a successful RSA 624 * decryption means that the key matches ciphertext (which never 625 * was the case, implicit rejection or not), so to make it work 626 * disable implicit rejection for RSA keys */ 627 EVP_PKEY_CTX_ctrl_str(ktri->pctx, "rsa_pkcs1_implicit_rejection", "0"); 628 629 if (evp_pkey_decrypt_alloc(ktri->pctx, &ek, &eklen, fixlen, 630 ktri->encryptedKey->data, 631 ktri->encryptedKey->length) 632 <= 0) 633 goto err; 634 635 ret = 1; 636 637 OPENSSL_clear_free(ec->key, ec->keylen); 638 ec->key = ek; 639 ec->keylen = eklen; 640 641 err: 642 EVP_PKEY_CTX_free(ktri->pctx); 643 ktri->pctx = NULL; 644 if (!ret) 645 OPENSSL_free(ek); 646 647 return ret; 648 } 649 650 /* Key Encrypted Key (KEK) RecipientInfo routines */ 651 652 int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, 653 const unsigned char *id, size_t idlen) 654 { 655 ASN1_OCTET_STRING tmp_os; 656 CMS_KEKRecipientInfo *kekri; 657 if (ri->type != CMS_RECIPINFO_KEK) { 658 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK); 659 return -2; 660 } 661 kekri = ri->d.kekri; 662 tmp_os.type = V_ASN1_OCTET_STRING; 663 tmp_os.flags = 0; 664 tmp_os.data = (unsigned char *)id; 665 tmp_os.length = (int)idlen; 666 return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier); 667 } 668 669 /* For now hard code AES key wrap info */ 670 671 static size_t aes_wrap_keylen(int nid) 672 { 673 switch (nid) { 674 case NID_id_aes128_wrap: 675 return 16; 676 677 case NID_id_aes192_wrap: 678 return 24; 679 680 case NID_id_aes256_wrap: 681 return 32; 682 683 default: 684 return 0; 685 } 686 } 687 688 CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, 689 unsigned char *key, size_t keylen, 690 unsigned char *id, size_t idlen, 691 ASN1_GENERALIZEDTIME *date, 692 ASN1_OBJECT *otherTypeId, 693 ASN1_TYPE *otherType) 694 { 695 CMS_RecipientInfo *ri = NULL; 696 CMS_KEKRecipientInfo *kekri; 697 STACK_OF(CMS_RecipientInfo) *ris = CMS_get0_RecipientInfos(cms); 698 699 if (ris == NULL) 700 goto err; 701 702 if (nid == NID_undef) { 703 switch (keylen) { 704 case 16: 705 nid = NID_id_aes128_wrap; 706 break; 707 708 case 24: 709 nid = NID_id_aes192_wrap; 710 break; 711 712 case 32: 713 nid = NID_id_aes256_wrap; 714 break; 715 716 default: 717 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH); 718 goto err; 719 } 720 721 } else { 722 723 size_t exp_keylen = aes_wrap_keylen(nid); 724 725 if (!exp_keylen) { 726 ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_KEK_ALGORITHM); 727 goto err; 728 } 729 730 if (keylen != exp_keylen) { 731 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH); 732 goto err; 733 } 734 } 735 736 /* Initialize recipient info */ 737 ri = M_ASN1_new_of(CMS_RecipientInfo); 738 if (!ri) { 739 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB); 740 goto err; 741 } 742 743 ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo); 744 if (!ri->d.kekri) { 745 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB); 746 goto err; 747 } 748 ri->type = CMS_RECIPINFO_KEK; 749 750 kekri = ri->d.kekri; 751 752 if (otherTypeId) { 753 kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute); 754 if (kekri->kekid->other == NULL) { 755 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB); 756 goto err; 757 } 758 } 759 760 if (!sk_CMS_RecipientInfo_push(ris, ri)) { 761 ERR_raise(ERR_LIB_CMS, ERR_R_CRYPTO_LIB); 762 goto err; 763 } 764 765 /* After this point no calls can fail */ 766 767 kekri->version = 4; 768 769 kekri->key = key; 770 kekri->keylen = keylen; 771 772 ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen); 773 774 kekri->kekid->date = date; 775 776 if (kekri->kekid->other) { 777 kekri->kekid->other->keyAttrId = otherTypeId; 778 kekri->kekid->other->keyAttr = otherType; 779 } 780 781 (void)X509_ALGOR_set0(kekri->keyEncryptionAlgorithm, OBJ_nid2obj(nid), 782 V_ASN1_UNDEF, NULL); /* cannot fail */ 783 784 return ri; 785 786 err: 787 M_ASN1_free_of(ri, CMS_RecipientInfo); 788 return NULL; 789 } 790 791 int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, 792 X509_ALGOR **palg, 793 ASN1_OCTET_STRING **pid, 794 ASN1_GENERALIZEDTIME **pdate, 795 ASN1_OBJECT **potherid, 796 ASN1_TYPE **pothertype) 797 { 798 CMS_KEKIdentifier *rkid; 799 if (ri->type != CMS_RECIPINFO_KEK) { 800 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK); 801 return 0; 802 } 803 rkid = ri->d.kekri->kekid; 804 if (palg) 805 *palg = ri->d.kekri->keyEncryptionAlgorithm; 806 if (pid) 807 *pid = rkid->keyIdentifier; 808 if (pdate) 809 *pdate = rkid->date; 810 if (potherid) { 811 if (rkid->other) 812 *potherid = rkid->other->keyAttrId; 813 else 814 *potherid = NULL; 815 } 816 if (pothertype) { 817 if (rkid->other) 818 *pothertype = rkid->other->keyAttr; 819 else 820 *pothertype = NULL; 821 } 822 return 1; 823 } 824 825 int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, 826 unsigned char *key, size_t keylen) 827 { 828 CMS_KEKRecipientInfo *kekri; 829 if (ri->type != CMS_RECIPINFO_KEK) { 830 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK); 831 return 0; 832 } 833 834 kekri = ri->d.kekri; 835 kekri->key = key; 836 kekri->keylen = keylen; 837 return 1; 838 } 839 840 static EVP_CIPHER *cms_get_key_wrap_cipher(size_t keylen, const CMS_CTX *ctx) 841 { 842 const char *alg = NULL; 843 844 switch (keylen) { 845 case 16: 846 alg = "AES-128-WRAP"; 847 break; 848 case 24: 849 alg = "AES-192-WRAP"; 850 break; 851 case 32: 852 alg = "AES-256-WRAP"; 853 break; 854 default: 855 return NULL; 856 } 857 return EVP_CIPHER_fetch(ossl_cms_ctx_get0_libctx(ctx), alg, 858 ossl_cms_ctx_get0_propq(ctx)); 859 } 860 861 /* Encrypt content key in KEK recipient info */ 862 863 static int cms_RecipientInfo_kekri_encrypt(const CMS_ContentInfo *cms, 864 CMS_RecipientInfo *ri) 865 { 866 CMS_EncryptedContentInfo *ec; 867 CMS_KEKRecipientInfo *kekri; 868 unsigned char *wkey = NULL; 869 int wkeylen; 870 int r = 0; 871 EVP_CIPHER *cipher = NULL; 872 int outlen = 0; 873 EVP_CIPHER_CTX *ctx = NULL; 874 const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms); 875 876 ec = ossl_cms_get0_env_enc_content(cms); 877 if (ec == NULL) 878 return 0; 879 880 kekri = ri->d.kekri; 881 882 if (kekri->key == NULL) { 883 ERR_raise(ERR_LIB_CMS, CMS_R_NO_KEY); 884 return 0; 885 } 886 887 cipher = cms_get_key_wrap_cipher(kekri->keylen, cms_ctx); 888 if (cipher == NULL) { 889 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH); 890 goto err; 891 } 892 893 /* 8 byte prefix for AES wrap ciphers */ 894 wkey = OPENSSL_malloc(ec->keylen + 8); 895 if (wkey == NULL) 896 goto err; 897 898 ctx = EVP_CIPHER_CTX_new(); 899 if (ctx == NULL) { 900 ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB); 901 goto err; 902 } 903 904 EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); 905 if (!EVP_EncryptInit_ex(ctx, cipher, NULL, kekri->key, NULL) 906 || !EVP_EncryptUpdate(ctx, wkey, &wkeylen, ec->key, ec->keylen) 907 || !EVP_EncryptFinal_ex(ctx, wkey + wkeylen, &outlen)) { 908 ERR_raise(ERR_LIB_CMS, CMS_R_WRAP_ERROR); 909 goto err; 910 } 911 wkeylen += outlen; 912 if (!ossl_assert((size_t)wkeylen == ec->keylen + 8)) { 913 ERR_raise(ERR_LIB_CMS, CMS_R_WRAP_ERROR); 914 goto err; 915 } 916 917 ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen); 918 919 r = 1; 920 921 err: 922 EVP_CIPHER_free(cipher); 923 if (!r) 924 OPENSSL_free(wkey); 925 EVP_CIPHER_CTX_free(ctx); 926 927 return r; 928 } 929 930 /* Decrypt content key in KEK recipient info */ 931 932 static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, 933 CMS_RecipientInfo *ri) 934 { 935 CMS_EncryptedContentInfo *ec; 936 CMS_KEKRecipientInfo *kekri; 937 unsigned char *ukey = NULL; 938 int ukeylen; 939 int r = 0, wrap_nid; 940 EVP_CIPHER *cipher = NULL; 941 int outlen = 0; 942 EVP_CIPHER_CTX *ctx = NULL; 943 const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms); 944 945 ec = ossl_cms_get0_env_enc_content(cms); 946 if (ec == NULL) 947 return 0; 948 949 kekri = ri->d.kekri; 950 951 if (!kekri->key) { 952 ERR_raise(ERR_LIB_CMS, CMS_R_NO_KEY); 953 return 0; 954 } 955 956 wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm); 957 if (aes_wrap_keylen(wrap_nid) != kekri->keylen) { 958 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH); 959 return 0; 960 } 961 962 /* If encrypted key length is invalid don't bother */ 963 964 if (kekri->encryptedKey->length < 16) { 965 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH); 966 goto err; 967 } 968 969 cipher = cms_get_key_wrap_cipher(kekri->keylen, cms_ctx); 970 if (cipher == NULL) { 971 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH); 972 goto err; 973 } 974 975 ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8); 976 if (ukey == NULL) 977 goto err; 978 979 ctx = EVP_CIPHER_CTX_new(); 980 if (ctx == NULL) { 981 ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB); 982 goto err; 983 } 984 985 if (!EVP_DecryptInit_ex(ctx, cipher, NULL, kekri->key, NULL) 986 || !EVP_DecryptUpdate(ctx, ukey, &ukeylen, 987 kekri->encryptedKey->data, 988 kekri->encryptedKey->length) 989 || !EVP_DecryptFinal_ex(ctx, ukey + ukeylen, &outlen)) { 990 ERR_raise(ERR_LIB_CMS, CMS_R_UNWRAP_ERROR); 991 goto err; 992 } 993 ukeylen += outlen; 994 995 OPENSSL_clear_free(ec->key, ec->keylen); 996 ec->key = ukey; 997 ec->keylen = ukeylen; 998 999 r = 1; 1000 1001 err: 1002 EVP_CIPHER_free(cipher); 1003 if (!r) 1004 OPENSSL_free(ukey); 1005 EVP_CIPHER_CTX_free(ctx); 1006 1007 return r; 1008 } 1009 1010 int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) 1011 { 1012 switch (ri->type) { 1013 case CMS_RECIPINFO_TRANS: 1014 return cms_RecipientInfo_ktri_decrypt(cms, ri); 1015 1016 case CMS_RECIPINFO_KEK: 1017 return cms_RecipientInfo_kekri_decrypt(cms, ri); 1018 1019 case CMS_RECIPINFO_PASS: 1020 return ossl_cms_RecipientInfo_pwri_crypt(cms, ri, 0); 1021 1022 default: 1023 ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE); 1024 return 0; 1025 } 1026 } 1027 1028 int CMS_RecipientInfo_encrypt(const CMS_ContentInfo *cms, CMS_RecipientInfo *ri) 1029 { 1030 switch (ri->type) { 1031 case CMS_RECIPINFO_TRANS: 1032 return cms_RecipientInfo_ktri_encrypt(cms, ri); 1033 1034 case CMS_RECIPINFO_AGREE: 1035 return ossl_cms_RecipientInfo_kari_encrypt(cms, ri); 1036 1037 case CMS_RECIPINFO_KEK: 1038 return cms_RecipientInfo_kekri_encrypt(cms, ri); 1039 1040 case CMS_RECIPINFO_PASS: 1041 return ossl_cms_RecipientInfo_pwri_crypt(cms, ri, 1); 1042 1043 default: 1044 ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_RECIPIENT_TYPE); 1045 return 0; 1046 } 1047 } 1048 1049 /* Check structures and fixup version numbers (if necessary) */ 1050 1051 static void cms_env_set_originfo_version(CMS_EnvelopedData *env) 1052 { 1053 CMS_OriginatorInfo *org = env->originatorInfo; 1054 int i; 1055 if (org == NULL) 1056 return; 1057 for (i = 0; i < sk_CMS_CertificateChoices_num(org->certificates); i++) { 1058 CMS_CertificateChoices *cch; 1059 cch = sk_CMS_CertificateChoices_value(org->certificates, i); 1060 if (cch->type == CMS_CERTCHOICE_OTHER) { 1061 env->version = 4; 1062 return; 1063 } else if (cch->type == CMS_CERTCHOICE_V2ACERT) { 1064 if (env->version < 3) 1065 env->version = 3; 1066 } 1067 } 1068 1069 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(org->crls); i++) { 1070 CMS_RevocationInfoChoice *rch; 1071 rch = sk_CMS_RevocationInfoChoice_value(org->crls, i); 1072 if (rch->type == CMS_REVCHOICE_OTHER) { 1073 env->version = 4; 1074 return; 1075 } 1076 } 1077 } 1078 1079 static void cms_env_set_version(CMS_EnvelopedData *env) 1080 { 1081 int i; 1082 CMS_RecipientInfo *ri; 1083 1084 /* 1085 * Can't set version higher than 4 so if 4 or more already nothing to do. 1086 */ 1087 if (env->version >= 4) 1088 return; 1089 1090 cms_env_set_originfo_version(env); 1091 1092 if (env->version >= 3) 1093 return; 1094 1095 for (i = 0; i < sk_CMS_RecipientInfo_num(env->recipientInfos); i++) { 1096 ri = sk_CMS_RecipientInfo_value(env->recipientInfos, i); 1097 if (ri->type == CMS_RECIPINFO_PASS || ri->type == CMS_RECIPINFO_OTHER) { 1098 env->version = 3; 1099 return; 1100 } else if (ri->type != CMS_RECIPINFO_TRANS 1101 || ri->d.ktri->version != 0) { 1102 env->version = 2; 1103 } 1104 } 1105 if (env->originatorInfo || env->unprotectedAttrs) 1106 env->version = 2; 1107 if (env->version == 2) 1108 return; 1109 env->version = 0; 1110 } 1111 1112 static int cms_env_encrypt_content_key(const CMS_ContentInfo *cms, 1113 STACK_OF(CMS_RecipientInfo) *ris) 1114 { 1115 int i; 1116 CMS_RecipientInfo *ri; 1117 1118 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) { 1119 ri = sk_CMS_RecipientInfo_value(ris, i); 1120 if (CMS_RecipientInfo_encrypt(cms, ri) <= 0) 1121 return -1; 1122 } 1123 return 1; 1124 } 1125 1126 static void cms_env_clear_ec(CMS_EncryptedContentInfo *ec) 1127 { 1128 ec->cipher = NULL; 1129 OPENSSL_clear_free(ec->key, ec->keylen); 1130 ec->key = NULL; 1131 ec->keylen = 0; 1132 } 1133 1134 static BIO *cms_EnvelopedData_Decryption_init_bio(CMS_ContentInfo *cms) 1135 { 1136 CMS_EncryptedContentInfo *ec = cms->d.envelopedData->encryptedContentInfo; 1137 BIO *contentBio = ossl_cms_EncryptedContent_init_bio(ec, 1138 ossl_cms_get0_cmsctx(cms), 1139 0); 1140 EVP_CIPHER_CTX *ctx = NULL; 1141 1142 if (contentBio == NULL) 1143 return NULL; 1144 1145 BIO_get_cipher_ctx(contentBio, &ctx); 1146 if (ctx == NULL) { 1147 BIO_free(contentBio); 1148 return NULL; 1149 } 1150 /* 1151 * If the selected cipher supports unprotected attributes, 1152 * deal with it using special ctrl function 1153 */ 1154 if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) 1155 & EVP_CIPH_FLAG_CIPHER_WITH_MAC) 1156 != 0 1157 && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED, 0, 1158 cms->d.envelopedData->unprotectedAttrs) 1159 <= 0) { 1160 BIO_free(contentBio); 1161 return NULL; 1162 } 1163 return contentBio; 1164 } 1165 1166 static BIO *cms_EnvelopedData_Encryption_init_bio(CMS_ContentInfo *cms) 1167 { 1168 CMS_EncryptedContentInfo *ec; 1169 STACK_OF(CMS_RecipientInfo) *rinfos; 1170 int ok = 0; 1171 BIO *ret; 1172 CMS_EnvelopedData *env = cms->d.envelopedData; 1173 1174 /* Get BIO first to set up key */ 1175 1176 ec = env->encryptedContentInfo; 1177 ret = ossl_cms_EncryptedContent_init_bio(ec, ossl_cms_get0_cmsctx(cms), 0); 1178 1179 /* If error end of processing */ 1180 if (!ret) 1181 return ret; 1182 1183 /* Now encrypt content key according to each RecipientInfo type */ 1184 rinfos = env->recipientInfos; 1185 if (cms_env_encrypt_content_key(cms, rinfos) < 0) { 1186 ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_SETTING_RECIPIENTINFO); 1187 goto err; 1188 } 1189 1190 /* And finally set the version */ 1191 cms_env_set_version(env); 1192 1193 ok = 1; 1194 1195 err: 1196 cms_env_clear_ec(ec); 1197 if (ok) 1198 return ret; 1199 BIO_free(ret); 1200 return NULL; 1201 } 1202 1203 BIO *ossl_cms_EnvelopedData_init_bio(CMS_ContentInfo *cms) 1204 { 1205 if (cms->d.envelopedData->encryptedContentInfo->cipher != NULL) { 1206 /* If cipher is set it's encryption */ 1207 return cms_EnvelopedData_Encryption_init_bio(cms); 1208 } 1209 1210 /* If cipher is not set it's decryption */ 1211 return cms_EnvelopedData_Decryption_init_bio(cms); 1212 } 1213 1214 BIO *ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms) 1215 { 1216 CMS_EncryptedContentInfo *ec; 1217 STACK_OF(CMS_RecipientInfo) *rinfos; 1218 int ok = 0; 1219 BIO *ret; 1220 CMS_AuthEnvelopedData *aenv = cms->d.authEnvelopedData; 1221 1222 /* Get BIO first to set up key */ 1223 ec = aenv->authEncryptedContentInfo; 1224 /* Set tag for decryption */ 1225 if (ec->cipher == NULL) { 1226 ec->tag = aenv->mac->data; 1227 ec->taglen = aenv->mac->length; 1228 } 1229 ret = ossl_cms_EncryptedContent_init_bio(ec, ossl_cms_get0_cmsctx(cms), 1); 1230 1231 /* If error or no cipher end of processing */ 1232 if (ret == NULL || ec->cipher == NULL) 1233 return ret; 1234 1235 /* Now encrypt content key according to each RecipientInfo type */ 1236 rinfos = aenv->recipientInfos; 1237 if (cms_env_encrypt_content_key(cms, rinfos) < 0) { 1238 ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_SETTING_RECIPIENTINFO); 1239 goto err; 1240 } 1241 1242 /* And finally set the version */ 1243 aenv->version = 0; 1244 1245 ok = 1; 1246 1247 err: 1248 cms_env_clear_ec(ec); 1249 if (ok) 1250 return ret; 1251 BIO_free(ret); 1252 return NULL; 1253 } 1254 1255 int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain) 1256 { 1257 CMS_EnvelopedData *env = NULL; 1258 EVP_CIPHER_CTX *ctx = NULL; 1259 BIO *mbio = BIO_find_type(chain, BIO_TYPE_CIPHER); 1260 1261 env = ossl_cms_get0_enveloped(cms); 1262 if (env == NULL) 1263 return 0; 1264 1265 if (mbio == NULL) { 1266 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_NOT_FOUND); 1267 return 0; 1268 } 1269 1270 BIO_get_cipher_ctx(mbio, &ctx); 1271 1272 /* 1273 * If the selected cipher supports unprotected attributes, 1274 * deal with it using special ctrl function 1275 */ 1276 if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) 1277 & EVP_CIPH_FLAG_CIPHER_WITH_MAC) 1278 != 0) { 1279 if (env->unprotectedAttrs == NULL) 1280 env->unprotectedAttrs = sk_X509_ATTRIBUTE_new_null(); 1281 1282 if (env->unprotectedAttrs == NULL) { 1283 ERR_raise(ERR_LIB_CMS, ERR_R_CRYPTO_LIB); 1284 return 0; 1285 } 1286 1287 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED, 1288 1, env->unprotectedAttrs) 1289 <= 0) { 1290 ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_FAILURE); 1291 return 0; 1292 } 1293 } 1294 1295 cms_env_set_version(cms->d.envelopedData); 1296 return 1; 1297 } 1298 1299 int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio) 1300 { 1301 EVP_CIPHER_CTX *ctx; 1302 unsigned char *tag = NULL; 1303 int taglen, ok = 0; 1304 1305 BIO_get_cipher_ctx(cmsbio, &ctx); 1306 1307 /* 1308 * The tag is set only for encryption. There is nothing to do for 1309 * decryption. 1310 */ 1311 if (!EVP_CIPHER_CTX_is_encrypting(ctx)) 1312 return 1; 1313 1314 taglen = EVP_CIPHER_CTX_get_tag_length(ctx); 1315 if (taglen <= 0 1316 || (tag = OPENSSL_malloc(taglen)) == NULL 1317 || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, 1318 tag) 1319 <= 0) { 1320 ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_GET_TAG); 1321 goto err; 1322 } 1323 1324 if (!ASN1_OCTET_STRING_set(cms->d.authEnvelopedData->mac, tag, taglen)) 1325 goto err; 1326 1327 ok = 1; 1328 err: 1329 OPENSSL_free(tag); 1330 return ok; 1331 } 1332 1333 /* 1334 * Get RecipientInfo type (if any) supported by a key (public or private). To 1335 * retain compatibility with previous behaviour if the ctrl value isn't 1336 * supported we assume key transport. 1337 */ 1338 int ossl_cms_pkey_get_ri_type(EVP_PKEY *pk) 1339 { 1340 /* Check types that we know about */ 1341 if (EVP_PKEY_is_a(pk, "DH")) 1342 return CMS_RECIPINFO_AGREE; 1343 else if (EVP_PKEY_is_a(pk, "DHX")) 1344 return CMS_RECIPINFO_AGREE; 1345 else if (EVP_PKEY_is_a(pk, "DSA")) 1346 return CMS_RECIPINFO_NONE; 1347 else if (EVP_PKEY_is_a(pk, "EC")) 1348 return CMS_RECIPINFO_AGREE; 1349 else if (EVP_PKEY_is_a(pk, "RSA")) 1350 return CMS_RECIPINFO_TRANS; 1351 1352 /* 1353 * Otherwise this might ben an engine implementation, so see if we can get 1354 * the type from the ameth. 1355 */ 1356 if (pk->ameth && pk->ameth->pkey_ctrl) { 1357 int i, r; 1358 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_RI_TYPE, 0, &r); 1359 if (i > 0) 1360 return r; 1361 } 1362 return CMS_RECIPINFO_TRANS; 1363 } 1364 1365 int ossl_cms_pkey_is_ri_type_supported(EVP_PKEY *pk, int ri_type) 1366 { 1367 int supportedRiType; 1368 1369 if (pk->ameth != NULL && pk->ameth->pkey_ctrl != NULL) { 1370 int i, r; 1371 1372 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_IS_RI_TYPE_SUPPORTED, 1373 ri_type, &r); 1374 if (i > 0) 1375 return r; 1376 } 1377 1378 supportedRiType = ossl_cms_pkey_get_ri_type(pk); 1379 if (supportedRiType < 0) 1380 return 0; 1381 1382 return (supportedRiType == ri_type); 1383 } 1384