diff options
Diffstat (limited to 'src/lib/libcrypto/pkcs7/pk7_doit.c')
-rw-r--r-- | src/lib/libcrypto/pkcs7/pk7_doit.c | 408 |
1 files changed, 408 insertions, 0 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c new file mode 100644 index 0000000000..b5689b3fe4 --- /dev/null +++ b/src/lib/libcrypto/pkcs7/pk7_doit.c | |||
@@ -0,0 +1,408 @@ | |||
1 | /* crypto/pkcs7/pk7_doit.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | |||
59 | #include <stdio.h> | ||
60 | #include "cryptlib.h" | ||
61 | #include "rand.h" | ||
62 | #include "objects.h" | ||
63 | #include "x509.h" | ||
64 | |||
65 | BIO *PKCS7_dataInit(p7,bio) | ||
66 | PKCS7 *p7; | ||
67 | BIO *bio; | ||
68 | { | ||
69 | int i,j; | ||
70 | BIO *out=NULL,*btmp; | ||
71 | X509_ALGOR *xa; | ||
72 | EVP_MD *evp_md; | ||
73 | EVP_CIPHER *evp_cipher=NULL; | ||
74 | STACK *md_sk=NULL,*rsk=NULL; | ||
75 | X509_ALGOR *xalg=NULL; | ||
76 | PKCS7_RECIP_INFO *ri=NULL; | ||
77 | EVP_PKEY *pkey; | ||
78 | |||
79 | i=OBJ_obj2nid(p7->type); | ||
80 | p7->state=PKCS7_S_HEADER; | ||
81 | |||
82 | switch (i) | ||
83 | { | ||
84 | case NID_pkcs7_signed: | ||
85 | md_sk=p7->d.sign->md_algs; | ||
86 | break; | ||
87 | case NID_pkcs7_signedAndEnveloped: | ||
88 | rsk=p7->d.signed_and_enveloped->recipientinfo; | ||
89 | md_sk=p7->d.signed_and_enveloped->md_algs; | ||
90 | evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(p7->d.signed_and_enveloped->enc_data->algorithm->algorithm))); | ||
91 | if (evp_cipher == NULL) | ||
92 | { | ||
93 | PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); | ||
94 | goto err; | ||
95 | } | ||
96 | xalg=p7->d.signed_and_enveloped->enc_data->algorithm; | ||
97 | break; | ||
98 | default: | ||
99 | PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); | ||
100 | goto err; | ||
101 | } | ||
102 | |||
103 | if (md_sk != NULL) | ||
104 | { | ||
105 | for (i=0; i<sk_num(md_sk); i++) | ||
106 | { | ||
107 | xa=(X509_ALGOR *)sk_value(md_sk,i); | ||
108 | if ((btmp=BIO_new(BIO_f_md())) == NULL) goto err; | ||
109 | |||
110 | j=OBJ_obj2nid(xa->algorithm); | ||
111 | evp_md=EVP_get_digestbyname(OBJ_nid2sn(j)); | ||
112 | if (evp_md == NULL) | ||
113 | { | ||
114 | PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE); | ||
115 | goto err; | ||
116 | } | ||
117 | |||
118 | BIO_set_md(btmp,evp_md); | ||
119 | if (out == NULL) | ||
120 | out=btmp; | ||
121 | else | ||
122 | BIO_push(out,btmp); | ||
123 | } | ||
124 | } | ||
125 | |||
126 | if (evp_cipher != NULL) | ||
127 | { | ||
128 | unsigned char key[EVP_MAX_KEY_LENGTH]; | ||
129 | unsigned char iv[EVP_MAX_IV_LENGTH]; | ||
130 | int keylen,ivlen; | ||
131 | int jj,max; | ||
132 | unsigned char *tmp; | ||
133 | |||
134 | if ((btmp=BIO_new(BIO_f_cipher())) == NULL) goto err; | ||
135 | keylen=EVP_CIPHER_key_length(evp_cipher); | ||
136 | ivlen=EVP_CIPHER_iv_length(evp_cipher); | ||
137 | |||
138 | if (ivlen > 0) | ||
139 | { | ||
140 | ASN1_OCTET_STRING *os; | ||
141 | |||
142 | RAND_bytes(iv,ivlen); | ||
143 | os=ASN1_OCTET_STRING_new(); | ||
144 | ASN1_OCTET_STRING_set(os,iv,ivlen); | ||
145 | /* ASN1_TYPE_set(xalg->parameter,V_ASN1_OCTET_STRING, | ||
146 | (char *)os); | ||
147 | */ } | ||
148 | RAND_bytes(key,keylen); | ||
149 | |||
150 | /* Lets do the pub key stuff :-) */ | ||
151 | max=0; | ||
152 | for (i=0; i<sk_num(rsk); i++) | ||
153 | { | ||
154 | ri=(PKCS7_RECIP_INFO *)sk_value(rsk,i); | ||
155 | if (ri->cert == NULL) abort(); | ||
156 | pkey=X509_get_pubkey(ri->cert); | ||
157 | jj=EVP_PKEY_size(pkey); | ||
158 | if (max < jj) max=jj; | ||
159 | } | ||
160 | if ((tmp=(unsigned char *)Malloc(max)) == NULL) abort(); | ||
161 | for (i=0; i<sk_num(rsk); i++) | ||
162 | { | ||
163 | ri=(PKCS7_RECIP_INFO *)sk_value(rsk,i); | ||
164 | pkey=X509_get_pubkey(ri->cert); | ||
165 | jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey); | ||
166 | if (jj <= 0) abort(); | ||
167 | ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj); | ||
168 | } | ||
169 | |||
170 | BIO_set_cipher(btmp,evp_cipher,key,iv,1); | ||
171 | |||
172 | if (out == NULL) | ||
173 | out=btmp; | ||
174 | else | ||
175 | BIO_push(out,btmp); | ||
176 | } | ||
177 | |||
178 | if (bio == NULL) /* ??????????? */ | ||
179 | { | ||
180 | if (p7->detached) | ||
181 | bio=BIO_new(BIO_s_null()); | ||
182 | else | ||
183 | { | ||
184 | bio=BIO_new(BIO_s_mem()); | ||
185 | if (PKCS7_type_is_signed(p7) && | ||
186 | PKCS7_type_is_data(p7->d.sign->contents)) | ||
187 | { | ||
188 | ASN1_OCTET_STRING *os; | ||
189 | |||
190 | os=p7->d.sign->contents->d.data; | ||
191 | if (os->length > 0) | ||
192 | BIO_write(bio,(char *)os->data, | ||
193 | os->length); | ||
194 | } | ||
195 | } | ||
196 | } | ||
197 | BIO_push(out,bio); | ||
198 | return(out); | ||
199 | err: | ||
200 | return(NULL); | ||
201 | } | ||
202 | |||
203 | int PKCS7_dataSign(p7,bio) | ||
204 | PKCS7 *p7; | ||
205 | BIO *bio; | ||
206 | { | ||
207 | int ret=0; | ||
208 | int i,j; | ||
209 | BIO *btmp; | ||
210 | BUF_MEM *buf_mem=NULL; | ||
211 | BUF_MEM *buf=NULL; | ||
212 | PKCS7_SIGNER_INFO *si; | ||
213 | EVP_MD_CTX *mdc,ctx_tmp; | ||
214 | STACK *sk,*si_sk=NULL; | ||
215 | unsigned char *p,*pp=NULL; | ||
216 | int x; | ||
217 | ASN1_OCTET_STRING *os=NULL; | ||
218 | |||
219 | i=OBJ_obj2nid(p7->type); | ||
220 | p7->state=PKCS7_S_HEADER; | ||
221 | |||
222 | switch (i) | ||
223 | { | ||
224 | case NID_pkcs7_signedAndEnveloped: | ||
225 | /* XXXXXXXXXXXXXXXX */ | ||
226 | si_sk=p7->d.signed_and_enveloped->signer_info; | ||
227 | os=ASN1_OCTET_STRING_new(); | ||
228 | p7->d.signed_and_enveloped->enc_data->enc_data=os; | ||
229 | break; | ||
230 | case NID_pkcs7_signed: | ||
231 | si_sk=p7->d.sign->signer_info; | ||
232 | os=p7->d.sign->contents->d.data; | ||
233 | break; | ||
234 | } | ||
235 | |||
236 | if (si_sk != NULL) | ||
237 | { | ||
238 | if ((buf=BUF_MEM_new()) == NULL) goto err; | ||
239 | for (i=0; i<sk_num(si_sk); i++) | ||
240 | { | ||
241 | si=(PKCS7_SIGNER_INFO *) | ||
242 | sk_value(si_sk,i); | ||
243 | if (si->pkey == NULL) | ||
244 | continue; | ||
245 | j=OBJ_obj2nid(si->digest_enc_alg->algorithm); | ||
246 | |||
247 | btmp=bio; | ||
248 | for (;;) | ||
249 | { | ||
250 | if ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) | ||
251 | == NULL) | ||
252 | { | ||
253 | PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); | ||
254 | goto err; | ||
255 | } | ||
256 | BIO_get_md_ctx(btmp,&mdc); | ||
257 | if (mdc == NULL) | ||
258 | { | ||
259 | PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_INTERNAL_ERROR); | ||
260 | goto err; | ||
261 | } | ||
262 | if (EVP_MD_pkey_type(EVP_MD_CTX_type(mdc)) == j) | ||
263 | break; | ||
264 | else | ||
265 | btmp=btmp->next_bio; | ||
266 | } | ||
267 | |||
268 | /* We now have the EVP_MD_CTX, lets do the | ||
269 | * signing. */ | ||
270 | memcpy(&ctx_tmp,mdc,sizeof(ctx_tmp)); | ||
271 | if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey))) | ||
272 | goto err; | ||
273 | |||
274 | sk=si->auth_attr; | ||
275 | if ((sk != NULL) && (sk_num(sk) != 0)) | ||
276 | { | ||
277 | x=i2d_ASN1_SET(sk,NULL,i2d_X509_ATTRIBUTE, | ||
278 | V_ASN1_SET,V_ASN1_UNIVERSAL); | ||
279 | pp=(unsigned char *)Malloc(i); | ||
280 | p=pp; | ||
281 | i2d_ASN1_SET(sk,&p,i2d_X509_ATTRIBUTE, | ||
282 | V_ASN1_SET,V_ASN1_UNIVERSAL); | ||
283 | EVP_SignUpdate(&ctx_tmp,pp,x); | ||
284 | Free(pp); | ||
285 | } | ||
286 | |||
287 | if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data, | ||
288 | (unsigned int *)&buf->length,si->pkey)) | ||
289 | goto err; | ||
290 | if (!ASN1_STRING_set(si->enc_digest, | ||
291 | (unsigned char *)buf->data,buf->length)) | ||
292 | goto err; | ||
293 | } | ||
294 | if (p7->detached) | ||
295 | ASN1_OCTET_STRING_set(os,(unsigned char *)"",0); | ||
296 | else | ||
297 | { | ||
298 | btmp=BIO_find_type(bio,BIO_TYPE_MEM); | ||
299 | if (btmp == NULL) | ||
300 | { | ||
301 | PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); | ||
302 | goto err; | ||
303 | } | ||
304 | BIO_get_mem_ptr(btmp,&buf_mem); | ||
305 | ASN1_OCTET_STRING_set(os, | ||
306 | (unsigned char *)buf_mem->data,buf_mem->length); | ||
307 | } | ||
308 | if (pp != NULL) Free(pp); | ||
309 | pp=NULL; | ||
310 | } | ||
311 | |||
312 | ret=1; | ||
313 | err: | ||
314 | if (buf != NULL) BUF_MEM_free(buf); | ||
315 | return(ret); | ||
316 | } | ||
317 | |||
318 | int PKCS7_dataVerify(cert_store,ctx,bio,p7,si) | ||
319 | X509_STORE *cert_store; | ||
320 | X509_STORE_CTX *ctx; | ||
321 | BIO *bio; | ||
322 | PKCS7 *p7; | ||
323 | PKCS7_SIGNER_INFO *si; | ||
324 | { | ||
325 | PKCS7_SIGNED *s; | ||
326 | ASN1_OCTET_STRING *os; | ||
327 | EVP_MD_CTX mdc_tmp,*mdc; | ||
328 | unsigned char *pp,*p; | ||
329 | PKCS7_ISSUER_AND_SERIAL *ias; | ||
330 | int ret=0,md_type,i; | ||
331 | STACK *sk; | ||
332 | BIO *btmp; | ||
333 | X509 *x509; | ||
334 | |||
335 | if (!PKCS7_type_is_signed(p7)) abort(); | ||
336 | /* XXXXXXXXXXXXXXXXXXXXXXX */ | ||
337 | ias=si->issuer_and_serial; | ||
338 | s=p7->d.sign; | ||
339 | |||
340 | x509=X509_find_by_issuer_and_serial(s->cert,ias->issuer,ias->serial); | ||
341 | |||
342 | /* were we able to find the cert in passed to us */ | ||
343 | if (x509 == NULL) | ||
344 | { | ||
345 | PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE); | ||
346 | goto err; | ||
347 | } | ||
348 | |||
349 | /* Lets verify */ | ||
350 | X509_STORE_CTX_init(ctx,cert_store,x509,s->cert); | ||
351 | i=X509_verify_cert(ctx); | ||
352 | if (i <= 0) goto err; | ||
353 | X509_STORE_CTX_cleanup(ctx); | ||
354 | |||
355 | /* So we like 'x509', lets check the signature. */ | ||
356 | md_type=OBJ_obj2nid(si->digest_alg->algorithm); | ||
357 | |||
358 | btmp=bio; | ||
359 | for (;;) | ||
360 | { | ||
361 | if ((btmp == NULL) || | ||
362 | ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL)) | ||
363 | { | ||
364 | PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); | ||
365 | goto err; | ||
366 | } | ||
367 | BIO_get_md_ctx(btmp,&mdc); | ||
368 | if (mdc == NULL) | ||
369 | { | ||
370 | PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_INTERNAL_ERROR); | ||
371 | goto err; | ||
372 | } | ||
373 | if (EVP_MD_type(EVP_MD_CTX_type(mdc)) == md_type) | ||
374 | break; | ||
375 | btmp=btmp->next_bio; | ||
376 | } | ||
377 | |||
378 | /* mdc is the digest ctx that we want */ | ||
379 | memcpy(&mdc_tmp,mdc,sizeof(mdc_tmp)); | ||
380 | |||
381 | sk=si->auth_attr; | ||
382 | if ((sk != NULL) && (sk_num(sk) != 0)) | ||
383 | { | ||
384 | i=i2d_ASN1_SET(sk,NULL,i2d_X509_ATTRIBUTE, | ||
385 | V_ASN1_SET,V_ASN1_UNIVERSAL); | ||
386 | pp=(unsigned char *)malloc(i); | ||
387 | p=pp; | ||
388 | i2d_ASN1_SET(sk,&p,i2d_X509_ATTRIBUTE, | ||
389 | V_ASN1_SET,V_ASN1_UNIVERSAL); | ||
390 | EVP_VerifyUpdate(&mdc_tmp,pp,i); | ||
391 | free(pp); | ||
392 | } | ||
393 | |||
394 | os=si->enc_digest; | ||
395 | i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, | ||
396 | X509_get_pubkey(x509)); | ||
397 | if (i <= 0) | ||
398 | { | ||
399 | PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_SIGNATURE_FAILURE); | ||
400 | ret= -1; | ||
401 | goto err; | ||
402 | } | ||
403 | else | ||
404 | ret=1; | ||
405 | err: | ||
406 | return(ret); | ||
407 | } | ||
408 | |||