added API for random number generators, served through credential factory
[strongswan.git] / src / libstrongswan / crypto / pkcs7.c
1 /*
2 * Copyright (C) 2005 Jan Hutter, Martin Willi
3 * Copyright (C) 2002-2008 Andreas Steffen
4 *
5 * Hochschule fuer Technik Rapperswil, Switzerland
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 *
17 * $Id: pkcs7.c 3488 2008-02-21 15:10:02Z martin $
18 */
19
20 #include <stdlib.h>
21 #include <string.h>
22
23 #include <library.h>
24 #include "debug.h"
25
26 #include <asn1/asn1.h>
27 #include <asn1/oid.h>
28 #include <crypto/x509.h>
29 #include <crypto/pkcs9.h>
30 #include <crypto/hashers/hasher.h>
31 #include <crypto/crypters/crypter.h>
32 #include <crypto/rsa/rsa_public_key.h>
33 #include <utils/linked_list.h>
34
35 #include "pkcs7.h"
36
37 typedef struct private_pkcs7_t private_pkcs7_t;
38
39 /**
40 * Private data of a pkcs7_t object.
41 */
42 struct private_pkcs7_t {
43 /**
44 * Public interface for this certificate.
45 */
46 pkcs7_t public;
47
48 /**
49 * contentInfo type
50 */
51 int type;
52
53 /**
54 * ASN.1 encoded content
55 */
56 chunk_t content;
57
58 /**
59 * Has the content already been parsed?
60 */
61 bool parsed;
62
63 /**
64 * ASN.1 parsing start level
65 */
66 u_int level;
67
68 /**
69 * retrieved data
70 */
71 chunk_t data;
72
73 /**
74 * ASN.1 encoded attributes
75 */
76 pkcs9_t *attributes;
77
78 /**
79 * Linked list of X.509 certificates
80 */
81 linked_list_t *certs;
82 };
83
84 /**
85 * ASN.1 definition of the PKCS#7 ContentInfo type
86 */
87 static const asn1Object_t contentInfoObjects[] = {
88 { 0, "contentInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
89 { 1, "contentType", ASN1_OID, ASN1_BODY }, /* 1 */
90 { 1, "content", ASN1_CONTEXT_C_0, ASN1_OPT |
91 ASN1_BODY }, /* 2 */
92 { 1, "end opt", ASN1_EOC, ASN1_END } /* 3 */
93 };
94
95 #define PKCS7_INFO_TYPE 1
96 #define PKCS7_INFO_CONTENT 2
97 #define PKCS7_INFO_ROOF 4
98
99 /**
100 * ASN.1 definition of the PKCS#7 signedData type
101 */
102 static const asn1Object_t signedDataObjects[] = {
103 { 0, "signedData", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
104 { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
105 { 1, "digestAlgorithms", ASN1_SET, ASN1_LOOP }, /* 2 */
106 { 2, "algorithm", ASN1_EOC, ASN1_RAW }, /* 3 */
107 { 1, "end loop", ASN1_EOC, ASN1_END }, /* 4 */
108 { 1, "contentInfo", ASN1_EOC, ASN1_RAW }, /* 5 */
109 { 1, "certificates", ASN1_CONTEXT_C_0, ASN1_OPT |
110 ASN1_LOOP }, /* 6 */
111 { 2, "certificate", ASN1_SEQUENCE, ASN1_OBJ }, /* 7 */
112 { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 8 */
113 { 1, "crls", ASN1_CONTEXT_C_1, ASN1_OPT |
114 ASN1_LOOP }, /* 9 */
115 { 2, "crl", ASN1_SEQUENCE, ASN1_OBJ }, /* 10 */
116 { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 11 */
117 { 1, "signerInfos", ASN1_SET, ASN1_LOOP }, /* 12 */
118 { 2, "signerInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 13 */
119 { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 14 */
120 { 3, "issuerAndSerialNumber", ASN1_SEQUENCE, ASN1_BODY }, /* 15 */
121 { 4, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 16 */
122 { 4, "serial", ASN1_INTEGER, ASN1_BODY }, /* 17 */
123 { 3, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 18 */
124 { 3, "authenticatedAttributes", ASN1_CONTEXT_C_0, ASN1_OPT |
125 ASN1_OBJ }, /* 19 */
126 { 3, "end opt", ASN1_EOC, ASN1_END }, /* 20 */
127 { 3, "digestEncryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 21 */
128 { 3, "encryptedDigest", ASN1_OCTET_STRING, ASN1_BODY }, /* 22 */
129 { 3, "unauthenticatedAttributes", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 23 */
130 { 3, "end opt", ASN1_EOC, ASN1_END }, /* 24 */
131 { 1, "end loop", ASN1_EOC, ASN1_END } /* 25 */
132 };
133
134 #define PKCS7_DIGEST_ALG 3
135 #define PKCS7_SIGNED_CONTENT_INFO 5
136 #define PKCS7_SIGNED_CERT 7
137 #define PKCS7_SIGNER_INFO 13
138 #define PKCS7_SIGNED_ISSUER 16
139 #define PKCS7_SIGNED_SERIAL_NUMBER 17
140 #define PKCS7_DIGEST_ALGORITHM 18
141 #define PKCS7_AUTH_ATTRIBUTES 19
142 #define PKCS7_DIGEST_ENC_ALGORITHM 21
143 #define PKCS7_ENCRYPTED_DIGEST 22
144 #define PKCS7_SIGNED_ROOF 26
145
146 /**
147 * ASN.1 definition of the PKCS#7 envelopedData type
148 */
149 static const asn1Object_t envelopedDataObjects[] = {
150 { 0, "envelopedData", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
151 { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
152 { 1, "recipientInfos", ASN1_SET, ASN1_LOOP }, /* 2 */
153 { 2, "recipientInfo", ASN1_SEQUENCE, ASN1_BODY }, /* 3 */
154 { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 4 */
155 { 3, "issuerAndSerialNumber", ASN1_SEQUENCE, ASN1_BODY }, /* 5 */
156 { 4, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 6 */
157 { 4, "serial", ASN1_INTEGER, ASN1_BODY }, /* 7 */
158 { 3, "encryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 8 */
159 { 3, "encryptedKey", ASN1_OCTET_STRING, ASN1_BODY }, /* 9 */
160 { 1, "end loop", ASN1_EOC, ASN1_END }, /* 10 */
161 { 1, "encryptedContentInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 11 */
162 { 2, "contentType", ASN1_OID, ASN1_BODY }, /* 12 */
163 { 2, "contentEncryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 13 */
164 { 2, "encryptedContent", ASN1_CONTEXT_S_0, ASN1_BODY } /* 14 */
165 };
166
167 #define PKCS7_ENVELOPED_VERSION 1
168 #define PKCS7_RECIPIENT_INFO_VERSION 4
169 #define PKCS7_ISSUER 6
170 #define PKCS7_SERIAL_NUMBER 7
171 #define PKCS7_ENCRYPTION_ALG 8
172 #define PKCS7_ENCRYPTED_KEY 9
173 #define PKCS7_CONTENT_TYPE 12
174 #define PKCS7_CONTENT_ENC_ALGORITHM 13
175 #define PKCS7_ENCRYPTED_CONTENT 14
176 #define PKCS7_ENVELOPED_ROOF 15
177
178 /**
179 * PKCS7 contentInfo OIDs
180 */
181 static u_char ASN1_pkcs7_data_oid_str[] = {
182 0x06, 0x09,
183 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01
184 };
185
186 static u_char ASN1_pkcs7_signed_data_oid_str[] = {
187 0x06, 0x09,
188 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02
189 };
190
191 static u_char ASN1_pkcs7_enveloped_data_oid_str[] = {
192 0x06, 0x09,
193 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x03
194 };
195
196 static u_char ASN1_pkcs7_signed_enveloped_data_oid_str[] = {
197 0x06, 0x09,
198 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x04
199 };
200
201 static u_char ASN1_pkcs7_digested_data_oid_str[] = {
202 0x06, 0x09,
203 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x05
204 };
205
206 static char ASN1_pkcs7_encrypted_data_oid_str[] = {
207 0x06, 0x09,
208 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x06
209 };
210
211 static const chunk_t ASN1_pkcs7_data_oid =
212 chunk_from_buf(ASN1_pkcs7_data_oid_str);
213 static const chunk_t ASN1_pkcs7_signed_data_oid =
214 chunk_from_buf(ASN1_pkcs7_signed_data_oid_str);
215 static const chunk_t ASN1_pkcs7_enveloped_data_oid =
216 chunk_from_buf(ASN1_pkcs7_enveloped_data_oid_str);
217 static const chunk_t ASN1_pkcs7_signed_enveloped_data_oid =
218 chunk_from_buf(ASN1_pkcs7_signed_enveloped_data_oid_str);
219 static const chunk_t ASN1_pkcs7_digested_data_oid =
220 chunk_from_buf(ASN1_pkcs7_digested_data_oid_str);
221 static const chunk_t ASN1_pkcs7_encrypted_data_oid =
222 chunk_from_buf(ASN1_pkcs7_encrypted_data_oid_str);
223
224 /**
225 * 3DES and DES encryption OIDs
226 */
227 static u_char ASN1_3des_ede_cbc_oid_str[] = {
228 0x06, 0x08,
229 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03, 0x07
230 };
231
232 static u_char ASN1_des_cbc_oid_str[] = {
233 0x06, 0x05,
234 0x2B, 0x0E, 0x03, 0x02, 0x07
235 };
236
237 static const chunk_t ASN1_3des_ede_cbc_oid =
238 chunk_from_buf(ASN1_3des_ede_cbc_oid_str);
239 static const chunk_t ASN1_des_cbc_oid =
240 chunk_from_buf(ASN1_des_cbc_oid_str);
241
242 /**
243 * Implements pkcs7_t.is_data.
244 */
245 static bool is_data(private_pkcs7_t *this)
246 {
247 return this->type == OID_PKCS7_DATA;
248 }
249
250 /**
251 * Implements pkcs7_t.is_signedData.
252 */
253 static bool is_signedData(private_pkcs7_t *this)
254 {
255 return this->type == OID_PKCS7_SIGNED_DATA;
256 }
257
258 /**
259 * Implements pkcs7_t.is_envelopedData.
260 */
261 static bool is_envelopedData(private_pkcs7_t *this)
262 {
263 return this->type == OID_PKCS7_ENVELOPED_DATA;
264 }
265
266 /**
267 * Check whether to abort the requested parsing
268 */
269 static bool abort_parsing(private_pkcs7_t *this, int type)
270 {
271 if (this->type != type)
272 {
273 DBG1("pkcs7 content to be parsed is not of type '%s'",
274 oid_names[type]);
275 return TRUE;
276 }
277 if (this->parsed)
278 {
279 DBG1("pkcs7 content has already been parsed");
280 return TRUE;
281 }
282 this->parsed = TRUE;
283 return FALSE;
284 }
285
286 /**
287 * Implements pkcs7_t.parse_data.
288 */
289 static bool parse_data(private_pkcs7_t *this)
290 {
291 chunk_t data = this->content;
292
293 if (abort_parsing(this, OID_PKCS7_DATA))
294 {
295 return FALSE;
296 }
297 if (data.len == 0)
298 {
299 this->data = chunk_empty;
300 return TRUE;
301 }
302 if (parse_asn1_simple_object(&data, ASN1_OCTET_STRING, this->level, "data"))
303 {
304 this->data = chunk_clone(data);
305 return TRUE;
306 }
307 else
308 {
309 return FALSE;
310 }
311 }
312
313 /**
314 * Implements pkcs7_t.parse_signedData.
315 */
316 static bool parse_signedData(private_pkcs7_t *this, x509_t *cacert)
317 {
318 asn1_ctx_t ctx;
319 chunk_t object;
320 u_int level;
321 int objectID = 0;
322
323 int digest_alg = OID_UNKNOWN;
324 int enc_alg = OID_UNKNOWN;
325 int signerInfos = 0;
326
327 chunk_t encrypted_digest = chunk_empty;
328
329 if (abort_parsing(this, OID_PKCS7_SIGNED_DATA))
330 {
331 return FALSE;
332 }
333
334 asn1_init(&ctx, this->content, this->level, FALSE, FALSE);
335
336 while (objectID < PKCS7_SIGNED_ROOF)
337 {
338 if (!extract_object(signedDataObjects, &objectID, &object, &level, &ctx))
339 {
340 return FALSE;
341 }
342
343 switch (objectID)
344 {
345 case PKCS7_DIGEST_ALG:
346 digest_alg = parse_algorithmIdentifier(object, level, NULL);
347 break;
348 case PKCS7_SIGNED_CONTENT_INFO:
349 {
350 chunk_t pureData;
351 pkcs7_t *data = pkcs7_create_from_chunk(object, level+1);
352
353 if (data == NULL)
354 {
355 return FALSE;
356 }
357 if (!data->parse_data(data))
358 {
359 data->destroy(data);
360 return FALSE;
361 }
362 pureData = data->get_data(data);
363 this->data = (pureData.len)? chunk_clone(pureData) : chunk_empty;
364 data->destroy(data);
365 }
366 break;
367 case PKCS7_SIGNED_CERT:
368 {
369 x509_t *cert = x509_create_from_chunk(chunk_clone(object), level+1);
370
371 if (cert)
372 {
373 this->certs->insert_last(this->certs, (void*)cert);
374 }
375 }
376 break;
377 case PKCS7_SIGNER_INFO:
378 signerInfos++;
379 DBG2(" signer #%d", signerInfos);
380 break;
381 case PKCS7_SIGNED_ISSUER:
382 {
383 identification_t *issuer;
384
385 issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
386 DBG2(" '%D'", issuer);
387 issuer->destroy(issuer);
388 }
389 break;
390 case PKCS7_AUTH_ATTRIBUTES:
391 *object.ptr = ASN1_SET;
392 this->attributes = pkcs9_create_from_chunk(object, level+1);
393 *object.ptr = ASN1_CONTEXT_C_0;
394 break;
395 case PKCS7_DIGEST_ALGORITHM:
396 digest_alg = parse_algorithmIdentifier(object, level, NULL);
397 break;
398 case PKCS7_DIGEST_ENC_ALGORITHM:
399 enc_alg = parse_algorithmIdentifier(object, level, NULL);
400 break;
401 case PKCS7_ENCRYPTED_DIGEST:
402 encrypted_digest = object;
403 }
404 objectID++;
405 }
406
407 /* check the signature only if a cacert is available */
408 if (cacert != NULL)
409 {
410 hash_algorithm_t algorithm = hasher_algorithm_from_oid(digest_alg);
411 rsa_public_key_t *signer = cacert->get_public_key(cacert);
412
413 if (signerInfos == 0)
414 {
415 DBG1("no signerInfo object found");
416 return FALSE;
417 }
418 else if (signerInfos > 1)
419 {
420 DBG1("more than one signerInfo object found");
421 return FALSE;
422 }
423 if (this->attributes == NULL)
424 {
425 DBG1("no authenticatedAttributes object found");
426 return FALSE;
427 }
428 if (enc_alg != OID_RSA_ENCRYPTION)
429 {
430 DBG1("only RSA digest encryption supported");
431 return FALSE;
432 }
433 if (signer->verify_emsa_pkcs1_signature(signer, algorithm,
434 this->attributes->get_encoding(this->attributes), encrypted_digest) != SUCCESS)
435 {
436 DBG1("invalid digest signature");
437 return FALSE;
438 }
439 else
440 {
441 DBG2("digest signature is valid");
442 }
443 if (this->data.ptr != NULL)
444 {
445 chunk_t messageDigest = this->attributes->get_messageDigest(this->attributes);
446
447 if (messageDigest.ptr == NULL)
448 {
449 DBG1("messageDigest attribute not found");
450 return FALSE;
451 }
452 else
453 {
454 hasher_t *hasher;
455 chunk_t hash;
456 bool valid;
457
458 hasher = lib->crypto->create_hasher(lib->crypto, algorithm)
459 if (hasher == NULL)
460 {
461 DBG1("hash algorithm %N not supported",
462 hash_algorithm_names, algorithm);
463 free(messageDigest.ptr);
464 return FALSE;
465 }
466 hasher->allocate_hash(hasher, this->data, &hash);
467 hasher->destroy(hasher);
468 DBG3("hash: %B", &hash);
469
470 valid = chunk_equals(messageDigest, hash);
471 free(messageDigest.ptr);
472 free(hash.ptr);
473 if (valid)
474 {
475 DBG2("messageDigest is valid");
476 }
477 else
478 {
479 DBG1("invalid messageDigest");
480 return FALSE;
481 }
482 }
483 }
484 }
485 return TRUE;
486 }
487
488 /**
489 * Parse PKCS#7 envelopedData content
490 */
491 static bool parse_envelopedData(private_pkcs7_t *this, chunk_t serialNumber,
492 rsa_private_key_t *key)
493 {
494 asn1_ctx_t ctx;
495 chunk_t object;
496 u_int level;
497 int objectID = 0;
498
499 chunk_t iv = chunk_empty;
500 chunk_t symmetric_key = chunk_empty;
501 chunk_t encrypted_content = chunk_empty;
502
503 crypter_t *crypter = NULL;
504
505 if (abort_parsing(this, OID_PKCS7_ENVELOPED_DATA))
506 {
507 return FALSE;
508 }
509
510 asn1_init(&ctx, this->content, this->level, FALSE, FALSE);
511
512 while (objectID < PKCS7_ENVELOPED_ROOF)
513 {
514 if (!extract_object(envelopedDataObjects, &objectID, &object, &level, &ctx))
515 {
516 goto failed;
517 }
518
519 switch (objectID)
520 {
521 case PKCS7_ENVELOPED_VERSION:
522 if (*object.ptr != 0)
523 {
524 DBG1("envelopedData version is not 0");
525 goto failed;
526 }
527 break;
528 case PKCS7_RECIPIENT_INFO_VERSION:
529 if (*object.ptr != 0)
530 {
531 DBG1("recipient info version is not 0");
532 goto failed;
533 }
534 break;
535 case PKCS7_ISSUER:
536 {
537 identification_t *issuer;
538
539 issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
540 DBG2(" '%D'", issuer);
541 issuer->destroy(issuer);
542 }
543 break;
544 case PKCS7_SERIAL_NUMBER:
545 if (!chunk_equals(serialNumber, object))
546 {
547 DBG1("serial numbers do not match");
548 goto failed;
549 }
550 break;
551 case PKCS7_ENCRYPTION_ALG:
552 {
553 int alg = parse_algorithmIdentifier(object, level, NULL);
554
555 if (alg != OID_RSA_ENCRYPTION)
556 {
557 DBG1("only rsa encryption supported");
558 goto failed;
559 }
560 }
561 break;
562 case PKCS7_ENCRYPTED_KEY:
563 if (key->pkcs1_decrypt(key, object, &symmetric_key) != SUCCESS)
564 {
565 DBG1("symmetric key could not be decrypted with rsa");
566 goto failed;
567 }
568 DBG4("symmetric key : %B", &symmetric_key);
569 break;
570 case PKCS7_CONTENT_TYPE:
571 if (known_oid(object) != OID_PKCS7_DATA)
572 {
573 DBG1("encrypted content not of type pkcs7 data");
574 goto failed;
575 }
576 break;
577 case PKCS7_CONTENT_ENC_ALGORITHM:
578 {
579 int alg = parse_algorithmIdentifier(object, level, &iv);
580
581 switch (alg)
582 {
583 case OID_DES_CBC:
584 crypter = crypter_create(ENCR_DES, 0);
585 break;
586 case OID_3DES_EDE_CBC:
587 crypter = crypter_create(ENCR_3DES, 0);
588 break;
589 default:
590 DBG1("Only DES and 3DES supported for symmetric encryption");
591 goto failed;
592 }
593 if (symmetric_key.len != crypter->get_key_size(crypter))
594 {
595 DBG1("symmetric key has wrong length");
596 goto failed;
597 }
598 if (!parse_asn1_simple_object(&iv, ASN1_OCTET_STRING, level+1, "IV"))
599 {
600 DBG1("IV could not be parsed");
601 goto failed;
602 }
603 if (iv.len != crypter->get_block_size(crypter))
604 {
605 DBG1("IV has wrong length");
606 goto failed;
607 }
608 }
609 break;
610 case PKCS7_ENCRYPTED_CONTENT:
611 encrypted_content = object;
612 break;
613 }
614 objectID++;
615 }
616
617 /* decrypt the content */
618 crypter->set_key(crypter, symmetric_key);
619 crypter->decrypt(crypter, encrypted_content, iv, &this->data);
620 DBG3("decrypted content with padding: %B", &this->data);
621
622 /* remove the padding */
623 {
624 u_char *pos = this->data.ptr + this->data.len - 1;
625 u_char pattern = *pos;
626 size_t padding = pattern;
627
628 if (padding > this->data.len)
629 {
630 DBG1("padding greater than data length");
631 goto failed;
632 }
633 this->data.len -= padding;
634
635 while (padding-- > 0)
636 {
637 if (*pos-- != pattern)
638 {
639 DBG1("wrong padding pattern");
640 goto failed;
641 }
642 }
643 }
644 crypter->destroy(crypter);
645 free(symmetric_key.ptr);
646 return TRUE;
647
648 failed:
649 DESTROY_IF(crypter);
650 free(symmetric_key.ptr);
651 chunk_free(&this->data);
652 return FALSE;
653 }
654
655 /**
656 * Implements pkcs7_t.get_data.
657 */
658 static chunk_t get_data(private_pkcs7_t *this)
659 {
660 return this->data;
661 }
662
663 /**
664 * Implements pkcs7_t.get_contentInfo.
665 */
666 static chunk_t get_contentInfo(private_pkcs7_t *this)
667 {
668 chunk_t content_type;
669
670 /* select DER-encoded OID for pkcs7_contentInfo type */
671 switch(this->type)
672 {
673 case OID_PKCS7_DATA:
674 content_type = ASN1_pkcs7_data_oid;
675 break;
676 case OID_PKCS7_SIGNED_DATA:
677 content_type = ASN1_pkcs7_signed_data_oid;
678 break;
679 case OID_PKCS7_ENVELOPED_DATA:
680 content_type = ASN1_pkcs7_enveloped_data_oid;
681 break;
682 case OID_PKCS7_SIGNED_ENVELOPED_DATA:
683 content_type = ASN1_pkcs7_signed_enveloped_data_oid;
684 break;
685 case OID_PKCS7_DIGESTED_DATA:
686 content_type = ASN1_pkcs7_digested_data_oid;
687 break;
688 case OID_PKCS7_ENCRYPTED_DATA:
689 content_type = ASN1_pkcs7_encrypted_data_oid;
690 break;
691 case OID_UNKNOWN:
692 default:
693 DBG1("invalid pkcs7 contentInfo type");
694 return chunk_empty;
695 }
696
697 return (this->content.ptr == NULL)
698 ? asn1_simple_object(ASN1_SEQUENCE, content_type)
699 : asn1_wrap(ASN1_SEQUENCE, "cm",
700 content_type,
701 asn1_simple_object(ASN1_CONTEXT_C_0, this->content)
702 );
703 }
704
705 /**
706 * Implements pkcs7_t.create_certificate_iterator
707 */
708 static iterator_t *create_certificate_iterator(const private_pkcs7_t *this)
709 {
710 return this->certs->create_iterator(this->certs, TRUE);
711 }
712
713 /**
714 * Implements pkcs7_t.set_certificate
715 */
716 static void set_certificate(private_pkcs7_t *this, x509_t *cert)
717 {
718 if (cert)
719 {
720 /* TODO the certificate is currently not cloned */
721 this->certs->insert_last(this->certs, cert);
722 }
723 }
724
725 /**
726 * Implements pkcs7_t.set_attributes
727 */
728 static void set_attributes(private_pkcs7_t *this, pkcs9_t *attributes)
729 {
730 this->attributes = attributes;
731 }
732
733 /**
734 * build a DER-encoded issuerAndSerialNumber object
735 */
736 chunk_t pkcs7_build_issuerAndSerialNumber(x509_t *cert)
737 {
738 identification_t *issuer = cert->get_issuer(cert);
739
740 return asn1_wrap(ASN1_SEQUENCE, "cm",
741 issuer->get_encoding(issuer),
742 asn1_simple_object(ASN1_INTEGER, cert->get_serialNumber(cert)));
743 }
744
745 /**
746 * Implements pkcs7_t.build_envelopedData.
747 */
748 bool build_envelopedData(private_pkcs7_t *this, x509_t *cert,
749 encryption_algorithm_t alg)
750 {
751 chunk_t iv, symmetricKey, in, out, alg_oid;
752 crypter_t *crypter;
753
754 /* select OID of symmetric encryption algorithm */
755 switch (alg)
756 {
757 case ENCR_DES:
758 alg_oid = ASN1_des_cbc_oid;
759 break;
760 case ENCR_3DES:
761 alg_oid = ASN1_3des_ede_cbc_oid;
762 break;
763 default:
764 DBG1(" encryption algorithm %N not supported",
765 encryption_algorithm_names, alg);
766 return FALSE;
767 }
768
769 crypter = crypter_create(alg, 0);
770 if (crypter == NULL)
771 {
772 DBG1(" could not create crypter for algorithm %N",
773 encryption_algorithm_names, alg);
774 return FALSE;
775 }
776
777 /* generate a true random symmetric encryption key
778 * and a pseudo-random iv
779 */
780 {
781 rng_t *rng;
782
783 rng = lib->crypto->create_rng(lib->crypto, RNG_REAL);
784 rng->allocate_bytes(rng, crypter->get_key_size(crypter), &symmetricKey);
785 DBG4(" symmetric encryption key: %B", &symmetricKey);
786 rng->destroy(rng);
787
788 rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
789 rng->allocate_bytes(rng, crypter->get_block_size(crypter), &iv);
790 DBG4(" initialization vector: %B", &iv);
791 rng->destroy(rng);
792 }
793
794 /* pad the data so that the total length becomes
795 * a multiple of the block size
796 */
797 {
798 size_t block_size = crypter->get_block_size(crypter);
799 size_t padding = block_size - this->data.len % block_size;
800
801 in.len = this->data.len + padding;
802 in.ptr = malloc(in.len);
803
804 DBG2(" padding %d bytes of data to multiple block size of %d bytes",
805 (int)this->data.len, (int)in.len);
806
807 /* copy data */
808 memcpy(in.ptr, this->data.ptr, this->data.len);
809 /* append padding */
810 memset(in.ptr + this->data.len, padding, padding);
811 }
812 DBG3(" padded unencrypted data: %B", &in);
813
814 /* symmetric encryption of data object */
815 crypter->set_key(crypter, symmetricKey);
816 crypter->encrypt(crypter, in, iv, &out);
817 crypter->destroy(crypter);
818 chunk_clear(&in);
819 DBG3(" encrypted data: %B", &out);
820
821 /* build pkcs7 enveloped data object */
822 {
823 chunk_t contentEncryptionAlgorithm = asn1_wrap(ASN1_SEQUENCE, "cm",
824 alg_oid,
825 asn1_wrap(ASN1_OCTET_STRING, "m", iv));
826
827 chunk_t encryptedContentInfo = asn1_wrap(ASN1_SEQUENCE, "cmm",
828 ASN1_pkcs7_data_oid,
829 contentEncryptionAlgorithm,
830 asn1_wrap(ASN1_CONTEXT_S_0, "m", out));
831
832 chunk_t wrappedKey, encryptedKey, recipientInfo;
833
834 rsa_public_key_t *public_key = cert->get_public_key(cert);
835
836 public_key->pkcs1_encrypt(public_key, symmetricKey, &wrappedKey);
837 chunk_clear(&symmetricKey);
838
839 encryptedKey = asn1_wrap(ASN1_OCTET_STRING, "m", wrappedKey);
840
841 recipientInfo = asn1_wrap(ASN1_SEQUENCE, "cmcm",
842 ASN1_INTEGER_0,
843 pkcs7_build_issuerAndSerialNumber(cert),
844 asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
845 encryptedKey);
846
847 this->content = asn1_wrap(ASN1_SEQUENCE, "cmm",
848 ASN1_INTEGER_0,
849 asn1_wrap(ASN1_SET, "m", recipientInfo),
850 encryptedContentInfo);
851 this->type = OID_PKCS7_ENVELOPED_DATA;
852 }
853 return TRUE;
854 }
855
856 /**
857 * Implements pkcs7_t.build_signedData.
858 */
859 bool build_signedData(private_pkcs7_t *this, rsa_private_key_t *private_key,
860 hash_algorithm_t alg)
861 {
862 int signature_oid = hasher_signature_algorithm_to_oid(alg);
863 chunk_t authenticatedAttributes = chunk_empty;
864 chunk_t encryptedDigest = chunk_empty;
865 chunk_t signerInfo;
866 x509_t *cert;
867
868 if (this->certs->get_first(this->certs, (void**)&cert) != SUCCESS)
869 {
870 DBG1(" no pkcs7 signer certificate found");
871 return FALSE;
872 }
873
874 if (this->attributes != NULL)
875 {
876 if(this->data.ptr != NULL)
877 {
878 hasher_t *hasher;
879
880 hasher = lib->crypto->create_hasher(lib->crypto, alg);
881 if (hasher == NULL)
882 {
883 DBG1(" hash algorithm %N not support",
884 hash_algorithm_names, alg);
885 return FALSE;
886 }
887
888 /* take the current time as signingTime */
889 time_t now = time(NULL);
890 chunk_t signingTime = timetoasn1(&now, ASN1_UTCTIME);
891
892 chunk_t messageDigest, attributes;
893
894 hasher->allocate_hash(hasher, this->data, &messageDigest);
895 hasher->destroy(hasher);
896 this->attributes->set_attribute(this->attributes,
897 OID_PKCS9_CONTENT_TYPE, ASN1_pkcs7_data_oid);
898 this->attributes->set_messageDigest(this->attributes,
899 messageDigest);
900 this->attributes->set_attribute(this->attributes,
901 OID_PKCS9_SIGNING_TIME, signingTime);
902 attributes = this->attributes->get_encoding(this->attributes);
903
904 free(messageDigest.ptr);
905 free(signingTime.ptr);
906
907 private_key->build_emsa_pkcs1_signature(private_key, alg,
908 attributes, &encryptedDigest);
909 authenticatedAttributes = chunk_clone(attributes);
910 *authenticatedAttributes.ptr = ASN1_CONTEXT_C_0;
911 }
912 }
913 else if (this->data.ptr != NULL)
914 {
915 private_key->build_emsa_pkcs1_signature(private_key, alg,
916 this->data, &encryptedDigest);
917 }
918 if (encryptedDigest.ptr)
919 {
920 encryptedDigest = asn1_wrap(ASN1_OCTET_STRING, "m", encryptedDigest);
921 }
922
923 signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmcmcm",
924 ASN1_INTEGER_1,
925 pkcs7_build_issuerAndSerialNumber(cert),
926 asn1_algorithmIdentifier(signature_oid),
927 authenticatedAttributes,
928 asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
929 encryptedDigest);
930
931 if (this->data.ptr != NULL)
932 {
933 this->content = asn1_simple_object(ASN1_OCTET_STRING, this->data);
934 chunk_free(&this->data);
935 }
936 this->type = OID_PKCS7_DATA;
937 this->data = get_contentInfo(this);
938 chunk_free(&this->content);
939
940 this->type = OID_PKCS7_SIGNED_DATA;
941
942 this->content = asn1_wrap(ASN1_SEQUENCE, "cmcmm",
943 ASN1_INTEGER_1,
944 asn1_simple_object(ASN1_SET, asn1_algorithmIdentifier(signature_oid)),
945 this->data,
946 asn1_simple_object(ASN1_CONTEXT_C_0, cert->get_certificate(cert)),
947 asn1_wrap(ASN1_SET, "m", signerInfo));
948
949 return TRUE;
950 }
951
952 /**
953 * Implements pkcs7_t.destroy
954 */
955 static void destroy(private_pkcs7_t *this)
956 {
957 DESTROY_IF(this->attributes);
958 this->certs->destroy_offset(this->certs, offsetof(x509_t, destroy));
959 free(this->content.ptr);
960 free(this->data.ptr);
961 free(this);
962 }
963
964 /**
965 * Parse PKCS#7 contentInfo object
966 */
967 static bool parse_contentInfo(chunk_t blob, u_int level0, private_pkcs7_t *cInfo)
968 {
969 asn1_ctx_t ctx;
970 chunk_t object;
971 u_int level;
972 int objectID = 0;
973
974 asn1_init(&ctx, blob, level0, FALSE, FALSE);
975
976 while (objectID < PKCS7_INFO_ROOF)
977 {
978 if (!extract_object(contentInfoObjects, &objectID, &object, &level, &ctx))
979 {
980 return FALSE;
981 }
982
983 if (objectID == PKCS7_INFO_TYPE)
984 {
985 cInfo->type = known_oid(object);
986 if (cInfo->type < OID_PKCS7_DATA
987 || cInfo->type > OID_PKCS7_ENCRYPTED_DATA)
988 {
989 DBG1("unknown pkcs7 content type");
990 return FALSE;
991 }
992 }
993 else if (objectID == PKCS7_INFO_CONTENT && object.len > 0)
994 {
995 cInfo->content = chunk_clone(object);
996 }
997 objectID++;
998 }
999 return TRUE;
1000 }
1001
1002 /**
1003 * Generic private constructor
1004 */
1005 static private_pkcs7_t *pkcs7_create_empty(void)
1006 {
1007 private_pkcs7_t *this = malloc_thing(private_pkcs7_t);
1008
1009 /* initialize */
1010 this->type = OID_UNKNOWN;
1011 this->content = chunk_empty;
1012 this->parsed = FALSE;
1013 this->level = 0;
1014 this->data = chunk_empty;
1015 this->attributes = NULL;
1016 this->certs = linked_list_create();
1017
1018 /*public functions */
1019 this->public.is_data = (bool (*) (pkcs7_t*))is_data;
1020 this->public.is_signedData = (bool (*) (pkcs7_t*))is_signedData;
1021 this->public.is_envelopedData = (bool (*) (pkcs7_t*))is_envelopedData;
1022 this->public.parse_data = (bool (*) (pkcs7_t*))parse_data;
1023 this->public.parse_signedData = (bool (*) (pkcs7_t*,x509_t*))parse_signedData;
1024 this->public.parse_envelopedData = (bool (*) (pkcs7_t*,chunk_t,rsa_private_key_t*))parse_envelopedData;
1025 this->public.get_data = (chunk_t (*) (pkcs7_t*))get_data;
1026 this->public.get_contentInfo = (chunk_t (*) (pkcs7_t*))get_contentInfo;
1027 this->public.create_certificate_iterator = (iterator_t* (*) (pkcs7_t*))create_certificate_iterator;
1028 this->public.set_certificate = (void (*) (pkcs7_t*,x509_t*))set_certificate;
1029 this->public.set_attributes = (void (*) (pkcs7_t*,pkcs9_t*))set_attributes;
1030 this->public.build_envelopedData = (bool (*) (pkcs7_t*,x509_t*,encryption_algorithm_t))build_envelopedData;
1031 this->public.build_signedData = (bool (*) (pkcs7_t*,rsa_private_key_t*,hash_algorithm_t))build_signedData;
1032 this->public.destroy = (void (*) (pkcs7_t*))destroy;
1033
1034 return this;
1035 }
1036
1037 /*
1038 * Described in header.
1039 */
1040 pkcs7_t *pkcs7_create_from_chunk(chunk_t chunk, u_int level)
1041 {
1042 private_pkcs7_t *this = pkcs7_create_empty();
1043
1044 this->level = level + 2;
1045 if (!parse_contentInfo(chunk, level, this))
1046 {
1047 destroy(this);
1048 return NULL;
1049 }
1050 return &this->public;
1051 }
1052
1053 /*
1054 * Described in header.
1055 */
1056 pkcs7_t *pkcs7_create_from_data(chunk_t data)
1057 {
1058 private_pkcs7_t *this = pkcs7_create_empty();
1059
1060 this->data = chunk_clone(data);
1061 this->parsed = TRUE;
1062
1063 return &this->public;
1064 }
1065
1066 /*
1067 * Described in header.
1068 */
1069 pkcs7_t *pkcs7_create_from_file(const char *filename, const char *label)
1070 {
1071 bool pgp = FALSE;
1072 chunk_t chunk = chunk_empty;
1073 char cert_label[BUF_LEN];
1074 pkcs7_t *pkcs7;
1075
1076 snprintf(cert_label, BUF_LEN, "%s pkcs7", label);
1077
1078 if (!pem_asn1_load_file(filename, NULL, cert_label, &chunk, &pgp))
1079 {
1080 return NULL;
1081 }
1082
1083 pkcs7 = pkcs7_create_from_chunk(chunk, 0);
1084 free(chunk.ptr);
1085 return pkcs7;
1086 }