projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Allocate data returned by pkcs7_t.get_attribute()
[strongswan.git] / src / libstrongswan / plugins / pkcs7 / pkcs7_signed_data.c
1 /*
2 * Copyright (C) 2012 Martin Willi
3 * Copyright (C) 2012 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "pkcs7_signed_data.h"
17
18 #include <time.h>
19
20 #include <utils/debug.h>
21 #include <asn1/oid.h>
22 #include <asn1/asn1.h>
23 #include <asn1/asn1_parser.h>
24 #include <crypto/pkcs9.h>
25 #include <credentials/sets/mem_cred.h>
26 #include <credentials/certificates/x509.h>
27 #include <credentials/keys/private_key.h>
28
29 typedef struct private_pkcs7_signed_data_t private_pkcs7_signed_data_t;
30
31 /**
32 * Private data of a PKCS#7 signed-data container.
33 */
34 struct private_pkcs7_signed_data_t {
35
36 /**
37 * Implements pkcs7_t.
38 */
39 pkcs7_t public;
40
41 /**
42 * Signed content data
43 */
44 container_t *content;
45
46 /**
47 * Encoded PKCS#7 signed-data
48 */
49 chunk_t encoding;
50
51 /**
52 * list of signerInfos, signerinfo_t
53 */
54 linked_list_t *signerinfos;
55
56 /**
57 * Contained certificates
58 */
59 mem_cred_t *creds;
60 };
61
62 /**
63 * A single signerInfo
64 */
65 typedef struct {
66
67 /**
68 * Signed attributes of signerInfo
69 */
70 pkcs9_t *attributes;
71
72 /**
73 * Serial of signing certificate
74 */
75 identification_t *serial;
76
77 /**
78 * Issuer of signing certificate
79 */
80 identification_t *issuer;
81
82 /**
83 * EncryptedDigest
84 */
85 chunk_t encrypted_digest;
86
87 /**
88 * Digesting algorithm OID
89 */
90 int digest_alg;
91
92 /**
93 * Public key encryption algorithm OID
94 */
95 int enc_alg;
96
97 } signerinfo_t;
98
99 /**
100 * Destroy a signerinfo_t entry
101 */
102 void signerinfo_destroy(signerinfo_t *this)
103 {
104 DESTROY_IF(this->attributes);
105 DESTROY_IF(this->serial);
106 DESTROY_IF(this->issuer);
107 free(this->encrypted_digest.ptr);
108 free(this);
109 }
110
111 /**
112 * ASN.1 definition of the PKCS#7 signedData type
113 */
114 static const asn1Object_t signedDataObjects[] = {
115 { 0, "signedData", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
116 { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
117 { 1, "digestAlgorithms", ASN1_SET, ASN1_LOOP }, /* 2 */
118 { 2, "algorithm", ASN1_EOC, ASN1_RAW }, /* 3 */
119 { 1, "end loop", ASN1_EOC, ASN1_END }, /* 4 */
120 { 1, "contentInfo", ASN1_EOC, ASN1_RAW }, /* 5 */
121 { 1, "certificates", ASN1_CONTEXT_C_0, ASN1_OPT |
122 ASN1_LOOP }, /* 6 */
123 { 2, "certificate", ASN1_SEQUENCE, ASN1_OBJ }, /* 7 */
124 { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 8 */
125 { 1, "crls", ASN1_CONTEXT_C_1, ASN1_OPT |
126 ASN1_LOOP }, /* 9 */
127 { 2, "crl", ASN1_SEQUENCE, ASN1_OBJ }, /* 10 */
128 { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 11 */
129 { 1, "signerInfos", ASN1_SET, ASN1_LOOP }, /* 12 */
130 { 2, "signerInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 13 */
131 { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 14 */
132 { 3, "issuerAndSerialNumber", ASN1_SEQUENCE, ASN1_BODY }, /* 15 */
133 { 4, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 16 */
134 { 4, "serial", ASN1_INTEGER, ASN1_BODY }, /* 17 */
135 { 3, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 18 */
136 { 3, "authenticatedAttributes", ASN1_CONTEXT_C_0, ASN1_OPT |
137 ASN1_OBJ }, /* 19 */
138 { 3, "end opt", ASN1_EOC, ASN1_END }, /* 20 */
139 { 3, "digestEncryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 21 */
140 { 3, "encryptedDigest", ASN1_OCTET_STRING, ASN1_BODY }, /* 22 */
141 { 3, "unauthenticatedAttributes", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 23 */
142 { 3, "end opt", ASN1_EOC, ASN1_END }, /* 24 */
143 { 1, "end loop", ASN1_EOC, ASN1_END }, /* 25 */
144 { 0, "exit", ASN1_EOC, ASN1_EXIT }
145 };
146 #define PKCS7_VERSION 1
147 #define PKCS7_DIGEST_ALG 3
148 #define PKCS7_CONTENT_INFO 5
149 #define PKCS7_CERT 7
150 #define PKCS7_SIGNER_INFO 13
151 #define PKCS7_SIGNER_INFO_VERSION 14
152 #define PKCS7_ISSUER 16
153 #define PKCS7_SERIAL_NUMBER 17
154 #define PKCS7_DIGEST_ALGORITHM 18
155 #define PKCS7_AUTH_ATTRIBUTES 19
156 #define PKCS7_DIGEST_ENC_ALGORITHM 21
157 #define PKCS7_ENCRYPTED_DIGEST 22
158
159 METHOD(container_t, get_type, container_type_t,
160 private_pkcs7_signed_data_t *this)
161 {
162 return CONTAINER_PKCS7_SIGNED_DATA;
163 }
164
165 /**
166 * Signature enumerator implementation
167 */
168 typedef struct {
169 /** implements enumerator */
170 enumerator_t public;
171 /** inner signerinfos enumerator */
172 enumerator_t *inner;
173 /** currently enumerated auth_cfg */
174 auth_cfg_t *auth;
175 /** currently enumerating signerinfo */
176 signerinfo_t *info;
177 /** reference to container */
178 private_pkcs7_signed_data_t *this;
179 } signature_enumerator_t;
180
181 METHOD(enumerator_t, enumerate, bool,
182 signature_enumerator_t *this, auth_cfg_t **out)
183 {
184 signerinfo_t *info;
185 signature_scheme_t scheme;
186 hash_algorithm_t algorithm;
187 enumerator_t *enumerator;
188 certificate_t *cert;
189 public_key_t *key;
190 auth_cfg_t *auth;
191 chunk_t chunk, hash, content;
192 hasher_t *hasher;
193 bool valid;
194
195 while (this->inner->enumerate(this->inner, &info))
196 {
197 /* clean up previous round */
198 DESTROY_IF(this->auth);
199 this->auth = NULL;
200
201 scheme = signature_scheme_from_oid(info->digest_alg);
202 if (scheme == SIGN_UNKNOWN)
203 {
204 DBG1(DBG_LIB, "unsupported signature scheme");
205 continue;
206 }
207 if (!info->attributes)
208 {
209 DBG1(DBG_LIB, "no authenticatedAttributes object found");
210 continue;
211 }
212 if (info->enc_alg != OID_RSA_ENCRYPTION)
213 {
214 DBG1(DBG_LIB, "only RSA digest encryption supported");
215 continue;
216 }
217
218 enumerator = lib->credmgr->create_trusted_enumerator(lib->credmgr,
219 KEY_RSA, info->serial, FALSE);
220 while (enumerator->enumerate(enumerator, &cert, &auth))
221 {
222 if (info->issuer->equals(info->issuer, cert->get_issuer(cert)))
223 {
224 key = cert->get_public_key(cert);
225 if (key)
226 {
227 chunk = info->attributes->get_encoding(info->attributes);
228 if (key->verify(key, scheme, chunk, info->encrypted_digest))
229 {
230 this->auth = auth->clone(auth);
231 key->destroy(key);
232 break;
233 }
234 key->destroy(key);
235 }
236 }
237 }
238 enumerator->destroy(enumerator);
239
240 if (!this->auth)
241 {
242 DBG1(DBG_LIB, "unable to verify pkcs7 attributes signature");
243 continue;
244 }
245
246 chunk = info->attributes->get_attribute(info->attributes,
247 OID_PKCS9_MESSAGE_DIGEST);
248 if (!chunk.len)
249 {
250 DBG1(DBG_LIB, "messageDigest attribute not found");
251 continue;
252 }
253 if (!this->this->content->get_data(this->this->content, &content))
254 {
255 continue;
256 }
257
258 algorithm = hasher_algorithm_from_oid(info->digest_alg);
259 hasher = lib->crypto->create_hasher(lib->crypto, algorithm);
260 if (!hasher || !hasher->allocate_hash(hasher, content, &hash))
261 {
262 free(content.ptr);
263 DESTROY_IF(hasher);
264 DBG1(DBG_LIB, "hash algorithm %N not supported",
265 hash_algorithm_names, algorithm);
266 continue;
267 }
268 free(content.ptr);
269 hasher->destroy(hasher);
270 DBG3(DBG_LIB, "hash: %B", &hash);
271
272 valid = chunk_equals(chunk, hash);
273 free(hash.ptr);
274 if (!valid)
275 {
276 DBG1(DBG_LIB, "invalid messageDigest");
277 continue;
278 }
279 *out = this->auth;
280 this->info = info;
281 return TRUE;
282 }
283 this->info = NULL;
284 return FALSE;
285 }
286
287 METHOD(enumerator_t, enumerator_destroy, void,
288 signature_enumerator_t *this)
289 {
290 lib->credmgr->remove_local_set(lib->credmgr, &this->this->creds->set);
291 this->inner->destroy(this->inner);
292 DESTROY_IF(this->auth);
293 free(this);
294 }
295
296 METHOD(container_t, create_signature_enumerator, enumerator_t*,
297 private_pkcs7_signed_data_t *this)
298 {
299 signature_enumerator_t *enumerator;
300
301 INIT(enumerator,
302 .public = {
303 .enumerate = (void*)_enumerate,
304 .destroy = _enumerator_destroy,
305 },
306 .inner = this->signerinfos->create_enumerator(this->signerinfos),
307 .this = this,
308 );
309
310 lib->credmgr->add_local_set(lib->credmgr, &this->creds->set, FALSE);
311 return &enumerator->public;
312 }
313
314 METHOD(pkcs7_t, get_attribute, bool,
315 private_pkcs7_signed_data_t *this, int oid, enumerator_t *enumerator, chunk_t *value)
316 {
317 signature_enumerator_t *e;
318 chunk_t chunk;
319
320 e = (signature_enumerator_t*)enumerator;
321 if (e->info)
322 {
323 chunk = e->info->attributes->get_attribute(e->info->attributes, oid);
324 if (chunk.len)
325 {
326 *value = chunk_clone(chunk);
327 return TRUE;
328 }
329 }
330 return FALSE;
331 }
332
333 METHOD(pkcs7_t, create_cert_enumerator, enumerator_t*,
334 private_pkcs7_signed_data_t *this)
335 {
336 return this->creds->set.create_cert_enumerator(&this->creds->set,
337 CERT_ANY, KEY_ANY, NULL, FALSE);
338 }
339
340 METHOD(container_t, get_data, bool,
341 private_pkcs7_signed_data_t *this, chunk_t *data)
342 {
343 if (this->content)
344 {
345 return this->content->get_data(this->content, data);
346 }
347 return FALSE;
348 }
349
350 METHOD(container_t, get_encoding, bool,
351 private_pkcs7_signed_data_t *this, chunk_t *data)
352 {
353 *data = chunk_clone(this->encoding);
354 return TRUE;
355 }
356
357 METHOD(container_t, destroy, void,
358 private_pkcs7_signed_data_t *this)
359 {
360 this->creds->destroy(this->creds);
361 this->signerinfos->destroy_function(this->signerinfos,
362 (void*)signerinfo_destroy);
363 DESTROY_IF(this->content);
364 free(this->encoding.ptr);
365 free(this);
366 }
367
368 /**
369 * Create an empty PKCS#7 signed-data container.
370 */
371 static private_pkcs7_signed_data_t* create_empty()
372 {
373 private_pkcs7_signed_data_t *this;
374
375 INIT(this,
376 .public = {
377 .container = {
378 .get_type = _get_type,
379 .create_signature_enumerator = _create_signature_enumerator,
380 .get_data = _get_data,
381 .get_encoding = _get_encoding,
382 .destroy = _destroy,
383 },
384 .get_attribute = _get_attribute,
385 .create_cert_enumerator = _create_cert_enumerator,
386 },
387 .creds = mem_cred_create(),
388 .signerinfos = linked_list_create(),
389 );
390
391 return this;
392 }
393
394 /**
395 * Parse PKCS#7 signed data
396 */
397 static bool parse(private_pkcs7_signed_data_t *this, chunk_t content)
398 {
399 asn1_parser_t *parser;
400 chunk_t object;
401 int objectID, version;
402 signerinfo_t *info = NULL;
403 bool success = FALSE;
404
405 parser = asn1_parser_create(signedDataObjects, content);
406 parser->set_top_level(parser, 0);
407 while (parser->iterate(parser, &objectID, &object))
408 {
409 u_int level = parser->get_level(parser);
410
411 switch (objectID)
412 {
413 case PKCS7_VERSION:
414 version = object.len ? (int)*object.ptr : 0;
415 DBG2(DBG_LIB, " v%d", version);
416 break;
417 case PKCS7_CONTENT_INFO:
418 this->content = lib->creds->create(lib->creds,
419 CRED_CONTAINER, CONTAINER_PKCS7,
420 BUILD_BLOB_ASN1_DER, object, BUILD_END);
421 break;
422 case PKCS7_CERT:
423 {
424 certificate_t *cert;
425
426 DBG2(DBG_LIB, " parsing pkcs7-wrapped certificate");
427 cert = lib->creds->create(lib->creds,
428 CRED_CERTIFICATE, CERT_X509,
429 BUILD_BLOB_ASN1_DER, object,
430 BUILD_END);
431 if (cert)
432 {
433 this->creds->add_cert(this->creds, FALSE, cert);
434 }
435 break;
436 }
437 case PKCS7_SIGNER_INFO:
438 INIT(info,
439 .digest_alg = OID_UNKNOWN,
440 .enc_alg = OID_UNKNOWN,
441 );
442 this->signerinfos->insert_last(this->signerinfos, info);
443 break;
444 case PKCS7_SIGNER_INFO_VERSION:
445 version = object.len ? (int)*object.ptr : 0;
446 DBG2(DBG_LIB, " v%d", version);
447 break;
448 case PKCS7_ISSUER:
449 info->issuer = identification_create_from_encoding(
450 ID_DER_ASN1_DN, object);
451 break;
452 case PKCS7_SERIAL_NUMBER:
453 info->serial = identification_create_from_encoding(
454 ID_KEY_ID, object);
455 break;
456 case PKCS7_AUTH_ATTRIBUTES:
457 *object.ptr = ASN1_SET;
458 info->attributes = pkcs9_create_from_chunk(object, level+1);
459 *object.ptr = ASN1_CONTEXT_C_0;
460 break;
461 case PKCS7_DIGEST_ALGORITHM:
462 info->digest_alg = asn1_parse_algorithmIdentifier(object,
463 level, NULL);
464 break;
465 case PKCS7_DIGEST_ENC_ALGORITHM:
466 info->enc_alg = asn1_parse_algorithmIdentifier(object,
467 level, NULL);
468 break;
469 case PKCS7_ENCRYPTED_DIGEST:
470 info->encrypted_digest = chunk_clone(object);
471 break;
472 }
473 }
474 success = parser->success(parser);
475 parser->destroy(parser);
476
477 return success;
478 }
479
480 /**
481 * See header.
482 */
483 pkcs7_t *pkcs7_signed_data_load(chunk_t encoding, chunk_t content)
484 {
485 private_pkcs7_signed_data_t *this = create_empty();
486
487 this->encoding = chunk_clone(encoding);
488 if (!parse(this, content))
489 {
490 destroy(this);
491 return NULL;
492 }
493 return &this->public;
494 }
495
496 /**
497 * build a DER-encoded issuerAndSerialNumber object
498 */
499 static chunk_t build_issuerAndSerialNumber(certificate_t *cert)
500 {
501 identification_t *issuer = cert->get_issuer(cert);
502 chunk_t serial = chunk_empty;
503
504 if (cert->get_type(cert) == CERT_X509)
505 {
506 x509_t *x509 = (x509_t*)cert;
507 serial = x509->get_serial(x509);
508 }
509
510 return asn1_wrap(ASN1_SEQUENCE, "cm",
511 issuer->get_encoding(issuer),
512 asn1_integer("c", serial));
513 }
514
515 /**
516 * Generate a new PKCS#7 signed-data container
517 */
518 static bool generate(private_pkcs7_signed_data_t *this, private_key_t *key,
519 certificate_t *cert, hash_algorithm_t alg, pkcs9_t *pkcs9)
520 {
521 chunk_t authenticatedAttributes = chunk_empty;
522 chunk_t encryptedDigest = chunk_empty;
523 chunk_t data, signerInfo, encoding = chunk_empty;
524 chunk_t messageDigest, signingTime, attributes;
525 signature_scheme_t scheme;
526 hasher_t *hasher;
527 time_t now;
528 int digest_oid;
529
530 digest_oid = hasher_algorithm_to_oid(alg);
531 scheme = signature_scheme_from_oid(digest_oid);
532
533 if (!this->content->get_data(this->content, &data))
534 {
535 return FALSE;
536 }
537
538 hasher = lib->crypto->create_hasher(lib->crypto, alg);
539 if (!hasher || !hasher->allocate_hash(hasher, data, &messageDigest))
540 {
541 DESTROY_IF(hasher);
542 DBG1(DBG_LIB, " hash algorithm %N not support",
543 hash_algorithm_names, alg);
544 free(data.ptr);
545 return FALSE;
546 }
547 hasher->destroy(hasher);
548 pkcs9->add_attribute(pkcs9,
549 OID_PKCS9_MESSAGE_DIGEST,
550 asn1_wrap(ASN1_OCTET_STRING, "m", messageDigest));
551
552 /* take the current time as signingTime */
553 now = time(NULL);
554 signingTime = asn1_from_time(&now, ASN1_UTCTIME);
555 pkcs9->add_attribute(pkcs9, OID_PKCS9_SIGNING_TIME, signingTime);
556 pkcs9->add_attribute(pkcs9, OID_PKCS9_CONTENT_TYPE,
557 asn1_build_known_oid(OID_PKCS7_DATA));
558
559 attributes = pkcs9->get_encoding(pkcs9);
560
561 if (!key->sign(key, scheme, attributes, &encryptedDigest))
562 {
563 free(data.ptr);
564 return FALSE;
565 }
566 authenticatedAttributes = chunk_clone(attributes);
567 *authenticatedAttributes.ptr = ASN1_CONTEXT_C_0;
568
569 free(data.ptr);
570 if (encryptedDigest.ptr)
571 {
572 encryptedDigest = asn1_wrap(ASN1_OCTET_STRING, "m", encryptedDigest);
573 }
574 signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmmmmm",
575 ASN1_INTEGER_1,
576 build_issuerAndSerialNumber(cert),
577 asn1_algorithmIdentifier(digest_oid),
578 authenticatedAttributes,
579 asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
580 encryptedDigest);
581
582 if (!cert->get_encoding(cert, CERT_ASN1_DER, &encoding))
583 {
584 free(signerInfo.ptr);
585 return FALSE;
586 }
587 if (!this->content->get_encoding(this->content, &data))
588 {
589 free(encoding.ptr);
590 free(signerInfo.ptr);
591 return FALSE;
592 }
593
594 this->encoding = asn1_wrap(ASN1_SEQUENCE, "mm",
595 asn1_build_known_oid(OID_PKCS7_SIGNED_DATA),
596 asn1_wrap(ASN1_CONTEXT_C_0, "m",
597 asn1_wrap(ASN1_SEQUENCE, "cmmmm",
598 ASN1_INTEGER_1,
599 asn1_wrap(ASN1_SET, "m", asn1_algorithmIdentifier(digest_oid)),
600 data,
601 asn1_wrap(ASN1_CONTEXT_C_0, "m", encoding),
602 asn1_wrap(ASN1_SET, "m", signerInfo))));
603
604
605 pkcs9->destroy(pkcs9);
606 /* TODO: create signerInfos entry */
607 return TRUE;
608 }
609
610 /**
611 * See header.
612 */
613 pkcs7_t *pkcs7_signed_data_gen(container_type_t type, va_list args)
614 {
615 private_pkcs7_signed_data_t *this;
616 chunk_t blob = chunk_empty;
617 hash_algorithm_t alg = HASH_SHA1;
618 private_key_t *key = NULL;
619 certificate_t *cert = NULL;
620 pkcs9_t *pkcs9;
621 chunk_t value;
622 int oid;
623
624 pkcs9 = pkcs9_create();
625
626 while (TRUE)
627 {
628 switch (va_arg(args, builder_part_t))
629 {
630 case BUILD_SIGNING_KEY:
631 key = va_arg(args, private_key_t*);
632 continue;
633 case BUILD_SIGNING_CERT:
634 cert = va_arg(args, certificate_t*);
635 continue;
636 case BUILD_DIGEST_ALG:
637 alg = va_arg(args, int);
638 continue;
639 case BUILD_BLOB:
640 blob = va_arg(args, chunk_t);
641 continue;
642 case BUILD_PKCS7_ATTRIBUTE:
643 oid = va_arg(args, int);
644 value = va_arg(args, chunk_t);
645 pkcs9->add_attribute(pkcs9, oid, chunk_clone(value));
646 continue;
647 case BUILD_END:
648 break;
649 default:
650 pkcs9->destroy(pkcs9);
651 return NULL;
652 }
653 break;
654 }
655 if (blob.len && key && cert)
656 {
657 this = create_empty();
658
659 this->creds->add_cert(this->creds, FALSE, cert->get_ref(cert));
660 this->content = lib->creds->create(lib->creds,
661 CRED_CONTAINER, CONTAINER_PKCS7_DATA,
662 BUILD_BLOB, blob, BUILD_END);
663
664 if (this->content && generate(this, key, cert, alg, pkcs9))
665 {
666 return &this->public;
667 }
668 pkcs9->destroy(pkcs9);
669 destroy(this);
670 }
671 else
672 {
673 pkcs9->destroy(pkcs9);
674 }
675 return NULL;
676 }
strongSwan - IPsec VPN