Move PKCS#9 attribute lists to pkcs7 plugin, as we currently use it there only
[strongswan.git] / src / libstrongswan / plugins / pkcs7 / pkcs7_signed_data.c
1 /*
2 * Copyright (C) 2012 Martin Willi
3 * Copyright (C) 2012 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "pkcs7_signed_data.h"
17 #include "pkcs7_attributes.h"
18
19 #include <time.h>
20
21 #include <utils/debug.h>
22 #include <asn1/oid.h>
23 #include <asn1/asn1.h>
24 #include <asn1/asn1_parser.h>
25 #include <credentials/sets/mem_cred.h>
26 #include <credentials/certificates/x509.h>
27 #include <credentials/keys/private_key.h>
28
29 typedef struct private_pkcs7_signed_data_t private_pkcs7_signed_data_t;
30
31 /**
32 * Private data of a PKCS#7 signed-data container.
33 */
34 struct private_pkcs7_signed_data_t {
35
36 /**
37 * Implements pkcs7_t.
38 */
39 pkcs7_t public;
40
41 /**
42 * Signed content data
43 */
44 container_t *content;
45
46 /**
47 * Encoded PKCS#7 signed-data
48 */
49 chunk_t encoding;
50
51 /**
52 * list of signerInfos, signerinfo_t
53 */
54 linked_list_t *signerinfos;
55
56 /**
57 * Contained certificates
58 */
59 mem_cred_t *creds;
60 };
61
62 /**
63 * A single signerInfo
64 */
65 typedef struct {
66
67 /**
68 * Signed attributes of signerInfo
69 */
70 pkcs7_attributes_t *attributes;
71
72 /**
73 * Serial of signing certificate
74 */
75 identification_t *serial;
76
77 /**
78 * Issuer of signing certificate
79 */
80 identification_t *issuer;
81
82 /**
83 * EncryptedDigest
84 */
85 chunk_t encrypted_digest;
86
87 /**
88 * Digesting algorithm OID
89 */
90 int digest_alg;
91
92 /**
93 * Public key encryption algorithm OID
94 */
95 int enc_alg;
96
97 } signerinfo_t;
98
99 /**
100 * Destroy a signerinfo_t entry
101 */
102 void signerinfo_destroy(signerinfo_t *this)
103 {
104 DESTROY_IF(this->attributes);
105 DESTROY_IF(this->serial);
106 DESTROY_IF(this->issuer);
107 free(this->encrypted_digest.ptr);
108 free(this);
109 }
110
111 /**
112 * ASN.1 definition of the PKCS#7 signedData type
113 */
114 static const asn1Object_t signedDataObjects[] = {
115 { 0, "signedData", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
116 { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
117 { 1, "digestAlgorithms", ASN1_SET, ASN1_LOOP }, /* 2 */
118 { 2, "algorithm", ASN1_EOC, ASN1_RAW }, /* 3 */
119 { 1, "end loop", ASN1_EOC, ASN1_END }, /* 4 */
120 { 1, "contentInfo", ASN1_EOC, ASN1_RAW }, /* 5 */
121 { 1, "certificates", ASN1_CONTEXT_C_0, ASN1_OPT |
122 ASN1_LOOP }, /* 6 */
123 { 2, "certificate", ASN1_SEQUENCE, ASN1_OBJ }, /* 7 */
124 { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 8 */
125 { 1, "crls", ASN1_CONTEXT_C_1, ASN1_OPT |
126 ASN1_LOOP }, /* 9 */
127 { 2, "crl", ASN1_SEQUENCE, ASN1_OBJ }, /* 10 */
128 { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 11 */
129 { 1, "signerInfos", ASN1_SET, ASN1_LOOP }, /* 12 */
130 { 2, "signerInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 13 */
131 { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 14 */
132 { 3, "issuerAndSerialNumber", ASN1_SEQUENCE, ASN1_BODY }, /* 15 */
133 { 4, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 16 */
134 { 4, "serial", ASN1_INTEGER, ASN1_BODY }, /* 17 */
135 { 3, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 18 */
136 { 3, "authenticatedAttributes", ASN1_CONTEXT_C_0, ASN1_OPT |
137 ASN1_OBJ }, /* 19 */
138 { 3, "end opt", ASN1_EOC, ASN1_END }, /* 20 */
139 { 3, "digestEncryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 21 */
140 { 3, "encryptedDigest", ASN1_OCTET_STRING, ASN1_BODY }, /* 22 */
141 { 3, "unauthenticatedAttributes", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 23 */
142 { 3, "end opt", ASN1_EOC, ASN1_END }, /* 24 */
143 { 1, "end loop", ASN1_EOC, ASN1_END }, /* 25 */
144 { 0, "exit", ASN1_EOC, ASN1_EXIT }
145 };
146 #define PKCS7_VERSION 1
147 #define PKCS7_DIGEST_ALG 3
148 #define PKCS7_CONTENT_INFO 5
149 #define PKCS7_CERT 7
150 #define PKCS7_SIGNER_INFO 13
151 #define PKCS7_SIGNER_INFO_VERSION 14
152 #define PKCS7_ISSUER 16
153 #define PKCS7_SERIAL_NUMBER 17
154 #define PKCS7_DIGEST_ALGORITHM 18
155 #define PKCS7_AUTH_ATTRIBUTES 19
156 #define PKCS7_DIGEST_ENC_ALGORITHM 21
157 #define PKCS7_ENCRYPTED_DIGEST 22
158
159 METHOD(container_t, get_type, container_type_t,
160 private_pkcs7_signed_data_t *this)
161 {
162 return CONTAINER_PKCS7_SIGNED_DATA;
163 }
164
165 /**
166 * Signature enumerator implementation
167 */
168 typedef struct {
169 /** implements enumerator */
170 enumerator_t public;
171 /** inner signerinfos enumerator */
172 enumerator_t *inner;
173 /** currently enumerated auth_cfg */
174 auth_cfg_t *auth;
175 /** currently enumerating signerinfo */
176 signerinfo_t *info;
177 /** reference to container */
178 private_pkcs7_signed_data_t *this;
179 } signature_enumerator_t;
180
181 METHOD(enumerator_t, enumerate, bool,
182 signature_enumerator_t *this, auth_cfg_t **out)
183 {
184 signerinfo_t *info;
185 signature_scheme_t scheme;
186 hash_algorithm_t algorithm;
187 enumerator_t *enumerator;
188 certificate_t *cert;
189 public_key_t *key;
190 auth_cfg_t *auth;
191 chunk_t chunk, hash, content;
192 hasher_t *hasher;
193 bool valid;
194
195 while (this->inner->enumerate(this->inner, &info))
196 {
197 /* clean up previous round */
198 DESTROY_IF(this->auth);
199 this->auth = NULL;
200
201 scheme = signature_scheme_from_oid(info->digest_alg);
202 if (scheme == SIGN_UNKNOWN)
203 {
204 DBG1(DBG_LIB, "unsupported signature scheme");
205 continue;
206 }
207 if (!info->attributes)
208 {
209 DBG1(DBG_LIB, "no authenticatedAttributes object found");
210 continue;
211 }
212 if (info->enc_alg != OID_RSA_ENCRYPTION)
213 {
214 DBG1(DBG_LIB, "only RSA digest encryption supported");
215 continue;
216 }
217
218 enumerator = lib->credmgr->create_trusted_enumerator(lib->credmgr,
219 KEY_RSA, info->serial, FALSE);
220 while (enumerator->enumerate(enumerator, &cert, &auth))
221 {
222 if (info->issuer->equals(info->issuer, cert->get_issuer(cert)))
223 {
224 key = cert->get_public_key(cert);
225 if (key)
226 {
227 chunk = info->attributes->get_encoding(info->attributes);
228 if (key->verify(key, scheme, chunk, info->encrypted_digest))
229 {
230 this->auth = auth->clone(auth);
231 key->destroy(key);
232 break;
233 }
234 key->destroy(key);
235 }
236 }
237 }
238 enumerator->destroy(enumerator);
239
240 if (!this->auth)
241 {
242 DBG1(DBG_LIB, "unable to verify pkcs7 attributes signature");
243 continue;
244 }
245
246 chunk = info->attributes->get_attribute(info->attributes,
247 OID_PKCS9_MESSAGE_DIGEST);
248 if (!chunk.len)
249 {
250 DBG1(DBG_LIB, "messageDigest attribute not found");
251 continue;
252 }
253 if (!this->this->content->get_data(this->this->content, &content))
254 {
255 continue;
256 }
257
258 algorithm = hasher_algorithm_from_oid(info->digest_alg);
259 hasher = lib->crypto->create_hasher(lib->crypto, algorithm);
260 if (!hasher || !hasher->allocate_hash(hasher, content, &hash))
261 {
262 free(content.ptr);
263 DESTROY_IF(hasher);
264 DBG1(DBG_LIB, "hash algorithm %N not supported",
265 hash_algorithm_names, algorithm);
266 continue;
267 }
268 free(content.ptr);
269 hasher->destroy(hasher);
270 DBG3(DBG_LIB, "hash: %B", &hash);
271
272 valid = chunk_equals(chunk, hash);
273 free(hash.ptr);
274 if (!valid)
275 {
276 DBG1(DBG_LIB, "invalid messageDigest");
277 continue;
278 }
279 *out = this->auth;
280 this->info = info;
281 return TRUE;
282 }
283 this->info = NULL;
284 return FALSE;
285 }
286
287 METHOD(enumerator_t, enumerator_destroy, void,
288 signature_enumerator_t *this)
289 {
290 lib->credmgr->remove_local_set(lib->credmgr, &this->this->creds->set);
291 this->inner->destroy(this->inner);
292 DESTROY_IF(this->auth);
293 free(this);
294 }
295
296 METHOD(container_t, create_signature_enumerator, enumerator_t*,
297 private_pkcs7_signed_data_t *this)
298 {
299 signature_enumerator_t *enumerator;
300
301 INIT(enumerator,
302 .public = {
303 .enumerate = (void*)_enumerate,
304 .destroy = _enumerator_destroy,
305 },
306 .inner = this->signerinfos->create_enumerator(this->signerinfos),
307 .this = this,
308 );
309
310 lib->credmgr->add_local_set(lib->credmgr, &this->creds->set, FALSE);
311 return &enumerator->public;
312 }
313
314 METHOD(pkcs7_t, get_attribute, bool,
315 private_pkcs7_signed_data_t *this, int oid, enumerator_t *enumerator, chunk_t *value)
316 {
317 signature_enumerator_t *e;
318 chunk_t chunk;
319
320 e = (signature_enumerator_t*)enumerator;
321 if (e->info)
322 {
323 chunk = e->info->attributes->get_attribute(e->info->attributes, oid);
324 if (chunk.len)
325 {
326 *value = chunk_clone(chunk);
327 return TRUE;
328 }
329 }
330 return FALSE;
331 }
332
333 METHOD(pkcs7_t, create_cert_enumerator, enumerator_t*,
334 private_pkcs7_signed_data_t *this)
335 {
336 return this->creds->set.create_cert_enumerator(&this->creds->set,
337 CERT_ANY, KEY_ANY, NULL, FALSE);
338 }
339
340 METHOD(container_t, get_data, bool,
341 private_pkcs7_signed_data_t *this, chunk_t *data)
342 {
343 if (this->content)
344 {
345 return this->content->get_data(this->content, data);
346 }
347 return FALSE;
348 }
349
350 METHOD(container_t, get_encoding, bool,
351 private_pkcs7_signed_data_t *this, chunk_t *data)
352 {
353 *data = chunk_clone(this->encoding);
354 return TRUE;
355 }
356
357 METHOD(container_t, destroy, void,
358 private_pkcs7_signed_data_t *this)
359 {
360 this->creds->destroy(this->creds);
361 this->signerinfos->destroy_function(this->signerinfos,
362 (void*)signerinfo_destroy);
363 DESTROY_IF(this->content);
364 free(this->encoding.ptr);
365 free(this);
366 }
367
368 /**
369 * Create an empty PKCS#7 signed-data container.
370 */
371 static private_pkcs7_signed_data_t* create_empty()
372 {
373 private_pkcs7_signed_data_t *this;
374
375 INIT(this,
376 .public = {
377 .container = {
378 .get_type = _get_type,
379 .create_signature_enumerator = _create_signature_enumerator,
380 .get_data = _get_data,
381 .get_encoding = _get_encoding,
382 .destroy = _destroy,
383 },
384 .get_attribute = _get_attribute,
385 .create_cert_enumerator = _create_cert_enumerator,
386 },
387 .creds = mem_cred_create(),
388 .signerinfos = linked_list_create(),
389 );
390
391 return this;
392 }
393
394 /**
395 * Parse PKCS#7 signed data
396 */
397 static bool parse(private_pkcs7_signed_data_t *this, chunk_t content)
398 {
399 asn1_parser_t *parser;
400 chunk_t object;
401 int objectID, version;
402 signerinfo_t *info = NULL;
403 bool success = FALSE;
404
405 parser = asn1_parser_create(signedDataObjects, content);
406 parser->set_top_level(parser, 0);
407 while (parser->iterate(parser, &objectID, &object))
408 {
409 u_int level = parser->get_level(parser);
410
411 switch (objectID)
412 {
413 case PKCS7_VERSION:
414 version = object.len ? (int)*object.ptr : 0;
415 DBG2(DBG_LIB, " v%d", version);
416 break;
417 case PKCS7_CONTENT_INFO:
418 this->content = lib->creds->create(lib->creds,
419 CRED_CONTAINER, CONTAINER_PKCS7,
420 BUILD_BLOB_ASN1_DER, object, BUILD_END);
421 break;
422 case PKCS7_CERT:
423 {
424 certificate_t *cert;
425
426 DBG2(DBG_LIB, " parsing pkcs7-wrapped certificate");
427 cert = lib->creds->create(lib->creds,
428 CRED_CERTIFICATE, CERT_X509,
429 BUILD_BLOB_ASN1_DER, object,
430 BUILD_END);
431 if (cert)
432 {
433 this->creds->add_cert(this->creds, FALSE, cert);
434 }
435 break;
436 }
437 case PKCS7_SIGNER_INFO:
438 INIT(info,
439 .digest_alg = OID_UNKNOWN,
440 .enc_alg = OID_UNKNOWN,
441 );
442 this->signerinfos->insert_last(this->signerinfos, info);
443 break;
444 case PKCS7_SIGNER_INFO_VERSION:
445 version = object.len ? (int)*object.ptr : 0;
446 DBG2(DBG_LIB, " v%d", version);
447 break;
448 case PKCS7_ISSUER:
449 info->issuer = identification_create_from_encoding(
450 ID_DER_ASN1_DN, object);
451 break;
452 case PKCS7_SERIAL_NUMBER:
453 info->serial = identification_create_from_encoding(
454 ID_KEY_ID, object);
455 break;
456 case PKCS7_AUTH_ATTRIBUTES:
457 *object.ptr = ASN1_SET;
458 info->attributes = pkcs7_attributes_create_from_chunk(
459 object, level+1);
460 *object.ptr = ASN1_CONTEXT_C_0;
461 break;
462 case PKCS7_DIGEST_ALGORITHM:
463 info->digest_alg = asn1_parse_algorithmIdentifier(object,
464 level, NULL);
465 break;
466 case PKCS7_DIGEST_ENC_ALGORITHM:
467 info->enc_alg = asn1_parse_algorithmIdentifier(object,
468 level, NULL);
469 break;
470 case PKCS7_ENCRYPTED_DIGEST:
471 info->encrypted_digest = chunk_clone(object);
472 break;
473 }
474 }
475 success = parser->success(parser);
476 parser->destroy(parser);
477
478 return success;
479 }
480
481 /**
482 * See header.
483 */
484 pkcs7_t *pkcs7_signed_data_load(chunk_t encoding, chunk_t content)
485 {
486 private_pkcs7_signed_data_t *this = create_empty();
487
488 this->encoding = chunk_clone(encoding);
489 if (!parse(this, content))
490 {
491 destroy(this);
492 return NULL;
493 }
494 return &this->public;
495 }
496
497 /**
498 * build a DER-encoded issuerAndSerialNumber object
499 */
500 static chunk_t build_issuerAndSerialNumber(certificate_t *cert)
501 {
502 identification_t *issuer = cert->get_issuer(cert);
503 chunk_t serial = chunk_empty;
504
505 if (cert->get_type(cert) == CERT_X509)
506 {
507 x509_t *x509 = (x509_t*)cert;
508 serial = x509->get_serial(x509);
509 }
510
511 return asn1_wrap(ASN1_SEQUENCE, "cm",
512 issuer->get_encoding(issuer),
513 asn1_integer("c", serial));
514 }
515
516 /**
517 * Generate a new PKCS#7 signed-data container
518 */
519 static bool generate(private_pkcs7_signed_data_t *this, private_key_t *key,
520 certificate_t *cert, hash_algorithm_t alg,
521 pkcs7_attributes_t *pkcs9)
522 {
523 chunk_t authenticatedAttributes = chunk_empty;
524 chunk_t encryptedDigest = chunk_empty;
525 chunk_t data, signerInfo, encoding = chunk_empty;
526 chunk_t messageDigest, signingTime, attributes;
527 signature_scheme_t scheme;
528 hasher_t *hasher;
529 time_t now;
530 int digest_oid;
531
532 digest_oid = hasher_algorithm_to_oid(alg);
533 scheme = signature_scheme_from_oid(digest_oid);
534
535 if (!this->content->get_data(this->content, &data))
536 {
537 return FALSE;
538 }
539
540 hasher = lib->crypto->create_hasher(lib->crypto, alg);
541 if (!hasher || !hasher->allocate_hash(hasher, data, &messageDigest))
542 {
543 DESTROY_IF(hasher);
544 DBG1(DBG_LIB, " hash algorithm %N not support",
545 hash_algorithm_names, alg);
546 free(data.ptr);
547 return FALSE;
548 }
549 hasher->destroy(hasher);
550 pkcs9->add_attribute(pkcs9,
551 OID_PKCS9_MESSAGE_DIGEST,
552 asn1_wrap(ASN1_OCTET_STRING, "m", messageDigest));
553
554 /* take the current time as signingTime */
555 now = time(NULL);
556 signingTime = asn1_from_time(&now, ASN1_UTCTIME);
557 pkcs9->add_attribute(pkcs9, OID_PKCS9_SIGNING_TIME, signingTime);
558 pkcs9->add_attribute(pkcs9, OID_PKCS9_CONTENT_TYPE,
559 asn1_build_known_oid(OID_PKCS7_DATA));
560
561 attributes = pkcs9->get_encoding(pkcs9);
562
563 if (!key->sign(key, scheme, attributes, &encryptedDigest))
564 {
565 free(data.ptr);
566 return FALSE;
567 }
568 authenticatedAttributes = chunk_clone(attributes);
569 *authenticatedAttributes.ptr = ASN1_CONTEXT_C_0;
570
571 free(data.ptr);
572 if (encryptedDigest.ptr)
573 {
574 encryptedDigest = asn1_wrap(ASN1_OCTET_STRING, "m", encryptedDigest);
575 }
576 signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmmmmm",
577 ASN1_INTEGER_1,
578 build_issuerAndSerialNumber(cert),
579 asn1_algorithmIdentifier(digest_oid),
580 authenticatedAttributes,
581 asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
582 encryptedDigest);
583
584 if (!cert->get_encoding(cert, CERT_ASN1_DER, &encoding))
585 {
586 free(signerInfo.ptr);
587 return FALSE;
588 }
589 if (!this->content->get_encoding(this->content, &data))
590 {
591 free(encoding.ptr);
592 free(signerInfo.ptr);
593 return FALSE;
594 }
595
596 this->encoding = asn1_wrap(ASN1_SEQUENCE, "mm",
597 asn1_build_known_oid(OID_PKCS7_SIGNED_DATA),
598 asn1_wrap(ASN1_CONTEXT_C_0, "m",
599 asn1_wrap(ASN1_SEQUENCE, "cmmmm",
600 ASN1_INTEGER_1,
601 asn1_wrap(ASN1_SET, "m", asn1_algorithmIdentifier(digest_oid)),
602 data,
603 asn1_wrap(ASN1_CONTEXT_C_0, "m", encoding),
604 asn1_wrap(ASN1_SET, "m", signerInfo))));
605
606
607 pkcs9->destroy(pkcs9);
608 /* TODO: create signerInfos entry */
609 return TRUE;
610 }
611
612 /**
613 * See header.
614 */
615 pkcs7_t *pkcs7_signed_data_gen(container_type_t type, va_list args)
616 {
617 private_pkcs7_signed_data_t *this;
618 chunk_t blob = chunk_empty;
619 hash_algorithm_t alg = HASH_SHA1;
620 private_key_t *key = NULL;
621 certificate_t *cert = NULL;
622 pkcs7_attributes_t *pkcs9;
623 chunk_t value;
624 int oid;
625
626 pkcs9 = pkcs7_attributes_create();
627
628 while (TRUE)
629 {
630 switch (va_arg(args, builder_part_t))
631 {
632 case BUILD_SIGNING_KEY:
633 key = va_arg(args, private_key_t*);
634 continue;
635 case BUILD_SIGNING_CERT:
636 cert = va_arg(args, certificate_t*);
637 continue;
638 case BUILD_DIGEST_ALG:
639 alg = va_arg(args, int);
640 continue;
641 case BUILD_BLOB:
642 blob = va_arg(args, chunk_t);
643 continue;
644 case BUILD_PKCS7_ATTRIBUTE:
645 oid = va_arg(args, int);
646 value = va_arg(args, chunk_t);
647 pkcs9->add_attribute(pkcs9, oid, chunk_clone(value));
648 continue;
649 case BUILD_END:
650 break;
651 default:
652 pkcs9->destroy(pkcs9);
653 return NULL;
654 }
655 break;
656 }
657 if (blob.len && key && cert)
658 {
659 this = create_empty();
660
661 this->creds->add_cert(this->creds, FALSE, cert->get_ref(cert));
662 this->content = lib->creds->create(lib->creds,
663 CRED_CONTAINER, CONTAINER_PKCS7_DATA,
664 BUILD_BLOB, blob, BUILD_END);
665
666 if (this->content && generate(this, key, cert, alg, pkcs9))
667 {
668 return &this->public;
669 }
670 pkcs9->destroy(pkcs9);
671 destroy(this);
672 }
673 else
674 {
675 pkcs9->destroy(pkcs9);
676 }
677 return NULL;
678 }