Support multiple signerInfos while parsing PKCS#7 signed-data
[strongswan.git] / src / libstrongswan / plugins / pkcs7 / pkcs7_signed_data.c
1 /*
2 * Copyright (C) 2012 Martin Willi
3 * Copyright (C) 2012 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "pkcs7_signed_data.h"
17
18 #include <time.h>
19
20 #include <utils/debug.h>
21 #include <asn1/oid.h>
22 #include <asn1/asn1.h>
23 #include <asn1/asn1_parser.h>
24 #include <crypto/pkcs9.h>
25 #include <credentials/sets/mem_cred.h>
26 #include <credentials/certificates/x509.h>
27 #include <credentials/keys/private_key.h>
28
29 typedef struct private_pkcs7_signed_data_t private_pkcs7_signed_data_t;
30
31 /**
32 * Private data of a PKCS#7 signed-data container.
33 */
34 struct private_pkcs7_signed_data_t {
35
36 /**
37 * Implements pkcs7_t.
38 */
39 pkcs7_t public;
40
41 /**
42 * Signed content data
43 */
44 container_t *content;
45
46 /**
47 * Encoded PKCS#7 signed-data
48 */
49 chunk_t encoding;
50
51 /**
52 * list of signerInfos, signerinfo_t
53 */
54 linked_list_t *signerinfos;
55
56 /**
57 * Contained certificates
58 */
59 mem_cred_t *creds;
60 };
61
62 /**
63 * A single signerInfo
64 */
65 typedef struct {
66
67 /**
68 * Signed attributes of signerInfo
69 */
70 pkcs9_t *attributes;
71
72 /**
73 * Serial of signing certificate
74 */
75 identification_t *serial;
76
77 /**
78 * Issuer of signing certificate
79 */
80 identification_t *issuer;
81
82 /**
83 * EncryptedDigest
84 */
85 chunk_t encrypted_digest;
86
87 /**
88 * Digesting algorithm OID
89 */
90 int digest_alg;
91
92 /**
93 * Public key encryption algorithm OID
94 */
95 int enc_alg;
96
97 } signerinfo_t;
98
99 /**
100 * Destroy a signerinfo_t entry
101 */
102 void signerinfo_destroy(signerinfo_t *this)
103 {
104 DESTROY_IF(this->attributes);
105 DESTROY_IF(this->serial);
106 DESTROY_IF(this->issuer);
107 free(this->encrypted_digest.ptr);
108 free(this);
109 }
110
111 /**
112 * ASN.1 definition of the PKCS#7 signedData type
113 */
114 static const asn1Object_t signedDataObjects[] = {
115 { 0, "signedData", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
116 { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
117 { 1, "digestAlgorithms", ASN1_SET, ASN1_LOOP }, /* 2 */
118 { 2, "algorithm", ASN1_EOC, ASN1_RAW }, /* 3 */
119 { 1, "end loop", ASN1_EOC, ASN1_END }, /* 4 */
120 { 1, "contentInfo", ASN1_EOC, ASN1_RAW }, /* 5 */
121 { 1, "certificates", ASN1_CONTEXT_C_0, ASN1_OPT |
122 ASN1_LOOP }, /* 6 */
123 { 2, "certificate", ASN1_SEQUENCE, ASN1_OBJ }, /* 7 */
124 { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 8 */
125 { 1, "crls", ASN1_CONTEXT_C_1, ASN1_OPT |
126 ASN1_LOOP }, /* 9 */
127 { 2, "crl", ASN1_SEQUENCE, ASN1_OBJ }, /* 10 */
128 { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 11 */
129 { 1, "signerInfos", ASN1_SET, ASN1_LOOP }, /* 12 */
130 { 2, "signerInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 13 */
131 { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 14 */
132 { 3, "issuerAndSerialNumber", ASN1_SEQUENCE, ASN1_BODY }, /* 15 */
133 { 4, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 16 */
134 { 4, "serial", ASN1_INTEGER, ASN1_BODY }, /* 17 */
135 { 3, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 18 */
136 { 3, "authenticatedAttributes", ASN1_CONTEXT_C_0, ASN1_OPT |
137 ASN1_OBJ }, /* 19 */
138 { 3, "end opt", ASN1_EOC, ASN1_END }, /* 20 */
139 { 3, "digestEncryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 21 */
140 { 3, "encryptedDigest", ASN1_OCTET_STRING, ASN1_BODY }, /* 22 */
141 { 3, "unauthenticatedAttributes", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 23 */
142 { 3, "end opt", ASN1_EOC, ASN1_END }, /* 24 */
143 { 1, "end loop", ASN1_EOC, ASN1_END }, /* 25 */
144 { 0, "exit", ASN1_EOC, ASN1_EXIT }
145 };
146 #define PKCS7_VERSION 1
147 #define PKCS7_DIGEST_ALG 3
148 #define PKCS7_CONTENT_INFO 5
149 #define PKCS7_CERT 7
150 #define PKCS7_SIGNER_INFO 13
151 #define PKCS7_SIGNER_INFO_VERSION 14
152 #define PKCS7_ISSUER 16
153 #define PKCS7_SERIAL_NUMBER 17
154 #define PKCS7_DIGEST_ALGORITHM 18
155 #define PKCS7_AUTH_ATTRIBUTES 19
156 #define PKCS7_DIGEST_ENC_ALGORITHM 21
157 #define PKCS7_ENCRYPTED_DIGEST 22
158
159 METHOD(container_t, get_type, container_type_t,
160 private_pkcs7_signed_data_t *this)
161 {
162 return CONTAINER_PKCS7_SIGNED_DATA;
163 }
164
165 /**
166 * Signature enumerator implementation
167 */
168 typedef struct {
169 /** implements enumerator */
170 enumerator_t public;
171 /** inner signerinfos enumerator */
172 enumerator_t *inner;
173 /** currently enumerated auth_cfg */
174 auth_cfg_t *auth;
175 /** reference to container */
176 private_pkcs7_signed_data_t *this;
177 } signature_enumerator_t;
178
179 METHOD(enumerator_t, enumerate, bool,
180 signature_enumerator_t *this, auth_cfg_t **out)
181 {
182 signerinfo_t *info;
183 signature_scheme_t scheme;
184 hash_algorithm_t algorithm;
185 enumerator_t *enumerator;
186 certificate_t *cert;
187 public_key_t *key;
188 auth_cfg_t *auth;
189 chunk_t chunk, hash, content;
190 hasher_t *hasher;
191 bool valid;
192
193 while (this->inner->enumerate(this->inner, &info))
194 {
195 /* clean up previous round */
196 DESTROY_IF(this->auth);
197 this->auth = NULL;
198
199 scheme = signature_scheme_from_oid(info->digest_alg);
200 if (scheme == SIGN_UNKNOWN)
201 {
202 DBG1(DBG_LIB, "unsupported signature scheme");
203 continue;
204 }
205 if (!info->attributes)
206 {
207 DBG1(DBG_LIB, "no authenticatedAttributes object found");
208 continue;
209 }
210 if (info->enc_alg != OID_RSA_ENCRYPTION)
211 {
212 DBG1(DBG_LIB, "only RSA digest encryption supported");
213 continue;
214 }
215
216 enumerator = lib->credmgr->create_trusted_enumerator(lib->credmgr,
217 KEY_RSA, info->serial, FALSE);
218 while (enumerator->enumerate(enumerator, &cert, &auth))
219 {
220 if (info->issuer->equals(info->issuer, cert->get_issuer(cert)))
221 {
222 key = cert->get_public_key(cert);
223 if (key)
224 {
225 chunk = info->attributes->get_encoding(info->attributes);
226 if (key->verify(key, scheme, chunk, info->encrypted_digest))
227 {
228 this->auth = auth->clone(auth);
229 key->destroy(key);
230 break;
231 }
232 key->destroy(key);
233 }
234 }
235 }
236 enumerator->destroy(enumerator);
237
238 if (!this->auth)
239 {
240 DBG1(DBG_LIB, "unable to verify pkcs7 attributes signature");
241 continue;
242 }
243
244 chunk = info->attributes->get_attribute(info->attributes,
245 OID_PKCS9_MESSAGE_DIGEST);
246 if (!chunk.len)
247 {
248 DBG1(DBG_LIB, "messageDigest attribute not found");
249 continue;
250 }
251 if (!this->this->content->get_data(this->this->content, &content))
252 {
253 continue;
254 }
255
256 algorithm = hasher_algorithm_from_oid(info->digest_alg);
257 hasher = lib->crypto->create_hasher(lib->crypto, algorithm);
258 if (!hasher || !hasher->allocate_hash(hasher, content, &hash))
259 {
260 free(content.ptr);
261 DESTROY_IF(hasher);
262 DBG1(DBG_LIB, "hash algorithm %N not supported",
263 hash_algorithm_names, algorithm);
264 continue;
265 }
266 free(content.ptr);
267 hasher->destroy(hasher);
268 DBG3(DBG_LIB, "hash: %B", &hash);
269
270 valid = chunk_equals(chunk, hash);
271 free(hash.ptr);
272 if (!valid)
273 {
274 DBG1(DBG_LIB, "invalid messageDigest");
275 continue;
276 }
277 *out = this->auth;
278 return TRUE;
279 }
280 return FALSE;
281 }
282
283 METHOD(enumerator_t, enumerator_destroy, void,
284 signature_enumerator_t *this)
285 {
286 lib->credmgr->remove_local_set(lib->credmgr, &this->this->creds->set);
287 this->inner->destroy(this->inner);
288 DESTROY_IF(this->auth);
289 free(this);
290 }
291
292 METHOD(container_t, create_signature_enumerator, enumerator_t*,
293 private_pkcs7_signed_data_t *this)
294 {
295 signature_enumerator_t *enumerator;
296
297 INIT(enumerator,
298 .public = {
299 .enumerate = (void*)_enumerate,
300 .destroy = _enumerator_destroy,
301 },
302 .inner = this->signerinfos->create_enumerator(this->signerinfos),
303 .this = this,
304 );
305
306 lib->credmgr->add_local_set(lib->credmgr, &this->creds->set, FALSE);
307 return &enumerator->public;
308 }
309
310 METHOD(container_t, get_data, bool,
311 private_pkcs7_signed_data_t *this, chunk_t *data)
312 {
313 if (this->content)
314 {
315 return this->content->get_data(this->content, data);
316 }
317 return FALSE;
318 }
319
320 METHOD(container_t, get_encoding, bool,
321 private_pkcs7_signed_data_t *this, chunk_t *data)
322 {
323 *data = chunk_clone(this->encoding);
324 return TRUE;
325 }
326
327 METHOD(container_t, destroy, void,
328 private_pkcs7_signed_data_t *this)
329 {
330 this->creds->destroy(this->creds);
331 this->signerinfos->destroy_function(this->signerinfos,
332 (void*)signerinfo_destroy);
333 DESTROY_IF(this->content);
334 free(this->encoding.ptr);
335 free(this);
336 }
337
338 /**
339 * Create an empty PKCS#7 signed-data container.
340 */
341 static private_pkcs7_signed_data_t* create_empty()
342 {
343 private_pkcs7_signed_data_t *this;
344
345 INIT(this,
346 .public = {
347 .container = {
348 .get_type = _get_type,
349 .create_signature_enumerator = _create_signature_enumerator,
350 .get_data = _get_data,
351 .get_encoding = _get_encoding,
352 .destroy = _destroy,
353 },
354 },
355 .creds = mem_cred_create(),
356 .signerinfos = linked_list_create(),
357 );
358
359 return this;
360 }
361
362 /**
363 * Parse PKCS#7 signed data
364 */
365 static bool parse(private_pkcs7_signed_data_t *this, chunk_t content)
366 {
367 asn1_parser_t *parser;
368 chunk_t object;
369 int objectID, version;
370 signerinfo_t *info = NULL;
371 bool success = FALSE;
372
373 parser = asn1_parser_create(signedDataObjects, content);
374 parser->set_top_level(parser, 0);
375 while (parser->iterate(parser, &objectID, &object))
376 {
377 u_int level = parser->get_level(parser);
378
379 switch (objectID)
380 {
381 case PKCS7_VERSION:
382 version = object.len ? (int)*object.ptr : 0;
383 DBG2(DBG_LIB, " v%d", version);
384 break;
385 case PKCS7_CONTENT_INFO:
386 this->content = lib->creds->create(lib->creds,
387 CRED_CONTAINER, CONTAINER_PKCS7,
388 BUILD_BLOB_ASN1_DER, object, BUILD_END);
389 break;
390 case PKCS7_CERT:
391 {
392 certificate_t *cert;
393
394 DBG2(DBG_LIB, " parsing pkcs7-wrapped certificate");
395 cert = lib->creds->create(lib->creds,
396 CRED_CERTIFICATE, CERT_X509,
397 BUILD_BLOB_ASN1_DER, object,
398 BUILD_END);
399 if (cert)
400 {
401 this->creds->add_cert(this->creds, FALSE, cert);
402 }
403 break;
404 }
405 case PKCS7_SIGNER_INFO:
406 INIT(info,
407 .digest_alg = OID_UNKNOWN,
408 .enc_alg = OID_UNKNOWN,
409 );
410 this->signerinfos->insert_last(this->signerinfos, info);
411 break;
412 case PKCS7_SIGNER_INFO_VERSION:
413 version = object.len ? (int)*object.ptr : 0;
414 DBG2(DBG_LIB, " v%d", version);
415 break;
416 case PKCS7_ISSUER:
417 info->issuer = identification_create_from_encoding(
418 ID_DER_ASN1_DN, object);
419 break;
420 case PKCS7_SERIAL_NUMBER:
421 info->serial = identification_create_from_encoding(
422 ID_KEY_ID, object);
423 break;
424 case PKCS7_AUTH_ATTRIBUTES:
425 *object.ptr = ASN1_SET;
426 info->attributes = pkcs9_create_from_chunk(object, level+1);
427 *object.ptr = ASN1_CONTEXT_C_0;
428 break;
429 case PKCS7_DIGEST_ALGORITHM:
430 info->digest_alg = asn1_parse_algorithmIdentifier(object,
431 level, NULL);
432 break;
433 case PKCS7_DIGEST_ENC_ALGORITHM:
434 info->enc_alg = asn1_parse_algorithmIdentifier(object,
435 level, NULL);
436 break;
437 case PKCS7_ENCRYPTED_DIGEST:
438 info->encrypted_digest = chunk_clone(object);
439 break;
440 }
441 }
442 success = parser->success(parser);
443 parser->destroy(parser);
444
445 return success;
446 }
447
448 /**
449 * See header.
450 */
451 pkcs7_t *pkcs7_signed_data_load(chunk_t encoding, chunk_t content)
452 {
453 private_pkcs7_signed_data_t *this = create_empty();
454
455 this->encoding = chunk_clone(encoding);
456 if (!parse(this, content))
457 {
458 destroy(this);
459 return NULL;
460 }
461 return &this->public;
462 }
463
464 /**
465 * build a DER-encoded issuerAndSerialNumber object
466 */
467 static chunk_t build_issuerAndSerialNumber(certificate_t *cert)
468 {
469 identification_t *issuer = cert->get_issuer(cert);
470 chunk_t serial = chunk_empty;
471
472 if (cert->get_type(cert) == CERT_X509)
473 {
474 x509_t *x509 = (x509_t*)cert;
475 serial = x509->get_serial(x509);
476 }
477
478 return asn1_wrap(ASN1_SEQUENCE, "cm",
479 issuer->get_encoding(issuer),
480 asn1_integer("c", serial));
481 }
482
483 /**
484 * Generate a new PKCS#7 signed-data container
485 */
486 static bool generate(private_pkcs7_signed_data_t *this, private_key_t *key,
487 certificate_t *cert, hash_algorithm_t alg, pkcs9_t *pkcs9)
488 {
489 chunk_t authenticatedAttributes = chunk_empty;
490 chunk_t encryptedDigest = chunk_empty;
491 chunk_t data, signerInfo, encoding = chunk_empty;
492 chunk_t messageDigest, signingTime, attributes;
493 signature_scheme_t scheme;
494 hasher_t *hasher;
495 time_t now;
496 int digest_oid;
497
498 digest_oid = hasher_algorithm_to_oid(alg);
499 scheme = signature_scheme_from_oid(digest_oid);
500
501 if (!this->content->get_data(this->content, &data))
502 {
503 return FALSE;
504 }
505
506 hasher = lib->crypto->create_hasher(lib->crypto, alg);
507 if (!hasher || !hasher->allocate_hash(hasher, data, &messageDigest))
508 {
509 DESTROY_IF(hasher);
510 DBG1(DBG_LIB, " hash algorithm %N not support",
511 hash_algorithm_names, alg);
512 free(data.ptr);
513 return FALSE;
514 }
515 hasher->destroy(hasher);
516 pkcs9->add_attribute(pkcs9,
517 OID_PKCS9_MESSAGE_DIGEST,
518 asn1_wrap(ASN1_OCTET_STRING, "m", messageDigest));
519
520 /* take the current time as signingTime */
521 now = time(NULL);
522 signingTime = asn1_from_time(&now, ASN1_UTCTIME);
523 pkcs9->add_attribute(pkcs9, OID_PKCS9_SIGNING_TIME, signingTime);
524 pkcs9->add_attribute(pkcs9, OID_PKCS9_CONTENT_TYPE,
525 asn1_build_known_oid(OID_PKCS7_DATA));
526
527 attributes = pkcs9->get_encoding(pkcs9);
528
529 if (!key->sign(key, scheme, attributes, &encryptedDigest))
530 {
531 free(data.ptr);
532 return FALSE;
533 }
534 authenticatedAttributes = chunk_clone(attributes);
535 *authenticatedAttributes.ptr = ASN1_CONTEXT_C_0;
536
537 free(data.ptr);
538 if (encryptedDigest.ptr)
539 {
540 encryptedDigest = asn1_wrap(ASN1_OCTET_STRING, "m", encryptedDigest);
541 }
542 signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmmmmm",
543 ASN1_INTEGER_1,
544 build_issuerAndSerialNumber(cert),
545 asn1_algorithmIdentifier(digest_oid),
546 authenticatedAttributes,
547 asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
548 encryptedDigest);
549
550 if (!cert->get_encoding(cert, CERT_ASN1_DER, &encoding))
551 {
552 free(signerInfo.ptr);
553 return FALSE;
554 }
555 if (!this->content->get_encoding(this->content, &data))
556 {
557 free(encoding.ptr);
558 free(signerInfo.ptr);
559 return FALSE;
560 }
561
562 this->encoding = asn1_wrap(ASN1_SEQUENCE, "mm",
563 asn1_build_known_oid(OID_PKCS7_SIGNED_DATA),
564 asn1_wrap(ASN1_CONTEXT_C_0, "m",
565 asn1_wrap(ASN1_SEQUENCE, "cmmmm",
566 ASN1_INTEGER_1,
567 asn1_wrap(ASN1_SET, "m", asn1_algorithmIdentifier(digest_oid)),
568 data,
569 asn1_wrap(ASN1_CONTEXT_C_0, "m", encoding),
570 asn1_wrap(ASN1_SET, "m", signerInfo))));
571
572
573 pkcs9->destroy(pkcs9);
574 /* TODO: create signerInfos entry */
575 return TRUE;
576 }
577
578 /**
579 * See header.
580 */
581 pkcs7_t *pkcs7_signed_data_gen(container_type_t type, va_list args)
582 {
583 private_pkcs7_signed_data_t *this;
584 chunk_t blob = chunk_empty;
585 hash_algorithm_t alg = HASH_SHA1;
586 private_key_t *key = NULL;
587 certificate_t *cert = NULL;
588 pkcs9_t *pkcs9;
589 chunk_t value;
590 int oid;
591
592 pkcs9 = pkcs9_create();
593
594 while (TRUE)
595 {
596 switch (va_arg(args, builder_part_t))
597 {
598 case BUILD_SIGNING_KEY:
599 key = va_arg(args, private_key_t*);
600 continue;
601 case BUILD_SIGNING_CERT:
602 cert = va_arg(args, certificate_t*);
603 continue;
604 case BUILD_DIGEST_ALG:
605 alg = va_arg(args, int);
606 continue;
607 case BUILD_BLOB:
608 blob = va_arg(args, chunk_t);
609 continue;
610 case BUILD_PKCS7_ATTRIBUTE:
611 oid = va_arg(args, int);
612 value = va_arg(args, chunk_t);
613 pkcs9->add_attribute(pkcs9, oid, value);
614 continue;
615 case BUILD_END:
616 break;
617 default:
618 pkcs9->destroy(pkcs9);
619 return NULL;
620 }
621 break;
622 }
623 if (blob.len && key && cert)
624 {
625 this = create_empty();
626
627 this->creds->add_cert(this->creds, FALSE, cert->get_ref(cert));
628 this->content = lib->creds->create(lib->creds,
629 CRED_CONTAINER, CONTAINER_PKCS7_DATA,
630 BUILD_BLOB, blob, BUILD_END);
631
632 if (this->content && generate(this, key, cert, alg, pkcs9))
633 {
634 return &this->public;
635 }
636 pkcs9->destroy(pkcs9);
637 destroy(this);
638 }
639 else
640 {
641 pkcs9->destroy(pkcs9);
642 }
643 return NULL;
644 }