parse signedData object with empty content
[strongswan.git] / src / libstrongswan / crypto / pkcs7.c
index 05d0977..252fc19 100644 (file)
@@ -1,13 +1,14 @@
 /**
  * @file pkcs7.c
  *
 /**
  * @file pkcs7.c
  *
- * @brief Implementation of pkcs7_contentInfo_t.
+ * @brief Implementation of pkcs7_t.
  *
  */
 
 /*
  * Copyright (C) 2005 Jan Hutter, Martin Willi
  *
  */
 
 /*
  * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Copyright (C) 2002-2005 Andreas Steffen
+ * Copyright (C) 2002-2008 Andreas Steffen
+ *
  * Hochschule fuer Technik Rapperswil, Switzerland
  *
  * This program is free software; you can redistribute it and/or modify it
  * Hochschule fuer Technik Rapperswil, Switzerland
  *
  * This program is free software; you can redistribute it and/or modify it
 #include <asn1/asn1.h>
 #include <asn1/oid.h>
 #include <crypto/x509.h>
 #include <asn1/asn1.h>
 #include <asn1/oid.h>
 #include <crypto/x509.h>
+#include <crypto/pkcs9.h>
+#include <crypto/hashers/hasher.h>
+#include <crypto/crypters/crypter.h>
+#include <crypto/rsa/rsa_public_key.h>
+#include <utils/randomizer.h>
+#include <utils/linked_list.h>
 
 #include "pkcs7.h"
 
 
 #include "pkcs7.h"
 
-typedef struct private_pkcs7_contentInfo_t private_pkcs7_contentInfo_t;
+typedef struct private_pkcs7_t private_pkcs7_t;
 
 /**
 
 /**
- * Private data of a pkcs7_contentInfo_t object.
+ * Private data of a pkcs7_t object.
  */
  */
-struct private_pkcs7_contentInfo_t {
+struct private_pkcs7_t {
        /**
         * Public interface for this certificate.
         */
        /**
         * Public interface for this certificate.
         */
-       pkcs7_contentInfo_t public;
+       pkcs7_t public;
 
        /**
         * contentInfo type
 
        /**
         * contentInfo type
@@ -54,7 +61,32 @@ struct private_pkcs7_contentInfo_t {
        /**
         * ASN.1 encoded content
         */
        /**
         * ASN.1 encoded content
         */
-    chunk_t content;
+       chunk_t content;
+
+       /**
+        * Has the content already been parsed?
+        */
+       bool parsed;
+
+       /**
+        * ASN.1 parsing start level
+        */
+       u_int level;
+
+       /**
+        * retrieved data
+        */
+       chunk_t data;
+
+       /**
+        * ASN.1 encoded attributes
+        */
+       pkcs9_t *attributes;
+
+       /**
+        * Linked list of X.509 certificates
+        */
+       linked_list_t *certs;
 };
 
 /**
 };
 
 /**
@@ -216,120 +248,98 @@ static const chunk_t ASN1_des_cbc_oid =
                                                chunk_from_buf(ASN1_des_cbc_oid_str);
 
 /**
                                                chunk_from_buf(ASN1_des_cbc_oid_str);
 
 /**
- * PKCS#7 attribute type OIDs
+ * Implements pkcs7_t.is_data.
  */
  */
-static u_char ASN1_contentType_oid_str[] = {
-       0x06, 0x09,
-                 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x03
-};
-
-static u_char ASN1_messageDigest_oid_str[] = {
-       0x06, 0x09,
-                 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x04
-};
-
-static const chunk_t ASN1_contentType_oid =
-                                               chunk_from_buf(ASN1_contentType_oid_str);
-static const chunk_t ASN1_messageDigest_oid =
-                                               chunk_from_buf(ASN1_messageDigest_oid_str);
+static bool is_data(private_pkcs7_t *this)
+{
+       return this->type == OID_PKCS7_DATA;
+}
 
 /**
 
 /**
- * Implements pkcs7_contentInfo_t.destroy
+ * Implements pkcs7_t.is_signedData.
  */
  */
-static void destroy(private_pkcs7_contentInfo_t *this)
+static bool is_signedData(private_pkcs7_t *this)
 {
 {
-       free(this);
+       return this->type == OID_PKCS7_SIGNED_DATA;
 }
 
 /**
 }
 
 /**
- * Parse PKCS#7 ContentInfo object
+ * Implements pkcs7_t.is_envelopedData.
  */
  */
-static bool pkcs7_parse_contentInfo(chunk_t blob, u_int level0, private_pkcs7_contentInfo_t *cInfo)
+static bool is_envelopedData(private_pkcs7_t *this)
 {
 {
-       asn1_ctx_t ctx;
-       chunk_t object;
-       u_int level;
-       int objectID = 0;
-
-       asn1_init(&ctx, blob, level0, FALSE, FALSE);
+       return this->type == OID_PKCS7_ENVELOPED_DATA;
+}
 
 
-       while (objectID < PKCS7_INFO_ROOF)
+/**
+ * Check whether to abort the requested parsing
+ */
+static bool abort_parsing(private_pkcs7_t *this, int type)
+{
+       if (this->type != type)
        {
        {
-               if (!extract_object(contentInfoObjects, &objectID, &object, &level, &ctx))
-               {
-                       return FALSE;
-               }
-
-               if (objectID == PKCS7_INFO_TYPE)
-               {
-                       cInfo->type = known_oid(object);
-                       if (cInfo->type < OID_PKCS7_DATA
-                       ||  cInfo->type > OID_PKCS7_ENCRYPTED_DATA)
-                       {
-                               DBG1("unknown pkcs7 content type");
-                               return FALSE;
-                       }
-               }
-               else if (objectID == PKCS7_INFO_CONTENT)
-               {
-                       cInfo->content = object;
-               }
-               objectID++;
+               DBG1("pkcs7 content to be parsed is not of type '%s'",
+                        oid_names[type]);
+               return TRUE;
        }
        }
-       return TRUE;
+       if (this->parsed)
+       {
+               DBG1("pkcs7 content has already been parsed");
+               return TRUE;
+       }
+       this->parsed = TRUE;
+       return FALSE;
 }
 
 }
 
-/*
- * Described in header.
+/**
+ * Implements pkcs7_t.parse_data.
  */
  */
-pkcs7_contentInfo_t *pkcs7_contentInfo_create_from_chunk(chunk_t chunk, u_int level)
+static bool parse_data(private_pkcs7_t *this)
 {
 {
-       private_pkcs7_contentInfo_t *this = malloc_thing(private_pkcs7_contentInfo_t);
-       
-       /* initialize */
-       this->type = OID_UNKNOWN;
-       this->content = chunk_empty;
+       chunk_t data = this->content;
 
 
-       /*public functions */
-       this->public.destroy = (void (*) (pkcs7_contentInfo_t*))destroy;
-
-       if (!pkcs7_parse_contentInfo(chunk, level, this))
+       if (abort_parsing(this, OID_PKCS7_DATA))
        {
        {
-               destroy(this);
-               return NULL;
+               return FALSE;
+       }
+       if (data.len == 0)
+       {
+               this->data = chunk_empty;
+               return TRUE;
+       }
+       if (parse_asn1_simple_object(&data, ASN1_OCTET_STRING, this->level, "data"))
+       {
+               this->data = chunk_clone(data);
+               return TRUE;
+       }
+       else
+       {
+               return FALSE;
        }
        }
-       return &this->public;
 }
 
 /**
 }
 
 /**
- * Parse a PKCS#7 signedData object
+ * Implements pkcs7_t.parse_signedData.
  */
  */
-bool pkcs7_parse_signedData(chunk_t blob, pkcs7_contentInfo_t *data, x509_t **cert,
-                                                       chunk_t *attributes, const x509_t *cacert)
+static bool parse_signedData(private_pkcs7_t *this, x509_t *cacert)
 {
 {
-       u_char buf[BUF_LEN];
        asn1_ctx_t ctx;
        chunk_t object;
        u_int level;
        asn1_ctx_t ctx;
        chunk_t object;
        u_int level;
+       int objectID = 0;
+
        int digest_alg = OID_UNKNOWN;
        int enc_alg    = OID_UNKNOWN;
        int signerInfos = 0;
        int digest_alg = OID_UNKNOWN;
        int enc_alg    = OID_UNKNOWN;
        int signerInfos = 0;
-       int objectID = 0;
 
 
-       private_pkcs7_contentInfo_t cInfo;
        chunk_t encrypted_digest = chunk_empty;
 
        chunk_t encrypted_digest = chunk_empty;
 
-       if (!pkcs7_parse_contentInfo(blob, 0, &cInfo))
+       if (abort_parsing(this, OID_PKCS7_SIGNED_DATA))
        {
                return FALSE;
        }
        {
                return FALSE;
        }
-       if (cInfo.type != OID_PKCS7_SIGNED_DATA)
-       {
-               DBG1("pkcs7 content type is not signedData");
-               return FALSE;
-       }
 
 
-       asn1_init(&ctx, cInfo.content, 2, FALSE, FALSE);
+       asn1_init(&ctx, this->content, this->level, FALSE, FALSE);
 
        while (objectID < PKCS7_SIGNED_ROOF)
        {
 
        while (objectID < PKCS7_SIGNED_ROOF)
        {
@@ -344,30 +354,31 @@ bool pkcs7_parse_signedData(chunk_t blob, pkcs7_contentInfo_t *data, x509_t **ce
                                digest_alg = parse_algorithmIdentifier(object, level, NULL);
                                break;
                        case PKCS7_SIGNED_CONTENT_INFO:
                                digest_alg = parse_algorithmIdentifier(object, level, NULL);
                                break;
                        case PKCS7_SIGNED_CONTENT_INFO:
-                               if (data != NULL)
                                {
                                {
-                                       pkcs7_parse_contentInfo(object, level, data);
+                                       chunk_t pureData;
+                                       pkcs7_t *data = pkcs7_create_from_chunk(object, level+1);
+
+                                       if (data == NULL)
+                                       {
+                                               return FALSE;
+                                       }
+                                       if (!data->parse_data(data))
+                                       {
+                                               data->destroy(data);
+                                               return FALSE;
+                                       }
+                                       pureData = data->get_data(data);
+                                       this->data = (pureData.len)? chunk_clone(pureData) : chunk_empty;
+                                       data->destroy(data);
                                }
                                break;
                        case PKCS7_SIGNED_CERT:
                                }
                                break;
                        case PKCS7_SIGNED_CERT:
-                               if (cert != NULL)
                                {
                                {
-                                       chunk_t cert_blob;
-
-                                       x509_t *newcert = alloc_thing(x509_t, "pkcs7 wrapped x509cert");
-
-                                       clonetochunk(cert_blob, object.ptr, object.len, "pkcs7 cert blob");
-                                       *newcert = empty_x509cert;
+                                       x509_t *cert = x509_create_from_chunk(chunk_clone(object), level+1);
 
 
-                                       DBG2("parsing pkcs7-wrapped certificate");
-                                       if (parse_x509cert(cert_blob, level+1, newcert))
+                                       if (cert)
                                        {
                                        {
-                                               newcert->next = *cert;
-                                               *cert = newcert;
-                                       }
-                                       else
-                                       {
-                                               newcert->destroy(newcert);
+                                               this->certs->insert_last(this->certs, (void*)cert);
                                        }
                                }
                                break;
                                        }
                                }
                                break;
@@ -385,11 +396,9 @@ bool pkcs7_parse_signedData(chunk_t blob, pkcs7_contentInfo_t *data, x509_t **ce
                                }
                                break;
                        case PKCS7_AUTH_ATTRIBUTES:
                                }
                                break;
                        case PKCS7_AUTH_ATTRIBUTES:
-                               if (attributes != NULL)
-                               {
-                                       *attributes = object;
-                                       *attributes->ptr = ASN1_SET;
-                               }
+                               *object.ptr = ASN1_SET;
+                               this->attributes = pkcs9_create_from_chunk(object, level+1);
+                               *object.ptr = ASN1_CONTEXT_C_0;
                                break;
                        case PKCS7_DIGEST_ALGORITHM:
                                digest_alg = parse_algorithmIdentifier(object, level, NULL);
                                break;
                        case PKCS7_DIGEST_ALGORITHM:
                                digest_alg = parse_algorithmIdentifier(object, level, NULL);
@@ -406,6 +415,9 @@ bool pkcs7_parse_signedData(chunk_t blob, pkcs7_contentInfo_t *data, x509_t **ce
        /* check the signature only if a cacert is available */
        if (cacert != NULL)
        {
        /* check the signature only if a cacert is available */
        if (cacert != NULL)
        {
+               hash_algorithm_t algorithm = hasher_algorithm_from_oid(digest_alg);
+               rsa_public_key_t *signer = cacert->get_public_key(cacert);
+
                if (signerInfos == 0)
                {
                        DBG1("no signerInfo object found");
                if (signerInfos == 0)
                {
                        DBG1("no signerInfo object found");
@@ -414,61 +426,88 @@ bool pkcs7_parse_signedData(chunk_t blob, pkcs7_contentInfo_t *data, x509_t **ce
                else if (signerInfos > 1)
                {
                        DBG1("more than one signerInfo object found");
                else if (signerInfos > 1)
                {
                        DBG1("more than one signerInfo object found");
-               return FALSE;
+                       return FALSE;
                }
                }
-               if (attributes->ptr == NULL)
+               if (this->attributes == NULL)
                {
                        DBG1("no authenticatedAttributes object found");
                        return FALSE;
                }
                {
                        DBG1("no authenticatedAttributes object found");
                        return FALSE;
                }
-               if (!check_signature(*attributes, encrypted_digest, digest_alg
-               , enc_alg, cacert))
+               if (enc_alg != OID_RSA_ENCRYPTION)
+               {
+                       DBG1("only RSA digest encryption supported");
+                       return FALSE;
+               }
+               if (signer->verify_emsa_pkcs1_signature(signer, algorithm,
+                               this->attributes->get_encoding(this->attributes), encrypted_digest) != SUCCESS)
                {
                {
-                       DBG1("invalid signature");
+                       DBG1("invalid digest signature");
                        return FALSE;
                }
                else
                {
                        return FALSE;
                }
                else
                {
-                       DBG2("signature is valid");
+                       DBG2("digest signature is valid");
+               }
+               if (this->data.ptr != NULL)
+               {
+                       chunk_t messageDigest = this->attributes->get_messageDigest(this->attributes);
+
+                       if (messageDigest.ptr == NULL)
+                       {
+                               DBG1("messageDigest attribute not found");
+                               return FALSE;
+                       }
+                       else
+                       {
+                               hasher_t *hasher = hasher_create(algorithm);
+                               chunk_t hash;
+                               bool valid;
+
+                               hasher->allocate_hash(hasher, this->data, &hash);
+                               hasher->destroy(hasher);
+                               DBG3("hash: %B", &hash);
+
+                               valid = chunk_equals(messageDigest, hash);
+                               free(messageDigest.ptr);
+                               free(hash.ptr);
+                               if (valid)
+                               {
+                                       DBG2("messageDigest is valid");
+                               }
+                               else
+                               {
+                                       DBG1("invalid messageDigest");
+                                       return FALSE;
+                               }
+                       }
                }
        }
        return TRUE;
 }
 
 /**
                }
        }
        return TRUE;
 }
 
 /**
- * Parse a PKCS#7 envelopedData object
+ * Parse PKCS#7 envelopedData content
  */
  */
-bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data,
-                                                          chunk_t serialNumber,
-                                                          const RSA_private_key_t *key)
+static bool parse_envelopedData(private_pkcs7_t *this, chunk_t serialNumber,
+                                                               rsa_private_key_t *key)
 {
        asn1_ctx_t ctx;
        chunk_t object;
 {
        asn1_ctx_t ctx;
        chunk_t object;
-       chunk_t iv                = empty_chunk;
-       chunk_t symmetric_key     = empty_chunk;
-       chunk_t encrypted_content = empty_chunk;
-
-       u_char buf[BUF_LEN];
        u_int level;
        u_int level;
-       u_int total_keys = 3;
-       int enc_alg         = OID_UNKNOWN;
-       int content_enc_alg = OID_UNKNOWN;
        int objectID = 0;
 
        int objectID = 0;
 
-       contentInfo_t cInfo = empty_contentInfo;
-       *data = empty_chunk;
+       chunk_t iv                = chunk_empty;
+       chunk_t symmetric_key     = chunk_empty;
+       chunk_t encrypted_content = chunk_empty;
 
 
-       if (!pkcs7_pkcs7_parse_contentInfo(blob, 0, &cInfo))
-       {
-               goto failed;
-       }
-       if (cInfo.type != OID_PKCS7_ENVELOPED_DATA)
+       crypter_t *crypter = NULL;
+
+       if (abort_parsing(this, OID_PKCS7_ENVELOPED_DATA))
        {
        {
-               DBG1("pkcs7 content type is not envelopedData");
-               goto failed;
+               return FALSE;
        }
 
        }
 
-       asn1_init(&ctx, cInfo.content, 2, FALSE, DBG_RAW);
+       asn1_init(&ctx, this->content, this->level, FALSE, FALSE);
 
        while (objectID < PKCS7_ENVELOPED_ROOF)
        {
 
        while (objectID < PKCS7_ENVELOPED_ROOF)
        {
@@ -510,15 +549,18 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data,
                                }
                                break;
                        case PKCS7_ENCRYPTION_ALG:
                                }
                                break;
                        case PKCS7_ENCRYPTION_ALG:
-                               enc_alg = parse_algorithmIdentifier(object, level, NULL);
-                               if (enc_alg != OID_RSA_ENCRYPTION)
                                {
                                {
-                                       DBG1("only rsa encryption supported");
-                                       goto failed;
+                                       int alg = parse_algorithmIdentifier(object, level, NULL);
+
+                                       if (alg != OID_RSA_ENCRYPTION)
+                                       {
+                                               DBG1("only rsa encryption supported");
+                                               goto failed;
+                                       }
                                }
                                break;
                        case PKCS7_ENCRYPTED_KEY:
                                }
                                break;
                        case PKCS7_ENCRYPTED_KEY:
-                               if (!RSA_decrypt(key, object, &symmetric_key))
+                               if (key->pkcs1_decrypt(key, object, &symmetric_key) != SUCCESS)
                                {
                                        DBG1("symmetric key could not be decrypted with rsa");
                                        goto failed;
                                {
                                        DBG1("symmetric key could not be decrypted with rsa");
                                        goto failed;
@@ -533,34 +575,36 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data,
                                }
                                break;
                        case PKCS7_CONTENT_ENC_ALGORITHM:
                                }
                                break;
                        case PKCS7_CONTENT_ENC_ALGORITHM:
-                               content_enc_alg = parse_algorithmIdentifier(object, level, &iv);
-
-                               switch (content_enc_alg)
                                {
                                {
-                                       case OID_DES_CBC:
-                                               total_keys = 1;
-                                               break;
-                                       case OID_3DES_EDE_CBC:
-                                               total_keys = 3;
-                                               break;
-                                       default:
-                                               DBG1("Only DES and 3DES supported for symmetric encryption");
+                                       int alg = parse_algorithmIdentifier(object, level, &iv);
+
+                                       switch (alg)
+                                       {
+                                               case OID_DES_CBC:
+                                                       crypter = crypter_create(ENCR_DES, 0);
+                                                       break;
+                                               case OID_3DES_EDE_CBC:
+                                                       crypter = crypter_create(ENCR_3DES, 0);
+                                                       break;
+                                               default:
+                                                       DBG1("Only DES and 3DES supported for symmetric encryption");
+                                                       goto failed;
+                                       }
+                                       if (symmetric_key.len != crypter->get_key_size(crypter))
+                                       {
+                                               DBG1("symmetric key has wrong length");
                                                goto failed;
                                                goto failed;
-                               }
-                               if (symmetric_key.len != (total_keys * DES_CBC_BLOCK_SIZE))
-                               {
-                                       DBG1("key length is not %d", (total_keys * DES_CBC_BLOCK_SIZE));
-                                       goto failed;
-                               }
-                               if (!parse_asn1_simple_object(&iv, ASN1_OCTET_STRING, level+1, "IV"))
-                               {
-                                       DBG1("IV could not be parsed");
-                                       goto failed;
-                               }
-                               if (iv.len != DES_CBC_BLOCK_SIZE)
-                               {
-                                       plog("IV has wrong length");
-                                       goto failed;
+                                       }
+                                       if (!parse_asn1_simple_object(&iv, ASN1_OCTET_STRING, level+1, "IV"))
+                                       {
+                                               DBG1("IV could not be parsed");
+                                               goto failed;
+                                       }
+                                       if (iv.len != crypter->get_block_size(crypter))
+                                       {
+                                               DBG1("IV has wrong length");
+                                               goto failed;
+                                       }
                                }
                                break;
                        case PKCS7_ENCRYPTED_CONTENT:
                                }
                                break;
                        case PKCS7_ENCRYPTED_CONTENT:
@@ -571,54 +615,22 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data,
        }
 
        /* decrypt the content */
        }
 
        /* decrypt the content */
-       {
-               u_int i;
-               des_cblock des_key[3], des_iv;
-               des_key_schedule key_s[3];
-
-               memcpy((char *)des_key, symmetric_key.ptr, symmetric_key.len);
-               memcpy((char *)des_iv, iv.ptr, iv.len);
-
-               for (i = 0; i < total_keys; i++)
-               {
-                       if (des_set_key(&des_key[i], key_s[i]))
-                       {
-                               plog("des key schedule failed");
-                               goto failed;
-                       }
-               }
-
-               data->len = encrypted_content.len;
-               data->ptr = alloc_bytes(data->len, "decrypted data");
-
-               switch (content_enc_alg)
-               {
-                       case OID_DES_CBC:
-                               des_cbc_encrypt((des_cblock*)encrypted_content.ptr
-                                       , (des_cblock*)data->ptr, data->len
-                                       , key_s[0], &des_iv, DES_DECRYPT);
-                               break;
-                       case OID_3DES_EDE_CBC:
-                               des_ede3_cbc_encrypt( (des_cblock*)encrypted_content.ptr
-                                       , (des_cblock*)data->ptr, data->len
-                                       , key_s[0], key_s[1], key_s[2]
-                                       , &des_iv, DES_DECRYPT);
-               }
-               DBG4("decrypted content with padding: %B", data);
-       }
+       crypter->set_key(crypter, symmetric_key);
+       crypter->decrypt(crypter, encrypted_content, iv, &this->data);
+       DBG3("decrypted content with padding: %B", &this->data);
 
        /* remove the padding */
        {
 
        /* remove the padding */
        {
-               u_char *pos = data->ptr + data->len - 1;
+               u_char *pos = this->data.ptr + this->data.len - 1;
                u_char pattern = *pos;
                size_t padding = pattern;
 
                u_char pattern = *pos;
                size_t padding = pattern;
 
-               if (padding > data->len)
+               if (padding > this->data.len)
                {
                        DBG1("padding greater than data length");
                        goto failed;
                }
                {
                        DBG1("padding greater than data length");
                        goto failed;
                }
-               data->len -= padding;
+               this->data.len -= padding;
 
                while (padding-- > 0)
                {
 
                while (padding-- > 0)
                {
@@ -629,60 +641,34 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data,
                        }
                }
        }
                        }
                }
        }
+       crypter->destroy(crypter);
        free(symmetric_key.ptr);
        return TRUE;
 
 failed:
        free(symmetric_key.ptr);
        return TRUE;
 
 failed:
+       DESTROY_IF(crypter);
        free(symmetric_key.ptr);
        free(symmetric_key.ptr);
-       pfreeany(data->ptr);
+       chunk_free(&this->data);
        return FALSE;
 }
 
 /**
        return FALSE;
 }
 
 /**
- * @brief Builds a contentType attribute
- *
- * @return ASN.1 encoded contentType attribute
- */
-chunk_t pkcs7_contentType_attribute(void)
-{
-       return asn1_wrap(ASN1_SEQUENCE, "cm"
-                       , ASN1_contentType_oid
-                       , asn1_simple_object(ASN1_SET, ASN1_pkcs7_data_oid));
-}
-
-/**
- * @brief Builds a messageDigest attribute
- * 
- * 
- * @param[in] blob content to create digest of
- * @param[in] digest_alg digest algorithm to be used
- * @return ASN.1 encoded messageDigest attribute
- * 
+ * Implements pkcs7_t.get_data.
  */
  */
-chunk_t pkcs7_messageDigest_attribute(chunk_t content, int digest_alg)
+static chunk_t get_data(private_pkcs7_t *this)
 {
 {
-       u_char digest_buf[MAX_DIGEST_LEN];
-       chunk_t digest = { digest_buf, MAX_DIGEST_LEN };
-
-       compute_digest(content, digest_alg, &digest);
-
-       return asn1_wrap(ASN1_SEQUENCE, "cm"
-                       , ASN1_messageDigest_oid
-                       , asn1_wrap(ASN1_SET, "m"
-                           , asn1_simple_object(ASN1_OCTET_STRING, digest)
-                         )
-                  );
+       return this->data;
 }
 
 /**
 }
 
 /**
- * build a DER-encoded contentInfo object
+ * Implements pkcs7_t.get_contentInfo.
  */
  */
-static chunk_t pkcs7_build_contentInfo(contentInfo_t *cInfo)
+static chunk_t get_contentInfo(private_pkcs7_t *this)
 {
        chunk_t content_type;
 
 {
        chunk_t content_type;
 
-       /* select DER-encoded OID for pkcs7 contentInfo type */
-       switch(cInfo->type)
+       /* select DER-encoded OID for pkcs7_contentInfo type */
+       switch(this->type)
        {
                case OID_PKCS7_DATA:
                        content_type = ASN1_pkcs7_data_oid;
        {
                case OID_PKCS7_DATA:
                        content_type = ASN1_pkcs7_data_oid;
@@ -706,207 +692,386 @@ static chunk_t pkcs7_build_contentInfo(contentInfo_t *cInfo)
                default:
                        DBG1("invalid pkcs7 contentInfo type");
                        return chunk_empty;
                default:
                        DBG1("invalid pkcs7 contentInfo type");
                        return chunk_empty;
-    }
+       }
 
 
-       return (cInfo->content.ptr == NULL)
-               ? asn1_simple_object(ASN1_SEQUENCE, content_type)
-               : asn1_wrap(ASN1_SEQUENCE, "cm"
-                       , content_type
-                       , asn1_simple_object(ASN1_CONTEXT_C_0, cInfo->content)
-                 );
+       return (this->content.ptr == NULL)
+                       ? asn1_simple_object(ASN1_SEQUENCE, content_type)
+                       : asn1_wrap(ASN1_SEQUENCE, "cm",
+                                       content_type,
+                                       asn1_simple_object(ASN1_CONTEXT_C_0, this->content)
+                         );
 }
 
 /**
 }
 
 /**
- * build issuerAndSerialNumber object
+ * Implements pkcs7_t.create_certificate_iterator
  */
  */
-chunk_t pkcs7_build_issuerAndSerialNumber(const x509_t *cert)
+static iterator_t *create_certificate_iterator(const private_pkcs7_t *this)
 {
 {
-       return asn1_wrap(ASN1_SEQUENCE, "cm"
-                       , cert->issuer
-                       , asn1_simple_object(ASN1_INTEGER, cert->serialNumber));
+       return this->certs->create_iterator(this->certs, TRUE);
 }
 
 /**
 }
 
 /**
- * create a signed pkcs7 contentInfo object
+ * Implements pkcs7_t.set_certificate
  */
  */
-chunk_t pkcs7_build_signedData(chunk_t data, chunk_t attributes, const x509_t *cert,
-                                                          int digest_alg, const RSA_private_key_t *key)
+static void set_certificate(private_pkcs7_t *this, x509_t *cert)
 {
 {
-       contentInfo_t pkcs7Data, signedData;
-       chunk_t authenticatedAttributes, encryptedDigest, signerInfo, cInfo;
-
-       chunk_t digestAlgorithm = asn1_algorithmIdentifier(digest_alg);
-
-       if (attributes.ptr != NULL)
-       {
-               encryptedDigest = pkcs1_build_signature(attributes, digest_alg
-                               , key, FALSE);
-               clonetochunk(authenticatedAttributes, attributes.ptr, attributes.len
-                       , "authenticatedAttributes");
-               *authenticatedAttributes.ptr = ASN1_CONTEXT_C_0;
-       }
-       else
+       if (cert)
        {
        {
-               encryptedDigest = (data.ptr == NULL)? empty_chunk
-                       : pkcs1_build_signature(data, digest_alg, key, FALSE);
-               authenticatedAttributes = empty_chunk;
+               /* TODO the certificate is currently not cloned */
+               this->certs->insert_last(this->certs, cert);
        }
        }
+}
+
+/**
+ * Implements pkcs7_t.set_attributes
+ */
+static void set_attributes(private_pkcs7_t *this, pkcs9_t *attributes)
+{
+       this->attributes = attributes;
+}
+
+/**
+ * build a DER-encoded issuerAndSerialNumber object
+ */
+chunk_t pkcs7_build_issuerAndSerialNumber(x509_t *cert)
+{
+       identification_t *issuer = cert->get_issuer(cert);
 
 
-       signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmcmcm"
-                       , ASN1_INTEGER_1
-                       , pkcs7_build_issuerAndSerialNumber(cert)
-                       , digestAlgorithm
-                       , authenticatedAttributes
-                       , ASN1_rsaEncryption_id
-                       , encryptedDigest);
-
-       pkcs7Data.type    = OID_PKCS7_DATA;
-       pkcs7Data.content = (data.ptr == NULL)? empty_chunk
-                       : asn1_simple_object(ASN1_OCTET_STRING, data);
-
-       signedData.type = OID_PKCS7_SIGNED_DATA;
-       signedData.content = asn1_wrap(ASN1_SEQUENCE, "cmmmm"
-                       , ASN1_INTEGER_1
-                       , asn1_simple_object(ASN1_SET, digestAlgorithm)
-                       , pkcs7_build_contentInfo(&pkcs7Data)
-                       , asn1_simple_object(ASN1_CONTEXT_C_0, cert->certificate)
-                       , asn1_wrap(ASN1_SET, "m", signerInfo));
-
-       cInfo = pkcs7_build_contentInfo(&signedData);
-       DBG3("signedData: %B", &cInfo);
-
-       free(pkcs7Data.content.ptr);
-       free(signedData.content.ptr);
-       return cInfo;
+    return asn1_wrap(ASN1_SEQUENCE, "cm",
+                       issuer->get_encoding(issuer),
+                       asn1_simple_object(ASN1_INTEGER, cert->get_serialNumber(cert)));
 }
 
 /**
 }
 
 /**
- * create a symmetrically encrypted pkcs7 contentInfo object
+ * Implements pkcs7_t.build_envelopedData.
  */
  */
-chunk_t pkcs7_build_envelopedData(chunk_t data, const x509_t *cert, int cipher)
+bool build_envelopedData(private_pkcs7_t *this, x509_t *cert,
+                                                encryption_algorithm_t alg)
 {
 {
-       bool des_check_key_save;
-       des_key_schedule ks[3];
-       des_cblock key[3], des_iv, des_iv_buf;
+       chunk_t iv, symmetricKey, in, out, alg_oid;
+       crypter_t *crypter;
+
+       /* select OID of symmetric encryption algorithm */
+       switch (alg)
+       {
+               case ENCR_DES:
+                       alg_oid = ASN1_des_cbc_oid;
+                       break;
+               case ENCR_3DES:
+                       alg_oid = ASN1_3des_ede_cbc_oid;
+                       break;
+               default:
+                       DBG1("  encryption algorithm %N not supported",
+                                 encryption_algorithm_names, alg);
+                       return FALSE;
+       }
+
+       crypter = crypter_create(alg, 0);
+       if (crypter == NULL)
+       {
+               DBG1("  could not create crypter for algorithm %N",
+                        encryption_algorithm_names, alg);
+               return FALSE;
+       }
 
 
-       chunk_t iv = { (u_char *)des_iv_buf, DES_CBC_BLOCK_SIZE };
-       chunk_t out;
-       chunk_t cipher_oid;
+       /* generate a true random symmetric encryption key
+        * and a pseudo-random iv
+        */
+       {
+               randomizer_t *randomizer = randomizer_create();
 
 
-       u_int total_keys, i;
-       size_t padding = pad_up(data.len, DES_CBC_BLOCK_SIZE);
+               randomizer->allocate_random_bytes(randomizer,
+                        crypter->get_key_size(crypter), &symmetricKey);
+               DBG4("  symmetric encryption key: %B", &symmetricKey);
 
 
-       RSA_public_key_t public_key;
+               randomizer->allocate_pseudo_random_bytes(randomizer,
+                       crypter->get_block_size(crypter), &iv);
+               DBG4("  initialization vector: %B", &iv);
 
 
-       init_RSA_public_key(&public_key, cert->publicExponent
-                                  , cert->modulus);
+               randomizer->destroy(randomizer);
+       }
 
 
-       if (padding == 0)
+       /* pad the data so that the total length becomes
+        * a multiple of the block size
+        */
        {
        {
-               padding += DES_CBC_BLOCK_SIZE;
+               size_t block_size = crypter->get_block_size(crypter);
+               size_t padding = block_size - this->data.len % block_size;
+
+               in.len = this->data.len + padding;
+               in.ptr = malloc(in.len);
+
+               DBG2("  padding %d bytes of data to multiple block size of %d bytes",
+                       (int)this->data.len, (int)in.len);
+
+               /* copy data */
+               memcpy(in.ptr, this->data.ptr, this->data.len);
+               /* append padding */
+               memset(in.ptr + this->data.len, padding, padding);
        }
        }
+       DBG3("  padded unencrypted data: %B", &in);
+
+       /* symmetric encryption of data object */
+       crypter->set_key(crypter, symmetricKey);
+       crypter->encrypt(crypter, in, iv, &out);
+       crypter->destroy(crypter);
+       chunk_free_randomized(&in);
+    DBG3("  encrypted data: %B", &out);
 
 
-       out.len = data.len + padding;
-       out.ptr = alloc_bytes(out.len, "DES-encrypted output");
+       /* build pkcs7 enveloped data object */ 
+       {
+               chunk_t contentEncryptionAlgorithm = asn1_wrap(ASN1_SEQUENCE, "cm",
+                                       alg_oid,
+                                       asn1_wrap(ASN1_OCTET_STRING, "m", iv));
+       
+               chunk_t encryptedContentInfo = asn1_wrap(ASN1_SEQUENCE, "cmm",
+                                       ASN1_pkcs7_data_oid,
+                                       contentEncryptionAlgorithm,
+                                       asn1_wrap(ASN1_CONTEXT_S_0, "m", out));
+
+               chunk_t wrappedKey, encryptedKey, recipientInfo;
+
+               rsa_public_key_t *public_key = cert->get_public_key(cert);
 
 
-       DBG2("padding %d bytes of data to multiple DES block size of %d bytes"
-                       , (int)data.len, (int)out.len);
+               public_key->pkcs1_encrypt(public_key, symmetricKey, &wrappedKey);
+               chunk_free_randomized(&symmetricKey);
 
 
-       /* copy data */
-       memcpy(out.ptr, data.ptr, data.len);
-       /* append padding */
-       memset(out.ptr + data.len, padding, padding);
+               encryptedKey = asn1_wrap(ASN1_OCTET_STRING, "m", wrappedKey);
 
 
-       DBG3("padded unencrypted data: %B", &out);
+               recipientInfo = asn1_wrap(ASN1_SEQUENCE, "cmcm",
+                                       ASN1_INTEGER_0,
+                                       pkcs7_build_issuerAndSerialNumber(cert),
+                                       asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
+                                       encryptedKey);
 
 
-       /* select OID and keylength for specified cipher */
-       switch (cipher)
+               this->content = asn1_wrap(ASN1_SEQUENCE, "cmm",
+                                       ASN1_INTEGER_0,
+                                       asn1_wrap(ASN1_SET, "m", recipientInfo),
+                                       encryptedContentInfo);
+               this->type = OID_PKCS7_ENVELOPED_DATA;
+    }
+       return TRUE;
+}
+
+/**
+ * Implements pkcs7_t.build_signedData.
+ */
+bool build_signedData(private_pkcs7_t *this, rsa_private_key_t *private_key,
+                                         hash_algorithm_t alg)
+{
+       int signature_oid = hasher_signature_algorithm_to_oid(alg);
+       chunk_t authenticatedAttributes = chunk_empty;
+       chunk_t encryptedDigest = chunk_empty;
+       chunk_t signerInfo;
+       x509_t *cert;
+
+       if (this->certs->get_first(this->certs, (void**)&cert) != SUCCESS)
        {
        {
-               case OID_DES_CBC:
-                       total_keys = 1;
-                       cipher_oid = ASN1_des_cbc_oid;
-                       break;
-               case OID_3DES_EDE_CBC:
-               default:
-               total_keys = 3;
-               cipher_oid = ASN1_3des_ede_cbc_oid;
+               DBG1("  no pkcs7 signer certificate found");
+               return FALSE;
        }
        }
-       DBG2("pkcs7 encryption cipher: %s", oid_names[cipher].name);
 
 
-       /* generate a strong random key for DES/3DES */
-       des_check_key_save = des_check_key;
-       des_check_key = TRUE;
-       for (i = 0; i < total_keys;i++)
+       if (this->attributes != NULL)
        {
        {
-               for (;;)
+               if (this->data.ptr != NULL)
                {
                {
-                       get_rnd_bytes((char*)key[i], DES_CBC_BLOCK_SIZE);
-                       des_set_odd_parity(&key[i]);
-                       if (!des_set_key(&key[i], ks[i]))
-                       {
-                               break;
-                               plog("weak DES key discarded - we try again");
-                       }
+                       /* take the current time as signingTime */
+                       time_t now = time(NULL);
+                       chunk_t signingTime = timetoasn1(&now, ASN1_UTCTIME);
+
+                       chunk_t messageDigest, attributes;
+                       hasher_t *hasher = hasher_create(alg);
+               
+                       hasher->allocate_hash(hasher, this->data, &messageDigest);
+                       hasher->destroy(hasher);
+                       this->attributes->set_attribute(this->attributes,
+                                                               OID_PKCS9_CONTENT_TYPE, ASN1_pkcs7_data_oid);
+                       this->attributes->set_messageDigest(this->attributes,
+                                                               messageDigest);
+                       this->attributes->set_attribute(this->attributes,
+                                                               OID_PKCS9_SIGNING_TIME, signingTime);
+                       attributes = this->attributes->get_encoding(this->attributes);
+
+                       free(messageDigest.ptr);
+                       free(signingTime.ptr);
+
+                       private_key->build_emsa_pkcs1_signature(private_key, alg,
+                                                       attributes, &encryptedDigest);
+                       authenticatedAttributes = chunk_clone(attributes);
+                       *authenticatedAttributes.ptr = ASN1_CONTEXT_C_0;
                }
                }
-               /* TODO DBG4("DES key: %#B", key[i], 8) */
-    }
-       des_check_key = des_check_key_save;
+       }
+       else if (this->data.ptr != NULL)
+       {
+               private_key->build_emsa_pkcs1_signature(private_key, alg,
+                                               this->data, &encryptedDigest);
+       }
+       if (encryptedDigest.ptr)
+       {
+               encryptedDigest = asn1_wrap(ASN1_OCTET_STRING, "m", encryptedDigest);
+       }
 
 
-       /* generate an iv for DES/3DES CBC */
-       get_rnd_bytes(des_iv, DES_CBC_BLOCK_SIZE);
-       memcpy(iv.ptr, des_iv, DES_CBC_BLOCK_SIZE);
-       DBG3("DES IV : %#B", &iv);
+       signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmcmcm",
+                                       ASN1_INTEGER_1,
+                                       pkcs7_build_issuerAndSerialNumber(cert),
+                                       asn1_algorithmIdentifier(signature_oid),
+                                       authenticatedAttributes,
+                                       asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
+                                       encryptedDigest);
 
 
-       /* encryption using specified cipher */
-       switch (cipher)
+       if (this->data.ptr != NULL)
        {
        {
-               case OID_DES_CBC:
-                       des_cbc_encrypt((des_cblock*)out.ptr, (des_cblock*)out.ptr, out.len
-                          , ks[0], &des_iv, DES_ENCRYPT);
-                       break;
-               case OID_3DES_EDE_CBC:
-               default:
-                       des_ede3_cbc_encrypt((des_cblock*)out.ptr, (des_cblock*)out.ptr, out.len
-                                   , ks[0], ks[1], ks[2], &des_iv, DES_ENCRYPT);       
+               this->content = asn1_simple_object(ASN1_OCTET_STRING, this->data);
+               chunk_free(&this->data);
        }
        }
-       DBG3(("Encrypted data: %B", &out);
-       
-       /* build pkcs7 enveloped data object */ 
+       this->type = OID_PKCS7_DATA;
+       this->data = get_contentInfo(this);
+       chunk_free(&this->content);
+
+       this->type = OID_PKCS7_SIGNED_DATA;
+
+       this->content = asn1_wrap(ASN1_SEQUENCE, "cmcmm",
+                       ASN1_INTEGER_1,
+                       asn1_simple_object(ASN1_SET, asn1_algorithmIdentifier(signature_oid)),
+                       this->data,
+                       asn1_simple_object(ASN1_CONTEXT_C_0, cert->get_certificate(cert)),
+                       asn1_wrap(ASN1_SET, "m", signerInfo));
+
+       return TRUE;
+}
+
+/**
+ * Implements pkcs7_t.destroy
+ */
+static void destroy(private_pkcs7_t *this)
+{
+       DESTROY_IF(this->attributes);
+       this->certs->destroy_offset(this->certs, offsetof(x509_t, destroy));
+       free(this->content.ptr);
+       free(this->data.ptr);
+       free(this);
+}
+
+/**
+ * Parse PKCS#7 contentInfo object
+ */
+static bool parse_contentInfo(chunk_t blob, u_int level0, private_pkcs7_t *cInfo)
+{
+       asn1_ctx_t ctx;
+       chunk_t object;
+       u_int level;
+       int objectID = 0;
+
+       asn1_init(&ctx, blob, level0, FALSE, FALSE);
+
+       while (objectID < PKCS7_INFO_ROOF)
        {
        {
-               chunk_t contentEncryptionAlgorithm = asn1_wrap(ASN1_SEQUENCE, "cm"
-                               , cipher_oid
-                               , asn1_simple_object(ASN1_OCTET_STRING, iv));
+               if (!extract_object(contentInfoObjects, &objectID, &object, &level, &ctx))
+               {
+                       return FALSE;
+               }
+
+               if (objectID == PKCS7_INFO_TYPE)
+               {
+                       cInfo->type = known_oid(object);
+                       if (cInfo->type < OID_PKCS7_DATA
+                       ||  cInfo->type > OID_PKCS7_ENCRYPTED_DATA)
+                       {
+                               DBG1("unknown pkcs7 content type");
+                               return FALSE;
+                       }
+               }
+               else if (objectID == PKCS7_INFO_CONTENT && object.len > 0)
+               {
+                       cInfo->content = chunk_clone(object);
+               }
+               objectID++;
+       }
+       return TRUE;
+}
+
+/**
+ * Generic private constructor
+ */
+static private_pkcs7_t *pkcs7_create_empty(void)
+{
+       private_pkcs7_t *this = malloc_thing(private_pkcs7_t);
        
        
-               chunk_t encryptedContentInfo = asn1_wrap(ASN1_SEQUENCE, "cmm"
-                               , ASN1_pkcs7_data_oid
-                               , contentEncryptionAlgorithm
-                               , asn1_wrap(ASN1_CONTEXT_S_0, "m", out));
+       /* initialize */
+       this->type = OID_UNKNOWN;
+       this->content = chunk_empty;
+       this->parsed = FALSE;
+       this->level = 0;
+       this->data = chunk_empty;
+       this->attributes = NULL;
+       this->certs = linked_list_create();
 
 
-               chunk_t plainKey = { (u_char *)key, DES_CBC_BLOCK_SIZE * total_keys };
+       /*public functions */
+       this->public.is_data = (bool (*) (pkcs7_t*))is_data;
+       this->public.is_signedData = (bool (*) (pkcs7_t*))is_signedData;
+       this->public.is_envelopedData = (bool (*) (pkcs7_t*))is_envelopedData;
+       this->public.parse_data = (bool (*) (pkcs7_t*))parse_data;
+       this->public.parse_signedData = (bool (*) (pkcs7_t*,x509_t*))parse_signedData;
+       this->public.parse_envelopedData = (bool (*) (pkcs7_t*,chunk_t,rsa_private_key_t*))parse_envelopedData;
+       this->public.get_data = (chunk_t (*) (pkcs7_t*))get_data;
+       this->public.get_contentInfo = (chunk_t (*) (pkcs7_t*))get_contentInfo;
+       this->public.create_certificate_iterator = (iterator_t* (*) (pkcs7_t*))create_certificate_iterator;
+       this->public.set_certificate = (void (*) (pkcs7_t*,x509_t*))set_certificate;
+       this->public.set_attributes = (void (*) (pkcs7_t*,pkcs9_t*))set_attributes;
+       this->public.build_envelopedData = (bool (*) (pkcs7_t*,x509_t*,encryption_algorithm_t))build_envelopedData;
+       this->public.build_signedData = (bool (*) (pkcs7_t*,rsa_private_key_t*,hash_algorithm_t))build_signedData;
+       this->public.destroy = (void (*) (pkcs7_t*))destroy;
+
+       return this;
+}
 
 
-               chunk_t encryptedKey = asn1_wrap(ASN1_OCTET_STRING, "m"
-                               , RSA_encrypt(&public_key, plainKey));
+/*
+ * Described in header.
+ */
+pkcs7_t *pkcs7_create_from_chunk(chunk_t chunk, u_int level)
+{
+       private_pkcs7_t *this = pkcs7_create_empty();
+       
+       this->level = level + 2;
+       if (!parse_contentInfo(chunk, level, this))
+       {
+               destroy(this);
+               return NULL;
+       }
+       return &this->public;
+}
 
 
-               chunk_t recipientInfo = asn1_wrap(ASN1_SEQUENCE, "cmcm"
-                               , ASN1_INTEGER_0
-                               , pkcs7_build_issuerAndSerialNumber(cert)
-                               , ASN1_rsaEncryption_id
-                               , encryptedKey);
+/*
+ * Described in header.
+ */
+pkcs7_t *pkcs7_create_from_data(chunk_t data)
+{
+       private_pkcs7_t *this = pkcs7_create_empty();
 
 
-               chunk_t cInfo;
-               contentInfo_t envelopedData;
+       this->data = chunk_clone(data);
+       this->parsed = TRUE;
 
 
-               envelopedData.type = OID_PKCS7_ENVELOPED_DATA;
-               envelopedData.content = asn1_wrap(ASN1_SEQUENCE, "cmm"
-                               , ASN1_INTEGER_0
-                               , asn1_wrap(ASN1_SET, "m", recipientInfo)
-                               , encryptedContentInfo);
+       return &this->public;
+}
 
 
-               cInfo = pkcs7_build_contentInfo(&envelopedData);
-               DBG3("envelopedData: %B", &cInfo);
+/*
+ * Described in header.
+ */
+pkcs7_t *pkcs7_create_from_file(const char *filename, const char *label)
+{
+       bool pgp = FALSE;
+       chunk_t chunk = chunk_empty;
+       char cert_label[BUF_LEN];
+       pkcs7_t *pkcs7;
 
 
-               free_RSA_public_content(&public_key);
-               free(envelopedData.content.ptr);
-               return cInfo;
+       snprintf(cert_label, BUF_LEN, "%s pkcs7", label);
+
+       if (!pem_asn1_load_file(filename, NULL, cert_label, &chunk, &pgp))
+       {
+               return NULL;
        }
        }
+
+       pkcs7 = pkcs7_create_from_chunk(chunk, 0);
+       free(chunk.ptr);
+       return pkcs7;
 }
 }