X-Git-Url: https://git.strongswan.org/?p=strongswan.git;a=blobdiff_plain;f=src%2Flibstrongswan%2Fcrypto%2Fpkcs7.c;h=252fc19b2265b68f95ffa8671180c0827f59ac96;hp=05d0977b4783e758a7045b7e9d5cc2991922803d;hb=9514d26c5c7d154034a5c860d418cf7d046ab5dc;hpb=5f854d7f952dc17f120c607d0fcebefe0b807033;ds=inline diff --git a/src/libstrongswan/crypto/pkcs7.c b/src/libstrongswan/crypto/pkcs7.c index 05d0977..252fc19 100644 --- a/src/libstrongswan/crypto/pkcs7.c +++ b/src/libstrongswan/crypto/pkcs7.c @@ -1,13 +1,14 @@ /** * @file pkcs7.c * - * @brief Implementation of pkcs7_contentInfo_t. + * @brief Implementation of pkcs7_t. * */ /* * Copyright (C) 2005 Jan Hutter, Martin Willi - * Copyright (C) 2002-2005 Andreas Steffen + * Copyright (C) 2002-2008 Andreas Steffen + * * Hochschule fuer Technik Rapperswil, Switzerland * * This program is free software; you can redistribute it and/or modify it @@ -32,19 +33,25 @@ #include #include #include +#include +#include +#include +#include +#include +#include #include "pkcs7.h" -typedef struct private_pkcs7_contentInfo_t private_pkcs7_contentInfo_t; +typedef struct private_pkcs7_t private_pkcs7_t; /** - * Private data of a pkcs7_contentInfo_t object. + * Private data of a pkcs7_t object. */ -struct private_pkcs7_contentInfo_t { +struct private_pkcs7_t { /** * Public interface for this certificate. */ - pkcs7_contentInfo_t public; + pkcs7_t public; /** * contentInfo type @@ -54,7 +61,32 @@ struct private_pkcs7_contentInfo_t { /** * ASN.1 encoded content */ - chunk_t content; + chunk_t content; + + /** + * Has the content already been parsed? + */ + bool parsed; + + /** + * ASN.1 parsing start level + */ + u_int level; + + /** + * retrieved data + */ + chunk_t data; + + /** + * ASN.1 encoded attributes + */ + pkcs9_t *attributes; + + /** + * Linked list of X.509 certificates + */ + linked_list_t *certs; }; /** @@ -216,120 +248,98 @@ static const chunk_t ASN1_des_cbc_oid = chunk_from_buf(ASN1_des_cbc_oid_str); /** - * PKCS#7 attribute type OIDs + * Implements pkcs7_t.is_data. */ -static u_char ASN1_contentType_oid_str[] = { - 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x03 -}; - -static u_char ASN1_messageDigest_oid_str[] = { - 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x04 -}; - -static const chunk_t ASN1_contentType_oid = - chunk_from_buf(ASN1_contentType_oid_str); -static const chunk_t ASN1_messageDigest_oid = - chunk_from_buf(ASN1_messageDigest_oid_str); +static bool is_data(private_pkcs7_t *this) +{ + return this->type == OID_PKCS7_DATA; +} /** - * Implements pkcs7_contentInfo_t.destroy + * Implements pkcs7_t.is_signedData. */ -static void destroy(private_pkcs7_contentInfo_t *this) +static bool is_signedData(private_pkcs7_t *this) { - free(this); + return this->type == OID_PKCS7_SIGNED_DATA; } /** - * Parse PKCS#7 ContentInfo object + * Implements pkcs7_t.is_envelopedData. */ -static bool pkcs7_parse_contentInfo(chunk_t blob, u_int level0, private_pkcs7_contentInfo_t *cInfo) +static bool is_envelopedData(private_pkcs7_t *this) { - asn1_ctx_t ctx; - chunk_t object; - u_int level; - int objectID = 0; - - asn1_init(&ctx, blob, level0, FALSE, FALSE); + return this->type == OID_PKCS7_ENVELOPED_DATA; +} - while (objectID < PKCS7_INFO_ROOF) +/** + * Check whether to abort the requested parsing + */ +static bool abort_parsing(private_pkcs7_t *this, int type) +{ + if (this->type != type) { - if (!extract_object(contentInfoObjects, &objectID, &object, &level, &ctx)) - { - return FALSE; - } - - if (objectID == PKCS7_INFO_TYPE) - { - cInfo->type = known_oid(object); - if (cInfo->type < OID_PKCS7_DATA - || cInfo->type > OID_PKCS7_ENCRYPTED_DATA) - { - DBG1("unknown pkcs7 content type"); - return FALSE; - } - } - else if (objectID == PKCS7_INFO_CONTENT) - { - cInfo->content = object; - } - objectID++; + DBG1("pkcs7 content to be parsed is not of type '%s'", + oid_names[type]); + return TRUE; } - return TRUE; + if (this->parsed) + { + DBG1("pkcs7 content has already been parsed"); + return TRUE; + } + this->parsed = TRUE; + return FALSE; } -/* - * Described in header. +/** + * Implements pkcs7_t.parse_data. */ -pkcs7_contentInfo_t *pkcs7_contentInfo_create_from_chunk(chunk_t chunk, u_int level) +static bool parse_data(private_pkcs7_t *this) { - private_pkcs7_contentInfo_t *this = malloc_thing(private_pkcs7_contentInfo_t); - - /* initialize */ - this->type = OID_UNKNOWN; - this->content = chunk_empty; + chunk_t data = this->content; - /*public functions */ - this->public.destroy = (void (*) (pkcs7_contentInfo_t*))destroy; - - if (!pkcs7_parse_contentInfo(chunk, level, this)) + if (abort_parsing(this, OID_PKCS7_DATA)) { - destroy(this); - return NULL; + return FALSE; + } + if (data.len == 0) + { + this->data = chunk_empty; + return TRUE; + } + if (parse_asn1_simple_object(&data, ASN1_OCTET_STRING, this->level, "data")) + { + this->data = chunk_clone(data); + return TRUE; + } + else + { + return FALSE; } - return &this->public; } /** - * Parse a PKCS#7 signedData object + * Implements pkcs7_t.parse_signedData. */ -bool pkcs7_parse_signedData(chunk_t blob, pkcs7_contentInfo_t *data, x509_t **cert, - chunk_t *attributes, const x509_t *cacert) +static bool parse_signedData(private_pkcs7_t *this, x509_t *cacert) { - u_char buf[BUF_LEN]; asn1_ctx_t ctx; chunk_t object; u_int level; + int objectID = 0; + int digest_alg = OID_UNKNOWN; int enc_alg = OID_UNKNOWN; int signerInfos = 0; - int objectID = 0; - private_pkcs7_contentInfo_t cInfo; chunk_t encrypted_digest = chunk_empty; - if (!pkcs7_parse_contentInfo(blob, 0, &cInfo)) + if (abort_parsing(this, OID_PKCS7_SIGNED_DATA)) { return FALSE; } - if (cInfo.type != OID_PKCS7_SIGNED_DATA) - { - DBG1("pkcs7 content type is not signedData"); - return FALSE; - } - asn1_init(&ctx, cInfo.content, 2, FALSE, FALSE); + asn1_init(&ctx, this->content, this->level, FALSE, FALSE); while (objectID < PKCS7_SIGNED_ROOF) { @@ -344,30 +354,31 @@ bool pkcs7_parse_signedData(chunk_t blob, pkcs7_contentInfo_t *data, x509_t **ce digest_alg = parse_algorithmIdentifier(object, level, NULL); break; case PKCS7_SIGNED_CONTENT_INFO: - if (data != NULL) { - pkcs7_parse_contentInfo(object, level, data); + chunk_t pureData; + pkcs7_t *data = pkcs7_create_from_chunk(object, level+1); + + if (data == NULL) + { + return FALSE; + } + if (!data->parse_data(data)) + { + data->destroy(data); + return FALSE; + } + pureData = data->get_data(data); + this->data = (pureData.len)? chunk_clone(pureData) : chunk_empty; + data->destroy(data); } break; case PKCS7_SIGNED_CERT: - if (cert != NULL) { - chunk_t cert_blob; - - x509_t *newcert = alloc_thing(x509_t, "pkcs7 wrapped x509cert"); - - clonetochunk(cert_blob, object.ptr, object.len, "pkcs7 cert blob"); - *newcert = empty_x509cert; + x509_t *cert = x509_create_from_chunk(chunk_clone(object), level+1); - DBG2("parsing pkcs7-wrapped certificate"); - if (parse_x509cert(cert_blob, level+1, newcert)) + if (cert) { - newcert->next = *cert; - *cert = newcert; - } - else - { - newcert->destroy(newcert); + this->certs->insert_last(this->certs, (void*)cert); } } break; @@ -385,11 +396,9 @@ bool pkcs7_parse_signedData(chunk_t blob, pkcs7_contentInfo_t *data, x509_t **ce } break; case PKCS7_AUTH_ATTRIBUTES: - if (attributes != NULL) - { - *attributes = object; - *attributes->ptr = ASN1_SET; - } + *object.ptr = ASN1_SET; + this->attributes = pkcs9_create_from_chunk(object, level+1); + *object.ptr = ASN1_CONTEXT_C_0; break; case PKCS7_DIGEST_ALGORITHM: digest_alg = parse_algorithmIdentifier(object, level, NULL); @@ -406,6 +415,9 @@ bool pkcs7_parse_signedData(chunk_t blob, pkcs7_contentInfo_t *data, x509_t **ce /* check the signature only if a cacert is available */ if (cacert != NULL) { + hash_algorithm_t algorithm = hasher_algorithm_from_oid(digest_alg); + rsa_public_key_t *signer = cacert->get_public_key(cacert); + if (signerInfos == 0) { DBG1("no signerInfo object found"); @@ -414,61 +426,88 @@ bool pkcs7_parse_signedData(chunk_t blob, pkcs7_contentInfo_t *data, x509_t **ce else if (signerInfos > 1) { DBG1("more than one signerInfo object found"); - return FALSE; + return FALSE; } - if (attributes->ptr == NULL) + if (this->attributes == NULL) { DBG1("no authenticatedAttributes object found"); return FALSE; } - if (!check_signature(*attributes, encrypted_digest, digest_alg - , enc_alg, cacert)) + if (enc_alg != OID_RSA_ENCRYPTION) + { + DBG1("only RSA digest encryption supported"); + return FALSE; + } + if (signer->verify_emsa_pkcs1_signature(signer, algorithm, + this->attributes->get_encoding(this->attributes), encrypted_digest) != SUCCESS) { - DBG1("invalid signature"); + DBG1("invalid digest signature"); return FALSE; } else { - DBG2("signature is valid"); + DBG2("digest signature is valid"); + } + if (this->data.ptr != NULL) + { + chunk_t messageDigest = this->attributes->get_messageDigest(this->attributes); + + if (messageDigest.ptr == NULL) + { + DBG1("messageDigest attribute not found"); + return FALSE; + } + else + { + hasher_t *hasher = hasher_create(algorithm); + chunk_t hash; + bool valid; + + hasher->allocate_hash(hasher, this->data, &hash); + hasher->destroy(hasher); + DBG3("hash: %B", &hash); + + valid = chunk_equals(messageDigest, hash); + free(messageDigest.ptr); + free(hash.ptr); + if (valid) + { + DBG2("messageDigest is valid"); + } + else + { + DBG1("invalid messageDigest"); + return FALSE; + } + } } } return TRUE; } /** - * Parse a PKCS#7 envelopedData object + * Parse PKCS#7 envelopedData content */ -bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data, - chunk_t serialNumber, - const RSA_private_key_t *key) +static bool parse_envelopedData(private_pkcs7_t *this, chunk_t serialNumber, + rsa_private_key_t *key) { asn1_ctx_t ctx; chunk_t object; - chunk_t iv = empty_chunk; - chunk_t symmetric_key = empty_chunk; - chunk_t encrypted_content = empty_chunk; - - u_char buf[BUF_LEN]; u_int level; - u_int total_keys = 3; - int enc_alg = OID_UNKNOWN; - int content_enc_alg = OID_UNKNOWN; int objectID = 0; - contentInfo_t cInfo = empty_contentInfo; - *data = empty_chunk; + chunk_t iv = chunk_empty; + chunk_t symmetric_key = chunk_empty; + chunk_t encrypted_content = chunk_empty; - if (!pkcs7_pkcs7_parse_contentInfo(blob, 0, &cInfo)) - { - goto failed; - } - if (cInfo.type != OID_PKCS7_ENVELOPED_DATA) + crypter_t *crypter = NULL; + + if (abort_parsing(this, OID_PKCS7_ENVELOPED_DATA)) { - DBG1("pkcs7 content type is not envelopedData"); - goto failed; + return FALSE; } - asn1_init(&ctx, cInfo.content, 2, FALSE, DBG_RAW); + asn1_init(&ctx, this->content, this->level, FALSE, FALSE); while (objectID < PKCS7_ENVELOPED_ROOF) { @@ -510,15 +549,18 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data, } break; case PKCS7_ENCRYPTION_ALG: - enc_alg = parse_algorithmIdentifier(object, level, NULL); - if (enc_alg != OID_RSA_ENCRYPTION) { - DBG1("only rsa encryption supported"); - goto failed; + int alg = parse_algorithmIdentifier(object, level, NULL); + + if (alg != OID_RSA_ENCRYPTION) + { + DBG1("only rsa encryption supported"); + goto failed; + } } break; case PKCS7_ENCRYPTED_KEY: - if (!RSA_decrypt(key, object, &symmetric_key)) + if (key->pkcs1_decrypt(key, object, &symmetric_key) != SUCCESS) { DBG1("symmetric key could not be decrypted with rsa"); goto failed; @@ -533,34 +575,36 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data, } break; case PKCS7_CONTENT_ENC_ALGORITHM: - content_enc_alg = parse_algorithmIdentifier(object, level, &iv); - - switch (content_enc_alg) { - case OID_DES_CBC: - total_keys = 1; - break; - case OID_3DES_EDE_CBC: - total_keys = 3; - break; - default: - DBG1("Only DES and 3DES supported for symmetric encryption"); + int alg = parse_algorithmIdentifier(object, level, &iv); + + switch (alg) + { + case OID_DES_CBC: + crypter = crypter_create(ENCR_DES, 0); + break; + case OID_3DES_EDE_CBC: + crypter = crypter_create(ENCR_3DES, 0); + break; + default: + DBG1("Only DES and 3DES supported for symmetric encryption"); + goto failed; + } + if (symmetric_key.len != crypter->get_key_size(crypter)) + { + DBG1("symmetric key has wrong length"); goto failed; - } - if (symmetric_key.len != (total_keys * DES_CBC_BLOCK_SIZE)) - { - DBG1("key length is not %d", (total_keys * DES_CBC_BLOCK_SIZE)); - goto failed; - } - if (!parse_asn1_simple_object(&iv, ASN1_OCTET_STRING, level+1, "IV")) - { - DBG1("IV could not be parsed"); - goto failed; - } - if (iv.len != DES_CBC_BLOCK_SIZE) - { - plog("IV has wrong length"); - goto failed; + } + if (!parse_asn1_simple_object(&iv, ASN1_OCTET_STRING, level+1, "IV")) + { + DBG1("IV could not be parsed"); + goto failed; + } + if (iv.len != crypter->get_block_size(crypter)) + { + DBG1("IV has wrong length"); + goto failed; + } } break; case PKCS7_ENCRYPTED_CONTENT: @@ -571,54 +615,22 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data, } /* decrypt the content */ - { - u_int i; - des_cblock des_key[3], des_iv; - des_key_schedule key_s[3]; - - memcpy((char *)des_key, symmetric_key.ptr, symmetric_key.len); - memcpy((char *)des_iv, iv.ptr, iv.len); - - for (i = 0; i < total_keys; i++) - { - if (des_set_key(&des_key[i], key_s[i])) - { - plog("des key schedule failed"); - goto failed; - } - } - - data->len = encrypted_content.len; - data->ptr = alloc_bytes(data->len, "decrypted data"); - - switch (content_enc_alg) - { - case OID_DES_CBC: - des_cbc_encrypt((des_cblock*)encrypted_content.ptr - , (des_cblock*)data->ptr, data->len - , key_s[0], &des_iv, DES_DECRYPT); - break; - case OID_3DES_EDE_CBC: - des_ede3_cbc_encrypt( (des_cblock*)encrypted_content.ptr - , (des_cblock*)data->ptr, data->len - , key_s[0], key_s[1], key_s[2] - , &des_iv, DES_DECRYPT); - } - DBG4("decrypted content with padding: %B", data); - } + crypter->set_key(crypter, symmetric_key); + crypter->decrypt(crypter, encrypted_content, iv, &this->data); + DBG3("decrypted content with padding: %B", &this->data); /* remove the padding */ { - u_char *pos = data->ptr + data->len - 1; + u_char *pos = this->data.ptr + this->data.len - 1; u_char pattern = *pos; size_t padding = pattern; - if (padding > data->len) + if (padding > this->data.len) { DBG1("padding greater than data length"); goto failed; } - data->len -= padding; + this->data.len -= padding; while (padding-- > 0) { @@ -629,60 +641,34 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data, } } } + crypter->destroy(crypter); free(symmetric_key.ptr); return TRUE; failed: + DESTROY_IF(crypter); free(symmetric_key.ptr); - pfreeany(data->ptr); + chunk_free(&this->data); return FALSE; } /** - * @brief Builds a contentType attribute - * - * @return ASN.1 encoded contentType attribute - */ -chunk_t pkcs7_contentType_attribute(void) -{ - return asn1_wrap(ASN1_SEQUENCE, "cm" - , ASN1_contentType_oid - , asn1_simple_object(ASN1_SET, ASN1_pkcs7_data_oid)); -} - -/** - * @brief Builds a messageDigest attribute - * - * - * @param[in] blob content to create digest of - * @param[in] digest_alg digest algorithm to be used - * @return ASN.1 encoded messageDigest attribute - * + * Implements pkcs7_t.get_data. */ -chunk_t pkcs7_messageDigest_attribute(chunk_t content, int digest_alg) +static chunk_t get_data(private_pkcs7_t *this) { - u_char digest_buf[MAX_DIGEST_LEN]; - chunk_t digest = { digest_buf, MAX_DIGEST_LEN }; - - compute_digest(content, digest_alg, &digest); - - return asn1_wrap(ASN1_SEQUENCE, "cm" - , ASN1_messageDigest_oid - , asn1_wrap(ASN1_SET, "m" - , asn1_simple_object(ASN1_OCTET_STRING, digest) - ) - ); + return this->data; } /** - * build a DER-encoded contentInfo object + * Implements pkcs7_t.get_contentInfo. */ -static chunk_t pkcs7_build_contentInfo(contentInfo_t *cInfo) +static chunk_t get_contentInfo(private_pkcs7_t *this) { chunk_t content_type; - /* select DER-encoded OID for pkcs7 contentInfo type */ - switch(cInfo->type) + /* select DER-encoded OID for pkcs7_contentInfo type */ + switch(this->type) { case OID_PKCS7_DATA: content_type = ASN1_pkcs7_data_oid; @@ -706,207 +692,386 @@ static chunk_t pkcs7_build_contentInfo(contentInfo_t *cInfo) default: DBG1("invalid pkcs7 contentInfo type"); return chunk_empty; - } + } - return (cInfo->content.ptr == NULL) - ? asn1_simple_object(ASN1_SEQUENCE, content_type) - : asn1_wrap(ASN1_SEQUENCE, "cm" - , content_type - , asn1_simple_object(ASN1_CONTEXT_C_0, cInfo->content) - ); + return (this->content.ptr == NULL) + ? asn1_simple_object(ASN1_SEQUENCE, content_type) + : asn1_wrap(ASN1_SEQUENCE, "cm", + content_type, + asn1_simple_object(ASN1_CONTEXT_C_0, this->content) + ); } /** - * build issuerAndSerialNumber object + * Implements pkcs7_t.create_certificate_iterator */ -chunk_t pkcs7_build_issuerAndSerialNumber(const x509_t *cert) +static iterator_t *create_certificate_iterator(const private_pkcs7_t *this) { - return asn1_wrap(ASN1_SEQUENCE, "cm" - , cert->issuer - , asn1_simple_object(ASN1_INTEGER, cert->serialNumber)); + return this->certs->create_iterator(this->certs, TRUE); } /** - * create a signed pkcs7 contentInfo object + * Implements pkcs7_t.set_certificate */ -chunk_t pkcs7_build_signedData(chunk_t data, chunk_t attributes, const x509_t *cert, - int digest_alg, const RSA_private_key_t *key) +static void set_certificate(private_pkcs7_t *this, x509_t *cert) { - contentInfo_t pkcs7Data, signedData; - chunk_t authenticatedAttributes, encryptedDigest, signerInfo, cInfo; - - chunk_t digestAlgorithm = asn1_algorithmIdentifier(digest_alg); - - if (attributes.ptr != NULL) - { - encryptedDigest = pkcs1_build_signature(attributes, digest_alg - , key, FALSE); - clonetochunk(authenticatedAttributes, attributes.ptr, attributes.len - , "authenticatedAttributes"); - *authenticatedAttributes.ptr = ASN1_CONTEXT_C_0; - } - else + if (cert) { - encryptedDigest = (data.ptr == NULL)? empty_chunk - : pkcs1_build_signature(data, digest_alg, key, FALSE); - authenticatedAttributes = empty_chunk; + /* TODO the certificate is currently not cloned */ + this->certs->insert_last(this->certs, cert); } +} + +/** + * Implements pkcs7_t.set_attributes + */ +static void set_attributes(private_pkcs7_t *this, pkcs9_t *attributes) +{ + this->attributes = attributes; +} + +/** + * build a DER-encoded issuerAndSerialNumber object + */ +chunk_t pkcs7_build_issuerAndSerialNumber(x509_t *cert) +{ + identification_t *issuer = cert->get_issuer(cert); - signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmcmcm" - , ASN1_INTEGER_1 - , pkcs7_build_issuerAndSerialNumber(cert) - , digestAlgorithm - , authenticatedAttributes - , ASN1_rsaEncryption_id - , encryptedDigest); - - pkcs7Data.type = OID_PKCS7_DATA; - pkcs7Data.content = (data.ptr == NULL)? empty_chunk - : asn1_simple_object(ASN1_OCTET_STRING, data); - - signedData.type = OID_PKCS7_SIGNED_DATA; - signedData.content = asn1_wrap(ASN1_SEQUENCE, "cmmmm" - , ASN1_INTEGER_1 - , asn1_simple_object(ASN1_SET, digestAlgorithm) - , pkcs7_build_contentInfo(&pkcs7Data) - , asn1_simple_object(ASN1_CONTEXT_C_0, cert->certificate) - , asn1_wrap(ASN1_SET, "m", signerInfo)); - - cInfo = pkcs7_build_contentInfo(&signedData); - DBG3("signedData: %B", &cInfo); - - free(pkcs7Data.content.ptr); - free(signedData.content.ptr); - return cInfo; + return asn1_wrap(ASN1_SEQUENCE, "cm", + issuer->get_encoding(issuer), + asn1_simple_object(ASN1_INTEGER, cert->get_serialNumber(cert))); } /** - * create a symmetrically encrypted pkcs7 contentInfo object + * Implements pkcs7_t.build_envelopedData. */ -chunk_t pkcs7_build_envelopedData(chunk_t data, const x509_t *cert, int cipher) +bool build_envelopedData(private_pkcs7_t *this, x509_t *cert, + encryption_algorithm_t alg) { - bool des_check_key_save; - des_key_schedule ks[3]; - des_cblock key[3], des_iv, des_iv_buf; + chunk_t iv, symmetricKey, in, out, alg_oid; + crypter_t *crypter; + + /* select OID of symmetric encryption algorithm */ + switch (alg) + { + case ENCR_DES: + alg_oid = ASN1_des_cbc_oid; + break; + case ENCR_3DES: + alg_oid = ASN1_3des_ede_cbc_oid; + break; + default: + DBG1(" encryption algorithm %N not supported", + encryption_algorithm_names, alg); + return FALSE; + } + + crypter = crypter_create(alg, 0); + if (crypter == NULL) + { + DBG1(" could not create crypter for algorithm %N", + encryption_algorithm_names, alg); + return FALSE; + } - chunk_t iv = { (u_char *)des_iv_buf, DES_CBC_BLOCK_SIZE }; - chunk_t out; - chunk_t cipher_oid; + /* generate a true random symmetric encryption key + * and a pseudo-random iv + */ + { + randomizer_t *randomizer = randomizer_create(); - u_int total_keys, i; - size_t padding = pad_up(data.len, DES_CBC_BLOCK_SIZE); + randomizer->allocate_random_bytes(randomizer, + crypter->get_key_size(crypter), &symmetricKey); + DBG4(" symmetric encryption key: %B", &symmetricKey); - RSA_public_key_t public_key; + randomizer->allocate_pseudo_random_bytes(randomizer, + crypter->get_block_size(crypter), &iv); + DBG4(" initialization vector: %B", &iv); - init_RSA_public_key(&public_key, cert->publicExponent - , cert->modulus); + randomizer->destroy(randomizer); + } - if (padding == 0) + /* pad the data so that the total length becomes + * a multiple of the block size + */ { - padding += DES_CBC_BLOCK_SIZE; + size_t block_size = crypter->get_block_size(crypter); + size_t padding = block_size - this->data.len % block_size; + + in.len = this->data.len + padding; + in.ptr = malloc(in.len); + + DBG2(" padding %d bytes of data to multiple block size of %d bytes", + (int)this->data.len, (int)in.len); + + /* copy data */ + memcpy(in.ptr, this->data.ptr, this->data.len); + /* append padding */ + memset(in.ptr + this->data.len, padding, padding); } + DBG3(" padded unencrypted data: %B", &in); + + /* symmetric encryption of data object */ + crypter->set_key(crypter, symmetricKey); + crypter->encrypt(crypter, in, iv, &out); + crypter->destroy(crypter); + chunk_free_randomized(&in); + DBG3(" encrypted data: %B", &out); - out.len = data.len + padding; - out.ptr = alloc_bytes(out.len, "DES-encrypted output"); + /* build pkcs7 enveloped data object */ + { + chunk_t contentEncryptionAlgorithm = asn1_wrap(ASN1_SEQUENCE, "cm", + alg_oid, + asn1_wrap(ASN1_OCTET_STRING, "m", iv)); + + chunk_t encryptedContentInfo = asn1_wrap(ASN1_SEQUENCE, "cmm", + ASN1_pkcs7_data_oid, + contentEncryptionAlgorithm, + asn1_wrap(ASN1_CONTEXT_S_0, "m", out)); + + chunk_t wrappedKey, encryptedKey, recipientInfo; + + rsa_public_key_t *public_key = cert->get_public_key(cert); - DBG2("padding %d bytes of data to multiple DES block size of %d bytes" - , (int)data.len, (int)out.len); + public_key->pkcs1_encrypt(public_key, symmetricKey, &wrappedKey); + chunk_free_randomized(&symmetricKey); - /* copy data */ - memcpy(out.ptr, data.ptr, data.len); - /* append padding */ - memset(out.ptr + data.len, padding, padding); + encryptedKey = asn1_wrap(ASN1_OCTET_STRING, "m", wrappedKey); - DBG3("padded unencrypted data: %B", &out); + recipientInfo = asn1_wrap(ASN1_SEQUENCE, "cmcm", + ASN1_INTEGER_0, + pkcs7_build_issuerAndSerialNumber(cert), + asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), + encryptedKey); - /* select OID and keylength for specified cipher */ - switch (cipher) + this->content = asn1_wrap(ASN1_SEQUENCE, "cmm", + ASN1_INTEGER_0, + asn1_wrap(ASN1_SET, "m", recipientInfo), + encryptedContentInfo); + this->type = OID_PKCS7_ENVELOPED_DATA; + } + return TRUE; +} + +/** + * Implements pkcs7_t.build_signedData. + */ +bool build_signedData(private_pkcs7_t *this, rsa_private_key_t *private_key, + hash_algorithm_t alg) +{ + int signature_oid = hasher_signature_algorithm_to_oid(alg); + chunk_t authenticatedAttributes = chunk_empty; + chunk_t encryptedDigest = chunk_empty; + chunk_t signerInfo; + x509_t *cert; + + if (this->certs->get_first(this->certs, (void**)&cert) != SUCCESS) { - case OID_DES_CBC: - total_keys = 1; - cipher_oid = ASN1_des_cbc_oid; - break; - case OID_3DES_EDE_CBC: - default: - total_keys = 3; - cipher_oid = ASN1_3des_ede_cbc_oid; + DBG1(" no pkcs7 signer certificate found"); + return FALSE; } - DBG2("pkcs7 encryption cipher: %s", oid_names[cipher].name); - /* generate a strong random key for DES/3DES */ - des_check_key_save = des_check_key; - des_check_key = TRUE; - for (i = 0; i < total_keys;i++) + if (this->attributes != NULL) { - for (;;) + if (this->data.ptr != NULL) { - get_rnd_bytes((char*)key[i], DES_CBC_BLOCK_SIZE); - des_set_odd_parity(&key[i]); - if (!des_set_key(&key[i], ks[i])) - { - break; - plog("weak DES key discarded - we try again"); - } + /* take the current time as signingTime */ + time_t now = time(NULL); + chunk_t signingTime = timetoasn1(&now, ASN1_UTCTIME); + + chunk_t messageDigest, attributes; + hasher_t *hasher = hasher_create(alg); + + hasher->allocate_hash(hasher, this->data, &messageDigest); + hasher->destroy(hasher); + this->attributes->set_attribute(this->attributes, + OID_PKCS9_CONTENT_TYPE, ASN1_pkcs7_data_oid); + this->attributes->set_messageDigest(this->attributes, + messageDigest); + this->attributes->set_attribute(this->attributes, + OID_PKCS9_SIGNING_TIME, signingTime); + attributes = this->attributes->get_encoding(this->attributes); + + free(messageDigest.ptr); + free(signingTime.ptr); + + private_key->build_emsa_pkcs1_signature(private_key, alg, + attributes, &encryptedDigest); + authenticatedAttributes = chunk_clone(attributes); + *authenticatedAttributes.ptr = ASN1_CONTEXT_C_0; } - /* TODO DBG4("DES key: %#B", key[i], 8) */ - } - des_check_key = des_check_key_save; + } + else if (this->data.ptr != NULL) + { + private_key->build_emsa_pkcs1_signature(private_key, alg, + this->data, &encryptedDigest); + } + if (encryptedDigest.ptr) + { + encryptedDigest = asn1_wrap(ASN1_OCTET_STRING, "m", encryptedDigest); + } - /* generate an iv for DES/3DES CBC */ - get_rnd_bytes(des_iv, DES_CBC_BLOCK_SIZE); - memcpy(iv.ptr, des_iv, DES_CBC_BLOCK_SIZE); - DBG3("DES IV : %#B", &iv); + signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmcmcm", + ASN1_INTEGER_1, + pkcs7_build_issuerAndSerialNumber(cert), + asn1_algorithmIdentifier(signature_oid), + authenticatedAttributes, + asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), + encryptedDigest); - /* encryption using specified cipher */ - switch (cipher) + if (this->data.ptr != NULL) { - case OID_DES_CBC: - des_cbc_encrypt((des_cblock*)out.ptr, (des_cblock*)out.ptr, out.len - , ks[0], &des_iv, DES_ENCRYPT); - break; - case OID_3DES_EDE_CBC: - default: - des_ede3_cbc_encrypt((des_cblock*)out.ptr, (des_cblock*)out.ptr, out.len - , ks[0], ks[1], ks[2], &des_iv, DES_ENCRYPT); + this->content = asn1_simple_object(ASN1_OCTET_STRING, this->data); + chunk_free(&this->data); } - DBG3(("Encrypted data: %B", &out); - - /* build pkcs7 enveloped data object */ + this->type = OID_PKCS7_DATA; + this->data = get_contentInfo(this); + chunk_free(&this->content); + + this->type = OID_PKCS7_SIGNED_DATA; + + this->content = asn1_wrap(ASN1_SEQUENCE, "cmcmm", + ASN1_INTEGER_1, + asn1_simple_object(ASN1_SET, asn1_algorithmIdentifier(signature_oid)), + this->data, + asn1_simple_object(ASN1_CONTEXT_C_0, cert->get_certificate(cert)), + asn1_wrap(ASN1_SET, "m", signerInfo)); + + return TRUE; +} + +/** + * Implements pkcs7_t.destroy + */ +static void destroy(private_pkcs7_t *this) +{ + DESTROY_IF(this->attributes); + this->certs->destroy_offset(this->certs, offsetof(x509_t, destroy)); + free(this->content.ptr); + free(this->data.ptr); + free(this); +} + +/** + * Parse PKCS#7 contentInfo object + */ +static bool parse_contentInfo(chunk_t blob, u_int level0, private_pkcs7_t *cInfo) +{ + asn1_ctx_t ctx; + chunk_t object; + u_int level; + int objectID = 0; + + asn1_init(&ctx, blob, level0, FALSE, FALSE); + + while (objectID < PKCS7_INFO_ROOF) { - chunk_t contentEncryptionAlgorithm = asn1_wrap(ASN1_SEQUENCE, "cm" - , cipher_oid - , asn1_simple_object(ASN1_OCTET_STRING, iv)); + if (!extract_object(contentInfoObjects, &objectID, &object, &level, &ctx)) + { + return FALSE; + } + + if (objectID == PKCS7_INFO_TYPE) + { + cInfo->type = known_oid(object); + if (cInfo->type < OID_PKCS7_DATA + || cInfo->type > OID_PKCS7_ENCRYPTED_DATA) + { + DBG1("unknown pkcs7 content type"); + return FALSE; + } + } + else if (objectID == PKCS7_INFO_CONTENT && object.len > 0) + { + cInfo->content = chunk_clone(object); + } + objectID++; + } + return TRUE; +} + +/** + * Generic private constructor + */ +static private_pkcs7_t *pkcs7_create_empty(void) +{ + private_pkcs7_t *this = malloc_thing(private_pkcs7_t); - chunk_t encryptedContentInfo = asn1_wrap(ASN1_SEQUENCE, "cmm" - , ASN1_pkcs7_data_oid - , contentEncryptionAlgorithm - , asn1_wrap(ASN1_CONTEXT_S_0, "m", out)); + /* initialize */ + this->type = OID_UNKNOWN; + this->content = chunk_empty; + this->parsed = FALSE; + this->level = 0; + this->data = chunk_empty; + this->attributes = NULL; + this->certs = linked_list_create(); - chunk_t plainKey = { (u_char *)key, DES_CBC_BLOCK_SIZE * total_keys }; + /*public functions */ + this->public.is_data = (bool (*) (pkcs7_t*))is_data; + this->public.is_signedData = (bool (*) (pkcs7_t*))is_signedData; + this->public.is_envelopedData = (bool (*) (pkcs7_t*))is_envelopedData; + this->public.parse_data = (bool (*) (pkcs7_t*))parse_data; + this->public.parse_signedData = (bool (*) (pkcs7_t*,x509_t*))parse_signedData; + this->public.parse_envelopedData = (bool (*) (pkcs7_t*,chunk_t,rsa_private_key_t*))parse_envelopedData; + this->public.get_data = (chunk_t (*) (pkcs7_t*))get_data; + this->public.get_contentInfo = (chunk_t (*) (pkcs7_t*))get_contentInfo; + this->public.create_certificate_iterator = (iterator_t* (*) (pkcs7_t*))create_certificate_iterator; + this->public.set_certificate = (void (*) (pkcs7_t*,x509_t*))set_certificate; + this->public.set_attributes = (void (*) (pkcs7_t*,pkcs9_t*))set_attributes; + this->public.build_envelopedData = (bool (*) (pkcs7_t*,x509_t*,encryption_algorithm_t))build_envelopedData; + this->public.build_signedData = (bool (*) (pkcs7_t*,rsa_private_key_t*,hash_algorithm_t))build_signedData; + this->public.destroy = (void (*) (pkcs7_t*))destroy; + + return this; +} - chunk_t encryptedKey = asn1_wrap(ASN1_OCTET_STRING, "m" - , RSA_encrypt(&public_key, plainKey)); +/* + * Described in header. + */ +pkcs7_t *pkcs7_create_from_chunk(chunk_t chunk, u_int level) +{ + private_pkcs7_t *this = pkcs7_create_empty(); + + this->level = level + 2; + if (!parse_contentInfo(chunk, level, this)) + { + destroy(this); + return NULL; + } + return &this->public; +} - chunk_t recipientInfo = asn1_wrap(ASN1_SEQUENCE, "cmcm" - , ASN1_INTEGER_0 - , pkcs7_build_issuerAndSerialNumber(cert) - , ASN1_rsaEncryption_id - , encryptedKey); +/* + * Described in header. + */ +pkcs7_t *pkcs7_create_from_data(chunk_t data) +{ + private_pkcs7_t *this = pkcs7_create_empty(); - chunk_t cInfo; - contentInfo_t envelopedData; + this->data = chunk_clone(data); + this->parsed = TRUE; - envelopedData.type = OID_PKCS7_ENVELOPED_DATA; - envelopedData.content = asn1_wrap(ASN1_SEQUENCE, "cmm" - , ASN1_INTEGER_0 - , asn1_wrap(ASN1_SET, "m", recipientInfo) - , encryptedContentInfo); + return &this->public; +} - cInfo = pkcs7_build_contentInfo(&envelopedData); - DBG3("envelopedData: %B", &cInfo); +/* + * Described in header. + */ +pkcs7_t *pkcs7_create_from_file(const char *filename, const char *label) +{ + bool pgp = FALSE; + chunk_t chunk = chunk_empty; + char cert_label[BUF_LEN]; + pkcs7_t *pkcs7; - free_RSA_public_content(&public_key); - free(envelopedData.content.ptr); - return cInfo; + snprintf(cert_label, BUF_LEN, "%s pkcs7", label); + + if (!pem_asn1_load_file(filename, NULL, cert_label, &chunk, &pgp)) + { + return NULL; } + + pkcs7 = pkcs7_create_from_chunk(chunk, 0); + free(chunk.ptr); + return pkcs7; }