summaryrefslogtreecommitdiff
path: root/src/pluto/pkcs7.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/pluto/pkcs7.c')
-rw-r--r--src/pluto/pkcs7.c862
1 files changed, 862 insertions, 0 deletions
diff --git a/src/pluto/pkcs7.c b/src/pluto/pkcs7.c
new file mode 100644
index 000000000..3068c0c94
--- /dev/null
+++ b/src/pluto/pkcs7.c
@@ -0,0 +1,862 @@
+/* Support of PKCS#7 data structures
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Copyright (C) 2002-2005 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil, Switzerland
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * RCSID $Id: pkcs7.c,v 1.13 2005/12/22 22:11:24 as Exp $
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <libdes/des.h>
+
+#include <freeswan.h>
+
+#include "constants.h"
+#include "defs.h"
+#include "asn1.h"
+#include "oid.h"
+#include "log.h"
+#include "x509.h"
+#include "certs.h"
+#include "pkcs7.h"
+#include "rnd.h"
+
+const contentInfo_t empty_contentInfo = {
+ OID_UNKNOWN , /* type */
+ { NULL, 0 } /* content */
+};
+
+/* ASN.1 definition of the PKCS#7 ContentInfo type */
+
+static const asn1Object_t contentInfoObjects[] = {
+ { 0, "contentInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "contentType", ASN1_OID, ASN1_BODY }, /* 1 */
+ { 1, "content", ASN1_CONTEXT_C_0, ASN1_OPT |
+ ASN1_BODY }, /* 2 */
+ { 1, "end opt", ASN1_EOC, ASN1_END } /* 3 */
+};
+
+#define PKCS7_INFO_TYPE 1
+#define PKCS7_INFO_CONTENT 2
+#define PKCS7_INFO_ROOF 4
+
+/* ASN.1 definition of the PKCS#7 signedData type */
+
+static const asn1Object_t signedDataObjects[] = {
+ { 0, "signedData", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
+ { 1, "digestAlgorithms", ASN1_SET, ASN1_LOOP }, /* 2 */
+ { 2, "algorithm", ASN1_EOC, ASN1_RAW }, /* 3 */
+ { 1, "end loop", ASN1_EOC, ASN1_END }, /* 4 */
+ { 1, "contentInfo", ASN1_EOC, ASN1_RAW }, /* 5 */
+ { 1, "certificates", ASN1_CONTEXT_C_0, ASN1_OPT |
+ ASN1_LOOP }, /* 6 */
+ { 2, "certificate", ASN1_SEQUENCE, ASN1_OBJ }, /* 7 */
+ { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 8 */
+ { 1, "crls", ASN1_CONTEXT_C_1, ASN1_OPT |
+ ASN1_LOOP }, /* 9 */
+ { 2, "crl", ASN1_SEQUENCE, ASN1_OBJ }, /* 10 */
+ { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 11 */
+ { 1, "signerInfos", ASN1_SET, ASN1_LOOP }, /* 12 */
+ { 2, "signerInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 13 */
+ { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 14 */
+ { 3, "issuerAndSerialNumber", ASN1_SEQUENCE, ASN1_BODY }, /* 15 */
+ { 4, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 16 */
+ { 4, "serial", ASN1_INTEGER, ASN1_BODY }, /* 17 */
+ { 3, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 18 */
+ { 3, "authenticatedAttributes", ASN1_CONTEXT_C_0, ASN1_OPT |
+ ASN1_OBJ }, /* 19 */
+ { 3, "end opt", ASN1_EOC, ASN1_END }, /* 20 */
+ { 3, "digestEncryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 21 */
+ { 3, "encryptedDigest", ASN1_OCTET_STRING, ASN1_BODY }, /* 22 */
+ { 3, "unauthenticatedAttributes", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 23 */
+ { 3, "end opt", ASN1_EOC, ASN1_END }, /* 24 */
+ { 1, "end loop", ASN1_EOC, ASN1_END } /* 25 */
+};
+
+#define PKCS7_DIGEST_ALG 3
+#define PKCS7_SIGNED_CONTENT_INFO 5
+#define PKCS7_SIGNED_CERT 7
+#define PKCS7_SIGNER_INFO 13
+#define PKCS7_SIGNED_ISSUER 16
+#define PKCS7_SIGNED_SERIAL_NUMBER 17
+#define PKCS7_DIGEST_ALGORITHM 18
+#define PKCS7_AUTH_ATTRIBUTES 19
+#define PKCS7_DIGEST_ENC_ALGORITHM 21
+#define PKCS7_ENCRYPTED_DIGEST 22
+#define PKCS7_SIGNED_ROOF 26
+
+/* ASN.1 definition of the PKCS#7 envelopedData type */
+
+static const asn1Object_t envelopedDataObjects[] = {
+ { 0, "envelopedData", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
+ { 1, "recipientInfos", ASN1_SET, ASN1_LOOP }, /* 2 */
+ { 2, "recipientInfo", ASN1_SEQUENCE, ASN1_BODY }, /* 3 */
+ { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 4 */
+ { 3, "issuerAndSerialNumber", ASN1_SEQUENCE, ASN1_BODY }, /* 5 */
+ { 4, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 6 */
+ { 4, "serial", ASN1_INTEGER, ASN1_BODY }, /* 7 */
+ { 3, "encryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 8 */
+ { 3, "encryptedKey", ASN1_OCTET_STRING, ASN1_BODY }, /* 9 */
+ { 1, "end loop", ASN1_EOC, ASN1_END }, /* 10 */
+ { 1, "encryptedContentInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 11 */
+ { 2, "contentType", ASN1_OID, ASN1_BODY }, /* 12 */
+ { 2, "contentEncryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 13 */
+ { 2, "encryptedContent", ASN1_CONTEXT_S_0, ASN1_BODY } /* 14 */
+};
+
+#define PKCS7_ENVELOPED_VERSION 1
+#define PKCS7_RECIPIENT_INFO_VERSION 4
+#define PKCS7_ISSUER 6
+#define PKCS7_SERIAL_NUMBER 7
+#define PKCS7_ENCRYPTION_ALG 8
+#define PKCS7_ENCRYPTED_KEY 9
+#define PKCS7_CONTENT_TYPE 12
+#define PKCS7_CONTENT_ENC_ALGORITHM 13
+#define PKCS7_ENCRYPTED_CONTENT 14
+#define PKCS7_ENVELOPED_ROOF 15
+
+/* PKCS7 contentInfo OIDs */
+
+static u_char ASN1_pkcs7_data_oid_str[] = {
+ 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01
+};
+
+static u_char ASN1_pkcs7_signed_data_oid_str[] = {
+ 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02
+};
+
+static u_char ASN1_pkcs7_enveloped_data_oid_str[] = {
+ 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x03
+};
+
+static u_char ASN1_pkcs7_signed_enveloped_data_oid_str[] = {
+ 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x04
+};
+
+static u_char ASN1_pkcs7_digested_data_oid_str[] = {
+ 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x05
+};
+
+static char ASN1_pkcs7_encrypted_data_oid_str[] = {
+ 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x06
+};
+
+static const chunk_t ASN1_pkcs7_data_oid =
+ strchunk(ASN1_pkcs7_data_oid_str);
+static const chunk_t ASN1_pkcs7_signed_data_oid =
+ strchunk(ASN1_pkcs7_signed_data_oid_str);
+static const chunk_t ASN1_pkcs7_enveloped_data_oid =
+ strchunk(ASN1_pkcs7_enveloped_data_oid_str);
+static const chunk_t ASN1_pkcs7_signed_enveloped_data_oid =
+ strchunk(ASN1_pkcs7_signed_enveloped_data_oid_str);
+static const chunk_t ASN1_pkcs7_digested_data_oid =
+ strchunk(ASN1_pkcs7_digested_data_oid_str);
+static const chunk_t ASN1_pkcs7_encrypted_data_oid =
+ strchunk(ASN1_pkcs7_encrypted_data_oid_str);
+
+/* 3DES and DES encryption OIDs */
+
+static u_char ASN1_3des_ede_cbc_oid_str[] = {
+ 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03, 0x07
+};
+
+static u_char ASN1_des_cbc_oid_str[] = {
+ 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x07
+};
+
+static const chunk_t ASN1_3des_ede_cbc_oid =
+ strchunk(ASN1_3des_ede_cbc_oid_str);
+static const chunk_t ASN1_des_cbc_oid =
+ strchunk(ASN1_des_cbc_oid_str);
+
+/* PKCS#7 attribute type OIDs */
+
+static u_char ASN1_contentType_oid_str[] = {
+ 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x03
+};
+
+static u_char ASN1_messageDigest_oid_str[] = {
+ 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x04
+};
+
+static const chunk_t ASN1_contentType_oid =
+ strchunk(ASN1_contentType_oid_str);
+static const chunk_t ASN1_messageDigest_oid =
+ strchunk(ASN1_messageDigest_oid_str);
+
+/*
+ * Parse PKCS#7 ContentInfo object
+ */
+bool
+pkcs7_parse_contentInfo(chunk_t blob, u_int level0, contentInfo_t *cInfo)
+{
+ asn1_ctx_t ctx;
+ chunk_t object;
+ u_int level;
+ int objectID = 0;
+
+ asn1_init(&ctx, blob, level0, FALSE, DBG_RAW);
+
+ while (objectID < PKCS7_INFO_ROOF)
+ {
+ if (!extract_object(contentInfoObjects, &objectID, &object, &level, &ctx))
+ return FALSE;
+
+ if (objectID == PKCS7_INFO_TYPE)
+ {
+ cInfo->type = known_oid(object);
+ if (cInfo->type < OID_PKCS7_DATA
+ || cInfo->type > OID_PKCS7_ENCRYPTED_DATA)
+ {
+ plog("unknown pkcs7 content type");
+ return FALSE;
+ }
+ }
+ else if (objectID == PKCS7_INFO_CONTENT)
+ {
+ cInfo->content = object;
+ }
+ objectID++;
+ }
+ return TRUE;
+}
+
+/*
+ * Parse a PKCS#7 signedData object
+ */
+bool
+pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert
+, chunk_t *attributes, const x509cert_t *cacert)
+{
+ u_char buf[BUF_LEN];
+ asn1_ctx_t ctx;
+ chunk_t object;
+ u_int level;
+ int digest_alg = OID_UNKNOWN;
+ int enc_alg = OID_UNKNOWN;
+ int signerInfos = 0;
+ int objectID = 0;
+
+ contentInfo_t cInfo = empty_contentInfo;
+ chunk_t encrypted_digest = empty_chunk;
+
+ if (!pkcs7_parse_contentInfo(blob, 0, &cInfo))
+ return FALSE;
+
+ if (cInfo.type != OID_PKCS7_SIGNED_DATA)
+ {
+ plog("pkcs7 content type is not signedData");
+ return FALSE;
+ }
+
+ asn1_init(&ctx, cInfo.content, 2, FALSE, DBG_RAW);
+
+ while (objectID < PKCS7_SIGNED_ROOF)
+ {
+ if (!extract_object(signedDataObjects, &objectID, &object, &level, &ctx))
+ return FALSE;
+
+ switch (objectID)
+ {
+ case PKCS7_DIGEST_ALG:
+ digest_alg = parse_algorithmIdentifier(object, level, NULL);
+ break;
+ case PKCS7_SIGNED_CONTENT_INFO:
+ if (data != NULL)
+ {
+ pkcs7_parse_contentInfo(object, level, data);
+ }
+ break;
+ case PKCS7_SIGNED_CERT:
+ if (cert != NULL)
+ {
+ chunk_t cert_blob;
+
+ x509cert_t *newcert = alloc_thing(x509cert_t
+ , "pkcs7 wrapped x509cert");
+
+ clonetochunk(cert_blob, object.ptr, object.len
+ , "pkcs7 cert blob");
+ *newcert = empty_x509cert;
+
+ DBG(DBG_CONTROL | DBG_PARSING,
+ DBG_log("parsing pkcs7-wrapped certificate")
+ )
+ if (parse_x509cert(cert_blob, level+1, newcert))
+ {
+ newcert->next = *cert;
+ *cert = newcert;
+ }
+ else
+ {
+ free_x509cert(newcert);
+ }
+ }
+ break;
+ case PKCS7_SIGNER_INFO:
+ signerInfos++;
+ DBG(DBG_PARSING,
+ DBG_log(" signer #%d", signerInfos)
+ )
+ break;
+ case PKCS7_SIGNED_ISSUER:
+ DBG(DBG_PARSING,
+ dntoa(buf, BUF_LEN, object);
+ DBG_log(" '%s'",buf)
+ )
+ break;
+ case PKCS7_AUTH_ATTRIBUTES:
+ if (attributes != NULL)
+ {
+ *attributes = object;
+ *attributes->ptr = ASN1_SET;
+ }
+ break;
+ case PKCS7_DIGEST_ALGORITHM:
+ digest_alg = parse_algorithmIdentifier(object, level, NULL);
+ break;
+ case PKCS7_DIGEST_ENC_ALGORITHM:
+ enc_alg = parse_algorithmIdentifier(object, level, NULL);
+ break;
+ case PKCS7_ENCRYPTED_DIGEST:
+ encrypted_digest = object;
+ }
+ objectID++;
+ }
+
+ /* check the signature only if a cacert is available */
+ if (cacert != NULL)
+ {
+ if (signerInfos == 0)
+ {
+ plog("no signerInfo object found");
+ return FALSE;
+ }
+ else if (signerInfos > 1)
+ {
+ plog("more than one signerInfo object found");
+ return FALSE;
+ }
+ if (attributes->ptr == NULL)
+ {
+ plog("no authenticatedAttributes object found");
+ return FALSE;
+ }
+ if (!check_signature(*attributes, encrypted_digest, digest_alg
+ , enc_alg, cacert))
+ {
+ plog("invalid signature");
+ return FALSE;
+ }
+ else
+ {
+ DBG(DBG_CONTROL,
+ DBG_log("signature is valid")
+ )
+ }
+ }
+ return TRUE;
+}
+
+/*
+ * Parse a PKCS#7 envelopedData object
+ */
+bool
+pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data
+, chunk_t serialNumber, const RSA_private_key_t *key)
+{
+ asn1_ctx_t ctx;
+ chunk_t object;
+ chunk_t iv = empty_chunk;
+ chunk_t symmetric_key = empty_chunk;
+ chunk_t encrypted_content = empty_chunk;
+
+ u_char buf[BUF_LEN];
+ u_int level;
+ u_int total_keys = 3;
+ int enc_alg = OID_UNKNOWN;
+ int content_enc_alg = OID_UNKNOWN;
+ int objectID = 0;
+
+ contentInfo_t cInfo = empty_contentInfo;
+ *data = empty_chunk;
+
+ if (!pkcs7_parse_contentInfo(blob, 0, &cInfo))
+ goto failed;
+
+ if (cInfo.type != OID_PKCS7_ENVELOPED_DATA)
+ {
+ plog("pkcs7 content type is not envelopedData");
+ return FALSE;
+ }
+
+ asn1_init(&ctx, cInfo.content, 2, FALSE, DBG_RAW);
+
+ while (objectID < PKCS7_ENVELOPED_ROOF)
+ {
+ if (!extract_object(envelopedDataObjects, &objectID, &object, &level, &ctx))
+ goto failed;
+
+ switch (objectID)
+ {
+ case PKCS7_ENVELOPED_VERSION:
+ if (*object.ptr != 0)
+ {
+ plog("envelopedData version is not 0");
+ goto failed;
+ }
+ break;
+ case PKCS7_RECIPIENT_INFO_VERSION:
+ if (*object.ptr != 0)
+ {
+ plog("recipient info version is not 0");
+ goto failed;
+ }
+ break;
+ case PKCS7_ISSUER:
+ DBG(DBG_PARSING,
+ dntoa(buf, BUF_LEN, object);
+ DBG_log(" '%s'", buf)
+ )
+ break;
+ case PKCS7_SERIAL_NUMBER:
+ if (!same_chunk(serialNumber, object))
+ {
+ plog("serial numbers do not match");
+ goto failed;
+ }
+ break;
+ case PKCS7_ENCRYPTION_ALG:
+ enc_alg = parse_algorithmIdentifier(object, level, NULL);
+ if (enc_alg != OID_RSA_ENCRYPTION)
+ {
+ plog("only rsa encryption supported");
+ goto failed;
+ }
+ break;
+ case PKCS7_ENCRYPTED_KEY:
+ if (!RSA_decrypt(key, object, &symmetric_key))
+ {
+ plog("symmetric key could not be decrypted with rsa");
+ goto failed;
+ }
+ DBG(DBG_PRIVATE,
+ DBG_dump_chunk("symmetric key :", symmetric_key)
+ )
+ break;
+ case PKCS7_CONTENT_TYPE:
+ if (known_oid(object) != OID_PKCS7_DATA)
+ {
+ plog("encrypted content not of type pkcs7 data");
+ goto failed;
+ }
+ break;
+ case PKCS7_CONTENT_ENC_ALGORITHM:
+ content_enc_alg = parse_algorithmIdentifier(object, level, &iv);
+
+ switch (content_enc_alg)
+ {
+ case OID_DES_CBC:
+ total_keys = 1;
+ break;
+ case OID_3DES_EDE_CBC:
+ total_keys = 3;
+ break;
+ default:
+ plog("Only DES and 3DES supported for symmetric encryption");
+ goto failed;
+ }
+ if (symmetric_key.len != (total_keys * DES_CBC_BLOCK_SIZE))
+ {
+ plog("key length is not %d",(total_keys * DES_CBC_BLOCK_SIZE));
+ goto failed;
+ }
+ if (!parse_asn1_simple_object(&iv, ASN1_OCTET_STRING, level+1, "IV"))
+ {
+ plog("IV could not be parsed");
+ goto failed;
+ }
+ if (iv.len != DES_CBC_BLOCK_SIZE)
+ {
+ plog("IV has wrong length");
+ goto failed;
+ }
+ break;
+ case PKCS7_ENCRYPTED_CONTENT:
+ encrypted_content = object;
+ break;
+ }
+ objectID++;
+ }
+
+ /* decrypt the content */
+ {
+ u_int i;
+ des_cblock des_key[3], des_iv;
+ des_key_schedule key_s[3];
+
+ memcpy((char *)des_key, symmetric_key.ptr, symmetric_key.len);
+ memcpy((char *)des_iv, iv.ptr, iv.len);
+
+ for (i = 0; i < total_keys; i++)
+ {
+ if (des_set_key(&des_key[i], key_s[i]))
+ {
+ plog("des key schedule failed");
+ goto failed;
+ }
+ }
+
+ data->len = encrypted_content.len;
+ data->ptr = alloc_bytes(data->len, "decrypted data");
+
+ switch (content_enc_alg)
+ {
+ case OID_DES_CBC:
+ des_cbc_encrypt((des_cblock*)encrypted_content.ptr
+ , (des_cblock*)data->ptr, data->len
+ , key_s[0], &des_iv, DES_DECRYPT);
+ break;
+ case OID_3DES_EDE_CBC:
+ des_ede3_cbc_encrypt( (des_cblock*)encrypted_content.ptr
+ , (des_cblock*)data->ptr, data->len
+ , key_s[0], key_s[1], key_s[2]
+ , &des_iv, DES_DECRYPT);
+ }
+ DBG(DBG_PRIVATE,
+ DBG_dump_chunk("decrypted content with padding:\n", *data)
+ )
+ }
+
+ /* remove the padding */
+ {
+ u_char *pos = data->ptr + data->len - 1;
+ u_char pattern = *pos;
+ size_t padding = pattern;
+
+ if (padding > data->len)
+ {
+ plog("padding greater than data length");
+ goto failed;
+ }
+ data->len -= padding;
+
+ while (padding-- > 0)
+ {
+ if (*pos-- != pattern)
+ {
+ plog("wrong padding pattern");
+ goto failed;
+ }
+ }
+ }
+ freeanychunk(symmetric_key);
+ return TRUE;
+
+failed:
+ freeanychunk(symmetric_key);
+ pfreeany(data->ptr);
+ return FALSE;
+}
+
+/**
+ * @brief Builds a contentType attribute
+ *
+ * @return ASN.1 encoded contentType attribute
+ */
+chunk_t
+pkcs7_contentType_attribute(void)
+{
+ return asn1_wrap(ASN1_SEQUENCE, "cm"
+ , ASN1_contentType_oid
+ , asn1_simple_object(ASN1_SET, ASN1_pkcs7_data_oid));
+}
+
+/**
+ * @brief Builds a messageDigest attribute
+ *
+ *
+ * @param[in] blob content to create digest of
+ * @param[in] digest_alg digest algorithm to be used
+ * @return ASN.1 encoded messageDigest attribute
+ *
+ */
+chunk_t
+pkcs7_messageDigest_attribute(chunk_t content, int digest_alg)
+{
+ u_char digest_buf[MAX_DIGEST_LEN];
+ chunk_t digest = { digest_buf, MAX_DIGEST_LEN };
+
+ compute_digest(content, digest_alg, &digest);
+
+ return asn1_wrap(ASN1_SEQUENCE, "cm"
+ , ASN1_messageDigest_oid
+ , asn1_wrap(ASN1_SET, "m"
+ , asn1_simple_object(ASN1_OCTET_STRING, digest)
+ )
+ );
+}
+/*
+ * build a DER-encoded contentInfo object
+ */
+static chunk_t
+pkcs7_build_contentInfo(contentInfo_t *cInfo)
+{
+ chunk_t content_type;
+
+ /* select DER-encoded OID for pkcs7 contentInfo type */
+ switch(cInfo->type)
+ {
+ case OID_PKCS7_DATA:
+ content_type = ASN1_pkcs7_data_oid;
+ break;
+ case OID_PKCS7_SIGNED_DATA:
+ content_type = ASN1_pkcs7_signed_data_oid;
+ break;
+ case OID_PKCS7_ENVELOPED_DATA:
+ content_type = ASN1_pkcs7_enveloped_data_oid;
+ break;
+ case OID_PKCS7_SIGNED_ENVELOPED_DATA:
+ content_type = ASN1_pkcs7_signed_enveloped_data_oid;
+ break;
+ case OID_PKCS7_DIGESTED_DATA:
+ content_type = ASN1_pkcs7_digested_data_oid;
+ break;
+ case OID_PKCS7_ENCRYPTED_DATA:
+ content_type = ASN1_pkcs7_encrypted_data_oid;
+ break;
+ case OID_UNKNOWN:
+ default:
+ fprintf(stderr, "invalid pkcs7 contentInfo type");
+ return empty_chunk;
+ }
+
+ return (cInfo->content.ptr == NULL)
+ ? asn1_simple_object(ASN1_SEQUENCE, content_type)
+ : asn1_wrap(ASN1_SEQUENCE, "cm"
+ , content_type
+ , asn1_simple_object(ASN1_CONTEXT_C_0, cInfo->content)
+ );
+}
+
+/*
+ * build issuerAndSerialNumber object
+ */
+chunk_t
+pkcs7_build_issuerAndSerialNumber(const x509cert_t *cert)
+{
+ return asn1_wrap(ASN1_SEQUENCE, "cm"
+ , cert->issuer
+ , asn1_simple_object(ASN1_INTEGER, cert->serialNumber));
+}
+
+/*
+ * create a signed pkcs7 contentInfo object
+ */
+chunk_t
+pkcs7_build_signedData(chunk_t data, chunk_t attributes, const x509cert_t *cert
+, int digest_alg, const RSA_private_key_t *key)
+{
+ contentInfo_t pkcs7Data, signedData;
+ chunk_t authenticatedAttributes, encryptedDigest, signerInfo, cInfo;
+
+ chunk_t digestAlgorithm = asn1_algorithmIdentifier(digest_alg);
+
+ if (attributes.ptr != NULL)
+ {
+ encryptedDigest = pkcs1_build_signature(attributes, digest_alg
+ , key, FALSE);
+ clonetochunk(authenticatedAttributes, attributes.ptr, attributes.len
+ , "authenticatedAttributes");
+ *authenticatedAttributes.ptr = ASN1_CONTEXT_C_0;
+ }
+ else
+ {
+ encryptedDigest = (data.ptr == NULL)? empty_chunk
+ : pkcs1_build_signature(data, digest_alg, key, FALSE);
+ authenticatedAttributes = empty_chunk;
+ }
+
+ signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmcmcm"
+ , ASN1_INTEGER_1
+ , pkcs7_build_issuerAndSerialNumber(cert)
+ , digestAlgorithm
+ , authenticatedAttributes
+ , ASN1_rsaEncryption_id
+ , encryptedDigest);
+
+ pkcs7Data.type = OID_PKCS7_DATA;
+ pkcs7Data.content = (data.ptr == NULL)? empty_chunk
+ : asn1_simple_object(ASN1_OCTET_STRING, data);
+
+ signedData.type = OID_PKCS7_SIGNED_DATA;
+ signedData.content = asn1_wrap(ASN1_SEQUENCE, "cmmmm"
+ , ASN1_INTEGER_1
+ , asn1_simple_object(ASN1_SET, digestAlgorithm)
+ , pkcs7_build_contentInfo(&pkcs7Data)
+ , asn1_simple_object(ASN1_CONTEXT_C_0, cert->certificate)
+ , asn1_wrap(ASN1_SET, "m", signerInfo));
+
+ cInfo = pkcs7_build_contentInfo(&signedData);
+ DBG(DBG_RAW,
+ DBG_dump_chunk("signedData:\n", cInfo)
+ )
+
+ freeanychunk(pkcs7Data.content);
+ freeanychunk(signedData.content);
+ return cInfo;
+}
+
+/*
+ * create a symmetrically encrypted pkcs7 contentInfo object
+ */
+chunk_t
+pkcs7_build_envelopedData(chunk_t data, const x509cert_t *cert, int cipher)
+{
+ bool des_check_key_save;
+ des_key_schedule ks[3];
+ des_cblock key[3], des_iv, des_iv_buf;
+
+ chunk_t iv = { (u_char *)des_iv_buf, DES_CBC_BLOCK_SIZE };
+ chunk_t out;
+ chunk_t cipher_oid;
+
+ u_int total_keys, i;
+ size_t padding = pad_up(data.len, DES_CBC_BLOCK_SIZE);
+
+ RSA_public_key_t public_key;
+
+ init_RSA_public_key(&public_key, cert->publicExponent
+ , cert->modulus);
+
+ if (padding == 0)
+ padding += DES_CBC_BLOCK_SIZE;
+
+ out.len = data.len + padding;
+ out.ptr = alloc_bytes(out.len, "DES-encrypted output");
+
+ DBG(DBG_CONTROL,
+ DBG_log("padding %d bytes of data to multiple DES block size of %d bytes"
+ , (int)data.len, (int)out.len)
+ )
+
+ /* copy data */
+ memcpy(out.ptr, data.ptr, data.len);
+ /* append padding */
+ memset(out.ptr + data.len, padding, padding);
+
+ DBG(DBG_RAW,
+ DBG_dump_chunk("Padded unencrypted data:\n", out)
+ )
+
+ /* select OID and keylength for specified cipher */
+ switch (cipher)
+ {
+ case OID_DES_CBC:
+ total_keys = 1;
+ cipher_oid = ASN1_des_cbc_oid;
+ break;
+ case OID_3DES_EDE_CBC:
+ default:
+ total_keys = 3;
+ cipher_oid = ASN1_3des_ede_cbc_oid;
+ }
+ DBG(DBG_CONTROLMORE,
+ DBG_log("pkcs7 encryption cipher: %s", oid_names[cipher].name)
+ )
+
+ /* generate a strong random key for DES/3DES */
+ des_check_key_save = des_check_key;
+ des_check_key = TRUE;
+ for (i = 0; i < total_keys;i++)
+ {
+ for (;;)
+ {
+ get_rnd_bytes((char*)key[i], DES_CBC_BLOCK_SIZE);
+ des_set_odd_parity(&key[i]);
+ if (!des_set_key(&key[i], ks[i]))
+ break;
+ plog("weak DES key discarded - we try again");
+ }
+ DBG(DBG_PRIVATE,
+ DBG_dump("DES key:", key[i], 8)
+ )
+ }
+ des_check_key = des_check_key_save;
+
+ /* generate an iv for DES/3DES CBC */
+ get_rnd_bytes(des_iv, DES_CBC_BLOCK_SIZE);
+ memcpy(iv.ptr, des_iv, DES_CBC_BLOCK_SIZE);
+ DBG(DBG_RAW,
+ DBG_dump_chunk("DES IV :", iv)
+ )
+
+ /* encryption using specified cipher */
+ switch (cipher)
+ {
+ case OID_DES_CBC:
+ des_cbc_encrypt((des_cblock*)out.ptr, (des_cblock*)out.ptr, out.len
+ , ks[0], &des_iv, DES_ENCRYPT);
+ break;
+ case OID_3DES_EDE_CBC:
+ default:
+ des_ede3_cbc_encrypt((des_cblock*)out.ptr, (des_cblock*)out.ptr, out.len
+ , ks[0], ks[1], ks[2], &des_iv, DES_ENCRYPT);
+ }
+ DBG(DBG_RAW,
+ DBG_dump_chunk("Encrypted data:\n", out));
+
+ /* build pkcs7 enveloped data object */
+ {
+ chunk_t contentEncryptionAlgorithm = asn1_wrap(ASN1_SEQUENCE, "cm"
+ , cipher_oid
+ , asn1_simple_object(ASN1_OCTET_STRING, iv));
+
+ chunk_t encryptedContentInfo = asn1_wrap(ASN1_SEQUENCE, "cmm"
+ , ASN1_pkcs7_data_oid
+ , contentEncryptionAlgorithm
+ , asn1_wrap(ASN1_CONTEXT_S_0, "m", out));
+
+ chunk_t plainKey = { (u_char *)key, DES_CBC_BLOCK_SIZE * total_keys };
+
+ chunk_t encryptedKey = asn1_wrap(ASN1_OCTET_STRING, "m"
+ , RSA_encrypt(&public_key, plainKey));
+
+ chunk_t recipientInfo = asn1_wrap(ASN1_SEQUENCE, "cmcm"
+ , ASN1_INTEGER_0
+ , pkcs7_build_issuerAndSerialNumber(cert)
+ , ASN1_rsaEncryption_id
+ , encryptedKey);
+
+ chunk_t cInfo;
+ contentInfo_t envelopedData;
+
+ envelopedData.type = OID_PKCS7_ENVELOPED_DATA;
+ envelopedData.content = asn1_wrap(ASN1_SEQUENCE, "cmm"
+ , ASN1_INTEGER_0
+ , asn1_wrap(ASN1_SET, "m", recipientInfo)
+ , encryptedContentInfo);
+
+ cInfo = pkcs7_build_contentInfo(&envelopedData);
+ DBG(DBG_RAW,
+ DBG_dump_chunk("envelopedData:\n", cInfo)
+ )
+
+ free_RSA_public_content(&public_key);
+ freeanychunk(envelopedData.content);
+ return cInfo;
+ }
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 05:25:41 +0000