A local copy of OpenSSL from GitHub
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

361 lines
10 KiB

  1. /*
  2. * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright Nokia 2007-2019
  4. * Copyright Siemens AG 2015-2019
  5. *
  6. * Licensed under the Apache License 2.0 (the "License"). You may not use
  7. * this file except in compliance with the License. You can obtain a copy
  8. * in the file LICENSE in the source distribution or at
  9. * https://www.openssl.org/source/license.html
  10. */
  11. /* CMP functions for PKIHeader handling */
  12. #include "cmp_local.h"
  13. #include <openssl/rand.h>
  14. /* explicit #includes not strictly needed since implied by the above: */
  15. #include <openssl/asn1t.h>
  16. #include <openssl/cmp.h>
  17. #include <openssl/err.h>
  18. int ossl_cmp_hdr_set_pvno(OSSL_CMP_PKIHEADER *hdr, int pvno)
  19. {
  20. if (!ossl_assert(hdr != NULL))
  21. return 0;
  22. return ASN1_INTEGER_set(hdr->pvno, pvno);
  23. }
  24. int ossl_cmp_hdr_get_pvno(const OSSL_CMP_PKIHEADER *hdr)
  25. {
  26. int64_t pvno;
  27. if (!ossl_assert(hdr != NULL))
  28. return -1;
  29. if (!ASN1_INTEGER_get_int64(&pvno, hdr->pvno) || pvno < 0 || pvno > INT_MAX)
  30. return -1;
  31. return (int)pvno;
  32. }
  33. int ossl_cmp_hdr_get_protection_nid(const OSSL_CMP_PKIHEADER *hdr)
  34. {
  35. if (!ossl_assert(hdr != NULL)
  36. || hdr->protectionAlg == NULL)
  37. return NID_undef;
  38. return OBJ_obj2nid(hdr->protectionAlg->algorithm);
  39. }
  40. ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const
  41. OSSL_CMP_PKIHEADER *hdr)
  42. {
  43. if (hdr == NULL) {
  44. ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
  45. return NULL;
  46. }
  47. return hdr->transactionID;
  48. }
  49. ASN1_OCTET_STRING *ossl_cmp_hdr_get0_senderNonce(const OSSL_CMP_PKIHEADER *hdr)
  50. {
  51. if (!ossl_assert(hdr != NULL))
  52. return NULL;
  53. return hdr->senderNonce;
  54. }
  55. ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr)
  56. {
  57. if (hdr == NULL) {
  58. ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
  59. return NULL;
  60. }
  61. return hdr->recipNonce;
  62. }
  63. int ossl_cmp_general_name_is_NULL_DN(GENERAL_NAME *name)
  64. {
  65. X509_NAME *null = X509_NAME_new();
  66. int res = name == NULL || null == NULL
  67. || (name->type == GEN_DIRNAME
  68. && X509_NAME_cmp(name->d.directoryName, null) == 0);
  69. X509_NAME_free(null);
  70. return res;
  71. }
  72. /* assign to *tgt a copy of src (which may be NULL to indicate an empty DN) */
  73. static int set1_general_name(GENERAL_NAME **tgt, const X509_NAME *src)
  74. {
  75. GENERAL_NAME *name;
  76. if (!ossl_assert(tgt != NULL))
  77. return 0;
  78. if ((name = GENERAL_NAME_new()) == NULL)
  79. goto err;
  80. name->type = GEN_DIRNAME;
  81. if (src == NULL) { /* NULL-DN */
  82. if ((name->d.directoryName = X509_NAME_new()) == NULL)
  83. goto err;
  84. } else if (!X509_NAME_set(&name->d.directoryName, src)) {
  85. goto err;
  86. }
  87. GENERAL_NAME_free(*tgt);
  88. *tgt = name;
  89. return 1;
  90. err:
  91. GENERAL_NAME_free(name);
  92. return 0;
  93. }
  94. /*
  95. * Set the sender name in PKIHeader.
  96. * when nm is NULL, sender is set to an empty string
  97. * returns 1 on success, 0 on error
  98. */
  99. int ossl_cmp_hdr_set1_sender(OSSL_CMP_PKIHEADER *hdr, const X509_NAME *nm)
  100. {
  101. if (!ossl_assert(hdr != NULL))
  102. return 0;
  103. return set1_general_name(&hdr->sender, nm);
  104. }
  105. int ossl_cmp_hdr_set1_recipient(OSSL_CMP_PKIHEADER *hdr, const X509_NAME *nm)
  106. {
  107. if (!ossl_assert(hdr != NULL))
  108. return 0;
  109. return set1_general_name(&hdr->recipient, nm);
  110. }
  111. int ossl_cmp_hdr_update_messageTime(OSSL_CMP_PKIHEADER *hdr)
  112. {
  113. if (!ossl_assert(hdr != NULL))
  114. return 0;
  115. if (hdr->messageTime == NULL
  116. && (hdr->messageTime = ASN1_GENERALIZEDTIME_new()) == NULL)
  117. return 0;
  118. return ASN1_GENERALIZEDTIME_set(hdr->messageTime, time(NULL)) != NULL;
  119. }
  120. /* assign to *tgt a random byte array of given length */
  121. static int set_random(ASN1_OCTET_STRING **tgt, OSSL_CMP_CTX *ctx, size_t len)
  122. {
  123. unsigned char *bytes = OPENSSL_malloc(len);
  124. int res = 0;
  125. if (bytes == NULL || RAND_bytes_ex(ctx->libctx, bytes, len) <= 0)
  126. ERR_raise(ERR_LIB_CMP, CMP_R_FAILURE_OBTAINING_RANDOM);
  127. else
  128. res = ossl_cmp_asn1_octet_string_set1_bytes(tgt, bytes, len);
  129. OPENSSL_free(bytes);
  130. return res;
  131. }
  132. int ossl_cmp_hdr_set1_senderKID(OSSL_CMP_PKIHEADER *hdr,
  133. const ASN1_OCTET_STRING *senderKID)
  134. {
  135. if (!ossl_assert(hdr != NULL))
  136. return 0;
  137. return ossl_cmp_asn1_octet_string_set1(&hdr->senderKID, senderKID);
  138. }
  139. /* push the given text string to the given PKIFREETEXT ft */
  140. int ossl_cmp_hdr_push0_freeText(OSSL_CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text)
  141. {
  142. if (!ossl_assert(hdr != NULL && text != NULL))
  143. return 0;
  144. if (hdr->freeText == NULL
  145. && (hdr->freeText = sk_ASN1_UTF8STRING_new_null()) == NULL)
  146. return 0;
  147. return sk_ASN1_UTF8STRING_push(hdr->freeText, text);
  148. }
  149. int ossl_cmp_hdr_push1_freeText(OSSL_CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text)
  150. {
  151. if (!ossl_assert(hdr != NULL && text != NULL))
  152. return 0;
  153. if (hdr->freeText == NULL
  154. && (hdr->freeText = sk_ASN1_UTF8STRING_new_null()) == NULL)
  155. return 0;
  156. return
  157. ossl_cmp_sk_ASN1_UTF8STRING_push_str(hdr->freeText, (char *)text->data);
  158. }
  159. int ossl_cmp_hdr_generalInfo_push0_item(OSSL_CMP_PKIHEADER *hdr,
  160. OSSL_CMP_ITAV *itav)
  161. {
  162. if (!ossl_assert(hdr != NULL && itav != NULL))
  163. return 0;
  164. return OSSL_CMP_ITAV_push0_stack_item(&hdr->generalInfo, itav);
  165. }
  166. int ossl_cmp_hdr_generalInfo_push1_items(OSSL_CMP_PKIHEADER *hdr,
  167. const STACK_OF(OSSL_CMP_ITAV) *itavs)
  168. {
  169. int i;
  170. OSSL_CMP_ITAV *itav;
  171. if (!ossl_assert(hdr != NULL))
  172. return 0;
  173. for (i = 0; i < sk_OSSL_CMP_ITAV_num(itavs); i++) {
  174. itav = OSSL_CMP_ITAV_dup(sk_OSSL_CMP_ITAV_value(itavs, i));
  175. if (itav == NULL)
  176. return 0;
  177. if (!ossl_cmp_hdr_generalInfo_push0_item(hdr, itav)) {
  178. OSSL_CMP_ITAV_free(itav);
  179. return 0;
  180. }
  181. }
  182. return 1;
  183. }
  184. int ossl_cmp_hdr_set_implicitConfirm(OSSL_CMP_PKIHEADER *hdr)
  185. {
  186. OSSL_CMP_ITAV *itav;
  187. ASN1_TYPE *asn1null;
  188. if (!ossl_assert(hdr != NULL))
  189. return 0;
  190. asn1null = (ASN1_TYPE *)ASN1_NULL_new();
  191. if (asn1null == NULL)
  192. return 0;
  193. if ((itav = OSSL_CMP_ITAV_create(OBJ_nid2obj(NID_id_it_implicitConfirm),
  194. asn1null)) == NULL)
  195. goto err;
  196. if (!ossl_cmp_hdr_generalInfo_push0_item(hdr, itav))
  197. goto err;
  198. return 1;
  199. err:
  200. ASN1_TYPE_free(asn1null);
  201. OSSL_CMP_ITAV_free(itav);
  202. return 0;
  203. }
  204. /* return 1 if implicitConfirm in the generalInfo field of the header is set */
  205. int ossl_cmp_hdr_has_implicitConfirm(const OSSL_CMP_PKIHEADER *hdr)
  206. {
  207. int itavCount;
  208. int i;
  209. OSSL_CMP_ITAV *itav;
  210. if (!ossl_assert(hdr != NULL))
  211. return 0;
  212. itavCount = sk_OSSL_CMP_ITAV_num(hdr->generalInfo);
  213. for (i = 0; i < itavCount; i++) {
  214. itav = sk_OSSL_CMP_ITAV_value(hdr->generalInfo, i);
  215. if (itav != NULL
  216. && OBJ_obj2nid(itav->infoType) == NID_id_it_implicitConfirm)
  217. return 1;
  218. }
  219. return 0;
  220. }
  221. /*
  222. * set ctx->transactionID in CMP header
  223. * if ctx->transactionID is NULL, a random one is created with 128 bit
  224. * according to section 5.1.1:
  225. *
  226. * It is RECOMMENDED that the clients fill the transactionID field with
  227. * 128 bits of (pseudo-) random data for the start of a transaction to
  228. * reduce the probability of having the transactionID in use at the server.
  229. */
  230. int ossl_cmp_hdr_set_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr)
  231. {
  232. if (ctx->transactionID == NULL
  233. && !set_random(&ctx->transactionID, ctx, OSSL_CMP_TRANSACTIONID_LENGTH))
  234. return 0;
  235. return ossl_cmp_asn1_octet_string_set1(&hdr->transactionID,
  236. ctx->transactionID);
  237. }
  238. /* fill in all fields of the hdr according to the info given in ctx */
  239. int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr)
  240. {
  241. const X509_NAME *sender;
  242. const X509_NAME *rcp = NULL;
  243. if (!ossl_assert(ctx != NULL && hdr != NULL))
  244. return 0;
  245. /* set the CMP version */
  246. if (!ossl_cmp_hdr_set_pvno(hdr, OSSL_CMP_PVNO))
  247. return 0;
  248. /*
  249. * If neither protection cert nor oldCert nor subject are given,
  250. * sender name is not known to the client and thus set to NULL-DN
  251. */
  252. sender = ctx->cert != NULL ? X509_get_subject_name(ctx->cert) :
  253. ctx->oldCert != NULL ? X509_get_subject_name(ctx->oldCert) :
  254. ctx->subjectName;
  255. if (!ossl_cmp_hdr_set1_sender(hdr, sender))
  256. return 0;
  257. /* determine recipient entry in PKIHeader */
  258. if (ctx->recipient != NULL)
  259. rcp = ctx->recipient;
  260. else if (ctx->srvCert != NULL)
  261. rcp = X509_get_subject_name(ctx->srvCert);
  262. else if (ctx->issuer != NULL)
  263. rcp = ctx->issuer;
  264. else if (ctx->oldCert != NULL)
  265. rcp = X509_get_issuer_name(ctx->oldCert);
  266. else if (ctx->cert != NULL)
  267. rcp = X509_get_issuer_name(ctx->cert);
  268. if (!ossl_cmp_hdr_set1_recipient(hdr, rcp))
  269. return 0;
  270. /* set current time as message time */
  271. if (!ossl_cmp_hdr_update_messageTime(hdr))
  272. return 0;
  273. if (ctx->recipNonce != NULL
  274. && !ossl_cmp_asn1_octet_string_set1(&hdr->recipNonce,
  275. ctx->recipNonce))
  276. return 0;
  277. if (!ossl_cmp_hdr_set_transactionID(ctx, hdr))
  278. return 0;
  279. /*-
  280. * set random senderNonce
  281. * according to section 5.1.1:
  282. *
  283. * senderNonce present
  284. * -- 128 (pseudo-)random bits
  285. * The senderNonce and recipNonce fields protect the PKIMessage against
  286. * replay attacks. The senderNonce will typically be 128 bits of
  287. * (pseudo-) random data generated by the sender, whereas the recipNonce
  288. * is copied from the senderNonce of the previous message in the
  289. * transaction.
  290. */
  291. if (!set_random(&hdr->senderNonce, ctx, OSSL_CMP_SENDERNONCE_LENGTH))
  292. return 0;
  293. /* store senderNonce - for cmp with recipNonce in next outgoing msg */
  294. if (!OSSL_CMP_CTX_set1_senderNonce(ctx, hdr->senderNonce))
  295. return 0;
  296. /*-
  297. * freeText [7] PKIFreeText OPTIONAL,
  298. * -- this may be used to indicate context-specific instructions
  299. * -- (this field is intended for human consumption)
  300. */
  301. if (ctx->freeText != NULL
  302. && !ossl_cmp_hdr_push1_freeText(hdr, ctx->freeText))
  303. return 0;
  304. return 1;
  305. }