1 /*
2 * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright Nokia 2007-2019
4 * Copyright Siemens AG 2015-2019
5 *
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 */
11
12 /* CMP functions for PKIHeader handling */
13
14 #include "cmp_local.h"
15
16 #include <openssl/rand.h>
17
18 /* explicit #includes not strictly needed since implied by the above: */
19 #include <openssl/asn1t.h>
20 #include <openssl/cmp.h>
21 #include <openssl/err.h>
22
ossl_cmp_hdr_set_pvno(OSSL_CMP_PKIHEADER * hdr,int pvno)23 int ossl_cmp_hdr_set_pvno(OSSL_CMP_PKIHEADER *hdr, int pvno)
24 {
25 if (!ossl_assert(hdr != NULL))
26 return 0;
27 return ASN1_INTEGER_set(hdr->pvno, pvno);
28 }
29
ossl_cmp_hdr_get_pvno(const OSSL_CMP_PKIHEADER * hdr)30 int ossl_cmp_hdr_get_pvno(const OSSL_CMP_PKIHEADER *hdr)
31 {
32 int64_t pvno;
33
34 if (!ossl_assert(hdr != NULL))
35 return -1;
36 if (!ASN1_INTEGER_get_int64(&pvno, hdr->pvno) || pvno < 0 || pvno > INT_MAX)
37 return -1;
38 return (int)pvno;
39 }
40
ossl_cmp_hdr_get_protection_nid(const OSSL_CMP_PKIHEADER * hdr)41 int ossl_cmp_hdr_get_protection_nid(const OSSL_CMP_PKIHEADER *hdr)
42 {
43 if (!ossl_assert(hdr != NULL)
44 || hdr->protectionAlg == NULL)
45 return NID_undef;
46 return OBJ_obj2nid(hdr->protectionAlg->algorithm);
47 }
48
OSSL_CMP_HDR_get0_transactionID(const OSSL_CMP_PKIHEADER * hdr)49 ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const OSSL_CMP_PKIHEADER *hdr)
50 {
51 if (hdr == NULL) {
52 ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
53 return NULL;
54 }
55 return hdr->transactionID;
56 }
57
ossl_cmp_hdr_get0_senderNonce(const OSSL_CMP_PKIHEADER * hdr)58 ASN1_OCTET_STRING *ossl_cmp_hdr_get0_senderNonce(const OSSL_CMP_PKIHEADER *hdr)
59 {
60 if (!ossl_assert(hdr != NULL))
61 return NULL;
62 return hdr->senderNonce;
63 }
64
OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER * hdr)65 ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr)
66 {
67 if (hdr == NULL) {
68 ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
69 return NULL;
70 }
71 return hdr->recipNonce;
72 }
73
STACK_OF(OSSL_CMP_ITAV)74 STACK_OF(OSSL_CMP_ITAV)
75 *OSSL_CMP_HDR_get0_geninfo_ITAVs(const OSSL_CMP_PKIHEADER *hdr)
76 {
77 if (hdr == NULL) {
78 ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
79 return NULL;
80 }
81 return hdr->generalInfo;
82 }
83
84 /* a NULL-DN as an empty sequence of RDNs */
ossl_cmp_general_name_is_NULL_DN(GENERAL_NAME * name)85 int ossl_cmp_general_name_is_NULL_DN(GENERAL_NAME *name)
86 {
87 return name == NULL
88 || (name->type == GEN_DIRNAME && IS_NULL_DN(name->d.directoryName));
89 }
90
91 /*
92 * Set the sender name in PKIHeader.
93 * when nm is NULL, sender is set to an empty string
94 * returns 1 on success, 0 on error
95 */
ossl_cmp_hdr_set1_sender(OSSL_CMP_PKIHEADER * hdr,const X509_NAME * nm)96 int ossl_cmp_hdr_set1_sender(OSSL_CMP_PKIHEADER *hdr, const X509_NAME *nm)
97 {
98 if (!ossl_assert(hdr != NULL))
99 return 0;
100 return GENERAL_NAME_set1_X509_NAME(&hdr->sender, nm);
101 }
102
ossl_cmp_hdr_set1_recipient(OSSL_CMP_PKIHEADER * hdr,const X509_NAME * nm)103 int ossl_cmp_hdr_set1_recipient(OSSL_CMP_PKIHEADER *hdr, const X509_NAME *nm)
104 {
105 if (!ossl_assert(hdr != NULL))
106 return 0;
107 return GENERAL_NAME_set1_X509_NAME(&hdr->recipient, nm);
108 }
109
ossl_cmp_hdr_update_messageTime(OSSL_CMP_PKIHEADER * hdr)110 int ossl_cmp_hdr_update_messageTime(OSSL_CMP_PKIHEADER *hdr)
111 {
112 if (!ossl_assert(hdr != NULL))
113 return 0;
114 if (hdr->messageTime == NULL
115 && (hdr->messageTime = ASN1_GENERALIZEDTIME_new()) == NULL)
116 return 0;
117 return ASN1_GENERALIZEDTIME_set(hdr->messageTime, time(NULL)) != NULL;
118 }
119
120 /* assign to *tgt a random byte array of given length */
set_random(ASN1_OCTET_STRING ** tgt,OSSL_CMP_CTX * ctx,size_t len)121 static int set_random(ASN1_OCTET_STRING **tgt, OSSL_CMP_CTX *ctx, size_t len)
122 {
123 unsigned char *bytes = OPENSSL_malloc(len);
124 int res = 0;
125
126 if (bytes == NULL || RAND_bytes_ex(ctx->libctx, bytes, len, 0) <= 0)
127 ERR_raise(ERR_LIB_CMP, CMP_R_FAILURE_OBTAINING_RANDOM);
128 else
129 res = ossl_cmp_asn1_octet_string_set1_bytes(tgt, bytes, len);
130 OPENSSL_free(bytes);
131 return res;
132 }
133
ossl_cmp_hdr_set1_senderKID(OSSL_CMP_PKIHEADER * hdr,const ASN1_OCTET_STRING * senderKID)134 int ossl_cmp_hdr_set1_senderKID(OSSL_CMP_PKIHEADER *hdr,
135 const ASN1_OCTET_STRING *senderKID)
136 {
137 if (!ossl_assert(hdr != NULL))
138 return 0;
139 return ossl_cmp_asn1_octet_string_set1(&hdr->senderKID, senderKID);
140 }
141
142 /* push the given text string to the given PKIFREETEXT ft */
ossl_cmp_hdr_push0_freeText(OSSL_CMP_PKIHEADER * hdr,ASN1_UTF8STRING * text)143 int ossl_cmp_hdr_push0_freeText(OSSL_CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text)
144 {
145 if (!ossl_assert(hdr != NULL && text != NULL))
146 return 0;
147
148 if (hdr->freeText == NULL
149 && (hdr->freeText = sk_ASN1_UTF8STRING_new_null()) == NULL)
150 return 0;
151
152 return sk_ASN1_UTF8STRING_push(hdr->freeText, text);
153 }
154
ossl_cmp_hdr_push1_freeText(OSSL_CMP_PKIHEADER * hdr,ASN1_UTF8STRING * text)155 int ossl_cmp_hdr_push1_freeText(OSSL_CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text)
156 {
157 if (!ossl_assert(hdr != NULL && text != NULL))
158 return 0;
159
160 if (hdr->freeText == NULL
161 && (hdr->freeText = sk_ASN1_UTF8STRING_new_null()) == NULL)
162 return 0;
163
164 return ossl_cmp_sk_ASN1_UTF8STRING_push_str(hdr->freeText, (char *)text->data,
165 text->length);
166 }
167
ossl_cmp_hdr_generalInfo_push0_item(OSSL_CMP_PKIHEADER * hdr,OSSL_CMP_ITAV * itav)168 int ossl_cmp_hdr_generalInfo_push0_item(OSSL_CMP_PKIHEADER *hdr,
169 OSSL_CMP_ITAV *itav)
170 {
171 if (!ossl_assert(hdr != NULL && itav != NULL))
172 return 0;
173 return OSSL_CMP_ITAV_push0_stack_item(&hdr->generalInfo, itav);
174 }
175
ossl_cmp_hdr_generalInfo_push1_items(OSSL_CMP_PKIHEADER * hdr,const STACK_OF (OSSL_CMP_ITAV)* itavs)176 int ossl_cmp_hdr_generalInfo_push1_items(OSSL_CMP_PKIHEADER *hdr,
177 const STACK_OF(OSSL_CMP_ITAV) *itavs)
178 {
179 int i;
180 OSSL_CMP_ITAV *itav;
181
182 if (!ossl_assert(hdr != NULL))
183 return 0;
184
185 for (i = 0; i < sk_OSSL_CMP_ITAV_num(itavs); i++) {
186 itav = OSSL_CMP_ITAV_dup(sk_OSSL_CMP_ITAV_value(itavs, i));
187 if (itav == NULL)
188 return 0;
189
190 if (!ossl_cmp_hdr_generalInfo_push0_item(hdr, itav)) {
191 OSSL_CMP_ITAV_free(itav);
192 return 0;
193 }
194 }
195 return 1;
196 }
197
ossl_cmp_hdr_set_implicitConfirm(OSSL_CMP_PKIHEADER * hdr)198 int ossl_cmp_hdr_set_implicitConfirm(OSSL_CMP_PKIHEADER *hdr)
199 {
200 OSSL_CMP_ITAV *itav;
201 ASN1_TYPE *asn1null;
202
203 if (!ossl_assert(hdr != NULL))
204 return 0;
205 asn1null = (ASN1_TYPE *)ASN1_NULL_new();
206 if (asn1null == NULL)
207 return 0;
208 if ((itav = OSSL_CMP_ITAV_create(OBJ_nid2obj(NID_id_it_implicitConfirm),
209 asn1null))
210 == NULL)
211 goto err;
212 if (!ossl_cmp_hdr_generalInfo_push0_item(hdr, itav))
213 goto err;
214 return 1;
215
216 err:
217 ASN1_TYPE_free(asn1null);
218 OSSL_CMP_ITAV_free(itav);
219 return 0;
220 }
221
222 /* return 1 if implicitConfirm in the generalInfo field of the header is set */
ossl_cmp_hdr_has_implicitConfirm(const OSSL_CMP_PKIHEADER * hdr)223 int ossl_cmp_hdr_has_implicitConfirm(const OSSL_CMP_PKIHEADER *hdr)
224 {
225 int itavCount;
226 int i;
227 OSSL_CMP_ITAV *itav;
228
229 if (!ossl_assert(hdr != NULL))
230 return 0;
231
232 itavCount = sk_OSSL_CMP_ITAV_num(hdr->generalInfo);
233 for (i = 0; i < itavCount; i++) {
234 itav = sk_OSSL_CMP_ITAV_value(hdr->generalInfo, i);
235 if (itav != NULL
236 && OBJ_obj2nid(itav->infoType) == NID_id_it_implicitConfirm)
237 return 1;
238 }
239
240 return 0;
241 }
242
243 /*
244 * set ctx->transactionID in CMP header
245 * if ctx->transactionID is NULL, a random one is created with 128 bit
246 * according to section 5.1.1:
247 *
248 * It is RECOMMENDED that the clients fill the transactionID field with
249 * 128 bits of (pseudo-) random data for the start of a transaction to
250 * reduce the probability of having the transactionID in use at the server.
251 */
ossl_cmp_hdr_set_transactionID(OSSL_CMP_CTX * ctx,OSSL_CMP_PKIHEADER * hdr)252 int ossl_cmp_hdr_set_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr)
253 {
254 if (ctx->transactionID == NULL) {
255 char *tid;
256
257 if (!set_random(&ctx->transactionID, ctx,
258 OSSL_CMP_TRANSACTIONID_LENGTH))
259 return 0;
260 tid = i2s_ASN1_OCTET_STRING(NULL, ctx->transactionID);
261 if (tid != NULL)
262 ossl_cmp_log1(DEBUG, ctx,
263 "Starting new transaction with ID=%s", tid);
264 OPENSSL_free(tid);
265 }
266
267 return ossl_cmp_asn1_octet_string_set1(&hdr->transactionID,
268 ctx->transactionID);
269 }
270
271 /* fill in all fields of the hdr according to the info given in ctx */
ossl_cmp_hdr_init(OSSL_CMP_CTX * ctx,OSSL_CMP_PKIHEADER * hdr)272 int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr)
273 {
274 const X509_NAME *sender;
275 const X509_NAME *rcp = NULL;
276
277 if (!ossl_assert(ctx != NULL && hdr != NULL))
278 return 0;
279
280 /* set the CMP version */
281 if (!ossl_cmp_hdr_set_pvno(hdr, OSSL_CMP_PVNO))
282 return 0;
283
284 /*
285 * If no protection cert nor oldCert nor CSR nor subject is given,
286 * sender name is not known to the client and thus set to NULL-DN
287 */
288 sender = ctx->cert != NULL ? X509_get_subject_name(ctx->cert) : ctx->oldCert != NULL ? X509_get_subject_name(ctx->oldCert)
289 : ctx->p10CSR != NULL ? X509_REQ_get_subject_name(ctx->p10CSR)
290 : ctx->subjectName;
291 if (!ossl_cmp_hdr_set1_sender(hdr, sender))
292 return 0;
293
294 /* determine recipient entry in PKIHeader */
295 if (ctx->recipient != NULL)
296 rcp = ctx->recipient;
297 else if (ctx->srvCert != NULL)
298 rcp = X509_get_subject_name(ctx->srvCert);
299 else if (ctx->issuer != NULL)
300 rcp = ctx->issuer;
301 else if (ctx->oldCert != NULL)
302 rcp = X509_get_issuer_name(ctx->oldCert);
303 else if (ctx->cert != NULL)
304 rcp = X509_get_issuer_name(ctx->cert);
305 if (!ossl_cmp_hdr_set1_recipient(hdr, rcp))
306 return 0;
307
308 /* set current time as message time */
309 if (!ossl_cmp_hdr_update_messageTime(hdr))
310 return 0;
311
312 if (ctx->recipNonce != NULL
313 && !ossl_cmp_asn1_octet_string_set1(&hdr->recipNonce,
314 ctx->recipNonce))
315 return 0;
316
317 if (!ossl_cmp_hdr_set_transactionID(ctx, hdr))
318 return 0;
319
320 /*-
321 * set random senderNonce
322 * according to section 5.1.1:
323 *
324 * senderNonce present
325 * -- 128 (pseudo-)random bits
326 * The senderNonce and recipNonce fields protect the PKIMessage against
327 * replay attacks. The senderNonce will typically be 128 bits of
328 * (pseudo-) random data generated by the sender, whereas the recipNonce
329 * is copied from the senderNonce of the previous message in the
330 * transaction.
331 */
332 if (!set_random(&hdr->senderNonce, ctx, OSSL_CMP_SENDERNONCE_LENGTH))
333 return 0;
334
335 /* store senderNonce - for cmp with recipNonce in next outgoing msg */
336 if (!OSSL_CMP_CTX_set1_senderNonce(ctx, hdr->senderNonce))
337 return 0;
338
339 /*-
340 * freeText [7] PKIFreeText OPTIONAL,
341 * -- this may be used to indicate context-specific instructions
342 * -- (this field is intended for human consumption)
343 */
344 if (ctx->freeText != NULL
345 && !ossl_cmp_hdr_push1_freeText(hdr, ctx->freeText))
346 return 0;
347
348 return 1;
349 }
350