/* Support of PKCS#7 data structures * Copyright (C) 2005 Jan Hutter, Martin Willi * Copyright (C) 2002-2005 Andreas Steffen * Hochschule fuer Technik Rapperswil, Switzerland * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * * RCSID $Id$ */ #include #include #include #include #include "constants.h" #include "defs.h" #include "asn1.h" #include #include "log.h" #include "x509.h" #include "certs.h" #include "pkcs7.h" #include "rnd.h" const contentInfo_t empty_contentInfo = { OID_UNKNOWN , /* type */ { NULL, 0 } /* content */ }; /* ASN.1 definition of the PKCS#7 ContentInfo type */ static const asn1Object_t contentInfoObjects[] = { { 0, "contentInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ { 1, "contentType", ASN1_OID, ASN1_BODY }, /* 1 */ { 1, "content", ASN1_CONTEXT_C_0, ASN1_OPT | ASN1_BODY }, /* 2 */ { 1, "end opt", ASN1_EOC, ASN1_END } /* 3 */ }; #define PKCS7_INFO_TYPE 1 #define PKCS7_INFO_CONTENT 2 #define PKCS7_INFO_ROOF 4 /* ASN.1 definition of the PKCS#7 signedData type */ static const asn1Object_t signedDataObjects[] = { { 0, "signedData", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */ { 1, "digestAlgorithms", ASN1_SET, ASN1_LOOP }, /* 2 */ { 2, "algorithm", ASN1_EOC, ASN1_RAW }, /* 3 */ { 1, "end loop", ASN1_EOC, ASN1_END }, /* 4 */ { 1, "contentInfo", ASN1_EOC, ASN1_RAW }, /* 5 */ { 1, "certificates", ASN1_CONTEXT_C_0, ASN1_OPT | ASN1_LOOP }, /* 6 */ { 2, "certificate", ASN1_SEQUENCE, ASN1_OBJ }, /* 7 */ { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 8 */ { 1, "crls", ASN1_CONTEXT_C_1, ASN1_OPT | ASN1_LOOP }, /* 9 */ { 2, "crl", ASN1_SEQUENCE, ASN1_OBJ }, /* 10 */ { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 11 */ { 1, "signerInfos", ASN1_SET, ASN1_LOOP }, /* 12 */ { 2, "signerInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 13 */ { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 14 */ { 3, "issuerAndSerialNumber", ASN1_SEQUENCE, ASN1_BODY }, /* 15 */ { 4, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 16 */ { 4, "serial", ASN1_INTEGER, ASN1_BODY }, /* 17 */ { 3, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 18 */ { 3, "authenticatedAttributes", ASN1_CONTEXT_C_0, ASN1_OPT | ASN1_OBJ }, /* 19 */ { 3, "end opt", ASN1_EOC, ASN1_END }, /* 20 */ { 3, "digestEncryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 21 */ { 3, "encryptedDigest", ASN1_OCTET_STRING, ASN1_BODY }, /* 22 */ { 3, "unauthenticatedAttributes", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 23 */ { 3, "end opt", ASN1_EOC, ASN1_END }, /* 24 */ { 1, "end loop", ASN1_EOC, ASN1_END } /* 25 */ }; #define PKCS7_DIGEST_ALG 3 #define PKCS7_SIGNED_CONTENT_INFO 5 #define PKCS7_SIGNED_CERT 7 #define PKCS7_SIGNER_INFO 13 #define PKCS7_SIGNED_ISSUER 16 #define PKCS7_SIGNED_SERIAL_NUMBER 17 #define PKCS7_DIGEST_ALGORITHM 18 #define PKCS7_AUTH_ATTRIBUTES 19 #define PKCS7_DIGEST_ENC_ALGORITHM 21 #define PKCS7_ENCRYPTED_DIGEST 22 #define PKCS7_SIGNED_ROOF 26 /* ASN.1 definition of the PKCS#7 envelopedData type */ static const asn1Object_t envelopedDataObjects[] = { { 0, "envelopedData", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */ { 1, "recipientInfos", ASN1_SET, ASN1_LOOP }, /* 2 */ { 2, "recipientInfo", ASN1_SEQUENCE, ASN1_BODY }, /* 3 */ { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 4 */ { 3, "issuerAndSerialNumber", ASN1_SEQUENCE, ASN1_BODY }, /* 5 */ { 4, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 6 */ { 4, "serial", ASN1_INTEGER, ASN1_BODY }, /* 7 */ { 3, "encryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 8 */ { 3, "encryptedKey", ASN1_OCTET_STRING, ASN1_BODY }, /* 9 */ { 1, "end loop", ASN1_EOC, ASN1_END }, /* 10 */ { 1, "encryptedContentInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 11 */ { 2, "contentType", ASN1_OID, ASN1_BODY }, /* 12 */ { 2, "contentEncryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 13 */ { 2, "encryptedContent", ASN1_CONTEXT_S_0, ASN1_BODY } /* 14 */ }; #define PKCS7_ENVELOPED_VERSION 1 #define PKCS7_RECIPIENT_INFO_VERSION 4 #define PKCS7_ISSUER 6 #define PKCS7_SERIAL_NUMBER 7 #define PKCS7_ENCRYPTION_ALG 8 #define PKCS7_ENCRYPTED_KEY 9 #define PKCS7_CONTENT_TYPE 12 #define PKCS7_CONTENT_ENC_ALGORITHM 13 #define PKCS7_ENCRYPTED_CONTENT 14 #define PKCS7_ENVELOPED_ROOF 15 /* PKCS7 contentInfo OIDs */ static u_char ASN1_pkcs7_data_oid_str[] = { 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01 }; static u_char ASN1_pkcs7_signed_data_oid_str[] = { 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 }; static u_char ASN1_pkcs7_enveloped_data_oid_str[] = { 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x03 }; static u_char ASN1_pkcs7_signed_enveloped_data_oid_str[] = { 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x04 }; static u_char ASN1_pkcs7_digested_data_oid_str[] = { 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x05 }; static char ASN1_pkcs7_encrypted_data_oid_str[] = { 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x06 }; static const chunk_t ASN1_pkcs7_data_oid = chunk_from_buf(ASN1_pkcs7_data_oid_str); static const chunk_t ASN1_pkcs7_signed_data_oid = chunk_from_buf(ASN1_pkcs7_signed_data_oid_str); static const chunk_t ASN1_pkcs7_enveloped_data_oid = chunk_from_buf(ASN1_pkcs7_enveloped_data_oid_str); static const chunk_t ASN1_pkcs7_signed_enveloped_data_oid = chunk_from_buf(ASN1_pkcs7_signed_enveloped_data_oid_str); static const chunk_t ASN1_pkcs7_digested_data_oid = chunk_from_buf(ASN1_pkcs7_digested_data_oid_str); static const chunk_t ASN1_pkcs7_encrypted_data_oid = chunk_from_buf(ASN1_pkcs7_encrypted_data_oid_str); /* 3DES and DES encryption OIDs */ static u_char ASN1_3des_ede_cbc_oid_str[] = { 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03, 0x07 }; static u_char ASN1_des_cbc_oid_str[] = { 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x07 }; static const chunk_t ASN1_3des_ede_cbc_oid = chunk_from_buf(ASN1_3des_ede_cbc_oid_str); static const chunk_t ASN1_des_cbc_oid = chunk_from_buf(ASN1_des_cbc_oid_str); /* PKCS#7 attribute type OIDs */ static u_char ASN1_contentType_oid_str[] = { 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x03 }; static u_char ASN1_messageDigest_oid_str[] = { 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x04 }; static const chunk_t ASN1_contentType_oid = chunk_from_buf(ASN1_contentType_oid_str); static const chunk_t ASN1_messageDigest_oid = chunk_from_buf(ASN1_messageDigest_oid_str); /* * Parse PKCS#7 ContentInfo object */ bool pkcs7_parse_contentInfo(chunk_t blob, u_int level0, contentInfo_t *cInfo) { asn1_ctx_t ctx; chunk_t object; u_int level; int objectID = 0; asn1_init(&ctx, blob, level0, FALSE, DBG_RAW); while (objectID < PKCS7_INFO_ROOF) { if (!extract_object(contentInfoObjects, &objectID, &object, &level, &ctx)) return FALSE; if (objectID == PKCS7_INFO_TYPE) { cInfo->type = asn1_known_oid(object); if (cInfo->type < OID_PKCS7_DATA || cInfo->type > OID_PKCS7_ENCRYPTED_DATA) { plog("unknown pkcs7 content type"); return FALSE; } } else if (objectID == PKCS7_INFO_CONTENT) { cInfo->content = object; } objectID++; } return TRUE; } /* * Parse a PKCS#7 signedData object */ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert , chunk_t *attributes, const x509cert_t *cacert) { u_char buf[BUF_LEN]; asn1_ctx_t ctx; chunk_t object; u_int level; int digest_alg = OID_UNKNOWN; int enc_alg = OID_UNKNOWN; int signerInfos = 0; int objectID = 0; contentInfo_t cInfo = empty_contentInfo; chunk_t encrypted_digest = chunk_empty; if (!pkcs7_parse_contentInfo(blob, 0, &cInfo)) return FALSE; if (cInfo.type != OID_PKCS7_SIGNED_DATA) { plog("pkcs7 content type is not signedData"); return FALSE; } asn1_init(&ctx, cInfo.content, 2, FALSE, DBG_RAW); while (objectID < PKCS7_SIGNED_ROOF) { if (!extract_object(signedDataObjects, &objectID, &object, &level, &ctx)) return FALSE; switch (objectID) { case PKCS7_DIGEST_ALG: digest_alg = parse_algorithmIdentifier(object, level, NULL); break; case PKCS7_SIGNED_CONTENT_INFO: if (data != NULL) { pkcs7_parse_contentInfo(object, level, data); } break; case PKCS7_SIGNED_CERT: if (cert != NULL) { chunk_t cert_blob = chunk_clone(object); x509cert_t *newcert = malloc_thing(x509cert_t); *newcert = empty_x509cert; DBG(DBG_CONTROL | DBG_PARSING, DBG_log("parsing pkcs7-wrapped certificate") ) if (parse_x509cert(cert_blob, level+1, newcert)) { newcert->next = *cert; *cert = newcert; } else { free_x509cert(newcert); } } break; case PKCS7_SIGNER_INFO: signerInfos++; DBG(DBG_PARSING, DBG_log(" signer #%d", signerInfos) ) break; case PKCS7_SIGNED_ISSUER: DBG(DBG_PARSING, dntoa(buf, BUF_LEN, object); DBG_log(" '%s'",buf) ) break; case PKCS7_AUTH_ATTRIBUTES: if (attributes != NULL) { *attributes = object; *attributes->ptr = ASN1_SET; } break; case PKCS7_DIGEST_ALGORITHM: digest_alg = parse_algorithmIdentifier(object, level, NULL); break; case PKCS7_DIGEST_ENC_ALGORITHM: enc_alg = parse_algorithmIdentifier(object, level, NULL); break; case PKCS7_ENCRYPTED_DIGEST: encrypted_digest = object; } objectID++; } /* check the signature only if a cacert is available */ if (cacert != NULL) { if (signerInfos == 0) { plog("no signerInfo object found"); return FALSE; } else if (signerInfos > 1) { plog("more than one signerInfo object found"); return FALSE; } if (attributes->ptr == NULL) { plog("no authenticatedAttributes object found"); return FALSE; } if (!check_signature(*attributes, encrypted_digest, digest_alg , enc_alg, cacert)) { plog("invalid signature"); return FALSE; } else { DBG(DBG_CONTROL, DBG_log("signature is valid") ) } } return TRUE; } /* * Parse a PKCS#7 envelopedData object */ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data , chunk_t serialNumber, const RSA_private_key_t *key) { asn1_ctx_t ctx; chunk_t object; chunk_t iv = chunk_empty; chunk_t symmetric_key = chunk_empty; chunk_t encrypted_content = chunk_empty; u_char buf[BUF_LEN]; u_int level; u_int total_keys = 3; int enc_alg = OID_UNKNOWN; int content_enc_alg = OID_UNKNOWN; int objectID = 0; contentInfo_t cInfo = empty_contentInfo; *data = chunk_empty; if (!pkcs7_parse_contentInfo(blob, 0, &cInfo)) goto failed; if (cInfo.type != OID_PKCS7_ENVELOPED_DATA) { plog("pkcs7 content type is not envelopedData"); return FALSE; } asn1_init(&ctx, cInfo.content, 2, FALSE, DBG_RAW); while (objectID < PKCS7_ENVELOPED_ROOF) { if (!extract_object(envelopedDataObjects, &objectID, &object, &level, &ctx)) goto failed; switch (objectID) { case PKCS7_ENVELOPED_VERSION: if (*object.ptr != 0) { plog("envelopedData version is not 0"); goto failed; } break; case PKCS7_RECIPIENT_INFO_VERSION: if (*object.ptr != 0) { plog("recipient info version is not 0"); goto failed; } break; case PKCS7_ISSUER: DBG(DBG_PARSING, dntoa(buf, BUF_LEN, object); DBG_log(" '%s'", buf) ) break; case PKCS7_SERIAL_NUMBER: if (!chunk_equals(serialNumber, object)) { plog("serial numbers do not match"); goto failed; } break; case PKCS7_ENCRYPTION_ALG: enc_alg = parse_algorithmIdentifier(object, level, NULL); if (enc_alg != OID_RSA_ENCRYPTION) { plog("only rsa encryption supported"); goto failed; } break; case PKCS7_ENCRYPTED_KEY: if (!RSA_decrypt(key, object, &symmetric_key)) { plog("symmetric key could not be decrypted with rsa"); goto failed; } DBG(DBG_PRIVATE, DBG_dump_chunk("symmetric key :", symmetric_key) ) break; case PKCS7_CONTENT_TYPE: if (asn1_known_oid(object) != OID_PKCS7_DATA) { plog("encrypted content not of type pkcs7 data"); goto failed; } break; case PKCS7_CONTENT_ENC_ALGORITHM: content_enc_alg = parse_algorithmIdentifier(object, level, &iv); switch (content_enc_alg) { case OID_DES_CBC: total_keys = 1; break; case OID_3DES_EDE_CBC: total_keys = 3; break; default: plog("Only DES and 3DES supported for symmetric encryption"); goto failed; } if (symmetric_key.len != (total_keys * DES_CBC_BLOCK_SIZE)) { plog("key length is not %d",(total_keys * DES_CBC_BLOCK_SIZE)); goto failed; } if (!parse_asn1_simple_object(&iv, ASN1_OCTET_STRING, level+1, "IV")) { plog("IV could not be parsed"); goto failed; } if (iv.len != DES_CBC_BLOCK_SIZE) { plog("IV has wrong length"); goto failed; } break; case PKCS7_ENCRYPTED_CONTENT: encrypted_content = object; break; } objectID++; } /* decrypt the content */ { u_int i; des_cblock des_key[3], des_iv; des_key_schedule key_s[3]; memcpy((char *)des_key, symmetric_key.ptr, symmetric_key.len); memcpy((char *)des_iv, iv.ptr, iv.len); for (i = 0; i < total_keys; i++) { if (des_set_key(&des_key[i], key_s[i])) { plog("des key schedule failed"); goto failed; } } data->len = encrypted_content.len; data->ptr = malloc(data->len); switch (content_enc_alg) { case OID_DES_CBC: des_cbc_encrypt((des_cblock*)encrypted_content.ptr , (des_cblock*)data->ptr, data->len , key_s[0], &des_iv, DES_DECRYPT); break; case OID_3DES_EDE_CBC: des_ede3_cbc_encrypt( (des_cblock*)encrypted_content.ptr , (des_cblock*)data->ptr, data->len , key_s[0], key_s[1], key_s[2] , &des_iv, DES_DECRYPT); } DBG(DBG_PRIVATE, DBG_dump_chunk("decrypted content with padding:\n", *data) ) } /* remove the padding */ { u_char *pos = data->ptr + data->len - 1; u_char pattern = *pos; size_t padding = pattern; if (padding > data->len) { plog("padding greater than data length"); goto failed; } data->len -= padding; while (padding-- > 0) { if (*pos-- != pattern) { plog("wrong padding pattern"); goto failed; } } } chunk_clear(&symmetric_key); return TRUE; failed: chunk_clear(&symmetric_key); free(data->ptr); return FALSE; } /** * @brief Builds a contentType attribute * * @return ASN.1 encoded contentType attribute */ chunk_t pkcs7_contentType_attribute(void) { return asn1_wrap(ASN1_SEQUENCE, "cm" , ASN1_contentType_oid , asn1_simple_object(ASN1_SET, ASN1_pkcs7_data_oid)); } /** * @brief Builds a messageDigest attribute * * * @param[in] blob content to create digest of * @param[in] digest_alg digest algorithm to be used * @return ASN.1 encoded messageDigest attribute * */ chunk_t pkcs7_messageDigest_attribute(chunk_t content, int digest_alg) { u_char digest_buf[MAX_DIGEST_LEN]; chunk_t digest = { digest_buf, MAX_DIGEST_LEN }; compute_digest(content, digest_alg, &digest); return asn1_wrap(ASN1_SEQUENCE, "cm" , ASN1_messageDigest_oid , asn1_wrap(ASN1_SET, "m" , asn1_simple_object(ASN1_OCTET_STRING, digest) ) ); } /* * build a DER-encoded contentInfo object */ static chunk_t pkcs7_build_contentInfo(contentInfo_t *cInfo) { chunk_t content_type; /* select DER-encoded OID for pkcs7 contentInfo type */ switch(cInfo->type) { case OID_PKCS7_DATA: content_type = ASN1_pkcs7_data_oid; break; case OID_PKCS7_SIGNED_DATA: content_type = ASN1_pkcs7_signed_data_oid; break; case OID_PKCS7_ENVELOPED_DATA: content_type = ASN1_pkcs7_enveloped_data_oid; break; case OID_PKCS7_SIGNED_ENVELOPED_DATA: content_type = ASN1_pkcs7_signed_enveloped_data_oid; break; case OID_PKCS7_DIGESTED_DATA: content_type = ASN1_pkcs7_digested_data_oid; break; case OID_PKCS7_ENCRYPTED_DATA: content_type = ASN1_pkcs7_encrypted_data_oid; break; case OID_UNKNOWN: default: fprintf(stderr, "invalid pkcs7 contentInfo type"); return chunk_empty; } return (cInfo->content.ptr == NULL) ? asn1_simple_object(ASN1_SEQUENCE, content_type) : asn1_wrap(ASN1_SEQUENCE, "cm" , content_type , asn1_simple_object(ASN1_CONTEXT_C_0, cInfo->content) ); } /* * build issuerAndSerialNumber object */ chunk_t pkcs7_build_issuerAndSerialNumber(const x509cert_t *cert) { return asn1_wrap(ASN1_SEQUENCE, "cm" , cert->issuer , asn1_simple_object(ASN1_INTEGER, cert->serialNumber)); } /* * create a signed pkcs7 contentInfo object */ chunk_t pkcs7_build_signedData(chunk_t data, chunk_t attributes, const x509cert_t *cert , int digest_alg, const RSA_private_key_t *key) { contentInfo_t pkcs7Data, signedData; chunk_t authenticatedAttributes, encryptedDigest, signerInfo, cInfo; chunk_t digestAlgorithm = asn1_algorithmIdentifier(digest_alg); if (attributes.ptr != NULL) { encryptedDigest = pkcs1_build_signature(attributes, digest_alg , key, FALSE); authenticatedAttributes = chunk_clone(attributes); *authenticatedAttributes.ptr = ASN1_CONTEXT_C_0; } else { encryptedDigest = (data.ptr == NULL)? chunk_empty : pkcs1_build_signature(data, digest_alg, key, FALSE); authenticatedAttributes = chunk_empty; } signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmcmcm" , ASN1_INTEGER_1 , pkcs7_build_issuerAndSerialNumber(cert) , digestAlgorithm , authenticatedAttributes , ASN1_rsaEncryption_id , encryptedDigest); pkcs7Data.type = OID_PKCS7_DATA; pkcs7Data.content = (data.ptr == NULL)? chunk_empty : asn1_simple_object(ASN1_OCTET_STRING, data); signedData.type = OID_PKCS7_SIGNED_DATA; signedData.content = asn1_wrap(ASN1_SEQUENCE, "cmmmm" , ASN1_INTEGER_1 , asn1_simple_object(ASN1_SET, digestAlgorithm) , pkcs7_build_contentInfo(&pkcs7Data) , asn1_simple_object(ASN1_CONTEXT_C_0, cert->certificate) , asn1_wrap(ASN1_SET, "m", signerInfo)); cInfo = pkcs7_build_contentInfo(&signedData); DBG(DBG_RAW, DBG_dump_chunk("signedData:\n", cInfo) ) free(pkcs7Data.content.ptr); free(signedData.content.ptr); return cInfo; } /* * create a symmetrically encrypted pkcs7 contentInfo object */ chunk_t pkcs7_build_envelopedData(chunk_t data, const x509cert_t *cert, int cipher) { bool des_check_key_save; des_key_schedule ks[3]; des_cblock key[3], des_iv, des_iv_buf; chunk_t iv = { (u_char *)des_iv_buf, DES_CBC_BLOCK_SIZE }; chunk_t out; chunk_t cipher_oid; u_int total_keys, i; size_t padding = pad_up(data.len, DES_CBC_BLOCK_SIZE); RSA_public_key_t public_key; init_RSA_public_key(&public_key, cert->publicExponent , cert->modulus); if (padding == 0) padding += DES_CBC_BLOCK_SIZE; out.len = data.len + padding; out.ptr = malloc(out.len); DBG(DBG_CONTROL, DBG_log("padding %d bytes of data to multiple DES block size of %d bytes" , (int)data.len, (int)out.len) ) /* copy data */ memcpy(out.ptr, data.ptr, data.len); /* append padding */ memset(out.ptr + data.len, padding, padding); DBG(DBG_RAW, DBG_dump_chunk("Padded unencrypted data:\n", out) ) /* select OID and keylength for specified cipher */ switch (cipher) { case OID_DES_CBC: total_keys = 1; cipher_oid = ASN1_des_cbc_oid; break; case OID_3DES_EDE_CBC: default: total_keys = 3; cipher_oid = ASN1_3des_ede_cbc_oid; } DBG(DBG_CONTROLMORE, DBG_log("pkcs7 encryption cipher: %s", oid_names[cipher].name) ) /* generate a strong random key for DES/3DES */ des_check_key_save = des_check_key; des_check_key = TRUE; for (i = 0; i < total_keys;i++) { for (;;) { get_rnd_bytes((char*)key[i], DES_CBC_BLOCK_SIZE); des_set_odd_parity(&key[i]); if (!des_set_key(&key[i], ks[i])) break; plog("weak DES key discarded - we try again"); } DBG(DBG_PRIVATE, DBG_dump("DES key:", key[i], 8) ) } des_check_key = des_check_key_save; /* generate an iv for DES/3DES CBC */ get_rnd_bytes(des_iv, DES_CBC_BLOCK_SIZE); memcpy(iv.ptr, des_iv, DES_CBC_BLOCK_SIZE); DBG(DBG_RAW, DBG_dump_chunk("DES IV :", iv) ) /* encryption using specified cipher */ switch (cipher) { case OID_DES_CBC: des_cbc_encrypt((des_cblock*)out.ptr, (des_cblock*)out.ptr, out.len , ks[0], &des_iv, DES_ENCRYPT); break; case OID_3DES_EDE_CBC: default: des_ede3_cbc_encrypt((des_cblock*)out.ptr, (des_cblock*)out.ptr, out.len , ks[0], ks[1], ks[2], &des_iv, DES_ENCRYPT); } DBG(DBG_RAW, DBG_dump_chunk("Encrypted data:\n", out)); /* build pkcs7 enveloped data object */ { chunk_t contentEncryptionAlgorithm = asn1_wrap(ASN1_SEQUENCE, "cm" , cipher_oid , asn1_simple_object(ASN1_OCTET_STRING, iv)); chunk_t encryptedContentInfo = asn1_wrap(ASN1_SEQUENCE, "cmm" , ASN1_pkcs7_data_oid , contentEncryptionAlgorithm , asn1_wrap(ASN1_CONTEXT_S_0, "m", out)); chunk_t plainKey = { (u_char *)key, DES_CBC_BLOCK_SIZE * total_keys }; chunk_t encryptedKey = asn1_wrap(ASN1_OCTET_STRING, "m" , RSA_encrypt(&public_key, plainKey)); chunk_t recipientInfo = asn1_wrap(ASN1_SEQUENCE, "cmcm" , ASN1_INTEGER_0 , pkcs7_build_issuerAndSerialNumber(cert) , ASN1_rsaEncryption_id , encryptedKey); chunk_t cInfo; contentInfo_t envelopedData; envelopedData.type = OID_PKCS7_ENVELOPED_DATA; envelopedData.content = asn1_wrap(ASN1_SEQUENCE, "cmm" , ASN1_INTEGER_0 , asn1_wrap(ASN1_SET, "m", recipientInfo) , encryptedContentInfo); cInfo = pkcs7_build_contentInfo(&envelopedData); DBG(DBG_RAW, DBG_dump_chunk("envelopedData:\n", cInfo) ) free_RSA_public_content(&public_key); free(envelopedData.content.ptr); return cInfo; } }