Implement PKCS#7 signed-data parsing and verification

2025-12-05 00:01:49 -05:00 · 2012-11-26 15:05:15 +01:00 · 2012-11-26 15:05:15 +01:00 · 98bbe0760f
commit 98bbe0760f
parent 83ed1464e3
4 changed files with 444 additions and 0 deletions
--- a/src/libstrongswan/plugins/pkcs7/Makefile.am
+++ b/src/libstrongswan/plugins/pkcs7/Makefile.am
@ -11,6 +11,7 @@ endif
 libstrongswan_pkcs7_la_SOURCES = \
 	pkcs7_generic.h pkcs7_generic.c \
 	pkcs7_signed_data.h pkcs7_signed_data.c \
 	pkcs7_data.h pkcs7_data.c \
 	pkcs7_plugin.h pkcs7_plugin.c
--- a/src/libstrongswan/plugins/pkcs7/pkcs7_generic.c
+++ b/src/libstrongswan/plugins/pkcs7/pkcs7_generic.c
@ -19,6 +19,7 @@
 #include "pkcs7_generic.h"
 #include "pkcs7_data.h"
 #include "pkcs7_signed_data.h"
 #include <utils/debug.h>
 #include <asn1/oid.h>
@ -79,6 +80,8 @@ end:
 		{
 			case OID_PKCS7_DATA:
 				return pkcs7_data_load(blob, content);
 			case OID_PKCS7_SIGNED_DATA:
 				return pkcs7_signed_data_load(blob, content);
 			default:
 				DBG1(DBG_ASN, "pkcs7 content type %d not supported", type);
 				return NULL;
--- a/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c
+++ b/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c
@ -0,0 +1,404 @@
 /*
 * Copyright (C) 2012 Martin Willi
 * Copyright (C) 2012 revosec AG
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */
 #include "pkcs7_signed_data.h"
 #include <utils/debug.h>
 #include <asn1/oid.h>
 #include <asn1/asn1.h>
 #include <asn1/asn1_parser.h>
 #include <crypto/pkcs9.h>
 #include <credentials/sets/mem_cred.h>
 typedef struct private_pkcs7_signed_data_t private_pkcs7_signed_data_t;
 /**
 * Private data of a PKCS#7 signed-data container.
 */
 struct private_pkcs7_signed_data_t {
 	/**
 	 * Implements pkcs7_t.
 	 */
 	pkcs7_t public;
 	/**
 	 * Signed content data
 	 */
 	container_t *content;
 	/**
 	 * Encoded PKCS#7 signed-data
 	 */
 	chunk_t encoding;
 	/**
 	 * Attributes of first signerInfo
 	 */
 	pkcs9_t *attributes;
 	/**
 	 * Trustchain, if signature valid
 	 */
 	auth_cfg_t *auth;
 };
 /**
 * ASN.1 definition of the PKCS#7 signedData type
 */
 static const asn1Object_t signedDataObjects[] = {
 	{ 0, "signedData",						ASN1_SEQUENCE,		ASN1_NONE }, /*  0 */
 	{ 1,   "version",						ASN1_INTEGER,		ASN1_BODY }, /*  1 */
 	{ 1,   "digestAlgorithms",				ASN1_SET,			ASN1_LOOP }, /*  2 */
 	{ 2,     "algorithm",					ASN1_EOC,			ASN1_RAW  }, /*  3 */
 	{ 1,   "end loop",						ASN1_EOC,			ASN1_END  }, /*  4 */
 	{ 1,   "contentInfo",					ASN1_EOC,			ASN1_RAW  }, /*  5 */
 	{ 1,   "certificates",					ASN1_CONTEXT_C_0,	ASN1_OPT |
 																ASN1_LOOP }, /*  6 */
 	{ 2,      "certificate",				ASN1_SEQUENCE,		ASN1_OBJ  }, /*  7 */
 	{ 1,   "end opt or loop",				ASN1_EOC,			ASN1_END  }, /*  8 */
 	{ 1,   "crls",							ASN1_CONTEXT_C_1,	ASN1_OPT |
 																ASN1_LOOP }, /*  9 */
 	{ 2,	    "crl",						ASN1_SEQUENCE,		ASN1_OBJ  }, /* 10 */
 	{ 1,   "end opt or loop",				ASN1_EOC,			ASN1_END  }, /* 11 */
 	{ 1,   "signerInfos",					ASN1_SET,			ASN1_LOOP }, /* 12 */
 	{ 2,     "signerInfo",					ASN1_SEQUENCE,		ASN1_NONE }, /* 13 */
 	{ 3,       "version",					ASN1_INTEGER,		ASN1_BODY }, /* 14 */
 	{ 3,       "issuerAndSerialNumber",		ASN1_SEQUENCE,		ASN1_BODY }, /* 15 */
 	{ 4,         "issuer",					ASN1_SEQUENCE,		ASN1_OBJ  }, /* 16 */
 	{ 4,         "serial",					ASN1_INTEGER,		ASN1_BODY }, /* 17 */
 	{ 3,       "digestAlgorithm",			ASN1_EOC,			ASN1_RAW  }, /* 18 */
 	{ 3,       "authenticatedAttributes",	ASN1_CONTEXT_C_0,	ASN1_OPT |
 																ASN1_OBJ  }, /* 19 */
 	{ 3,       "end opt",					ASN1_EOC,			ASN1_END  }, /* 20 */
 	{ 3,       "digestEncryptionAlgorithm",	ASN1_EOC,			ASN1_RAW  }, /* 21 */
 	{ 3,       "encryptedDigest",			ASN1_OCTET_STRING,	ASN1_BODY }, /* 22 */
 	{ 3,       "unauthenticatedAttributes", ASN1_CONTEXT_C_1,	ASN1_OPT  }, /* 23 */
 	{ 3,       "end opt",					ASN1_EOC,			ASN1_END  }, /* 24 */
 	{ 1,   "end loop",						ASN1_EOC,			ASN1_END  }, /* 25 */
 	{ 0, "exit",							ASN1_EOC,			ASN1_EXIT }
 };
 #define PKCS7_VERSION				 1
 #define PKCS7_DIGEST_ALG			 3
 #define PKCS7_CONTENT_INFO			 5
 #define PKCS7_CERT					 7
 #define PKCS7_SIGNER_INFO			13
 #define PKCS7_SIGNER_INFO_VERSION	14
 #define PKCS7_ISSUER				16
 #define PKCS7_SERIAL_NUMBER			17
 #define PKCS7_DIGEST_ALGORITHM		18
 #define PKCS7_AUTH_ATTRIBUTES		19
 #define PKCS7_DIGEST_ENC_ALGORITHM	21
 #define PKCS7_ENCRYPTED_DIGEST		22
 METHOD(container_t, get_type, container_type_t,
 	private_pkcs7_signed_data_t *this)
 {
 	return CONTAINER_PKCS7_SIGNED_DATA;
 }
 METHOD(container_t, create_signature_enumerator, enumerator_t*,
 	private_pkcs7_signed_data_t *this)
 {
 	if (this->auth)
 	{
 		return enumerator_create_single(this->auth, NULL);
 	}
 	return enumerator_create_empty();
 }
 METHOD(container_t, get_data, bool,
 	private_pkcs7_signed_data_t *this, chunk_t *data)
 {
 	if (this->content)
 	{
 		return this->content->get_data(this->content, data);
 	}
 	return FALSE;
 }
 METHOD(container_t, get_encoding, bool,
 	private_pkcs7_signed_data_t *this, chunk_t *data)
 {
 	*data = chunk_clone(this->encoding);
 	return TRUE;
 }
 METHOD(container_t, destroy, void,
 	private_pkcs7_signed_data_t *this)
 {
 	DESTROY_IF(this->auth);
 	DESTROY_IF(this->attributes);
 	DESTROY_IF(this->content);
 	free(this->encoding.ptr);
 	free(this);
 }
 /**
 * Create an empty PKCS#7 signed-data container.
 */
 static private_pkcs7_signed_data_t* create_empty()
 {
 	private_pkcs7_signed_data_t *this;
 	INIT(this,
 		.public = {
 			.container = {
 				.get_type = _get_type,
 				.create_signature_enumerator = _create_signature_enumerator,
 				.get_data = _get_data,
 				.get_encoding = _get_encoding,
 				.destroy = _destroy,
 			},
 		},
 	);
 	return this;
 }
 /**
 * Verify signature
 */
 static bool verify_signature(private_pkcs7_signed_data_t *this, int signerInfos,
 							 identification_t *serial, identification_t *issuer,
 							 chunk_t digest, int digest_alg, int enc_alg)
 {
 	signature_scheme_t scheme;
 	enumerator_t *enumerator;
 	certificate_t *cert;
 	public_key_t *key;
 	auth_cfg_t *auth;
 	chunk_t chunk;
 	scheme = signature_scheme_from_oid(digest_alg);
 	if (scheme == SIGN_UNKNOWN)
 	{
 		DBG1(DBG_LIB, "unsupported signature scheme");
 		return FALSE;
 	}
 	if (this->attributes == NULL)
 	{
 		DBG1(DBG_LIB, "no authenticatedAttributes object found");
 		return FALSE;
 	}
 	if (enc_alg != OID_RSA_ENCRYPTION)
 	{
 		DBG1(DBG_LIB, "only RSA digest encryption supported");
 		return FALSE;
 	}
 	if (signerInfos == 0)
 	{
 		DBG1(DBG_LIB, "no signerInfo object found");
 		return FALSE;
 	}
 	else if (signerInfos > 1)
 	{
 		DBG1(DBG_LIB, "more than one signerInfo object found");
 		return FALSE;
 	}
 	enumerator = lib->credmgr->create_trusted_enumerator(lib->credmgr,
 													KEY_RSA, serial, FALSE);
 	while (enumerator->enumerate(enumerator, &cert, &auth))
 	{
 		if (issuer->equals(issuer, cert->get_issuer(cert)))
 		{
 			key = cert->get_public_key(cert);
 			if (key)
 			{
 				chunk = this->attributes->get_encoding(this->attributes);
 				if (key->verify(key, scheme, chunk, digest))
 				{
 					this->auth = auth->clone(auth);
 					break;
 				}
 			}
 		}
 	}
 	enumerator->destroy(enumerator);
 	if (this->content)
 	{
 		hash_algorithm_t algorithm;
 		hasher_t *hasher;
 		chunk_t hash, content;
 		bool valid;
 		chunk = this->attributes->get_attribute(this->attributes,
 												OID_PKCS9_MESSAGE_DIGEST);
 		if (chunk.ptr == NULL)
 		{
 			DBG1(DBG_LIB, "messageDigest attribute not found");
 			return FALSE;
 		}
 		if (!this->content->get_data(this->content, &content))
 		{
 			return FALSE;
 		}
 		algorithm = hasher_algorithm_from_oid(digest_alg);
 		hasher = lib->crypto->create_hasher(lib->crypto, algorithm);
 		if (!hasher || !hasher->allocate_hash(hasher, content, &hash))
 		{
 			free(content.ptr);
 			DESTROY_IF(hasher);
 			DBG1(DBG_LIB, "hash algorithm %N not supported",
 				 hash_algorithm_names, algorithm);
 			return FALSE;
 		}
 		free(content.ptr);
 		hasher->destroy(hasher);
 		DBG3(DBG_LIB, "hash: %B", &hash);
 		valid = chunk_equals(chunk, hash);
 		free(hash.ptr);
 		if (valid)
 		{
 			DBG2(DBG_LIB, "messageDigest is valid");
 		}
 		else
 		{
 			DBG1(DBG_LIB, "invalid messageDigest");
 			return FALSE;
 		}
 	}
 	return TRUE;
 }
 /**
 * Parse PKCS#7 signed data
 */
 static bool parse(private_pkcs7_signed_data_t *this, chunk_t content)
 {
 	asn1_parser_t *parser;
 	identification_t *issuer = NULL, *serial = NULL;
 	chunk_t object, encrypted_digest = chunk_empty;
 	int objectID, version, digest_alg = OID_UNKNOWN, enc_alg = OID_UNKNOWN;
 	int signerInfos = 0;
 	bool success = FALSE;
 	mem_cred_t *creds;
 	creds = mem_cred_create();
 	parser = asn1_parser_create(signedDataObjects, content);
 	parser->set_top_level(parser, 0);
 	while (parser->iterate(parser, &objectID, &object))
 	{
 		u_int level = parser->get_level(parser);
 		switch (objectID)
 		{
 			case PKCS7_VERSION:
 				version = object.len ? (int)*object.ptr : 0;
 				DBG2(DBG_LIB, "  v%d", version);
 				break;
 			case PKCS7_DIGEST_ALG:
 				digest_alg = asn1_parse_algorithmIdentifier(object, level, NULL);
 				break;
 			case PKCS7_CONTENT_INFO:
 				this->content = lib->creds->create(lib->creds,
 										CRED_CONTAINER, CONTAINER_PKCS7,
 										BUILD_BLOB_ASN1_DER, object, BUILD_END);
 				break;
 			case PKCS7_CERT:
 			{
 				certificate_t *cert;
 				DBG2(DBG_LIB, "  parsing pkcs7-wrapped certificate");
 				cert = lib->creds->create(lib->creds,
 										  CRED_CERTIFICATE, CERT_X509,
 										  BUILD_BLOB_ASN1_DER, object,
 										  BUILD_END);
 				if (cert)
 				{
 					creds->add_cert(creds, FALSE, cert);
 				}
 				break;
 			}
 			case PKCS7_SIGNER_INFO:
 				signerInfos++;
 				break;
 			case PKCS7_SIGNER_INFO_VERSION:
 				version = object.len ? (int)*object.ptr : 0;
 				DBG2(DBG_LIB, "  v%d", version);
 				break;
 			case PKCS7_ISSUER:
 				if (!issuer)
 				{
 					issuer = identification_create_from_encoding(ID_DER_ASN1_DN,
 																 object);
 				}
 				break;
 			case PKCS7_SERIAL_NUMBER:
 				if (!serial)
 				{
 					serial = identification_create_from_encoding(ID_KEY_ID,
 																 object);
 				}
 				break;
 			case PKCS7_AUTH_ATTRIBUTES:
 				*object.ptr = ASN1_SET;
 				this->attributes = pkcs9_create_from_chunk(object, 1);
 				*object.ptr = ASN1_CONTEXT_C_0;
 				break;
 			case PKCS7_DIGEST_ALGORITHM:
 				digest_alg = asn1_parse_algorithmIdentifier(object, level, NULL);
 				break;
 			case PKCS7_DIGEST_ENC_ALGORITHM:
 				enc_alg = asn1_parse_algorithmIdentifier(object, level, NULL);
 				break;
 			case PKCS7_ENCRYPTED_DIGEST:
 				encrypted_digest = object;
 				break;
 		}
 	}
 	success = parser->success(parser);
 	parser->destroy(parser);
 	if (issuer)
 	{
 		if (serial)
 		{
 			if (success)
 			{
 				lib->credmgr->add_local_set(lib->credmgr, &creds->set, FALSE);
 				success = verify_signature(this, signerInfos, serial, issuer,
 										encrypted_digest, digest_alg, enc_alg);
 				lib->credmgr->remove_local_set(lib->credmgr, &creds->set);
 			}
 			serial->destroy(serial);
 		}
 		issuer->destroy(issuer);
 	}
 	creds->destroy(creds);
 	return success;
 }
 /**
 * See header.
 */
 pkcs7_t *pkcs7_signed_data_load(chunk_t encoding, chunk_t content)
 {
 	private_pkcs7_signed_data_t *this = create_empty();
 	this->encoding = chunk_clone(encoding);
 	if (!parse(this, content))
 	{
 		destroy(this);
 		return NULL;
 	}
 	return &this->public;
 }
--- a/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.h
+++ b/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.h
@ -0,0 +1,36 @@
 /*
 * Copyright (C) 2012 Martin Willi
 * Copyright (C) 2012 revosec AG
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */
 /**
 * @defgroup pkcs7_signed_data pkcs7_signed_data
 * @{ @ingroup pkcs7
 */
 #ifndef PKCS7_SIGNED_DATA_H_
 #define PKCS7_SIGNED_DATA_H_
 #include <credentials/builder.h>
 #include <credentials/containers/pkcs7.h>
 /**
 * Parse a PKCS#7 signed-data container.
 *
 * @param encoding	full contentInfo encoding
 * @param content	DER encoded content from contentInfo
 * @return			CONTAINER_PKCS7_SIGNED_DATA container, NULL on failure
 */
 pkcs7_t *pkcs7_signed_data_load(chunk_t encoding, chunk_t content);
 #endif /** PKCS7_SIGNED_DATA_H_ @}*/