• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /**
2  * \file pkcs7.h
3  *
4  * \brief PKCS #7 generic defines and structures
5  *  https://tools.ietf.org/html/rfc2315
6  */
7 /*
8  *  Copyright The Mbed TLS Contributors
9  *  SPDX-License-Identifier: Apache-2.0
10  *
11  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
12  *  not use this file except in compliance with the License.
13  *  You may obtain a copy of the License at
14  *
15  *  http://www.apache.org/licenses/LICENSE-2.0
16  *
17  *  Unless required by applicable law or agreed to in writing, software
18  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
19  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20  *  See the License for the specific language governing permissions and
21  *  limitations under the License.
22  */
23 
24 /**
25  * Note: For the time being, this implementation of the PKCS #7 cryptographic
26  * message syntax is a partial implementation of RFC 2315.
27  * Differences include:
28  *  - The RFC specifies 6 different content types. The only type currently
29  *    supported in Mbed TLS is the signed-data content type.
30  *  - The only supported PKCS #7 Signed Data syntax version is version 1
31  *  - The RFC specifies support for BER. This implementation is limited to
32  *    DER only.
33  *  - The RFC specifies that multiple digest algorithms can be specified
34  *    in the Signed Data type. Only one digest algorithm is supported in Mbed TLS.
35  *  - The RFC specifies the Signed Data type can contain multiple X.509 or PKCS #6 extended
36  *    certificates. In Mbed TLS, this list can only contain 0 or 1 certificates
37  *    and they must be in X.509 format.
38  *  - The RFC specifies the Signed Data type can contain
39  *    certificate-revocation lists (CRLs). This implementation has no support
40  *    for CRLs so it is assumed to be an empty list.
41  *  - The RFC allows for SignerInfo structure to optionally contain
42  *    unauthenticatedAttributes and authenticatedAttributes. In Mbed TLS it is
43  *    assumed these fields are empty.
44  *  - The RFC allows for the signed Data type to contain contentInfo. This
45  *    implementation assumes the type is DATA and the content is empty.
46  */
47 
48 #ifndef MBEDTLS_PKCS7_H
49 #define MBEDTLS_PKCS7_H
50 
51 #include "mbedtls/private_access.h"
52 
53 #include "mbedtls/build_info.h"
54 
55 #include "mbedtls/asn1.h"
56 #include "mbedtls/x509.h"
57 #include "mbedtls/x509_crt.h"
58 
59 /**
60  * \name PKCS #7 Module Error codes
61  * \{
62  */
63 #define MBEDTLS_ERR_PKCS7_INVALID_FORMAT                   -0x5300  /**< The format is invalid, e.g. different type expected. */
64 #define MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE              -0x5380  /**< Unavailable feature, e.g. anything other than signed data. */
65 #define MBEDTLS_ERR_PKCS7_INVALID_VERSION                  -0x5400  /**< The PKCS #7 version element is invalid or cannot be parsed. */
66 #define MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO             -0x5480  /**< The PKCS #7 content info is invalid or cannot be parsed. */
67 #define MBEDTLS_ERR_PKCS7_INVALID_ALG                      -0x5500  /**< The algorithm tag or value is invalid or cannot be parsed. */
68 #define MBEDTLS_ERR_PKCS7_INVALID_CERT                     -0x5580  /**< The certificate tag or value is invalid or cannot be parsed. */
69 #define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE                -0x5600  /**< Error parsing the signature */
70 #define MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO              -0x5680  /**< Error parsing the signer's info */
71 #define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA                   -0x5700  /**< Input invalid. */
72 #define MBEDTLS_ERR_PKCS7_ALLOC_FAILED                     -0x5780  /**< Allocation of memory failed. */
73 #define MBEDTLS_ERR_PKCS7_VERIFY_FAIL                      -0x5800  /**< Verification Failed */
74 #define MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID                -0x5880  /**< The PKCS #7 date issued/expired dates are invalid */
75 /* \} name */
76 
77 /**
78  * \name PKCS #7 Supported Version
79  * \{
80  */
81 #define MBEDTLS_PKCS7_SUPPORTED_VERSION                           0x01
82 /* \} name */
83 
84 #ifdef __cplusplus
85 extern "C" {
86 #endif
87 
88 /**
89  * Type-length-value structure that allows for ASN.1 using DER.
90  */
91 typedef mbedtls_asn1_buf mbedtls_pkcs7_buf;
92 
93 /**
94  * Container for ASN.1 named information objects.
95  * It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.).
96  */
97 typedef mbedtls_asn1_named_data mbedtls_pkcs7_name;
98 
99 /**
100  * Container for a sequence of ASN.1 items
101  */
102 typedef mbedtls_asn1_sequence mbedtls_pkcs7_sequence;
103 
104 /**
105  * PKCS #7 types
106  */
107 typedef enum {
108     MBEDTLS_PKCS7_NONE=0,
109     MBEDTLS_PKCS7_DATA,
110     MBEDTLS_PKCS7_SIGNED_DATA,
111     MBEDTLS_PKCS7_ENVELOPED_DATA,
112     MBEDTLS_PKCS7_SIGNED_AND_ENVELOPED_DATA,
113     MBEDTLS_PKCS7_DIGESTED_DATA,
114     MBEDTLS_PKCS7_ENCRYPTED_DATA,
115 }
116 mbedtls_pkcs7_type;
117 
118 /**
119  * Structure holding PKCS #7 signer info
120  */
121 typedef struct mbedtls_pkcs7_signer_info {
122     int MBEDTLS_PRIVATE(version);
123     mbedtls_x509_buf MBEDTLS_PRIVATE(serial);
124     mbedtls_x509_name MBEDTLS_PRIVATE(issuer);
125     mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw);
126     mbedtls_x509_buf MBEDTLS_PRIVATE(alg_identifier);
127     mbedtls_x509_buf MBEDTLS_PRIVATE(sig_alg_identifier);
128     mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
129     struct mbedtls_pkcs7_signer_info *MBEDTLS_PRIVATE(next);
130 }
131 mbedtls_pkcs7_signer_info;
132 
133 /**
134  * Structure holding the signed data section
135  */
136 typedef struct mbedtls_pkcs7_signed_data {
137     int MBEDTLS_PRIVATE(version);
138     mbedtls_pkcs7_buf MBEDTLS_PRIVATE(digest_alg_identifiers);
139     int MBEDTLS_PRIVATE(no_of_certs);
140     mbedtls_x509_crt MBEDTLS_PRIVATE(certs);
141     int MBEDTLS_PRIVATE(no_of_crls);
142     mbedtls_x509_crl MBEDTLS_PRIVATE(crl);
143     int MBEDTLS_PRIVATE(no_of_signers);
144     mbedtls_pkcs7_signer_info MBEDTLS_PRIVATE(signers);
145 }
146 mbedtls_pkcs7_signed_data;
147 
148 /**
149  * Structure holding PKCS #7 structure, only signed data for now
150  */
151 typedef struct mbedtls_pkcs7 {
152     mbedtls_pkcs7_buf MBEDTLS_PRIVATE(raw);
153     mbedtls_pkcs7_signed_data MBEDTLS_PRIVATE(signed_data);
154 }
155 mbedtls_pkcs7;
156 
157 /**
158  * \brief          Initialize mbedtls_pkcs7 structure.
159  *
160  * \param pkcs7    mbedtls_pkcs7 structure.
161  */
162 void mbedtls_pkcs7_init(mbedtls_pkcs7 *pkcs7);
163 
164 /**
165  * \brief          Parse a single DER formatted PKCS #7 detached signature.
166  *
167  * \param pkcs7    The mbedtls_pkcs7 structure to be filled by the parser.
168  * \param buf      The buffer holding only the DER encoded PKCS #7 content.
169  * \param buflen   The size in bytes of \p buf. The size must be exactly the
170  *                 length of the DER encoded PKCS #7 content.
171  *
172  * \note           This function makes an internal copy of the PKCS #7 buffer
173  *                 \p buf. In particular, \p buf may be destroyed or reused
174  *                 after this call returns.
175  * \note           Signatures with internal data are not supported.
176  *
177  * \return         The \c mbedtls_pkcs7_type of \p buf, if successful.
178  * \return         A negative error code on failure.
179  */
180 int mbedtls_pkcs7_parse_der(mbedtls_pkcs7 *pkcs7, const unsigned char *buf,
181                             const size_t buflen);
182 
183 /**
184  * \brief          Verification of PKCS #7 signature against a caller-supplied
185  *                 certificate.
186  *
187  *                 For each signer in the PKCS structure, this function computes
188  *                 a signature over the supplied data, using the supplied
189  *                 certificate and the same digest algorithm as specified by the
190  *                 signer. It then compares this signature against the
191  *                 signer's signature; verification succeeds if any comparison
192  *                 matches.
193  *
194  *                 This function does not use the certificates held within the
195  *                 PKCS #7 structure itself, and does not check that the
196  *                 certificate is signed by a trusted certification authority.
197  *
198  * \param pkcs7    mbedtls_pkcs7 structure containing signature.
199  * \param cert     Certificate containing key to verify signature.
200  * \param data     Plain data on which signature has to be verified.
201  * \param datalen  Length of the data.
202  *
203  * \note           This function internally calculates the hash on the supplied
204  *                 plain data for signature verification.
205  *
206  * \return         0 if the signature verifies, or a negative error code on failure.
207  */
208 int mbedtls_pkcs7_signed_data_verify(mbedtls_pkcs7 *pkcs7,
209                                      const mbedtls_x509_crt *cert,
210                                      const unsigned char *data,
211                                      size_t datalen);
212 
213 /**
214  * \brief          Verification of PKCS #7 signature against a caller-supplied
215  *                 certificate.
216  *
217  *                 For each signer in the PKCS structure, this function
218  *                 validates a signature over the supplied hash, using the
219  *                 supplied certificate and the same digest algorithm as
220  *                 specified by the signer. Verification succeeds if any
221  *                 signature is good.
222  *
223  *                 This function does not use the certificates held within the
224  *                 PKCS #7 structure itself, and does not check that the
225  *                 certificate is signed by a trusted certification authority.
226  *
227  * \param pkcs7    PKCS #7 structure containing signature.
228  * \param cert     Certificate containing key to verify signature.
229  * \param hash     Hash of the plain data on which signature has to be verified.
230  * \param hashlen  Length of the hash.
231  *
232  * \note           This function is different from mbedtls_pkcs7_signed_data_verify()
233  *                 in that it is directly passed the hash of the data.
234  *
235  * \return         0 if the signature verifies, or a negative error code on failure.
236  */
237 int mbedtls_pkcs7_signed_hash_verify(mbedtls_pkcs7 *pkcs7,
238                                      const mbedtls_x509_crt *cert,
239                                      const unsigned char *hash, size_t hashlen);
240 
241 /**
242  * \brief          Unallocate all PKCS #7 data and zeroize the memory.
243  *                 It doesn't free \p pkcs7 itself. This should be done by the caller.
244  *
245  * \param pkcs7    mbedtls_pkcs7 structure to free.
246  */
247 void mbedtls_pkcs7_free(mbedtls_pkcs7 *pkcs7);
248 
249 #ifdef __cplusplus
250 }
251 #endif
252 
253 #endif /* pkcs7.h */
254