1 /*
2 * Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
3 *
4 * Licensed under the Apache License, Version 2.0 (the License); you may
5 * not use this file except in compliance with the License.
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 */
9
10
11 #include <assert.h>
12 #include <stdio.h>
13 #include <string.h>
14 #include <stdlib.h>
15 #include <gmssl/asn1.h>
16 #include <gmssl/aes.h>
17 #include <gmssl/sm4.h>
18 #include <gmssl/sm3.h>
19 #include <gmssl/sm2.h>
20 #include <gmssl/digest.h>
21 #include <gmssl/error.h>
22 #include <gmssl/x509.h>
23 #include <gmssl/x509_str.h>
24 #include <gmssl/x509_alg.h>
25 #include <gmssl/x509_ext.h>
26 #include <gmssl/x509_crl.h>
27 #include <gmssl/rand.h>
28 #include <gmssl/pem.h>
29 #include <gmssl/cms.h>
30
31
32
33 static uint32_t oid_cms_data[] = { oid_sm2_cms,1 };
34 static uint32_t oid_cms_signed_data[] = { oid_sm2_cms,2 };
35 static uint32_t oid_cms_enveloped_data[] = { oid_sm2_cms,3 };
36 static uint32_t oid_cms_signed_and_enveloped_data[] = { oid_sm2_cms,4 };
37 static uint32_t oid_cms_encrypted_data[] = { oid_sm2_cms,5 };
38 static uint32_t oid_cms_key_agreement_info[] = { oid_sm2_cms,6 };
39 #define OID_CMS_CONUNT (sizeof(oid_cms_data)/sizeof(int))
40
41 static const ASN1_OID_INFO cms_content_types[] = {
42 { OID_cms_data, "data", oid_cms_data, OID_CMS_CONUNT },
43 { OID_cms_signed_data, "signedData", oid_cms_signed_data, OID_CMS_CONUNT },
44 { OID_cms_enveloped_data, "envelopedData", oid_cms_enveloped_data, OID_CMS_CONUNT },
45 { OID_cms_signed_and_enveloped_data, "signedAndEnvelopedData", oid_cms_signed_and_enveloped_data, OID_CMS_CONUNT },
46 { OID_cms_encrypted_data, "encryptedData", oid_cms_encrypted_data, OID_CMS_CONUNT },
47 { OID_cms_key_agreement_info, "keyAgreementInfo", oid_cms_key_agreement_info, OID_CMS_CONUNT }
48 };
49
50 static const size_t cms_content_types_count =
51 sizeof(cms_content_types)/sizeof(cms_content_types[0]);
52
cms_content_type_name(int oid)53 const char *cms_content_type_name(int oid)
54 {
55 const ASN1_OID_INFO *info;
56 if (!(info = asn1_oid_info_from_oid(cms_content_types, cms_content_types_count, oid))) {
57 error_print();
58 return NULL;
59 }
60 return info->name;
61 }
62
cms_content_type_from_name(const char * name)63 int cms_content_type_from_name(const char *name)
64 {
65 const ASN1_OID_INFO *info;
66 if (!(info = asn1_oid_info_from_name(cms_content_types, cms_content_types_count, name))) {
67 error_print();
68 return OID_undef;
69 }
70 return info->oid;
71 }
72
cms_content_type_to_der(int oid,uint8_t ** out,size_t * outlen)73 int cms_content_type_to_der(int oid, uint8_t **out, size_t *outlen)
74 {
75 const ASN1_OID_INFO *info;
76
77 if (oid == -1) {
78 return 0;
79 }
80 if (!(info = asn1_oid_info_from_oid(cms_content_types, cms_content_types_count, oid))) {
81 error_print();
82 return -1;
83 }
84 if (asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, out, outlen) != 1) {
85 error_print();
86 return -1;
87 }
88 return 1;
89 }
90
cms_content_type_from_der(int * oid,const uint8_t ** in,size_t * inlen)91 int cms_content_type_from_der(int *oid, const uint8_t **in, size_t *inlen)
92 {
93 int ret;
94 const ASN1_OID_INFO *info;
95
96 if ((ret = asn1_oid_info_from_der(&info, cms_content_types, cms_content_types_count, in, inlen)) != 1) {
97 if (ret < 0) error_print();
98 else *oid = -1;
99 return ret;
100 }
101 *oid = info->oid;
102 return 1;
103 }
104
105 /*
106 static int cms_content_info_data_header_to_der(size_t dlen, uint8_t **out, size_t *outlen)
107 {
108 uint8_t d[1];
109 size_t len = 0;
110 size_t content_len = 0;
111 if (asn1_octet_string_to_der(p, dlen, NULL, &content_len) != 1
112 || cms_content_type_to_der(OID_cms_data, out, outlen) != 1
113 || asn1_explicit_header_to_der(0, content_len, out, outlen) < 0
114 || asn1_octet_string_to_der(dlen, out, outlen) < 0) {
115 error_print();
116 return -1;
117 }
118 return 1;
119 }
120 */
121
cms_content_info_header_to_der(int content_type,size_t content_len,uint8_t ** out,size_t * outlen)122 int cms_content_info_header_to_der(int content_type, size_t content_len, uint8_t **out, size_t *outlen)
123 {
124 size_t len = content_len; // 注意:由于header_to_der没有输出数据,因此需要加上数据的长度,header length 才是正确的值
125 /*
126 if (content_type == OID_cms_data) {
127 return cms_content_info_data_header_to_der(content_len, out, outlen);
128 }
129 */
130
131 if (cms_content_type_to_der(content_type, NULL, &len) != 1
132 || asn1_explicit_header_to_der(0, content_len, NULL, &len) < 0
133 || asn1_sequence_header_to_der(len, out, outlen) != 1
134 || cms_content_type_to_der(content_type, out, outlen) != 1
135 || asn1_explicit_header_to_der(0, content_len, out, outlen) < 0) {
136 error_print();
137 return -1;
138 }
139 return 1;
140 }
141
cms_content_info_data_to_der(const uint8_t * d,size_t dlen,uint8_t ** out,size_t * outlen)142 static int cms_content_info_data_to_der(const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen)
143 {
144 size_t len = 0;
145 size_t content_len = 0;
146 if (asn1_octet_string_to_der(d, dlen, NULL, &content_len) != 1
147 || cms_content_type_to_der(OID_cms_data, NULL, &len) != 1
148 || asn1_explicit_to_der(0, d, content_len, NULL, &len) != 1
149 || asn1_sequence_header_to_der(len, out, outlen) != 1
150 || cms_content_type_to_der(OID_cms_data, out, outlen) != 1
151 || asn1_explicit_header_to_der(0, content_len, out, outlen) != 1
152 || asn1_octet_string_to_der(d, dlen, out, outlen) != 1) {
153 error_print();
154 return -1;
155 }
156 return 1;
157 }
158
cms_content_info_to_der(int content_type,const uint8_t * content,size_t content_len,uint8_t ** out,size_t * outlen)159 int cms_content_info_to_der(
160 int content_type, const uint8_t *content, size_t content_len,
161 uint8_t **out, size_t *outlen)
162 {
163 size_t len = 0;
164 if (content_type == OID_cms_data) {
165 return cms_content_info_data_to_der(content, content_len, out, outlen);
166 }
167 if (cms_content_type_to_der(content_type, NULL, &len) != 1
168 || asn1_explicit_to_der(0, content, content_len, NULL, &len) < 0
169 || asn1_sequence_header_to_der(len, out, outlen) != 1
170 || cms_content_type_to_der(content_type, out, outlen) != 1
171 || asn1_explicit_to_der(0, content, content_len, out, outlen) < 0) {
172 error_print();
173 return -1;
174 }
175 return 1;
176 }
177
cms_content_info_from_der(int * content_type,const uint8_t ** content,size_t * content_len,const uint8_t ** in,size_t * inlen)178 int cms_content_info_from_der(
179 int *content_type,
180 const uint8_t **content, size_t *content_len,
181 const uint8_t **in, size_t *inlen)
182 {
183 int ret;
184 const uint8_t *d;
185 size_t dlen;
186
187 if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) {
188 if (ret < 0) error_print();
189 return ret;
190 }
191 if (cms_content_type_from_der(content_type, &d, &dlen) != 1
192 || asn1_explicit_from_der(0, content, content_len, &d, &dlen) < 0
193 || asn1_length_is_zero(dlen) != 1) {
194 error_print();
195 return -1;
196 }
197 return 1;
198 }
199
cms_content_info_print(FILE * fp,int fmt,int ind,const char * label,const uint8_t * d,size_t dlen)200 int cms_content_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
201 {
202 int ret;
203 int content_type;
204 const uint8_t *content;
205 size_t content_len;
206 const uint8_t *p;
207 size_t len;
208
209 format_print(fp, fmt, ind, "%s\n", label);
210 ind += 4;
211
212 if (cms_content_type_from_der(&content_type, &d, &dlen) != 1) goto err;
213 format_print(fp, fmt, ind, "contentType: %s\n", cms_content_type_name(content_type));
214
215 /*
216 if (content_type == OID_cms_data) {
217 if (asn1_octet_string_from_der(&p, &len, &content, &content_len) != 1) goto err;
218 } else {
219 if (asn1_sequence_from_der(&p, &len, &content, &content_len) != 1) goto err;
220 }
221 */
222
223 //format_bytes(stderr, 0, 0, "content", d, dlen);
224
225 if ((ret = asn1_explicit_from_der(0, &content, &content_len, &d, &dlen)) < 0) { error_print(); goto err; }
226 if (ret == 0) { error_print(); goto err; }
227
228 if (content_type == OID_cms_data) {
229 if (asn1_octet_string_from_der(&p, &len, &content, &content_len) != 1
230 || asn1_length_is_zero(content_len) != 1) {
231 error_print();
232 return -1;
233 }
234 format_bytes(fp, fmt, ind, "content", p, len);
235 return 1;
236 }
237
238
239 if (asn1_sequence_from_der(&p, &len, &content, &content_len) != 1) { error_print(); goto err; }
240
241 switch (content_type) {
242 //case OID_cms_data: format_bytes(fp, fmt, ind, "content", p, len); break;
243 case OID_cms_signed_data: cms_signed_data_print(fp, fmt, ind, "content", p, len); break;
244 case OID_cms_enveloped_data: cms_enveloped_data_print(fp, fmt, ind, "content", p, len); break;
245 case OID_cms_signed_and_enveloped_data: cms_signed_and_enveloped_data_print(fp, fmt, ind, "content", p, len); break;
246 case OID_cms_encrypted_data: cms_encrypted_data_print(fp, fmt, ind, "content", p, len); break;
247 case OID_cms_key_agreement_info: cms_key_agreement_info_print(fp, fmt, ind, "content", p, len); break;
248 }
249 if (asn1_length_is_zero(content_len) != 1) goto err;
250
251
252 if (asn1_length_is_zero(dlen) != 1) goto err;
253 return 1;
254 err:
255 error_print();
256 return -1;
257 }
258
cms_enced_content_info_to_der(int content_type,int enc_algor,const uint8_t * enc_iv,size_t enc_iv_len,const uint8_t * enced_content,size_t enced_content_len,const uint8_t * shared_info1,size_t shared_info1_len,const uint8_t * shared_info2,size_t shared_info2_len,uint8_t ** out,size_t * outlen)259 int cms_enced_content_info_to_der(
260 int content_type,
261 int enc_algor, const uint8_t *enc_iv, size_t enc_iv_len,
262 const uint8_t *enced_content, size_t enced_content_len,
263 const uint8_t *shared_info1, size_t shared_info1_len,
264 const uint8_t *shared_info2, size_t shared_info2_len,
265 uint8_t **out, size_t *outlen)
266 {
267 size_t len = 0;
268 if (cms_content_type_to_der(content_type, NULL, &len) != 1
269 || x509_encryption_algor_to_der(enc_algor, enc_iv, enc_iv_len, NULL, &len) != 1
270 || asn1_implicit_octet_string_to_der(0, enced_content, enced_content_len, NULL, &len) < 0
271 || asn1_implicit_octet_string_to_der(1, shared_info1, shared_info1_len, NULL, &len) < 0
272 || asn1_implicit_octet_string_to_der(2, shared_info2, shared_info2_len, NULL, &len) < 0
273 || asn1_sequence_header_to_der(len, out, outlen) != 1
274 || cms_content_type_to_der(content_type, out, outlen) != 1
275 || x509_encryption_algor_to_der(enc_algor, enc_iv, enc_iv_len, out, outlen) != 1
276 || asn1_implicit_octet_string_to_der(0, enced_content, enced_content_len, out, outlen) < 0
277 || asn1_implicit_octet_string_to_der(1, shared_info1, shared_info1_len, out, outlen) < 0
278 || asn1_implicit_octet_string_to_der(2, shared_info2, shared_info2_len, out, outlen) < 0) {
279 error_print();
280 return -1;
281 }
282 return 1;
283 }
284
cms_enced_content_info_from_der(int * content_type,int * enc_algor,const uint8_t ** enc_iv,size_t * enc_iv_len,const uint8_t ** enced_content,size_t * enced_content_len,const uint8_t ** shared_info1,size_t * shared_info1_len,const uint8_t ** shared_info2,size_t * shared_info2_len,const uint8_t ** in,size_t * inlen)285 int cms_enced_content_info_from_der(
286 int *content_type,
287 int *enc_algor, const uint8_t **enc_iv, size_t *enc_iv_len,
288 const uint8_t **enced_content, size_t *enced_content_len,
289 const uint8_t **shared_info1, size_t *shared_info1_len,
290 const uint8_t **shared_info2, size_t *shared_info2_len,
291 const uint8_t **in, size_t *inlen)
292 {
293 int ret;
294 const uint8_t *d;
295 size_t dlen;
296
297 if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) {
298 if (ret < 0) error_print();
299 return ret;
300 }
301 if (cms_content_type_from_der(content_type, &d, &dlen) != 1
302 || x509_encryption_algor_from_der(enc_algor, enc_iv, enc_iv_len, &d, &dlen) != 1
303 || asn1_implicit_octet_string_from_der(0, enced_content, enced_content_len, &d, &dlen) < 0
304 || asn1_implicit_octet_string_from_der(1, shared_info1, shared_info1_len, &d, &dlen) < 0
305 || asn1_implicit_octet_string_from_der(2, shared_info2, shared_info2_len, &d, &dlen) < 0
306 || asn1_length_is_zero(dlen) != 1) {
307 error_print();
308 return -1;
309 }
310 return 1;
311 }
312
cms_enced_content_info_print(FILE * fp,int fmt,int ind,const char * label,const uint8_t * d,size_t dlen)313 int cms_enced_content_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
314 {
315 int ret, val;
316 const uint8_t *p;
317 size_t len;
318
319 format_print(fp, fmt, ind, "%s\n", label);
320 ind += 4;
321
322 if (cms_content_type_from_der(&val, &d, &dlen) != 1) goto err;
323 format_print(fp, fmt, ind, "contentType: %s\n", cms_content_type_name(val));
324 if (asn1_sequence_from_der(&p, &len, &d, &dlen) != 1) goto err;
325 x509_encryption_algor_print(fp, fmt, ind, "contentEncryptionAlgorithm", p, len);
326 if ((ret = asn1_implicit_octet_string_from_der(0, &p, &len, &d, &dlen)) < 0) goto err;
327 if (ret) format_bytes(fp, fmt, ind, "encryptedContent", p, len);
328 if ((ret = asn1_implicit_octet_string_from_der(1, &p, &len, &d, &dlen)) < 0) goto err;
329 if (ret) format_bytes(fp, fmt, ind, "sharedInfo1", p, len);
330 if ((ret = asn1_implicit_octet_string_from_der(2, &p, &len, &d, &dlen)) < 0) goto err;
331 if (ret) format_bytes(fp, fmt, ind, "sharedInfo2", p, len);
332 if (asn1_length_is_zero(dlen) != 1) goto err;
333 return 1;
334 err:
335 error_print();
336 return -1;
337 }
338
cms_enced_content_info_encrypt_to_der(int enc_algor,const uint8_t * key,size_t keylen,const uint8_t * iv,size_t ivlen,int content_type,const uint8_t * content,size_t content_len,const uint8_t * shared_info1,size_t shared_info1_len,const uint8_t * shared_info2,size_t shared_info2_len,uint8_t ** out,size_t * outlen)339 int cms_enced_content_info_encrypt_to_der(
340 int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
341 int content_type, const uint8_t *content, size_t content_len,
342 const uint8_t *shared_info1, size_t shared_info1_len,
343 const uint8_t *shared_info2, size_t shared_info2_len,
344 uint8_t **out, size_t *outlen)
345 {
346 int ret;
347 SM4_KEY sm4_key;
348 uint8_t enced_content[32 + content_len]; // FIXME: 如果content_len 过长,会直接导致segment fault
349 size_t enced_content_len = 100;
350
351 if (enc_algor != OID_sm4_cbc || keylen != 16 || ivlen != 16) {
352 error_print();
353 return -1;
354 }
355
356 sm4_set_encrypt_key(&sm4_key, key);
357 if (sm4_cbc_padding_encrypt(&sm4_key, iv, content, content_len,
358 enced_content, &enced_content_len) != 1) {
359 memset(&sm4_key, 0, sizeof(SM4_KEY));
360 error_print();
361 return -1;
362 }
363 memset(&sm4_key, 0, sizeof(SM4_KEY));
364
365 if ((ret = cms_enced_content_info_to_der(content_type,
366 enc_algor, iv, ivlen, enced_content, enced_content_len,
367 shared_info1, shared_info1_len,
368 shared_info2, shared_info2_len,
369 out, outlen)) != 1) {
370 if (ret < 0) error_print();
371 return ret;
372 }
373 return 1;
374 }
375
376 // 这个函数显然是有问题的,调用方根本不知道应该准备多大的buffer
377 // 应该为content_len 输出给一个maxlen 的最大buffer值
cms_enced_content_info_decrypt_from_der(int * enc_algor,const uint8_t * key,size_t keylen,int * content_type,uint8_t * content,size_t * content_len,const uint8_t ** shared_info1,size_t * shared_info1_len,const uint8_t ** shared_info2,size_t * shared_info2_len,const uint8_t ** in,size_t * inlen)378 int cms_enced_content_info_decrypt_from_der(
379 int *enc_algor, const uint8_t *key, size_t keylen,
380 int *content_type, uint8_t *content, size_t *content_len,
381 const uint8_t **shared_info1, size_t *shared_info1_len,// 支持可选null输出
382 const uint8_t **shared_info2, size_t *shared_info2_len,// 支持可选null输出
383 const uint8_t **in, size_t *inlen)
384 {
385 int ret;
386 SM4_KEY sm4_key;
387 const uint8_t *iv;
388 size_t ivlen;
389 const uint8_t *enced_content;
390 size_t enced_content_len;
391
392 if (cms_enced_content_info_from_der(content_type,
393 enc_algor, &iv, &ivlen, &enced_content, &enced_content_len,
394 shared_info1, shared_info1_len,
395 shared_info2, shared_info2_len,
396 in, inlen) != 1
397 || asn1_check(*enc_algor == OID_sm4_cbc) != 1
398 || asn1_check(ivlen == SM4_BLOCK_SIZE) != 1
399 || asn1_check(keylen == SM4_KEY_SIZE) != 1) {
400 error_print();
401 return -1;
402 }
403
404 sm4_set_decrypt_key(&sm4_key, key);
405 if (sm4_cbc_padding_decrypt(&sm4_key, iv, enced_content, enced_content_len,
406 content, content_len) != 1) {
407 memset(&sm4_key, 0, sizeof(SM4_KEY));
408 return -1;
409 }
410 memset(&sm4_key, 0, sizeof(SM4_KEY));
411
412 return 1;
413 }
414
cms_encrypted_data_to_der(int version,int content_type,int enc_algor,const uint8_t * iv,size_t ivlen,const uint8_t * enced_content,size_t enced_content_len,const uint8_t * shared_info1,size_t shared_info1_len,const uint8_t * shared_info2,size_t shared_info2_len,uint8_t ** out,size_t * outlen)415 int cms_encrypted_data_to_der(
416 int version,
417 int content_type,
418 int enc_algor, const uint8_t *iv, size_t ivlen,
419 const uint8_t *enced_content, size_t enced_content_len,
420 const uint8_t *shared_info1, size_t shared_info1_len,
421 const uint8_t *shared_info2, size_t shared_info2_len,
422 uint8_t **out, size_t *outlen)
423 {
424 size_t len = 0;
425 if (version != 1) {
426 error_print();
427 return -1;
428 }
429 if (asn1_int_to_der(version, NULL, &len) != 1
430 || cms_enced_content_info_to_der(
431 content_type,
432 enc_algor, iv, ivlen,
433 enced_content, enced_content_len,
434 shared_info1, shared_info1_len,
435 shared_info2, shared_info2_len,
436 NULL, &len) != 1
437 || asn1_sequence_header_to_der(len, out, outlen) != 1
438 || asn1_int_to_der(version, out, outlen) != 1
439 || cms_enced_content_info_to_der(
440 content_type,
441 enc_algor, iv, ivlen,
442 enced_content, enced_content_len,
443 shared_info1, shared_info1_len,
444 shared_info2, shared_info2_len,
445 NULL, &len) != 1) {
446 error_print();
447 return -1;
448 }
449 return 1;
450 }
451
cms_encrypted_data_from_der(int * version,int * content_type,int * enc_algor,const uint8_t ** iv,size_t * ivlen,const uint8_t ** enced_content,size_t * enced_content_len,const uint8_t ** shared_info1,size_t * shared_info1_len,const uint8_t ** shared_info2,size_t * shared_info2_len,const uint8_t ** in,size_t * inlen)452 int cms_encrypted_data_from_der(
453 int *version,
454 int *content_type,
455 int *enc_algor, const uint8_t **iv, size_t *ivlen,
456 const uint8_t **enced_content, size_t *enced_content_len,
457 const uint8_t **shared_info1, size_t *shared_info1_len,
458 const uint8_t **shared_info2, size_t *shared_info2_len,
459 const uint8_t **in, size_t *inlen)
460 {
461 int ret;
462 const uint8_t *d;
463 size_t dlen;
464
465 if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) {
466 if (ret < 0) error_print();
467 return ret;
468 }
469 if (asn1_int_from_der(version, &d, &dlen) != 1
470 || cms_enced_content_info_from_der(
471 content_type,
472 enc_algor, iv, ivlen,
473 enced_content, enced_content_len,
474 shared_info1, shared_info1_len,
475 shared_info2, shared_info2_len,
476 &d, &dlen) != 1
477 || asn1_length_is_zero(dlen) != 1) {
478 error_print();
479 return -1;
480 }
481 if (*version != 1) {
482 error_print();
483 return -1;
484 }
485 return 1;
486 }
487
cms_encrypted_data_print(FILE * fp,int fmt,int ind,const char * label,const uint8_t * d,size_t dlen)488 int cms_encrypted_data_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
489 {
490 int val;
491 const uint8_t *p;
492 size_t len;
493
494 format_print(fp, fmt, ind, "%s\n", label);
495 ind += 4;
496
497 if (asn1_int_from_der(&val, &d, &dlen) != 1) goto err;
498 format_print(fp, fmt, ind, "version: %d\n", val);
499 if (asn1_sequence_from_der(&p, &len, &d, &dlen) != 1) goto err;
500 cms_enced_content_info_print(fp, fmt, ind, "encryptedContentInfo", p, len);
501 if (asn1_length_is_zero(dlen) != 1) goto err;
502 return 1;
503 err:
504 error_print();
505 return -1;
506 }
507
cms_encrypted_data_encrypt_to_der(int enc_algor,const uint8_t * key,size_t keylen,const uint8_t * iv,size_t ivlen,int content_type,const uint8_t * content,size_t content_len,const uint8_t * shared_info1,size_t shared_info1_len,const uint8_t * shared_info2,size_t shared_info2_len,uint8_t ** out,size_t * outlen)508 int cms_encrypted_data_encrypt_to_der(
509 int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
510 int content_type, const uint8_t *content, size_t content_len,
511 const uint8_t *shared_info1, size_t shared_info1_len,
512 const uint8_t *shared_info2, size_t shared_info2_len,
513 uint8_t **out, size_t *outlen)
514 {
515 size_t len = 0;
516 if (asn1_int_to_der(CMS_version_v1, NULL, &len) != 1
517 || cms_enced_content_info_encrypt_to_der(
518 enc_algor, key, keylen, iv, ivlen,
519 content_type, content, content_len,
520 shared_info1, shared_info1_len,
521 shared_info2, shared_info2_len,
522 NULL, &len) != 1
523 || asn1_sequence_header_to_der(len, out, outlen) != 1
524 || asn1_int_to_der(CMS_version_v1, out, outlen) != 1
525 || cms_enced_content_info_encrypt_to_der(
526 enc_algor, key, keylen, iv, ivlen,
527 content_type, content, content_len,
528 shared_info1, shared_info1_len,
529 shared_info2, shared_info2_len,
530 out, outlen) != 1) {
531 error_print();
532 return -1;
533 }
534 return 1;
535 }
536
cms_encrypted_data_decrypt_from_der(int * enc_algor,const uint8_t * key,size_t keylen,int * content_type,uint8_t * content,size_t * content_len,const uint8_t ** shared_info1,size_t * shared_info1_len,const uint8_t ** shared_info2,size_t * shared_info2_len,const uint8_t ** in,size_t * inlen)537 int cms_encrypted_data_decrypt_from_der(
538 int *enc_algor, const uint8_t *key, size_t keylen,
539 int *content_type, uint8_t *content, size_t *content_len,
540 const uint8_t **shared_info1, size_t *shared_info1_len,
541 const uint8_t **shared_info2, size_t *shared_info2_len,
542 const uint8_t **in, size_t *inlen)
543 {
544 int ret, version;
545 const uint8_t *d;
546 size_t dlen;
547
548 if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) {
549 if (ret < 0) error_print();
550 return ret;
551 }
552 if (asn1_int_from_der(&version, &d, &dlen) != 1
553 || asn1_check(version == CMS_version_v1) != 1
554 || cms_enced_content_info_decrypt_from_der(
555 enc_algor, key, keylen,
556 content_type, content, content_len,
557 shared_info1, shared_info1_len,
558 shared_info2, shared_info2_len,
559 &d, &dlen) != 1
560 || asn1_length_is_zero(dlen) != 1) {
561 error_print();
562 return -1;
563 }
564 return 1;
565 }
566
cms_issuer_and_serial_number_to_der(const uint8_t * issuer,size_t issuer_len,const uint8_t * serial_number,size_t serial_number_len,uint8_t ** out,size_t * outlen)567 int cms_issuer_and_serial_number_to_der(
568 const uint8_t *issuer, size_t issuer_len,
569 const uint8_t *serial_number, size_t serial_number_len,
570 uint8_t **out, size_t *outlen)
571 {
572 size_t len = 0;
573 if (asn1_sequence_to_der(issuer, issuer_len, NULL, &len) != 1
574 || asn1_integer_to_der(serial_number, serial_number_len, NULL, &len) != 1
575 || asn1_sequence_header_to_der(len, out, outlen) != 1
576 || asn1_sequence_to_der(issuer, issuer_len, out, outlen) != 1
577 || asn1_integer_to_der(serial_number, serial_number_len, out, outlen) != 1) {
578 error_print();
579 return -1;
580 }
581 return 1;
582 }
583
cms_issuer_and_serial_number_from_der(const uint8_t ** issuer,size_t * issuer_len,const uint8_t ** serial_number,size_t * serial_number_len,const uint8_t ** in,size_t * inlen)584 int cms_issuer_and_serial_number_from_der(
585 const uint8_t **issuer, size_t *issuer_len,
586 const uint8_t **serial_number, size_t *serial_number_len,
587 const uint8_t **in, size_t *inlen)
588 {
589 int ret;
590 const uint8_t *d;
591 size_t dlen;
592
593 if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) {
594 if (ret < 0) error_print();
595 return ret;
596 }
597 if (asn1_sequence_from_der(issuer, issuer_len, &d, &dlen) != 1
598 || asn1_integer_from_der(serial_number, serial_number_len, &d, &dlen) != 1
599 || asn1_length_is_zero(dlen) != 1) {
600 error_print();
601 return -1;
602 }
603 return 1;
604 }
605
cms_issuer_and_serial_number_print(FILE * fp,int fmt,int ind,const char * label,const uint8_t * d,size_t dlen)606 int cms_issuer_and_serial_number_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
607 {
608 const uint8_t *p;
609 size_t len;
610
611 format_print(fp, fmt, ind, "%s\n", label);
612 ind += 4;
613
614 if (asn1_sequence_from_der(&p, &len, &d, &dlen) != 1) goto err;
615 x509_name_print(fp, fmt, ind, "issuer", p, len);
616 if (asn1_integer_from_der(&p, &len, &d, &dlen) != 1) goto err;
617 format_bytes(fp, fmt, ind, "serialNumber", p, len);
618 if (asn1_length_is_zero(dlen) != 1) goto err;
619 return 1;
620 err:
621 error_print();
622 return -1;
623 }
624
cms_signer_info_to_der(int version,const uint8_t * issuer,size_t issuer_len,const uint8_t * serial_number,size_t serial_number_len,int digest_algor,const uint8_t * authed_attrs,size_t authed_attrs_len,int signature_algor,const uint8_t * enced_digest,size_t enced_digest_len,const uint8_t * unauthed_attrs,size_t unauthed_attrs_len,uint8_t ** out,size_t * outlen)625 int cms_signer_info_to_der(
626 int version,
627 const uint8_t *issuer, size_t issuer_len,
628 const uint8_t *serial_number, size_t serial_number_len,
629 int digest_algor,
630 const uint8_t *authed_attrs, size_t authed_attrs_len,
631 int signature_algor,
632 const uint8_t *enced_digest, size_t enced_digest_len,
633 const uint8_t *unauthed_attrs, size_t unauthed_attrs_len,
634 uint8_t **out, size_t *outlen)
635 {
636 size_t len = 0;
637 if (version != 1) {
638 error_print();
639 return -1;
640 }
641
642 if (asn1_int_to_der(version, NULL, &len) != 1
643 || cms_issuer_and_serial_number_to_der(
644 issuer, issuer_len,
645 serial_number, serial_number_len, NULL, &len) != 1
646 || x509_digest_algor_to_der(digest_algor, NULL, &len) != 1
647 || asn1_implicit_set_to_der(0, authed_attrs, authed_attrs_len, NULL, &len) < 0
648 || x509_signature_algor_to_der(signature_algor, NULL, &len) != 1
649 || asn1_octet_string_to_der(enced_digest, enced_digest_len, NULL, &len) != 1
650 || asn1_implicit_set_to_der(1, unauthed_attrs, unauthed_attrs_len, NULL, &len) < 0
651 || asn1_sequence_header_to_der(len, out, outlen) != 1
652 || asn1_int_to_der(version, out, outlen) != 1
653 || cms_issuer_and_serial_number_to_der(
654 issuer, issuer_len,
655 serial_number, serial_number_len, out, outlen) != 1
656 || x509_digest_algor_to_der(digest_algor, out, outlen) != 1
657 || asn1_implicit_set_to_der(0, authed_attrs, authed_attrs_len, out, outlen) < 0
658 || x509_signature_algor_to_der(signature_algor, out, outlen) != 1
659 || asn1_octet_string_to_der(enced_digest, enced_digest_len, out, outlen) != 1
660 || asn1_implicit_set_to_der(1, unauthed_attrs, unauthed_attrs_len, out, outlen) < 0) {
661 error_print();
662 return -1;
663 }
664 return 1;
665 }
666
cms_signer_info_from_der(int * version,const uint8_t ** issuer,size_t * issuer_len,const uint8_t ** serial_number,size_t * serial_number_len,int * digest_algor,const uint8_t ** authed_attrs,size_t * authed_attrs_len,int * signature_algor,const uint8_t ** enced_digest,size_t * enced_digest_len,const uint8_t ** unauthed_attrs,size_t * unauthed_attrs_len,const uint8_t ** in,size_t * inlen)667 int cms_signer_info_from_der(
668 int *version,
669 const uint8_t **issuer, size_t *issuer_len,
670 const uint8_t **serial_number, size_t *serial_number_len,
671 int *digest_algor,
672 const uint8_t **authed_attrs, size_t *authed_attrs_len,
673 int *signature_algor,
674 const uint8_t **enced_digest, size_t *enced_digest_len,
675 const uint8_t **unauthed_attrs, size_t *unauthed_attrs_len,
676 const uint8_t **in, size_t *inlen)
677 {
678 int ret;
679 const uint8_t *d;
680 size_t dlen;
681
682 if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) {
683 if (ret < 0) error_print();
684 return ret;
685 }
686 if (asn1_int_from_der(version, &d, &dlen) != 1
687 || cms_issuer_and_serial_number_from_der(issuer, issuer_len,
688 serial_number, serial_number_len, &d, &dlen) != 1
689 || x509_digest_algor_from_der(digest_algor, &d, &dlen) != 1
690 || asn1_implicit_set_from_der(0, authed_attrs, authed_attrs_len, &d, &dlen) < 0
691 || x509_signature_algor_from_der(signature_algor, &d, &dlen) != 1
692 || asn1_octet_string_from_der(enced_digest, enced_digest_len, &d, &dlen) != 1
693 || asn1_implicit_set_from_der(1, unauthed_attrs, unauthed_attrs_len, &d, &dlen) < 0
694 || asn1_length_is_zero(dlen) != 1) {
695 error_print();
696 return -1;
697 }
698 return 1;
699 }
700
cms_signer_info_print(FILE * fp,int fmt,int ind,const char * label,const uint8_t * d,size_t dlen)701 int cms_signer_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
702 {
703 int ret, val;
704 const uint8_t *p;
705 size_t len;
706
707 format_print(fp, fmt, ind, "%s\n", label);
708 ind += 4;
709
710 if (asn1_int_from_der(&val, &d, &dlen) != 1) goto err;
711 format_print(fp, fmt, ind, "version: %d\n", val);
712 if (asn1_sequence_from_der(&p, &len, &d, &dlen) != 1) goto err;
713 cms_issuer_and_serial_number_print(fp, fmt, ind, "issuerAndSerialNumber", p, len);
714 if (x509_digest_algor_from_der(&val, &d, &dlen) != 1) goto err;
715 format_print(fp, fmt, ind, "digestAlgorithm: %s\n", x509_digest_algor_name(val));
716 if ((ret = asn1_implicit_set_from_der(0, &p, &len, &d, &dlen)) < 0) goto err;
717 if (ret) x509_attributes_print(fp, fmt, ind, "authenticatedAttributes", p, len);
718 if (x509_signature_algor_from_der(&val, &d, &dlen) != 1) goto err;
719 format_print(fp, fmt, ind, "digestEncryptionAlgorithm: %s\n", x509_signature_algor_name(val));
720 if (asn1_octet_string_from_der(&p, &len, &d, &dlen) != 1) goto err;
721 format_bytes(fp, fmt, ind, "encryptedDigest", p, len);
722 if ((ret = asn1_implicit_set_from_der(1, &p, &len, &d, &dlen)) < 0) goto err;
723 if (ret) x509_attributes_print(fp, fmt, ind, "unauthenticatedAttributes", p, len);
724 if (asn1_length_is_zero(dlen) != 1) goto err;
725 return 1;
726 err:
727 error_print();
728 return -1;
729 }
730
cms_signer_info_sign_to_der(const SM3_CTX * sm3_ctx,const SM2_KEY * sign_key,const uint8_t * issuer,size_t issuer_len,const uint8_t * serial_number,size_t serial_number_len,const uint8_t * authed_attrs,size_t authed_attrs_len,const uint8_t * unauthed_attrs,size_t unauthed_attrs_len,uint8_t ** out,size_t * outlen)731 int cms_signer_info_sign_to_der(
732 const SM3_CTX *sm3_ctx, const SM2_KEY *sign_key,
733 const uint8_t *issuer, size_t issuer_len,
734 const uint8_t *serial_number, size_t serial_number_len,
735 const uint8_t *authed_attrs, size_t authed_attrs_len,
736 const uint8_t *unauthed_attrs, size_t unauthed_attrs_len,
737 uint8_t **out, size_t *outlen)
738 {
739 SM3_CTX ctx = *sm3_ctx;
740 int fixed_outlen = 1;
741 uint8_t dgst[SM3_DIGEST_SIZE];
742 uint8_t sig[SM2_MAX_SIGNATURE_SIZE];
743 size_t siglen;
744
745 sm3_update(&ctx, authed_attrs, authed_attrs_len);
746 sm3_finish(&ctx, dgst);
747
748
749
750 if (sm2_sign_ex(sign_key, fixed_outlen, dgst, sig, &siglen) != 1) {
751 error_print();
752 return -1;
753 }
754 if (cms_signer_info_to_der(CMS_version_v1,
755 issuer, issuer_len, serial_number, serial_number_len,
756 OID_sm3, authed_attrs, authed_attrs_len,
757 OID_sm2sign_with_sm3, sig, siglen,
758 unauthed_attrs, unauthed_attrs_len, out, outlen) != 1) {
759 error_print();
760 return -1;
761 }
762 return 1;
763 }
764
cms_signer_info_verify_from_der(const SM3_CTX * ctx,const uint8_t * certs,size_t certslen,const uint8_t ** cert,size_t * certlen,const uint8_t ** issuer,size_t * issuer_len,const uint8_t ** serial,size_t * serial_len,const uint8_t ** authed_attrs,size_t * authed_attrs_len,const uint8_t ** unauthed_attrs,size_t * unauthed_attrs_len,const uint8_t ** in,size_t * inlen)765 int cms_signer_info_verify_from_der(
766 const SM3_CTX *ctx, const uint8_t *certs, size_t certslen,
767 const uint8_t **cert, size_t *certlen,
768 const uint8_t **issuer, size_t *issuer_len,
769 const uint8_t **serial, size_t *serial_len,
770 const uint8_t **authed_attrs, size_t *authed_attrs_len,
771 const uint8_t **unauthed_attrs, size_t *unauthed_attrs_len,
772 const uint8_t **in, size_t *inlen)
773 {
774 int version;
775 int digest_algor;
776 int signature_algor;
777 const uint8_t *sig;
778 size_t siglen;
779 SM2_KEY public_key;
780 SM3_CTX sm3_ctx = *ctx;
781 uint8_t dgst[32];
782
783 if (cms_signer_info_from_der(&version,
784 issuer, issuer_len,
785 serial, serial_len,
786 &digest_algor, authed_attrs, authed_attrs_len,
787 &signature_algor, &sig, &siglen,
788 unauthed_attrs, unauthed_attrs_len,
789 in, inlen) != 1
790 || asn1_check(version == CMS_version_v1) != 1
791 || asn1_check(digest_algor == OID_sm3) != 1
792 || asn1_check(signature_algor == OID_sm2sign_with_sm3) != 1) {
793 error_print();
794 return -1;
795 }
796 if (x509_certs_get_cert_by_issuer_and_serial_number(certs, certslen,
797 *issuer, *issuer_len, *serial, *serial_len, cert, certlen) != 1
798 || x509_cert_get_subject_public_key(*cert, *certlen, &public_key) != 1) {
799 error_print();
800 return -1;
801 }
802
803 sm3_update(&sm3_ctx, *authed_attrs, *authed_attrs_len);
804 sm3_finish(&sm3_ctx, dgst);
805
806 if (sm2_verify(&public_key, dgst, sig, siglen) != 1) {
807 error_print();
808 return -1;
809 }
810 return 1;
811 }
812
cms_signer_infos_add_signer_info(uint8_t * d,size_t * dlen,size_t maxlen,const SM3_CTX * sm3_ctx,const SM2_KEY * sign_key,const uint8_t * issuer,size_t issuer_len,const uint8_t * serial_number,size_t serial_number_len,const uint8_t * authed_attrs,size_t authed_attrs_len,const uint8_t * unauthed_attrs,size_t unauthed_attrs_len)813 int cms_signer_infos_add_signer_info(
814 uint8_t *d, size_t *dlen, size_t maxlen,
815 const SM3_CTX *sm3_ctx, const SM2_KEY *sign_key,
816 const uint8_t *issuer, size_t issuer_len,
817 const uint8_t *serial_number, size_t serial_number_len,
818 const uint8_t *authed_attrs, size_t authed_attrs_len,
819 const uint8_t *unauthed_attrs, size_t unauthed_attrs_len)
820 {
821 size_t len = *dlen;
822 d += *dlen;
823 if (cms_signer_info_sign_to_der(sm3_ctx, sign_key,
824 issuer, issuer_len, serial_number, serial_number_len,
825 authed_attrs, authed_attrs_len,
826 unauthed_attrs, unauthed_attrs_len,
827 NULL, &len) != 1
828 || asn1_length_le(len, maxlen) != 1
829 || cms_signer_info_sign_to_der(sm3_ctx, sign_key,
830 issuer, issuer_len, serial_number, serial_number_len,
831 authed_attrs, authed_attrs_len,
832 unauthed_attrs, unauthed_attrs_len,
833 &d, dlen) != 1) {
834 error_print();
835 return -1;
836 }
837 return 1;
838 }
839
cms_signer_infos_print(FILE * fp,int fmt,int ind,const char * label,const uint8_t * d,size_t dlen)840 int cms_signer_infos_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
841 {
842 const uint8_t *p;
843 size_t len;
844
845 format_print(fp, fmt, ind, "%s\n", label);
846 ind += 4;
847
848 while (dlen) {
849 if (asn1_sequence_from_der(&p, &len, &d, &dlen) != 1) {
850 error_print();
851 return -1;
852 }
853 cms_signer_info_print(fp, fmt, ind, "SignerInfo", p, len);
854 }
855 return 1;
856 }
857
cms_digest_algors_to_der(const int * digest_algors,size_t digest_algors_cnt,uint8_t ** out,size_t * outlen)858 int cms_digest_algors_to_der(const int *digest_algors, size_t digest_algors_cnt,
859 uint8_t **out, size_t *outlen)
860 {
861 size_t len = 0, i;
862 for (i = 0; i < digest_algors_cnt; i++) {
863 if (x509_digest_algor_to_der(digest_algors[i], NULL, &len) != 1) {
864 error_print();
865 return -1;
866 }
867 }
868 if (asn1_set_header_to_der(len, out, outlen) != 1) {
869 error_print();
870 return -1;
871 }
872 for (i = 0; i < digest_algors_cnt; i++) {
873 if (x509_digest_algor_to_der(digest_algors[i], out, outlen) != 1) {
874 error_print();
875 return -1;
876 }
877 }
878 return 1;
879 }
880
cms_digest_algors_from_der(int * digest_algors,size_t * digest_algors_cnt,size_t max_digest_algors,const uint8_t ** in,size_t * inlen)881 int cms_digest_algors_from_der(int *digest_algors, size_t *digest_algors_cnt, size_t max_digest_algors,
882 const uint8_t **in, size_t *inlen)
883 {
884 int ret;
885 const uint8_t *d;
886 size_t dlen;
887
888 if ((ret = asn1_set_from_der(&d, &dlen, in, inlen)) != 1) {
889 if (ret < 0) error_print();
890 return ret;
891 }
892
893 *digest_algors_cnt = 0;
894 while (dlen) {
895 if (*digest_algors_cnt > max_digest_algors) {
896 error_print();
897 return -1;
898 }
899 if (x509_digest_algor_from_der(digest_algors, &d, &dlen) != 1) {
900 error_print();
901 return -1;
902 }
903 digest_algors++;
904 (*digest_algors_cnt)++;
905 }
906 return 1;
907 }
908
cms_digest_algors_print(FILE * fp,int fmt,int ind,const char * label,const uint8_t * d,size_t dlen)909 int cms_digest_algors_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
910 {
911 int oid;
912
913 format_print(fp, fmt, ind, "%s\n", label);
914 ind += 4;
915
916 while (dlen) {
917 if (x509_digest_algor_from_der(&oid, &d, &dlen) != 1) {
918 error_print();
919 return -1;
920 }
921 format_print(fp, fmt, ind, "%s\n", x509_digest_algor_name(oid));
922 }
923 return 1;
924 }
925
cms_signed_data_to_der(int version,const int * digest_algors,size_t digest_algors_cnt,const int content_type,const uint8_t * content,const size_t content_len,const uint8_t * certs,size_t certs_len,const uint8_t * crls,const size_t crls_len,const uint8_t * signer_infos,size_t signer_infos_len,uint8_t ** out,size_t * outlen)926 int cms_signed_data_to_der(
927 int version,
928 const int *digest_algors, size_t digest_algors_cnt,
929 const int content_type, const uint8_t *content, const size_t content_len,
930 const uint8_t *certs, size_t certs_len,
931 const uint8_t *crls, const size_t crls_len,
932 const uint8_t *signer_infos, size_t signer_infos_len,
933 uint8_t **out, size_t *outlen)
934 {
935 size_t len = 0;
936 if (asn1_int_to_der(version, NULL, &len) != 1
937 || cms_digest_algors_to_der(digest_algors, digest_algors_cnt, NULL, &len) != 1
938 || cms_content_info_to_der(content_type, content, content_len, NULL, &len) != 1
939 || asn1_implicit_set_to_der(0, certs, certs_len, NULL, &len) < 0
940 || asn1_implicit_set_to_der(1, crls, crls_len, NULL, &len) < 0
941 || cms_signer_infos_to_der(signer_infos, signer_infos_len, NULL, &len) != 1
942 || asn1_sequence_header_to_der(len, out, outlen) != 1
943 || asn1_int_to_der(version, out, outlen) != 1
944 || cms_digest_algors_to_der(digest_algors, digest_algors_cnt, out, outlen) != 1
945 || cms_content_info_to_der(content_type, content, content_len, out, outlen) != 1
946 || asn1_implicit_set_to_der(0, certs, certs_len, out, outlen) < 0
947 || asn1_implicit_set_to_der(1, crls, crls_len, out, outlen) < 0
948 || cms_signer_infos_to_der(signer_infos, signer_infos_len, out, outlen) != 1) {
949 error_print();
950 return -1;
951 }
952 return 1;
953 }
954
cms_signed_data_from_der(int * version,int * digest_algors,size_t * digest_algors_cnt,size_t max_digest_algors,int * content_type,const uint8_t ** content,size_t * content_len,const uint8_t ** certs,size_t * certs_len,const uint8_t ** crls,size_t * crls_len,const uint8_t ** signer_infos,size_t * signer_infos_len,const uint8_t ** in,size_t * inlen)955 int cms_signed_data_from_der(
956 int *version,
957 int *digest_algors, size_t *digest_algors_cnt, size_t max_digest_algors,
958 int *content_type, const uint8_t **content, size_t *content_len,
959 const uint8_t **certs, size_t *certs_len,
960 const uint8_t **crls, size_t *crls_len,
961 const uint8_t **signer_infos, size_t *signer_infos_len,
962 const uint8_t **in, size_t *inlen)
963 {
964 int ret;
965 const uint8_t *d;
966 size_t dlen;
967
968 if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) {
969 if (ret < 0) error_print();
970 return ret;
971 }
972 if (asn1_int_from_der(version, &d, &dlen) != 1
973 || cms_digest_algors_from_der(digest_algors, digest_algors_cnt, max_digest_algors, &d, &dlen) != 1
974 || cms_content_info_from_der(content_type, content, content_len, &d, &dlen) != 1
975 || asn1_implicit_set_from_der(0, certs, certs_len, &d, &dlen) < 0
976 || asn1_implicit_set_from_der(1, crls, crls_len, &d, &dlen) < 0
977 || asn1_set_from_der(signer_infos, signer_infos_len, &d, &dlen) != 1
978 || asn1_length_is_zero(dlen) != 1) {
979 error_print();
980 return -1;
981 }
982 if (*version != CMS_version_v1) {
983 error_print();
984 return -1;
985 }
986 return 1;
987 }
988
cms_signed_data_print(FILE * fp,int fmt,int ind,const char * label,const uint8_t * d,size_t dlen)989 int cms_signed_data_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
990 {
991 int ret, val;
992 const uint8_t *p;
993 size_t len;
994
995 format_print(fp, fmt, ind, "%s\n", label);
996 ind += 4;
997
998 if (asn1_int_from_der(&val, &d, &dlen) != 1) goto err;
999 format_print(fp, fmt, ind, "version: %d\n", val);
1000 if (asn1_set_from_der(&p, &len, &d, &dlen) != 1) goto err;
1001 cms_digest_algors_print(fp, fmt, ind, "digestAlgorithms", p, len);
1002 if (asn1_sequence_from_der(&p, &len, &d, &dlen) != 1) goto err;
1003 cms_content_info_print(fp, fmt, ind, "contentInfo", p, len);
1004 if ((ret = asn1_implicit_set_from_der(0, &p, &len, &d, &dlen)) < 0) goto err;
1005 if (ret) x509_certs_print(fp, fmt, ind, "certificates", p, len);
1006 if ((ret = asn1_implicit_set_from_der(1, &p, &len, &d, &dlen)) < 0) goto err;
1007 if (asn1_set_from_der(&p, &len, &d, &dlen) != 1) goto err;
1008 cms_signer_infos_print(fp, fmt, ind, "signerInfos", p, len);
1009 if (asn1_length_is_zero(dlen) != 1) goto err;
1010 return 1;
1011 err:
1012 error_print();
1013 return -1;
1014 }
1015
cms_implicit_signers_certs_to_der(int index,const CMS_CERTS_AND_KEY * signers,size_t signers_cnt,uint8_t ** out,size_t * outlen)1016 static int cms_implicit_signers_certs_to_der(int index,
1017 const CMS_CERTS_AND_KEY *signers, size_t signers_cnt,
1018 uint8_t **out, size_t *outlen)
1019 {
1020 size_t i;
1021 size_t len = 0;
1022 for (i = 0; i < signers_cnt; i++) {
1023 if (asn1_data_to_der(signers[i].certs, signers[i].certs_len, NULL, &len) != 1) {
1024 error_print();
1025 return -1;
1026 }
1027 }
1028 if (asn1_implicit_header_to_der(index, len, out, outlen) != 1) {
1029 error_print();
1030 return -1;
1031 }
1032 for (i = 0; i < signers_cnt; i++) {
1033 if (asn1_data_to_der(signers[i].certs, signers[i].certs_len, out, outlen) != 1) {
1034 error_print();
1035 return -1;
1036 }
1037 }
1038 return 1;
1039 }
1040
cms_signed_data_sign_to_der(const CMS_CERTS_AND_KEY * signers,size_t signers_cnt,int content_type,const uint8_t * data,size_t datalen,const uint8_t * crls,size_t crls_len,uint8_t ** out,size_t * outlen)1041 int cms_signed_data_sign_to_der(
1042 const CMS_CERTS_AND_KEY *signers, size_t signers_cnt,
1043 int content_type, const uint8_t *data, size_t datalen,
1044 const uint8_t *crls, size_t crls_len,
1045 uint8_t **out, size_t *outlen)
1046 {
1047 int digest_algors[] = { OID_sm3 };
1048 size_t digest_algors_cnt = sizeof(digest_algors)/sizeof(int);
1049 uint8_t content_header[256];
1050 size_t content_header_len;
1051 const uint8_t *certs;
1052 size_t certs_len = 0;
1053 uint8_t signer_infos[512];
1054 size_t signer_infos_len = 0;
1055 SM3_CTX sm3_ctx;
1056 const uint8_t *issuer;
1057 size_t issuer_len;
1058 const uint8_t *serial;
1059 size_t serial_len;
1060 uint8_t *p;
1061 size_t len = 0;
1062 size_t i;
1063
1064
1065 // 当content_type == OID_cms_data 时,data是raw data,被封装为OCTET STRING编码输出
1066 // 而content_type为其他类型时,data均为TLV的DER数据
1067 // 在to_der/from_der 中已经处理,但是计算哈希值时也需要做处理
1068 p = content_header;
1069 content_header_len = 0;
1070 if (content_type == OID_cms_data) {
1071 size_t content_len = 0;
1072 if (asn1_octet_string_to_der(data, datalen, NULL, &content_len) != 1
1073 || cms_content_info_header_to_der(content_type, content_len, &p, &content_header_len) != 1
1074 || asn1_octet_string_header_to_der(datalen, &p, &content_header_len) != 1) {
1075 error_print();
1076 return -1;
1077 }
1078 } else {
1079 if (cms_content_info_header_to_der(content_type, datalen, &p, &content_header_len) != 1) {
1080 error_print();
1081 return -1;
1082 }
1083 }
1084
1085 sm3_init(&sm3_ctx);
1086 sm3_update(&sm3_ctx, content_header, content_header_len);
1087 sm3_update(&sm3_ctx, data, datalen);
1088
1089 for (i = 0; i < signers_cnt; i++) {
1090 if (x509_cert_get_issuer_and_serial_number(
1091 signers[i].certs, signers[i].certs_len,
1092 &issuer, &issuer_len, &serial, &serial_len) != 1
1093 || cms_signer_infos_add_signer_info(
1094 signer_infos, &signer_infos_len, sizeof(signer_infos),
1095 &sm3_ctx, signers->sign_key,
1096 issuer, issuer_len, serial, serial_len,
1097 NULL, 0, NULL, 0) != 1) {
1098 error_print();
1099 return -1;
1100 }
1101 }
1102
1103 if (asn1_int_to_der(CMS_version_v1, NULL, &len) != 1
1104 || cms_digest_algors_to_der(digest_algors, digest_algors_cnt, NULL, &len) != 1
1105 || cms_content_info_to_der(content_type, data, datalen, NULL, &len) != 1
1106 || cms_implicit_signers_certs_to_der(0, signers, signers_cnt, NULL, &len) < 0
1107 || asn1_implicit_set_to_der(1, crls, crls_len, NULL, &len) < 0
1108 || asn1_set_to_der(signer_infos, signer_infos_len, NULL, &len) != 1
1109 || asn1_sequence_header_to_der(len, out, outlen) != 1
1110 || asn1_int_to_der(CMS_version_v1, out, outlen) != 1
1111 || cms_digest_algors_to_der(digest_algors, digest_algors_cnt, out, outlen) != 1
1112 || cms_content_info_to_der(content_type, data, datalen, out, outlen) != 1
1113 || cms_implicit_signers_certs_to_der(0, signers, signers_cnt, out, outlen) < 0
1114 || asn1_implicit_set_to_der(1, crls, crls_len, out, outlen) < 0
1115 || asn1_set_to_der(signer_infos, signer_infos_len, out, outlen) != 1) {
1116 error_print();
1117 return -1;
1118 }
1119 return 1;
1120 }
1121
cms_signed_data_verify_from_der(const uint8_t * extra_certs,size_t extra_certs_len,const uint8_t * extra_crls,size_t extra_crls_len,int * content_type,const uint8_t ** content,size_t * content_len,const uint8_t ** certs,size_t * certs_len,const uint8_t ** crls,size_t * crls_len,const uint8_t ** psigner_infos,size_t * psigner_infos_len,const uint8_t ** in,size_t * inlen)1122 int cms_signed_data_verify_from_der(
1123 const uint8_t *extra_certs, size_t extra_certs_len,
1124 const uint8_t *extra_crls, size_t extra_crls_len,
1125 int *content_type, const uint8_t **content, size_t *content_len,
1126 const uint8_t **certs, size_t *certs_len,
1127 const uint8_t **crls, size_t *crls_len,
1128 const uint8_t **psigner_infos, size_t *psigner_infos_len,
1129 const uint8_t **in, size_t *inlen)
1130 {
1131 int version;
1132 int digest_algors[4];
1133 size_t digest_algors_cnt;
1134 SM3_CTX sm3_ctx;
1135 uint8_t content_info_header[128];
1136 size_t content_info_header_len;
1137 uint8_t *p = content_info_header;
1138 const uint8_t *signer_infos;
1139 size_t signer_infos_len;
1140
1141 if (cms_signed_data_from_der(
1142 &version,
1143 digest_algors, &digest_algors_cnt, sizeof(digest_algors)/sizeof(int),
1144 content_type, content, content_len,
1145 certs, certs_len,
1146 crls, crls_len,
1147 &signer_infos, &signer_infos_len,
1148 in, inlen) != 1
1149 || asn1_check(version == CMS_version_v1) != 1
1150 || asn1_check(digest_algors[0] == OID_sm3) != 1
1151 || asn1_check(digest_algors_cnt == 1) != 1) {
1152 error_print();
1153 return -1;
1154 }
1155 *psigner_infos = signer_infos;
1156 *psigner_infos_len = signer_infos_len;
1157
1158 content_info_header_len = 0;
1159 if (cms_content_info_header_to_der(*content_type, *content_len,
1160 &p, &content_info_header_len) != 1) {
1161 error_print();
1162 return -1;
1163 }
1164 sm3_init(&sm3_ctx);
1165
1166 sm3_update(&sm3_ctx, content_info_header, content_info_header_len);
1167 sm3_update(&sm3_ctx, *content, *content_len);
1168
1169 while (signer_infos_len) {
1170 const uint8_t *cert;
1171 size_t certlen;
1172 const uint8_t *issuer;
1173 size_t issuer_len;
1174 const uint8_t *serial;
1175 size_t serial_len;
1176 const uint8_t *authed_attrs;
1177 size_t authed_attrs_len;
1178 const uint8_t *unauthed_attrs;
1179 size_t unauthed_attrs_len;
1180
1181 if (cms_signer_info_verify_from_der(
1182 &sm3_ctx, *certs, *certs_len,
1183 &cert, &certlen,
1184 &issuer, &issuer_len,
1185 &serial, &serial_len,
1186 &authed_attrs, &authed_attrs_len,
1187 &unauthed_attrs, &unauthed_attrs_len,
1188 &signer_infos, &signer_infos_len) != 1) {
1189
1190 error_print();
1191 return -1;
1192 }
1193 }
1194 return 1;
1195 }
1196
cms_recipient_info_to_der(int version,const uint8_t * issuer,size_t issuer_len,const uint8_t * serial_number,size_t serial_number_len,int public_key_enc_algor,const uint8_t * enced_key,size_t enced_key_len,uint8_t ** out,size_t * outlen)1197 int cms_recipient_info_to_der(
1198 int version,
1199 const uint8_t *issuer, size_t issuer_len,
1200 const uint8_t *serial_number, size_t serial_number_len,
1201 int public_key_enc_algor,
1202 const uint8_t *enced_key, size_t enced_key_len,
1203 uint8_t **out, size_t *outlen)
1204 {
1205 size_t len = 0;
1206 if (version != 1) {
1207 error_print();
1208 return -1;
1209 }
1210 if (asn1_int_to_der(version, NULL, &len) != 1
1211 || cms_issuer_and_serial_number_to_der(issuer, issuer_len,
1212 serial_number, serial_number_len, NULL, &len) != 1
1213 || x509_public_key_encryption_algor_to_der(public_key_enc_algor, NULL, &len) != 1
1214 || asn1_octet_string_to_der(enced_key, enced_key_len, NULL, &len) != 1
1215 || asn1_sequence_header_to_der(len, out, outlen) != 1
1216 || asn1_int_to_der(version, out, outlen) != 1
1217 || cms_issuer_and_serial_number_to_der(issuer, issuer_len,
1218 serial_number, serial_number_len, out, outlen) != 1
1219 || x509_public_key_encryption_algor_to_der(public_key_enc_algor, out, outlen) != 1
1220 || asn1_octet_string_to_der(enced_key, enced_key_len, out, outlen) != 1) {
1221 error_print();
1222 return -1;
1223 }
1224 return 1;
1225 }
1226
cms_recipient_info_from_der(int * version,const uint8_t ** issuer,size_t * issuer_len,const uint8_t ** serial_number,size_t * serial_number_len,int * pke_algor,const uint8_t ** params,size_t * params_len,const uint8_t ** enced_key,size_t * enced_key_len,const uint8_t ** in,size_t * inlen)1227 int cms_recipient_info_from_der(
1228 int *version,
1229 const uint8_t **issuer, size_t *issuer_len,
1230 const uint8_t **serial_number, size_t *serial_number_len,
1231 int *pke_algor, const uint8_t **params, size_t *params_len,// SM2加密只使用SM3,没有默认参数,但是ECIES可能有
1232 const uint8_t **enced_key, size_t *enced_key_len,
1233 const uint8_t **in, size_t *inlen)
1234 {
1235 int ret;
1236 const uint8_t *d;
1237 size_t dlen;
1238
1239 if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) {
1240 if (ret < 0) error_print();
1241 return ret;
1242 }
1243 if (asn1_int_from_der(version, &d, &dlen) != 1
1244 || cms_issuer_and_serial_number_from_der(issuer, issuer_len,
1245 serial_number, serial_number_len, &d, &dlen) != 1
1246 || x509_public_key_encryption_algor_from_der(pke_algor, params, params_len, &d, &dlen) != 1
1247 || asn1_octet_string_from_der(enced_key, enced_key_len, &d, &dlen) != 1
1248 // || asn1_length_is_zero(dlen) != 1
1249 ) {
1250 error_print();
1251 return -1;
1252 }
1253 if (*version != 1) {
1254 error_print();
1255 return -1;
1256 }
1257 if (*pke_algor != OID_sm2encrypt) {
1258 error_print();
1259 return -1;
1260 }
1261 if (*params || *params_len) {
1262 error_print();
1263 return -1;
1264 }
1265 return 1;
1266 }
1267
cms_recipient_info_print(FILE * fp,int fmt,int ind,const char * label,const uint8_t * d,size_t dlen)1268 int cms_recipient_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
1269 {
1270 int val;
1271 const uint8_t *p;
1272 size_t len;
1273
1274 format_print(fp, fmt, ind, "%s\n", label);
1275 ind += 4;
1276
1277 if (asn1_int_from_der(&val, &d, &dlen) != 1) goto err;
1278 format_print(fp, fmt, ind, "version: %d\n", val);
1279 if (asn1_sequence_from_der(&p, &len, &d, &dlen) != 1) goto err;
1280 cms_issuer_and_serial_number_print(fp, fmt, ind, "issuerAndSerialNumber", p, len);
1281 if (asn1_sequence_from_der(&p, &len, &d, &dlen) != 1) goto err;
1282 x509_public_key_encryption_algor_print(fp, fmt, ind, "keyEncryptionAlgorithm", p, len);
1283 if (asn1_octet_string_from_der(&p, &len, &d, &dlen) != 1) goto err;
1284 format_bytes(fp, fmt, ind, "encryptedKey", p, len);
1285 if (asn1_length_is_zero(dlen) != 1) goto err;
1286 return 1;
1287 err:
1288 error_print();
1289 return -1;
1290 }
1291
cms_recipient_info_encrypt_to_der(const SM2_KEY * public_key,const uint8_t * issuer,size_t issuer_len,const uint8_t * serial_number,size_t serial_number_len,const uint8_t * in,size_t inlen,uint8_t ** out,size_t * outlen)1292 int cms_recipient_info_encrypt_to_der(
1293 const SM2_KEY *public_key,
1294 const uint8_t *issuer, size_t issuer_len,
1295 const uint8_t *serial_number, size_t serial_number_len,
1296 const uint8_t *in, size_t inlen,
1297 uint8_t **out, size_t *outlen)
1298 {
1299 int pke_algor = OID_sm2encrypt;
1300 uint8_t enced_key[SM2_MAX_CIPHERTEXT_SIZE];
1301 size_t enced_key_len;
1302 int fixed_outlen = 1;
1303
1304 if (pke_algor != OID_sm2encrypt) {
1305 error_print();
1306 return -1;
1307 }
1308
1309 if (sm2_encrypt_ex(public_key, fixed_outlen, in, inlen, enced_key, &enced_key_len) != 1) {
1310 error_print();
1311 return -1;
1312 }
1313 if (cms_recipient_info_to_der(CMS_version_v1,
1314 issuer, issuer_len, serial_number, serial_number_len,
1315 pke_algor, enced_key, enced_key_len,
1316 out, outlen) != 1) {
1317 error_print();
1318 return -1;
1319 }
1320 return 1;
1321 }
1322
cms_recipient_info_decrypt_from_der(const SM2_KEY * sm2_key,const uint8_t * rcpt_issuer,size_t rcpt_issuer_len,const uint8_t * rcpt_serial,size_t rcpt_serial_len,uint8_t * out,size_t * outlen,size_t maxlen,const uint8_t ** in,size_t * inlen)1323 int cms_recipient_info_decrypt_from_der(
1324 const SM2_KEY *sm2_key,
1325 const uint8_t *rcpt_issuer, size_t rcpt_issuer_len,
1326 const uint8_t *rcpt_serial, size_t rcpt_serial_len,
1327 uint8_t *out, size_t *outlen, size_t maxlen,
1328 const uint8_t **in, size_t *inlen)
1329 {
1330 int ret;
1331 int version;
1332 int pke_algor;
1333 const uint8_t *params;
1334 size_t params_len;
1335 const uint8_t *enced_key;
1336 size_t enced_key_len;
1337 const uint8_t *issuer;
1338 size_t issuer_len;
1339 const uint8_t *serial;
1340 size_t serial_len;
1341 uint8_t outbuf[SM2_MAX_PLAINTEXT_SIZE];
1342
1343 if (cms_recipient_info_from_der(&version,
1344 &issuer, &issuer_len, &serial, &serial_len,
1345 &pke_algor, ¶ms, ¶ms_len,
1346 &enced_key, &enced_key_len,
1347 in, inlen) != 1) {
1348 error_print();
1349 return -1;
1350 }
1351 if (issuer_len != rcpt_issuer_len
1352 || memcmp(issuer, rcpt_issuer, rcpt_issuer_len) != 0
1353 || serial_len != rcpt_serial_len
1354 || memcmp(serial, rcpt_serial, serial_len) != 0) {
1355 error_print();
1356 return 0;
1357 }
1358 if (pke_algor != OID_sm2encrypt || params || params_len) {
1359 error_print();
1360 return -1;
1361 }
1362 if (sm2_decrypt(sm2_key, enced_key, enced_key_len, outbuf, outlen) != 1) {
1363 error_print();
1364 return -1;
1365 }
1366 if (maxlen < *outlen) {
1367 error_print();
1368 return -1;
1369 }
1370 memcpy(out, outbuf, *outlen);
1371 return 1;
1372 }
1373
cms_recipient_infos_add_recipient_info(uint8_t * d,size_t * dlen,size_t maxlen,const SM2_KEY * public_key,const uint8_t * issuer,size_t issuer_len,const uint8_t * serial,size_t serial_len,const uint8_t * in,size_t inlen)1374 int cms_recipient_infos_add_recipient_info(
1375 uint8_t *d, size_t *dlen, size_t maxlen,
1376 const SM2_KEY *public_key,
1377 const uint8_t *issuer, size_t issuer_len,
1378 const uint8_t *serial, size_t serial_len,
1379 const uint8_t *in, size_t inlen)
1380 {
1381 size_t len = *dlen;
1382 d += *dlen;
1383
1384 if (cms_recipient_info_encrypt_to_der(
1385 public_key,
1386 issuer, issuer_len,
1387 serial, serial_len,
1388 in, inlen,
1389 NULL, &len) != 1
1390 || asn1_length_le(len, maxlen) != 1
1391 || cms_recipient_info_encrypt_to_der(
1392 public_key,
1393 issuer, issuer_len,
1394 serial, serial_len,
1395 in, inlen,
1396 &d, dlen) != 1) {
1397 error_print();
1398 return -1;
1399 }
1400 return 1;
1401 }
1402
cms_recipient_infos_print(FILE * fp,int fmt,int ind,const char * label,const uint8_t * d,size_t dlen)1403 int cms_recipient_infos_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
1404 {
1405 const uint8_t *p;
1406 size_t len;
1407
1408 format_print(fp, fmt, ind, "%s\n", label);
1409 ind += 4;
1410
1411 while (dlen) {
1412 if (asn1_sequence_from_der(&p, &len, &d, &dlen) != 1) {
1413 error_print();
1414 return -1;
1415 }
1416 cms_recipient_info_print(fp, fmt, ind, "RecipientInfo", p, len);
1417 }
1418 return 1;
1419 }
1420
cms_enveloped_data_to_der(int version,const uint8_t * rcpt_infos,size_t rcpt_infos_len,int content_type,int enc_algor,const uint8_t * iv,size_t ivlen,const uint8_t * enced_content,size_t enced_content_len,const uint8_t * shared_info1,size_t shared_info1_len,const uint8_t * shared_info2,size_t shared_info2_len,uint8_t ** out,size_t * outlen)1421 int cms_enveloped_data_to_der(
1422 int version,
1423 const uint8_t *rcpt_infos, size_t rcpt_infos_len,
1424 int content_type,
1425 int enc_algor, const uint8_t *iv, size_t ivlen,
1426 const uint8_t *enced_content, size_t enced_content_len,
1427 const uint8_t *shared_info1, size_t shared_info1_len,
1428 const uint8_t *shared_info2, size_t shared_info2_len,
1429 uint8_t **out, size_t *outlen)
1430 {
1431 size_t len = 0;
1432 if (asn1_int_to_der(version, NULL, &len) != 1
1433 || asn1_set_to_der(rcpt_infos, rcpt_infos_len, NULL, &len) != 1
1434 || cms_enced_content_info_to_der(content_type,
1435 enc_algor, iv, ivlen,
1436 enced_content, enced_content_len,
1437 shared_info1, shared_info1_len,
1438 shared_info2, shared_info2_len,
1439 NULL, &len) != 1
1440 || asn1_sequence_header_to_der(len, out, outlen) != 1
1441 || asn1_int_to_der(version, out, outlen) != 1
1442 || asn1_set_to_der(rcpt_infos, rcpt_infos_len, out, outlen) != 1
1443 || cms_enced_content_info_to_der(content_type,
1444 enc_algor, iv, ivlen,
1445 enced_content, enced_content_len,
1446 shared_info1, shared_info1_len,
1447 shared_info2, shared_info2_len,
1448 out, outlen) != 1) {
1449 error_print();
1450 return -1;
1451 }
1452 return 1;
1453 }
1454
cms_enveloped_data_from_der(int * version,const uint8_t ** rcpt_infos,size_t * rcpt_infos_len,const uint8_t ** enced_content_info,size_t * enced_content_info_len,const uint8_t ** in,size_t * inlen)1455 int cms_enveloped_data_from_der(
1456 int *version,
1457 const uint8_t **rcpt_infos, size_t *rcpt_infos_len,
1458 const uint8_t **enced_content_info, size_t *enced_content_info_len,
1459 const uint8_t **in, size_t *inlen)
1460 {
1461 int ret;
1462 const uint8_t *d;
1463 size_t dlen;
1464
1465 if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) {
1466 if (ret < 0) error_print();
1467 return ret;
1468 }
1469 if (asn1_int_from_der(version, &d, &dlen) != 1
1470 || asn1_set_from_der(rcpt_infos, rcpt_infos_len, &d, &dlen) != 1
1471 || asn1_any_from_der(enced_content_info, enced_content_info_len, &d, &dlen) != 1
1472 || asn1_length_is_zero(dlen) != 1) {
1473 error_print();
1474 return -1;
1475 }
1476 return 1;
1477 }
1478
cms_enveloped_data_print(FILE * fp,int fmt,int ind,const char * label,const uint8_t * d,size_t dlen)1479 int cms_enveloped_data_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
1480 {
1481 int ret, val;
1482 const uint8_t *p;
1483 size_t len;
1484
1485 format_print(fp, fmt, ind, "%s\n", label);
1486 ind += 4;
1487
1488 if (asn1_int_from_der(&val, &d, &dlen) != 1) goto err;
1489 format_print(fp, fmt, ind, "version: %d\n", val);
1490 if (asn1_set_from_der(&p, &len, &d, &dlen) != 1) goto err;
1491 cms_recipient_infos_print(fp, fmt, ind, "recipientInfos", p, len);
1492 if (asn1_sequence_from_der(&p, &len, &d, &dlen) != 1) goto err;
1493 cms_enced_content_info_print(fp, fmt, ind, "encryptedContentInfo", p, len);
1494 if (asn1_length_is_zero(dlen) != 1) goto err;
1495 return 1;
1496 err:
1497 error_print();
1498 return -1;
1499 }
1500
cms_enveloped_data_encrypt_to_der(const uint8_t * rcpt_certs,size_t rcpt_certs_len,int enc_algor,const uint8_t * key,size_t keylen,const uint8_t * iv,size_t ivlen,int content_type,const uint8_t * content,size_t content_len,const uint8_t * shared_info1,size_t shared_info1_len,const uint8_t * shared_info2,size_t shared_info2_len,uint8_t ** out,size_t * outlen)1501 int cms_enveloped_data_encrypt_to_der(
1502 const uint8_t *rcpt_certs, size_t rcpt_certs_len,
1503 int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
1504 int content_type, const uint8_t *content, size_t content_len,
1505 const uint8_t *shared_info1, size_t shared_info1_len,
1506 const uint8_t *shared_info2, size_t shared_info2_len,
1507 uint8_t **out, size_t *outlen)
1508 {
1509 uint8_t rcpt_infos[1024]; // 到底需要多大?
1510 size_t rcpt_infos_len = 0;
1511 uint8_t *p = rcpt_infos;
1512 size_t len = 0;
1513
1514 while (rcpt_certs_len) {
1515 const uint8_t *cert;
1516 size_t certlen;
1517 SM2_KEY public_key;
1518 const uint8_t *issuer;
1519 size_t issuer_len;
1520 const uint8_t *serial;
1521 size_t serial_len;
1522
1523 if (asn1_any_from_der(&cert, &certlen, &rcpt_certs, &rcpt_certs_len) != 1
1524 || x509_cert_get_issuer_and_serial_number(cert, certlen,
1525 &issuer, &issuer_len, &serial, &serial_len) != 1
1526 || x509_cert_get_subject_public_key(cert, certlen, &public_key) != 1) {
1527 error_print();
1528 return -1;
1529 }
1530 if (cms_recipient_info_encrypt_to_der(&public_key,
1531 issuer, issuer_len, serial, serial_len,
1532 key, keylen, NULL, &len) != 1
1533 || asn1_length_le(len, sizeof(rcpt_infos)) != 1
1534 || cms_recipient_info_encrypt_to_der(&public_key,
1535 issuer, issuer_len, serial, serial_len,
1536 key, keylen, &p, &rcpt_infos_len) != 1) {
1537 error_print();
1538 return -1;
1539 }
1540 }
1541 len = 0;
1542 if (asn1_int_to_der(CMS_version_v1, NULL, &len) != 1
1543 || asn1_set_to_der(rcpt_infos, rcpt_infos_len, NULL, &len) != 1
1544 || cms_enced_content_info_encrypt_to_der(
1545 enc_algor, key, keylen, iv, ivlen,
1546 content_type, content, content_len,
1547 shared_info1, shared_info1_len,
1548 shared_info2, shared_info2_len,
1549 NULL, &len) != 1
1550 || asn1_sequence_header_to_der(len, out, outlen) != 1
1551 || asn1_int_to_der(CMS_version_v1, out, outlen) != 1
1552 || asn1_set_to_der(rcpt_infos, rcpt_infos_len, out, outlen) != 1
1553 || cms_enced_content_info_encrypt_to_der(
1554 enc_algor, key, keylen, iv, ivlen,
1555 content_type, content, content_len,
1556 shared_info1, shared_info1_len,
1557 shared_info2, shared_info2_len,
1558 out, outlen) != 1) {
1559 error_print();
1560 return -1;
1561 }
1562 return 1;
1563 }
1564
cms_enveloped_data_decrypt_from_der(const SM2_KEY * sm2_key,const uint8_t * issuer,size_t issuer_len,const uint8_t * serial,size_t serial_len,int * content_type,uint8_t * content,size_t * content_len,const uint8_t ** recipient_infos,size_t * recipient_infos_len,const uint8_t ** shared_info1,size_t * shared_info1_len,const uint8_t ** shared_info2,size_t * shared_info2_len,const uint8_t ** in,size_t * inlen)1565 int cms_enveloped_data_decrypt_from_der(
1566 const SM2_KEY *sm2_key,
1567 const uint8_t *issuer, size_t issuer_len,
1568 const uint8_t *serial, size_t serial_len,
1569 int *content_type, uint8_t *content, size_t *content_len,
1570 const uint8_t **recipient_infos, size_t *recipient_infos_len,
1571 const uint8_t **shared_info1, size_t *shared_info1_len,
1572 const uint8_t **shared_info2, size_t *shared_info2_len,
1573 const uint8_t **in, size_t *inlen)
1574 {
1575 int ret;
1576 int version;
1577 const uint8_t *rcpt_infos;
1578 size_t rcpt_infos_len;
1579 const uint8_t *enced_content_info;
1580 size_t enced_content_info_len;
1581 int enc_algor;
1582 uint8_t key[32];
1583 size_t keylen;
1584
1585 if (cms_enveloped_data_from_der(
1586 &version, &rcpt_infos, &rcpt_infos_len,
1587 &enced_content_info, &enced_content_info_len,
1588 in, inlen) != 1
1589 || asn1_check(version == CMS_version_v1) != 1) {
1590 return ret;
1591 }
1592 *recipient_infos = rcpt_infos;
1593 *recipient_infos_len = rcpt_infos_len;
1594
1595 while (rcpt_infos_len) {
1596 if ((ret = cms_recipient_info_decrypt_from_der(
1597 sm2_key,
1598 issuer, issuer_len,
1599 serial, serial_len,
1600 key, &keylen, sizeof(key),
1601 &rcpt_infos, &rcpt_infos_len)) < 0) {
1602 error_print();
1603 return -1;
1604 } else if (ret) {
1605 break;
1606 }
1607 }
1608 if (!ret) {
1609 error_print();
1610 return -1;
1611 }
1612
1613 if (cms_enced_content_info_decrypt_from_der(
1614 &enc_algor, key, keylen,
1615 content_type, content, content_len,
1616 shared_info1, shared_info1_len,
1617 shared_info2, shared_info2_len,
1618 &enced_content_info, &enced_content_info_len) != 1) {
1619 error_print();
1620 return -1;
1621 }
1622 return 1;
1623 }
1624
cms_signed_and_enveloped_data_to_der(int version,const uint8_t * rcpt_infos,size_t rcpt_infos_len,const int * digest_algors,size_t digest_algors_cnt,int content_type,int enc_algor,const uint8_t * iv,size_t ivlen,const uint8_t * enced_content,size_t enced_content_len,const uint8_t * shared_info1,size_t shared_info1_len,const uint8_t * shared_info2,size_t shared_info2_len,const uint8_t * certs,size_t certs_len,const uint8_t * crls,size_t crls_len,const uint8_t * signer_infos,size_t signer_infos_len,uint8_t ** out,size_t * outlen)1625 int cms_signed_and_enveloped_data_to_der(
1626 int version,
1627 const uint8_t *rcpt_infos, size_t rcpt_infos_len,
1628 const int *digest_algors, size_t digest_algors_cnt,
1629 int content_type,
1630 int enc_algor, const uint8_t *iv, size_t ivlen,
1631 const uint8_t *enced_content, size_t enced_content_len,
1632 const uint8_t *shared_info1, size_t shared_info1_len,
1633 const uint8_t *shared_info2, size_t shared_info2_len,
1634 const uint8_t *certs, size_t certs_len,
1635 const uint8_t *crls, size_t crls_len,
1636 const uint8_t *signer_infos, size_t signer_infos_len,
1637 uint8_t **out, size_t *outlen)
1638 {
1639 size_t len = 0;
1640 if (asn1_int_to_der(version, NULL, &len) != 1
1641 || asn1_set_to_der(rcpt_infos, rcpt_infos_len, NULL, &len) != 1
1642 || cms_digest_algors_to_der(digest_algors, digest_algors_cnt, NULL, &len) != 1
1643 || cms_enced_content_info_to_der(content_type,
1644 enc_algor, iv, ivlen,
1645 enced_content, enced_content_len,
1646 shared_info1, shared_info1_len,
1647 shared_info2, shared_info2_len,
1648 NULL, &len) != 1
1649 || asn1_implicit_set_to_der(0, certs, certs_len, NULL, &len) < 0
1650 || asn1_implicit_set_to_der(1, crls, crls_len, NULL, &len) < 0
1651 || asn1_set_to_der(signer_infos, signer_infos_len, NULL, &len) != 1
1652 || asn1_sequence_header_to_der(len, out, outlen) != 1
1653 || asn1_int_to_der(version, out, outlen) != 1
1654 || asn1_set_to_der(rcpt_infos, rcpt_infos_len, out, outlen) != 1
1655 || cms_digest_algors_to_der(digest_algors, digest_algors_cnt, out, outlen) != 1
1656 || cms_enced_content_info_to_der(content_type,
1657 enc_algor, iv, ivlen,
1658 enced_content, enced_content_len,
1659 shared_info1, shared_info1_len,
1660 shared_info2, shared_info2_len,
1661 out, outlen) != 1
1662 || asn1_implicit_set_to_der(0, certs, certs_len, out, outlen) < 0
1663 || asn1_implicit_set_to_der(1, crls, crls_len, out, outlen) < 0
1664 || asn1_set_to_der(signer_infos, signer_infos_len, out, outlen) != 1) {
1665 error_print();
1666 return -1;
1667 }
1668 return 1;
1669 }
1670
cms_signed_and_enveloped_data_from_der(int * version,const uint8_t ** rcpt_infos,size_t * rcpt_infos_len,int * digest_algors,size_t * digest_algors_cnt,size_t max_digest_algors,const uint8_t ** enced_content_info,size_t * enced_content_info_len,const uint8_t ** certs,size_t * certs_len,const uint8_t ** crls,size_t * crls_len,const uint8_t ** signer_infos,size_t * signer_infos_len,const uint8_t ** in,size_t * inlen)1671 int cms_signed_and_enveloped_data_from_der(
1672 int *version,
1673 const uint8_t **rcpt_infos, size_t *rcpt_infos_len,
1674 int *digest_algors, size_t *digest_algors_cnt, size_t max_digest_algors,
1675 const uint8_t **enced_content_info, size_t *enced_content_info_len,
1676 const uint8_t **certs, size_t *certs_len,
1677 const uint8_t **crls, size_t *crls_len,
1678 const uint8_t **signer_infos, size_t *signer_infos_len,
1679 const uint8_t **in, size_t *inlen)
1680 {
1681 int ret;
1682 const uint8_t *d;
1683 size_t dlen;
1684
1685 if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) {
1686 if (ret < 0) error_print();
1687 return ret;
1688 }
1689 if (asn1_int_from_der(version, &d, &dlen) != 1
1690 || asn1_set_from_der(rcpt_infos, rcpt_infos_len, &d, &dlen) != 1
1691 || cms_digest_algors_from_der(digest_algors, digest_algors_cnt, max_digest_algors, &d, &dlen) != 1
1692 || asn1_any_from_der(enced_content_info, enced_content_info_len, &d, &dlen) != 1
1693 || asn1_implicit_set_from_der(0, certs, certs_len, &d, &dlen) < 0
1694 || asn1_implicit_set_from_der(1, crls, crls_len, &d, &dlen) < 0
1695 || asn1_set_from_der(signer_infos, signer_infos_len, &d, &dlen) != 1
1696 || asn1_length_is_zero(dlen) != 1) {
1697 error_print();
1698 return -1;
1699 }
1700 return 1;
1701 }
1702
cms_signed_and_enveloped_data_print(FILE * fp,int fmt,int ind,const char * label,const uint8_t * d,size_t dlen)1703 int cms_signed_and_enveloped_data_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
1704 {
1705 int ret, val;
1706 const uint8_t *p;
1707 size_t len;
1708
1709 format_print(fp, fmt, ind, "%s\n", label);
1710 ind += 4;
1711
1712 if (asn1_int_from_der(&val, &d, &dlen) != 1) goto err;
1713 format_print(fp, fmt, ind, "version: %d\n", val);
1714 if (asn1_set_from_der(&p, &len, &d, &dlen) != 1) goto err;
1715 cms_recipient_infos_print(fp, fmt, ind, "recipientInfos", p, len);
1716 if (asn1_set_from_der(&p, &len, &d, &dlen) != 1) goto err;
1717 cms_digest_algors_print(fp, fmt, ind, "digestAlgorithms", p, len);
1718 if (asn1_sequence_from_der(&p, &len, &d, &dlen) != 1) goto err;
1719 cms_enced_content_info_print(fp, fmt, ind, "encryptedContentInfo", p, len);
1720 if ((ret = asn1_implicit_set_from_der(0, &p, &len, &d, &dlen)) < 0) goto err;
1721 if (ret) x509_certs_print(fp, fmt, ind, "certificates", p, len);
1722 if ((ret = asn1_implicit_set_from_der(1, &p, &len, &d, &dlen)) < 0) goto err;
1723 if (ret) x509_crls_print(fp, fmt, ind, "crls", p, len);
1724 if (asn1_set_from_der(&p, &len, &d, &dlen) != 1) goto err;
1725 cms_signer_infos_print(fp, fmt, ind, "signerInfos", p, len);
1726 if (asn1_length_is_zero(dlen) != 1) goto err;
1727 return 1;
1728 err:
1729 error_print();
1730 return -1;
1731 }
1732
cms_signed_and_enveloped_data_encipher_to_der(const CMS_CERTS_AND_KEY * signers,size_t signers_cnt,const uint8_t * rcpt_certs,size_t rcpt_certs_len,int enc_algor,const uint8_t * key,size_t keylen,const uint8_t * iv,size_t ivlen,int content_type,const uint8_t * content,size_t content_len,const uint8_t * signers_crls,size_t signers_crls_len,const uint8_t * shared_info1,size_t shared_info1_len,const uint8_t * shared_info2,size_t shared_info2_len,uint8_t ** out,size_t * outlen)1733 int cms_signed_and_enveloped_data_encipher_to_der(
1734 const CMS_CERTS_AND_KEY *signers, size_t signers_cnt,
1735 const uint8_t *rcpt_certs, size_t rcpt_certs_len,
1736 int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
1737 int content_type, const uint8_t *content, size_t content_len,
1738 const uint8_t *signers_crls, size_t signers_crls_len,
1739 const uint8_t *shared_info1, size_t shared_info1_len,
1740 const uint8_t *shared_info2, size_t shared_info2_len,
1741 uint8_t **out, size_t *outlen)
1742 {
1743 uint8_t rcpt_infos[512];
1744 size_t rcpt_infos_len = 0;
1745 int digest_algors[] = { OID_sm3 };
1746 size_t digest_algors_cnt = sizeof(digest_algors)/sizeof(int);
1747 uint8_t content_info_header[256];
1748 size_t content_info_header_len = 0;
1749 uint8_t signer_infos[512];
1750 size_t signer_infos_len = 0;
1751 SM3_CTX sm3_ctx;
1752 const uint8_t *issuer;
1753 const uint8_t *serial;
1754 size_t issuer_len;
1755 size_t serial_len;
1756 uint8_t *p;
1757 size_t len = 0;
1758 size_t i;
1759
1760 p = rcpt_infos;
1761 while (rcpt_certs_len) {
1762 const uint8_t *cert;
1763 size_t certlen;
1764 SM2_KEY public_key;
1765
1766 if (asn1_any_from_der(&cert, &certlen, &rcpt_certs, &rcpt_certs_len) != 1
1767 || x509_cert_get_issuer_and_serial_number(cert, certlen,
1768 &issuer, &issuer_len, &serial, &serial_len) != 1
1769 || x509_cert_get_subject_public_key(cert, certlen, &public_key) != 1
1770 || cms_recipient_info_encrypt_to_der(&public_key,
1771 issuer, issuer_len, serial, serial_len,
1772 key, keylen, NULL, &len) != 1
1773 || asn1_length_le(len, sizeof(rcpt_infos)) != 1
1774 || cms_recipient_info_encrypt_to_der(&public_key,
1775 issuer, issuer_len, serial, serial_len,
1776 key, keylen, &p, &rcpt_infos_len) != 1) {
1777 error_print();
1778 return -1;
1779 }
1780 }
1781
1782 p = content_info_header;
1783 if (cms_content_info_header_to_der(content_type, content_len,
1784 &p, &content_info_header_len) != 1) {
1785 error_print();
1786 return -1;
1787 }
1788 sm3_init(&sm3_ctx);
1789 sm3_update(&sm3_ctx, content_info_header, content_info_header_len);
1790 sm3_update(&sm3_ctx, content, content_len);
1791
1792 for (i = 0; i < signers_cnt; i++) {
1793 if (x509_cert_get_issuer_and_serial_number(
1794 signers[i].certs, signers[i].certs_len,
1795 &issuer, &issuer_len, &serial, &serial_len) != 1
1796 || cms_signer_infos_add_signer_info(
1797 signer_infos, &signer_infos_len, sizeof(signer_infos),
1798 &sm3_ctx, signers->sign_key,
1799 issuer, issuer_len, serial, serial_len,
1800 NULL, 0, NULL, 0) != 1) {
1801 error_print();
1802 return -1;
1803 }
1804 }
1805
1806 len = 0;
1807 if (asn1_int_to_der(CMS_version_v1, NULL, &len) != 1
1808 || asn1_set_to_der(rcpt_infos, rcpt_infos_len, NULL, &len) != 1
1809 || cms_digest_algors_to_der(digest_algors, digest_algors_cnt, NULL, &len) != 1
1810 || cms_enced_content_info_encrypt_to_der(
1811 enc_algor, key, keylen, iv, ivlen,
1812 content_type, content, content_len,
1813 shared_info1, shared_info1_len,
1814 shared_info2, shared_info2_len,
1815 NULL, &len) != 1
1816 || cms_implicit_signers_certs_to_der(0, signers, signers_cnt, NULL, &len) != 1
1817 || asn1_implicit_set_to_der(1, signers_crls, signers_crls_len, NULL, &len) < 0
1818 || asn1_set_to_der(signer_infos, signer_infos_len, NULL, &len) != 1
1819 || asn1_sequence_header_to_der(len, out, outlen) != 1
1820 || asn1_int_to_der(CMS_version_v1, out, outlen) != 1
1821 || asn1_set_to_der(rcpt_infos, rcpt_infos_len, out, outlen) != 1
1822 || cms_digest_algors_to_der(digest_algors, digest_algors_cnt, out, outlen) != 1
1823 || cms_enced_content_info_encrypt_to_der(
1824 enc_algor, key, keylen, iv, ivlen,
1825 content_type, content, content_len,
1826 shared_info1, shared_info1_len,
1827 shared_info2, shared_info2_len,
1828 out, outlen) != 1
1829 || cms_implicit_signers_certs_to_der(0, signers, signers_cnt, out, outlen) != 1
1830 || asn1_implicit_set_to_der(1, signers_crls, signers_crls_len, out, outlen) != 1
1831 || asn1_set_to_der(signer_infos, signer_infos_len, out, outlen) != 1) {
1832 error_print();
1833 return -1;
1834 }
1835 return 1;
1836 }
1837
cms_signed_and_enveloped_data_decipher_from_der(const SM2_KEY * rcpt_key,const uint8_t * rcpt_issuer,size_t rcpt_issuer_len,const uint8_t * rcpt_serial,size_t rcpt_serial_len,int * content_type,uint8_t * content,size_t * content_len,const uint8_t ** prcpt_infos,size_t * prcpt_infos_len,const uint8_t ** shared_info1,size_t * shared_info1_len,const uint8_t ** shared_info2,size_t * shared_info2_len,const uint8_t ** certs,size_t * certs_len,const uint8_t ** crls,size_t * crls_len,const uint8_t ** psigner_infos,size_t * psigner_infos_len,const uint8_t * extra_certs,size_t extra_certs_len,const uint8_t * extra_crls,size_t extra_crls_len,const uint8_t ** in,size_t * inlen)1838 int cms_signed_and_enveloped_data_decipher_from_der(
1839 const SM2_KEY *rcpt_key,
1840 const uint8_t *rcpt_issuer, size_t rcpt_issuer_len,
1841 const uint8_t *rcpt_serial, size_t rcpt_serial_len,
1842 int *content_type, uint8_t *content, size_t *content_len,
1843 const uint8_t **prcpt_infos, size_t *prcpt_infos_len,
1844 const uint8_t **shared_info1, size_t *shared_info1_len,
1845 const uint8_t **shared_info2, size_t *shared_info2_len,
1846 const uint8_t **certs, size_t *certs_len,
1847 const uint8_t **crls, size_t *crls_len,
1848 const uint8_t **psigner_infos, size_t *psigner_infos_len,
1849 const uint8_t *extra_certs, size_t extra_certs_len,
1850 const uint8_t *extra_crls, size_t extra_crls_len,
1851 const uint8_t **in, size_t *inlen)
1852 {
1853 int ret;
1854 int version;
1855 const uint8_t *rcpt_infos;
1856 size_t rcpt_infos_len;
1857 int digest_algors[4];
1858 size_t digest_algors_cnt;
1859 const uint8_t *enced_content_info;
1860 size_t enced_content_info_len;
1861 const uint8_t *signer_infos;
1862 size_t signer_infos_len;
1863 int enc_algor;
1864 uint8_t key[32];
1865 size_t keylen;
1866 SM3_CTX sm3_ctx;
1867 uint8_t content_info_header[128];
1868 size_t content_info_header_len = 0;
1869 uint8_t *p = content_info_header;
1870
1871 if (cms_signed_and_enveloped_data_from_der(
1872 &version,
1873 &rcpt_infos, &rcpt_infos_len,
1874 digest_algors, &digest_algors_cnt, sizeof(digest_algors)/sizeof(int),
1875 &enced_content_info, &enced_content_info_len,
1876 certs, certs_len,
1877 crls, crls_len,
1878 &signer_infos, &signer_infos_len,
1879 in, inlen) != 1
1880 || asn1_check(version == CMS_version_v1) != 1
1881 || asn1_check(digest_algors[0] == OID_sm3) != 1) {
1882 error_print();
1883 return -1;
1884 }
1885 *prcpt_infos = rcpt_infos;
1886 *prcpt_infos_len = rcpt_infos_len;
1887 *psigner_infos = signer_infos;
1888 *psigner_infos_len = signer_infos_len;
1889
1890 while (rcpt_infos_len) {
1891 if ((ret = cms_recipient_info_decrypt_from_der(
1892 rcpt_key,
1893 rcpt_issuer, rcpt_issuer_len,
1894 rcpt_serial, rcpt_serial_len,
1895 key, &keylen, sizeof(key),
1896 &rcpt_infos, &rcpt_infos_len)) < 0) {
1897 error_print();
1898 return -1;
1899 } else if (ret) {
1900 break;
1901 }
1902 }
1903 if (!ret) {
1904 error_print();
1905 return -1;
1906 }
1907
1908 if (cms_enced_content_info_decrypt_from_der(
1909 &enc_algor, key, keylen,
1910 content_type, content, content_len,
1911 shared_info1, shared_info1_len,
1912 shared_info2, shared_info2_len,
1913 &enced_content_info, &enced_content_info_len) != 1) {
1914 error_print();
1915 return -1;
1916 }
1917
1918 if (cms_content_info_header_to_der(*content_type, *content_len,
1919 &p, &content_info_header_len) != 1) {
1920 error_print();
1921 return -1;
1922 }
1923 sm3_init(&sm3_ctx);
1924 sm3_update(&sm3_ctx, content_info_header, content_info_header_len);
1925 sm3_update(&sm3_ctx, content, *content_len);
1926
1927 while (signer_infos_len) {
1928 const uint8_t *cert;
1929 size_t certlen;
1930 const uint8_t *issuer;
1931 size_t issuer_len;
1932 const uint8_t *serial;
1933 size_t serial_len;
1934 const uint8_t *authed_attrs;
1935 size_t authed_attrs_len;
1936 const uint8_t *unauthed_attrs;
1937 size_t unauthed_attrs_len;
1938
1939 if (cms_signer_info_verify_from_der(
1940 &sm3_ctx, *certs, *certs_len,
1941 &cert, &certlen,
1942 &issuer, &issuer_len,
1943 &serial, &serial_len,
1944 &authed_attrs, &authed_attrs_len,
1945 &unauthed_attrs, &unauthed_attrs_len,
1946 &signer_infos, &signer_infos_len) != 1) {
1947 error_print();
1948 return -1;
1949 }
1950 }
1951
1952 return 1;
1953 }
1954
cms_key_agreement_info_to_der(int version,const SM2_KEY * temp_public_key_r,const uint8_t * user_cert,size_t user_cert_len,const uint8_t * user_id,size_t user_id_len,uint8_t ** out,size_t * outlen)1955 int cms_key_agreement_info_to_der(
1956 int version,
1957 const SM2_KEY *temp_public_key_r,
1958 const uint8_t *user_cert, size_t user_cert_len,
1959 const uint8_t *user_id, size_t user_id_len,
1960 uint8_t **out, size_t *outlen)
1961 {
1962 size_t len = 0;
1963 if (asn1_int_to_der(version, NULL, &len) != 1
1964 || sm2_public_key_info_to_der(temp_public_key_r, NULL, &len) != 1
1965 || x509_cert_to_der(user_cert, user_cert_len, NULL, &len) != 1
1966 || asn1_octet_string_to_der(user_id, user_id_len, NULL, &len) != 1
1967 || asn1_sequence_header_to_der(len, out, outlen) != 1
1968 || asn1_int_to_der(version, out, outlen) != 1
1969 || sm2_public_key_info_to_der(temp_public_key_r, out, outlen) != 1
1970 || x509_cert_to_der(user_cert, user_cert_len, out, outlen) != 1
1971 || asn1_octet_string_to_der(user_id, user_id_len, out, outlen) != 1) {
1972 error_print();
1973 return -1;
1974 }
1975 return 1;
1976 }
1977
cms_key_agreement_info_from_der(int * version,SM2_KEY * temp_public_key_r,const uint8_t ** user_cert,size_t * user_cert_len,const uint8_t ** user_id,size_t * user_id_len,const uint8_t ** in,size_t * inlen)1978 int cms_key_agreement_info_from_der(
1979 int *version,
1980 SM2_KEY *temp_public_key_r,
1981 const uint8_t **user_cert, size_t *user_cert_len,
1982 const uint8_t **user_id, size_t *user_id_len,
1983 const uint8_t **in, size_t *inlen)
1984 {
1985 int ret;
1986 const uint8_t *d;
1987 size_t dlen;
1988
1989 if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) {
1990 if (ret < 0) error_print();
1991 return ret;
1992 }
1993 if (asn1_int_from_der(version, &d, &dlen) != 1
1994 || sm2_public_key_info_from_der(temp_public_key_r, &d, &dlen) != 1
1995 || x509_cert_from_der(user_cert, user_cert_len, &d, &dlen) != 1
1996 || asn1_octet_string_from_der(user_id, user_id_len, &d, &dlen) != 1
1997 || asn1_length_is_zero(dlen) != 1) {
1998 error_print();
1999 return -1;
2000 }
2001 return 1;
2002 }
2003
cms_key_agreement_info_print(FILE * fp,int fmt,int ind,const char * label,const uint8_t * d,size_t dlen)2004 int cms_key_agreement_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
2005 {
2006 int val;
2007 SM2_KEY pub_key;
2008 const uint8_t *p;
2009 size_t len;
2010
2011 format_print(fp, fmt, ind, "%s\n", label);
2012 ind += 4;
2013
2014 if (asn1_int_from_der(&val, &d, &dlen) != 1) goto err;
2015 format_print(fp, fmt, ind, "version: %d\n", val);
2016 if (sm2_public_key_info_from_der(&pub_key, &d, &dlen) != 1) goto err;
2017 sm2_public_key_print(fp, fmt, ind, "tempPublicKeyR", &pub_key);
2018 if (x509_cert_from_der(&p, &len, &d, &dlen) != 1) goto err;
2019 x509_cert_print(fp, fmt, ind, "certificate", p, len);
2020 if (asn1_octet_string_from_der(&p, &len, &d, &dlen) != 1) goto err;
2021 format_string(fp, fmt, ind, "userID", p, len);
2022 if (asn1_length_is_zero(dlen) != 1) goto err;
2023 return 1;
2024 err:
2025 error_print();
2026 return -1;
2027 }
2028
cms_set_data(uint8_t * cms,size_t * cmslen,const uint8_t * d,size_t dlen)2029 int cms_set_data(uint8_t *cms, size_t *cmslen, const uint8_t *d, size_t dlen)
2030 {
2031 int oid = OID_cms_data;
2032 size_t len = 0;
2033
2034 if (asn1_octet_string_to_der(d, dlen, NULL, &len) < 0) {
2035 error_print();
2036 return -1;
2037 }
2038 *cmslen = 0;
2039 if (!cms) {
2040 uint8_t data[1];
2041 if (cms_content_info_to_der(oid, data, len, NULL, cmslen) != 1) {
2042 error_print();
2043 return -1;
2044 }
2045 return 1;
2046 }
2047 if (cms_content_info_header_to_der(oid, len, &cms, cmslen) != 1
2048 || asn1_octet_string_to_der(d, dlen, &cms, cmslen) < 0) {
2049 error_print();
2050 return -1;
2051 }
2052 return 1;
2053 }
2054
cms_encrypt(uint8_t * cms,size_t * cmslen,int enc_algor,const uint8_t * key,size_t keylen,const uint8_t * iv,size_t ivlen,int content_type,const uint8_t * content,size_t content_len,const uint8_t * shared_info1,size_t shared_info1_len,const uint8_t * shared_info2,size_t shared_info2_len)2055 int cms_encrypt(uint8_t *cms, size_t *cmslen,
2056 int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
2057 int content_type, const uint8_t *content, size_t content_len,
2058 const uint8_t *shared_info1, size_t shared_info1_len,
2059 const uint8_t *shared_info2, size_t shared_info2_len)
2060 {
2061 int oid = OID_cms_encrypted_data;
2062 size_t len = 0;
2063
2064 if (cms_encrypted_data_encrypt_to_der(
2065 enc_algor, key, keylen, iv, ivlen,
2066 content_type, content, content_len,
2067 shared_info1, shared_info1_len,
2068 shared_info2, shared_info2_len,
2069 NULL, &len) != 1) {
2070 error_print();
2071 return -1;
2072 }
2073 *cmslen = 0;
2074 if (!cms) {
2075 uint8_t data[1];
2076 if (cms_content_info_to_der(oid, data, len, NULL, cmslen) != 1) {
2077 error_print();
2078 return -1;
2079 }
2080 return 1;
2081 }
2082 if (cms_content_info_header_to_der(oid, len, &cms, cmslen) != 1
2083 || cms_encrypted_data_encrypt_to_der(
2084 enc_algor, key, keylen, iv, ivlen,
2085 content_type, content, content_len,
2086 shared_info1, shared_info1_len,
2087 shared_info2, shared_info2_len,
2088 &cms, cmslen) != 1) {
2089 error_print();
2090 return -1;
2091 }
2092 return 1;
2093 }
2094
cms_decrypt(const uint8_t * cms,size_t cmslen,int * enc_algor,const uint8_t * key,size_t keylen,int * content_type,uint8_t * content,size_t * content_len,const uint8_t ** shared_info1,size_t * shared_info1_len,const uint8_t ** shared_info2,size_t * shared_info2_len)2095 int cms_decrypt(const uint8_t *cms, size_t cmslen,
2096 int *enc_algor, const uint8_t *key, size_t keylen,
2097 int *content_type, uint8_t *content, size_t *content_len,
2098 const uint8_t **shared_info1, size_t *shared_info1_len,
2099 const uint8_t **shared_info2, size_t *shared_info2_len)
2100 {
2101 int cms_type;
2102 const uint8_t *cms_content;
2103 size_t cms_content_len;
2104
2105 if (cms_content_info_from_der(&cms_type, &cms_content, &cms_content_len, &cms, &cmslen) != 1
2106 || asn1_check(cms_type == OID_cms_encrypted_data) != 1
2107 || asn1_check(cms_content && cms_content_len) != 1
2108 || asn1_length_is_zero(cmslen) != 1) {
2109 error_print();
2110 return -1;
2111 }
2112 if (cms_encrypted_data_decrypt_from_der(
2113 enc_algor, key, keylen,
2114 content_type, content, content_len,
2115 shared_info1, shared_info1_len,
2116 shared_info2, shared_info2_len,
2117 &cms_content, &cms_content_len) != 1
2118 || asn1_length_is_zero(cms_content_len) != 1) {
2119 error_print();
2120 return -1;
2121 }
2122 return 1;
2123 }
2124
cms_sign(uint8_t * cms,size_t * cmslen,const CMS_CERTS_AND_KEY * signers,size_t signers_cnt,int content_type,const uint8_t * content,size_t content_len,const uint8_t * crls,size_t crls_len)2125 int cms_sign(uint8_t *cms, size_t *cmslen,
2126 const CMS_CERTS_AND_KEY *signers, size_t signers_cnt,
2127 int content_type, const uint8_t *content, size_t content_len,
2128 const uint8_t *crls, size_t crls_len)
2129 {
2130 int oid = OID_cms_signed_data;
2131 size_t len = 0;
2132
2133 if (cms_signed_data_sign_to_der(
2134 signers, signers_cnt,
2135 content_type, content, content_len,
2136 crls, crls_len,
2137 NULL, &len) != 1) {
2138 error_print();
2139 return -1;
2140 }
2141 *cmslen = 0;
2142 if (!cms) {
2143 uint8_t data[1];
2144 if (cms_content_info_to_der(oid, data, len, NULL, cmslen) != 1) {
2145 error_print();
2146 return -1;
2147 }
2148 return 1;
2149 }
2150 if (cms_content_info_header_to_der(oid, len, &cms, cmslen) != 1
2151 || cms_signed_data_sign_to_der(
2152 signers, signers_cnt,
2153 content_type, content, content_len,
2154 crls, crls_len,
2155 &cms, cmslen) != 1) {
2156 error_print();
2157 return -1;
2158 }
2159 return 1;
2160 }
2161
cms_verify(const uint8_t * cms,size_t cmslen,const uint8_t * extra_certs,size_t extra_certs_len,const uint8_t * extra_crls,size_t extra_crls_len,int * content_type,const uint8_t ** content,size_t * content_len,const uint8_t ** certs,size_t * certs_len,const uint8_t ** crls,size_t * crls_len,const uint8_t ** signer_infos,size_t * signer_infos_len)2162 int cms_verify(const uint8_t *cms, size_t cmslen,
2163 const uint8_t *extra_certs, size_t extra_certs_len,
2164 const uint8_t *extra_crls, size_t extra_crls_len,
2165 int *content_type, const uint8_t **content, size_t *content_len,
2166 const uint8_t **certs, size_t *certs_len,
2167 const uint8_t **crls, size_t *crls_len,
2168 const uint8_t **signer_infos, size_t *signer_infos_len)
2169 {
2170 int cms_type;
2171 const uint8_t *cms_content;
2172 size_t cms_content_len;
2173
2174 if (cms_content_info_from_der(&cms_type, &cms_content, &cms_content_len, &cms, &cmslen) != 1
2175 || asn1_length_is_zero(cmslen) != 1) {
2176 error_print();
2177 return -1;
2178 }
2179 if (cms_type != OID_cms_signed_data) {
2180 error_print();
2181 return -1;
2182 }
2183 if (cms_content_len <= 0) {
2184 error_print();
2185 return -1;
2186 }
2187
2188 if (cms_signed_data_verify_from_der(
2189 extra_certs, extra_certs_len,
2190 extra_crls, extra_crls_len,
2191 content_type, content, content_len,
2192 certs, certs_len,
2193 crls, crls_len,
2194 signer_infos, signer_infos_len,
2195 &cms_content, &cms_content_len) != 1
2196 || asn1_length_is_zero(cms_content_len) != 1) {
2197 error_print();
2198 return -1;
2199 }
2200 return 1;
2201 }
2202
cms_envelop(uint8_t * cms,size_t * cmslen,const uint8_t * rcpt_certs,size_t rcpt_certs_len,int enc_algor,const uint8_t * key,size_t keylen,const uint8_t * iv,size_t ivlen,int content_type,const uint8_t * content,size_t content_len,const uint8_t * shared_info1,size_t shared_info1_len,const uint8_t * shared_info2,size_t shared_info2_len)2203 int cms_envelop(
2204 uint8_t *cms, size_t *cmslen,
2205 const uint8_t *rcpt_certs, size_t rcpt_certs_len,
2206 int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
2207 int content_type, const uint8_t *content, size_t content_len,
2208 const uint8_t *shared_info1, size_t shared_info1_len,
2209 const uint8_t *shared_info2, size_t shared_info2_len)
2210 {
2211 int oid = OID_cms_enveloped_data;
2212 size_t len = 0;
2213
2214 if (cms_enveloped_data_encrypt_to_der(
2215 rcpt_certs, rcpt_certs_len,
2216 enc_algor, key, keylen, iv, ivlen,
2217 content_type, content, content_len,
2218 shared_info1, shared_info1_len,
2219 shared_info2, shared_info2_len,
2220 NULL, &len) != 1) {
2221 error_print();
2222 return -1;
2223 }
2224 *cmslen = 0;
2225 if (!cms) {
2226 uint8_t data[1];
2227 if (cms_content_info_to_der(oid, data, len, NULL, cmslen) != 1) {
2228 error_print();
2229 return -1;
2230 }
2231 return 1;
2232 }
2233 if (cms_content_info_header_to_der(oid, len, &cms, cmslen) != 1
2234 || cms_enveloped_data_encrypt_to_der(
2235 rcpt_certs, rcpt_certs_len,
2236 enc_algor, key, keylen, iv, ivlen,
2237 content_type, content, content_len,
2238 shared_info1, shared_info1_len,
2239 shared_info2, shared_info2_len,
2240 &cms, cmslen) != 1) {
2241 error_print();
2242 return -1;
2243 }
2244 return 1;
2245 }
2246
cms_deenvelop(const uint8_t * cms,size_t cmslen,const SM2_KEY * rcpt_key,const uint8_t * rcpt_cert,size_t rcpt_cert_len,int * content_type,uint8_t * content,size_t * content_len,const uint8_t ** rcpt_infos,size_t * rcpt_infos_len,const uint8_t ** shared_info1,size_t * shared_info1_len,const uint8_t ** shared_info2,size_t * shared_info2_len)2247 int cms_deenvelop(const uint8_t *cms, size_t cmslen,
2248 const SM2_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len,
2249 int *content_type, uint8_t *content, size_t *content_len,
2250 const uint8_t **rcpt_infos, size_t *rcpt_infos_len,
2251 const uint8_t **shared_info1, size_t *shared_info1_len,
2252 const uint8_t **shared_info2, size_t *shared_info2_len)
2253 {
2254 int cms_type;
2255 const uint8_t *cms_content;
2256 size_t cms_content_len;
2257 const uint8_t *issuer;
2258 size_t issuer_len;
2259 const uint8_t *serial;
2260 size_t serial_len;
2261 SM2_KEY public_key;
2262
2263 if (cms_content_info_from_der(&cms_type, &cms_content, &cms_content_len, &cms, &cmslen) != 1
2264 || asn1_check(cms_type == OID_cms_enveloped_data) != 1
2265 || asn1_check(cms_content && cms_content_len) != 1
2266 || asn1_length_is_zero(cmslen) != 1) {
2267 error_print();
2268 return -1;
2269 }
2270
2271 if (x509_cert_get_issuer_and_serial_number(rcpt_cert, rcpt_cert_len,
2272 &issuer, &issuer_len, &serial, &serial_len) != 1
2273 || x509_cert_get_subject_public_key(rcpt_cert, rcpt_cert_len,
2274 &public_key) != 1) {
2275 error_print();
2276 return -1;
2277 }
2278 if (memcmp(&public_key, rcpt_key, sizeof(SM2_POINT)) != 0) {
2279 error_print();
2280 return -1;
2281 }
2282
2283 if (cms_enveloped_data_decrypt_from_der(
2284 rcpt_key, issuer, issuer_len, serial, serial_len,
2285 content_type, content, content_len,
2286 rcpt_infos, rcpt_infos_len,
2287 shared_info1, shared_info1_len,
2288 shared_info2, shared_info2_len,
2289 &cms_content, &cms_content_len) != 1
2290 || asn1_length_is_zero(cms_content_len) != 1) {
2291 error_print();
2292 return -1;
2293 }
2294 return 1;
2295 }
2296
cms_sign_and_envelop(uint8_t * cms,size_t * cmslen,const CMS_CERTS_AND_KEY * signers,size_t signers_cnt,const uint8_t * rcpt_certs,size_t rcpt_certs_len,int enc_algor,const uint8_t * key,size_t keylen,const uint8_t * iv,size_t ivlen,int content_type,const uint8_t * content,size_t content_len,const uint8_t * crls,size_t crls_len,const uint8_t * shared_info1,size_t shared_info1_len,const uint8_t * shared_info2,size_t shared_info2_len)2297 int cms_sign_and_envelop(uint8_t *cms, size_t *cmslen,
2298 const CMS_CERTS_AND_KEY *signers, size_t signers_cnt,
2299 const uint8_t *rcpt_certs, size_t rcpt_certs_len,
2300 int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
2301 int content_type, const uint8_t *content, size_t content_len,
2302 const uint8_t *crls, size_t crls_len,
2303 const uint8_t *shared_info1, size_t shared_info1_len,
2304 const uint8_t *shared_info2, size_t shared_info2_len)
2305 {
2306 int oid = OID_cms_signed_and_enveloped_data;
2307 size_t len = 0;
2308
2309 if (cms_signed_and_enveloped_data_encipher_to_der(
2310 signers, signers_cnt,
2311 rcpt_certs, rcpt_certs_len,
2312 enc_algor, key, keylen, iv, ivlen,
2313 content_type, content, content_len,
2314 crls, crls_len,
2315 shared_info1, shared_info1_len,
2316 shared_info2, shared_info2_len,
2317 NULL, &len) != 1) {
2318 error_print();
2319 return -1;
2320 }
2321 *cmslen = 0;
2322 if (!cms) {
2323 uint8_t data[1];
2324 if (cms_content_info_to_der(oid, data, len, NULL, cmslen) != 1) {
2325 error_print();
2326 return -1;
2327 }
2328 return 1;
2329 }
2330 if (cms_content_info_header_to_der(oid, len, &cms, cmslen) != 1
2331 || cms_signed_and_enveloped_data_encipher_to_der(
2332 signers, signers_cnt,
2333 rcpt_certs, rcpt_certs_len,
2334 enc_algor, key, keylen, iv, ivlen,
2335 content_type, content, content_len,
2336 crls, crls_len,
2337 shared_info1, shared_info1_len,
2338 shared_info2, shared_info2_len,
2339 &cms, cmslen) != 1) {
2340 error_print();
2341 return -1;
2342 }
2343 return 1;
2344 }
2345
cms_deenvelop_and_verify(const uint8_t * cms,size_t cmslen,const SM2_KEY * rcpt_key,const uint8_t * rcpt_cert,size_t rcpt_cert_len,const uint8_t * extra_certs,size_t extra_certs_len,const uint8_t * extra_crls,size_t extra_crls_len,int * content_type,uint8_t * content,size_t * content_len,const uint8_t ** rcpt_infos,size_t * rcpt_infos_len,const uint8_t ** signer_infos,size_t * signer_infos_len,const uint8_t ** certs,size_t * certs_len,const uint8_t ** crls,size_t * crls_len,const uint8_t ** shared_info1,size_t * shared_info1_len,const uint8_t ** shared_info2,size_t * shared_info2_len)2346 int cms_deenvelop_and_verify(const uint8_t *cms, size_t cmslen,
2347 const SM2_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len,
2348 const uint8_t *extra_certs, size_t extra_certs_len,
2349 const uint8_t *extra_crls, size_t extra_crls_len,
2350 int *content_type, uint8_t *content, size_t *content_len,
2351 const uint8_t **rcpt_infos, size_t *rcpt_infos_len,
2352 const uint8_t **signer_infos, size_t *signer_infos_len,
2353 const uint8_t **certs, size_t *certs_len,
2354 const uint8_t **crls, size_t *crls_len,
2355 const uint8_t **shared_info1, size_t *shared_info1_len,
2356 const uint8_t **shared_info2, size_t *shared_info2_len)
2357 {
2358 const uint8_t *rcpt_issuer;
2359 size_t rcpt_issuer_len;
2360 const uint8_t *rcpt_serial;
2361 size_t rcpt_serial_len;
2362 SM2_KEY public_key;
2363 int cms_type;
2364 const uint8_t *cms_content;
2365 size_t cms_content_len;
2366 int digest_algors[4];
2367 size_t digest_algors_cnt;
2368
2369 if (cms_content_info_from_der(&cms_type, &cms_content, &cms_content_len, &cms, &cmslen) != 1
2370 || asn1_check(cms_type == OID_cms_signed_and_enveloped_data) != 1
2371 || asn1_check(cms_content && cms_content_len) != 1
2372 || asn1_length_is_zero(cmslen) != 1) {
2373 error_print();
2374 return -1;
2375 }
2376
2377 if (x509_cert_get_issuer_and_serial_number(rcpt_cert, rcpt_cert_len,
2378 &rcpt_issuer, &rcpt_issuer_len,
2379 &rcpt_serial, &rcpt_serial_len) != 1
2380 || x509_cert_get_subject_public_key(rcpt_cert, rcpt_cert_len,
2381 &public_key) != 1) {
2382 error_print();
2383 return -1;
2384 }
2385 if (memcmp(&public_key, rcpt_key, sizeof(SM2_POINT)) != 0) {
2386 error_print();
2387 return -1;
2388 }
2389
2390 if (cms_signed_and_enveloped_data_decipher_from_der(
2391 rcpt_key,
2392 rcpt_issuer, rcpt_issuer_len,
2393 rcpt_serial, rcpt_serial_len,
2394 content_type, content, content_len,
2395 rcpt_infos, rcpt_infos_len,
2396 shared_info1, shared_info1_len,
2397 shared_info2, shared_info2_len,
2398 certs, certs_len,
2399 crls, crls_len,
2400 signer_infos, signer_infos_len,
2401 extra_certs, extra_certs_len,
2402 extra_crls, extra_crls_len,
2403 &cms_content, &cms_content_len) != 1
2404 || asn1_length_is_zero(cms_content_len) != 1) {
2405 error_print();
2406 return -1;
2407 }
2408 return 1;
2409 }
2410
cms_set_key_agreement_info(uint8_t * cms,size_t * cmslen,const SM2_KEY * temp_public_key_r,const uint8_t * user_cert,size_t user_cert_len,const uint8_t * user_id,size_t user_id_len)2411 int cms_set_key_agreement_info(
2412 uint8_t *cms, size_t *cmslen,
2413 const SM2_KEY *temp_public_key_r,
2414 const uint8_t *user_cert, size_t user_cert_len,
2415 const uint8_t *user_id, size_t user_id_len)
2416 {
2417 int oid = OID_cms_key_agreement_info;
2418 size_t len = 0;
2419
2420 if (cms_key_agreement_info_to_der(CMS_version_v1, temp_public_key_r,
2421 user_cert, user_cert_len, user_id, user_id_len, NULL, &len) != 1) {
2422 error_print();
2423 return -1;
2424 }
2425 *cmslen = 0;
2426 if (!cms) {
2427 uint8_t data[1];
2428 if (cms_content_info_to_der(oid, data, len, NULL, cmslen) != 1) {
2429 error_print();
2430 return -1;
2431 }
2432 return 1;
2433 }
2434 if (cms_content_info_header_to_der(oid, len, &cms, cmslen) != 1
2435 || cms_key_agreement_info_to_der(CMS_version_v1, temp_public_key_r,
2436 user_cert, user_cert_len, user_id, user_id_len, &cms, cmslen) != 1) {
2437 error_print();
2438 return -1;
2439 }
2440 return 1;
2441 }
2442
cms_to_pem(const uint8_t * cms,size_t cms_len,FILE * fp)2443 int cms_to_pem(const uint8_t *cms, size_t cms_len, FILE *fp)
2444 {
2445 if (pem_write(fp, PEM_CMS, cms, cms_len) != 1) {
2446 error_print();
2447 return -1;
2448 }
2449 return 1;
2450 }
2451
cms_from_pem(uint8_t * cms,size_t * cms_len,size_t maxlen,FILE * fp)2452 int cms_from_pem(uint8_t *cms, size_t *cms_len, size_t maxlen, FILE *fp)
2453 {
2454 int ret;
2455 if ((ret = pem_read(fp, PEM_CMS, cms, cms_len, maxlen)) != 1) {
2456 if (ret < 0) error_print();
2457 return ret;
2458 }
2459
2460 return 1;
2461 }
2462
cms_print(FILE * fp,int fmt,int ind,const char * label,const uint8_t * a,size_t alen)2463 int cms_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen)
2464 {
2465 const uint8_t *d;
2466 size_t dlen;
2467
2468
2469 if (asn1_sequence_from_der(&d, &dlen, &a, &alen) != 1) goto err;
2470
2471
2472 cms_content_info_print(fp, fmt, ind, label, d, dlen);
2473 //if (asn1_length_is_zero(alen) != 1) goto err;
2474 return 1;
2475 err:
2476 error_print();
2477 return -1;
2478 }
2479
2480
2481