2 PKCS#7 SignedData Verification Wrapper Implementation over OpenSSL.
4 Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 #include "InternalCryptLib.h"
17 #include <openssl/objects.h>
18 #include <openssl/x509.h>
19 #include <openssl/pkcs7.h>
21 UINT8 mOidValue
[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 };
24 Verification callback function to override any existing callbacks in OpenSSL
25 for intermediate certificate supports.
27 @param[in] Status Original status before calling this callback.
28 @param[in] Context X509 store context.
30 @retval 1 Current X509 certificate is verified successfully.
31 @retval 0 Verification failed.
37 IN X509_STORE_CTX
*Context
46 Error
= (INTN
) X509_STORE_CTX_get_error (Context
);
49 // X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT and X509_V_ERR_UNABLE_TO_GET_ISSUER_
50 // CERT_LOCALLY mean a X509 certificate is not self signed and its issuer
51 // can not be found in X509_verify_cert of X509_vfy.c.
52 // In order to support intermediate certificate node, we override the
53 // errors if the certification is obtained from X509 store, i.e. it is
54 // a trusted ceritifcate node that is enrolled by user.
55 // Besides,X509_V_ERR_CERT_UNTRUSTED and X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
56 // are also ignored to enable such feature.
58 if ((Error
== X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
) ||
59 (Error
== X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
)) {
60 Obj
= (X509_OBJECT
*) OPENSSL_malloc (sizeof (X509_OBJECT
));
65 Obj
->type
= X509_LU_X509
;
66 Obj
->data
.x509
= Context
->current_cert
;
68 CRYPTO_w_lock (CRYPTO_LOCK_X509_STORE
);
70 if (X509_OBJECT_retrieve_match (Context
->ctx
->objs
, Obj
)) {
74 // If any certificate in the chain is enrolled as trusted certificate,
75 // pass the certificate verification.
77 if (Error
== X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
) {
78 Count
= (INTN
) sk_X509_num (Context
->chain
);
79 for (Index
= 0; Index
< Count
; Index
++) {
80 Obj
->data
.x509
= sk_X509_value (Context
->chain
, (int) Index
);
81 if (X509_OBJECT_retrieve_match (Context
->ctx
->objs
, Obj
)) {
89 CRYPTO_w_unlock (CRYPTO_LOCK_X509_STORE
);
92 if ((Error
== X509_V_ERR_CERT_UNTRUSTED
) ||
93 (Error
== X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
)) {
105 Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
106 Syntax Standard, version 1.5". This interface is only intended to be used for
107 application to perform PKCS#7 functionality validation.
109 @param[in] PrivateKey Pointer to the PEM-formatted private key data for
111 @param[in] PrivateKeySize Size of the PEM private key data in bytes.
112 @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM
114 @param[in] InData Pointer to the content to be signed.
115 @param[in] InDataSize Size of InData in bytes.
116 @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with.
117 @param[in] OtherCerts Pointer to an optional additional set of certificates to
118 include in the PKCS#7 signedData (e.g. any intermediate
120 @param[out] SignedData Pointer to output PKCS#7 signedData.
121 @param[out] SignedDataSize Size of SignedData in bytes.
123 @retval TRUE PKCS#7 data signing succeeded.
124 @retval FALSE PKCS#7 data signing failed.
130 IN CONST UINT8
*PrivateKey
,
131 IN UINTN PrivateKeySize
,
132 IN CONST UINT8
*KeyPassword
,
136 IN UINT8
*OtherCerts OPTIONAL
,
137 OUT UINT8
**SignedData
,
138 OUT UINTN
*SignedDataSize
151 // Check input parameters.
153 if (PrivateKey
== NULL
|| KeyPassword
== NULL
|| InData
== NULL
||
154 SignCert
== NULL
|| SignedData
== NULL
|| SignedDataSize
== NULL
|| InDataSize
> INT_MAX
) {
165 // Retrieve RSA private key from PEM data.
167 Status
= RsaGetPrivateKeyFromPem (
170 (CONST CHAR8
*) KeyPassword
,
171 (VOID
**) &RsaContext
178 // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling
180 EVP_add_digest (EVP_md5());
181 EVP_add_digest (EVP_sha1());
182 EVP_add_digest (EVP_sha256());
183 RandomSeed (NULL
, 0);
186 // Construct OpenSSL EVP_PKEY for private key.
188 Key
= EVP_PKEY_new ();
193 Key
->save_type
= EVP_PKEY_RSA
;
194 Key
->type
= EVP_PKEY_type (EVP_PKEY_RSA
);
195 Key
->pkey
.rsa
= (RSA
*) RsaContext
;
198 // Convert the data to be signed to BIO format.
200 DataBio
= BIO_new (BIO_s_mem ());
201 BIO_write (DataBio
, InData
, (int) InDataSize
);
204 // Create the PKCS#7 signedData structure.
209 (STACK_OF(X509
) *) OtherCerts
,
211 PKCS7_BINARY
| PKCS7_NOATTR
| PKCS7_DETACHED
219 // Convert PKCS#7 signedData structure into DER-encoded buffer.
221 P7DataSize
= i2d_PKCS7 (Pkcs7
, NULL
);
222 if (P7DataSize
<= 19) {
227 P7Data
= OPENSSL_malloc (P7DataSize
);
228 if (P7Data
== NULL
) {
234 P7DataSize
= i2d_PKCS7 (Pkcs7
, (unsigned char **) &Tmp
);
237 // Strip ContentInfo to content only for signeddata. The data be trimmed off
238 // is totally 19 bytes.
240 *SignedDataSize
= P7DataSize
- 19;
241 *SignedData
= OPENSSL_malloc (*SignedDataSize
);
242 if (*SignedData
== NULL
) {
244 OPENSSL_free (P7Data
);
248 CopyMem (*SignedData
, P7Data
+ 19, *SignedDataSize
);
250 OPENSSL_free (P7Data
);
258 if (RsaContext
!= NULL
) {
259 RsaFree (RsaContext
);
261 Key
->pkey
.rsa
= NULL
;
269 if (DataBio
!= NULL
) {
281 Verifies the validility of a PKCS#7 signed data as described in "PKCS #7:
282 Cryptographic Message Syntax Standard". The input signed data could be wrapped
283 in a ContentInfo structure.
285 If P7Data, TrustedCert or InData is NULL, then return FALSE.
286 If P7Length, CertLength or DataLength overflow, then return FAlSE.
288 @param[in] P7Data Pointer to the PKCS#7 message to verify.
289 @param[in] P7Length Length of the PKCS#7 message in bytes.
290 @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
291 is used for certificate chain verification.
292 @param[in] CertLength Length of the trusted certificate in bytes.
293 @param[in] InData Pointer to the content to be verified.
294 @param[in] DataLength Length of InData in bytes.
296 @retval TRUE The specified PKCS#7 signed data is valid.
297 @retval FALSE Invalid PKCS#7 signed data.
303 IN CONST UINT8
*P7Data
,
305 IN CONST UINT8
*TrustedCert
,
307 IN CONST UINT8
*InData
,
316 X509_STORE
*CertStore
;
319 UINTN SignedDataSize
;
323 // Check input parameters.
325 if (P7Data
== NULL
|| TrustedCert
== NULL
|| InData
== NULL
||
326 P7Length
> INT_MAX
|| CertLength
> INT_MAX
|| DataLength
> INT_MAX
) {
338 // Register & Initialize necessary digest algorithms for PKCS#7 Handling
340 EVP_add_digest (EVP_md5());
341 EVP_add_digest (EVP_sha1());
342 EVP_add_digest_alias (SN_sha1WithRSAEncryption
, SN_sha1WithRSA
);
343 EVP_add_digest (EVP_sha256());
346 // Check whether input P7Data is a wrapped ContentInfo structure or not.
349 if ((P7Data
[4] == 0x06) && (P7Data
[5] == 0x09)) {
350 if (CompareMem (P7Data
+ 6, mOidValue
, sizeof (mOidValue
)) == 0) {
351 if ((P7Data
[15] == 0xA0) && (P7Data
[16] == 0x82)) {
358 SignedData
= (UINT8
*) P7Data
;
359 SignedDataSize
= P7Length
;
362 // Wrap PKCS#7 signeddata to a ContentInfo structure - add a header in 19 bytes.
364 SignedDataSize
= P7Length
+ 19;
365 SignedData
= OPENSSL_malloc (SignedDataSize
);
366 if (SignedData
== NULL
) {
371 // Part1: 0x30, 0x82.
373 SignedData
[0] = 0x30;
374 SignedData
[1] = 0x82;
377 // Part2: Length1 = P7Length + 19 - 4, in big endian.
379 SignedData
[2] = (UINT8
) (((UINT16
) (SignedDataSize
- 4)) >> 8);
380 SignedData
[3] = (UINT8
) (((UINT16
) (SignedDataSize
- 4)) & 0xff);
383 // Part3: 0x06, 0x09.
385 SignedData
[4] = 0x06;
386 SignedData
[5] = 0x09;
389 // Part4: OID value -- 0x2A 0x86 0x48 0x86 0xF7 0x0D 0x01 0x07 0x02.
391 CopyMem (SignedData
+ 6, mOidValue
, sizeof (mOidValue
));
394 // Part5: 0xA0, 0x82.
396 SignedData
[15] = 0xA0;
397 SignedData
[16] = 0x82;
400 // Part6: Length2 = P7Length, in big endian.
402 SignedData
[17] = (UINT8
) (((UINT16
) P7Length
) >> 8);
403 SignedData
[18] = (UINT8
) (((UINT16
) P7Length
) & 0xff);
408 CopyMem (SignedData
+ 19, P7Data
, P7Length
);
412 // Retrieve PKCS#7 Data (DER encoding)
414 if (SignedDataSize
> INT_MAX
) {
419 Pkcs7
= d2i_PKCS7 (NULL
, (const unsigned char **) &Temp
, (int) SignedDataSize
);
425 // Check if it's PKCS#7 Signed Data (for Authenticode Scenario)
427 if (!PKCS7_type_is_signed (Pkcs7
)) {
432 // Read DER-encoded root certificate and Construct X509 Certificate
434 CertBio
= BIO_new (BIO_s_mem ());
435 BIO_write (CertBio
, TrustedCert
, (int)CertLength
);
436 if (CertBio
== NULL
) {
439 Cert
= d2i_X509_bio (CertBio
, NULL
);
445 // Setup X509 Store for trusted certificate
447 CertStore
= X509_STORE_new ();
448 if (CertStore
== NULL
) {
451 if (!(X509_STORE_add_cert (CertStore
, Cert
))) {
456 // Register customized X509 verification callback function to support
457 // trusted intermediate certificate anchor.
459 CertStore
->verify_cb
= X509VerifyCb
;
462 // For generic PKCS#7 handling, InData may be NULL if the content is present
463 // in PKCS#7 structure. So ignore NULL checking here.
465 DataBio
= BIO_new (BIO_s_mem ());
466 BIO_write (DataBio
, InData
, (int)DataLength
);
469 // Verifies the PKCS#7 signedData structure
471 Status
= (BOOLEAN
) PKCS7_verify (Pkcs7
, NULL
, CertStore
, DataBio
, NULL
, PKCS7_BINARY
);
480 X509_STORE_free (CertStore
);
484 OPENSSL_free (SignedData
);