asn_mime.c

OpenSSL 0.9.8k 最新版OpenSSL

/* asn_mime.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 */

#include <stdio.h>
#include <ctype.h>
#include "cryptlib.h"
#include <openssl/rand.h>
#include <openssl/x509.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>

/* Generalised MIME like utilities for streaming ASN1. Although many
 * have a PKCS7/CMS like flavour others are more general purpose.
 */

/* MIME format structures
 * Note that all are translated to lower case apart from
 * parameter values. Quotes are stripped off
 */

typedef struct {
char *param_name;			/* Param name e.g. "micalg" */
char *param_value;			/* Param value e.g. "sha1" */
} MIME_PARAM;

DECLARE_STACK_OF(MIME_PARAM)
IMPLEMENT_STACK_OF(MIME_PARAM)

typedef struct {
char *name;				/* Name of line e.g. "content-type" */
char *value;				/* Value of line e.g. "text/plain" */
STACK_OF(MIME_PARAM) *params;		/* Zero or more parameters */
} MIME_HEADER;

DECLARE_STACK_OF(MIME_HEADER)
IMPLEMENT_STACK_OF(MIME_HEADER)

static char * strip_ends(char *name);
static char * strip_start(char *name);
static char * strip_end(char *name);
static MIME_HEADER *mime_hdr_new(char *name, char *value);
static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
static int mime_hdr_cmp(const MIME_HEADER * const *a,
			const MIME_HEADER * const *b);
static int mime_param_cmp(const MIME_PARAM * const *a,
			const MIME_PARAM * const *b);
static void mime_param_free(MIME_PARAM *param);
static int mime_bound_check(char *line, int linelen, char *bound, int blen);
static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
static int strip_eol(char *linebuf, int *plen);
static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
static void mime_hdr_free(MIME_HEADER *hdr);

#define MAX_SMLEN 1024
#define mime_debug(x) /* x */

/* Base 64 read and write of ASN1 structure */

static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
				const ASN1_ITEM *it)
	{
	BIO *b64;
	int r;
	b64 = BIO_new(BIO_f_base64());
	if(!b64)
		{
		ASN1err(ASN1_F_B64_WRITE_ASN1,ERR_R_MALLOC_FAILURE);
		return 0;
		}
	/* prepend the b64 BIO so all data is base64 encoded.
	 */
	out = BIO_push(b64, out);
	r = ASN1_item_i2d_bio(it, out, val);
	(void)BIO_flush(out);
	BIO_pop(out);
	BIO_free(b64);
	return r;
	}

static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
{
	BIO *b64;
	ASN1_VALUE *val;
	if(!(b64 = BIO_new(BIO_f_base64()))) {
		ASN1err(ASN1_F_B64_READ_ASN1,ERR_R_MALLOC_FAILURE);
		return 0;
	}
	bio = BIO_push(b64, bio);
	val = ASN1_item_d2i_bio(it, bio, NULL);
	if(!val)
		ASN1err(ASN1_F_B64_READ_ASN1,ASN1_R_DECODE_ERROR);
	(void)BIO_flush(bio);
	bio = BIO_pop(bio);
	BIO_free(b64);
	return val;
}

/* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */

static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
	{
	int i, have_unknown = 0, write_comma, md_nid;
	have_unknown = 0;
	write_comma = 0;
	for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++)
		{
		if (write_comma)
			BIO_write(out, ",", 1);
		write_comma = 1;
		md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
		switch(md_nid)
			{
			case NID_sha1:
			BIO_puts(out, "sha1");
			break;

			case NID_md5:
			BIO_puts(out, "md5");
			break;

			case NID_sha256:
			BIO_puts(out, "sha-256");
			break;

			case NID_sha384:
			BIO_puts(out, "sha-384");
			break;

			case NID_sha512:
			BIO_puts(out, "sha-512");
			break;

			default:
			if (have_unknown)
				write_comma = 0;
			else
				{
				BIO_puts(out, "unknown");
				have_unknown = 1;
				}
			break;

			}
		}

	return 1;

	}

/* SMIME sender */

int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
				int ctype_nid, int econt_nid,
				STACK_OF(X509_ALGOR) *mdalgs,
				asn1_output_data_fn *data_fn,
				const ASN1_ITEM *it)
{
	char bound[33], c;
	int i;
	const char *mime_prefix, *mime_eol, *cname = "smime.p7m";
	const char *msg_type=NULL;
	if (flags & SMIME_OLDMIME)
		mime_prefix = "application/x-pkcs7-";
	else
		mime_prefix = "application/pkcs7-";

	if (flags & SMIME_CRLFEOL)
		mime_eol = "\r\n";
	else
		mime_eol = "\n";
	if((flags & SMIME_DETACHED) && data) {
	/* We want multipart/signed */
		/* Generate a random boundary */
		RAND_pseudo_bytes((unsigned char *)bound, 32);
		for(i = 0; i < 32; i++) {
			c = bound[i] & 0xf;
			if(c < 10) c += '0';
			else c += 'A' - 10;
			bound[i] = c;
		}
		bound[32] = 0;
		BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
		BIO_printf(bio, "Content-Type: multipart/signed;");
		BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
		BIO_puts(bio, " micalg=\"");
		asn1_write_micalg(bio, mdalgs);
		BIO_printf(bio, "\"; boundary=\"----%s\"%s%s",
						bound, mime_eol, mime_eol);
		BIO_printf(bio, "This is an S/MIME signed message%s%s",
						mime_eol, mime_eol);
		/* Now write out the first part */
		BIO_printf(bio, "------%s%s", bound, mime_eol);
		if (!data_fn(bio, data, val, flags, it))
			return 0;
		BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);

		/* Headers for signature */

		BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); 
		BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
		BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
								mime_eol);
		BIO_printf(bio, "Content-Disposition: attachment;");
		BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
							mime_eol, mime_eol);
		B64_write_ASN1(bio, val, NULL, 0, it);
		BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
							mime_eol, mime_eol);
		return 1;
	}

	/* Determine smime-type header */

	if (ctype_nid == NID_pkcs7_enveloped)
		msg_type = "enveloped-data";
	else if (ctype_nid == NID_pkcs7_signed)
		{
		if (econt_nid == NID_id_smime_ct_receipt)
			msg_type = "signed-receipt";
		else if (sk_X509_ALGOR_num(mdalgs) >= 0)
			msg_type = "signed-data";
		else
			msg_type = "certs-only";
		}
	else if (ctype_nid == NID_id_smime_ct_compressedData)
		{
		msg_type = "compressed-data";
		cname = "smime.p7z";
		}
	/* MIME headers */
	BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
	BIO_printf(bio, "Content-Disposition: attachment;");
	BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol);
	BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
	if (msg_type)
		BIO_printf(bio, " smime-type=%s;", msg_type);
	BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol);
	BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
						mime_eol, mime_eol);
	if (!B64_write_ASN1(bio, val, data, flags, it))
		return 0;
	BIO_printf(bio, "%s", mime_eol);
	return 1;
}

#if 0

/* Handle output of ASN1 data */


static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
					const ASN1_ITEM *it)
	{
	BIO *tmpbio;
	const ASN1_AUX *aux = it->funcs;
	ASN1_STREAM_ARG sarg;

	if (!(flags & SMIME_DETACHED))
		{
		SMIME_crlf_copy(data, out, flags);
		return 1;
		}

	if (!aux || !aux->asn1_cb)
		{
		ASN1err(ASN1_F_ASN1_OUTPUT_DATA,
					ASN1_R_STREAMING_NOT_SUPPORTED);
		return 0;
		}

	sarg.out = out;
	sarg.ndef_bio = NULL;
	sarg.boundary = NULL;

	/* Let ASN1 code prepend any needed BIOs */

	if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0)
		return 0;

	/* Copy data across, passing through filter BIOs for processing */
	SMIME_crlf_copy(data, sarg.ndef_bio, flags);

	/* Finalize structure */
	if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
		return 0;

	/* Now remove any digests prepended to the BIO */

	while (sarg.ndef_bio != out)
		{
		tmpbio = BIO_pop(sarg.ndef_bio);
		BIO_free(sarg.ndef_bio);
		sarg.ndef_bio = tmpbio;
		}

	return 1;

	}

#endif

/* SMIME reader: handle multipart/signed and opaque signing.
 * in multipart case the content is placed in a memory BIO
 * pointed to by "bcont". In opaque this is set to NULL
 */

ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
{
	BIO *asnin;
	STACK_OF(MIME_HEADER) *headers = NULL;
	STACK_OF(BIO) *parts = NULL;
	MIME_HEADER *hdr;
	MIME_PARAM *prm;
	ASN1_VALUE *val;
	int ret;

	if(bcont) *bcont = NULL;

	if (!(headers = mime_parse_hdr(bio))) {
		ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_PARSE_ERROR);
		return NULL;
	}

	if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
		ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE);
		return NULL;
	}

	/* Handle multipart/signed */

	if(!strcmp(hdr->value, "multipart/signed")) {
		/* Split into two parts */
		prm = mime_param_find(hdr, "boundary");
		if(!prm || !prm->param_value) {
			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
			ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY);
			return NULL;
		}
		ret = multi_split(bio, prm->param_value, &parts);
		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
		if(!ret || (sk_BIO_num(parts) != 2) ) {
			ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE);
			sk_BIO_pop_free(parts, BIO_vfree);
			return NULL;
		}

		/* Parse the signature piece */
		asnin = sk_BIO_value(parts, 1);

		if (!(headers = mime_parse_hdr(asnin))) {
			ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_SIG_PARSE_ERROR);
			sk_BIO_pop_free(parts, BIO_vfree);
			return NULL;
		}

		/* Get content type */

		if(!(hdr = mime_hdr_find(headers, "content-type")) ||
								 !hdr->value) {
			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
			ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
			return NULL;
		}

		if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
			strcmp(hdr->value, "application/pkcs7-signature")) {
			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
			ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE);
			ERR_add_error_data(2, "type: ", hdr->value);
			sk_BIO_pop_free(parts, BIO_vfree);
			return NULL;
		}
		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
		/* Read in ASN1 */
		if(!(val = b64_read_asn1(asnin, it))) {
			ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_ASN1_SIG_PARSE_ERROR);
			sk_BIO_pop_free(parts, BIO_vfree);
			return NULL;
		}

		if(bcont) {
			*bcont = sk_BIO_value(parts, 0);
			BIO_free(asnin);
			sk_BIO_free(parts);