From 3ff464ba3faac086131f8148f1b8eede852e3483 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Fri, 13 Oct 2023 22:55:44 +0200 Subject: [PATCH] CMS and PKCS7: add support for EdDSA with Edwards curves 25519 and 448, simplifying code fixes #11915 fixes #13523 --- crypto/cms/cms_sd.c | 194 +++++++++++++++++++++++++------------ crypto/pkcs7/pk7_doit.c | 105 ++++++++------------ crypto/pkcs7/pk7_lib.c | 47 ++++----- include/crypto/pkcs7.h | 2 + test/recipes/80-test_cms.t | 46 +++++++-- 5 files changed, 229 insertions(+), 165 deletions(-) diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 075d8113620d84..3a4238829c34e8 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -19,6 +19,7 @@ #include "crypto/asn1.h" #include "crypto/evp.h" #include "crypto/ess.h" +#include "crypto/pkcs7.h" /* for ossl_cms_get_default_digest() */ #include "crypto/x509.h" /* for ossl_x509_add_cert_new() */ #include "cms_local.h" @@ -225,7 +226,7 @@ int ossl_cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert) return -1; } -/* Method to map any, incl. provider-implemented PKEY types to OIDs */ +/* Method to map any (also provider-implemented) PKEY types to OIDs */ /* (EC)DSA and all provider-delivered signatures implementation is the same */ static int cms_generic_sign(CMS_SignerInfo *si, int verify) { @@ -234,23 +235,31 @@ static int cms_generic_sign(CMS_SignerInfo *si, int verify) if (!verify) { EVP_PKEY *pkey = si->pkey; - int snid, hnid, pknid = EVP_PKEY_get_id(pkey); + int snid, pknid = EVP_PKEY_get_id(pkey); X509_ALGOR *alg1, *alg2; CMS_SignerInfo_get0_algs(si, NULL, NULL, &alg1, &alg2); if (alg1 == NULL || alg1->algorithm == NULL) return -1; - hnid = OBJ_obj2nid(alg1->algorithm); - if (hnid == NID_undef) - return -1; - if (pknid <= 0) { /* check whether a provider registered a NID */ - const char *typename = EVP_PKEY_get0_type_name(pkey); - if (typename != NULL) - pknid = OBJ_txt2nid(typename); + if (pknid == NID_ED25519 || pknid == NID_ED448) { + /* special treatment for Edwards curves in CMS acc. to RFC 8419 */ + snid = pknid; + } else { + int hnid = OBJ_obj2nid(alg1->algorithm); + + if (hnid == NID_undef) + return -1; + if (pknid <= 0) { /* check whether a provider registered a NID */ + const char *typename = EVP_PKEY_get0_type_name(pkey); + + if (typename != NULL) + pknid = OBJ_txt2nid(typename); + } + + if (!OBJ_find_sigid_by_algs(&snid, hnid, pknid)) + return -1; } - if (!OBJ_find_sigid_by_algs(&snid, hnid, pknid)) - return -1; return X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, NULL); } return 1; @@ -331,6 +340,28 @@ static int ossl_cms_add1_signing_cert_v2(CMS_SignerInfo *si, return ret; } +/* this is also used for PKCS7 */ +const EVP_MD *ossl_cms_get_default_digest(EVP_PKEY *pkey) { + const EVP_MD *md; + int def_nid, pknid = EVP_PKEY_get_id(pkey); + + /* special cases first, for Edwards curves in CMS according to RFC 8419 */ + if (pknid == NID_ED25519) + def_nid = NID_sha3_512; + else if (pknid == NID_ED448) + def_nid = NID_shake256; /* TODO for CMS, output size MUST be 512 */ + else if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) { + ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST, + "pkey nid=%d", pknid); + return NULL; + } + md = EVP_get_digestbynid(def_nid); + if (md == NULL) + ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST, + "default md nid=%d", def_nid); + return md; +} + CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer, EVP_PKEY *pk, const EVP_MD *md, unsigned int flags) @@ -383,18 +414,8 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, if (!ossl_cms_set1_SignerIdentifier(si->sid, signer, type, ctx)) goto err; - if (md == NULL) { - int def_nid; - - if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) - goto err; - md = EVP_get_digestbynid(def_nid); - if (md == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST); - goto err; - } - } - + if (md == NULL && (md = ossl_cms_get_default_digest(pk)) == NULL) + goto err; X509_ALGOR_set_md(si->digestAlgorithm, md); /* See if digest is present in digestAlgorithms */ @@ -423,7 +444,8 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, } if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0)) { - ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM); + ERR_raise_data(ERR_LIB_CMS, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM, + "pkey nid=%d", EVP_PKEY_get_id(pk)); goto err; } if (!(flags & CMS_NOATTR)) { @@ -823,29 +845,45 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) unsigned char *abuf = NULL; int alen; size_t siglen; - const CMS_CTX *ctx = si->cms_ctx; + OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(si->cms_ctx); + const char *propq = ossl_cms_ctx_get0_propq(si->cms_ctx); char md_name[OSSL_MAX_NAME_SIZE]; + char name[80]; + int pknid = EVP_PKEY_get_id(si->pkey); - if (OBJ_obj2txt(md_name, sizeof(md_name), - si->digestAlgorithm->algorithm, 0) <= 0) + if (pknid != NID_ED25519 && pknid != NID_ED448 + && OBJ_obj2txt(md_name, sizeof(md_name), + si->digestAlgorithm->algorithm, 0) <= 0) return 0; if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) { if (!cms_add1_signingTime(si, NULL)) - goto err; + return 0; } if (!ossl_cms_si_check_attributes(si)) - goto err; + return 0; + if (EVP_PKEY_get_default_digest_name(si->pkey, name, sizeof(name)) > 0 + && strcmp(name, "UNDEF") == 0) /* at least for Ed25519, Ed448 */ + return ASN1_item_sign_ex(ASN1_ITEM_rptr(CMS_Attributes_Sign), NULL, + NULL, si->signature /* sets the ASN1_BIT_STRING */, + si->signedAttrs, NULL, si->pkey, + EVP_get_digestbyobj(si->digestAlgorithm->algorithm), + libctx, propq); + + /* + * TODO replace all below code by ASN1_item_sign_ex(), + * but need to make sure that it works also for RSA with padding mode PSS + */ if (si->pctx) { pctx = si->pctx; } else { EVP_MD_CTX_reset(mctx); - if (EVP_DigestSignInit_ex(mctx, &pctx, md_name, - ossl_cms_ctx_get0_libctx(ctx), - ossl_cms_ctx_get0_propq(ctx), si->pkey, - NULL) <= 0) + if (EVP_DigestSignInit_ex(mctx, &pctx, + pknid == NID_ED25519 || pknid == NID_ED448 + ? NULL : md_name, + libctx, propq, si->pkey, NULL) <= 0) goto err; si->pctx = pctx; } @@ -854,15 +892,23 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) ASN1_ITEM_rptr(CMS_Attributes_Sign)); if (!abuf) goto err; - if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0) - goto err; - if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0) - goto err; + if (pknid == NID_ED25519 || pknid == NID_ED448) { + if (EVP_DigestSign(mctx, NULL, &siglen, abuf, alen) != 1) + goto err; + } else { + if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0) + goto err; + if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0) + goto err; + } OPENSSL_free(abuf); abuf = OPENSSL_malloc(siglen); if (abuf == NULL) goto err; - if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0) + if ((pknid == NID_ED25519 || pknid == NID_ED448 + ? EVP_DigestSign(mctx, abuf, &siglen, abuf, alen) + : EVP_DigestSignFinal(mctx, abuf, &siglen)) + <= 0) goto err; EVP_MD_CTX_reset(mctx); @@ -882,12 +928,12 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) EVP_MD_CTX *mctx = NULL; unsigned char *abuf = NULL; int alen, r = -1; - char name[OSSL_MAX_NAME_SIZE]; - const EVP_MD *md; + int pknid; + const EVP_MD *md = NULL; EVP_MD *fetched_md = NULL; - const CMS_CTX *ctx = si->cms_ctx; - OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(ctx); - const char *propq = ossl_cms_ctx_get0_propq(ctx); + char md_name[80]; + OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(si->cms_ctx); + const char *propq = ossl_cms_ctx_get0_propq(si->cms_ctx); if (si->pkey == NULL) { ERR_raise(ERR_LIB_CMS, CMS_R_NO_PUBLIC_KEY); @@ -897,21 +943,38 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) if (!ossl_cms_si_check_attributes(si)) return -1; - OBJ_obj2txt(name, sizeof(name), si->digestAlgorithm->algorithm, 0); + if (EVP_PKEY_get_default_digest_name(si->pkey, md_name, sizeof(md_name)) > 0 + && strcmp(md_name, "UNDEF") == 0) /* at least for Ed25519, Ed448 */ + return ASN1_item_verify_ex(ASN1_ITEM_rptr(CMS_Attributes_Sign), + si->signatureAlgorithm, si->signature, + si->signedAttrs, NULL, si->pkey, + libctx, propq); - (void)ERR_set_mark(); - fetched_md = EVP_MD_fetch(libctx, name, propq); + /* + * TODO clean up all below code, + * ideally also using ASN1_item_verify_ex(), + * combining si->digestAlgorithm with si->signature (pubkey) alg + */ + pknid = EVP_PKEY_get_id(si->pkey); + if (pknid != NID_ED25519 && pknid != NID_ED448) { + char name[OSSL_MAX_NAME_SIZE]; - if (fetched_md != NULL) - md = fetched_md; - else - md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); - if (md == NULL) { - (void)ERR_clear_last_mark(); - ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_DIGEST_ALGORITHM); - return -1; + OBJ_obj2txt(name, sizeof(name), si->digestAlgorithm->algorithm, 0); + + (void)ERR_set_mark(); + fetched_md = EVP_MD_fetch(libctx, name, propq); + + if (fetched_md != NULL) + md = fetched_md; + else + md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); + if (md == NULL) { + (void)ERR_clear_last_mark(); + ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_DIGEST_ALGORITHM); + return -1; + } + (void)ERR_pop_to_mark(); } - (void)ERR_pop_to_mark(); if (si->mctx == NULL && (si->mctx = EVP_MD_CTX_new()) == NULL) { ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB); @@ -923,20 +986,25 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) goto err; if (!cms_sd_asn1_ctrl(si, 1)) - goto err; + return 0; alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, ASN1_ITEM_rptr(CMS_Attributes_Verify)); if (abuf == NULL || alen < 0) goto err; - r = EVP_DigestVerifyUpdate(mctx, abuf, alen); - OPENSSL_free(abuf); - if (r <= 0) { - r = -1; - goto err; + if (pknid == NID_ED25519 || pknid == NID_ED448) { + r = EVP_DigestVerify(mctx, si->signature->data, si->signature->length, + abuf, alen) == 1; + } else { + r = EVP_DigestVerifyUpdate(mctx, abuf, alen); + OPENSSL_free(abuf); + if (r <= 0) { + r = -1; + goto err; + } + r = EVP_DigestVerifyFinal(mctx, + si->signature->data, si->signature->length); } - r = EVP_DigestVerifyFinal(mctx, - si->signature->data, si->signature->length); if (r <= 0) ERR_raise(ERR_LIB_CMS, CMS_R_VERIFICATION_FAILURE); err: diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 43ea2a9b60f9ba..649539fc4145cc 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -702,6 +702,7 @@ static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx) ERR_raise(ERR_LIB_PKCS7, ERR_R_EVP_LIB); return 0; } + printf("do_pkcs7_signed_attrib md_len = %d\n", md_len); if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) { ERR_raise(ERR_LIB_PKCS7, ERR_R_PKCS7_LIB); return 0; @@ -830,12 +831,14 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) * sign the attributes */ if (sk_X509_ATTRIBUTE_num(sk) > 0) { + printf("num attributes = %d\n", sk_X509_ATTRIBUTE_num(sk)); if (!do_pkcs7_signed_attrib(si, ctx_tmp)) goto err; } else { unsigned char *abuf = NULL; unsigned int abuflen; abuflen = EVP_PKEY_get_size(si->pkey); + printf("abuflen = %u\n", abuflen); abuf = OPENSSL_malloc(abuflen); if (abuf == NULL) goto err; @@ -895,56 +898,16 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) { - EVP_MD_CTX *mctx; - EVP_PKEY_CTX *pctx = NULL; - unsigned char *abuf = NULL; - int alen; - size_t siglen; - const EVP_MD *md = NULL; - const PKCS7_CTX *ctx = si->ctx; + const EVP_MD *md = EVP_get_digestbyobj(si->digest_alg->algorithm); - md = EVP_get_digestbyobj(si->digest_alg->algorithm); if (md == NULL) return 0; - mctx = EVP_MD_CTX_new(); - if (mctx == NULL) { - ERR_raise(ERR_LIB_PKCS7, ERR_R_EVP_LIB); - goto err; - } - - if (EVP_DigestSignInit_ex(mctx, &pctx, EVP_MD_get0_name(md), - ossl_pkcs7_ctx_get0_libctx(ctx), - ossl_pkcs7_ctx_get0_propq(ctx), si->pkey, - NULL) <= 0) - goto err; - - alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf, - ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); - if (!abuf) - goto err; - if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0) - goto err; - OPENSSL_free(abuf); - abuf = NULL; - if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0) - goto err; - abuf = OPENSSL_malloc(siglen); - if (abuf == NULL) - goto err; - if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0) - goto err; - - EVP_MD_CTX_free(mctx); - - ASN1_STRING_set0(si->enc_digest, abuf, siglen); - - return 1; - - err: - OPENSSL_free(abuf); - EVP_MD_CTX_free(mctx); - return 0; + return ASN1_item_sign_ex(ASN1_ITEM_rptr(PKCS7_ATTR_SIGN), NULL, + NULL, si->enc_digest /* sets ASN1_OCTET_STRING */, + si->auth_attr, NULL, si->pkey, md, + ossl_pkcs7_ctx_get0_libctx(si->ctx), + ossl_pkcs7_ctx_get0_propq(si->ctx)); } /* This partly overlaps with PKCS7_verify(). It does not support flags. */ @@ -1010,31 +973,45 @@ int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *signer) { - ASN1_OCTET_STRING *os; + ASN1_OCTET_STRING *os = si->enc_digest; EVP_MD_CTX *mdc_tmp, *mdc; const EVP_MD *md; EVP_MD *fetched_md = NULL; + char md_name[80]; int ret = 0, i; int md_type; - STACK_OF(X509_ATTRIBUTE) *sk; + STACK_OF(X509_ATTRIBUTE) *sk = si->auth_attr; BIO *btmp; - EVP_PKEY *pkey; - const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7); - OSSL_LIB_CTX *libctx = ossl_pkcs7_ctx_get0_libctx(ctx); - const char *propq = ossl_pkcs7_ctx_get0_propq(ctx); + EVP_PKEY *pkey = X509_get0_pubkey(signer); + const PKCS7_CTX *p7_ctx = ossl_pkcs7_get0_ctx(p7); + OSSL_LIB_CTX *libctx = ossl_pkcs7_ctx_get0_libctx(p7_ctx); + const char *propq = ossl_pkcs7_ctx_get0_propq(p7_ctx); - mdc_tmp = EVP_MD_CTX_new(); - if (mdc_tmp == NULL) { - ERR_raise(ERR_LIB_PKCS7, ERR_R_EVP_LIB); - goto err; - } + if (pkey == NULL) + return -1; if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) { ERR_raise(ERR_LIB_PKCS7, PKCS7_R_WRONG_PKCS7_TYPE); - goto err; + return 0; } + if (sk_X509_ATTRIBUTE_num(sk) > 0 + && EVP_PKEY_get_default_digest_name(pkey, md_name, sizeof(md_name)) > 0 + && strcmp(md_name, "UNDEF") == 0) /* at least for Ed25519, Ed448 */ + return ASN1_item_verify_ex(ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY), + si->digest_enc_alg /* it is signature alg */, + os, sk, NULL, pkey, libctx, propq); + + /* + * TODO clean up all below code, + * ideally also using ASN1_item_verify_ex(), + * combining si->digest_alg with si->digest_enc_alg (pubkey) alg + */ md_type = OBJ_obj2nid(si->digest_alg->algorithm); + if ((mdc_tmp = EVP_MD_CTX_new()) == NULL) { + ERR_raise(ERR_LIB_PKCS7, ERR_R_EVP_LIB); + return 0; + } btmp = bio; for (;;) { @@ -1058,6 +1035,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, break; btmp = BIO_next(btmp); } + printf("digest type %d vs %d, sig type %d\n", md_type, EVP_MD_CTX_get_type(mdc), EVP_MD_get_pkey_type(EVP_MD_CTX_get0_md(mdc))); /* * mdc is the digest ctx that we want, unless there are attributes, in @@ -1066,8 +1044,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, if (!EVP_MD_CTX_copy_ex(mdc_tmp, mdc)) goto err; - sk = si->auth_attr; - if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) { + if (sk_X509_ATTRIBUTE_num(sk) > 0) { unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL; unsigned int md_len; int alen; @@ -1080,6 +1057,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); goto err; } + printf("digest len %d vs %d\n", message_digest->length, (int)md_len); if ((message_digest->length != (int)md_len) || (memcmp(message_digest->data, md_dat, md_len))) { ERR_raise(ERR_LIB_PKCS7, PKCS7_R_DIGEST_FAILURE); @@ -1114,13 +1092,6 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, OPENSSL_free(abuf); } - os = si->enc_digest; - pkey = X509_get0_pubkey(signer); - if (pkey == NULL) { - ret = -1; - goto err; - } - i = EVP_VerifyFinal_ex(mdc_tmp, os->data, os->length, pkey, libctx, propq); if (i <= 0) { ERR_raise(ERR_LIB_PKCS7, PKCS7_R_SIGNATURE_FAILURE); diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 7be29285429644..a11019d5ddecaf 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -307,38 +307,34 @@ static int pkcs7_ecdsa_or_dsa_sign_verify_setup(PKCS7_SIGNER_INFO *si, { if (!verify) { int snid, hnid; - X509_ALGOR *alg1, *alg2; + X509_ALGOR *digest, *sig; EVP_PKEY *pkey = si->pkey; - PKCS7_SIGNER_INFO_get0_algs(si, NULL, &alg1, &alg2); - if (alg1 == NULL || alg1->algorithm == NULL) + PKCS7_SIGNER_INFO_get0_algs(si, NULL, &digest, &sig); + if (digest == NULL || digest->algorithm == NULL) return -1; - hnid = OBJ_obj2nid(alg1->algorithm); + hnid = OBJ_obj2nid(digest->algorithm); if (hnid == NID_undef) return -1; if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_get_id(pkey))) return -1; - return X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, NULL); + return X509_ALGOR_set0(sig, OBJ_nid2obj(snid), V_ASN1_UNDEF, NULL); } return 1; } -static int pkcs7_rsa_sign_verify_setup(PKCS7_SIGNER_INFO *si, int verify) +static int pkcs7_sign_setup(PKCS7_SIGNER_INFO *si, int pknid) { - if (!verify) { - X509_ALGOR *alg = NULL; + X509_ALGOR *sig = NULL; - PKCS7_SIGNER_INFO_get0_algs(si, NULL, NULL, &alg); - if (alg != NULL) - return X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), - V_ASN1_NULL, NULL); - } - return 1; + PKCS7_SIGNER_INFO_get0_algs(si, NULL, NULL, &sig); + return X509_ALGOR_set0(sig, OBJ_nid2obj(pknid), V_ASN1_NULL, NULL); } int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, - const EVP_MD *dgst) + const EVP_MD *md) { + int pknid = EVP_PKEY_get_id(pkey); int ret; /* We now need to add another PKCS7_SIGNER_INFO entry */ @@ -363,15 +359,17 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, /* Set the algorithms */ - if (!X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_get_type(dgst)), + if (!X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_get_type(md)), V_ASN1_NULL, NULL)) return 0; + /* TODO generalize to avoid this ugly case distinction */ if (EVP_PKEY_is_a(pkey, "EC") || EVP_PKEY_is_a(pkey, "DSA")) return pkcs7_ecdsa_or_dsa_sign_verify_setup(p7i, 0); if (EVP_PKEY_is_a(pkey, "RSA")) - return pkcs7_rsa_sign_verify_setup(p7i, 0); - + return pkcs7_sign_setup(p7i, NID_rsaEncryption); + if (pknid == NID_ED25519 || pknid == NID_ED448) + return pkcs7_sign_setup(p7i, pknid); if (pkey->ameth != NULL && pkey->ameth->pkey_ctrl != NULL) { ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN, 0, p7i); if (ret > 0) @@ -390,17 +388,8 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, { PKCS7_SIGNER_INFO *si = NULL; - if (dgst == NULL) { - int def_nid; - if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) - goto err; - dgst = EVP_get_digestbynid(def_nid); - if (dgst == NULL) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_DEFAULT_DIGEST); - goto err; - } - } - + if (dgst == NULL && (dgst = ossl_cms_get_default_digest(pkey)) == NULL) + return 0; if ((si = PKCS7_SIGNER_INFO_new()) == NULL) goto err; if (PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst) <= 0) diff --git a/include/crypto/pkcs7.h b/include/crypto/pkcs7.h index 9caa9af4a25f7e..34c4886be02bf3 100644 --- a/include/crypto/pkcs7.h +++ b/include/crypto/pkcs7.h @@ -16,4 +16,6 @@ void ossl_pkcs7_resolve_libctx(PKCS7 *p7); void ossl_pkcs7_set0_libctx(PKCS7 *p7, OSSL_LIB_CTX *ctx); int ossl_pkcs7_set1_propq(PKCS7 *p7, const char *propq); +const EVP_MD *ossl_cms_get_default_digest(EVP_PKEY *pkey); + #endif diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index 385791610577e1..8399d937412e1c 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -47,10 +47,11 @@ my $smcont = srctop_file("test", "smcont.txt"); my $smcont_zero = srctop_file("test", "smcont_zero.txt"); my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib) = disabled qw/des dh dsa ec ec2m rc2 zlib/; +my @test_certs = qw(test certs); $no_rc2 = 1 if disabled("legacy"); -plan tests => 21; +plan tests => 22; ok(run(test(["pkcs7_test"])), "test pkcs7"); @@ -891,7 +892,7 @@ subtest "CMS Check that bad encryption algorithm fails\n" => sub { plan tests => 1; SKIP: { - skip "DES or Legacy isn't supported in this build", 1 + skip "DES or Legacy is not supported in this build", 1 if disabled("des") || disabled("legacy"); my $out = "smtst.txt"; @@ -909,7 +910,7 @@ subtest "CMS Decrypt message encrypted with OpenSSL 1.1.1\n" => sub { plan tests => 1; SKIP: { - skip "EC or DES isn't supported in this build", 1 + skip "EC or DES is not supported in this build", 1 if disabled("ec") || disabled("des"); my $out = "smtst.txt"; @@ -1092,8 +1093,8 @@ with({ exit_checker => sub { return shift == 4; } }, ok(run(app(['openssl', 'smime', '-decrypt', '-inform', 'PEM', '-in', data_file("pkcs7-md4-encrypted.pem"), - '-recip', srctop_file("test", "certs", "ee-cert.pem"), - '-inkey', srctop_file("test", "certs", "ee-key.pem") + '-recip', srctop_file(@test_certs, "ee-cert.pem"), + '-inkey', srctop_file(@test_certs, "ee-key.pem") ])), "Check failure of EVP_DigestInit in PKCS7 signedAndEnveloped is handled"); }); @@ -1123,7 +1124,7 @@ sub check_availability { # This will fail if the fix is in and deadlock on Windows (and possibly # other platforms) if not. ok(!run(app(['openssl', 'cms', '-verify', - '-CAfile', srctop_file("test/certs", "pkitsta.pem"), + '-CAfile', srctop_file(@test_certs, "pkitsta.pem"), '-policy', 'anyPolicy', '-in', srctop_file("test/smime-eml", "SignedInvalidMappingFromanyPolicyTest7.eml") @@ -1154,3 +1155,36 @@ with({ exit_checker => sub { return shift == 3; } }, "issue#21986"); } }); + + +subtest "EdDSA tests for CMS and PKCS7\n" => sub { + plan tests => 4; + + SKIP: { + skip "ECX (EdDSA) is not supported in this build", 4 + if disabled("ecx"); + + my $crt1 = srctop_file(@test_certs, "root-ed25519.pem"); + my $key1 = srctop_file(@test_certs, "root-ed25519.privkey.pem"); + my $crt2 = srctop_file(@test_certs, "root-ed448-cert.pem"); + my $key2 = srctop_file(@test_certs, "root-ed448-key.pem"); + my $sig1 = "sig1.cms"; + my $sig2 = "sig2.p7s"; + + ok(run(app(["openssl", "cms", @prov, "-sign", "-in", $smcont, + "-signer", $crt1, "-inkey", $key1, "-out", $sig1])), + "accept CMS signature with Ed25519"); + + ok(run(app(["openssl", "cms", @prov, "-verify", "-in", $sig1, + "-CAfile", $crt1, "-content", $smcont])), + "accept CMS verify with Ed25519"); + + ok(run(app(["openssl", "smime", @prov, "-sign", "-in", $smcont, + "-signer", $crt2, "-inkey", $key2, "-out", $sig2])), + "accept PKCS7 signature with Ed448"); + + ok(run(app(["openssl", "smime", @prov, "-verify", "-in", $sig2, + "-CAfile", $crt2, "-content", $smcont, "-purpose", "any"])), + "accept PKCS7 verify with Ed448"); + } +};