openssl · opensignature · Nov 10, 2018 · Nov 10, 2018 · Nov 10, 2018 · Nov 17, 2018
diff --git a/apps/cms.c b/apps/cms.c
@@ -65,7 +65,7 @@ struct cms_key_param_st {
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
     OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENCRYPT,
-    OPT_DECRYPT, OPT_SIGN, OPT_SIGN_RECEIPT, OPT_RESIGN,
+    OPT_DECRYPT, OPT_SIGN, OPT_CADES, OPT_SIGN_RECEIPT, OPT_RESIGN,
     OPT_VERIFY, OPT_VERIFY_RETCODE, OPT_VERIFY_RECEIPT,
     OPT_CMSOUT, OPT_DATA_OUT, OPT_DATA_CREATE, OPT_DIGEST_VERIFY,
     OPT_DIGEST_CREATE, OPT_COMPRESS, OPT_UNCOMPRESS,
@@ -102,6 +102,7 @@ const OPTIONS cms_options[] = {
     {"sign", OPT_SIGN, '-', "Sign message"},
     {"sign_receipt", OPT_SIGN_RECEIPT, '-', "Generate a signed receipt for the message"},
     {"resign", OPT_RESIGN, '-', "Resign a signed message"},
+    {"cades", OPT_CADES, '-', "Include signer certificate digest"},
     {"verify", OPT_VERIFY, '-', "Verify signed message"},
     {"verify_retcode", OPT_VERIFY_RETCODE, '-'},
     {"verify_receipt", OPT_VERIFY_RECEIPT, '<'},
@@ -326,6 +327,9 @@ int cms_main(int argc, char **argv)
         case OPT_BINARY:
             flags |= CMS_BINARY;
             break;
+        case OPT_CADES:
+            flags |= CMS_CADES;
+            break;
         case OPT_KEYID:
             flags |= CMS_USE_KEYID;
             break;
@@ -940,6 +944,14 @@ int cms_main(int argc, char **argv)
             si = CMS_add1_signer(cms, signer, key, sign_md, tflags);
             if (si == NULL)
                 goto end;
+            if (flags & CMS_CADES) {
+                if (sign_md == EVP_sha1() || sign_md == NULL)
+                    si = CMS_add1_signing_cert(si, signer);
+                else
+                    si = CMS_add1_signing_cert_v2(si, signer, sign_md);
+                if (si == NULL)
+                    goto end;
+            }
             if (kparam != NULL) {
                 EVP_PKEY_CTX *pctx;
                 pctx = CMS_SignerInfo_get0_pkey_ctx(si);

diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c
@@ -27,6 +27,10 @@ static const ERR_STRING_DATA CMS_str_functs[] = {
     {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_SIGNER, 0), "CMS_add1_signer"},
     {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_SIGNINGTIME, 0),
      "cms_add1_signingTime"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_SIGNING_CERT, 0),
+     "CMS_add1_signing_cert"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_SIGNING_CERT_V2, 0),
+     "CMS_add1_signing_cert_v2"},
     {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COMPRESS, 0), "CMS_compress"},
     {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COMPRESSEDDATA_CREATE, 0),
      "cms_CompressedData_create"},

diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c
@@ -14,7 +14,9 @@
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
 #include <openssl/cms.h>
+#include <openssl/ess.h>
 #include "cms_lcl.h"
+#include "internal/ess_int.h"
 
 IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 
@@ -335,3 +337,115 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
     CMS_ReceiptRequest_free(rr);
     return os;
 }
+
+/*
+ * Add signer certificate's V2 digest to a SignerInfo
+ * structure
+ */
+
+CMS_SignerInfo *CMS_add1_signing_cert_v2(CMS_SignerInfo *si, X509 *signer,
+                                         const EVP_MD *sign_md)
+{
+    ASN1_STRING *seq = NULL;
+    unsigned char *p, *pp = NULL;
+    ESS_SIGNING_CERT_V2 *sc = NULL;
+    ESS_CERT_ID_V2 * cid;
+    unsigned char hash[EVP_MAX_MD_SIZE];
+    unsigned int hash_len = sizeof (hash);
+    X509_ALGOR *alg = NULL;
+    int len;
+
+    memset(hash, 0, sizeof (hash));
+
+    /* Create the SigningCertificateV2 attribute 
+     * and adding the signing certificate id.
+     */
+
+    if ((sc = ESS_SIGNING_CERT_V2_new()) == NULL
+        || (cid = ESS_CERT_ID_V2_new()) == NULL
+        || (alg = X509_ALGOR_new()) == NULL)
+        goto err;
+
+    X509_ALGOR_set_md(alg, sign_md);
+    if (alg->algorithm == NULL)
+        goto err;
+    cid->hash_alg = alg;
+    alg = NULL;
+    if (!X509_digest(signer, sign_md, hash, &hash_len))
+        goto err;
+    if (!ASN1_OCTET_STRING_set(cid->hash, hash, hash_len))
+        goto err;
+    if (!sk_ESS_CERT_ID_V2_push(sc->cert_ids, cid))
+        goto err;
+    /* Add SigningCertificateV2 signed attribute to the signer info. */
+    len = i2d_ESS_SIGNING_CERT_V2(sc, NULL);
+    if ((pp = OPENSSL_malloc(len)) == NULL)
+        goto err;
+    p = pp;
+    i2d_ESS_SIGNING_CERT_V2(sc, &p);
+    if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len))
+        goto err;
+    OPENSSL_free(pp);
+    ESS_SIGNING_CERT_V2_free(sc);
+    X509_ALGOR_free(alg);
+    pp = NULL;
+    if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_signingCertificateV2,
+                                     V_ASN1_SEQUENCE, seq, -1))
+        goto err;
+    ASN1_STRING_free(seq);
+    return si;
+
+ err:
+    CMSerr(CMS_F_CMS_ADD1_SIGNING_CERT_V2, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+/*
+ * Add signer certificate's digest to a SignerInfo
+ * structure
+ */
+
+CMS_SignerInfo *CMS_add1_signing_cert(CMS_SignerInfo *si, X509 *signer)
+{
+    ASN1_STRING *seq = NULL;
+    unsigned char *p, *pp = NULL;
+    ESS_SIGNING_CERT *sc = NULL;
+    ESS_CERT_ID * cid;
+    unsigned char hash[SHA_DIGEST_LENGTH];
+    int len;
+
+    /* Create the SigningCertificate attribute 
+     * and adding the signing certificate id.
+     */
+
+    if ((sc = ESS_SIGNING_CERT_new()) == NULL
+        || (cid = ESS_CERT_ID_new()) == NULL)
+        goto err;
+
+    if (!X509_digest(signer, EVP_sha1(), hash, NULL))
+        goto err;
+    if (!ASN1_OCTET_STRING_set(cid->hash, hash, SHA_DIGEST_LENGTH))
+        goto err;
+    if (!sk_ESS_CERT_ID_push(sc->cert_ids, cid))
+        goto err;
+    /* Add SigningCertificate signed attribute to the signer info. */
+    len = i2d_ESS_SIGNING_CERT(sc, NULL);
+    if ((pp = OPENSSL_malloc(len)) == NULL)
+        goto err;
+    p = pp;
+    i2d_ESS_SIGNING_CERT(sc, &p);
+    if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len))
+        goto err;
+    OPENSSL_free(pp);
+    ESS_SIGNING_CERT_free(sc);
+    pp = NULL;
+    if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_signingCertificate,
+                                     V_ASN1_SEQUENCE, seq, -1))
+        goto err;
+    ASN1_STRING_free(seq);
+    return si;
+
+ err:
+    CMSerr(CMS_F_CMS_ADD1_SIGNING_CERT, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
@@ -242,6 +242,8 @@ CMS_F_CMS_ADD1_RECEIPTREQUEST:158:CMS_add1_ReceiptRequest
 CMS_F_CMS_ADD1_RECIPIENT_CERT:101:CMS_add1_recipient_cert
 CMS_F_CMS_ADD1_SIGNER:102:CMS_add1_signer
 CMS_F_CMS_ADD1_SIGNINGTIME:103:cms_add1_signingTime
+CMS_F_CMS_ADD1_SIGNING_CERT:181:CMS_add1_signing_cert
+CMS_F_CMS_ADD1_SIGNING_CERT_V2:182:CMS_add1_signing_cert_v2
 CMS_F_CMS_COMPRESS:104:CMS_compress
 CMS_F_CMS_COMPRESSEDDATA_CREATE:105:cms_CompressedData_create
 CMS_F_CMS_COMPRESSEDDATA_INIT_BIO:106:cms_CompressedData_init_bio

diff --git a/crypto/include/internal/ess_int.h b/crypto/include/internal/ess_int.h
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ESS related stuff */
+
+/*-
+ * IssuerSerial ::= SEQUENCE {
+ *         issuer                   GeneralNames,
+ *         serialNumber             CertificateSerialNumber
+ *         }
+ */
+
+struct ESS_issuer_serial {
+    STACK_OF(GENERAL_NAME) *issuer;
+    ASN1_INTEGER *serial;
+};
+
+/*-
+ * ESSCertID ::=  SEQUENCE {
+ *         certHash                 Hash,
+ *         issuerSerial             IssuerSerial OPTIONAL
+ * }
+ */
+
+struct ESS_cert_id {
+    ASN1_OCTET_STRING *hash;    /* Always SHA-1 digest. */
+    ESS_ISSUER_SERIAL *issuer_serial;
+};
+
+/*-
+ * SigningCertificate ::=  SEQUENCE {
+ *        certs        SEQUENCE OF ESSCertID,
+ *        policies     SEQUENCE OF PolicyInformation OPTIONAL
+ * }
+ */
+
+struct ESS_signing_cert {
+    STACK_OF(ESS_CERT_ID) *cert_ids;
+    STACK_OF(POLICYINFO) *policy_info;
+};
+
+/*-
+ * ESSCertIDv2 ::=  SEQUENCE {
+ *        hashAlgorithm           AlgorithmIdentifier
+ *                DEFAULT {algorithm id-sha256},
+ *        certHash                Hash,
+ *        issuerSerial            IssuerSerial OPTIONAL
+ * }
+ */
+
+struct ESS_cert_id_v2_st {
+    X509_ALGOR *hash_alg;       /* Default: SHA-256 */
+    ASN1_OCTET_STRING *hash;
+    ESS_ISSUER_SERIAL *issuer_serial;
+};
+
+/*-
+ * SigningCertificateV2 ::= SEQUENCE {
+ *        certs                   SEQUENCE OF ESSCertIDv2,
+ *        policies                SEQUENCE OF PolicyInformation OPTIONAL
+ * }
+ */
+
+struct ESS_signing_cert_v2_st {
+    STACK_OF(ESS_CERT_ID_V2) *cert_ids;
+    STACK_OF(POLICYINFO) *policy_info;
+};
diff --git a/crypto/ts/ts_asn1.c b/crypto/ts/ts_asn1.c
@@ -11,6 +11,7 @@
 #include <openssl/err.h>
 #include <openssl/asn1t.h>
 #include "ts_lcl.h"
+#include "internal/ess_int.h"
 
 ASN1_SEQUENCE(TS_MSG_IMPRINT) = {
         ASN1_SIMPLE(TS_MSG_IMPRINT, hash_algo, X509_ALGOR),

diff --git a/crypto/ts/ts_lcl.h b/crypto/ts/ts_lcl.h
@@ -98,67 +98,6 @@ struct TS_status_info_st {
     ASN1_BIT_STRING *failure_info;
 };
 
-/*-
- * IssuerSerial ::= SEQUENCE {
- *         issuer                   GeneralNames,
- *         serialNumber             CertificateSerialNumber
- *         }
- */
-struct ESS_issuer_serial {
-    STACK_OF(GENERAL_NAME) *issuer;
-    ASN1_INTEGER *serial;
-};
-
-/*-
- * ESSCertID ::=  SEQUENCE {
- *         certHash                 Hash,
- *         issuerSerial             IssuerSerial OPTIONAL
- * }
- */
-struct ESS_cert_id {
-    ASN1_OCTET_STRING *hash;    /* Always SHA-1 digest. */
-    ESS_ISSUER_SERIAL *issuer_serial;
-};
-
-/*-
- * SigningCertificate ::=  SEQUENCE {
- *        certs        SEQUENCE OF ESSCertID,
- *        policies     SEQUENCE OF PolicyInformation OPTIONAL
- * }
- */
-struct ESS_signing_cert {
-    STACK_OF(ESS_CERT_ID) *cert_ids;
-    STACK_OF(POLICYINFO) *policy_info;
-};
-
-/*-
- * ESSCertIDv2 ::=  SEQUENCE {
- *        hashAlgorithm           AlgorithmIdentifier
- *                DEFAULT {algorithm id-sha256},
- *        certHash                Hash,
- *        issuerSerial            IssuerSerial OPTIONAL
- * }
- */
-
-struct ESS_cert_id_v2_st {
-    X509_ALGOR *hash_alg;       /* Default: SHA-256 */
-    ASN1_OCTET_STRING *hash;
-    ESS_ISSUER_SERIAL *issuer_serial;
-};
-
-/*-
- * SigningCertificateV2 ::= SEQUENCE {
- *        certs                   SEQUENCE OF ESSCertIDv2,
- *        policies                SEQUENCE OF PolicyInformation OPTIONAL
- * }
- */
-
-struct ESS_signing_cert_v2_st {
-    STACK_OF(ESS_CERT_ID_V2) *cert_ids;
-    STACK_OF(POLICYINFO) *policy_info;
-};
-
-
 struct TS_resp_ctx {
     X509 *signer_cert;
     EVP_PKEY *signer_key;

diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
@@ -15,6 +15,7 @@
 #include <openssl/pkcs7.h>
 #include <openssl/crypto.h>
 #include "ts_lcl.h"
+#include "internal/ess_int.h"
 
 static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *);
 static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec);

diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
@@ -13,6 +13,7 @@
 #include <openssl/ts.h>
 #include <openssl/pkcs7.h>
 #include "ts_lcl.h"
+#include "internal/ess_int.h"
 
 static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
                           X509 *signer, STACK_OF(X509) **chain);