variant_ssl/
cms.rs

1//! SMIME implementation using CMS
2//!
3//! CMS (PKCS#7) is an encryption standard.  It allows signing and encrypting data using
4//! X.509 certificates.  The OpenSSL implementation of CMS is used in email encryption
5//! generated from a `Vec` of bytes.  This `Vec` follows the smime protocol standards.
6//! Data accepted by this module will be smime type `enveloped-data`.
7
8use bitflags::bitflags;
9use foreign_types::{ForeignType, ForeignTypeRef};
10use libc::c_uint;
11use std::ptr;
12
13use crate::bio::{MemBio, MemBioSlice};
14use crate::error::ErrorStack;
15use crate::pkey::{HasPrivate, PKeyRef};
16use crate::stack::StackRef;
17use crate::symm::Cipher;
18use crate::x509::{store::X509StoreRef, X509Ref, X509};
19use crate::{cvt, cvt_p};
20use openssl_macros::corresponds;
21
22bitflags! {
23    #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
24    #[repr(transparent)]
25    pub struct CMSOptions : c_uint {
26        const TEXT = ffi::CMS_TEXT;
27        const CMS_NOCERTS = ffi::CMS_NOCERTS;
28        const NO_CONTENT_VERIFY = ffi::CMS_NO_CONTENT_VERIFY;
29        const NO_ATTR_VERIFY = ffi::CMS_NO_ATTR_VERIFY;
30        const NOSIGS = ffi::CMS_NOSIGS;
31        const NOINTERN = ffi::CMS_NOINTERN;
32        const NO_SIGNER_CERT_VERIFY = ffi::CMS_NO_SIGNER_CERT_VERIFY;
33        const NOVERIFY = ffi::CMS_NOVERIFY;
34        const DETACHED = ffi::CMS_DETACHED;
35        const BINARY = ffi::CMS_BINARY;
36        const NOATTR = ffi::CMS_NOATTR;
37        const NOSMIMECAP = ffi::CMS_NOSMIMECAP;
38        const NOOLDMIMETYPE = ffi::CMS_NOOLDMIMETYPE;
39        const CRLFEOL = ffi::CMS_CRLFEOL;
40        const STREAM = ffi::CMS_STREAM;
41        const NOCRL = ffi::CMS_NOCRL;
42        const PARTIAL = ffi::CMS_PARTIAL;
43        const REUSE_DIGEST = ffi::CMS_REUSE_DIGEST;
44        const USE_KEYID = ffi::CMS_USE_KEYID;
45        const DEBUG_DECRYPT = ffi::CMS_DEBUG_DECRYPT;
46        #[cfg(all(not(libressl), not(ossl101)))]
47        const KEY_PARAM = ffi::CMS_KEY_PARAM;
48        #[cfg(all(not(libressl), not(ossl101), not(ossl102)))]
49        const ASCIICRLF = ffi::CMS_ASCIICRLF;
50    }
51}
52
53foreign_type_and_impl_send_sync! {
54    type CType = ffi::CMS_ContentInfo;
55    fn drop = ffi::CMS_ContentInfo_free;
56
57    /// High level CMS wrapper
58    ///
59    /// CMS supports nesting various types of data, including signatures, certificates,
60    /// encrypted data, smime messages (encrypted email), and data digest.  The ContentInfo
61    /// content type is the encapsulation of all those content types.  [`RFC 5652`] describes
62    /// CMS and OpenSSL follows this RFC's implementation.
63    ///
64    /// [`RFC 5652`]: https://tools.ietf.org/html/rfc5652#page-6
65    pub struct CmsContentInfo;
66    /// Reference to [`CMSContentInfo`]
67    ///
68    /// [`CMSContentInfo`]:struct.CmsContentInfo.html
69    pub struct CmsContentInfoRef;
70}
71
72impl CmsContentInfoRef {
73    /// Given the sender's private key, `pkey` and the recipient's certificate, `cert`,
74    /// decrypt the data in `self`.
75    #[corresponds(CMS_decrypt)]
76    pub fn decrypt<T>(&self, pkey: &PKeyRef<T>, cert: &X509) -> Result<Vec<u8>, ErrorStack>
77    where
78        T: HasPrivate,
79    {
80        unsafe {
81            let pkey = pkey.as_ptr();
82            let cert = cert.as_ptr();
83            let out = MemBio::new()?;
84
85            cvt(ffi::CMS_decrypt(
86                self.as_ptr(),
87                pkey,
88                cert,
89                ptr::null_mut(),
90                out.as_ptr(),
91                0,
92            ))?;
93
94            Ok(out.get_buf().to_owned())
95        }
96    }
97
98    /// Given the sender's private key, `pkey`,
99    /// decrypt the data in `self` without validating the recipient certificate.
100    ///
101    /// *Warning*: Not checking the recipient certificate may leave you vulnerable to Bleichenbacher's attack on PKCS#1 v1.5 RSA padding.
102    #[corresponds(CMS_decrypt)]
103    // FIXME merge into decrypt
104    pub fn decrypt_without_cert_check<T>(&self, pkey: &PKeyRef<T>) -> Result<Vec<u8>, ErrorStack>
105    where
106        T: HasPrivate,
107    {
108        unsafe {
109            let pkey = pkey.as_ptr();
110            let out = MemBio::new()?;
111
112            cvt(ffi::CMS_decrypt(
113                self.as_ptr(),
114                pkey,
115                ptr::null_mut(),
116                ptr::null_mut(),
117                out.as_ptr(),
118                0,
119            ))?;
120
121            Ok(out.get_buf().to_owned())
122        }
123    }
124
125    to_der! {
126        /// Serializes this CmsContentInfo using DER.
127        #[corresponds(i2d_CMS_ContentInfo)]
128        to_der,
129        ffi::i2d_CMS_ContentInfo
130    }
131
132    to_pem! {
133        /// Serializes this CmsContentInfo using DER.
134        #[corresponds(PEM_write_bio_CMS)]
135        to_pem,
136        ffi::PEM_write_bio_CMS
137    }
138}
139
140impl CmsContentInfo {
141    /// Parses a smime formatted `vec` of bytes into a `CmsContentInfo`.
142    #[corresponds(SMIME_read_CMS)]
143    pub fn smime_read_cms(smime: &[u8]) -> Result<CmsContentInfo, ErrorStack> {
144        unsafe {
145            let bio = MemBioSlice::new(smime)?;
146
147            let cms = cvt_p(ffi::SMIME_read_CMS(bio.as_ptr(), ptr::null_mut()))?;
148
149            Ok(CmsContentInfo::from_ptr(cms))
150        }
151    }
152
153    from_der! {
154        /// Deserializes a DER-encoded ContentInfo structure.
155        #[corresponds(d2i_CMS_ContentInfo)]
156        from_der,
157        CmsContentInfo,
158        ffi::d2i_CMS_ContentInfo
159    }
160
161    from_pem! {
162        /// Deserializes a PEM-encoded ContentInfo structure.
163        #[corresponds(PEM_read_bio_CMS)]
164        from_pem,
165        CmsContentInfo,
166        ffi::PEM_read_bio_CMS
167    }
168
169    /// Given a signing cert `signcert`, private key `pkey`, a certificate stack `certs`,
170    /// data `data` and flags `flags`, create a CmsContentInfo struct.
171    ///
172    /// All arguments are optional.
173    #[corresponds(CMS_sign)]
174    pub fn sign<T>(
175        signcert: Option<&X509Ref>,
176        pkey: Option<&PKeyRef<T>>,
177        certs: Option<&StackRef<X509>>,
178        data: Option<&[u8]>,
179        flags: CMSOptions,
180    ) -> Result<CmsContentInfo, ErrorStack>
181    where
182        T: HasPrivate,
183    {
184        unsafe {
185            let signcert = signcert.map_or(ptr::null_mut(), |p| p.as_ptr());
186            let pkey = pkey.map_or(ptr::null_mut(), |p| p.as_ptr());
187            let data_bio = match data {
188                Some(data) => Some(MemBioSlice::new(data)?),
189                None => None,
190            };
191            let data_bio_ptr = data_bio.as_ref().map_or(ptr::null_mut(), |p| p.as_ptr());
192            let certs = certs.map_or(ptr::null_mut(), |p| p.as_ptr());
193
194            let cms = cvt_p(ffi::CMS_sign(
195                signcert,
196                pkey,
197                certs,
198                data_bio_ptr,
199                flags.bits(),
200            ))?;
201
202            Ok(CmsContentInfo::from_ptr(cms))
203        }
204    }
205
206    /// Given a certificate stack `certs`, data `data`, cipher `cipher` and flags `flags`,
207    /// create a CmsContentInfo struct.
208    ///
209    /// OpenSSL documentation at [`CMS_encrypt`]
210    ///
211    /// [`CMS_encrypt`]: https://www.openssl.org/docs/manmaster/man3/CMS_encrypt.html
212    #[corresponds(CMS_encrypt)]
213    pub fn encrypt(
214        certs: &StackRef<X509>,
215        data: &[u8],
216        cipher: Cipher,
217        flags: CMSOptions,
218    ) -> Result<CmsContentInfo, ErrorStack> {
219        unsafe {
220            let data_bio = MemBioSlice::new(data)?;
221
222            let cms = cvt_p(ffi::CMS_encrypt(
223                certs.as_ptr(),
224                data_bio.as_ptr(),
225                cipher.as_ptr(),
226                flags.bits(),
227            ))?;
228
229            Ok(CmsContentInfo::from_ptr(cms))
230        }
231    }
232
233    /// Verify this CmsContentInfo's signature,
234    /// This will search the 'certs' list for the signing certificate.      
235    /// Additional certificates, needed for building the certificate chain, may be
236    /// given in 'store' as well as additional CRLs.
237    /// A detached signature may be passed in `detached_data`. The signed content
238    /// without signature, will be copied into output_data if it is present.
239    ///
240    #[corresponds(CMS_verify)]
241    pub fn verify(
242        &mut self,
243        certs: Option<&StackRef<X509>>,
244        store: Option<&X509StoreRef>,
245        detached_data: Option<&[u8]>,
246        output_data: Option<&mut Vec<u8>>,
247        flags: CMSOptions,
248    ) -> Result<(), ErrorStack> {
249        unsafe {
250            let certs_ptr = certs.map_or(ptr::null_mut(), |p| p.as_ptr());
251            let store_ptr = store.map_or(ptr::null_mut(), |p| p.as_ptr());
252            let detached_data_bio = match detached_data {
253                Some(data) => Some(MemBioSlice::new(data)?),
254                None => None,
255            };
256            let detached_data_bio_ptr = detached_data_bio
257                .as_ref()
258                .map_or(ptr::null_mut(), |p| p.as_ptr());
259            let out_bio = MemBio::new()?;
260
261            cvt(ffi::CMS_verify(
262                self.as_ptr(),
263                certs_ptr,
264                store_ptr,
265                detached_data_bio_ptr,
266                out_bio.as_ptr(),
267                flags.bits(),
268            ))?;
269
270            if let Some(data) = output_data {
271                data.clear();
272                data.extend_from_slice(out_bio.get_buf());
273            };
274
275            Ok(())
276        }
277    }
278}
279
280#[cfg(test)]
281mod test {
282    use super::*;
283
284    #[cfg(not(any(tongsuo, feature = "vendored")))]
285    use crate::pkcs12::Pkcs12;
286    use crate::pkey::PKey;
287    #[cfg(not(any(tongsuo, feature = "vendored")))]
288    use crate::stack::Stack;
289    use crate::x509::{
290        store::{X509Store, X509StoreBuilder},
291        X509,
292    };
293
294    #[test]
295    #[cfg(not(any(tongsuo, feature = "vendored")))]
296    fn cms_encrypt_decrypt() {
297        #[cfg(ossl300)]
298        let _provider = crate::provider::Provider::try_load(None, "legacy", true).unwrap();
299
300        // load cert with public key only
301        let pub_cert_bytes = include_bytes!("../test/cms_pubkey.der");
302        let pub_cert = X509::from_der(pub_cert_bytes).expect("failed to load pub cert");
303
304        // load cert with private key
305        let priv_cert_bytes = include_bytes!("../test/cms.p12");
306        let priv_cert = Pkcs12::from_der(priv_cert_bytes).expect("failed to load priv cert");
307        let priv_cert = priv_cert
308            .parse2("mypass")
309            .expect("failed to parse priv cert");
310
311        // encrypt cms message using public key cert
312        let input = String::from("My Message");
313        let mut cert_stack = Stack::new().expect("failed to create stack");
314        cert_stack
315            .push(pub_cert)
316            .expect("failed to add pub cert to stack");
317
318        let encrypt = CmsContentInfo::encrypt(
319            &cert_stack,
320            input.as_bytes(),
321            Cipher::des_ede3_cbc(),
322            CMSOptions::empty(),
323        )
324        .expect("failed create encrypted cms");
325
326        // decrypt cms message using private key cert (DER)
327        {
328            let encrypted_der = encrypt.to_der().expect("failed to create der from cms");
329            let decrypt =
330                CmsContentInfo::from_der(&encrypted_der).expect("failed read cms from der");
331
332            let decrypt_with_cert_check = decrypt
333                .decrypt(
334                    priv_cert.pkey.as_ref().unwrap(),
335                    priv_cert.cert.as_ref().unwrap(),
336                )
337                .expect("failed to decrypt cms");
338            let decrypt_with_cert_check = String::from_utf8(decrypt_with_cert_check)
339                .expect("failed to create string from cms content");
340
341            let decrypt_without_cert_check = decrypt
342                .decrypt_without_cert_check(priv_cert.pkey.as_ref().unwrap())
343                .expect("failed to decrypt cms");
344            let decrypt_without_cert_check = String::from_utf8(decrypt_without_cert_check)
345                .expect("failed to create string from cms content");
346
347            assert_eq!(input, decrypt_with_cert_check);
348            assert_eq!(input, decrypt_without_cert_check);
349        }
350
351        // decrypt cms message using private key cert (PEM)
352        {
353            let encrypted_pem = encrypt.to_pem().expect("failed to create pem from cms");
354            let decrypt =
355                CmsContentInfo::from_pem(&encrypted_pem).expect("failed read cms from pem");
356
357            let decrypt_with_cert_check = decrypt
358                .decrypt(
359                    priv_cert.pkey.as_ref().unwrap(),
360                    priv_cert.cert.as_ref().unwrap(),
361                )
362                .expect("failed to decrypt cms");
363            let decrypt_with_cert_check = String::from_utf8(decrypt_with_cert_check)
364                .expect("failed to create string from cms content");
365
366            let decrypt_without_cert_check = decrypt
367                .decrypt_without_cert_check(priv_cert.pkey.as_ref().unwrap())
368                .expect("failed to decrypt cms");
369            let decrypt_without_cert_check = String::from_utf8(decrypt_without_cert_check)
370                .expect("failed to create string from cms content");
371
372            assert_eq!(input, decrypt_with_cert_check);
373            assert_eq!(input, decrypt_without_cert_check);
374        }
375    }
376
377    fn cms_sign_verify_generic_helper(is_detached: bool) {
378        // load cert with private key
379        let cert_bytes = include_bytes!("../test/cert.pem");
380        let cert = X509::from_pem(cert_bytes).expect("failed to load cert.pem");
381
382        let key_bytes = include_bytes!("../test/key.pem");
383        let key = PKey::private_key_from_pem(key_bytes).expect("failed to load key.pem");
384
385        let root_bytes = include_bytes!("../test/root-ca.pem");
386        let root = X509::from_pem(root_bytes).expect("failed to load root-ca.pem");
387
388        // sign cms message using public key cert
389        let data = b"Hello world!";
390
391        let (opt, ext_data): (CMSOptions, Option<&[u8]>) = if is_detached {
392            (CMSOptions::DETACHED | CMSOptions::BINARY, Some(data))
393        } else {
394            (CMSOptions::empty(), None)
395        };
396
397        let mut cms = CmsContentInfo::sign(Some(&cert), Some(&key), None, Some(data), opt)
398            .expect("failed to CMS sign a message");
399
400        // check CMS signature length
401        let pem_cms = cms
402            .to_pem()
403            .expect("failed to pack CmsContentInfo into PEM");
404        assert!(!pem_cms.is_empty());
405
406        // verify CMS signature
407        let mut builder = X509StoreBuilder::new().expect("failed to create X509StoreBuilder");
408        builder
409            .add_cert(root)
410            .expect("failed to add root-ca into X509StoreBuilder");
411        let store: X509Store = builder.build();
412        let mut out_data: Vec<u8> = Vec::new();
413        let res = cms.verify(
414            None,
415            Some(&store),
416            ext_data,
417            Some(&mut out_data),
418            CMSOptions::empty(),
419        );
420
421        // check verification result -  valid signature
422        res.unwrap();
423        assert_eq!(data.to_vec(), out_data);
424    }
425
426    #[test]
427    fn cms_sign_verify_ok() {
428        cms_sign_verify_generic_helper(false);
429    }
430
431    #[test]
432    fn cms_sign_verify_detached_ok() {
433        cms_sign_verify_generic_helper(true);
434    }
435
436    #[test]
437    #[cfg(not(any(tongsuo, feature = "vendored")))]
438    fn cms_sign_verify_error() {
439        #[cfg(ossl300)]
440        let _provider = crate::provider::Provider::try_load(None, "legacy", true).unwrap();
441
442        // load cert with private key
443        let priv_cert_bytes = include_bytes!("../test/cms.p12");
444        let priv_cert = Pkcs12::from_der(priv_cert_bytes).expect("failed to load priv cert");
445        let priv_cert = priv_cert
446            .parse2("mypass")
447            .expect("failed to parse priv cert");
448
449        // sign cms message using public key cert
450        let data = b"Hello world!";
451        let mut cms = CmsContentInfo::sign(
452            Some(&priv_cert.cert.unwrap()),
453            Some(&priv_cert.pkey.unwrap()),
454            None,
455            Some(data),
456            CMSOptions::empty(),
457        )
458        .expect("failed to CMS sign a message");
459
460        // check CMS signature length
461        let pem_cms = cms
462            .to_pem()
463            .expect("failed to pack CmsContentInfo into PEM");
464        assert!(!pem_cms.is_empty());
465
466        let empty_store = X509StoreBuilder::new()
467            .expect("failed to create X509StoreBuilder")
468            .build();
469
470        // verify CMS signature
471        let res = cms.verify(
472            None,
473            Some(&empty_store),
474            Some(data),
475            None,
476            CMSOptions::empty(),
477        );
478
479        // check verification result - this is an invalid signature
480        // defined in openssl crypto/cms/cms.h
481        const CMS_R_CERTIFICATE_VERIFY_ERROR: i32 = 100;
482        let es = res.unwrap_err();
483        let error_array = es.errors();
484        assert_eq!(1, error_array.len());
485        let code = error_array[0].reason_code();
486        assert_eq!(code, CMS_R_CERTIFICATE_VERIFY_ERROR);
487    }
488}