[apple/security.git] / libsecurity_apple_x509_tp / lib / certGroupUtils.cpp

/*
 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
 * 
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */


/*
	certGroupUtils.cpp

	Created 10/9/2000 by Doug Mitchell. 
*/

#include <Security/cssmtype.h>
#include <Security/cssmapi.h>
#include <Security/x509defs.h>
#include <Security/oidscert.h>
#include <Security/oidsalg.h>
#include <Security/cssmapple.h>
#include <Security/SecAsn1Coder.h>
#include <Security/keyTemplates.h>

#include "certGroupUtils.h" 
#include "tpdebugging.h"
#include "tpTime.h"

#include <string.h>				/* for memcmp */


/*
 * Copy one CSSM_DATA to another, mallocing destination. 
 */
void tpCopyCssmData(
	Allocator		&alloc,
	const CSSM_DATA	*src,
	CSSM_DATA_PTR	dst)
{
	dst->Data = (uint8 *)alloc.malloc(src->Length);
	dst->Length = src->Length;
	memmove(dst->Data, src->Data, src->Length);
}

/*
 * Malloc a CSSM_DATA, copy another one to it.
 */
CSSM_DATA_PTR tpMallocCopyCssmData(
	Allocator		&alloc,
	const CSSM_DATA	*src)
{
	CSSM_DATA_PTR dst = (CSSM_DATA_PTR)alloc.malloc(sizeof(CSSM_DATA));
	tpCopyCssmData(alloc, src, dst);
	return dst;
}

/*
 * Free the data referenced by a CSSM data, and optionally, the struct itself.
 */
void tpFreeCssmData(
	Allocator		&alloc,
	CSSM_DATA_PTR 	data,
	CSSM_BOOL 		freeStruct)
{
	if(data == NULL) {
		return;
	}
	if(data->Length != 0) {
		tpFree(alloc, data->Data);
	}
	if(freeStruct) {
		tpFree(alloc, data);
	}
	else {
		data->Length = 0;
		data->Data = NULL;
	}
}

/*
 * Compare two CSSM_DATAs, return CSSM_TRUE if identical.
 */
CSSM_BOOL tpCompareCssmData(
	const CSSM_DATA *data1,
	const CSSM_DATA *data2)
{	
	if((data1 == NULL) || (data1->Data == NULL) || 
	   (data2 == NULL) || (data2->Data == NULL) ||
	   (data1->Length != data2->Length)) {
		return CSSM_FALSE;
	}
	if(data1->Length != data2->Length) {
		return CSSM_FALSE;
	}
	if(memcmp(data1->Data, data2->Data, data1->Length) == 0) {
		return CSSM_TRUE;
	}
	else {
		return CSSM_FALSE;
	}
}

/*
 * Free memory via specified plugin's app-level allocator
 */
void tpFreePluginMemory(
	CSSM_HANDLE	hand,
	void 		*p)
{
	CSSM_API_MEMORY_FUNCS memFuncs;
	CSSM_RETURN crtn = CSSM_GetAPIMemoryFunctions(hand, &memFuncs);
	if(crtn) {
		tpErrorLog("CSSM_GetAPIMemoryFunctions failure\n");
		/* oh well, leak and continue */
		return;
	}
	memFuncs.free_func(p, memFuncs.AllocRef);
}

/*
 * Obtain the public key blob from a cert.
 */
CSSM_DATA_PTR tp_CertGetPublicKey( 
    TPCertInfo *cert,
	CSSM_DATA_PTR *valueToFree)			// used in tp_CertFreePublicKey
{
	CSSM_RETURN crtn;
	CSSM_DATA_PTR val;
	CSSM_X509_SUBJECT_PUBLIC_KEY_INFO *keyInfo;
	
	*valueToFree = NULL;
	crtn = cert->fetchField(&CSSMOID_X509V1SubjectPublicKeyCStruct, &val);
	if(crtn) {
		tpErrorLog("Error on CSSM_CL_CertGetFirstFieldValue(PublicKeyCStruct)\n");
		return NULL;
	}
	*valueToFree = val;
	keyInfo = (CSSM_X509_SUBJECT_PUBLIC_KEY_INFO *)val->Data;
	return &keyInfo->subjectPublicKey;
}

void tp_CertFreePublicKey(
	CSSM_CL_HANDLE	clHand,
	CSSM_DATA_PTR	value)
{
  	CSSM_CL_FreeFieldValue(clHand, &CSSMOID_X509V1SubjectPublicKeyCStruct, value);
}

/*
 * Obtain signature algorithm info from a cert.
 */
CSSM_X509_ALGORITHM_IDENTIFIER_PTR tp_CertGetAlgId( 
    TPCertInfo	 	*cert,
	CSSM_DATA_PTR 	*valueToFree)			// used in tp_CertFreeAlgId
{
	CSSM_RETURN crtn;
	CSSM_DATA_PTR val;
	
	*valueToFree = NULL;
	crtn = cert->fetchField(&CSSMOID_X509V1SignatureAlgorithm, &val);
	if(crtn) {
		tpErrorLog("Error on fetchField(CSSMOID_X509V1SignatureAlgorithm)\n");
		return NULL;
	}
	*valueToFree = val;
	return (CSSM_X509_ALGORITHM_IDENTIFIER_PTR)val->Data;
}

void tp_CertFreeAlgId(
	CSSM_CL_HANDLE	clHand,
	CSSM_DATA_PTR	value)
{
  	CSSM_CL_FreeFieldValue(clHand, &CSSMOID_X509V1SignatureAlgorithm, value);
}

/*
 * Determine if two certs - passed in encoded form - are equivalent. 
 */
CSSM_BOOL tp_CompareCerts(
	const CSSM_DATA			*cert1,
	const CSSM_DATA			*cert2)
{
	return tpCompareCssmData(cert1, cert2);
}

/*
 * Convert a C string to lower case in place. NULL terminator not needed.
 */
void tpToLower(
	char *str,
	unsigned strLen)
{
	for(unsigned i=0; i<strLen; i++) {
		*str = tolower(*str);
		str++;
	}
}

/*
 * Normalize an RFC822 addr-spec. This consists of converting
 * all characters following the '@' character to lower case.
 * A true normalizeAll results in lower-casing all characters
 * (e.g. for iChat). 
 */
void tpNormalizeAddrSpec(
	char		*addr,
	unsigned	addrLen,
	bool		normalizeAll)
{
	if (addr == NULL) {
		tpPolicyError("tpNormalizeAddrSpec: bad addr");
		return;
	}
	if(!normalizeAll) {
		while((addrLen != 0) && (*addr != '@')) {
			addr++;
			addrLen--;
		}
		if(addrLen == 0) {
			tpPolicyError("tpNormalizeAddrSpec: bad addr-spec");
			return;
		}
	}
	tpToLower(addr, addrLen);
}

/***
 *** dnsName compare support.
 *** Please do not make any changes to this code without talking to 
 *** dmitch about updating (if necessary) and running (always)
 *** regression tests which specifically test this logic.
 ***/
 
/*
 * Max length of a distinguished name component (label) we handle.
 * Various RFCs spec this out at 63 bytes; we're just allocating space
 * for these on the stack, so why not cut some slack. 
 */
#define MAX_DNS_COMP_LEN	128

/*
 * Obtain the next component from a DNS Name.
 * Caller mallocs outBuf, size >= MAX_DNS_COMP_LEN.
 * Returns true if a component was found.
 */
static bool tpNextDnsComp(
	const char 	*inBuf,
	uint32		&inBufLen,		// IN/OUT
	char		*outBuf,		// component RETURNED here
	uint32		&outBufLen)		// RETURNED length of component
{
	outBufLen = 0;
	if(inBufLen == 0) {
		return false;
	}
	
	/* skip over leading '.' */
	if(*inBuf == '.') {
		inBuf++;
		if(--inBufLen == 0) {
			return false;
		}
	}
	
	/* copy chars until out of data or next '.' found */
	do {
		if(*inBuf == '.') {
			break;
		}
		*outBuf++ = *inBuf++;
		inBufLen--;
		outBufLen++;
		if(outBufLen >= MAX_DNS_COMP_LEN) {
			/* abort */
			break;
		}
	} while(inBufLen != 0);
	if(outBufLen) {
		return true;
	}
	else {
		return false;
	}
}

/*
 * Find location of specified substring in given bigstring. Returns
 * pointer to start of substring in bigstring, else returns NULL.
 */
static const char *tpSubStr(
	const char 	*bigstr,
	uint32 		bigstrLen,
	const char 	*substr,
	uint32		substrLen)
{
	/* stop searching substrLen chars before end of bigstr */
	const char *endBigStr = bigstr + bigstrLen - substrLen;
	for( ; bigstr <= endBigStr; ) {
		if(*bigstr == *substr) {
			/* first char match - remainder? */
			if(substrLen == 1) {
				/* don't count on memcmp(a,b,0) */
				return bigstr;
			}
			if(!memcmp(bigstr+1, substr+1, substrLen - 1)) {
				return bigstr;
			} 
		}
		bigstr++;
	} 
	return NULL;
}

/*
 * Compare two DNS components, with full wildcard check. We assume
 * that no '.' chars exist (per the processing performed in 
 * tpNextDnsComp()). Returns CSSM_TRUE on match, else CSSM_FALSE.
 */
static CSSM_BOOL tpCompareComps(
	const char 	*hostComp, 			// no wildcards
	uint32 		hostCompLen, 
	const char 	*certComp, 			// wildcards OK here
	uint32		certCompLen)
{
	const char *endCertComp = certComp + certCompLen;
	const char *endHostComp = hostComp + hostCompLen;
	do {
		/* wild card in cert name? */
		const char *wildCard = tpSubStr(certComp, certCompLen,
			"*", 1);
		if(wildCard == NULL) {
			/* no, require perfect literal match right now */
			if((hostCompLen == certCompLen) &&
					!memcmp(hostComp, certComp, certCompLen)) {
				return CSSM_TRUE;
			}
			else {
				return CSSM_FALSE;
			}
		}
		
		if(wildCard != certComp) {
			/* 
			 * Require literal match of hostComp with certComp
			 * up until (but not including) the wildcard
			 */
			uint32 subStrLen = wildCard - certComp;
			if(subStrLen > hostCompLen) {
				/* out of host name chars */
				return CSSM_FALSE;
			}
			if(memcmp(certComp, hostComp, subStrLen)) {
				return CSSM_FALSE;
			}
			/* OK, skip over substring */
			hostComp    += subStrLen;
			hostCompLen -= subStrLen;
			/* start parsing at the wildcard itself */
			certComp     = wildCard;
			certCompLen -= subStrLen;
			continue;
		}
		
		/*
		 * Currently looking at a wildcard.
		 *
		 * Find substring in hostComp which matches from the char after
		 * the wildcard up to whichever of these comes next:
		 *
		 *  -- end of certComp 
		 *  -- another wildcard
		 */
		wildCard++;		
		if(wildCard == endCertComp) {
			/* 
			 * -- Wild card at end of cert's DNS
			 * -- nothing else to match - rest of hostComp is the wildcard
			 *    match
			 * -- done, success 
			 */
			return CSSM_TRUE;
		}
		
		const char *afterSubStr;		// in certComp
		afterSubStr = tpSubStr(wildCard, endCertComp - wildCard,
			"*", 1);
		if(afterSubStr == NULL) {
			/* no more wildcards - use end of certComp */
			afterSubStr = endCertComp;
		}
		uint32 subStrLen = afterSubStr - wildCard;
		const char *foundSub = tpSubStr(hostComp, hostCompLen,
			wildCard, subStrLen);
		if(foundSub == NULL) {
			/* No match of explicit chars */
			return CSSM_FALSE;
		}
		
		/* found it - skip past this substring */
		hostComp    = foundSub + subStrLen;
		hostCompLen = endHostComp - hostComp;
		certComp    = afterSubStr;
		certCompLen = endCertComp - afterSubStr;
		
	} while((hostCompLen != 0) || (certCompLen != 0));
	if((hostCompLen == 0) && (certCompLen == 0)) {
		return CSSM_TRUE;
	}
	else {
		/* end of one but not the other */
		return CSSM_FALSE;
	}
}

/*
 * Compare hostname, is presented to the TP in 
 * CSSM_APPLE_TP_SSL_OPTIONS.ServerName, to a server name obtained
 * from the server's cert (i.e., from subjectAltName or commonName).
 * Limited wildcard checking is performed here. 
 *
 * The incoming hostname is assumed to have been processed by tpToLower();
 * we'll perform that processing on certName here. 
 *
 * Trailing '.' characters in both host names will be ignored per Radar 3996792.
 *
 * Returns CSSM_TRUE on match, else CSSM_FALSE.
 */
CSSM_BOOL tpCompareHostNames(
	const char	 	*hostName,		// spec'd by app, tpToLower'd
	uint32			hostNameLen,
	char			*certName,		// from cert, we tpToLower
	uint32			certNameLen)
{
	tpToLower(certName, certNameLen);

	/* tolerate optional NULL terminators for both */
	if(hostNameLen && (hostName[hostNameLen - 1] == '\0')) {
		hostNameLen--;
	}
	if(certNameLen && (certName[certNameLen - 1] == '\0')) {
		certNameLen--;
	}
	
	if((hostNameLen == 0) || (certNameLen == 0)) {
		/* trivial case with at least one empty name */
		if(hostNameLen == certNameLen) {
			return CSSM_TRUE;
		}
		else {
			return CSSM_FALSE;
		}
	}
	
	/* trim off trailing dots */
	if(hostName[hostNameLen - 1] == '.') {
		hostNameLen--;
	}
	if(certName[certNameLen - 1] == '.') {
		certNameLen--;
	}
	
	/* Case 1: exact match */
	if((certNameLen == hostNameLen) &&
	    !memcmp(certName, hostName, certNameLen)) {
		return CSSM_TRUE;
	}
	
	/* 
	 * Case 2: Compare one component at a time, handling wildcards in
	 * cert's server name. The characters implicitly matched by a 
	 * wildcard span only one component of a dnsName.
	 */
	do {
		/* get next component from each dnsName */
		char hostComp[MAX_DNS_COMP_LEN];
		char certComp[MAX_DNS_COMP_LEN];
		uint32 hostCompLen;
		uint32 certCompLen;
		
		bool foundHost = tpNextDnsComp(hostName, hostNameLen,
				hostComp, hostCompLen);
		bool foundCert = tpNextDnsComp(certName, certNameLen,
				certComp, certCompLen);
		if(foundHost != foundCert) {
			/* unequal number of components */
			tpPolicyError("tpCompareHostNames: wildcard mismatch (1)");
			return CSSM_FALSE;
		}
		if(!foundHost) {
			/* normal successful termination */
			return CSSM_TRUE;
		}
		
		/* compare individual components */
		if(!tpCompareComps(hostComp, hostCompLen, 
				certComp, certCompLen)) {
			tpPolicyError("tpCompareHostNames: wildcard mismatch (2)");
			return CSSM_FALSE;
		}
		
		/* skip over this component
		 * (note: since tpNextDnsComp will first skip over a leading '.',
		 * we must make sure to skip over it here as well.)
		 */
		if(*hostName == '.') hostName++;
		hostName += hostCompLen;
		if(*certName == '.') certName++;
		certName += certCompLen;
	} while(1);
	/* NOT REACHED */
	//assert(0):
	return CSSM_FALSE;
}

/*
 * Compare email address, is presented to the TP in 
 * CSSM_APPLE_TP_SMIME_OPTIONS.SenderEmail, to a string obtained
 * from the sender's cert (i.e., from subjectAltName or Subject DN).
 *
 * Returns CSSM_TRUE on match, else CSSM_FALSE.
 *
 * Incoming appEmail string has already been tpNormalizeAddrSpec'd.
 * We do that for certEmail string here. 
 */
CSSM_BOOL tpCompareEmailAddr(
	const char	 	*appEmail,		// spec'd by app, normalized
	uint32			appEmailLen,
	char			*certEmail,		// from cert, we normalize
	uint32			certEmailLen,
	bool			normalizeAll)	// true : lower-case all certEmail characters

{
	tpNormalizeAddrSpec(certEmail, certEmailLen, normalizeAll);

	/* tolerate optional NULL terminators for both */
	if(appEmailLen > 0 && appEmail[appEmailLen - 1] == '\0') {
		appEmailLen--;
	}
	if(certEmailLen > 0 && certEmail[certEmailLen - 1] == '\0') {
		certEmailLen--;
	}
	if((certEmailLen == appEmailLen) &&
	    !memcmp(certEmail, appEmail, certEmailLen)) {
		return CSSM_TRUE;
	}
	else {
		/* mismatch */
		tpPolicyError("tpCompareEmailAddr: app/cert email addrs mismatch");
		return CSSM_FALSE;
	}
}

/* 
 * Following a CSSMOID_ECDSA_WithSpecified algorithm is an encoded
 * ECDSA_SigAlgParams containing the digest agorithm OID. Decode and return 
 * a unified ECDSA/digest alg (e.g. CSSM_ALGID_SHA512WithECDSA).
 * Returns nonzero on error.
 */
int decodeECDSA_SigAlgParams(
	const CSSM_DATA *params,
	CSSM_ALGORITHMS *cssmAlg)		/* RETURNED */
{
	SecAsn1CoderRef coder = NULL;
	if(SecAsn1CoderCreate(&coder)) {
		tpErrorLog("***Error in SecAsn1CoderCreate()\n");
		return -1;
	}
	CSSM_X509_ALGORITHM_IDENTIFIER algParams;
	memset(&algParams, 0, sizeof(algParams));
	int ourRtn = 0;
	bool algFound = false;
	if(SecAsn1DecodeData(coder, params, kSecAsn1AlgorithmIDTemplate,
			&algParams)) {
		tpErrorLog("***Error decoding CSSM_X509_ALGORITHM_IDENTIFIER\n");
		ourRtn = -1;
		goto errOut;
	}
	CSSM_ALGORITHMS digestAlg;
	algFound = cssmOidToAlg(&algParams.algorithm, &digestAlg);
	if(!algFound) {
		tpErrorLog("***Unknown algorithm in CSSM_X509_ALGORITHM_IDENTIFIER\n");
		ourRtn = -1;
		goto errOut;
	}
	switch(digestAlg) {
		case CSSM_ALGID_SHA1:
			*cssmAlg = CSSM_ALGID_SHA1WithECDSA;
			break;
		case CSSM_ALGID_SHA224:
			*cssmAlg = CSSM_ALGID_SHA224WithECDSA;
			break;
		case CSSM_ALGID_SHA256:
			*cssmAlg = CSSM_ALGID_SHA256WithECDSA;
			break;
		case CSSM_ALGID_SHA384:
			*cssmAlg = CSSM_ALGID_SHA384WithECDSA;
			break;
		case CSSM_ALGID_SHA512:
			*cssmAlg = CSSM_ALGID_SHA512WithECDSA;
			break;
		default:
			tpErrorLog("***Unknown algorithm in ECDSA_SigAlgParams\n");
			ourRtn = -1;
	}
errOut:
	SecAsn1CoderRelease(coder);
	return ourRtn;
}
Commit	Line	Data
b1ab9ed8 A	1	/*
	2	* Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
	3	*
	4	* The contents of this file constitute Original Code as defined in and are
	5	* subject to the Apple Public Source License Version 1.2 (the 'License').
	6	* You may not use this file except in compliance with the License. Please obtain
	7	* a copy of the License at http://www.apple.com/publicsource and read it before
	8	* using this file.
	9	*
	10	* This Original Code and all software distributed under the License are
	11	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
	12	* OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
	13	* LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
	14	* PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
	15	* specific language governing rights and limitations under the License.
	16	*/
	17
	18
	19	/*
	20	certGroupUtils.cpp
	21
	22	Created 10/9/2000 by Doug Mitchell.
	23	*/
	24
	25	#include <Security/cssmtype.h>
	26	#include <Security/cssmapi.h>
	27	#include <Security/x509defs.h>
	28	#include <Security/oidscert.h>
	29	#include <Security/oidsalg.h>
	30	#include <Security/cssmapple.h>
	31	#include <Security/SecAsn1Coder.h>
	32	#include <Security/keyTemplates.h>
	33
	34	#include "certGroupUtils.h"
	35	#include "tpdebugging.h"
	36	#include "tpTime.h"
	37
	38	#include <string.h> /* for memcmp */
	39
	40
	41	/*
	42	* Copy one CSSM_DATA to another, mallocing destination.
	43	*/
	44	void tpCopyCssmData(
	45	Allocator &alloc,
	46	const CSSM_DATA *src,
	47	CSSM_DATA_PTR dst)
	48	{
	49	dst->Data = (uint8 *)alloc.malloc(src->Length);
	50	dst->Length = src->Length;
	51	memmove(dst->Data, src->Data, src->Length);
	52	}
	53
	54	/*
	55	* Malloc a CSSM_DATA, copy another one to it.
	56	*/
	57	CSSM_DATA_PTR tpMallocCopyCssmData(
	58	Allocator &alloc,
	59	const CSSM_DATA *src)
	60	{
	61	CSSM_DATA_PTR dst = (CSSM_DATA_PTR)alloc.malloc(sizeof(CSSM_DATA));
	62	tpCopyCssmData(alloc, src, dst);
	63	return dst;
	64	}
65
66	/*
67	* Free the data referenced by a CSSM data, and optionally, the struct itself.
68	*/
69	void tpFreeCssmData(
70	Allocator &alloc,
71	CSSM_DATA_PTR data,
72	CSSM_BOOL freeStruct)
73	{
74	if(data == NULL) {
75	return;
76	}
77	if(data->Length != 0) {
78	tpFree(alloc, data->Data);
79	}
80	if(freeStruct) {
81	tpFree(alloc, data);
82	}
83	else {
84	data->Length = 0;
85	data->Data = NULL;
86	}
87	}
88
89	/*
90	* Compare two CSSM_DATAs, return CSSM_TRUE if identical.
91	*/
92	CSSM_BOOL tpCompareCssmData(
93	const CSSM_DATA *data1,
94	const CSSM_DATA *data2)
95	{
96	if((data1 == NULL) \|\| (data1->Data == NULL) \|\|
97	(data2 == NULL) \|\| (data2->Data == NULL) \|\|
98	(data1->Length != data2->Length)) {
99	return CSSM_FALSE;
100	}
101	if(data1->Length != data2->Length) {
102	return CSSM_FALSE;
103	}
104	if(memcmp(data1->Data, data2->Data, data1->Length) == 0) {
105	return CSSM_TRUE;
106	}
107	else {
108	return CSSM_FALSE;
109	}
110	}
111
112	/*
113	* Free memory via specified plugin's app-level allocator
114	*/
115	void tpFreePluginMemory(
116	CSSM_HANDLE hand,
117	void *p)
118	{
119	CSSM_API_MEMORY_FUNCS memFuncs;
120	CSSM_RETURN crtn = CSSM_GetAPIMemoryFunctions(hand, &memFuncs);
121	if(crtn) {
122	tpErrorLog("CSSM_GetAPIMemoryFunctions failure\n");
123	/* oh well, leak and continue */
124	return;
125	}
126	memFuncs.free_func(p, memFuncs.AllocRef);
127	}
128
129	/*
130	* Obtain the public key blob from a cert.
131	*/
132	CSSM_DATA_PTR tp_CertGetPublicKey(
133	TPCertInfo *cert,
134	CSSM_DATA_PTR *valueToFree) // used in tp_CertFreePublicKey
135	{
136	CSSM_RETURN crtn;
137	CSSM_DATA_PTR val;
138	CSSM_X509_SUBJECT_PUBLIC_KEY_INFO *keyInfo;
139
140	*valueToFree = NULL;
141	crtn = cert->fetchField(&CSSMOID_X509V1SubjectPublicKeyCStruct, &val);
142	if(crtn) {
143	tpErrorLog("Error on CSSM_CL_CertGetFirstFieldValue(PublicKeyCStruct)\n");
144	return NULL;
145	}
146	*valueToFree = val;
147	keyInfo = (CSSM_X509_SUBJECT_PUBLIC_KEY_INFO *)val->Data;
148	return &keyInfo->subjectPublicKey;
149	}
150
151	void tp_CertFreePublicKey(
152	CSSM_CL_HANDLE clHand,
153	CSSM_DATA_PTR value)
154	{
155	CSSM_CL_FreeFieldValue(clHand, &CSSMOID_X509V1SubjectPublicKeyCStruct, value);
156	}
157
158	/*
159	* Obtain signature algorithm info from a cert.
160	*/
161	CSSM_X509_ALGORITHM_IDENTIFIER_PTR tp_CertGetAlgId(
162	TPCertInfo *cert,
163	CSSM_DATA_PTR *valueToFree) // used in tp_CertFreeAlgId
164	{
165	CSSM_RETURN crtn;
166	CSSM_DATA_PTR val;
167
168	*valueToFree = NULL;
169	crtn = cert->fetchField(&CSSMOID_X509V1SignatureAlgorithm, &val);
170	if(crtn) {
171	tpErrorLog("Error on fetchField(CSSMOID_X509V1SignatureAlgorithm)\n");
172	return NULL;
173	}
174	*valueToFree = val;
175	return (CSSM_X509_ALGORITHM_IDENTIFIER_PTR)val->Data;
176	}
177
178	void tp_CertFreeAlgId(
179	CSSM_CL_HANDLE clHand,
180	CSSM_DATA_PTR value)
181	{
182	CSSM_CL_FreeFieldValue(clHand, &CSSMOID_X509V1SignatureAlgorithm, value);
183	}
184
185	/*
186	* Determine if two certs - passed in encoded form - are equivalent.
187	*/
188	CSSM_BOOL tp_CompareCerts(
189	const CSSM_DATA *cert1,
190	const CSSM_DATA *cert2)
191	{
192	return tpCompareCssmData(cert1, cert2);
193	}
194
195	/*
196	* Convert a C string to lower case in place. NULL terminator not needed.
197	*/
198	void tpToLower(
199	char *str,
200	unsigned strLen)
201	{
202	for(unsigned i=0; i<strLen; i++) {
203	str = tolower(str);
204	str++;
205	}
206	}
207
208	/*
209	* Normalize an RFC822 addr-spec. This consists of converting
210	* all characters following the '@' character to lower case.
211	* A true normalizeAll results in lower-casing all characters
212	* (e.g. for iChat).
213	*/
214	void tpNormalizeAddrSpec(
215	char *addr,
216	unsigned addrLen,
217	bool normalizeAll)
218	{
219	if (addr == NULL) {
220	tpPolicyError("tpNormalizeAddrSpec: bad addr");
221	return;
222	}
223	if(!normalizeAll) {
224	while((addrLen != 0) && (*addr != '@')) {
225	addr++;
226	addrLen--;
227	}
228	if(addrLen == 0) {
229	tpPolicyError("tpNormalizeAddrSpec: bad addr-spec");
230	return;
231	}
232	}
233	tpToLower(addr, addrLen);
234	}
235
236	/***
237	*** dnsName compare support.
238	*** Please do not make any changes to this code without talking to
239	*** dmitch about updating (if necessary) and running (always)
240	*** regression tests which specifically test this logic.
241	***/
242
243	/*
244	* Max length of a distinguished name component (label) we handle.
245	* Various RFCs spec this out at 63 bytes; we're just allocating space
246	* for these on the stack, so why not cut some slack.
247	*/
248	#define MAX_DNS_COMP_LEN 128
249
250	/*
251	* Obtain the next component from a DNS Name.
252	* Caller mallocs outBuf, size >= MAX_DNS_COMP_LEN.
253	* Returns true if a component was found.
254	*/
255	static bool tpNextDnsComp(
256	const char *inBuf,
257	uint32 &inBufLen, // IN/OUT
258	char *outBuf, // component RETURNED here
259	uint32 &outBufLen) // RETURNED length of component
260	{
261	outBufLen = 0;
262	if(inBufLen == 0) {
263	return false;
264	}
265
266	/* skip over leading '.' */
267	if(*inBuf == '.') {
268	inBuf++;
269	if(--inBufLen == 0) {
270	return false;
271	}
272	}
273
274	/* copy chars until out of data or next '.' found */
275	do {
276	if(*inBuf == '.') {
277	break;
278	}
279	outBuf++ = inBuf++;
280	inBufLen--;
281	outBufLen++;
282	if(outBufLen >= MAX_DNS_COMP_LEN) {
283	/* abort */
284	break;
285	}
286	} while(inBufLen != 0);
287	if(outBufLen) {
288	return true;
289	}
290	else {
291	return false;
292	}
293	}
294
295	/*
296	* Find location of specified substring in given bigstring. Returns
297	* pointer to start of substring in bigstring, else returns NULL.
298	*/
299	static const char *tpSubStr(
300	const char *bigstr,
301	uint32 bigstrLen,
302	const char *substr,
303	uint32 substrLen)
304	{
305	/* stop searching substrLen chars before end of bigstr */
306	const char *endBigStr = bigstr + bigstrLen - substrLen;
307	for( ; bigstr <= endBigStr; ) {
308	if(bigstr == substr) {
309	/* first char match - remainder? */
310	if(substrLen == 1) {
311	/* don't count on memcmp(a,b,0) */
312	return bigstr;
313	}
314	if(!memcmp(bigstr+1, substr+1, substrLen - 1)) {
315	return bigstr;
316	}
317	}
318	bigstr++;
319	}
320	return NULL;
321	}
322
323	/*
324	* Compare two DNS components, with full wildcard check. We assume
325	* that no '.' chars exist (per the processing performed in
326	* tpNextDnsComp()). Returns CSSM_TRUE on match, else CSSM_FALSE.
327	*/
328	static CSSM_BOOL tpCompareComps(
329	const char *hostComp, // no wildcards
330	uint32 hostCompLen,
331	const char *certComp, // wildcards OK here
332	uint32 certCompLen)
333	{
334	const char *endCertComp = certComp + certCompLen;
335	const char *endHostComp = hostComp + hostCompLen;
336	do {
337	/* wild card in cert name? */
338	const char *wildCard = tpSubStr(certComp, certCompLen,
339	"*", 1);
340	if(wildCard == NULL) {
341	/* no, require perfect literal match right now */
342	if((hostCompLen == certCompLen) &&
343	!memcmp(hostComp, certComp, certCompLen)) {
344	return CSSM_TRUE;
345	}
346	else {
347	return CSSM_FALSE;
348	}
349	}
350
351	if(wildCard != certComp) {
352	/*
353	* Require literal match of hostComp with certComp
354	* up until (but not including) the wildcard
355	*/
356	uint32 subStrLen = wildCard - certComp;
357	if(subStrLen > hostCompLen) {
358	/* out of host name chars */
359	return CSSM_FALSE;
360	}
361	if(memcmp(certComp, hostComp, subStrLen)) {
362	return CSSM_FALSE;
363	}
364	/* OK, skip over substring */
365	hostComp += subStrLen;
366	hostCompLen -= subStrLen;
367	/* start parsing at the wildcard itself */
368	certComp = wildCard;
369	certCompLen -= subStrLen;
370	continue;
371	}
372
373	/*
374	* Currently looking at a wildcard.
375	*
376	* Find substring in hostComp which matches from the char after
377	* the wildcard up to whichever of these comes next:
378	*
379	* -- end of certComp
380	* -- another wildcard
381	*/
382	wildCard++;
383	if(wildCard == endCertComp) {
384	/*
385	* -- Wild card at end of cert's DNS
386	* -- nothing else to match - rest of hostComp is the wildcard
387	* match
388	* -- done, success
389	*/
390	return CSSM_TRUE;
391	}
392
393	const char *afterSubStr; // in certComp
394	afterSubStr = tpSubStr(wildCard, endCertComp - wildCard,
395	"*", 1);
396	if(afterSubStr == NULL) {
397	/* no more wildcards - use end of certComp */
398	afterSubStr = endCertComp;
399	}
400	uint32 subStrLen = afterSubStr - wildCard;
401	const char *foundSub = tpSubStr(hostComp, hostCompLen,
402	wildCard, subStrLen);
403	if(foundSub == NULL) {
404	/* No match of explicit chars */
405	return CSSM_FALSE;
406	}
407
408	/* found it - skip past this substring */
409	hostComp = foundSub + subStrLen;
410	hostCompLen = endHostComp - hostComp;
411	certComp = afterSubStr;
412	certCompLen = endCertComp - afterSubStr;
413
414	} while((hostCompLen != 0) \|\| (certCompLen != 0));
415	if((hostCompLen == 0) && (certCompLen == 0)) {
416	return CSSM_TRUE;
417	}
418	else {
419	/* end of one but not the other */
420	return CSSM_FALSE;
421	}
422	}
423
424	/*
425	* Compare hostname, is presented to the TP in
426	* CSSM_APPLE_TP_SSL_OPTIONS.ServerName, to a server name obtained
427	* from the server's cert (i.e., from subjectAltName or commonName).
428	* Limited wildcard checking is performed here.
429	*
430	* The incoming hostname is assumed to have been processed by tpToLower();
431	* we'll perform that processing on certName here.
432	*
433	* Trailing '.' characters in both host names will be ignored per Radar 3996792.
434	*
435	* Returns CSSM_TRUE on match, else CSSM_FALSE.
436	*/
437	CSSM_BOOL tpCompareHostNames(
438	const char *hostName, // spec'd by app, tpToLower'd
439	uint32 hostNameLen,
440	char *certName, // from cert, we tpToLower
441	uint32 certNameLen)
442	{
443	tpToLower(certName, certNameLen);
444
445	/* tolerate optional NULL terminators for both */
446	if(hostNameLen && (hostName[hostNameLen - 1] == '\0')) {
447	hostNameLen--;
448	}
449	if(certNameLen && (certName[certNameLen - 1] == '\0')) {
450	certNameLen--;
451	}
452
453	if((hostNameLen == 0) \|\| (certNameLen == 0)) {
454	/* trivial case with at least one empty name */
455	if(hostNameLen == certNameLen) {
456	return CSSM_TRUE;
457	}
458	else {
459	return CSSM_FALSE;
460	}
461	}
462
463	/* trim off trailing dots */
464	if(hostName[hostNameLen - 1] == '.') {
465	hostNameLen--;
466	}
467	if(certName[certNameLen - 1] == '.') {
468	certNameLen--;
469	}
470
471	/* Case 1: exact match */
472	if((certNameLen == hostNameLen) &&
473	!memcmp(certName, hostName, certNameLen)) {
474	return CSSM_TRUE;
475	}
476
477	/*
478	* Case 2: Compare one component at a time, handling wildcards in
479	* cert's server name. The characters implicitly matched by a
480	* wildcard span only one component of a dnsName.
481	*/
482	do {
483	/* get next component from each dnsName */
484	char hostComp[MAX_DNS_COMP_LEN];
485	char certComp[MAX_DNS_COMP_LEN];
486	uint32 hostCompLen;
487	uint32 certCompLen;
488
489	bool foundHost = tpNextDnsComp(hostName, hostNameLen,
490	hostComp, hostCompLen);
491	bool foundCert = tpNextDnsComp(certName, certNameLen,
492	certComp, certCompLen);
493	if(foundHost != foundCert) {
494	/* unequal number of components */
495	tpPolicyError("tpCompareHostNames: wildcard mismatch (1)");
496	return CSSM_FALSE;
497	}
498	if(!foundHost) {
499	/* normal successful termination */
500	return CSSM_TRUE;
501	}
502
503	/* compare individual components */
504	if(!tpCompareComps(hostComp, hostCompLen,
505	certComp, certCompLen)) {
506	tpPolicyError("tpCompareHostNames: wildcard mismatch (2)");
507	return CSSM_FALSE;
508	}
509
510	/* skip over this component
511	* (note: since tpNextDnsComp will first skip over a leading '.',
512	* we must make sure to skip over it here as well.)
513	*/
514	if(*hostName == '.') hostName++;
515	hostName += hostCompLen;
516	if(*certName == '.') certName++;
517	certName += certCompLen;
518	} while(1);
519	/* NOT REACHED */
520	//assert(0):
521	return CSSM_FALSE;
522	}
523
524	/*
525	* Compare email address, is presented to the TP in
526	* CSSM_APPLE_TP_SMIME_OPTIONS.SenderEmail, to a string obtained
527	* from the sender's cert (i.e., from subjectAltName or Subject DN).
528	*
529	* Returns CSSM_TRUE on match, else CSSM_FALSE.
530	*
531	* Incoming appEmail string has already been tpNormalizeAddrSpec'd.
532	* We do that for certEmail string here.
533	*/
534	CSSM_BOOL tpCompareEmailAddr(
535	const char *appEmail, // spec'd by app, normalized
536	uint32 appEmailLen,
537	char *certEmail, // from cert, we normalize
538	uint32 certEmailLen,
539	bool normalizeAll) // true : lower-case all certEmail characters
540
541	{
542	tpNormalizeAddrSpec(certEmail, certEmailLen, normalizeAll);
543
544	/* tolerate optional NULL terminators for both */
545	if(appEmailLen > 0 && appEmail[appEmailLen - 1] == '\0') {
546	appEmailLen--;
547	}
548	if(certEmailLen > 0 && certEmail[certEmailLen - 1] == '\0') {
549	certEmailLen--;
550	}
551	if((certEmailLen == appEmailLen) &&
552	!memcmp(certEmail, appEmail, certEmailLen)) {
553	return CSSM_TRUE;
554	}
555	else {
556	/* mismatch */
557	tpPolicyError("tpCompareEmailAddr: app/cert email addrs mismatch");
558	return CSSM_FALSE;
559	}
560	}
561
562	/*
563	* Following a CSSMOID_ECDSA_WithSpecified algorithm is an encoded
564	* ECDSA_SigAlgParams containing the digest agorithm OID. Decode and return
565	* a unified ECDSA/digest alg (e.g. CSSM_ALGID_SHA512WithECDSA).
566	* Returns nonzero on error.
567	*/
568	int decodeECDSA_SigAlgParams(
569	const CSSM_DATA *params,
570	CSSM_ALGORITHMS cssmAlg) / RETURNED */
571	{
572	SecAsn1CoderRef coder = NULL;
573	if(SecAsn1CoderCreate(&coder)) {
574	tpErrorLog("***Error in SecAsn1CoderCreate()\n");
575	return -1;
576	}
577	CSSM_X509_ALGORITHM_IDENTIFIER algParams;
578	memset(&algParams, 0, sizeof(algParams));
579	int ourRtn = 0;
580	bool algFound = false;
581	if(SecAsn1DecodeData(coder, params, kSecAsn1AlgorithmIDTemplate,
582	&algParams)) {
583	tpErrorLog("***Error decoding CSSM_X509_ALGORITHM_IDENTIFIER\n");
584	ourRtn = -1;
585	goto errOut;
586	}
587	CSSM_ALGORITHMS digestAlg;
588	algFound = cssmOidToAlg(&algParams.algorithm, &digestAlg);
589	if(!algFound) {
590	tpErrorLog("***Unknown algorithm in CSSM_X509_ALGORITHM_IDENTIFIER\n");
591	ourRtn = -1;
592	goto errOut;
593	}
594	switch(digestAlg) {
595	case CSSM_ALGID_SHA1:
596	*cssmAlg = CSSM_ALGID_SHA1WithECDSA;
597	break;
598	case CSSM_ALGID_SHA224:
599	*cssmAlg = CSSM_ALGID_SHA224WithECDSA;
600	break;
601	case CSSM_ALGID_SHA256:
602	*cssmAlg = CSSM_ALGID_SHA256WithECDSA;
603	break;
604	case CSSM_ALGID_SHA384:
605	*cssmAlg = CSSM_ALGID_SHA384WithECDSA;
606	break;
607	case CSSM_ALGID_SHA512:
608	*cssmAlg = CSSM_ALGID_SHA512WithECDSA;
609	break;
610	default:
611	tpErrorLog("***Unknown algorithm in ECDSA_SigAlgParams\n");
612	ourRtn = -1;
613	}
614	errOut:
615	SecAsn1CoderRelease(coder);
616	return ourRtn;
617	}
618