libsecurity_smime/lib/cmsmessage.c

   1 /*
   2  * The contents of this file are subject to the Mozilla Public
   3  * License Version 1.1 (the "License"); you may not use this file
   4  * except in compliance with the License. You may obtain a copy of
   5  * the License at http://www.mozilla.org/MPL/
   6  *
   7  * Software distributed under the License is distributed on an "AS
   8  * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
   9  * implied. See the License for the specific language governing
  10  * rights and limitations under the License.
  11  *
  12  * The Original Code is the Netscape security libraries.
  13  *
  14  * The Initial Developer of the Original Code is Netscape
  15  * Communications Corporation.  Portions created by Netscape are
  16  * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
  17  * Rights Reserved.
  18  *
  19  * Contributor(s):
  20  *
  21  * Alternatively, the contents of this file may be used under the
  22  * terms of the GNU General Public License Version 2 or later (the
  23  * "GPL"), in which case the provisions of the GPL are applicable
  24  * instead of those above.  If you wish to allow use of your
  25  * version of this file only under the terms of the GPL and not to
  26  * allow others to use your version of this file under the MPL,
  27  * indicate your decision by deleting the provisions above and
  28  * replace them with the notice and other provisions required by
  29  * the GPL.  If you do not delete the provisions above, a recipient
  30  * may use your version of this file under either the MPL or the
  31  * GPL.
  32  */
  33
  34 /*
  35  * CMS message methods.
  36  */
  37
  38 #include <Security/SecCmsMessage.h>
  39
  40 #include <Security/SecCmsContentInfo.h>
  41 #include <Security/SecCmsSignedData.h>
  42
  43 #include "cmslocal.h"
  44
  45 #include "SecAsn1Item.h"
  46 #include "secoid.h"
  47
  48 #include <security_asn1/secasn1.h>
  49 #include <security_asn1/secerr.h>
  50 #include <security_asn1/secport.h>
  51
  52 /*
  53  * SecCmsMessageCreate - create a CMS message object
  54  *
  55  * "poolp" - arena to allocate memory from, or NULL if new arena should be created
  56  */
  57 SecCmsMessageRef
  58 SecCmsMessageCreate(void)
  59 {
  60     PLArenaPool *poolp;
  61     SecCmsMessageRef cmsg;
  62
  63     poolp = PORT_NewArena (1024);           /* XXX what is right value? */
  64     if (poolp == NULL)
  65         return NULL;
  66
  67     cmsg = (SecCmsMessageRef)PORT_ArenaZAlloc (poolp, sizeof(SecCmsMessage));
  68     if (cmsg == NULL) {
  69         PORT_FreeArena(poolp, PR_FALSE);
  70         return NULL;
  71     }
  72
  73     cmsg->poolp = poolp;
  74     cmsg->contentInfo.cmsg = cmsg;
  75     cmsg->refCount = 1;
  76
  77     return cmsg;
  78 }
  79
  80 /*
  81  * SecCmsMessageSetEncodingParams - set up a CMS message object for encoding or decoding
  82  *
  83  * "cmsg" - message object
  84  * "pwfn", pwfn_arg" - callback function for getting token password
  85  * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
  86  * "detached_digestalgs", "detached_digests" - digests from detached content
  87  */
  88 void
  89 SecCmsMessageSetEncodingParams(SecCmsMessageRef cmsg,
  90                         PK11PasswordFunc pwfn, void *pwfn_arg,
  91                         SecCmsGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg)
  92 {
  93 #if 0
  94     // @@@ Deal with password stuff.
  95     if (pwfn)
  96         PK11_SetPasswordFunc(pwfn);
  97 #endif
  98     cmsg->pwfn_arg = pwfn_arg;
  99     cmsg->decrypt_key_cb = decrypt_key_cb;
 100     cmsg->decrypt_key_cb_arg = decrypt_key_cb_arg;
 101 }
 102
 103 /*
 104  * SecCmsMessageDestroy - destroy a CMS message and all of its sub-pieces.
 105  */
 106 void
 107 SecCmsMessageDestroy(SecCmsMessageRef cmsg)
 108 {
 109     PORT_Assert (cmsg->refCount > 0);
 110     if (cmsg->refCount <= 0)    /* oops */
 111         return;
 112
 113     cmsg->refCount--;           /* thread safety? */
 114     if (cmsg->refCount > 0)
 115         return;
 116
 117     SecCmsContentInfoDestroy(&(cmsg->contentInfo));
 118
 119     if (cmsg->poolp) {
 120         PORT_FreeArena (cmsg->poolp, PR_TRUE);
 121     }
 122 }
 123
 124 /*
 125  * SecCmsMessageCopy - return a copy of the given message.
 126  *
 127  * The copy may be virtual or may be real -- either way, the result needs
 128  * to be passed to SecCmsMessageDestroy later (as does the original).
 129  */
 130 SecCmsMessageRef
 131 SecCmsMessageCopy(SecCmsMessageRef cmsg)
 132 {
 133     if (cmsg == NULL)
 134         return NULL;
 135
 136     PORT_Assert (cmsg->refCount > 0);
 137
 138     cmsg->refCount++; /* XXX chrisk thread safety? */
 139     return cmsg;
 140 }
 141
 142 /*
 143  * SecCmsMessageGetContentInfo - return a pointer to the top level contentInfo
 144  */
 145 SecCmsContentInfoRef
 146 SecCmsMessageGetContentInfo(SecCmsMessageRef cmsg)
 147 {
 148     return &(cmsg->contentInfo);
 149 }
 150
 151 /*
 152  * Return a pointer to the actual content.
 153  * In the case of those types which are encrypted, this returns the *plain* content.
 154  * In case of nested contentInfos, this descends and retrieves the innermost content.
 155  */
 156 const SecAsn1Item *
 157 SecCmsMessageGetContent(SecCmsMessageRef cmsg)
 158 {
 159     /* this is a shortcut */
 160     SecCmsContentInfoRef cinfo = SecCmsMessageGetContentInfo(cmsg);
 161     const SecAsn1Item *pItem = SecCmsContentInfoGetInnerContent(cinfo);
 162     return pItem;
 163 }
 164
 165 /*
 166  * SecCmsMessageContentLevelCount - count number of levels of CMS content objects in this message
 167  *
 168  * CMS data content objects do not count.
 169  */
 170 int
 171 SecCmsMessageContentLevelCount(SecCmsMessageRef cmsg)
 172 {
 173     int count = 0;
 174     SecCmsContentInfoRef cinfo;
 175
 176     /* walk down the chain of contentinfos */
 177     for (cinfo = &(cmsg->contentInfo); cinfo != NULL; ) {
 178         count++;
 179         cinfo = SecCmsContentInfoGetChildContentInfo(cinfo);
 180     }
 181     return count;
 182 }
 183
 184 /*
 185  * SecCmsMessageContentLevel - find content level #n
 186  *
 187  * CMS data content objects do not count.
 188  */
 189 SecCmsContentInfoRef
 190 SecCmsMessageContentLevel(SecCmsMessageRef cmsg, int n)
 191 {
 192     int count = 0;
 193     SecCmsContentInfoRef cinfo;
 194
 195     /* walk down the chain of contentinfos */
 196     for (cinfo = &(cmsg->contentInfo); cinfo != NULL && count < n; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo)) {
 197         count++;
 198     }
 199
 200     return cinfo;
 201 }
 202
 203 /*
 204  * SecCmsMessageContainsCertsOrCrls - see if message contains certs along the way
 205  */
 206 Boolean
 207 SecCmsMessageContainsCertsOrCrls(SecCmsMessageRef cmsg)
 208 {
 209     SecCmsContentInfoRef cinfo;
 210
 211     /* descend into CMS message */
 212     for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo)) {
 213         if (SecCmsContentInfoGetContentTypeTag(cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
 214             continue;   /* next level */
 215
 216         if (SecCmsSignedDataContainsCertsOrCrls(cinfo->content.signedData))
 217             return PR_TRUE;
 218     }
 219     return PR_FALSE;
 220 }
 221
 222 /*
 223  * SecCmsMessageIsEncrypted - see if message contains a encrypted submessage
 224  */
 225 Boolean
 226 SecCmsMessageIsEncrypted(SecCmsMessageRef cmsg)
 227 {
 228     SecCmsContentInfoRef cinfo;
 229
 230     /* walk down the chain of contentinfos */
 231     for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo))
 232     {
 233         switch (SecCmsContentInfoGetContentTypeTag(cinfo)) {
 234         case SEC_OID_PKCS7_ENVELOPED_DATA:
 235         case SEC_OID_PKCS7_ENCRYPTED_DATA:
 236             return PR_TRUE;
 237         default:
 238             break;
 239         }
 240     }
 241     return PR_FALSE;
 242 }
 243
 244 /*
 245  * SecCmsMessageIsSigned - see if message contains a signed submessage
 246  *
 247  * If the CMS message has a SignedData with a signature (not just a SignedData)
 248  * return true; false otherwise.  This can/should be called before calling
 249  * VerifySignature, which will always indicate failure if no signature is
 250  * present, but that does not mean there even was a signature!
 251  * Note that the content itself can be empty (detached content was sent
 252  * another way); it is the presence of the signature that matters.
 253  */
 254 Boolean
 255 SecCmsMessageIsSigned(SecCmsMessageRef cmsg)
 256 {
 257     SecCmsContentInfoRef cinfo;
 258
 259     /* walk down the chain of contentinfos */
 260     for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo))
 261     {
 262         switch (SecCmsContentInfoGetContentTypeTag(cinfo)) {
 263         case SEC_OID_PKCS7_SIGNED_DATA:
 264             if (!SecCmsArrayIsEmpty((void **)cinfo->content.signedData->signerInfos))
 265                 return PR_TRUE;
 266             break;
 267         default:
 268             break;
 269         }
 270     }
 271     return PR_FALSE;
 272 }
 273
 274 /*
 275  * SecCmsMessageIsContentEmpty - see if content is empty
 276  *
 277  * returns PR_TRUE is innermost content length is < minLen
 278  * XXX need the encrypted content length (why?)
 279  */
 280 Boolean
 281 SecCmsMessageIsContentEmpty(SecCmsMessageRef cmsg, unsigned int minLen)
 282 {
 283     SecAsn1Item * item = NULL;
 284
 285     if (cmsg == NULL)
 286         return PR_TRUE;
 287
 288     item = SecCmsContentInfoGetContent(SecCmsMessageGetContentInfo(cmsg));
 289
 290     if (!item) {
 291         return PR_TRUE;
 292     } else if(item->Length <= minLen) {
 293         return PR_TRUE;
 294     }
 295
 296     return PR_FALSE;
 297 }