]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_smime/lib/cmsmessage.c
Security-58286.220.15.tar.gz
[apple/security.git] / OSX / libsecurity_smime / lib / cmsmessage.c
1 /*
2 * The contents of this file are subject to the Mozilla Public
3 * License Version 1.1 (the "License"); you may not use this file
4 * except in compliance with the License. You may obtain a copy of
5 * the License at http://www.mozilla.org/MPL/
6 *
7 * Software distributed under the License is distributed on an "AS
8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9 * implied. See the License for the specific language governing
10 * rights and limitations under the License.
11 *
12 * The Original Code is the Netscape security libraries.
13 *
14 * The Initial Developer of the Original Code is Netscape
15 * Communications Corporation. Portions created by Netscape are
16 * Copyright (C) 1994-2000 Netscape Communications Corporation. All
17 * Rights Reserved.
18 *
19 * Contributor(s):
20 *
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU General Public License Version 2 or later (the
23 * "GPL"), in which case the provisions of the GPL are applicable
24 * instead of those above. If you wish to allow use of your
25 * version of this file only under the terms of the GPL and not to
26 * allow others to use your version of this file under the MPL,
27 * indicate your decision by deleting the provisions above and
28 * replace them with the notice and other provisions required by
29 * the GPL. If you do not delete the provisions above, a recipient
30 * may use your version of this file under either the MPL or the
31 * GPL.
32 */
33
34 /*
35 * CMS message methods.
36 */
37
38 #include <Security/SecCmsMessage.h>
39
40 #include <Security/SecCmsContentInfo.h>
41 #include <Security/SecCmsSignedData.h>
42
43 #include "cmslocal.h"
44
45 #include "secitem.h"
46 #include "secoid.h"
47
48 #include <security_asn1/secasn1.h>
49 #include <security_asn1/secerr.h>
50
51 /*
52 * SecCmsMessageCreate - create a CMS message object
53 *
54 * "poolp" - arena to allocate memory from, or NULL if new arena should be created
55 */
56 SecCmsMessageRef
57 SecCmsMessageCreate(SecArenaPoolRef pool)
58 {
59 PLArenaPool *poolp = (PLArenaPool *)pool;
60 void *mark = NULL;
61 SecCmsMessageRef cmsg = NULL;
62 Boolean poolp_is_ours = PR_FALSE;
63
64 if (poolp == NULL) {
65 poolp = PORT_NewArena (1024); /* XXX what is right value? */
66 if (poolp == NULL)
67 return NULL;
68 poolp_is_ours = PR_TRUE;
69 }
70
71 if (!poolp_is_ours)
72 mark = PORT_ArenaMark(poolp);
73
74 cmsg = (SecCmsMessageRef)PORT_ArenaZAlloc (poolp, sizeof(SecCmsMessage));
75 if (cmsg == NULL) {
76 if (!poolp_is_ours) {
77 if (mark) {
78 PORT_ArenaRelease(poolp, mark);
79 }
80 } else
81 PORT_FreeArena(poolp, PR_FALSE);
82 return NULL;
83 }
84
85 cmsg->poolp = poolp;
86 cmsg->poolp_is_ours = poolp_is_ours;
87 cmsg->refCount = 1;
88
89 if (mark)
90 PORT_ArenaUnmark(poolp, mark);
91
92 return cmsg;
93 }
94
95 /*
96 * SecCmsMessageSetEncodingParams - set up a CMS message object for encoding or decoding
97 *
98 * "cmsg" - message object
99 * "pwfn", pwfn_arg" - callback function for getting token password
100 * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
101 * "detached_digestalgs", "detached_digests" - digests from detached content
102 */
103 void
104 SecCmsMessageSetEncodingParams(SecCmsMessageRef cmsg,
105 PK11PasswordFunc pwfn, void *pwfn_arg,
106 SecCmsGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
107 SECAlgorithmID **detached_digestalgs, CSSM_DATA_PTR *detached_digests)
108 {
109 #if 0
110 // @@@ Deal with password stuff.
111 if (pwfn)
112 PK11_SetPasswordFunc(pwfn);
113 #endif
114 cmsg->pwfn_arg = pwfn_arg;
115 cmsg->decrypt_key_cb = decrypt_key_cb;
116 cmsg->decrypt_key_cb_arg = decrypt_key_cb_arg;
117 cmsg->detached_digestalgs = detached_digestalgs;
118 cmsg->detached_digests = detached_digests;
119 }
120
121 /*
122 * SecCmsMessageDestroy - destroy a CMS message and all of its sub-pieces.
123 */
124 void
125 SecCmsMessageDestroy(SecCmsMessageRef cmsg)
126 {
127 PORT_Assert (cmsg->refCount > 0);
128 if (cmsg->refCount <= 0) /* oops */
129 return;
130
131 cmsg->refCount--; /* thread safety? */
132 if (cmsg->refCount > 0)
133 return;
134
135 SecCmsContentInfoDestroy(&(cmsg->contentInfo));
136
137 /* if poolp is not NULL, cmsg is the owner of its arena */
138 if (cmsg->poolp_is_ours && cmsg->poolp) {
139 PORT_FreeArena (cmsg->poolp, PR_TRUE);
140 }
141 }
142
143 /*
144 * SecCmsMessageCopy - return a copy of the given message.
145 *
146 * The copy may be virtual or may be real -- either way, the result needs
147 * to be passed to SecCmsMessageDestroy later (as does the original).
148 */
149 SecCmsMessageRef
150 SecCmsMessageCopy(SecCmsMessageRef cmsg)
151 {
152 if (cmsg == NULL)
153 return NULL;
154
155 PORT_Assert (cmsg->refCount > 0);
156
157 cmsg->refCount++; /* XXX chrisk thread safety? */
158 return cmsg;
159 }
160
161 /*
162 * SecCmsMessageGetArena - return a pointer to the message's arena pool
163 */
164 SecArenaPoolRef
165 SecCmsMessageGetArena(SecCmsMessageRef cmsg)
166 {
167 return (SecArenaPoolRef)cmsg->poolp;
168 }
169
170 /*
171 * SecCmsMessageGetContentInfo - return a pointer to the top level contentInfo
172 */
173 SecCmsContentInfoRef
174 SecCmsMessageGetContentInfo(SecCmsMessageRef cmsg)
175 {
176 return &(cmsg->contentInfo);
177 }
178
179 /*
180 * Return a pointer to the actual content.
181 * In the case of those types which are encrypted, this returns the *plain* content.
182 * In case of nested contentInfos, this descends and retrieves the innermost content.
183 */
184 CSSM_DATA_PTR
185 SecCmsMessageGetContent(SecCmsMessageRef cmsg)
186 {
187 /* this is a shortcut */
188 SecCmsContentInfoRef cinfo = SecCmsMessageGetContentInfo(cmsg);
189 CSSM_DATA_PTR pItem = SecCmsContentInfoGetInnerContent(cinfo);
190 return pItem;
191 }
192
193 /*
194 * SecCmsMessageContentLevelCount - count number of levels of CMS content objects in this message
195 *
196 * CMS data content objects do not count.
197 */
198 int
199 SecCmsMessageContentLevelCount(SecCmsMessageRef cmsg)
200 {
201 int count = 0;
202 SecCmsContentInfoRef cinfo;
203
204 /* walk down the chain of contentinfos */
205 for (cinfo = &(cmsg->contentInfo); cinfo != NULL; ) {
206 count++;
207 cinfo = SecCmsContentInfoGetChildContentInfo(cinfo);
208 }
209 return count;
210 }
211
212 /*
213 * SecCmsMessageContentLevel - find content level #n
214 *
215 * CMS data content objects do not count.
216 */
217 SecCmsContentInfoRef
218 SecCmsMessageContentLevel(SecCmsMessageRef cmsg, int n)
219 {
220 int count = 0;
221 SecCmsContentInfoRef cinfo;
222
223 /* walk down the chain of contentinfos */
224 for (cinfo = &(cmsg->contentInfo); cinfo != NULL && count < n; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo)) {
225 count++;
226 }
227
228 return cinfo;
229 }
230
231 /*
232 * SecCmsMessageContainsCertsOrCrls - see if message contains certs along the way
233 */
234 Boolean
235 SecCmsMessageContainsCertsOrCrls(SecCmsMessageRef cmsg)
236 {
237 SecCmsContentInfoRef cinfo;
238
239 /* descend into CMS message */
240 for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo)) {
241 if (SecCmsContentInfoGetContentTypeTag(cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
242 continue; /* next level */
243
244 if (SecCmsSignedDataContainsCertsOrCrls(cinfo->content.signedData))
245 return PR_TRUE;
246 }
247 return PR_FALSE;
248 }
249
250 /*
251 * SecCmsMessageIsEncrypted - see if message contains a encrypted submessage
252 */
253 Boolean
254 SecCmsMessageIsEncrypted(SecCmsMessageRef cmsg)
255 {
256 SecCmsContentInfoRef cinfo;
257
258 /* walk down the chain of contentinfos */
259 for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo))
260 {
261 switch (SecCmsContentInfoGetContentTypeTag(cinfo)) {
262 case SEC_OID_PKCS7_ENVELOPED_DATA:
263 case SEC_OID_PKCS7_ENCRYPTED_DATA:
264 return PR_TRUE;
265 default:
266 break;
267 }
268 }
269 return PR_FALSE;
270 }
271
272 /*
273 * SecCmsMessageIsSigned - see if message contains a signed submessage
274 *
275 * If the CMS message has a SignedData with a signature (not just a SignedData)
276 * return true; false otherwise. This can/should be called before calling
277 * VerifySignature, which will always indicate failure if no signature is
278 * present, but that does not mean there even was a signature!
279 * Note that the content itself can be empty (detached content was sent
280 * another way); it is the presence of the signature that matters.
281 */
282 Boolean
283 SecCmsMessageIsSigned(SecCmsMessageRef cmsg)
284 {
285 SecCmsContentInfoRef cinfo;
286
287 /* walk down the chain of contentinfos */
288 for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo))
289 {
290 switch (SecCmsContentInfoGetContentTypeTag(cinfo)) {
291 case SEC_OID_PKCS7_SIGNED_DATA:
292 if (!SecCmsArrayIsEmpty((void **)cinfo->content.signedData->signerInfos))
293 return PR_TRUE;
294 break;
295 default:
296 break;
297 }
298 }
299 return PR_FALSE;
300 }
301
302 /*
303 * SecCmsMessageIsContentEmpty - see if content is empty
304 *
305 * returns PR_TRUE is innermost content length is < minLen
306 * XXX need the encrypted content length (why?)
307 */
308 Boolean
309 SecCmsMessageIsContentEmpty(SecCmsMessageRef cmsg, unsigned int minLen)
310 {
311 CSSM_DATA_PTR item = NULL;
312
313 if (cmsg == NULL)
314 return PR_TRUE;
315
316 item = SecCmsContentInfoGetContent(SecCmsMessageGetContentInfo(cmsg));
317
318 if (!item) {
319 return PR_TRUE;
320 } else if(item->Length <= minLen) {
321 return PR_TRUE;
322 }
323
324 return PR_FALSE;
325 }
326
327 /*
328 * SecCmsMessageContainsTSTInfo - see if message contains a TimeStamping info block
329 */
330 Boolean
331 SecCmsMessageContainsTSTInfo(SecCmsMessageRef cmsg)
332 {
333 SecCmsContentInfoRef cinfo;
334
335 /* walk down the chain of contentinfos */
336 for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo))
337 {
338 switch (SecCmsContentInfoGetContentTypeTag(cinfo))
339 {
340 case SEC_OID_PKCS9_ID_CT_TSTInfo:
341 // TSTInfo is in cinfo->rawContent->Data
342 return PR_TRUE;
343 default:
344 break;
345 }
346 }
347 return PR_FALSE;
348 }
349
350 void
351 SecCmsMessageSetTSACallback(SecCmsMessageRef cmsg, SecCmsTSACallback tsaCallback)
352 {
353 if (cmsg)
354 cmsg->tsaCallback = tsaCallback;
355 }
356
357 void
358 SecCmsMessageSetTSAContext(SecCmsMessageRef cmsg, const void *tsaContext) //CFTypeRef
359 {
360 if (cmsg)
361 cmsg->tsaContext = tsaContext;
362 }
363