OSX/libsecurity_smime/lib/cmsmessage.c

   1 /*
   2  * The contents of this file are subject to the Mozilla Public
   3  * License Version 1.1 (the "License"); you may not use this file
   4  * except in compliance with the License. You may obtain a copy of
   5  * the License at http://www.mozilla.org/MPL/
   6  *
   7  * Software distributed under the License is distributed on an "AS
   8  * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
   9  * implied. See the License for the specific language governing
  10  * rights and limitations under the License.
  11  *
  12  * The Original Code is the Netscape security libraries.
  13  *
  14  * The Initial Developer of the Original Code is Netscape
  15  * Communications Corporation.  Portions created by Netscape are
  16  * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
  17  * Rights Reserved.
  18  *
  19  * Contributor(s):
  20  *
  21  * Alternatively, the contents of this file may be used under the
  22  * terms of the GNU General Public License Version 2 or later (the
  23  * "GPL"), in which case the provisions of the GPL are applicable
  24  * instead of those above.  If you wish to allow use of your
  25  * version of this file only under the terms of the GPL and not to
  26  * allow others to use your version of this file under the MPL,
  27  * indicate your decision by deleting the provisions above and
  28  * replace them with the notice and other provisions required by
  29  * the GPL.  If you do not delete the provisions above, a recipient
  30  * may use your version of this file under either the MPL or the
  31  * GPL.
  32  */
  33
  34 /*
  35  * CMS message methods.
  36  */
  37
  38 #include <Security/SecCmsMessage.h>
  39
  40 #include <Security/SecCmsContentInfo.h>
  41 #include <Security/SecCmsSignedData.h>
  42
  43 #include "cmslocal.h"
  44
  45 #include "secitem.h"
  46 #include "secoid.h"
  47
  48 #include <security_asn1/secasn1.h>
  49 #include <security_asn1/secerr.h>
  50
  51 /*
  52  * SecCmsMessageCreate - create a CMS message object
  53  *
  54  * "poolp" - arena to allocate memory from, or NULL if new arena should be created
  55  */
  56 SecCmsMessageRef
  57 SecCmsMessageCreate(SecArenaPoolRef pool)
  58 {
  59     PLArenaPool *poolp = (PLArenaPool *)pool;
  60     void *mark = NULL;
  61     SecCmsMessageRef cmsg;
  62     Boolean poolp_is_ours = PR_FALSE;
  63
  64     if (poolp == NULL) {
  65         poolp = PORT_NewArena (1024);           /* XXX what is right value? */
  66         if (poolp == NULL)
  67             return NULL;
  68         poolp_is_ours = PR_TRUE;
  69     }
  70
  71     if (!poolp_is_ours)
  72         mark = PORT_ArenaMark(poolp);
  73
  74     cmsg = (SecCmsMessageRef)PORT_ArenaZAlloc (poolp, sizeof(SecCmsMessage));
  75     if (cmsg == NULL) {
  76         if (!poolp_is_ours) {
  77             if (mark) {
  78                 PORT_ArenaRelease(poolp, mark);
  79             }
  80         } else
  81             PORT_FreeArena(poolp, PR_FALSE);
  82         return NULL;
  83     }
  84
  85     cmsg->poolp = poolp;
  86     cmsg->poolp_is_ours = poolp_is_ours;
  87     cmsg->refCount = 1;
  88
  89     if (mark)
  90         PORT_ArenaUnmark(poolp, mark);
  91
  92     return cmsg;
  93 }
  94
  95 /*
  96  * SecCmsMessageSetEncodingParams - set up a CMS message object for encoding or decoding
  97  *
  98  * "cmsg" - message object
  99  * "pwfn", pwfn_arg" - callback function for getting token password
 100  * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
 101  * "detached_digestalgs", "detached_digests" - digests from detached content
 102  */
 103 void
 104 SecCmsMessageSetEncodingParams(SecCmsMessageRef cmsg,
 105                         PK11PasswordFunc pwfn, void *pwfn_arg,
 106                         SecCmsGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
 107                         SECAlgorithmID **detached_digestalgs, CSSM_DATA_PTR *detached_digests)
 108 {
 109 #if 0
 110     // @@@ Deal with password stuff.
 111     if (pwfn)
 112         PK11_SetPasswordFunc(pwfn);
 113 #endif
 114     cmsg->pwfn_arg = pwfn_arg;
 115     cmsg->decrypt_key_cb = decrypt_key_cb;
 116     cmsg->decrypt_key_cb_arg = decrypt_key_cb_arg;
 117     cmsg->detached_digestalgs = detached_digestalgs;
 118     cmsg->detached_digests = detached_digests;
 119 }
 120
 121 /*
 122  * SecCmsMessageDestroy - destroy a CMS message and all of its sub-pieces.
 123  */
 124 void
 125 SecCmsMessageDestroy(SecCmsMessageRef cmsg)
 126 {
 127     PORT_Assert (cmsg->refCount > 0);
 128     if (cmsg->refCount <= 0)    /* oops */
 129         return;
 130
 131     cmsg->refCount--;           /* thread safety? */
 132     if (cmsg->refCount > 0)
 133         return;
 134
 135     SecCmsContentInfoDestroy(&(cmsg->contentInfo));
 136
 137     /* if poolp is not NULL, cmsg is the owner of its arena */
 138     if (cmsg->poolp_is_ours) {
 139         PORT_FreeArena (cmsg->poolp, PR_FALSE); /* XXX clear it? */
 140         cmsg->poolp = NULL;
 141     }
 142 }
 143
 144 /*
 145  * SecCmsMessageCopy - return a copy of the given message.
 146  *
 147  * The copy may be virtual or may be real -- either way, the result needs
 148  * to be passed to SecCmsMessageDestroy later (as does the original).
 149  */
 150 SecCmsMessageRef
 151 SecCmsMessageCopy(SecCmsMessageRef cmsg)
 152 {
 153     if (cmsg == NULL)
 154         return NULL;
 155
 156     PORT_Assert (cmsg->refCount > 0);
 157
 158     cmsg->refCount++; /* XXX chrisk thread safety? */
 159     return cmsg;
 160 }
 161
 162 /*
 163  * SecCmsMessageGetArena - return a pointer to the message's arena pool
 164  */
 165 SecArenaPoolRef
 166 SecCmsMessageGetArena(SecCmsMessageRef cmsg)
 167 {
 168     return (SecArenaPoolRef)cmsg->poolp;
 169 }
 170
 171 /*
 172  * SecCmsMessageGetContentInfo - return a pointer to the top level contentInfo
 173  */
 174 SecCmsContentInfoRef
 175 SecCmsMessageGetContentInfo(SecCmsMessageRef cmsg)
 176 {
 177     return &(cmsg->contentInfo);
 178 }
 179
 180 /*
 181  * Return a pointer to the actual content.
 182  * In the case of those types which are encrypted, this returns the *plain* content.
 183  * In case of nested contentInfos, this descends and retrieves the innermost content.
 184  */
 185 CSSM_DATA_PTR
 186 SecCmsMessageGetContent(SecCmsMessageRef cmsg)
 187 {
 188     /* this is a shortcut */
 189     SecCmsContentInfoRef cinfo = SecCmsMessageGetContentInfo(cmsg);
 190     CSSM_DATA_PTR pItem = SecCmsContentInfoGetInnerContent(cinfo);
 191     return pItem;
 192 }
 193
 194 /*
 195  * SecCmsMessageContentLevelCount - count number of levels of CMS content objects in this message
 196  *
 197  * CMS data content objects do not count.
 198  */
 199 int
 200 SecCmsMessageContentLevelCount(SecCmsMessageRef cmsg)
 201 {
 202     int count = 0;
 203     SecCmsContentInfoRef cinfo;
 204
 205     /* walk down the chain of contentinfos */
 206     for (cinfo = &(cmsg->contentInfo); cinfo != NULL; ) {
 207         count++;
 208         cinfo = SecCmsContentInfoGetChildContentInfo(cinfo);
 209     }
 210     return count;
 211 }
 212
 213 /*
 214  * SecCmsMessageContentLevel - find content level #n
 215  *
 216  * CMS data content objects do not count.
 217  */
 218 SecCmsContentInfoRef
 219 SecCmsMessageContentLevel(SecCmsMessageRef cmsg, int n)
 220 {
 221     int count = 0;
 222     SecCmsContentInfoRef cinfo;
 223
 224     /* walk down the chain of contentinfos */
 225     for (cinfo = &(cmsg->contentInfo); cinfo != NULL && count < n; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo)) {
 226         count++;
 227     }
 228
 229     return cinfo;
 230 }
 231
 232 /*
 233  * SecCmsMessageContainsCertsOrCrls - see if message contains certs along the way
 234  */
 235 Boolean
 236 SecCmsMessageContainsCertsOrCrls(SecCmsMessageRef cmsg)
 237 {
 238     SecCmsContentInfoRef cinfo;
 239
 240     /* descend into CMS message */
 241     for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo)) {
 242         if (SecCmsContentInfoGetContentTypeTag(cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
 243             continue;   /* next level */
 244
 245         if (SecCmsSignedDataContainsCertsOrCrls(cinfo->content.signedData))
 246             return PR_TRUE;
 247     }
 248     return PR_FALSE;
 249 }
 250
 251 /*
 252  * SecCmsMessageIsEncrypted - see if message contains a encrypted submessage
 253  */
 254 Boolean
 255 SecCmsMessageIsEncrypted(SecCmsMessageRef cmsg)
 256 {
 257     SecCmsContentInfoRef cinfo;
 258
 259     /* walk down the chain of contentinfos */
 260     for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo))
 261     {
 262         switch (SecCmsContentInfoGetContentTypeTag(cinfo)) {
 263         case SEC_OID_PKCS7_ENVELOPED_DATA:
 264         case SEC_OID_PKCS7_ENCRYPTED_DATA:
 265             return PR_TRUE;
 266         default:
 267             break;
 268         }
 269     }
 270     return PR_FALSE;
 271 }
 272
 273 /*
 274  * SecCmsMessageIsSigned - see if message contains a signed submessage
 275  *
 276  * If the CMS message has a SignedData with a signature (not just a SignedData)
 277  * return true; false otherwise.  This can/should be called before calling
 278  * VerifySignature, which will always indicate failure if no signature is
 279  * present, but that does not mean there even was a signature!
 280  * Note that the content itself can be empty (detached content was sent
 281  * another way); it is the presence of the signature that matters.
 282  */
 283 Boolean
 284 SecCmsMessageIsSigned(SecCmsMessageRef cmsg)
 285 {
 286     SecCmsContentInfoRef cinfo;
 287
 288     /* walk down the chain of contentinfos */
 289     for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo))
 290     {
 291         switch (SecCmsContentInfoGetContentTypeTag(cinfo)) {
 292         case SEC_OID_PKCS7_SIGNED_DATA:
 293             if (!SecCmsArrayIsEmpty((void **)cinfo->content.signedData->signerInfos))
 294                 return PR_TRUE;
 295             break;
 296         default:
 297             break;
 298         }
 299     }
 300     return PR_FALSE;
 301 }
 302
 303 /*
 304  * SecCmsMessageIsContentEmpty - see if content is empty
 305  *
 306  * returns PR_TRUE is innermost content length is < minLen
 307  * XXX need the encrypted content length (why?)
 308  */
 309 Boolean
 310 SecCmsMessageIsContentEmpty(SecCmsMessageRef cmsg, unsigned int minLen)
 311 {
 312     CSSM_DATA_PTR item = NULL;
 313
 314     if (cmsg == NULL)
 315         return PR_TRUE;
 316
 317     item = SecCmsContentInfoGetContent(SecCmsMessageGetContentInfo(cmsg));
 318
 319     if (!item) {
 320         return PR_TRUE;
 321     } else if(item->Length <= minLen) {
 322         return PR_TRUE;
 323     }
 324
 325     return PR_FALSE;
 326 }
 327
 328 /*
 329  * SecCmsMessageContainsTSTInfo - see if message contains a TimeStamping info block
 330  */
 331 Boolean
 332 SecCmsMessageContainsTSTInfo(SecCmsMessageRef cmsg)
 333 {
 334     SecCmsContentInfoRef cinfo;
 335
 336     /* walk down the chain of contentinfos */
 337     for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo))
 338     {
 339         switch (SecCmsContentInfoGetContentTypeTag(cinfo))
 340         {
 341         case SEC_OID_PKCS9_ID_CT_TSTInfo:
 342             // TSTInfo is in cinfo->rawContent->Data
 343             return PR_TRUE;
 344         default:
 345             break;
 346         }
 347     }
 348     return PR_FALSE;
 349 }
 350
 351 void
 352 SecCmsMessageSetTSACallback(SecCmsMessageRef cmsg, SecCmsTSACallback tsaCallback)
 353 {
 354     if (cmsg)
 355         cmsg->tsaCallback = tsaCallback;
 356 }
 357
 358 void
 359 SecCmsMessageSetTSAContext(SecCmsMessageRef cmsg, const void *tsaContext)   //CFTypeRef
 360 {
 361     if (cmsg)
 362         cmsg->tsaContext = tsaContext;
 363 }
 364