2 * The contents of this file are subject to the Mozilla Public
3 * License Version 1.1 (the "License"); you may not use this file
4 * except in compliance with the License. You may obtain a copy of
5 * the License at http://www.mozilla.org/MPL/
7 * Software distributed under the License is distributed on an "AS
8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9 * implied. See the License for the specific language governing
10 * rights and limitations under the License.
12 * The Original Code is the Netscape security libraries.
14 * The Initial Developer of the Original Code is Netscape
15 * Communications Corporation. Portions created by Netscape are
16 * Copyright (C) 1994-2000 Netscape Communications Corporation. All
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU General Public License Version 2 or later (the
23 * "GPL"), in which case the provisions of the GPL are applicable
24 * instead of those above. If you wish to allow use of your
25 * version of this file only under the terms of the GPL and not to
26 * allow others to use your version of this file under the MPL,
27 * indicate your decision by deleting the provisions above and
28 * replace them with the notice and other provisions required by
29 * the GPL. If you do not delete the provisions above, a recipient
30 * may use your version of this file under either the MPL or the
35 * CMS miscellaneous utility functions.
38 #include <Security/SecCmsEncoder.h> /* @@@ Remove this when we move the Encoder method. */
39 #include <Security/SecCmsSignerInfo.h>
46 #include <security_asn1/secasn1.h>
47 #include <security_asn1/secerr.h>
48 #include <Security/cssmapi.h>
49 #include <Security/cssmapple.h>
50 #include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
54 * SecCmsArraySortByDER - sort array of objects by objects' DER encoding
56 * make sure that the order of the objects guarantees valid DER (which must be
57 * in lexigraphically ascending order for a SET OF); if reordering is necessary it
58 * will be done in place (in objs).
61 SecCmsArraySortByDER(void **objs
, const SecAsn1Template
*objtemplate
, void **objs2
)
65 CSSM_DATA_PTR
*enc_objs
;
66 OSStatus rv
= SECFailure
;
69 if (objs
== NULL
) /* already sorted */
72 num_objs
= SecCmsArrayCount((void **)objs
);
73 if (num_objs
== 0 || num_objs
== 1) /* already sorted. */
76 poolp
= PORT_NewArena (1024); /* arena for temporaries */
78 return SECFailure
; /* no memory; nothing we can do... */
81 * Allocate arrays to hold the individual encodings which we will use
82 * for comparisons and the reordered attributes as they are sorted.
84 // Security check to prevent under-allocation
85 if (num_objs
<0 || num_objs
>=(int)((INT_MAX
/sizeof(CSSM_DATA_PTR
))-1)) {
88 enc_objs
= (CSSM_DATA_PTR
*)PORT_ArenaZAlloc(poolp
, (num_objs
+ 1) * sizeof(CSSM_DATA_PTR
));
92 /* DER encode each individual object. */
93 for (i
= 0; i
< num_objs
; i
++) {
94 enc_objs
[i
] = SEC_ASN1EncodeItem(poolp
, NULL
, objs
[i
], objtemplate
);
95 if (enc_objs
[i
] == NULL
)
98 enc_objs
[num_objs
] = NULL
;
100 /* now compare and sort objs by the order of enc_objs */
101 SecCmsArraySort((void **)enc_objs
, SecCmsUtilDERCompare
, objs
, objs2
);
106 PORT_FreeArena (poolp
, PR_FALSE
);
111 * SecCmsUtilDERCompare - for use with SecCmsArraySort to
112 * sort arrays of CSSM_DATAs containing DER
115 SecCmsUtilDERCompare(void *a
, void *b
)
117 CSSM_DATA_PTR der1
= (CSSM_DATA_PTR
)a
;
118 CSSM_DATA_PTR der2
= (CSSM_DATA_PTR
)b
;
122 * Find the lowest (lexigraphically) encoding. One that is
123 * shorter than all the rest is known to be "less" because each
124 * attribute is of the same type (a SEQUENCE) and so thus the
125 * first octet of each is the same, and the second octet is
126 * the length (or the length of the length with the high bit
127 * set, followed by the length, which also works out to always
128 * order the shorter first). Two (or more) that have the
129 * same length need to be compared byte by byte until a mismatch
132 if (der1
->Length
!= der2
->Length
)
133 return (der1
->Length
< der2
->Length
) ? -1 : 1;
135 for (j
= 0; j
< der1
->Length
; j
++) {
136 if (der1
->Data
[j
] == der2
->Data
[j
])
138 return (der1
->Data
[j
] < der2
->Data
[j
]) ? -1 : 1;
144 * SecCmsAlgArrayGetIndexByAlgID - find a specific algorithm in an array of
147 * algorithmArray - array of algorithm IDs
148 * algid - algorithmid of algorithm to pick
151 * An integer containing the index of the algorithm in the array or -1 if
152 * algorithm was not found.
155 SecCmsAlgArrayGetIndexByAlgID(SECAlgorithmID
**algorithmArray
, SECAlgorithmID
*algid
)
159 if (algorithmArray
== NULL
|| algorithmArray
[0] == NULL
)
162 for (i
= 0; algorithmArray
[i
] != NULL
; i
++) {
163 if (SECOID_CompareAlgorithmID(algorithmArray
[i
], algid
) == SECEqual
)
167 if (algorithmArray
[i
] == NULL
)
168 return -1; /* not found */
174 * SecCmsAlgArrayGetIndexByAlgTag - find a specific algorithm in an array of
177 * algorithmArray - array of algorithm IDs
178 * algtag - algorithm tag of algorithm to pick
181 * An integer containing the index of the algorithm in the array or -1 if
182 * algorithm was not found.
185 SecCmsAlgArrayGetIndexByAlgTag(SECAlgorithmID
**algorithmArray
,
191 if (algorithmArray
== NULL
|| algorithmArray
[0] == NULL
)
194 #ifdef ORDER_N_SQUARED
195 for (i
= 0; algorithmArray
[i
] != NULL
; i
++) {
196 algid
= SECOID_FindOID(&(algorithmArray
[i
]->algorithm
));
197 if (algid
->offset
== algtag
)
201 algid
= SECOID_FindOIDByTag(algtag
);
204 for (i
= 0; algorithmArray
[i
] != NULL
; i
++) {
205 if (SECITEM_ItemsAreEqual(&algorithmArray
[i
]->algorithm
, &algid
->oid
))
210 if (algorithmArray
[i
] == NULL
)
211 return -1; /* not found */
217 SecCmsUtilGetHashObjByAlgID(SECAlgorithmID
*algid
)
219 SECOidData
*oidData
= SECOID_FindOID(&(algid
->algorithm
));
222 CSSM_ALGORITHMS alg
= oidData
->cssmAlgorithm
;
225 CSSM_CC_HANDLE digobj
;
226 CSSM_CSP_HANDLE cspHandle
= SecCspHandleForAlgorithm(alg
);
228 if (!CSSM_CSP_CreateDigestContext(cspHandle
, alg
, &digobj
))
237 * XXX I would *really* like to not have to do this, but the current
238 * signing interface gives me little choice.
241 SecCmsUtilMakeSignatureAlgorithm(SECOidTag hashalg
, SECOidTag encalg
)
244 case SEC_OID_PKCS1_RSA_ENCRYPTION
:
247 return SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION
;
249 return SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION
;
251 return SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION
;
253 return SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION
;
255 return SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION
;
257 return SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION
;
259 return SEC_OID_UNKNOWN
;
261 case SEC_OID_ANSIX9_DSA_SIGNATURE
:
262 case SEC_OID_MISSI_KEA_DSS
:
263 case SEC_OID_MISSI_DSS
:
266 return SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST
;
268 return SEC_OID_UNKNOWN
;
270 case SEC_OID_EC_PUBLIC_KEY
:
273 * Note this is only used when signing and verifying signed attributes,
274 * In which case we really do want the combined ECDSA_WithSHA1 alg...
277 return SEC_OID_ECDSA_WithSHA1
;
279 return SEC_OID_UNKNOWN
;
285 return encalg
; /* maybe it is already the right algid */
288 const SecAsn1Template
*
289 SecCmsUtilGetTemplateByTypeTag(SECOidTag type
)
291 const SecAsn1Template
*template;
292 extern const SecAsn1Template SecCmsSignedDataTemplate
[];
293 extern const SecAsn1Template SecCmsEnvelopedDataTemplate
[];
294 extern const SecAsn1Template SecCmsEncryptedDataTemplate
[];
295 extern const SecAsn1Template SecCmsDigestedDataTemplate
[];
298 case SEC_OID_PKCS7_SIGNED_DATA
:
299 template = SecCmsSignedDataTemplate
;
301 case SEC_OID_PKCS7_ENVELOPED_DATA
:
302 template = SecCmsEnvelopedDataTemplate
;
304 case SEC_OID_PKCS7_ENCRYPTED_DATA
:
305 template = SecCmsEncryptedDataTemplate
;
307 case SEC_OID_PKCS7_DIGESTED_DATA
:
308 template = SecCmsDigestedDataTemplate
;
311 case SEC_OID_PKCS7_DATA
:
320 SecCmsUtilGetSizeByTypeTag(SECOidTag type
)
325 case SEC_OID_PKCS7_SIGNED_DATA
:
326 size
= sizeof(SecCmsSignedData
);
328 case SEC_OID_PKCS7_ENVELOPED_DATA
:
329 size
= sizeof(SecCmsEnvelopedData
);
331 case SEC_OID_PKCS7_ENCRYPTED_DATA
:
332 size
= sizeof(SecCmsEncryptedData
);
334 case SEC_OID_PKCS7_DIGESTED_DATA
:
335 size
= sizeof(SecCmsDigestedData
);
338 case SEC_OID_PKCS7_DATA
:
346 SecCmsContentGetContentInfo(void *msg
, SECOidTag type
)
349 SecCmsContentInfoRef cinfo
;
355 case SEC_OID_PKCS7_SIGNED_DATA
:
356 cinfo
= &(c
.signedData
->contentInfo
);
358 case SEC_OID_PKCS7_ENVELOPED_DATA
:
359 cinfo
= &(c
.envelopedData
->contentInfo
);
361 case SEC_OID_PKCS7_ENCRYPTED_DATA
:
362 cinfo
= &(c
.encryptedData
->contentInfo
);
364 case SEC_OID_PKCS7_DIGESTED_DATA
:
365 cinfo
= &(c
.digestedData
->contentInfo
);
373 // @@@ Return CFStringRef and do localization.
375 SecCmsUtilVerificationStatusToString(SecCmsVerificationStatus vs
)
378 case SecCmsVSUnverified
: return "Unverified";
379 case SecCmsVSGoodSignature
: return "GoodSignature";
380 case SecCmsVSBadSignature
: return "BadSignature";
381 case SecCmsVSDigestMismatch
: return "DigestMismatch";
382 case SecCmsVSSigningCertNotFound
: return "SigningCertNotFound";
383 case SecCmsVSSigningCertNotTrusted
: return "SigningCertNotTrusted";
384 case SecCmsVSSignatureAlgorithmUnknown
: return "SignatureAlgorithmUnknown";
385 case SecCmsVSSignatureAlgorithmUnsupported
: return "SignatureAlgorithmUnsupported";
386 case SecCmsVSMalformedSignature
: return "MalformedSignature";
387 case SecCmsVSProcessingError
: return "ProcessingError";
388 default: return "Unknown";
393 SecArenaPoolCreate(size_t chunksize
, SecArenaPoolRef
*outArena
)
402 *outArena
= (SecArenaPoolRef
)PORT_NewArena(chunksize
);
406 status
= PORT_GetError();
413 SecArenaPoolFree(SecArenaPoolRef arena
, Boolean zero
)
415 PORT_FreeArena((PLArenaPool
*)arena
, zero
);