libsecurity_smime/lib/cmsmessage.c

   1 /*
   2  * The contents of this file are subject to the Mozilla Public
   3  * License Version 1.1 (the "License"); you may not use this file
   4  * except in compliance with the License. You may obtain a copy of
   5  * the License at http://www.mozilla.org/MPL/
   6  *
   7  * Software distributed under the License is distributed on an "AS
   8  * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
   9  * implied. See the License for the specific language governing
  10  * rights and limitations under the License.
  11  *
  12  * The Original Code is the Netscape security libraries.
  13  *
  14  * The Initial Developer of the Original Code is Netscape
  15  * Communications Corporation.  Portions created by Netscape are
  16  * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
  17  * Rights Reserved.
  18  *
  19  * Contributor(s):
  20  *
  21  * Alternatively, the contents of this file may be used under the
  22  * terms of the GNU General Public License Version 2 or later (the
  23  * "GPL"), in which case the provisions of the GPL are applicable
  24  * instead of those above.  If you wish to allow use of your
  25  * version of this file only under the terms of the GPL and not to
  26  * allow others to use your version of this file under the MPL,
  27  * indicate your decision by deleting the provisions above and
  28  * replace them with the notice and other provisions required by
  29  * the GPL.  If you do not delete the provisions above, a recipient
  30  * may use your version of this file under either the MPL or the
  31  * GPL.
  32  */
  33
  34 /*
  35  * CMS message methods.
  36  */
  37
  38 #include <Security/SecCmsMessage.h>
  39
  40 #include <Security/SecCmsContentInfo.h>
  41 #include <Security/SecCmsSignedData.h>
  42
  43 #include "cmslocal.h"
  44
  45 #include "SecAsn1Item.h"
  46 #include "secoid.h"
  47
  48 #include <security_asn1/secasn1.h>
  49 #include <security_asn1/secerr.h>
  50 #include <security_asn1/secport.h>
  51
  52 /*
  53  * SecCmsMessageCreate - create a CMS message object
  54  *
  55  * "poolp" - arena to allocate memory from, or NULL if new arena should be created
  56  */
  57 SecCmsMessageRef
  58 SecCmsMessageCreate(void)
  59 {
  60     PLArenaPool *poolp;
  61     SecCmsMessageRef cmsg;
  62
  63     poolp = PORT_NewArena (1024);           /* XXX what is right value? */
  64     if (poolp == NULL)
  65         return NULL;
  66
  67     cmsg = (SecCmsMessageRef)PORT_ArenaZAlloc (poolp, sizeof(SecCmsMessage));
  68     if (cmsg == NULL) {
  69         PORT_FreeArena(poolp, PR_FALSE);
  70         return NULL;
  71     }
  72
  73     cmsg->poolp = poolp;
  74     cmsg->contentInfo.cmsg = cmsg;
  75     cmsg->refCount = 1;
  76
  77     return cmsg;
  78 }
  79
  80 /*
  81  * SecCmsMessageSetEncodingParams - set up a CMS message object for encoding or decoding
  82  *
  83  * "cmsg" - message object
  84  * "pwfn", pwfn_arg" - callback function for getting token password
  85  * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
  86  * "detached_digestalgs", "detached_digests" - digests from detached content
  87  */
  88 void
  89 SecCmsMessageSetEncodingParams(SecCmsMessageRef cmsg,
  90                         PK11PasswordFunc pwfn, void *pwfn_arg,
  91                         SecCmsGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg)
  92 {
  93 #if 0
  94     // @@@ Deal with password stuff.
  95     if (pwfn)
  96         PK11_SetPasswordFunc(pwfn);
  97 #endif
  98     cmsg->pwfn_arg = pwfn_arg;
  99     cmsg->decrypt_key_cb = decrypt_key_cb;
 100     cmsg->decrypt_key_cb_arg = decrypt_key_cb_arg;
 101 }
 102
 103 /*
 104  * SecCmsMessageDestroy - destroy a CMS message and all of its sub-pieces.
 105  */
 106 void
 107 SecCmsMessageDestroy(SecCmsMessageRef cmsg)
 108 {
 109     PORT_Assert (cmsg->refCount > 0);
 110     if (cmsg->refCount <= 0)    /* oops */
 111         return;
 112
 113     cmsg->refCount--;           /* thread safety? */
 114     if (cmsg->refCount > 0)
 115         return;
 116
 117     SecCmsContentInfoDestroy(&(cmsg->contentInfo));
 118
 119     PORT_FreeArena (cmsg->poolp, PR_FALSE);     /* XXX clear it? */
 120 }
 121
 122 /*
 123  * SecCmsMessageCopy - return a copy of the given message.
 124  *
 125  * The copy may be virtual or may be real -- either way, the result needs
 126  * to be passed to SecCmsMessageDestroy later (as does the original).
 127  */
 128 SecCmsMessageRef
 129 SecCmsMessageCopy(SecCmsMessageRef cmsg)
 130 {
 131     if (cmsg == NULL)
 132         return NULL;
 133
 134     PORT_Assert (cmsg->refCount > 0);
 135
 136     cmsg->refCount++; /* XXX chrisk thread safety? */
 137     return cmsg;
 138 }
 139
 140 /*
 141  * SecCmsMessageGetContentInfo - return a pointer to the top level contentInfo
 142  */
 143 SecCmsContentInfoRef
 144 SecCmsMessageGetContentInfo(SecCmsMessageRef cmsg)
 145 {
 146     return &(cmsg->contentInfo);
 147 }
 148
 149 /*
 150  * Return a pointer to the actual content.
 151  * In the case of those types which are encrypted, this returns the *plain* content.
 152  * In case of nested contentInfos, this descends and retrieves the innermost content.
 153  */
 154 const SecAsn1Item *
 155 SecCmsMessageGetContent(SecCmsMessageRef cmsg)
 156 {
 157     /* this is a shortcut */
 158     SecCmsContentInfoRef cinfo = SecCmsMessageGetContentInfo(cmsg);
 159     const SecAsn1Item *pItem = SecCmsContentInfoGetInnerContent(cinfo);
 160     return pItem;
 161 }
 162
 163 /*
 164  * SecCmsMessageContentLevelCount - count number of levels of CMS content objects in this message
 165  *
 166  * CMS data content objects do not count.
 167  */
 168 int
 169 SecCmsMessageContentLevelCount(SecCmsMessageRef cmsg)
 170 {
 171     int count = 0;
 172     SecCmsContentInfoRef cinfo;
 173
 174     /* walk down the chain of contentinfos */
 175     for (cinfo = &(cmsg->contentInfo); cinfo != NULL; ) {
 176         count++;
 177         cinfo = SecCmsContentInfoGetChildContentInfo(cinfo);
 178     }
 179     return count;
 180 }
 181
 182 /*
 183  * SecCmsMessageContentLevel - find content level #n
 184  *
 185  * CMS data content objects do not count.
 186  */
 187 SecCmsContentInfoRef
 188 SecCmsMessageContentLevel(SecCmsMessageRef cmsg, int n)
 189 {
 190     int count = 0;
 191     SecCmsContentInfoRef cinfo;
 192
 193     /* walk down the chain of contentinfos */
 194     for (cinfo = &(cmsg->contentInfo); cinfo != NULL && count < n; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo)) {
 195         count++;
 196     }
 197
 198     return cinfo;
 199 }
 200
 201 /*
 202  * SecCmsMessageContainsCertsOrCrls - see if message contains certs along the way
 203  */
 204 Boolean
 205 SecCmsMessageContainsCertsOrCrls(SecCmsMessageRef cmsg)
 206 {
 207     SecCmsContentInfoRef cinfo;
 208
 209     /* descend into CMS message */
 210     for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo)) {
 211         if (SecCmsContentInfoGetContentTypeTag(cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
 212             continue;   /* next level */
 213
 214         if (SecCmsSignedDataContainsCertsOrCrls(cinfo->content.signedData))
 215             return PR_TRUE;
 216     }
 217     return PR_FALSE;
 218 }
 219
 220 /*
 221  * SecCmsMessageIsEncrypted - see if message contains a encrypted submessage
 222  */
 223 Boolean
 224 SecCmsMessageIsEncrypted(SecCmsMessageRef cmsg)
 225 {
 226     SecCmsContentInfoRef cinfo;
 227
 228     /* walk down the chain of contentinfos */
 229     for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo))
 230     {
 231         switch (SecCmsContentInfoGetContentTypeTag(cinfo)) {
 232         case SEC_OID_PKCS7_ENVELOPED_DATA:
 233         case SEC_OID_PKCS7_ENCRYPTED_DATA:
 234             return PR_TRUE;
 235         default:
 236             break;
 237         }
 238     }
 239     return PR_FALSE;
 240 }
 241
 242 /*
 243  * SecCmsMessageIsSigned - see if message contains a signed submessage
 244  *
 245  * If the CMS message has a SignedData with a signature (not just a SignedData)
 246  * return true; false otherwise.  This can/should be called before calling
 247  * VerifySignature, which will always indicate failure if no signature is
 248  * present, but that does not mean there even was a signature!
 249  * Note that the content itself can be empty (detached content was sent
 250  * another way); it is the presence of the signature that matters.
 251  */
 252 Boolean
 253 SecCmsMessageIsSigned(SecCmsMessageRef cmsg)
 254 {
 255     SecCmsContentInfoRef cinfo;
 256
 257     /* walk down the chain of contentinfos */
 258     for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo))
 259     {
 260         switch (SecCmsContentInfoGetContentTypeTag(cinfo)) {
 261         case SEC_OID_PKCS7_SIGNED_DATA:
 262             if (!SecCmsArrayIsEmpty((void **)cinfo->content.signedData->signerInfos))
 263                 return PR_TRUE;
 264             break;
 265         default:
 266             break;
 267         }
 268     }
 269     return PR_FALSE;
 270 }
 271
 272 /*
 273  * SecCmsMessageIsContentEmpty - see if content is empty
 274  *
 275  * returns PR_TRUE is innermost content length is < minLen
 276  * XXX need the encrypted content length (why?)
 277  */
 278 Boolean
 279 SecCmsMessageIsContentEmpty(SecCmsMessageRef cmsg, unsigned int minLen)
 280 {
 281     SecAsn1Item * item = NULL;
 282
 283     if (cmsg == NULL)
 284         return PR_TRUE;
 285
 286     item = SecCmsContentInfoGetContent(SecCmsMessageGetContentInfo(cmsg));
 287
 288     if (!item) {
 289         return PR_TRUE;
 290     } else if(item->Length <= minLen) {
 291         return PR_TRUE;
 292     }
 293
 294     return PR_FALSE;
 295 }