]> git.saurik.com Git - apple/security.git/blob - libsecurity_smime/lib/smimeutil.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57740.51.3.tar.gz
[apple/security.git] / libsecurity_smime / lib / smimeutil.c
1 /*
2 * The contents of this file are subject to the Mozilla Public
3 * License Version 1.1 (the "License"); you may not use this file
4 * except in compliance with the License. You may obtain a copy of
5 * the License at http://www.mozilla.org/MPL/
6 *
7 * Software distributed under the License is distributed on an "AS
8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9 * implied. See the License for the specific language governing
10 * rights and limitations under the License.
11 *
12 * The Original Code is the Netscape security libraries.
13 *
14 * The Initial Developer of the Original Code is Netscape
15 * Communications Corporation. Portions created by Netscape are
16 * Copyright (C) 1994-2000 Netscape Communications Corporation. All
17 * Rights Reserved.
18 *
19 * Contributor(s):
20 *
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU General Public License Version 2 or later (the
23 * "GPL"), in which case the provisions of the GPL are applicable
24 * instead of those above. If you wish to allow use of your
25 * version of this file only under the terms of the GPL and not to
26 * allow others to use your version of this file under the MPL,
27 * indicate your decision by deleting the provisions above and
28 * replace them with the notice and other provisions required by
29 * the GPL. If you do not delete the provisions above, a recipient
30 * may use your version of this file under either the MPL or the
31 * GPL.
32 */
33
34 /*
35 * Stuff specific to S/MIME policy and interoperability.
36 */
37
38 #include "cmslocal.h"
39
40 #include "secoid.h"
41 #include "SecAsn1Item.h"
42 #include "cert.h"
43 #include "SecSMIMEPriv.h"
44
45 #include <security_asn1/secasn1.h>
46 #include <security_asn1/secerr.h>
47 #include <Security/SecSMIME.h>
48 #include <Security/SecKeyPriv.h>
49
50 SEC_ASN1_MKSUB(CERT_IssuerAndSNTemplate)
51 SEC_ASN1_MKSUB(SEC_OctetStringTemplate)
52 SEC_ASN1_CHOOSER_DECLARE(CERT_IssuerAndSNTemplate)
53
54 /* various integer's ASN.1 encoding */
55 static unsigned char asn1_int40[] = { SEC_ASN1_INTEGER, 0x01, 0x28 };
56 static unsigned char asn1_int64[] = { SEC_ASN1_INTEGER, 0x01, 0x40 };
57 static unsigned char asn1_int128[] = { SEC_ASN1_INTEGER, 0x02, 0x00, 0x80 };
58
59 /* RC2 algorithm parameters (used in smime_cipher_map) */
60 static SecAsn1Item param_int40 = { sizeof(asn1_int40), asn1_int40 };
61 static SecAsn1Item param_int64 = { sizeof(asn1_int64), asn1_int64 };
62 static SecAsn1Item param_int128 = { sizeof(asn1_int128), asn1_int128 };
63
64 /*
65 * XXX Would like the "parameters" field to be a SecAsn1Item * , but the
66 * encoder is having trouble with optional pointers to an ANY. Maybe
67 * once that is fixed, can change this back...
68 */
69 typedef struct {
70 SecAsn1Item capabilityID;
71 SecAsn1Item parameters;
72 long cipher; /* optimization */
73 } NSSSMIMECapability;
74
75 static const SecAsn1Template NSSSMIMECapabilityTemplate[] = {
76 { SEC_ASN1_SEQUENCE,
77 0, NULL, sizeof(NSSSMIMECapability) },
78 { SEC_ASN1_OBJECT_ID,
79 offsetof(NSSSMIMECapability,capabilityID), },
80 { SEC_ASN1_OPTIONAL | SEC_ASN1_ANY,
81 offsetof(NSSSMIMECapability,parameters), },
82 { 0, }
83 };
84
85 static const SecAsn1Template NSSSMIMECapabilitiesTemplate[] = {
86 { SEC_ASN1_SEQUENCE_OF, 0, NSSSMIMECapabilityTemplate }
87 };
88
89 /*
90 * NSSSMIMEEncryptionKeyPreference - if we find one of these, it needs to prompt us
91 * to store this and only this certificate permanently for the sender email address.
92 */
93 typedef enum {
94 NSSSMIMEEncryptionKeyPref_IssuerSN,
95 NSSSMIMEEncryptionKeyPref_RKeyID,
96 NSSSMIMEEncryptionKeyPref_SubjectKeyID
97 } NSSSMIMEEncryptionKeyPrefSelector;
98
99 typedef struct {
100 NSSSMIMEEncryptionKeyPrefSelector selector;
101 union {
102 SecCmsIssuerAndSN *issuerAndSN;
103 SecCmsRecipientKeyIdentifier *recipientKeyID;
104 SecAsn1Item *subjectKeyID;
105 } id;
106 } NSSSMIMEEncryptionKeyPreference;
107
108 extern const SecAsn1Template SecCmsRecipientKeyIdentifierTemplate[];
109
110 static const SecAsn1Template smime_encryptionkeypref_template[] = {
111 { SEC_ASN1_CHOICE,
112 offsetof(NSSSMIMEEncryptionKeyPreference,selector), NULL,
113 sizeof(NSSSMIMEEncryptionKeyPreference) },
114 { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
115 offsetof(NSSSMIMEEncryptionKeyPreference,id.issuerAndSN),
116 SEC_ASN1_SUB(SecCmsIssuerAndSNTemplate),
117 NSSSMIMEEncryptionKeyPref_IssuerSN },
118 { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | 1,
119 offsetof(NSSSMIMEEncryptionKeyPreference,id.recipientKeyID),
120 SecCmsRecipientKeyIdentifierTemplate,
121 NSSSMIMEEncryptionKeyPref_IssuerSN },
122 { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
123 offsetof(NSSSMIMEEncryptionKeyPreference,id.subjectKeyID),
124 SEC_ASN1_SUB(kSecAsn1OctetStringTemplate),
125 NSSSMIMEEncryptionKeyPref_SubjectKeyID },
126 { 0, }
127 };
128
129 /* smime_cipher_map - map of SMIME symmetric "ciphers" to algtag & parameters */
130 typedef struct {
131 unsigned long cipher;
132 SECOidTag algtag;
133 SecAsn1Item *parms;
134 Boolean enabled; /* in the user's preferences */
135 Boolean allowed; /* per export policy */
136 } smime_cipher_map_entry;
137
138 /* global: list of supported SMIME symmetric ciphers, ordered roughly by increasing strength */
139 static smime_cipher_map_entry smime_cipher_map[] = {
140 /* cipher algtag parms enabled allowed */
141 /* ---------------------------------------------------------------------------------- */
142 { SMIME_RC2_CBC_40, SEC_OID_RC2_CBC, &param_int40, PR_FALSE, PR_FALSE },
143 { SMIME_DES_CBC_56, SEC_OID_DES_CBC, NULL, PR_TRUE, PR_FALSE },
144 { SMIME_RC2_CBC_64, SEC_OID_RC2_CBC, &param_int64, PR_FALSE, PR_FALSE },
145 { SMIME_RC2_CBC_128, SEC_OID_RC2_CBC, &param_int128, PR_FALSE, PR_FALSE },
146 { SMIME_DES_EDE3_168, SEC_OID_DES_EDE3_CBC, NULL, PR_TRUE, PR_TRUE },
147 { SMIME_AES_CBC_128, SEC_OID_AES_128_CBC, NULL, PR_TRUE, PR_TRUE },
148 { SMIME_AES_CBC_192, SEC_OID_AES_192_CBC, NULL, PR_TRUE, PR_TRUE },
149 { SMIME_AES_CBC_256, SEC_OID_AES_256_CBC, NULL, PR_TRUE, PR_TRUE },
150 { SMIME_FORTEZZA, SEC_OID_FORTEZZA_SKIPJACK, NULL, PR_TRUE, PR_TRUE }
151 };
152 static const int smime_cipher_map_count = sizeof(smime_cipher_map) / sizeof(smime_cipher_map_entry);
153
154 /*
155 * smime_mapi_by_cipher - find index into smime_cipher_map by cipher
156 */
157 static int
158 smime_mapi_by_cipher(unsigned long cipher)
159 {
160 int i;
161
162 for (i = 0; i < smime_cipher_map_count; i++) {
163 if (smime_cipher_map[i].cipher == cipher)
164 return i; /* bingo */
165 }
166 return -1; /* should not happen if we're consistent, right? */
167 }
168
169 /*
170 * NSS_SMIME_EnableCipher - this function locally records the user's preference
171 */
172 OSStatus
173 SecSMIMEEnableCipher(unsigned long which, Boolean on)
174 {
175 unsigned long mask;
176 int mapi;
177
178 mask = which & CIPHER_FAMILYID_MASK;
179
180 PORT_Assert (mask == CIPHER_FAMILYID_SMIME);
181 if (mask != CIPHER_FAMILYID_SMIME)
182 /* XXX set an error! */
183 return SECFailure;
184
185 mapi = smime_mapi_by_cipher(which);
186 if (mapi < 0)
187 /* XXX set an error */
188 return SECFailure;
189
190 /* do we try to turn on a forbidden cipher? */
191 if (!smime_cipher_map[mapi].allowed && on) {
192 PORT_SetError (SEC_ERROR_BAD_EXPORT_ALGORITHM);
193 return SECFailure;
194 }
195
196 smime_cipher_map[mapi].enabled = on;
197
198 return SECSuccess;
199 }
200
201
202 /*
203 * this function locally records the export policy
204 */
205 OSStatus
206 SecSMIMEAllowCipher(unsigned long which, Boolean on)
207 {
208 unsigned long mask;
209 int mapi;
210
211 mask = which & CIPHER_FAMILYID_MASK;
212
213 PORT_Assert (mask == CIPHER_FAMILYID_SMIME);
214 if (mask != CIPHER_FAMILYID_SMIME)
215 /* XXX set an error! */
216 return SECFailure;
217
218 mapi = smime_mapi_by_cipher(which);
219 if (mapi < 0)
220 /* XXX set an error */
221 return SECFailure;
222
223 smime_cipher_map[mapi].allowed = on;
224
225 return SECSuccess;
226 }
227
228 /*
229 * Based on the given algorithm (including its parameters, in some cases!)
230 * and the given key (may or may not be inspected, depending on the
231 * algorithm), find the appropriate policy algorithm specification
232 * and return it. If no match can be made, -1 is returned.
233 */
234 static OSStatus
235 nss_smime_get_cipher_for_alg_and_key(SECAlgorithmID *algid, SecSymmetricKeyRef key, unsigned long *cipher)
236 {
237 SECOidTag algtag;
238 CFIndex keylen_bits;
239 unsigned long c;
240
241 algtag = SECOID_GetAlgorithmTag(algid);
242 switch (algtag) {
243 case SEC_OID_RC2_CBC:
244 keylen_bits = CFDataGetLength((CFDataRef)key) * 8;
245 switch (keylen_bits) {
246 case 40:
247 c = SMIME_RC2_CBC_40;
248 break;
249 case 64:
250 c = SMIME_RC2_CBC_64;
251 break;
252 case 128:
253 c = SMIME_RC2_CBC_128;
254 break;
255 default:
256 return SECFailure;
257 }
258 break;
259 case SEC_OID_DES_CBC:
260 c = SMIME_DES_CBC_56;
261 break;
262 case SEC_OID_FORTEZZA_SKIPJACK:
263 c = SMIME_FORTEZZA;
264 break;
265 case SEC_OID_DES_EDE3_CBC:
266 c = SMIME_DES_EDE3_168;
267 break;
268 case SEC_OID_AES_128_CBC:
269 c = SMIME_AES_CBC_128;
270 break;
271 case SEC_OID_AES_192_CBC:
272 c = SMIME_AES_CBC_192;
273 break;
274 case SEC_OID_AES_256_CBC:
275 c = SMIME_AES_CBC_256;
276 break;
277 default:
278 return SECFailure;
279 }
280 *cipher = c;
281 return SECSuccess;
282 }
283
284 static Boolean
285 nss_smime_cipher_allowed(unsigned long which)
286 {
287 int mapi;
288
289 mapi = smime_mapi_by_cipher(which);
290 if (mapi < 0)
291 return PR_FALSE;
292 return smime_cipher_map[mapi].allowed;
293 }
294
295 Boolean
296 SecSMIMEDecryptionAllowed(SECAlgorithmID *algid, SecSymmetricKeyRef key)
297 {
298 unsigned long which;
299
300 if (nss_smime_get_cipher_for_alg_and_key(algid, key, &which) != SECSuccess)
301 return PR_FALSE;
302
303 return nss_smime_cipher_allowed(which);
304 }
305
306
307 /*
308 * NSS_SMIME_EncryptionPossible - check if any encryption is allowed
309 *
310 * This tells whether or not *any* S/MIME encryption can be done,
311 * according to policy. Callers may use this to do nicer user interface
312 * (say, greying out a checkbox so a user does not even try to encrypt
313 * a message when they are not allowed to) or for any reason they want
314 * to check whether S/MIME encryption (or decryption, for that matter)
315 * may be done.
316 *
317 * It takes no arguments. The return value is a simple boolean:
318 * PR_TRUE means encryption (or decryption) is *possible*
319 * (but may still fail due to other reasons, like because we cannot
320 * find all the necessary certs, etc.; PR_TRUE is *not* a guarantee)
321 * PR_FALSE means encryption (or decryption) is not permitted
322 *
323 * There are no errors from this routine.
324 */
325 Boolean
326 SecSMIMEEncryptionPossible(void)
327 {
328 int i;
329
330 for (i = 0; i < smime_cipher_map_count; i++) {
331 if (smime_cipher_map[i].allowed)
332 return PR_TRUE;
333 }
334 return PR_FALSE;
335 }
336
337
338 static unsigned long
339 nss_SMIME_FindCipherForSMIMECap(NSSSMIMECapability *cap)
340 {
341 int i;
342 SECOidTag capIDTag;
343
344 /* we need the OIDTag here */
345 capIDTag = SECOID_FindOIDTag(&(cap->capabilityID));
346
347 /* go over all the SMIME ciphers we know and see if we find a match */
348 for (i = 0; i < smime_cipher_map_count; i++) {
349 if (smime_cipher_map[i].algtag != capIDTag)
350 continue;
351 /*
352 * XXX If SECITEM_CompareItem allowed NULLs as arguments (comparing
353 * 2 NULLs as equal and NULL and non-NULL as not equal), we could
354 * use that here instead of all of the following comparison code.
355 */
356 if (cap->parameters.Data == NULL && smime_cipher_map[i].parms == NULL)
357 break; /* both empty: bingo */
358
359 if (cap->parameters.Data != NULL && smime_cipher_map[i].parms != NULL &&
360 cap->parameters.Length == smime_cipher_map[i].parms->Length &&
361 PORT_Memcmp (cap->parameters.Data, smime_cipher_map[i].parms->Data,
362 cap->parameters.Length) == 0)
363 {
364 break; /* both not empty, same length & equal content: bingo */
365 }
366 }
367
368 if (i == smime_cipher_map_count)
369 return 0; /* no match found */
370 else
371 return smime_cipher_map[i].cipher; /* match found, point to cipher */
372 }
373
374 static int smime_keysize_by_cipher (unsigned long which);
375
376 /*
377 * smime_choose_cipher - choose a cipher that works for all the recipients
378 *
379 * "scert" - sender's certificate
380 * "rcerts" - recipient's certificates
381 */
382 static long
383 smime_choose_cipher(SecCertificateRef scert, SecCertificateRef *rcerts)
384 {
385 PRArenaPool *poolp;
386 long cipher;
387 long chosen_cipher;
388 int *cipher_abilities;
389 int *cipher_votes;
390 int weak_mapi;
391 int strong_mapi;
392 int rcount, mapi, max, i;
393 #if 1
394 // @@@ We Don't support Fortezza yet.
395 Boolean scert_is_fortezza = PR_FALSE;
396 #else
397 Boolean scert_is_fortezza = (scert == NULL) ? PR_FALSE : PK11_FortezzaHasKEA(scert);
398 #endif
399
400 chosen_cipher = SMIME_DES_CBC_56; /* the default, LCD */
401 weak_mapi = smime_mapi_by_cipher(chosen_cipher);
402
403 poolp = PORT_NewArena (1024); /* XXX what is right value? */
404 if (poolp == NULL)
405 goto done;
406
407 cipher_abilities = (int *)PORT_ArenaZAlloc(poolp, smime_cipher_map_count * sizeof(int));
408 cipher_votes = (int *)PORT_ArenaZAlloc(poolp, smime_cipher_map_count * sizeof(int));
409 if (cipher_votes == NULL || cipher_abilities == NULL)
410 goto done;
411
412 /* If the user has the Fortezza preference turned on, make
413 * that the strong cipher. Otherwise, use triple-DES. */
414 strong_mapi = smime_mapi_by_cipher (SMIME_DES_EDE3_168);
415 if (scert_is_fortezza) {
416 mapi = smime_mapi_by_cipher(SMIME_FORTEZZA);
417 if (mapi >= 0 && smime_cipher_map[mapi].enabled)
418 strong_mapi = mapi;
419 }
420
421 /* walk all the recipient's certs */
422 for (rcount = 0; rcerts[rcount] != NULL; rcount++) {
423 SecAsn1Item *profile;
424 NSSSMIMECapability **caps;
425 int pref;
426
427 /* the first cipher that matches in the user's SMIME profile gets
428 * "smime_cipher_map_count" votes; the next one gets "smime_cipher_map_count" - 1
429 * and so on. If every cipher matches, the last one gets 1 (one) vote */
430 pref = smime_cipher_map_count;
431
432 /* find recipient's SMIME profile */
433 profile = CERT_FindSMimeProfile(rcerts[rcount]);
434
435 if (profile != NULL && profile->Data != NULL && profile->Length > 0) {
436 /* we have a profile (still DER-encoded) */
437 caps = NULL;
438 /* decode it */
439 if (SEC_ASN1DecodeItem(poolp, &caps, NSSSMIMECapabilitiesTemplate, profile) == SECSuccess &&
440 caps != NULL)
441 {
442 /* walk the SMIME capabilities for this recipient */
443 for (i = 0; caps[i] != NULL; i++) {
444 cipher = nss_SMIME_FindCipherForSMIMECap(caps[i]);
445 mapi = smime_mapi_by_cipher(cipher);
446 if (mapi >= 0) {
447 /* found the cipher */
448 cipher_abilities[mapi]++;
449 cipher_votes[mapi] += pref;
450 --pref;
451 }
452 }
453 }
454 } else {
455 /* no profile found - so we can only assume that the user can do
456 * the mandatory algorithms which is RC2-40 (weak crypto) and 3DES (strong crypto) */
457 SecPublicKeyRef key;
458 size_t pklen_bits;
459
460 /*
461 * if recipient's public key length is > 512, vote for a strong cipher
462 * please not that the side effect of this is that if only one recipient
463 * has an export-level public key, the strong cipher is disabled.
464 *
465 * XXX This is probably only good for RSA keys. What I would
466 * really like is a function to just say; Is the public key in
467 * this cert an export-length key? Then I would not have to
468 * know things like the value 512, or the kind of key, or what
469 * a subjectPublicKeyInfo is, etc.
470 */
471 key = CERT_ExtractPublicKey(rcerts[rcount]);
472 pklen_bits = 0;
473 if (key != NULL) {
474 pklen_bits = SecKeyGetSize(key, kSecKeyKeySizeInBits);
475 SECKEY_DestroyPublicKey (key);
476 }
477
478 if (pklen_bits > 512) {
479 /* cast votes for the strong algorithm */
480 cipher_abilities[strong_mapi]++;
481 cipher_votes[strong_mapi] += pref;
482 pref--;
483 }
484
485 /* always cast (possibly less) votes for the weak algorithm */
486 cipher_abilities[weak_mapi]++;
487 cipher_votes[weak_mapi] += pref;
488 }
489 if (profile != NULL)
490 SECITEM_FreeItem(profile, PR_TRUE);
491 }
492
493 /* find cipher that is agreeable by all recipients and that has the most votes */
494 max = 0;
495 for (mapi = 0; mapi < smime_cipher_map_count; mapi++) {
496 /* if not all of the recipients can do this, forget it */
497 if (cipher_abilities[mapi] != rcount)
498 continue;
499 /* if cipher is not enabled or not allowed by policy, forget it */
500 if (!smime_cipher_map[mapi].enabled || !smime_cipher_map[mapi].allowed)
501 continue;
502 /* if we're not doing fortezza, but the cipher is fortezza, forget it */
503 if (!scert_is_fortezza && (smime_cipher_map[mapi].cipher == SMIME_FORTEZZA))
504 continue;
505 /* now see if this one has more votes than the last best one */
506 if (cipher_votes[mapi] >= max) {
507 /* if equal number of votes, prefer the ones further down in the list */
508 /* with the expectation that these are higher rated ciphers */
509 chosen_cipher = smime_cipher_map[mapi].cipher;
510 max = cipher_votes[mapi];
511 }
512 }
513 /* if no common cipher was found, chosen_cipher stays at the default */
514
515 done:
516 if (poolp != NULL)
517 PORT_FreeArena (poolp, PR_FALSE);
518
519 if (smime_keysize_by_cipher(chosen_cipher) < 128) {
520 /* you're going to use strong(er) crypto whether you like it or not */
521 chosen_cipher = SMIME_DES_EDE3_168;
522 }
523 return chosen_cipher;
524 }
525
526 /*
527 * XXX This is a hack for now to satisfy our current interface.
528 * Eventually, with more parameters needing to be specified, just
529 * looking up the keysize is not going to be sufficient.
530 */
531 static int
532 smime_keysize_by_cipher (unsigned long which)
533 {
534 int keysize;
535
536 switch (which) {
537 case SMIME_RC2_CBC_40:
538 keysize = 40;
539 break;
540 case SMIME_RC2_CBC_64:
541 keysize = 64;
542 break;
543 case SMIME_RC2_CBC_128:
544 keysize = 128;
545 break;
546 case SMIME_DES_CBC_56:
547 keysize = 64;
548 break;
549 case SMIME_DES_EDE3_168:
550 keysize = 192;
551 break;
552 case SMIME_FORTEZZA:
553 /*
554 * This is special; since the key size is fixed, we actually
555 * want to *avoid* specifying a key size.
556 */
557 keysize = 0;
558 break;
559 default:
560 keysize = -1;
561 break;
562 }
563
564 return keysize;
565 }
566
567 /*
568 * SecSMIMEFindBulkAlgForRecipients - find bulk algorithm suitable for all recipients
569 *
570 * it would be great for UI purposes if there would be a way to find out which recipients
571 * prevented a strong cipher from being used...
572 */
573 OSStatus
574 SecSMIMEFindBulkAlgForRecipients(SecCertificateRef *rcerts, SECOidTag *bulkalgtag, int *keysize)
575 {
576 unsigned long cipher;
577 int mapi;
578
579 cipher = smime_choose_cipher(NULL, rcerts);
580 mapi = smime_mapi_by_cipher(cipher);
581 if (mapi < 0) {
582 return SECFailure;
583 }
584
585 *bulkalgtag = smime_cipher_map[mapi].algtag;
586 *keysize = smime_keysize_by_cipher(smime_cipher_map[mapi].cipher);
587
588 return SECSuccess;
589 }
590
591 /*
592 * SecSMIMECreateSMIMECapabilities - get S/MIME capabilities for this instance of NSS
593 *
594 * scans the list of allowed and enabled ciphers and construct a PKCS9-compliant
595 * S/MIME capabilities attribute value.
596 *
597 * XXX Please note that, in contradiction to RFC2633 2.5.2, the capabilities only include
598 * symmetric ciphers, NO signature algorithms or key encipherment algorithms.
599 *
600 * "poolp" - arena pool to create the S/MIME capabilities data on
601 * "dest" - SecAsn1Item to put the data in
602 * "includeFortezzaCiphers" - PR_TRUE if fortezza ciphers should be included
603 */
604 OSStatus
605 SecSMIMECreateSMIMECapabilities(PLArenaPool *poolp, SecAsn1Item *dest, Boolean includeFortezzaCiphers)
606 {
607 NSSSMIMECapability *cap;
608 NSSSMIMECapability **smime_capabilities;
609 smime_cipher_map_entry *map;
610 SECOidData *oiddata;
611 SecAsn1Item *dummy;
612 int i, capIndex;
613
614 /* if we have an old NSSSMIMECapability array, we'll reuse it (has the right size) */
615 /* smime_cipher_map_count + 1 is an upper bound - we might end up with less */
616 smime_capabilities = (NSSSMIMECapability **)PORT_ZAlloc((smime_cipher_map_count + 1)
617 * sizeof(NSSSMIMECapability *));
618 if (smime_capabilities == NULL)
619 return SECFailure;
620
621 capIndex = 0;
622
623 /* Add all the symmetric ciphers
624 * We walk the cipher list backwards, as it is ordered by increasing strength,
625 * we prefer the stronger cipher over a weaker one, and we have to list the
626 * preferred algorithm first */
627 for (i = smime_cipher_map_count - 1; i >= 0; i--) {
628 /* Find the corresponding entry in the cipher map. */
629 map = &(smime_cipher_map[i]);
630 if (!map->enabled)
631 continue;
632
633 /* If we're using a non-Fortezza cert, only advertise non-Fortezza
634 capabilities. (We advertise all capabilities if we have a
635 Fortezza cert.) */
636 if ((!includeFortezzaCiphers) && (map->cipher == SMIME_FORTEZZA))
637 continue;
638
639 /* get next SMIME capability */
640 cap = (NSSSMIMECapability *)PORT_ZAlloc(sizeof(NSSSMIMECapability));
641 if (cap == NULL)
642 break;
643 smime_capabilities[capIndex++] = cap;
644
645 oiddata = SECOID_FindOIDByTag(map->algtag);
646 if (oiddata == NULL)
647 break;
648
649 cap->capabilityID.Data = oiddata->oid.Data;
650 cap->capabilityID.Length = oiddata->oid.Length;
651 cap->parameters.Data = map->parms ? map->parms->Data : NULL;
652 cap->parameters.Length = map->parms ? map->parms->Length : 0;
653 cap->cipher = smime_cipher_map[i].cipher;
654 }
655
656 /* XXX add signature algorithms */
657 /* XXX add key encipherment algorithms */
658
659 smime_capabilities[capIndex] = NULL; /* last one - now encode */
660 dummy = SEC_ASN1EncodeItem(poolp, dest, &smime_capabilities, NSSSMIMECapabilitiesTemplate);
661
662 /* now that we have the proper encoded SMIMECapabilities (or not),
663 * free the work data */
664 for (i = 0; smime_capabilities[i] != NULL; i++)
665 PORT_Free(smime_capabilities[i]);
666 PORT_Free(smime_capabilities);
667
668 return (dummy == NULL) ? SECFailure : SECSuccess;
669 }
670
671 /*
672 * SecSMIMECreateSMIMEEncKeyPrefs - create S/MIME encryption key preferences attr value
673 *
674 * "poolp" - arena pool to create the attr value on
675 * "dest" - SecAsn1Item to put the data in
676 * "cert" - certificate that should be marked as preferred encryption key
677 * cert is expected to have been verified for EmailRecipient usage.
678 */
679 OSStatus
680 SecSMIMECreateSMIMEEncKeyPrefs(PLArenaPool *poolp, SecAsn1Item *dest, SecCertificateRef cert)
681 {
682 NSSSMIMEEncryptionKeyPreference ekp;
683 SecAsn1Item *dummy = NULL;
684 PLArenaPool *tmppoolp = NULL;
685
686 if (cert == NULL)
687 goto loser;
688
689 tmppoolp = PORT_NewArena(1024);
690 if (tmppoolp == NULL)
691 goto loser;
692
693 /* XXX hardcoded IssuerSN choice for now */
694 ekp.selector = NSSSMIMEEncryptionKeyPref_IssuerSN;
695 ekp.id.issuerAndSN = CERT_GetCertIssuerAndSN(tmppoolp, cert);
696 if (ekp.id.issuerAndSN == NULL)
697 goto loser;
698
699 dummy = SEC_ASN1EncodeItem(poolp, dest, &ekp, smime_encryptionkeypref_template);
700
701 loser:
702 if (tmppoolp) PORT_FreeArena(tmppoolp, PR_FALSE);
703
704 return (dummy == NULL) ? SECFailure : SECSuccess;
705 }
706
707 /*
708 * SecSMIMECreateSMIMEEncKeyPrefs - create S/MIME encryption key preferences attr value using MS oid
709 *
710 * "poolp" - arena pool to create the attr value on
711 * "dest" - SecAsn1Item to put the data in
712 * "cert" - certificate that should be marked as preferred encryption key
713 * cert is expected to have been verified for EmailRecipient usage.
714 */
715 OSStatus
716 SecSMIMECreateMSSMIMEEncKeyPrefs(PLArenaPool *poolp, SecAsn1Item *dest, SecCertificateRef cert)
717 {
718 SecAsn1Item *dummy = NULL;
719 PLArenaPool *tmppoolp = NULL;
720 SecCmsIssuerAndSN *isn;
721
722 if (cert == NULL)
723 goto loser;
724
725 tmppoolp = PORT_NewArena(1024);
726 if (tmppoolp == NULL)
727 goto loser;
728
729 isn = CERT_GetCertIssuerAndSN(tmppoolp, cert);
730 if (isn == NULL)
731 goto loser;
732
733 dummy = SEC_ASN1EncodeItem(poolp, dest, isn, SEC_ASN1_GET(SecCmsIssuerAndSNTemplate));
734
735 loser:
736 if (tmppoolp) PORT_FreeArena(tmppoolp, PR_FALSE);
737
738 return (dummy == NULL) ? SECFailure : SECSuccess;
739 }
740
741 #if 0
742 /*
743 * SecSMIMEGetCertFromEncryptionKeyPreference -
744 * find cert marked by EncryptionKeyPreference attribute
745 *
746 * "keychainOrArray" - handle for the cert database to look in
747 * "DERekp" - DER-encoded value of S/MIME Encryption Key Preference attribute
748 *
749 * if certificate is supposed to be found among the message's included certificates,
750 * they are assumed to have been imported already.
751 */
752 SecCertificateRef
753 SecSMIMEGetCertFromEncryptionKeyPreference(SecKeychainRef keychainOrArray, SecAsn1Item *DERekp)
754 {
755 PLArenaPool *tmppoolp = NULL;
756 SecCertificateRef cert = NULL;
757 NSSSMIMEEncryptionKeyPreference ekp;
758
759 tmppoolp = PORT_NewArena(1024);
760 if (tmppoolp == NULL)
761 return NULL;
762
763 /* decode DERekp */
764 if (SEC_ASN1DecodeItem(tmppoolp, &ekp, smime_encryptionkeypref_template, DERekp) != SECSuccess)
765 goto loser;
766
767 /* find cert */
768 switch (ekp.selector) {
769 case NSSSMIMEEncryptionKeyPref_IssuerSN:
770 cert = CERT_FindCertByIssuerAndSN(keychainOrArray, ekp.id.issuerAndSN);
771 break;
772 case NSSSMIMEEncryptionKeyPref_RKeyID:
773 case NSSSMIMEEncryptionKeyPref_SubjectKeyID:
774 /* XXX not supported yet - we need to be able to look up certs by SubjectKeyID */
775 break;
776 default:
777 PORT_Assert(0);
778 }
779 loser:
780 if (tmppoolp) PORT_FreeArena(tmppoolp, PR_FALSE);
781
782 return cert;
783 }
784 #endif
785
786 #if 0
787 extern const char __nss_smime_rcsid[];
788 extern const char __nss_smime_sccsid[];
789
790 Boolean
791 NSSSMIME_VersionCheck(const char *importedVersion)
792 {
793 #if 1
794 return PR_TRUE;
795 #else
796 /*
797 * This is the secret handshake algorithm.
798 *
799 * This release has a simple version compatibility
800 * check algorithm. This release is not backward
801 * compatible with previous major releases. It is
802 * not compatible with future major, minor, or
803 * patch releases.
804 */
805 volatile char c; /* force a reference that won't get optimized away */
806
807 c = __nss_smime_rcsid[0] + __nss_smime_sccsid[0];
808
809 return NSS_VersionCheck(importedVersion);
810 #endif
811 }
812 #endif /* 0 */
813
mirror of Security