]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_smime/lib/cmsattr.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-58286.270.3.0.1.tar.gz
[apple/security.git] / OSX / libsecurity_smime / lib / cmsattr.c
1 /*
2 * The contents of this file are subject to the Mozilla Public
3 * License Version 1.1 (the "License"); you may not use this file
4 * except in compliance with the License. You may obtain a copy of
5 * the License at http://www.mozilla.org/MPL/
6 *
7 * Software distributed under the License is distributed on an "AS
8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9 * implied. See the License for the specific language governing
10 * rights and limitations under the License.
11 *
12 * The Original Code is the Netscape security libraries.
13 *
14 * The Initial Developer of the Original Code is Netscape
15 * Communications Corporation. Portions created by Netscape are
16 * Copyright (C) 1994-2000 Netscape Communications Corporation. All
17 * Rights Reserved.
18 *
19 * Contributor(s):
20 *
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU General Public License Version 2 or later (the
23 * "GPL"), in which case the provisions of the GPL are applicable
24 * instead of those above. If you wish to allow use of your
25 * version of this file only under the terms of the GPL and not to
26 * allow others to use your version of this file under the MPL,
27 * indicate your decision by deleting the provisions above and
28 * replace them with the notice and other provisions required by
29 * the GPL. If you do not delete the provisions above, a recipient
30 * may use your version of this file under either the MPL or the
31 * GPL.
32 */
33
34 /*
35 * CMS attributes.
36 */
37
38 #include "cmslocal.h"
39
40 #include "secoid.h"
41 #include "secitem.h"
42
43 #include <security_asn1/secasn1.h>
44 #include <security_asn1/secerr.h>
45
46 /*
47 * -------------------------------------------------------------------
48 * XXX The following Attribute stuff really belongs elsewhere.
49 * The Attribute type is *not* part of CMS but rather X.501.
50 * But for now, since CMS is the only customer of attributes,
51 * we define them here. Once there is a use outside of CMS,
52 * then change the attribute types and functions from internal
53 * to external naming convention, and move them elsewhere!
54 */
55
56
57 /*
58 * SecCmsAttributeCreate - create an attribute
59 *
60 * if value is NULL, the attribute won't have a value. It can be added later
61 * with SecCmsAttributeAddValue.
62 */
63 SecCmsAttribute *
64 SecCmsAttributeCreate(PRArenaPool *poolp, SECOidTag oidtag, CSSM_DATA_PTR value, Boolean encoded)
65 {
66 SecCmsAttribute *attr;
67 CSSM_DATA_PTR copiedvalue;
68 void *mark;
69
70 PORT_Assert (poolp != NULL);
71
72 mark = PORT_ArenaMark (poolp);
73
74 attr = (SecCmsAttribute *)PORT_ArenaZAlloc(poolp, sizeof(SecCmsAttribute));
75 if (attr == NULL)
76 goto loser;
77
78 attr->typeTag = SECOID_FindOIDByTag(oidtag);
79 if (attr->typeTag == NULL)
80 goto loser;
81
82 if (SECITEM_CopyItem(poolp, &(attr->type), &(attr->typeTag->oid)) != SECSuccess)
83 goto loser;
84
85 if (value != NULL) {
86 if ((copiedvalue = SECITEM_AllocItem(poolp, NULL, value->Length)) == NULL)
87 goto loser;
88
89 if (SECITEM_CopyItem(poolp, copiedvalue, value) != SECSuccess)
90 goto loser;
91
92 if (SecCmsArrayAdd(poolp, (void ***)&(attr->values), (void *)copiedvalue) != SECSuccess)
93 goto loser;
94 }
95
96 attr->encoded = encoded;
97
98 PORT_ArenaUnmark (poolp, mark);
99
100 return attr;
101
102 loser:
103 PORT_Assert (mark != NULL);
104 PORT_ArenaRelease (poolp, mark);
105 return NULL;
106 }
107
108 /*
109 * SecCmsAttributeAddValue - add another value to an attribute
110 */
111 OSStatus
112 SecCmsAttributeAddValue(PLArenaPool *poolp, SecCmsAttribute *attr, CSSM_DATA_PTR value)
113 {
114 CSSM_DATA_PTR copiedvalue;
115 void *mark;
116
117 PORT_Assert (poolp != NULL);
118
119 mark = PORT_ArenaMark(poolp);
120
121 if (value != NULL) {
122 if ((copiedvalue = SECITEM_AllocItem(poolp, NULL, value->Length)) == NULL)
123 goto loser;
124
125 if (SECITEM_CopyItem(poolp, copiedvalue, value) != SECSuccess)
126 goto loser;
127
128 if (SecCmsArrayAdd(poolp, (void ***)&(attr->values), (void *)copiedvalue) != SECSuccess)
129 goto loser;
130 }
131
132 PORT_ArenaUnmark(poolp, mark);
133 return SECSuccess;
134
135 loser:
136 PORT_Assert (mark != NULL);
137 PORT_ArenaRelease (poolp, mark);
138 return SECFailure;
139 }
140
141 /*
142 * SecCmsAttributeGetType - return the OID tag
143 */
144 SECOidTag
145 SecCmsAttributeGetType(SecCmsAttribute *attr)
146 {
147 SECOidData *typetag;
148
149 typetag = SECOID_FindOID(&(attr->type));
150 if (typetag == NULL)
151 return SEC_OID_UNKNOWN;
152
153 return typetag->offset;
154 }
155
156 /*
157 * SecCmsAttributeGetValue - return the first attribute value
158 *
159 * We do some sanity checking first:
160 * - Multiple values are *not* expected.
161 * - Empty values are *not* expected.
162 */
163 CSSM_DATA_PTR
164 SecCmsAttributeGetValue(SecCmsAttribute *attr)
165 {
166 CSSM_DATA_PTR value;
167
168 if (attr == NULL)
169 return NULL;
170
171 value = attr->values[0];
172
173 if (value == NULL || value->Data == NULL || value->Length == 0)
174 return NULL;
175
176 if (attr->values[1] != NULL)
177 return NULL;
178
179 return value;
180 }
181
182 /*
183 * SecCmsAttributeCompareValue - compare the attribute's first value against data
184 */
185 Boolean
186 SecCmsAttributeCompareValue(SecCmsAttribute *attr, CSSM_DATA_PTR av)
187 {
188 CSSM_DATA_PTR value;
189
190 if (attr == NULL)
191 return PR_FALSE;
192
193 value = SecCmsAttributeGetValue(attr);
194
195 return (value != NULL && value->Length == av->Length &&
196 PORT_Memcmp (value->Data, av->Data, value->Length) == 0);
197 }
198
199 /*
200 * templates and functions for separate ASN.1 encoding of attributes
201 *
202 * used in SecCmsAttributeArrayReorder
203 */
204
205 /*
206 * helper function for dynamic template determination of the attribute value
207 */
208 static const SecAsn1Template *
209 cms_attr_choose_attr_value_template(void *src_or_dest, Boolean encoding, const char *buf, size_t len, void *dest)
210 {
211 const SecAsn1Template *theTemplate;
212 SecCmsAttribute *attribute;
213 SECOidData *oiddata;
214 Boolean encoded;
215
216 PORT_Assert (src_or_dest != NULL);
217 if (src_or_dest == NULL)
218 return NULL;
219
220 attribute = (SecCmsAttribute *)src_or_dest;
221
222 if (encoding && attribute->encoded)
223 /* we're encoding, and the attribute value is already encoded. */
224 return SEC_ASN1_GET(kSecAsn1AnyTemplate);
225
226 /* get attribute's typeTag */
227 oiddata = attribute->typeTag;
228 if (oiddata == NULL) {
229 oiddata = SECOID_FindOID(&attribute->type);
230 attribute->typeTag = oiddata;
231 }
232
233 if (oiddata == NULL) {
234 /* still no OID tag? OID is unknown then. en/decode value as ANY. */
235 encoded = PR_TRUE;
236 theTemplate = SEC_ASN1_GET(kSecAsn1AnyTemplate);
237 } else {
238 switch (oiddata->offset) {
239 case SEC_OID_PKCS9_SMIME_CAPABILITIES:
240 case SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE:
241 case SEC_OID_APPLE_HASH_AGILITY_V2:
242 /* these guys need to stay DER-encoded */
243 default:
244 /* same goes for OIDs that are not handled here */
245 encoded = PR_TRUE;
246 theTemplate = SEC_ASN1_GET(kSecAsn1AnyTemplate);
247 break;
248 /* otherwise choose proper template */
249 case SEC_OID_PKCS9_EMAIL_ADDRESS:
250 case SEC_OID_RFC1274_MAIL:
251 case SEC_OID_PKCS9_UNSTRUCTURED_NAME:
252 encoded = PR_FALSE;
253 theTemplate = SEC_ASN1_GET(kSecAsn1IA5StringTemplate);
254 break;
255 case SEC_OID_PKCS9_CONTENT_TYPE:
256 encoded = PR_FALSE;
257 theTemplate = SEC_ASN1_GET(kSecAsn1ObjectIDTemplate);
258 break;
259 case SEC_OID_PKCS9_MESSAGE_DIGEST:
260 case SEC_OID_APPLE_HASH_AGILITY:
261 encoded = PR_FALSE;
262 theTemplate = SEC_ASN1_GET(kSecAsn1OctetStringTemplate);
263 break;
264 case SEC_OID_PKCS9_SIGNING_TIME:
265 case SEC_OID_APPLE_EXPIRATION_TIME:
266 encoded = PR_FALSE;
267 theTemplate = SEC_ASN1_GET(kSecAsn1UTCTimeTemplate); // @@@ This should be a choice between UTCTime and GeneralizedTime -- mb
268 break;
269 /* XXX Want other types here, too */
270 }
271 }
272
273 if (encoding) {
274 /*
275 * If we are encoding and we think we have an already-encoded value,
276 * then the code which initialized this attribute should have set
277 * the "encoded" property to true (and we would have returned early,
278 * up above). No devastating error, but that code should be fixed.
279 * (It could indicate that the resulting encoded bytes are wrong.)
280 */
281 PORT_Assert (!encoded);
282 } else {
283 /*
284 * We are decoding; record whether the resulting value is
285 * still encoded or not.
286 */
287 attribute->encoded = encoded;
288 }
289 return theTemplate;
290 }
291
292 static const SecAsn1TemplateChooserPtr cms_attr_chooser
293 = cms_attr_choose_attr_value_template;
294
295 const SecAsn1Template nss_cms_attribute_template[] = {
296 { SEC_ASN1_SEQUENCE,
297 0, NULL, sizeof(SecCmsAttribute) },
298 { SEC_ASN1_OBJECT_ID,
299 offsetof(SecCmsAttribute,type) },
300 { SEC_ASN1_DYNAMIC | SEC_ASN1_SET_OF,
301 offsetof(SecCmsAttribute,values),
302 &cms_attr_chooser },
303 { 0 }
304 };
305
306 const SecAsn1Template nss_cms_set_of_attribute_template[] = {
307 { SEC_ASN1_SET_OF, 0, nss_cms_attribute_template }
308 };
309
310 /* =============================================================================
311 * Attribute Array methods
312 */
313
314 /*
315 * SecCmsAttributeArrayEncode - encode an Attribute array as SET OF Attributes
316 *
317 * If you are wondering why this routine does not reorder the attributes
318 * first, and might be tempted to make it do so, see the comment by the
319 * call to ReorderAttributes in cmsencode.c. (Or, see who else calls this
320 * and think long and hard about the implications of making it always
321 * do the reordering.)
322 */
323 CSSM_DATA_PTR
324 SecCmsAttributeArrayEncode(PRArenaPool *poolp, SecCmsAttribute ***attrs, CSSM_DATA_PTR dest)
325 {
326 return SEC_ASN1EncodeItem (poolp, dest, (void *)attrs, nss_cms_set_of_attribute_template);
327 }
328
329 /*
330 * SecCmsAttributeArrayReorder - sort attribute array by attribute's DER encoding
331 *
332 * make sure that the order of the attributes guarantees valid DER (which must be
333 * in lexigraphically ascending order for a SET OF); if reordering is necessary it
334 * will be done in place (in attrs).
335 */
336 OSStatus
337 SecCmsAttributeArrayReorder(SecCmsAttribute **attrs)
338 {
339 return SecCmsArraySortByDER((void **)attrs, nss_cms_attribute_template, NULL);
340 }
341
342 /*
343 * SecCmsAttributeArrayFindAttrByOidTag - look through a set of attributes and
344 * find one that matches the specified object ID.
345 *
346 * If "only" is true, then make sure that there is not more than one attribute
347 * of the same type. Otherwise, just return the first one found. (XXX Does
348 * anybody really want that first-found behavior? It was like that when I found it...)
349 */
350 SecCmsAttribute *
351 SecCmsAttributeArrayFindAttrByOidTag(SecCmsAttribute **attrs, SECOidTag oidtag, Boolean only)
352 {
353 SECOidData *oid;
354 SecCmsAttribute *attr1, *attr2;
355
356 if (attrs == NULL)
357 return NULL;
358
359 oid = SECOID_FindOIDByTag(oidtag);
360 if (oid == NULL)
361 return NULL;
362
363 while ((attr1 = *attrs++) != NULL) {
364 if (attr1->type.Length == oid->oid.Length && PORT_Memcmp (attr1->type.Data,
365 oid->oid.Data,
366 oid->oid.Length) == 0)
367 break;
368 }
369
370 if (attr1 == NULL)
371 return NULL;
372
373 if (!only)
374 return attr1;
375
376 while ((attr2 = *attrs++) != NULL) {
377 if (attr2->type.Length == oid->oid.Length && PORT_Memcmp (attr2->type.Data,
378 oid->oid.Data,
379 oid->oid.Length) == 0)
380 break;
381 }
382
383 if (attr2 != NULL)
384 return NULL;
385
386 return attr1;
387 }
388
389 /*
390 * SecCmsAttributeArrayAddAttr - add an attribute to an
391 * array of attributes.
392 */
393 OSStatus
394 SecCmsAttributeArrayAddAttr(PLArenaPool *poolp, SecCmsAttribute ***attrs, SecCmsAttribute *attr)
395 {
396 SecCmsAttribute *oattr;
397 void *mark;
398 SECOidTag type;
399
400 mark = PORT_ArenaMark(poolp);
401
402 /* find oidtag of attr */
403 type = SecCmsAttributeGetType(attr);
404
405 /* see if we have one already */
406 oattr = SecCmsAttributeArrayFindAttrByOidTag(*attrs, type, PR_FALSE);
407 PORT_Assert (oattr == NULL);
408 if (oattr != NULL)
409 goto loser; /* XXX or would it be better to replace it? */
410
411 /* no, shove it in */
412 if (SecCmsArrayAdd(poolp, (void ***)attrs, (void *)attr) != SECSuccess)
413 goto loser;
414
415 PORT_ArenaUnmark(poolp, mark);
416 return SECSuccess;
417
418 loser:
419 PORT_ArenaRelease(poolp, mark);
420 return SECFailure;
421 }
422
423 /*
424 * SecCmsAttributeArraySetAttr - set an attribute's value in a set of attributes
425 */
426 OSStatus
427 SecCmsAttributeArraySetAttr(PLArenaPool *poolp, SecCmsAttribute ***attrs, SECOidTag type, CSSM_DATA_PTR value, Boolean encoded)
428 {
429 SecCmsAttribute *attr;
430 void *mark;
431
432 mark = PORT_ArenaMark(poolp);
433
434 /* see if we have one already */
435 attr = SecCmsAttributeArrayFindAttrByOidTag(*attrs, type, PR_FALSE);
436 if (attr == NULL) {
437 /* not found? create one! */
438 attr = SecCmsAttributeCreate(poolp, type, value, encoded);
439 if (attr == NULL)
440 goto loser;
441 /* and add it to the list */
442 if (SecCmsArrayAdd(poolp, (void ***)attrs, (void *)attr) != SECSuccess)
443 goto loser;
444 } else {
445 /* found, shove it in */
446 /* XXX we need a decent memory model @#$#$!#!!! */
447 attr->values[0] = value;
448 attr->encoded = encoded;
449 }
450
451 PORT_ArenaUnmark (poolp, mark);
452 return SECSuccess;
453
454 loser:
455 PORT_ArenaRelease (poolp, mark);
456 return SECFailure;
457 }
458
mirror of Security