]> git.saurik.com Git - apple/security.git/blob - libsecurity_smime/lib/cmsmessage.c
Security-58286.240.4.tar.gz
[apple/security.git] / libsecurity_smime / lib / cmsmessage.c
1 /*
2 * The contents of this file are subject to the Mozilla Public
3 * License Version 1.1 (the "License"); you may not use this file
4 * except in compliance with the License. You may obtain a copy of
5 * the License at http://www.mozilla.org/MPL/
6 *
7 * Software distributed under the License is distributed on an "AS
8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9 * implied. See the License for the specific language governing
10 * rights and limitations under the License.
11 *
12 * The Original Code is the Netscape security libraries.
13 *
14 * The Initial Developer of the Original Code is Netscape
15 * Communications Corporation. Portions created by Netscape are
16 * Copyright (C) 1994-2000 Netscape Communications Corporation. All
17 * Rights Reserved.
18 *
19 * Contributor(s):
20 *
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU General Public License Version 2 or later (the
23 * "GPL"), in which case the provisions of the GPL are applicable
24 * instead of those above. If you wish to allow use of your
25 * version of this file only under the terms of the GPL and not to
26 * allow others to use your version of this file under the MPL,
27 * indicate your decision by deleting the provisions above and
28 * replace them with the notice and other provisions required by
29 * the GPL. If you do not delete the provisions above, a recipient
30 * may use your version of this file under either the MPL or the
31 * GPL.
32 */
33
34 /*
35 * CMS message methods.
36 */
37
38 #include <Security/SecCmsMessage.h>
39
40 #include <Security/SecCmsContentInfo.h>
41 #include <Security/SecCmsSignedData.h>
42
43 #include "cmslocal.h"
44
45 #include "SecAsn1Item.h"
46 #include "secoid.h"
47
48 #include <security_asn1/secasn1.h>
49 #include <security_asn1/secerr.h>
50 #include <security_asn1/secport.h>
51
52 /*
53 * SecCmsMessageCreate - create a CMS message object
54 *
55 * "poolp" - arena to allocate memory from, or NULL if new arena should be created
56 */
57 SecCmsMessageRef
58 SecCmsMessageCreate(void)
59 {
60 PLArenaPool *poolp;
61 SecCmsMessageRef cmsg;
62
63 poolp = PORT_NewArena (1024); /* XXX what is right value? */
64 if (poolp == NULL)
65 return NULL;
66
67 cmsg = (SecCmsMessageRef)PORT_ArenaZAlloc (poolp, sizeof(SecCmsMessage));
68 if (cmsg == NULL) {
69 PORT_FreeArena(poolp, PR_FALSE);
70 return NULL;
71 }
72
73 cmsg->poolp = poolp;
74 cmsg->contentInfo.cmsg = cmsg;
75 cmsg->refCount = 1;
76
77 return cmsg;
78 }
79
80 /*
81 * SecCmsMessageSetEncodingParams - set up a CMS message object for encoding or decoding
82 *
83 * "cmsg" - message object
84 * "pwfn", pwfn_arg" - callback function for getting token password
85 * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
86 * "detached_digestalgs", "detached_digests" - digests from detached content
87 */
88 void
89 SecCmsMessageSetEncodingParams(SecCmsMessageRef cmsg,
90 PK11PasswordFunc pwfn, void *pwfn_arg,
91 SecCmsGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg)
92 {
93 #if 0
94 // @@@ Deal with password stuff.
95 if (pwfn)
96 PK11_SetPasswordFunc(pwfn);
97 #endif
98 cmsg->pwfn_arg = pwfn_arg;
99 cmsg->decrypt_key_cb = decrypt_key_cb;
100 cmsg->decrypt_key_cb_arg = decrypt_key_cb_arg;
101 }
102
103 /*
104 * SecCmsMessageDestroy - destroy a CMS message and all of its sub-pieces.
105 */
106 void
107 SecCmsMessageDestroy(SecCmsMessageRef cmsg)
108 {
109 PORT_Assert (cmsg->refCount > 0);
110 if (cmsg->refCount <= 0) /* oops */
111 return;
112
113 cmsg->refCount--; /* thread safety? */
114 if (cmsg->refCount > 0)
115 return;
116
117 SecCmsContentInfoDestroy(&(cmsg->contentInfo));
118
119 if (cmsg->poolp) {
120 PORT_FreeArena (cmsg->poolp, PR_TRUE);
121 }
122 }
123
124 /*
125 * SecCmsMessageCopy - return a copy of the given message.
126 *
127 * The copy may be virtual or may be real -- either way, the result needs
128 * to be passed to SecCmsMessageDestroy later (as does the original).
129 */
130 SecCmsMessageRef
131 SecCmsMessageCopy(SecCmsMessageRef cmsg)
132 {
133 if (cmsg == NULL)
134 return NULL;
135
136 PORT_Assert (cmsg->refCount > 0);
137
138 cmsg->refCount++; /* XXX chrisk thread safety? */
139 return cmsg;
140 }
141
142 /*
143 * SecCmsMessageGetContentInfo - return a pointer to the top level contentInfo
144 */
145 SecCmsContentInfoRef
146 SecCmsMessageGetContentInfo(SecCmsMessageRef cmsg)
147 {
148 return &(cmsg->contentInfo);
149 }
150
151 /*
152 * Return a pointer to the actual content.
153 * In the case of those types which are encrypted, this returns the *plain* content.
154 * In case of nested contentInfos, this descends and retrieves the innermost content.
155 */
156 const SecAsn1Item *
157 SecCmsMessageGetContent(SecCmsMessageRef cmsg)
158 {
159 /* this is a shortcut */
160 SecCmsContentInfoRef cinfo = SecCmsMessageGetContentInfo(cmsg);
161 const SecAsn1Item *pItem = SecCmsContentInfoGetInnerContent(cinfo);
162 return pItem;
163 }
164
165 /*
166 * SecCmsMessageContentLevelCount - count number of levels of CMS content objects in this message
167 *
168 * CMS data content objects do not count.
169 */
170 int
171 SecCmsMessageContentLevelCount(SecCmsMessageRef cmsg)
172 {
173 int count = 0;
174 SecCmsContentInfoRef cinfo;
175
176 /* walk down the chain of contentinfos */
177 for (cinfo = &(cmsg->contentInfo); cinfo != NULL; ) {
178 count++;
179 cinfo = SecCmsContentInfoGetChildContentInfo(cinfo);
180 }
181 return count;
182 }
183
184 /*
185 * SecCmsMessageContentLevel - find content level #n
186 *
187 * CMS data content objects do not count.
188 */
189 SecCmsContentInfoRef
190 SecCmsMessageContentLevel(SecCmsMessageRef cmsg, int n)
191 {
192 int count = 0;
193 SecCmsContentInfoRef cinfo;
194
195 /* walk down the chain of contentinfos */
196 for (cinfo = &(cmsg->contentInfo); cinfo != NULL && count < n; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo)) {
197 count++;
198 }
199
200 return cinfo;
201 }
202
203 /*
204 * SecCmsMessageContainsCertsOrCrls - see if message contains certs along the way
205 */
206 Boolean
207 SecCmsMessageContainsCertsOrCrls(SecCmsMessageRef cmsg)
208 {
209 SecCmsContentInfoRef cinfo;
210
211 /* descend into CMS message */
212 for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo)) {
213 if (SecCmsContentInfoGetContentTypeTag(cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
214 continue; /* next level */
215
216 if (SecCmsSignedDataContainsCertsOrCrls(cinfo->content.signedData))
217 return PR_TRUE;
218 }
219 return PR_FALSE;
220 }
221
222 /*
223 * SecCmsMessageIsEncrypted - see if message contains a encrypted submessage
224 */
225 Boolean
226 SecCmsMessageIsEncrypted(SecCmsMessageRef cmsg)
227 {
228 SecCmsContentInfoRef cinfo;
229
230 /* walk down the chain of contentinfos */
231 for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo))
232 {
233 switch (SecCmsContentInfoGetContentTypeTag(cinfo)) {
234 case SEC_OID_PKCS7_ENVELOPED_DATA:
235 case SEC_OID_PKCS7_ENCRYPTED_DATA:
236 return PR_TRUE;
237 default:
238 break;
239 }
240 }
241 return PR_FALSE;
242 }
243
244 /*
245 * SecCmsMessageIsSigned - see if message contains a signed submessage
246 *
247 * If the CMS message has a SignedData with a signature (not just a SignedData)
248 * return true; false otherwise. This can/should be called before calling
249 * VerifySignature, which will always indicate failure if no signature is
250 * present, but that does not mean there even was a signature!
251 * Note that the content itself can be empty (detached content was sent
252 * another way); it is the presence of the signature that matters.
253 */
254 Boolean
255 SecCmsMessageIsSigned(SecCmsMessageRef cmsg)
256 {
257 SecCmsContentInfoRef cinfo;
258
259 /* walk down the chain of contentinfos */
260 for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo))
261 {
262 switch (SecCmsContentInfoGetContentTypeTag(cinfo)) {
263 case SEC_OID_PKCS7_SIGNED_DATA:
264 if (!SecCmsArrayIsEmpty((void **)cinfo->content.signedData->signerInfos))
265 return PR_TRUE;
266 break;
267 default:
268 break;
269 }
270 }
271 return PR_FALSE;
272 }
273
274 /*
275 * SecCmsMessageIsContentEmpty - see if content is empty
276 *
277 * returns PR_TRUE is innermost content length is < minLen
278 * XXX need the encrypted content length (why?)
279 */
280 Boolean
281 SecCmsMessageIsContentEmpty(SecCmsMessageRef cmsg, unsigned int minLen)
282 {
283 SecAsn1Item * item = NULL;
284
285 if (cmsg == NULL)
286 return PR_TRUE;
287
288 item = SecCmsContentInfoGetContent(SecCmsMessageGetContentInfo(cmsg));
289
290 if (!item) {
291 return PR_TRUE;
292 } else if(item->Length <= minLen) {
293 return PR_TRUE;
294 }
295
296 return PR_FALSE;
297 }