2 * The contents of this file are subject to the Mozilla Public
3 * License Version 1.1 (the "License"); you may not use this file
4 * except in compliance with the License. You may obtain a copy of
5 * the License at http://www.mozilla.org/MPL/
7 * Software distributed under the License is distributed on an "AS
8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9 * implied. See the License for the specific language governing
10 * rights and limitations under the License.
12 * The Original Code is the Netscape security libraries.
14 * The Initial Developer of the Original Code is Netscape
15 * Communications Corporation. Portions created by Netscape are
16 * Copyright (C) 1994-2000 Netscape Communications Corporation. All
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU General Public License Version 2 or later (the
23 * "GPL"), in which case the provisions of the GPL are applicable
24 * instead of those above. If you wish to allow use of your
25 * version of this file only under the terms of the GPL and not to
26 * allow others to use your version of this file under the MPL,
27 * indicate your decision by deleting the provisions above and
28 * replace them with the notice and other provisions required by
29 * the GPL. If you do not delete the provisions above, a recipient
30 * may use your version of this file under either the MPL or the
35 * CMS miscellaneous utility functions.
38 #include <Security/SecCmsEncoder.h> /* @@@ Remove this when we move the Encoder method. */
46 #include <security_asn1/secasn1.h>
47 #include <security_asn1/secerr.h>
48 #include <Security/cssmapi.h>
49 #include <Security/cssmapple.h>
50 #include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
54 * SecCmsArraySortByDER - sort array of objects by objects' DER encoding
56 * make sure that the order of the objects guarantees valid DER (which must be
57 * in lexigraphically ascending order for a SET OF); if reordering is necessary it
58 * will be done in place (in objs).
61 SecCmsArraySortByDER(void **objs
, const SecAsn1Template
*objtemplate
, void **objs2
)
65 CSSM_DATA_PTR
*enc_objs
;
66 OSStatus rv
= SECFailure
;
69 if (objs
== NULL
) /* already sorted */
72 num_objs
= SecCmsArrayCount((void **)objs
);
73 if (num_objs
== 0 || num_objs
== 1) /* already sorted. */
76 poolp
= PORT_NewArena (1024); /* arena for temporaries */
78 return SECFailure
; /* no memory; nothing we can do... */
81 * Allocate arrays to hold the individual encodings which we will use
82 * for comparisons and the reordered attributes as they are sorted.
84 enc_objs
= (CSSM_DATA_PTR
*)PORT_ArenaZAlloc(poolp
, (num_objs
+ 1) * sizeof(CSSM_DATA_PTR
));
88 /* DER encode each individual object. */
89 for (i
= 0; i
< num_objs
; i
++) {
90 enc_objs
[i
] = SEC_ASN1EncodeItem(poolp
, NULL
, objs
[i
], objtemplate
);
91 if (enc_objs
[i
] == NULL
)
94 enc_objs
[num_objs
] = NULL
;
96 /* now compare and sort objs by the order of enc_objs */
97 SecCmsArraySort((void **)enc_objs
, SecCmsUtilDERCompare
, objs
, objs2
);
102 PORT_FreeArena (poolp
, PR_FALSE
);
107 * SecCmsUtilDERCompare - for use with SecCmsArraySort to
108 * sort arrays of CSSM_DATAs containing DER
111 SecCmsUtilDERCompare(void *a
, void *b
)
113 CSSM_DATA_PTR der1
= (CSSM_DATA_PTR
)a
;
114 CSSM_DATA_PTR der2
= (CSSM_DATA_PTR
)b
;
118 * Find the lowest (lexigraphically) encoding. One that is
119 * shorter than all the rest is known to be "less" because each
120 * attribute is of the same type (a SEQUENCE) and so thus the
121 * first octet of each is the same, and the second octet is
122 * the length (or the length of the length with the high bit
123 * set, followed by the length, which also works out to always
124 * order the shorter first). Two (or more) that have the
125 * same length need to be compared byte by byte until a mismatch
128 if (der1
->Length
!= der2
->Length
)
129 return (der1
->Length
< der2
->Length
) ? -1 : 1;
131 for (j
= 0; j
< der1
->Length
; j
++) {
132 if (der1
->Data
[j
] == der2
->Data
[j
])
134 return (der1
->Data
[j
] < der2
->Data
[j
]) ? -1 : 1;
140 * SecCmsAlgArrayGetIndexByAlgID - find a specific algorithm in an array of
143 * algorithmArray - array of algorithm IDs
144 * algid - algorithmid of algorithm to pick
147 * An integer containing the index of the algorithm in the array or -1 if
148 * algorithm was not found.
151 SecCmsAlgArrayGetIndexByAlgID(SECAlgorithmID
**algorithmArray
, SECAlgorithmID
*algid
)
155 if (algorithmArray
== NULL
|| algorithmArray
[0] == NULL
)
158 for (i
= 0; algorithmArray
[i
] != NULL
; i
++) {
159 if (SECOID_CompareAlgorithmID(algorithmArray
[i
], algid
) == SECEqual
)
163 if (algorithmArray
[i
] == NULL
)
164 return -1; /* not found */
170 * SecCmsAlgArrayGetIndexByAlgTag - find a specific algorithm in an array of
173 * algorithmArray - array of algorithm IDs
174 * algtag - algorithm tag of algorithm to pick
177 * An integer containing the index of the algorithm in the array or -1 if
178 * algorithm was not found.
181 SecCmsAlgArrayGetIndexByAlgTag(SECAlgorithmID
**algorithmArray
,
187 if (algorithmArray
== NULL
|| algorithmArray
[0] == NULL
)
190 #ifdef ORDER_N_SQUARED
191 for (i
= 0; algorithmArray
[i
] != NULL
; i
++) {
192 algid
= SECOID_FindOID(&(algorithmArray
[i
]->algorithm
));
193 if (algid
->offset
== algtag
)
197 algid
= SECOID_FindOIDByTag(algtag
);
200 for (i
= 0; algorithmArray
[i
] != NULL
; i
++) {
201 if (SECITEM_ItemsAreEqual(&algorithmArray
[i
]->algorithm
, &algid
->oid
))
206 if (algorithmArray
[i
] == NULL
)
207 return -1; /* not found */
213 SecCmsUtilGetHashObjByAlgID(SECAlgorithmID
*algid
)
215 SECOidData
*oidData
= SECOID_FindOID(&(algid
->algorithm
));
218 CSSM_ALGORITHMS alg
= oidData
->cssmAlgorithm
;
221 CSSM_CC_HANDLE digobj
;
222 CSSM_CSP_HANDLE cspHandle
= SecCspHandleForAlgorithm(alg
);
224 if (!CSSM_CSP_CreateDigestContext(cspHandle
, alg
, &digobj
))
233 * XXX I would *really* like to not have to do this, but the current
234 * signing interface gives me little choice.
237 SecCmsUtilMakeSignatureAlgorithm(SECOidTag hashalg
, SECOidTag encalg
)
240 case SEC_OID_PKCS1_RSA_ENCRYPTION
:
243 return SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION
;
245 return SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION
;
247 return SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION
;
249 return SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION
;
251 return SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION
;
253 return SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION
;
255 return SEC_OID_UNKNOWN
;
257 case SEC_OID_ANSIX9_DSA_SIGNATURE
:
258 case SEC_OID_MISSI_KEA_DSS
:
259 case SEC_OID_MISSI_DSS
:
262 return SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST
;
264 return SEC_OID_UNKNOWN
;
266 case SEC_OID_EC_PUBLIC_KEY
:
269 * Note this is only used when signing and verifying signed attributes,
270 * In which case we really do want the combined ECDSA_WithSHA1 alg...
273 return SEC_OID_ECDSA_WithSHA1
;
275 return SEC_OID_UNKNOWN
;
281 return encalg
; /* maybe it is already the right algid */
284 const SecAsn1Template
*
285 SecCmsUtilGetTemplateByTypeTag(SECOidTag type
)
287 const SecAsn1Template
*template;
288 extern const SecAsn1Template SecCmsSignedDataTemplate
[];
289 extern const SecAsn1Template SecCmsEnvelopedDataTemplate
[];
290 extern const SecAsn1Template SecCmsEncryptedDataTemplate
[];
291 extern const SecAsn1Template SecCmsDigestedDataTemplate
[];
294 case SEC_OID_PKCS7_SIGNED_DATA
:
295 template = SecCmsSignedDataTemplate
;
297 case SEC_OID_PKCS7_ENVELOPED_DATA
:
298 template = SecCmsEnvelopedDataTemplate
;
300 case SEC_OID_PKCS7_ENCRYPTED_DATA
:
301 template = SecCmsEncryptedDataTemplate
;
303 case SEC_OID_PKCS7_DIGESTED_DATA
:
304 template = SecCmsDigestedDataTemplate
;
307 case SEC_OID_PKCS7_DATA
:
316 SecCmsUtilGetSizeByTypeTag(SECOidTag type
)
321 case SEC_OID_PKCS7_SIGNED_DATA
:
322 size
= sizeof(SecCmsSignedData
);
324 case SEC_OID_PKCS7_ENVELOPED_DATA
:
325 size
= sizeof(SecCmsEnvelopedData
);
327 case SEC_OID_PKCS7_ENCRYPTED_DATA
:
328 size
= sizeof(SecCmsEncryptedData
);
330 case SEC_OID_PKCS7_DIGESTED_DATA
:
331 size
= sizeof(SecCmsDigestedData
);
334 case SEC_OID_PKCS7_DATA
:
342 SecCmsContentGetContentInfo(void *msg
, SECOidTag type
)
345 SecCmsContentInfoRef cinfo
;
351 case SEC_OID_PKCS7_SIGNED_DATA
:
352 cinfo
= &(c
.signedData
->contentInfo
);
354 case SEC_OID_PKCS7_ENVELOPED_DATA
:
355 cinfo
= &(c
.envelopedData
->contentInfo
);
357 case SEC_OID_PKCS7_ENCRYPTED_DATA
:
358 cinfo
= &(c
.encryptedData
->contentInfo
);
360 case SEC_OID_PKCS7_DIGESTED_DATA
:
361 cinfo
= &(c
.digestedData
->contentInfo
);
369 // @@@ Return CFStringRef and do localization.
371 SecCmsUtilVerificationStatusToString(SecCmsVerificationStatus vs
)
374 case SecCmsVSUnverified
: return "Unverified";
375 case SecCmsVSGoodSignature
: return "GoodSignature";
376 case SecCmsVSBadSignature
: return "BadSignature";
377 case SecCmsVSDigestMismatch
: return "DigestMismatch";
378 case SecCmsVSSigningCertNotFound
: return "SigningCertNotFound";
379 case SecCmsVSSigningCertNotTrusted
: return "SigningCertNotTrusted";
380 case SecCmsVSSignatureAlgorithmUnknown
: return "SignatureAlgorithmUnknown";
381 case SecCmsVSSignatureAlgorithmUnsupported
: return "SignatureAlgorithmUnsupported";
382 case SecCmsVSMalformedSignature
: return "MalformedSignature";
383 case SecCmsVSProcessingError
: return "ProcessingError";
384 default: return "Unknown";
389 SecArenaPoolCreate(size_t chunksize
, SecArenaPoolRef
*outArena
)
398 *outArena
= (SecArenaPoolRef
)PORT_NewArena(chunksize
);
402 status
= PORT_GetError();
409 SecArenaPoolFree(SecArenaPoolRef arena
, Boolean zero
)
411 PORT_FreeArena((PLArenaPool
*)arena
, zero
);