+++ /dev/null
-/*
- * crypto-embedded.c
- * libsecurity_smime
- *
- * Created by Conrad Sauerwald on 2/7/08.
- * Copyright (c) 2008-2011,2013 Apple Inc. All Rights Reserved.
- *
- */
-
-#include <stdio.h>
-
-#include "cert.h"
-#include "cryptohi.h"
-
-#include "cmstpriv.h"
-#include "secoid.h"
-#include "cmspriv.h"
-
-#include <libDER/DER_Decode.h>
-#include <security_asn1/secerr.h>
-#include <security_asn1/secport.h>
-
-#include <Security/SecBase.h>
-
-#include <CoreFoundation/CFNumber.h>
-#include <CoreFoundation/CFString.h>
-
-#include <Security/oidsalg.h>
-#include <Security/SecPolicy.h>
-#include <Security/SecItem.h>
-#include <Security/SecIdentity.h>
-#include <Security/SecCertificateInternal.h>
-#include <Security/SecKeyPriv.h>
-
-#include <CommonCrypto/CommonDigest.h>
-#include <AssertMacros.h>
-
-SECStatus
-CERT_VerifyCert(SecKeychainRef keychainOrArray __unused, CFArrayRef certs,
- CFTypeRef policies, CFAbsoluteTime stime, SecTrustRef *trustRef)
-{
- SecTrustRef trust = NULL;
- OSStatus rv;
-
- rv = SecTrustCreateWithCertificates(certs, policies, &trust);
- if (rv)
- goto loser;
-
- CFDateRef verifyDate = CFDateCreate(NULL, stime);
- rv = SecTrustSetVerifyDate(trust, verifyDate);
- CFRelease(verifyDate);
- if (rv)
- goto loser;
-
- if (trustRef)
- {
- *trustRef = trust;
- }
- else
- {
- SecTrustResultType result;
- /* The caller doesn't want a SecTrust object, so let's evaluate it for them. */
- rv = SecTrustEvaluate(trust, &result);
- if (rv)
- goto loser;
-
- switch (result)
- {
- case kSecTrustResultProceed:
- case kSecTrustResultUnspecified:
- /* TP Verification succeeded and there was either a UserTurst entry
- telling us to procceed, or no user trust setting was specified. */
- CFRelease(trust);
- break;
- default:
- PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
- rv = SECFailure;
- goto loser;
- break;
- }
- }
-
- return SECSuccess;
-loser:
- if (trust)
- CFRelease(trust);
-
- return rv;
-}
-
-
-SecCertificateRef CERT_FindUserCertByUsage(SecKeychainRef keychainOrArray,
- char *nickname,SECCertUsage usage,Boolean validOnly,void *proto_win)
-{
- CFStringRef nickname_cfstr = CFStringCreateWithCString(kCFAllocatorDefault, nickname, kCFStringEncodingUTF8);
- const void *keys[] = { kSecClass, kSecAttrLabel };
- const void *values[] = { kSecClassCertificate, nickname_cfstr };
- CFDictionaryRef query = CFDictionaryCreate(kCFAllocatorDefault, keys, values, sizeof(keys)/sizeof(*keys), NULL, NULL);
- CFTypeRef result = NULL;
- SecItemCopyMatching(query, &result);
- CFRelease(query);
- CFRelease(nickname_cfstr);
- return (SecCertificateRef)result;
-}
-
-CF_RETURNS_RETAINED CFArrayRef CERT_CertChainFromCert(SecCertificateRef cert, SECCertUsage usage, Boolean includeRoot)
-{
- CFMutableArrayRef certs = NULL;
- SecPolicyRef policy = NULL;
- SecTrustRef trust = NULL;
- CFArrayRef wrappedCert = NULL;
-
- policy = SecPolicyCreateBasicX509();
- if (!policy)
- goto out;
-
- wrappedCert = CERT_CertListFromCert(cert);
- if (SecTrustCreateWithCertificates(wrappedCert, policy, &trust))
- goto out;
-
- SecTrustResultType result;
- if (SecTrustEvaluate(trust, &result))
- goto out;
- CFIndex idx, count = SecTrustGetCertificateCount(trust);
- certs = CFArrayCreateMutable(kCFAllocatorDefault, count, &kCFTypeArrayCallBacks);
- for(idx = 0; idx < count; idx++)
- CFArrayAppendValue(certs, SecTrustGetCertificateAtIndex(trust, idx));
-
-out:
- if (trust) CFRelease(trust);
- if (policy) CFRelease(policy);
- if (wrappedCert) CFRelease(wrappedCert);
-
- return certs;
-}
-
-CFArrayRef CERT_CertListFromCert(SecCertificateRef cert)
-{
- const void *value = cert;
- return cert ? CFArrayCreate(NULL, &value, 1, &kCFTypeArrayCallBacks) : NULL;
-}
-
-CFArrayRef CERT_DupCertList(CFArrayRef oldList)
-{
- CFRetain(oldList);
- return oldList;
-}
-
-// Extract a public key object from a SubjectPublicKeyInfo
-SecPublicKeyRef CERT_ExtractPublicKey(SecCertificateRef cert)
-{
- return SecCertificateCopyPublicKey(cert);
-}
-
-// Extract the issuer and serial number from a certificate
-SecCmsIssuerAndSN *CERT_GetCertIssuerAndSN(PRArenaPool *pl, SecCertificateRef cert)
-{
- SecCmsIssuerAndSN *certIssuerAndSN;
-
- void *mark;
- mark = PORT_ArenaMark(pl);
- CFDataRef serial_data = NULL;
- CFDataRef issuer_data = SecCertificateCopyIssuerSequence(cert);
- if (!issuer_data)
- goto loser;
- serial_data = SecCertificateCopySerialNumber(cert);
- if (!serial_data)
- goto loser;
-
- SecAsn1Item serialNumber = { CFDataGetLength(serial_data),
- (uint8_t *)CFDataGetBytePtr(serial_data) };
- SecAsn1Item issuer = { CFDataGetLength(issuer_data),
- (uint8_t *)CFDataGetBytePtr(issuer_data) };
-
- /* Allocate the SecCmsIssuerAndSN struct. */
- certIssuerAndSN = (SecCmsIssuerAndSN *)PORT_ArenaZAlloc (pl, sizeof(SecCmsIssuerAndSN));
- if (certIssuerAndSN == NULL)
- goto loser;
-
- /* Copy the issuer. */
- certIssuerAndSN->derIssuer.Data = (uint8_t *) PORT_ArenaAlloc(pl, issuer.Length);
- if (!certIssuerAndSN->derIssuer.Data)
- goto loser;
- PORT_Memcpy(certIssuerAndSN->derIssuer.Data, issuer.Data, issuer.Length);
- certIssuerAndSN->derIssuer.Length = issuer.Length;
-
- /* Copy the serialNumber. */
- certIssuerAndSN->serialNumber.Data = (uint8_t *) PORT_ArenaAlloc(pl, serialNumber.Length);
- if (!certIssuerAndSN->serialNumber.Data)
- goto loser;
- PORT_Memcpy(certIssuerAndSN->serialNumber.Data, serialNumber.Data, serialNumber.Length);
- certIssuerAndSN->serialNumber.Length = serialNumber.Length;
-
- CFRelease(serial_data);
- CFRelease(issuer_data);
-
- PORT_ArenaUnmark(pl, mark);
-
- return certIssuerAndSN;
-
-loser:
- if (serial_data)
- CFRelease(serial_data);
- if (issuer_data)
- CFRelease(issuer_data);
- PORT_ArenaRelease(pl, mark);
- PORT_SetError(SEC_INTERNAL_ONLY);
-
- return NULL;
-}
-
-// find the smime symmetric capabilities profile for a given cert
-SecAsn1Item *CERT_FindSMimeProfile(SecCertificateRef cert)
-{
- return NULL;
-}
-
-// Generate a certificate key from the issuer and serialnumber, then look it up in the database.
-// Return the cert if found. "issuerAndSN" is the issuer and serial number to look for
-static CFTypeRef CERT_FindByIssuerAndSN (CFTypeRef keychainOrArray, CFTypeRef class, const SecCmsIssuerAndSN *issuerAndSN)
-{
- CFTypeRef ident = NULL;
- CFDictionaryRef query = NULL;
- CFDataRef issuer = NULL;
- CFDataRef serial = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault,
- issuerAndSN->serialNumber.Data, issuerAndSN->serialNumber.Length,
- kCFAllocatorNull);
-
- DERItem der_issuer = { issuerAndSN->derIssuer.Data,
- issuerAndSN->derIssuer.Length };
- DERDecodedInfo content;
- require_noerr_quiet(DERDecodeItem(&der_issuer, &content), out);
- require_quiet(issuer = createNormalizedX501Name(kCFAllocatorDefault,
- &content.content), out);
-
- if (keychainOrArray && (CFGetTypeID(keychainOrArray) == CFArrayGetTypeID()) && CFEqual(class, kSecClassCertificate))
- {
- CFIndex c, count = CFArrayGetCount((CFArrayRef)keychainOrArray);
- for (c = 0; c < count; c++) {
- SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex((CFArrayRef)keychainOrArray, c);
- CFDataRef nic = (cert) ? SecCertificateGetNormalizedIssuerContent(cert) : NULL;
- if (nic && CFEqual(nic, issuer)) {
- CFDataRef cert_serial = SecCertificateCopySerialNumber(cert);
- if (cert_serial) {
- bool found = CFEqual(cert_serial, serial);
- CFRelease(cert_serial);
- if (found) {
- CFRetain(cert);
- ident = cert;
- goto out;
- }
- }
- }
- }
- }
-
- const void *keys[] = { kSecClass, kSecAttrIssuer, kSecAttrSerialNumber, kSecReturnRef };
- const void *values[] = { class, issuer, serial, kCFBooleanTrue };
- query = CFDictionaryCreate(kCFAllocatorDefault, keys, values, sizeof(keys)/sizeof(*keys), NULL, NULL);
- require_noerr_quiet(SecItemCopyMatching(query, (CFTypeRef*)&ident), out);
-
-out:
- if (query)
- CFRelease(query);
- if (issuer)
- CFRelease(issuer);
- if (serial)
- CFRelease(serial);
-
- return ident;
-}
-
-SecIdentityRef CERT_FindIdentityByIssuerAndSN (CFTypeRef keychainOrArray, const SecCmsIssuerAndSN *issuerAndSN)
-{
- return (SecIdentityRef)CERT_FindByIssuerAndSN(keychainOrArray, kSecClassIdentity, issuerAndSN);
-}
-
-SecCertificateRef CERT_FindCertificateByIssuerAndSN (CFTypeRef keychainOrArray, const SecCmsIssuerAndSN *issuerAndSN)
-{
- return (SecCertificateRef)CERT_FindByIssuerAndSN(keychainOrArray, kSecClassCertificate, issuerAndSN);
-}
-
-SecIdentityRef CERT_FindIdentityBySubjectKeyID (CFTypeRef keychainOrArray __unused, const SecAsn1Item *subjKeyID)
-{
- SecIdentityRef ident = NULL;
- CFDictionaryRef query = NULL;
- CFDataRef subjectkeyid = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, subjKeyID->Data, subjKeyID->Length, kCFAllocatorNull);
-
- const void *keys[] = { kSecClass, kSecAttrSubjectKeyID, kSecReturnRef };
- const void *values[] = { kSecClassIdentity, subjectkeyid, kCFBooleanTrue };
- query = CFDictionaryCreate(kCFAllocatorDefault, keys, values, sizeof(keys)/sizeof(*keys), NULL, NULL);
- require_noerr_quiet(SecItemCopyMatching(query, (CFTypeRef*)&ident), out);
-
-out:
- if (query)
- CFRelease(query);
- if (subjectkeyid)
- CFRelease(subjectkeyid);
-
- return ident;
-}
-
-
-
-SecPublicKeyRef SECKEY_CopyPublicKey(SecPublicKeyRef pubKey)
-{
- CFRetain(pubKey);
- return pubKey;
-}
-
-void SECKEY_DestroyPublicKey(SecPublicKeyRef pubKey)
-{
- CFRelease(pubKey);
-}
-
-SecPublicKeyRef SECKEY_CopyPrivateKey(SecPublicKeyRef privKey)
-{
- CFRetain(privKey);
- return privKey;
-}
-
-void SECKEY_DestroyPrivateKey(SecPublicKeyRef privKey)
-{
- CFRelease(privKey);
-}
-
-void CERT_DestroyCertificate(SecCertificateRef cert)
-{
- CFRelease(cert);
-}
-
-SecCertificateRef CERT_DupCertificate(SecCertificateRef cert)
-{
- CFRetain(cert);
- return cert;
-}
-
-SECStatus
-WRAP_PubWrapSymKey(SecPublicKeyRef publickey,
- SecSymmetricKeyRef bulkkey,
- SecAsn1Item * encKey)
-{
- return SecKeyEncrypt(publickey, kSecPaddingPKCS1,
- CFDataGetBytePtr(bulkkey), CFDataGetLength(bulkkey),
- encKey->Data, &encKey->Length);
-}
-
-SecSymmetricKeyRef
-WRAP_PubUnwrapSymKey(SecPrivateKeyRef privkey, const SecAsn1Item *encKey, SECOidTag bulkalgtag)
-{
- size_t bulkkey_size = encKey->Length;
- uint8_t bulkkey_buffer[bulkkey_size];
- if (SecKeyDecrypt(privkey, kSecPaddingPKCS1,
- encKey->Data, encKey->Length, bulkkey_buffer, &bulkkey_size))
- return NULL;
-
- CFDataRef bulkkey = CFDataCreate(kCFAllocatorDefault, bulkkey_buffer, bulkkey_size);
- return (SecSymmetricKeyRef)bulkkey;
-}
-
-
-bool
-CERT_CheckIssuerAndSerial(SecCertificateRef cert, SecAsn1Item *issuer, SecAsn1Item *serial)
-{
- do {
- CFDataRef cert_issuer = SecCertificateCopyIssuerSequence(cert);
- if (!cert_issuer)
- break;
- if ((issuer->Length != (size_t)CFDataGetLength(cert_issuer)) ||
- memcmp(issuer->Data, CFDataGetBytePtr(cert_issuer), issuer->Length)) {
- CFRelease(cert_issuer);
- break;
- }
- CFRelease(cert_issuer);
- CFDataRef cert_serial = SecCertificateCopySerialNumber(cert);
- if (!cert_serial)
- break;
- if ((serial->Length != (size_t)CFDataGetLength(cert_serial)) ||
- memcmp(serial->Data, CFDataGetBytePtr(cert_serial), serial->Length)) {
- CFRelease(cert_serial);
- break;
- }
- CFRelease(cert_serial);
- return true;
- } while(0);
- return false;
-}
projects / apple / security.git / blobdiff