+++ /dev/null
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * CMS message methods.
- */
-
-#include <Security/SecCmsMessage.h>
-
-#include <Security/SecCmsContentInfo.h>
-#include <Security/SecCmsSignedData.h>
-
-#include "cmslocal.h"
-
-#include "secitem.h"
-#include "secoid.h"
-
-#include <security_asn1/secasn1.h>
-#include <security_asn1/secerr.h>
-
-/*
- * SecCmsMessageCreate - create a CMS message object
- *
- * "poolp" - arena to allocate memory from, or NULL if new arena should be created
- */
-SecCmsMessageRef
-SecCmsMessageCreate(SecArenaPoolRef pool)
-{
- PLArenaPool *poolp = (PLArenaPool *)pool;
- void *mark = NULL;
- SecCmsMessageRef cmsg;
- Boolean poolp_is_ours = PR_FALSE;
-
- if (poolp == NULL) {
- poolp = PORT_NewArena (1024); /* XXX what is right value? */
- if (poolp == NULL)
- return NULL;
- poolp_is_ours = PR_TRUE;
- }
-
- if (!poolp_is_ours)
- mark = PORT_ArenaMark(poolp);
-
- cmsg = (SecCmsMessageRef)PORT_ArenaZAlloc (poolp, sizeof(SecCmsMessage));
- if (cmsg == NULL) {
- if (!poolp_is_ours) {
- if (mark) {
- PORT_ArenaRelease(poolp, mark);
- }
- } else
- PORT_FreeArena(poolp, PR_FALSE);
- return NULL;
- }
-
- cmsg->poolp = poolp;
- cmsg->poolp_is_ours = poolp_is_ours;
- cmsg->refCount = 1;
-
- if (mark)
- PORT_ArenaUnmark(poolp, mark);
-
- return cmsg;
-}
-
-/*
- * SecCmsMessageSetEncodingParams - set up a CMS message object for encoding or decoding
- *
- * "cmsg" - message object
- * "pwfn", pwfn_arg" - callback function for getting token password
- * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
- * "detached_digestalgs", "detached_digests" - digests from detached content
- */
-void
-SecCmsMessageSetEncodingParams(SecCmsMessageRef cmsg,
- PK11PasswordFunc pwfn, void *pwfn_arg,
- SecCmsGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
- SECAlgorithmID **detached_digestalgs, CSSM_DATA_PTR *detached_digests)
-{
-#if 0
- // @@@ Deal with password stuff.
- if (pwfn)
- PK11_SetPasswordFunc(pwfn);
-#endif
- cmsg->pwfn_arg = pwfn_arg;
- cmsg->decrypt_key_cb = decrypt_key_cb;
- cmsg->decrypt_key_cb_arg = decrypt_key_cb_arg;
- cmsg->detached_digestalgs = detached_digestalgs;
- cmsg->detached_digests = detached_digests;
-}
-
-/*
- * SecCmsMessageDestroy - destroy a CMS message and all of its sub-pieces.
- */
-void
-SecCmsMessageDestroy(SecCmsMessageRef cmsg)
-{
- PORT_Assert (cmsg->refCount > 0);
- if (cmsg->refCount <= 0) /* oops */
- return;
-
- cmsg->refCount--; /* thread safety? */
- if (cmsg->refCount > 0)
- return;
-
- SecCmsContentInfoDestroy(&(cmsg->contentInfo));
-
- /* if poolp is not NULL, cmsg is the owner of its arena */
- if (cmsg->poolp_is_ours)
- PORT_FreeArena (cmsg->poolp, PR_FALSE); /* XXX clear it? */
-}
-
-/*
- * SecCmsMessageCopy - return a copy of the given message.
- *
- * The copy may be virtual or may be real -- either way, the result needs
- * to be passed to SecCmsMessageDestroy later (as does the original).
- */
-SecCmsMessageRef
-SecCmsMessageCopy(SecCmsMessageRef cmsg)
-{
- if (cmsg == NULL)
- return NULL;
-
- PORT_Assert (cmsg->refCount > 0);
-
- cmsg->refCount++; /* XXX chrisk thread safety? */
- return cmsg;
-}
-
-/*
- * SecCmsMessageGetArena - return a pointer to the message's arena pool
- */
-SecArenaPoolRef
-SecCmsMessageGetArena(SecCmsMessageRef cmsg)
-{
- return (SecArenaPoolRef)cmsg->poolp;
-}
-
-/*
- * SecCmsMessageGetContentInfo - return a pointer to the top level contentInfo
- */
-SecCmsContentInfoRef
-SecCmsMessageGetContentInfo(SecCmsMessageRef cmsg)
-{
- return &(cmsg->contentInfo);
-}
-
-/*
- * Return a pointer to the actual content.
- * In the case of those types which are encrypted, this returns the *plain* content.
- * In case of nested contentInfos, this descends and retrieves the innermost content.
- */
-CSSM_DATA_PTR
-SecCmsMessageGetContent(SecCmsMessageRef cmsg)
-{
- /* this is a shortcut */
- SecCmsContentInfoRef cinfo = SecCmsMessageGetContentInfo(cmsg);
- CSSM_DATA_PTR pItem = SecCmsContentInfoGetInnerContent(cinfo);
- return pItem;
-}
-
-/*
- * SecCmsMessageContentLevelCount - count number of levels of CMS content objects in this message
- *
- * CMS data content objects do not count.
- */
-int
-SecCmsMessageContentLevelCount(SecCmsMessageRef cmsg)
-{
- int count = 0;
- SecCmsContentInfoRef cinfo;
-
- /* walk down the chain of contentinfos */
- for (cinfo = &(cmsg->contentInfo); cinfo != NULL; ) {
- count++;
- cinfo = SecCmsContentInfoGetChildContentInfo(cinfo);
- }
- return count;
-}
-
-/*
- * SecCmsMessageContentLevel - find content level #n
- *
- * CMS data content objects do not count.
- */
-SecCmsContentInfoRef
-SecCmsMessageContentLevel(SecCmsMessageRef cmsg, int n)
-{
- int count = 0;
- SecCmsContentInfoRef cinfo;
-
- /* walk down the chain of contentinfos */
- for (cinfo = &(cmsg->contentInfo); cinfo != NULL && count < n; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo)) {
- count++;
- }
-
- return cinfo;
-}
-
-/*
- * SecCmsMessageContainsCertsOrCrls - see if message contains certs along the way
- */
-Boolean
-SecCmsMessageContainsCertsOrCrls(SecCmsMessageRef cmsg)
-{
- SecCmsContentInfoRef cinfo;
-
- /* descend into CMS message */
- for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo)) {
- if (SecCmsContentInfoGetContentTypeTag(cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
- continue; /* next level */
-
- if (SecCmsSignedDataContainsCertsOrCrls(cinfo->content.signedData))
- return PR_TRUE;
- }
- return PR_FALSE;
-}
-
-/*
- * SecCmsMessageIsEncrypted - see if message contains a encrypted submessage
- */
-Boolean
-SecCmsMessageIsEncrypted(SecCmsMessageRef cmsg)
-{
- SecCmsContentInfoRef cinfo;
-
- /* walk down the chain of contentinfos */
- for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo))
- {
- switch (SecCmsContentInfoGetContentTypeTag(cinfo)) {
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- return PR_TRUE;
- default:
- break;
- }
- }
- return PR_FALSE;
-}
-
-/*
- * SecCmsMessageIsSigned - see if message contains a signed submessage
- *
- * If the CMS message has a SignedData with a signature (not just a SignedData)
- * return true; false otherwise. This can/should be called before calling
- * VerifySignature, which will always indicate failure if no signature is
- * present, but that does not mean there even was a signature!
- * Note that the content itself can be empty (detached content was sent
- * another way); it is the presence of the signature that matters.
- */
-Boolean
-SecCmsMessageIsSigned(SecCmsMessageRef cmsg)
-{
- SecCmsContentInfoRef cinfo;
-
- /* walk down the chain of contentinfos */
- for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo))
- {
- switch (SecCmsContentInfoGetContentTypeTag(cinfo)) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- if (!SecCmsArrayIsEmpty((void **)cinfo->content.signedData->signerInfos))
- return PR_TRUE;
- break;
- default:
- break;
- }
- }
- return PR_FALSE;
-}
-
-/*
- * SecCmsMessageIsContentEmpty - see if content is empty
- *
- * returns PR_TRUE is innermost content length is < minLen
- * XXX need the encrypted content length (why?)
- */
-Boolean
-SecCmsMessageIsContentEmpty(SecCmsMessageRef cmsg, unsigned int minLen)
-{
- CSSM_DATA_PTR item = NULL;
-
- if (cmsg == NULL)
- return PR_TRUE;
-
- item = SecCmsContentInfoGetContent(SecCmsMessageGetContentInfo(cmsg));
-
- if (!item) {
- return PR_TRUE;
- } else if(item->Length <= minLen) {
- return PR_TRUE;
- }
-
- return PR_FALSE;
-}
-
-/*
- * SecCmsMessageContainsTSTInfo - see if message contains a TimeStamping info block
- */
-Boolean
-SecCmsMessageContainsTSTInfo(SecCmsMessageRef cmsg)
-{
- SecCmsContentInfoRef cinfo;
-
- /* walk down the chain of contentinfos */
- for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo))
- {
- switch (SecCmsContentInfoGetContentTypeTag(cinfo))
- {
- case SEC_OID_PKCS9_ID_CT_TSTInfo:
- // TSTInfo is in cinfo->rawContent->Data
- return PR_TRUE;
- default:
- break;
- }
- }
- return PR_FALSE;
-}
-
-void
-SecCmsMessageSetTSACallback(SecCmsMessageRef cmsg, SecCmsTSACallback tsaCallback)
-{
- if (cmsg)
- cmsg->tsaCallback = tsaCallback;
-}
-
-void
-SecCmsMessageSetTSAContext(SecCmsMessageRef cmsg, const void *tsaContext) //CFTypeRef
-{
- if (cmsg)
- cmsg->tsaContext = tsaContext;
-}
-
projects / apple / security.git / blobdiff