--- /dev/null
+/*
+ * Copyright (c) 2006-2014 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CMSDecoder.cpp - Interface for decoding CMS messages.
+ */
+
+#include "CMSDecoder.h"
+#include "CMSPrivate.h"
+#include "CMSUtils.h"
+#include <../libsecurity_codesigning/lib/csutilities.h>
+
+#include <Security/SecCmsDecoder.h>
+#include <Security/SecCmsEnvelopedData.h>
+#include <Security/SecCmsMessage.h>
+#include <Security/SecCmsSignedData.h>
+#include <Security/SecCmsSignerInfo.h>
+#include <Security/SecCmsContentInfo.h>
+#include <Security/SecCmsDigestContext.h>
+#include <Security/SecCertificate.h>
+#include <Security/SecSMIME.h>
+#include <Security/oidsattr.h>
+#include <Security/SecTrustPriv.h>
+#include <CoreFoundation/CFRuntime.h>
+#include <pthread.h>
+#include <AssertMacros.h>
+
+#pragma mark --- Private types and definitions ---
+
+/*
+ * Decoder state.
+ */
+typedef enum {
+ DS_Init, /* between CMSDecoderCreate and CMSDecoderUpdateMessage */
+ DS_Updating, /* between first CMSDecoderUpdateMessage and CMSDecoderFinalizeMessage */
+ DS_Final /* CMSDecoderFinalizeMessage has been called */
+} CMSDecoderState;
+
+/*
+ * Caller's CMSDecoderRef points to one of these.
+ */
+struct _CMSDecoder {
+ CFRuntimeBase base;
+ CMSDecoderState decState;
+ SecArenaPoolRef arena; /* the decoder's arena */
+ SecCmsDecoderRef decoder;
+ CFDataRef detachedContent;
+ CFTypeRef keychainOrArray; /* from CMSDecoderSetSearchKeychain() */
+
+ /*
+ * The following are valid (and quiescent) after CMSDecoderFinalizeMessage().
+ */
+ SecCmsMessageRef cmsMsg;
+ Boolean wasEncrypted; /* valid after CMSDecoderFinalizeMessage() */
+ SecCmsSignedDataRef signedData; /* if there is one... */
+ /* only non-NULL if we found a signedData */
+ size_t numSigners;
+ CSSM_OID *eContentType;
+ /* etc. */
+};
+
+static void cmsDecoderInit(CFTypeRef dec);
+static void cmsDecoderFinalize(CFTypeRef dec);
+
+static CFRuntimeClass cmsDecoderRuntimeClass =
+{
+ 0, /* version */
+ "CMSDecoder",
+ cmsDecoderInit,
+ NULL, /* copy */
+ cmsDecoderFinalize,
+ NULL, /* equal - just use pointer equality */
+ NULL, /* hash, ditto */
+ NULL, /* copyFormattingDesc */
+ NULL /* copyDebugDesc */
+};
+
+#pragma mark --- Private Routines ---
+
+static CFTypeID cmsDecoderTypeID = _kCFRuntimeNotATypeID;
+
+/* one time only class init, called via pthread_once() in CMSDecoderGetTypeID() */
+static void cmsDecoderClassInitialize(void)
+{
+ cmsDecoderTypeID =
+ _CFRuntimeRegisterClass((const CFRuntimeClass * const)&cmsDecoderRuntimeClass);
+}
+
+/* init called out from _CFRuntimeCreateInstance() */
+static void cmsDecoderInit(CFTypeRef dec)
+{
+ char *start = ((char *)dec) + sizeof(CFRuntimeBase);
+ memset(start, 0, sizeof(struct _CMSDecoder) - sizeof(CFRuntimeBase));
+}
+
+/*
+ * Dispose of a CMSDecoder. Called out from CFRelease().
+ */
+static void cmsDecoderFinalize(
+ CFTypeRef dec)
+{
+ CMSDecoderRef cmsDecoder = (CMSDecoderRef)dec;
+ if(cmsDecoder == NULL) {
+ return;
+ }
+ if(cmsDecoder->decoder != NULL) {
+ /*
+ * Normally this gets freed in SecCmsDecoderFinish - this is
+ * an error case.
+ * FIXME: SecCmsDecoderDestroy() appears to destroy the
+ * cmsMsg too! Plus there's a comment there re: a leak...
+ */
+ SecCmsDecoderDestroy(cmsDecoder->decoder);
+ }
+ CFRELEASE(cmsDecoder->detachedContent);
+ CFRELEASE(cmsDecoder->keychainOrArray);
+ if(cmsDecoder->cmsMsg != NULL) {
+ SecCmsMessageDestroy(cmsDecoder->cmsMsg);
+ }
+ if(cmsDecoder->arena != NULL) {
+ SecArenaPoolFree(cmsDecoder->arena, false);
+ }
+}
+
+
+/*
+ * Given detached content and a valid (decoded) SignedData, digest the detached
+ * content. This occurs at the later of {CMSDecoderFinalizeMessage() finding a
+ * SignedData when already have detachedContent, or CMSDecoderSetDetachedContent()
+ * when we already have a SignedData).
+ */
+static OSStatus cmsDigestDetachedContent(
+ CMSDecoderRef cmsDecoder)
+{
+ ASSERT((cmsDecoder->signedData != NULL) && (cmsDecoder->detachedContent != NULL));
+
+ SECAlgorithmID **digestAlgorithms = SecCmsSignedDataGetDigestAlgs(cmsDecoder->signedData);
+ if(digestAlgorithms == NULL) {
+ return errSecUnknownFormat;
+ }
+ SecCmsDigestContextRef digcx = SecCmsDigestContextStartMultiple(digestAlgorithms);
+ if(digcx == NULL) {
+ return errSecAllocate;
+ }
+ CSSM_DATA **digests = NULL;
+
+ SecCmsDigestContextUpdate(digcx, CFDataGetBytePtr(cmsDecoder->detachedContent),
+ CFDataGetLength(cmsDecoder->detachedContent));
+ /* note this frees the digest content regardless */
+ OSStatus ortn = SecCmsDigestContextFinishMultiple(digcx, cmsDecoder->arena, &digests);
+ if(ortn) {
+ ortn = cmsRtnToOSStatus(ortn);
+ CSSM_PERROR("SecCmsDigestContextFinishMultiple", ortn);
+ return ortn;
+ }
+ ortn = SecCmsSignedDataSetDigests(cmsDecoder->signedData, digestAlgorithms, digests);
+ if(ortn) {
+ ortn = cmsRtnToOSStatus(ortn);
+ CSSM_PERROR("SecCmsSignedDataSetDigests", ortn);
+ }
+ return ortn;
+}
+
+#pragma mark --- Start of Public API ---
+
+CFTypeID CMSDecoderGetTypeID(void)
+{
+ static pthread_once_t once = PTHREAD_ONCE_INIT;
+
+ if(cmsDecoderTypeID == _kCFRuntimeNotATypeID) {
+ pthread_once(&once, &cmsDecoderClassInitialize);
+ }
+ return cmsDecoderTypeID;
+}
+
+/*
+ * Create a CMSDecoder. Result must eventually be freed via CFRelease().
+ */
+OSStatus CMSDecoderCreate(
+ CMSDecoderRef *cmsDecoderOut) /* RETURNED */
+{
+ CMSDecoderRef cmsDecoder = NULL;
+
+ uint32_t extra = sizeof(*cmsDecoder) - sizeof(cmsDecoder->base);
+ cmsDecoder = (CMSDecoderRef)_CFRuntimeCreateInstance(NULL, CMSDecoderGetTypeID(),
+ extra, NULL);
+ if(cmsDecoder == NULL) {
+ return errSecAllocate;
+ }
+ cmsDecoder->decState = DS_Init;
+ *cmsDecoderOut = cmsDecoder;
+ return errSecSuccess;
+}
+
+/*
+ * Feed raw bytes of the message to be decoded into the decoder. Can be called
+ * multiple times.
+ */
+OSStatus CMSDecoderUpdateMessage(
+ CMSDecoderRef cmsDecoder,
+ const void *msgBytes,
+ size_t msgBytesLen)
+{
+ if(cmsDecoder == NULL) {
+ return errSecParam;
+ }
+
+ OSStatus ortn;
+ switch(cmsDecoder->decState) {
+ case DS_Init:
+ /* First time through; set up */
+ ASSERT(cmsDecoder->decoder == NULL);
+ ASSERT(cmsDecoder->arena == NULL);
+ ortn = SecArenaPoolCreate(1024, &cmsDecoder->arena);
+ if(ortn) {
+ return cmsRtnToOSStatus(ortn);
+ }
+ ortn = SecCmsDecoderCreate(cmsDecoder->arena,
+ NULL, NULL, NULL, NULL, NULL, NULL, &cmsDecoder->decoder);
+ if(ortn) {
+ ortn = cmsRtnToOSStatus(ortn);
+ CSSM_PERROR("SecCmsDecoderCreate", ortn);
+ return ortn;
+ }
+ cmsDecoder->decState = DS_Updating;
+ break;
+
+ case DS_Updating:
+ ASSERT(cmsDecoder->decoder != NULL);
+ break;
+
+ case DS_Final:
+ /* Too late for another update */
+ return errSecParam;
+
+ default:
+ dprintf("CMSDecoderUpdateMessage: bad decState\n");
+ return errSecInternalComponent;
+ }
+
+ /* FIXME - CFIndex same size as size_t on 64bit? */
+ ortn = SecCmsDecoderUpdate(cmsDecoder->decoder, msgBytes, (CFIndex)msgBytesLen);
+ if(ortn) {
+ ortn = cmsRtnToOSStatus(ortn, errSecUnknownFormat);
+ CSSM_PERROR("SecCmsDecoderUpdate", ortn);
+ }
+ return ortn;
+}
+
+/*
+ * Indicate that no more CMSDecoderUpdateMessage() calls are forthcoming;
+ * finish decoding the message. We parse the message as best we can, up to
+ * but not including verifying individual signerInfos.
+ */
+OSStatus CMSDecoderFinalizeMessage(
+ CMSDecoderRef cmsDecoder)
+{
+ if(cmsDecoder == NULL) {
+ return errSecParam;
+ }
+ if(cmsDecoder->decState != DS_Updating) {
+ return errSecParam;
+ }
+ ASSERT(cmsDecoder->decoder != NULL);
+ OSStatus ortn = SecCmsDecoderFinish(cmsDecoder->decoder, &cmsDecoder->cmsMsg);
+ cmsDecoder->decState = DS_Final;
+
+ /* SecCmsDecoderFinish destroyed the decoder even on failure */
+ cmsDecoder->decoder = NULL;
+
+ if(ortn) {
+ ortn = cmsRtnToOSStatus(ortn, errSecUnknownFormat);
+ CSSM_PERROR("SecCmsDecoderFinish", ortn);
+ return ortn;
+ }
+
+ ASSERT(cmsDecoder->cmsMsg != NULL);
+ cmsDecoder->wasEncrypted = SecCmsMessageIsEncrypted(cmsDecoder->cmsMsg);
+
+ /* Look for a SignedData */
+ int numContentInfos = SecCmsMessageContentLevelCount(cmsDecoder->cmsMsg);
+ int dex;
+ for(dex=0; dex<numContentInfos; dex++) {
+ SecCmsContentInfoRef ci = SecCmsMessageContentLevel(cmsDecoder->cmsMsg, dex);
+ SECOidTag tag = SecCmsContentInfoGetContentTypeTag(ci);
+ switch(tag) {
+ case SEC_OID_PKCS7_SIGNED_DATA:
+ cmsDecoder->signedData =
+ (SecCmsSignedDataRef)SecCmsContentInfoGetContent(ci);
+ /* dig down one more layer for eContentType */
+ ci = SecCmsSignedDataGetContentInfo(cmsDecoder->signedData);
+ cmsDecoder->eContentType = SecCmsContentInfoGetContentTypeOID(ci);
+ break;
+ default:
+ break;
+ }
+ if(cmsDecoder->signedData != NULL) {
+ break;
+ }
+
+ }
+
+ /* minimal processing of optional signedData... */
+ if(cmsDecoder->signedData != NULL) {
+ cmsDecoder->numSigners = (size_t)
+ SecCmsSignedDataSignerInfoCount(cmsDecoder->signedData);
+ if(cmsDecoder->detachedContent != NULL) {
+ /* time to calculate digests from detached content */
+ ortn = cmsDigestDetachedContent(cmsDecoder);
+ }
+ }
+ return ortn;
+}
+
+/*
+ * A signed CMS message optionally includes the data which was signed. If the
+ * message does not include the signed data, caller specifies the signed data
+ * (the "detached content") here.
+ *
+ * This can be called either before or after the actual decoding of the message
+ * (via CMSDecoderUpdateMessage() and CMSDecoderFinalizeMessage()); the only
+ * restriction is that, if detached content is required, this function must
+ * be called befoere successfully ascertaining the signature status via
+ * CMSDecoderCopySignerStatus().
+ */
+OSStatus CMSDecoderSetDetachedContent(
+ CMSDecoderRef cmsDecoder,
+ CFDataRef detachedContent)
+{
+ if((cmsDecoder == NULL) || (detachedContent == NULL)) {
+ return errSecParam;
+ }
+ cmsDecoder->detachedContent = detachedContent;
+ CFRetain(detachedContent);
+
+ if(cmsDecoder->signedData != NULL) {
+ /* time to calculate digests from detached content */
+ ASSERT(cmsDecoder->decState == DS_Final);
+ return cmsDigestDetachedContent(cmsDecoder);
+ }
+ return errSecSuccess;
+}
+
+/*
+ * Obtain the detached content specified in CMSDecoderSetDetachedContent().
+ * Returns a NULL detachedContent if no detached content has been specified.
+ * Caller must CFRelease() the result.
+ */
+OSStatus CMSDecoderCopyDetachedContent(
+ CMSDecoderRef cmsDecoder,
+ CFDataRef *detachedContent) /* RETURNED */
+{
+ if((cmsDecoder == NULL) || (detachedContent == NULL)) {
+ return errSecParam;
+ }
+ if(cmsDecoder->detachedContent != NULL) {
+ CFRetain(cmsDecoder->detachedContent);
+ }
+ *detachedContent = cmsDecoder->detachedContent;
+ return errSecSuccess;
+}
+
+/*
+ * Optionally specify a SecKeychainRef, or an array of them, containing
+ * intermediate certs to be used in verifying a signed message's signer
+ * certs. By default, the default keychain search list is used for this.
+ * Specify an empty CFArrayRef to search *no* keychains for intermediate
+ * certs.
+ * IF this is called, it must be called before CMSDecoderCopySignerStatus().
+ */
+OSStatus CMSDecoderSetSearchKeychain(
+ CMSDecoderRef cmsDecoder,
+ CFTypeRef keychainOrArray)
+{
+ if(cmsDecoder == NULL) {
+ return errSecParam;
+ }
+ cmsDecoder->keychainOrArray = keychainOrArray;
+ if(keychainOrArray) {
+ CFRetain(keychainOrArray);
+ }
+ return errSecSuccess;
+}
+
+/*
+ * Obtain the number of signers of a message. A result of zero indicates that
+ * the message was not signed.
+ */
+OSStatus CMSDecoderGetNumSigners(
+ CMSDecoderRef cmsDecoder,
+ size_t *numSigners) /* RETURNED */
+{
+ if((cmsDecoder == NULL) || (numSigners == NULL)) {
+ return errSecParam;
+ }
+ if(cmsDecoder->decState != DS_Final) {
+ return errSecParam;
+ }
+ *numSigners = cmsDecoder->numSigners;
+ return errSecSuccess;
+}
+
+/*
+ * Obtain the status of a CMS message's signature. A CMS message can
+ * be signed my multiple signers; this function returns the status
+ * associated with signer 'n' as indicated by the signerIndex parameter.
+ */
+OSStatus CMSDecoderCopySignerStatus(
+ CMSDecoderRef cmsDecoder,
+ size_t signerIndex,
+ CFTypeRef policyOrArray,
+ Boolean evaluateSecTrust,
+ CMSSignerStatus *signerStatus, /* optional; RETURNED */
+ SecTrustRef *secTrust, /* optional; RETURNED */
+ OSStatus *certVerifyResultCode) /* optional; RETURNED */
+{
+ if((cmsDecoder == NULL) || (cmsDecoder->decState != DS_Final)) {
+ return errSecParam;
+ }
+
+ /* initialize return values */
+ if(signerStatus) {
+ *signerStatus = kCMSSignerUnsigned;
+ }
+ if(secTrust) {
+ *secTrust = NULL;
+ }
+ if(certVerifyResultCode) {
+ *certVerifyResultCode = 0;
+ }
+
+ if(cmsDecoder->signedData == NULL) {
+ *signerStatus = kCMSSignerUnsigned; /* redundant, I know, but explicit */
+ return errSecSuccess;
+ }
+ ASSERT(cmsDecoder->numSigners > 0);
+ if(signerIndex >= cmsDecoder->numSigners) {
+ *signerStatus = kCMSSignerInvalidIndex;
+ return errSecSuccess;
+ }
+ if(!SecCmsSignedDataHasDigests(cmsDecoder->signedData)) {
+ *signerStatus = kCMSSignerNeedsDetachedContent;
+ return errSecSuccess;
+ }
+
+ /*
+ * OK, we should be able to verify this signerInfo.
+ * I think we have to do the SecCmsSignedDataVerifySignerInfo first
+ * in order get all the cert pieces into place before returning them
+ * to the caller.
+ */
+ SecTrustRef theTrust = NULL;
+ OSStatus vfyRtn = SecCmsSignedDataVerifySignerInfo(cmsDecoder->signedData,
+ (int)signerIndex,
+ /*
+ * FIXME this cast should not be necessary, but libsecurity_smime
+ * declares this argument as a SecKeychainRef
+ */
+ (SecKeychainRef)cmsDecoder->keychainOrArray,
+ policyOrArray,
+ &theTrust);
+ /* Subsequent errors to errOut: */
+
+ /*
+ * NOTE the smime lib did NOT evaluate that SecTrust - it only does
+ * SecTrustEvaluate() if we don't ask for a copy.
+ *
+ * FIXME deal with multitudes of status returns here...for now, proceed with
+ * obtaining components the caller wants and assume that a nonzero vfyRtn
+ * means "bad signature".
+ */
+ OSStatus ortn = errSecSuccess;
+ SecTrustResultType secTrustResult;
+ CSSM_RETURN tpVfyStatus = CSSM_OK;
+ OSStatus evalRtn;
+
+ if(secTrust != NULL) {
+ *secTrust = theTrust;
+ /* we'll release our reference at the end */
+ if (theTrust)
+ CFRetain(theTrust);
+ }
+ SecCmsSignerInfoRef signerInfo =
+ SecCmsSignedDataGetSignerInfo(cmsDecoder->signedData, (int)signerIndex);
+ if(signerInfo == NULL) {
+ /* should never happen */
+ ASSERT(0);
+ dprintf("CMSDecoderCopySignerStatus: no signerInfo\n");
+ ortn = errSecInternalComponent;
+ goto errOut;
+ }
+
+ /* now do the actual cert verify */
+ if(evaluateSecTrust) {
+ evalRtn = SecTrustEvaluate(theTrust, &secTrustResult);
+ if(evalRtn) {
+ /* should never happen */
+ CSSM_PERROR("SecTrustEvaluate", evalRtn);
+ dprintf("CMSDecoderCopySignerStatus: SecTrustEvaluate error\n");
+ ortn = errSecInternalComponent;
+ goto errOut;
+ }
+ switch(secTrustResult) {
+ case kSecTrustResultUnspecified:
+ /* cert chain valid, no special UserTrust assignments */
+ case kSecTrustResultProceed:
+ /* cert chain valid AND user explicitly trusts this */
+ break;
+ case kSecTrustResultDeny:
+ tpVfyStatus = CSSMERR_APPLETP_TRUST_SETTING_DENY;
+ break;
+ case kSecTrustResultConfirm:
+ dprintf("SecTrustEvaluate reported confirm\n");
+ tpVfyStatus = CSSMERR_TP_NOT_TRUSTED;
+ break;
+ default:
+ {
+ /* get low-level TP error */
+ OSStatus tpStatus;
+ ortn = SecTrustGetCssmResultCode(theTrust, &tpStatus);
+ if(ortn) {
+ CSSM_PERROR("SecTrustGetCssmResultCode", ortn);
+ }
+ else {
+ tpVfyStatus = tpStatus;
+ }
+ CSSM_PERROR("TP status after SecTrustEvaluate", tpVfyStatus);
+ break;
+ }
+ } /* switch(secTrustResult) */
+ } /* evaluateSecTrust true */
+ if(certVerifyResultCode != NULL) {
+ *certVerifyResultCode = tpVfyStatus;
+ }
+
+ /* cook up global status based on vfyRtn and tpVfyStatus */
+ if(signerStatus != NULL) {
+ if((vfyRtn == errSecSuccess) && (tpVfyStatus == CSSM_OK)) {
+ *signerStatus = kCMSSignerValid;
+ }
+ else if(vfyRtn != errSecSuccess) {
+ /* this could mean other things, but for now... */
+ *signerStatus = kCMSSignerInvalidSignature;
+ }
+ else {
+ *signerStatus = kCMSSignerInvalidCert;
+ }
+ }
+errOut:
+ CFRELEASE(theTrust);
+ return ortn;
+}
+
+/*
+ * Obtain the email address of signer 'signerIndex' of a CMS message, if
+ * present.
+ *
+ * This cannot be called until after CMSDecoderFinalizeMessage() is called.
+ */
+OSStatus CMSDecoderCopySignerEmailAddress(
+ CMSDecoderRef cmsDecoder,
+ size_t signerIndex,
+ CFStringRef *signerEmailAddress) /* RETURNED */
+{
+ if((cmsDecoder == NULL) ||
+ (signerEmailAddress == NULL) ||
+ (cmsDecoder->signedData == NULL) || /* not signed */
+ (signerIndex >= cmsDecoder->numSigners) || /* index out of range */
+ (cmsDecoder->decState != DS_Final)) {
+ return errSecParam;
+ }
+
+ SecCmsSignerInfoRef signerInfo =
+ SecCmsSignedDataGetSignerInfo(cmsDecoder->signedData, (int)signerIndex);
+ if(signerInfo == NULL) {
+ /* should never happen */
+ ASSERT(0);
+ dprintf("CMSDecoderCopySignerEmailAddress: no signerInfo\n");
+ return errSecInternalComponent;
+ }
+
+ /*
+ * This is leaking memory in libsecurityKeychain per Radar 4412699.
+ */
+ *signerEmailAddress = SecCmsSignerInfoGetSignerEmailAddress(signerInfo);
+ return errSecSuccess;
+}
+
+/*
+ * Obtain the certificate of signer 'signerIndex' of a CMS message, if
+ * present.
+ *
+ * This cannot be called until after CMSDecoderFinalizeMessage() is called.
+ */
+OSStatus CMSDecoderCopySignerCert(
+ CMSDecoderRef cmsDecoder,
+ size_t signerIndex,
+ SecCertificateRef *signerCert) /* RETURNED */
+{
+ if((cmsDecoder == NULL) ||
+ (signerCert == NULL) ||
+ (cmsDecoder->signedData == NULL) || /* not signed */
+ (signerIndex >= cmsDecoder->numSigners) || /* index out of range */
+ (cmsDecoder->decState != DS_Final)) {
+ return errSecParam;
+ }
+
+ SecCmsSignerInfoRef signerInfo =
+ SecCmsSignedDataGetSignerInfo(cmsDecoder->signedData, (int)signerIndex);
+ if(signerInfo == NULL) {
+ /* should never happen */
+ ASSERT(0);
+ dprintf("CMSDecoderCopySignerCertificate: no signerInfo\n");
+ return errSecInternalComponent;
+ }
+ *signerCert = SecCmsSignerInfoGetSigningCertificate(signerInfo, NULL);
+ /* libsecurity_smime does NOT retain that */
+ if(*signerCert == NULL) {
+ /* should never happen */
+ ASSERT(0);
+ dprintf("CMSDecoderCopySignerCertificate: no signerCert\n");
+ return errSecInternalComponent;
+ }
+ CFRetain(*signerCert);
+ return errSecSuccess;
+}
+
+/*
+ * Determine whether a CMS message was encrypted, and if so, whether we were
+ * able to decrypt it.
+ */
+OSStatus CMSDecoderIsContentEncrypted(
+ CMSDecoderRef cmsDecoder,
+ Boolean *wasEncrypted)
+{
+ if((cmsDecoder == NULL) || (wasEncrypted == NULL)) {
+ return errSecParam;
+ }
+ if(cmsDecoder->decState != DS_Final) {
+ return errSecParam;
+ }
+ *wasEncrypted = cmsDecoder->wasEncrypted;
+ return errSecSuccess;
+}
+
+/*
+ * Obtain the eContentType OID for a SignedData's EncapsulatedContentType, if
+ * present.
+ */
+OSStatus CMSDecoderCopyEncapsulatedContentType(
+ CMSDecoderRef cmsDecoder,
+ CFDataRef *eContentType) /* RETURNED */
+{
+ if((cmsDecoder == NULL) || (eContentType == NULL)) {
+ return errSecParam;
+ }
+ if(cmsDecoder->decState != DS_Final) {
+ return errSecParam;
+ }
+ if(cmsDecoder->signedData == NULL) {
+ *eContentType = NULL;
+ }
+ else {
+ CSSM_OID *ecOid = cmsDecoder->eContentType;
+ *eContentType = CFDataCreate(NULL, ecOid->Data, ecOid->Length);
+ }
+ return errSecSuccess;
+}
+
+/*
+ * Obtain an array of all of the certificates in a message. Elements of the
+ * returned array are SecCertificateRefs. The caller must CFRelease the returned
+ * array.
+ * This cannot be called until after CMSDecoderFinalizeMessage() is called.
+ */
+OSStatus CMSDecoderCopyAllCerts(
+ CMSDecoderRef cmsDecoder,
+ CFArrayRef *certs) /* RETURNED */
+{
+ if((cmsDecoder == NULL) || (certs == NULL)) {
+ return errSecParam;
+ }
+ if(cmsDecoder->decState != DS_Final) {
+ return errSecParam;
+ }
+ if(cmsDecoder->signedData == NULL) {
+ /* message wasn't signed */
+ *certs = NULL;
+ return errSecSuccess;
+ }
+
+ /* NULL_terminated array of CSSM_DATA ptrs */
+ CSSM_DATA_PTR *cssmCerts = SecCmsSignedDataGetCertificateList(cmsDecoder->signedData);
+ if((cssmCerts == NULL) || (*cssmCerts == NULL)) {
+ *certs = NULL;
+ return errSecSuccess;
+ }
+
+ CFMutableArrayRef allCerts = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
+ CSSM_DATA_PTR *cssmCert;
+ for(cssmCert=cssmCerts; *cssmCert!=NULL; cssmCert++) {
+ OSStatus ortn;
+ SecCertificateRef cfCert;
+ ortn = SecCertificateCreateFromData(*cssmCert,
+ CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_DER,
+ &cfCert);
+ if(ortn) {
+ CFRelease(allCerts);
+ return ortn;
+ }
+ CFArrayAppendValue(allCerts, cfCert);
+ /* the array holds the only needed refcount */
+ CFRelease(cfCert);
+ }
+ *certs = allCerts;
+ return errSecSuccess;
+}
+
+/*
+ * Obtain the actual message content (payload), if any. If the message was
+ * signed with detached content this will return NULL.
+ * Caller must CFRelease the result.
+ */
+OSStatus CMSDecoderCopyContent(
+ CMSDecoderRef cmsDecoder,
+ CFDataRef *content) /* RETURNED */
+{
+ if((cmsDecoder == NULL) || (content == NULL)) {
+ return errSecParam;
+ }
+ if(cmsDecoder->decState != DS_Final) {
+ return errSecParam;
+ }
+ if(cmsDecoder->cmsMsg == NULL) {
+ /* Hmmm....looks like the finalize call failed */
+ return errSecParam;
+ }
+ CSSM_DATA_PTR odata = SecCmsMessageGetContent(cmsDecoder->cmsMsg);
+ if((odata == NULL) || (odata->Length == 0)) {
+ /* i.e., detached content */
+ *content = NULL;
+ return errSecSuccess;
+ }
+ *content = CFDataCreate(NULL, (const UInt8 *)odata->Data, odata->Length);
+ return errSecSuccess;
+}
+
+#pragma mark --- SPI declared in CMSPrivate.h ---
+
+/*
+ * Obtain the SecCmsMessageRef associated with a CMSDecoderRef. Intended
+ * to be called after decoding the message (i.e., after
+ * CMSDecoderFinalizeMessage() to gain finer access to the contents of the
+ * SecCmsMessageRef than is otherwise available via the CMSDecoder interface.
+ * Returns a NULL SecCmsMessageRef if CMSDecoderFinalizeMessage() has not been
+ * called.
+ *
+ * The CMSDecoder retains ownership of the returned SecCmsMessageRef.
+ */
+OSStatus CMSDecoderGetCmsMessage(
+ CMSDecoderRef cmsDecoder,
+ SecCmsMessageRef *cmsMessage) /* RETURNED */
+{
+ if((cmsDecoder == NULL) || (cmsMessage == NULL)) {
+ return errSecParam;
+ }
+ /* any state, whether we have a msg or not is OK */
+ *cmsMessage = cmsDecoder->cmsMsg;
+ return errSecSuccess;
+}
+
+/*
+ * Optionally specify a SecCmsDecoderRef to use with a CMSDecoderRef.
+ * If this is called, it must be called before the first call to
+ * CMSDecoderUpdateMessage(). The CMSDecoderRef takes ownership of the
+ * incoming SecCmsDecoderRef.
+ */
+OSStatus CMSDecoderSetDecoder(
+ CMSDecoderRef cmsDecoder,
+ SecCmsDecoderRef decoder)
+{
+ if((cmsDecoder == NULL) || (decoder == NULL)) {
+ return errSecParam;
+ }
+ switch(cmsDecoder->decState) {
+ case DS_Init:
+ ASSERT(cmsDecoder->decoder == NULL);
+ cmsDecoder->decoder = decoder;
+ cmsDecoder->decState = DS_Updating;
+ return errSecSuccess;
+ case DS_Updating:
+ case DS_Final:
+ return errSecParam;
+ }
+ return errSecSuccess;
+}
+
+/*
+ * Obtain the SecCmsDecoderRef associated with a CMSDecoderRef.
+ * Returns a NULL SecCmsDecoderRef if neither CMSDecoderSetDecoder() nor
+ * CMSDecoderUpdateMessage() has been called.
+ * The CMSDecoderRef retains ownership of the SecCmsDecoderRef.
+ */
+OSStatus CMSDecoderGetDecoder(
+ CMSDecoderRef cmsDecoder,
+ SecCmsDecoderRef *decoder) /* RETURNED */
+{
+ if((cmsDecoder == NULL) || (decoder == NULL)) {
+ return errSecParam;
+ }
+ /* any state, whether we have a decoder or not is OK */
+ *decoder = cmsDecoder->decoder;
+ return errSecSuccess;
+}
+
+/*
+ * Obtain the signing time of signer 'signerIndex' of a CMS message, if
+ * present. This is an unauthenticate time, although it is part of the
+ * signed attributes of the message.
+ *
+ * Returns errSecParam if the CMS message was not signed or if signerIndex
+ * is greater than the number of signers of the message minus one.
+ *
+ * This cannot be called until after CMSDecoderFinalizeMessage() is called.
+ */
+OSStatus CMSDecoderCopySignerSigningTime(
+ CMSDecoderRef cmsDecoder,
+ size_t signerIndex, /* usually 0 */
+ CFAbsoluteTime *signingTime) /* RETURNED */
+{
+ OSStatus status = errSecParam;
+ SecCmsMessageRef cmsg;
+ SecCmsSignedDataRef signedData = NULL;
+ int numContentInfos = 0;
+
+ require(cmsDecoder && signingTime, xit);
+ require_noerr(CMSDecoderGetCmsMessage(cmsDecoder, &cmsg), xit);
+ numContentInfos = SecCmsMessageContentLevelCount(cmsg);
+ for (int dex = 0; !signedData && dex < numContentInfos; dex++)
+ {
+ SecCmsContentInfoRef ci = SecCmsMessageContentLevel(cmsg, dex);
+ SECOidTag tag = SecCmsContentInfoGetContentTypeTag(ci);
+ if (tag == SEC_OID_PKCS7_SIGNED_DATA)
+ if ((signedData = SecCmsSignedDataRef(SecCmsContentInfoGetContent(ci))))
+ if (SecCmsSignerInfoRef signerInfo = SecCmsSignedDataGetSignerInfo(signedData, (int)signerIndex))
+ {
+ status = SecCmsSignerInfoGetSigningTime(signerInfo, signingTime);
+ break;
+ }
+ }
+xit:
+ return status;
+}
+
+/*
+ * Obtain the timestamp of signer 'signerIndex' of a CMS message, if
+ * present. This timestamp is an authenticated timestamp provided by
+ * a timestamping authority.
+ *
+ * Returns errSecParam if the CMS message was not signed or if signerIndex
+ * is greater than the number of signers of the message minus one.
+ *
+ * This cannot be called until after CMSDecoderFinalizeMessage() is called.
+ */
+
+OSStatus CMSDecoderCopySignerTimestamp(
+ CMSDecoderRef cmsDecoder,
+ size_t signerIndex, /* usually 0 */
+ CFAbsoluteTime *timestamp) /* RETURNED */
+{
+ return CMSDecoderCopySignerTimestampWithPolicy(cmsDecoder, NULL, signerIndex, timestamp);
+}
+
+OSStatus CMSDecoderCopySignerTimestampWithPolicy(
+ CMSDecoderRef cmsDecoder,
+ CFTypeRef timeStampPolicy,
+ size_t signerIndex, /* usually 0 */
+ CFAbsoluteTime *timestamp) /* RETURNED */
+{
+ OSStatus status = errSecParam;
+ SecCmsMessageRef cmsg;
+ SecCmsSignedDataRef signedData = NULL;
+ int numContentInfos = 0;
+
+ require(cmsDecoder && timestamp, xit);
+ require_noerr(CMSDecoderGetCmsMessage(cmsDecoder, &cmsg), xit);
+ numContentInfos = SecCmsMessageContentLevelCount(cmsg);
+ for (int dex = 0; !signedData && dex < numContentInfos; dex++)
+ {
+ SecCmsContentInfoRef ci = SecCmsMessageContentLevel(cmsg, dex);
+ SECOidTag tag = SecCmsContentInfoGetContentTypeTag(ci);
+ if (tag == SEC_OID_PKCS7_SIGNED_DATA)
+ if ((signedData = SecCmsSignedDataRef(SecCmsContentInfoGetContent(ci))))
+ if (SecCmsSignerInfoRef signerInfo = SecCmsSignedDataGetSignerInfo(signedData, (int)signerIndex))
+ {
+ status = SecCmsSignerInfoGetTimestampTimeWithPolicy(signerInfo, timeStampPolicy, timestamp);
+ break;
+ }
+ }
+
+xit:
+ return status;
+}
+
+/*
+ * Obtain an array of the certificates in a timestamp response. Elements of the
+ * returned array are SecCertificateRefs. The caller must CFRelease the returned
+ * array. This timestamp is an authenticated timestamp provided by
+ * a timestamping authority.
+ *
+ * Returns errSecParam if the CMS message was not signed or if signerIndex
+ * is greater than the number of signers of the message minus one. It returns
+ * errSecItemNotFound if no certificates were found.
+ *
+ * This cannot be called until after CMSDecoderFinalizeMessage() is called.
+ */
+OSStatus CMSDecoderCopySignerTimestampCertificates(
+ CMSDecoderRef cmsDecoder,
+ size_t signerIndex, /* usually 0 */
+ CFArrayRef *certificateRefs) /* RETURNED */
+{
+ OSStatus status = errSecParam;
+ SecCmsMessageRef cmsg = NULL;
+ SecCmsSignedDataRef signedData = NULL;
+ int numContentInfos = 0;
+ CFIndex tsn = 0;
+ bool good = false;
+
+ require(cmsDecoder && certificateRefs, xit);
+ require_noerr(CMSDecoderGetCmsMessage(cmsDecoder, &cmsg), xit);
+ numContentInfos = SecCmsMessageContentLevelCount(cmsg);
+ for (int dex = 0; !signedData && dex < numContentInfos; dex++)
+ {
+ SecCmsContentInfoRef ci = SecCmsMessageContentLevel(cmsg, dex);
+ SECOidTag tag = SecCmsContentInfoGetContentTypeTag(ci);
+ if (tag == SEC_OID_PKCS7_SIGNED_DATA)
+ if ((signedData = SecCmsSignedDataRef(SecCmsContentInfoGetContent(ci))))
+ if (SecCmsSignerInfoRef signerInfo = SecCmsSignedDataGetSignerInfo(signedData, (int)signerIndex))
+ {
+ CFArrayRef certList = SecCmsSignerInfoGetTimestampCertList(signerInfo);
+ require_action(certList, xit, status = errSecItemNotFound);
+ CFMutableArrayRef certs = CFArrayCreateMutableCopy(kCFAllocatorDefault, CFArrayGetCount(certList), certList);
+
+ if(certs){
+ //reorder certificates:
+ tsn = CFArrayGetCount(certs);
+ good = tsn > 0 && Security::CodeSigning::isAppleCA(SecCertificateRef(CFArrayGetValueAtIndex(certs, tsn-1)));
+
+ if ( good == false )
+ {
+ //change TS certificate ordering.
+ for (CFIndex n = 0; n < tsn; n++)
+ {
+ if (SecCertificateRef tsRoot = SecCertificateRef(CFArrayGetValueAtIndex(certs, n)))
+ if ((good = Security::CodeSigning::isAppleCA(tsRoot))) {
+ CFArrayExchangeValuesAtIndices(certs, n, tsn-1);
+ break;
+ }
+ }
+ }
+
+ *certificateRefs = CFArrayCreateCopy(kCFAllocatorDefault, certs);
+ CFRelease(certs);
+ status = errSecSuccess;
+ }
+ break;
+ }
+ }
+
+
+ xit:
+ return status;
+ }
projects / apple / security.git / blobdiff