1/*
2 * The contents of this file are subject to the Mozilla Public
3 * License Version 1.1 (the "License"); you may not use this file
4 * except in compliance with the License. You may obtain a copy of
5 * the License at http://www.mozilla.org/MPL/
6 *
7 * Software distributed under the License is distributed on an "AS
8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9 * implied. See the License for the specific language governing
10 * rights and limitations under the License.
11 *
12 * The Original Code is the Netscape security libraries.
13 *
14 * The Initial Developer of the Original Code is Netscape
15 * Communications Corporation.  Portions created by Netscape are
16 * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
17 * Rights Reserved.
18 *
19 * Contributor(s):
20 *
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU General Public License Version 2 or later (the
23 * "GPL"), in which case the provisions of the GPL are applicable
24 * instead of those above.  If you wish to allow use of your
25 * version of this file only under the terms of the GPL and not to
26 * allow others to use your version of this file under the MPL,
27 * indicate your decision by deleting the provisions above and
28 * replace them with the notice and other provisions required by
29 * the GPL.  If you do not delete the provisions above, a recipient
30 * may use your version of this file under either the MPL or the
31 * GPL.
32 */
33
34/*
35 * CMS message methods.
36 */
37
38#include <Security/SecCmsMessage.h>
39
40#include <Security/SecCmsContentInfo.h>
41#include <Security/SecCmsSignedData.h>
42
43#include "cmslocal.h"
44
45#include "SecAsn1Item.h"
46#include "secoid.h"
47
48#include <security_asn1/secasn1.h>
49#include <security_asn1/secerr.h>
50#include <security_asn1/secport.h>
51
52/*
53 * SecCmsMessageCreate - create a CMS message object
54 *
55 * "poolp" - arena to allocate memory from, or NULL if new arena should be created
56 */
57SecCmsMessageRef
58SecCmsMessageCreate(void)
59{
60    PLArenaPool *poolp;
61    SecCmsMessageRef cmsg;
62
63    poolp = PORT_NewArena (1024);           /* XXX what is right value? */
64    if (poolp == NULL)
65	return NULL;
66
67    cmsg = (SecCmsMessageRef)PORT_ArenaZAlloc (poolp, sizeof(SecCmsMessage));
68    if (cmsg == NULL) {
69	PORT_FreeArena(poolp, PR_FALSE);
70	return NULL;
71    }
72
73    cmsg->poolp = poolp;
74    cmsg->contentInfo.cmsg = cmsg;
75    cmsg->refCount = 1;
76
77    return cmsg;
78}
79
80/*
81 * SecCmsMessageSetEncodingParams - set up a CMS message object for encoding or decoding
82 *
83 * "cmsg" - message object
84 * "pwfn", pwfn_arg" - callback function for getting token password
85 * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
86 * "detached_digestalgs", "detached_digests" - digests from detached content
87 */
88void
89SecCmsMessageSetEncodingParams(SecCmsMessageRef cmsg,
90			PK11PasswordFunc pwfn, void *pwfn_arg,
91			SecCmsGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg)
92{
93#if 0
94    // @@@ Deal with password stuff.
95    if (pwfn)
96	PK11_SetPasswordFunc(pwfn);
97#endif
98    cmsg->pwfn_arg = pwfn_arg;
99    cmsg->decrypt_key_cb = decrypt_key_cb;
100    cmsg->decrypt_key_cb_arg = decrypt_key_cb_arg;
101}
102
103/*
104 * SecCmsMessageDestroy - destroy a CMS message and all of its sub-pieces.
105 */
106void
107SecCmsMessageDestroy(SecCmsMessageRef cmsg)
108{
109    PORT_Assert (cmsg->refCount > 0);
110    if (cmsg->refCount <= 0)	/* oops */
111	return;
112
113    cmsg->refCount--;		/* thread safety? */
114    if (cmsg->refCount > 0)
115	return;
116
117    SecCmsContentInfoDestroy(&(cmsg->contentInfo));
118
119    PORT_FreeArena (cmsg->poolp, PR_FALSE);	/* XXX clear it? */
120}
121
122/*
123 * SecCmsMessageCopy - return a copy of the given message.
124 *
125 * The copy may be virtual or may be real -- either way, the result needs
126 * to be passed to SecCmsMessageDestroy later (as does the original).
127 */
128SecCmsMessageRef
129SecCmsMessageCopy(SecCmsMessageRef cmsg)
130{
131    if (cmsg == NULL)
132	return NULL;
133
134    PORT_Assert (cmsg->refCount > 0);
135
136    cmsg->refCount++; /* XXX chrisk thread safety? */
137    return cmsg;
138}
139
140/*
141 * SecCmsMessageGetContentInfo - return a pointer to the top level contentInfo
142 */
143SecCmsContentInfoRef
144SecCmsMessageGetContentInfo(SecCmsMessageRef cmsg)
145{
146    return &(cmsg->contentInfo);
147}
148
149/*
150 * Return a pointer to the actual content.
151 * In the case of those types which are encrypted, this returns the *plain* content.
152 * In case of nested contentInfos, this descends and retrieves the innermost content.
153 */
154const SecAsn1Item *
155SecCmsMessageGetContent(SecCmsMessageRef cmsg)
156{
157    /* this is a shortcut */
158    SecCmsContentInfoRef cinfo = SecCmsMessageGetContentInfo(cmsg);
159    const SecAsn1Item *pItem = SecCmsContentInfoGetInnerContent(cinfo);
160    return pItem;
161}
162
163/*
164 * SecCmsMessageContentLevelCount - count number of levels of CMS content objects in this message
165 *
166 * CMS data content objects do not count.
167 */
168int
169SecCmsMessageContentLevelCount(SecCmsMessageRef cmsg)
170{
171    int count = 0;
172    SecCmsContentInfoRef cinfo;
173
174    /* walk down the chain of contentinfos */
175    for (cinfo = &(cmsg->contentInfo); cinfo != NULL; ) {
176	count++;
177	cinfo = SecCmsContentInfoGetChildContentInfo(cinfo);
178    }
179    return count;
180}
181
182/*
183 * SecCmsMessageContentLevel - find content level #n
184 *
185 * CMS data content objects do not count.
186 */
187SecCmsContentInfoRef
188SecCmsMessageContentLevel(SecCmsMessageRef cmsg, int n)
189{
190    int count = 0;
191    SecCmsContentInfoRef cinfo;
192
193    /* walk down the chain of contentinfos */
194    for (cinfo = &(cmsg->contentInfo); cinfo != NULL && count < n; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo)) {
195	count++;
196    }
197
198    return cinfo;
199}
200
201/*
202 * SecCmsMessageContainsCertsOrCrls - see if message contains certs along the way
203 */
204Boolean
205SecCmsMessageContainsCertsOrCrls(SecCmsMessageRef cmsg)
206{
207    SecCmsContentInfoRef cinfo;
208
209    /* descend into CMS message */
210    for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo)) {
211	if (SecCmsContentInfoGetContentTypeTag(cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
212	    continue;	/* next level */
213
214	if (SecCmsSignedDataContainsCertsOrCrls(cinfo->content.signedData))
215	    return PR_TRUE;
216    }
217    return PR_FALSE;
218}
219
220/*
221 * SecCmsMessageIsEncrypted - see if message contains a encrypted submessage
222 */
223Boolean
224SecCmsMessageIsEncrypted(SecCmsMessageRef cmsg)
225{
226    SecCmsContentInfoRef cinfo;
227
228    /* walk down the chain of contentinfos */
229    for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo))
230    {
231	switch (SecCmsContentInfoGetContentTypeTag(cinfo)) {
232	case SEC_OID_PKCS7_ENVELOPED_DATA:
233	case SEC_OID_PKCS7_ENCRYPTED_DATA:
234	    return PR_TRUE;
235	default:
236	    break;
237	}
238    }
239    return PR_FALSE;
240}
241
242/*
243 * SecCmsMessageIsSigned - see if message contains a signed submessage
244 *
245 * If the CMS message has a SignedData with a signature (not just a SignedData)
246 * return true; false otherwise.  This can/should be called before calling
247 * VerifySignature, which will always indicate failure if no signature is
248 * present, but that does not mean there even was a signature!
249 * Note that the content itself can be empty (detached content was sent
250 * another way); it is the presence of the signature that matters.
251 */
252Boolean
253SecCmsMessageIsSigned(SecCmsMessageRef cmsg)
254{
255    SecCmsContentInfoRef cinfo;
256
257    /* walk down the chain of contentinfos */
258    for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo))
259    {
260	switch (SecCmsContentInfoGetContentTypeTag(cinfo)) {
261	case SEC_OID_PKCS7_SIGNED_DATA:
262	    if (!SecCmsArrayIsEmpty((void **)cinfo->content.signedData->signerInfos))
263		return PR_TRUE;
264	    break;
265	default:
266	    break;
267	}
268    }
269    return PR_FALSE;
270}
271
272/*
273 * SecCmsMessageIsContentEmpty - see if content is empty
274 *
275 * returns PR_TRUE is innermost content length is < minLen
276 * XXX need the encrypted content length (why?)
277 */
278Boolean
279SecCmsMessageIsContentEmpty(SecCmsMessageRef cmsg, unsigned int minLen)
280{
281    SecAsn1Item * item = NULL;
282
283    if (cmsg == NULL)
284	return PR_TRUE;
285
286    item = SecCmsContentInfoGetContent(SecCmsMessageGetContentInfo(cmsg));
287
288    if (!item) {
289	return PR_TRUE;
290    } else if(item->Length <= minLen) {
291	return PR_TRUE;
292    }
293
294    return PR_FALSE;
295}
296