1/* 2 * The contents of this file are subject to the Mozilla Public 3 * License Version 1.1 (the "License"); you may not use this file 4 * except in compliance with the License. You may obtain a copy of 5 * the License at http://www.mozilla.org/MPL/ 6 * 7 * Software distributed under the License is distributed on an "AS 8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or 9 * implied. See the License for the specific language governing 10 * rights and limitations under the License. 11 * 12 * The Original Code is the Netscape security libraries. 13 * 14 * The Initial Developer of the Original Code is Netscape 15 * Communications Corporation. Portions created by Netscape are 16 * Copyright (C) 1994-2000 Netscape Communications Corporation. All 17 * Rights Reserved. 18 * 19 * Contributor(s): 20 * 21 * Alternatively, the contents of this file may be used under the 22 * terms of the GNU General Public License Version 2 or later (the 23 * "GPL"), in which case the provisions of the GPL are applicable 24 * instead of those above. If you wish to allow use of your 25 * version of this file only under the terms of the GPL and not to 26 * allow others to use your version of this file under the MPL, 27 * indicate your decision by deleting the provisions above and 28 * replace them with the notice and other provisions required by 29 * the GPL. If you do not delete the provisions above, a recipient 30 * may use your version of this file under either the MPL or the 31 * GPL. 32 */ 33 34/* 35 * CMS message methods. 36 */ 37 38#include <Security/SecCmsMessage.h> 39 40#include <Security/SecCmsContentInfo.h> 41#include <Security/SecCmsSignedData.h> 42 43#include "cmslocal.h" 44 45#include "SecAsn1Item.h" 46#include "secoid.h" 47 48#include <security_asn1/secasn1.h> 49#include <security_asn1/secerr.h> 50#include <security_asn1/secport.h> 51 52/* 53 * SecCmsMessageCreate - create a CMS message object 54 * 55 * "poolp" - arena to allocate memory from, or NULL if new arena should be created 56 */ 57SecCmsMessageRef 58SecCmsMessageCreate(void) 59{ 60 PLArenaPool *poolp; 61 SecCmsMessageRef cmsg; 62 63 poolp = PORT_NewArena (1024); /* XXX what is right value? */ 64 if (poolp == NULL) 65 return NULL; 66 67 cmsg = (SecCmsMessageRef)PORT_ArenaZAlloc (poolp, sizeof(SecCmsMessage)); 68 if (cmsg == NULL) { 69 PORT_FreeArena(poolp, PR_FALSE); 70 return NULL; 71 } 72 73 cmsg->poolp = poolp; 74 cmsg->contentInfo.cmsg = cmsg; 75 cmsg->refCount = 1; 76 77 return cmsg; 78} 79 80/* 81 * SecCmsMessageSetEncodingParams - set up a CMS message object for encoding or decoding 82 * 83 * "cmsg" - message object 84 * "pwfn", pwfn_arg" - callback function for getting token password 85 * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData 86 * "detached_digestalgs", "detached_digests" - digests from detached content 87 */ 88void 89SecCmsMessageSetEncodingParams(SecCmsMessageRef cmsg, 90 PK11PasswordFunc pwfn, void *pwfn_arg, 91 SecCmsGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg) 92{ 93#if 0 94 // @@@ Deal with password stuff. 95 if (pwfn) 96 PK11_SetPasswordFunc(pwfn); 97#endif 98 cmsg->pwfn_arg = pwfn_arg; 99 cmsg->decrypt_key_cb = decrypt_key_cb; 100 cmsg->decrypt_key_cb_arg = decrypt_key_cb_arg; 101} 102 103/* 104 * SecCmsMessageDestroy - destroy a CMS message and all of its sub-pieces. 105 */ 106void 107SecCmsMessageDestroy(SecCmsMessageRef cmsg) 108{ 109 PORT_Assert (cmsg->refCount > 0); 110 if (cmsg->refCount <= 0) /* oops */ 111 return; 112 113 cmsg->refCount--; /* thread safety? */ 114 if (cmsg->refCount > 0) 115 return; 116 117 SecCmsContentInfoDestroy(&(cmsg->contentInfo)); 118 119 PORT_FreeArena (cmsg->poolp, PR_FALSE); /* XXX clear it? */ 120} 121 122/* 123 * SecCmsMessageCopy - return a copy of the given message. 124 * 125 * The copy may be virtual or may be real -- either way, the result needs 126 * to be passed to SecCmsMessageDestroy later (as does the original). 127 */ 128SecCmsMessageRef 129SecCmsMessageCopy(SecCmsMessageRef cmsg) 130{ 131 if (cmsg == NULL) 132 return NULL; 133 134 PORT_Assert (cmsg->refCount > 0); 135 136 cmsg->refCount++; /* XXX chrisk thread safety? */ 137 return cmsg; 138} 139 140/* 141 * SecCmsMessageGetContentInfo - return a pointer to the top level contentInfo 142 */ 143SecCmsContentInfoRef 144SecCmsMessageGetContentInfo(SecCmsMessageRef cmsg) 145{ 146 return &(cmsg->contentInfo); 147} 148 149/* 150 * Return a pointer to the actual content. 151 * In the case of those types which are encrypted, this returns the *plain* content. 152 * In case of nested contentInfos, this descends and retrieves the innermost content. 153 */ 154const SecAsn1Item * 155SecCmsMessageGetContent(SecCmsMessageRef cmsg) 156{ 157 /* this is a shortcut */ 158 SecCmsContentInfoRef cinfo = SecCmsMessageGetContentInfo(cmsg); 159 const SecAsn1Item *pItem = SecCmsContentInfoGetInnerContent(cinfo); 160 return pItem; 161} 162 163/* 164 * SecCmsMessageContentLevelCount - count number of levels of CMS content objects in this message 165 * 166 * CMS data content objects do not count. 167 */ 168int 169SecCmsMessageContentLevelCount(SecCmsMessageRef cmsg) 170{ 171 int count = 0; 172 SecCmsContentInfoRef cinfo; 173 174 /* walk down the chain of contentinfos */ 175 for (cinfo = &(cmsg->contentInfo); cinfo != NULL; ) { 176 count++; 177 cinfo = SecCmsContentInfoGetChildContentInfo(cinfo); 178 } 179 return count; 180} 181 182/* 183 * SecCmsMessageContentLevel - find content level #n 184 * 185 * CMS data content objects do not count. 186 */ 187SecCmsContentInfoRef 188SecCmsMessageContentLevel(SecCmsMessageRef cmsg, int n) 189{ 190 int count = 0; 191 SecCmsContentInfoRef cinfo; 192 193 /* walk down the chain of contentinfos */ 194 for (cinfo = &(cmsg->contentInfo); cinfo != NULL && count < n; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo)) { 195 count++; 196 } 197 198 return cinfo; 199} 200 201/* 202 * SecCmsMessageContainsCertsOrCrls - see if message contains certs along the way 203 */ 204Boolean 205SecCmsMessageContainsCertsOrCrls(SecCmsMessageRef cmsg) 206{ 207 SecCmsContentInfoRef cinfo; 208 209 /* descend into CMS message */ 210 for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo)) { 211 if (SecCmsContentInfoGetContentTypeTag(cinfo) != SEC_OID_PKCS7_SIGNED_DATA) 212 continue; /* next level */ 213 214 if (SecCmsSignedDataContainsCertsOrCrls(cinfo->content.signedData)) 215 return PR_TRUE; 216 } 217 return PR_FALSE; 218} 219 220/* 221 * SecCmsMessageIsEncrypted - see if message contains a encrypted submessage 222 */ 223Boolean 224SecCmsMessageIsEncrypted(SecCmsMessageRef cmsg) 225{ 226 SecCmsContentInfoRef cinfo; 227 228 /* walk down the chain of contentinfos */ 229 for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo)) 230 { 231 switch (SecCmsContentInfoGetContentTypeTag(cinfo)) { 232 case SEC_OID_PKCS7_ENVELOPED_DATA: 233 case SEC_OID_PKCS7_ENCRYPTED_DATA: 234 return PR_TRUE; 235 default: 236 break; 237 } 238 } 239 return PR_FALSE; 240} 241 242/* 243 * SecCmsMessageIsSigned - see if message contains a signed submessage 244 * 245 * If the CMS message has a SignedData with a signature (not just a SignedData) 246 * return true; false otherwise. This can/should be called before calling 247 * VerifySignature, which will always indicate failure if no signature is 248 * present, but that does not mean there even was a signature! 249 * Note that the content itself can be empty (detached content was sent 250 * another way); it is the presence of the signature that matters. 251 */ 252Boolean 253SecCmsMessageIsSigned(SecCmsMessageRef cmsg) 254{ 255 SecCmsContentInfoRef cinfo; 256 257 /* walk down the chain of contentinfos */ 258 for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo)) 259 { 260 switch (SecCmsContentInfoGetContentTypeTag(cinfo)) { 261 case SEC_OID_PKCS7_SIGNED_DATA: 262 if (!SecCmsArrayIsEmpty((void **)cinfo->content.signedData->signerInfos)) 263 return PR_TRUE; 264 break; 265 default: 266 break; 267 } 268 } 269 return PR_FALSE; 270} 271 272/* 273 * SecCmsMessageIsContentEmpty - see if content is empty 274 * 275 * returns PR_TRUE is innermost content length is < minLen 276 * XXX need the encrypted content length (why?) 277 */ 278Boolean 279SecCmsMessageIsContentEmpty(SecCmsMessageRef cmsg, unsigned int minLen) 280{ 281 SecAsn1Item * item = NULL; 282 283 if (cmsg == NULL) 284 return PR_TRUE; 285 286 item = SecCmsContentInfoGetContent(SecCmsMessageGetContentInfo(cmsg)); 287 288 if (!item) { 289 return PR_TRUE; 290 } else if(item->Length <= minLen) { 291 return PR_TRUE; 292 } 293 294 return PR_FALSE; 295} 296