cmsmessage.c   [plain text]

/*
 * The contents of this file are subject to the Mozilla Public
 * License Version 1.1 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of
 * the License at http://www.mozilla.org/MPL/
 * 
 * Software distributed under the License is distributed on an "AS
 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * rights and limitations under the License.
 * 
 * The Original Code is the Netscape security libraries.
 * 
 * The Initial Developer of the Original Code is Netscape
 * Communications Corporation.  Portions created by Netscape are 
 * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
 * Rights Reserved.
 * 
 * Contributor(s):
 * 
 * Alternatively, the contents of this file may be used under the
 * terms of the GNU General Public License Version 2 or later (the
 * "GPL"), in which case the provisions of the GPL are applicable 
 * instead of those above.  If you wish to allow use of your 
 * version of this file only under the terms of the GPL and not to
 * allow others to use your version of this file under the MPL,
 * indicate your decision by deleting the provisions above and
 * replace them with the notice and other provisions required by
 * the GPL.  If you do not delete the provisions above, a recipient
 * may use your version of this file under either the MPL or the
 * GPL.
 */

/*
 * CMS message methods.
 */

#include <Security/SecCmsMessage.h>

#include <Security/SecCmsContentInfo.h>
#include <Security/SecCmsSignedData.h>

#include "cmslocal.h"

#include "secitem.h"
#include "secoid.h"

#include <security_asn1/secasn1.h>
#include <security_asn1/secerr.h>

/*
 * SecCmsMessageCreate - create a CMS message object
 *
 * "poolp" - arena to allocate memory from, or NULL if new arena should be created
 */
SecCmsMessageRef
SecCmsMessageCreate(SecArenaPoolRef pool)
{
    PLArenaPool *poolp = (PLArenaPool *)pool;
    void *mark = NULL;
    SecCmsMessageRef cmsg = NULL;
    Boolean poolp_is_ours = PR_FALSE;

    if (poolp == NULL) {
	poolp = PORT_NewArena (1024);           /* XXX what is right value? */
	if (poolp == NULL)
	    return NULL;
	poolp_is_ours = PR_TRUE;
    } 

    if (!poolp_is_ours)
	mark = PORT_ArenaMark(poolp);

    cmsg = (SecCmsMessageRef)PORT_ArenaZAlloc (poolp, sizeof(SecCmsMessage));
    if (cmsg == NULL) {
	if (!poolp_is_ours) {
	    if (mark) {
		PORT_ArenaRelease(poolp, mark);
	    }
	} else
	    PORT_FreeArena(poolp, PR_FALSE);
	return NULL;
    }

    cmsg->poolp = poolp;
    cmsg->poolp_is_ours = poolp_is_ours;
    cmsg->refCount = 1;

    if (mark)
	PORT_ArenaUnmark(poolp, mark);

    return cmsg;
}

/*
 * SecCmsMessageSetEncodingParams - set up a CMS message object for encoding or decoding
 *
 * "cmsg" - message object
 * "pwfn", pwfn_arg" - callback function for getting token password
 * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
 * "detached_digestalgs", "detached_digests" - digests from detached content
 */
void
SecCmsMessageSetEncodingParams(SecCmsMessageRef cmsg,
			PK11PasswordFunc pwfn, void *pwfn_arg,
			SecCmsGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
			SECAlgorithmID **detached_digestalgs, CSSM_DATA_PTR *detached_digests)
{
#if 0
    // @@@ Deal with password stuff.
    if (pwfn)
	PK11_SetPasswordFunc(pwfn);
#endif
    cmsg->pwfn_arg = pwfn_arg;
    cmsg->decrypt_key_cb = decrypt_key_cb;
    cmsg->decrypt_key_cb_arg = decrypt_key_cb_arg;
    cmsg->detached_digestalgs = detached_digestalgs;
    cmsg->detached_digests = detached_digests;
}

/*
 * SecCmsMessageDestroy - destroy a CMS message and all of its sub-pieces.
 */
void
SecCmsMessageDestroy(SecCmsMessageRef cmsg)
{
    PORT_Assert (cmsg->refCount > 0);
    if (cmsg->refCount <= 0)	/* oops */
	return;

    cmsg->refCount--;		/* thread safety? */
    if (cmsg->refCount > 0)
	return;

    SecCmsContentInfoDestroy(&(cmsg->contentInfo));

    /* if poolp is not NULL, cmsg is the owner of its arena */
    if (cmsg->poolp_is_ours && cmsg->poolp) {
	PORT_FreeArena (cmsg->poolp, PR_TRUE);
    }
}

/*
 * SecCmsMessageCopy - return a copy of the given message. 
 *
 * The copy may be virtual or may be real -- either way, the result needs
 * to be passed to SecCmsMessageDestroy later (as does the original).
 */
SecCmsMessageRef
SecCmsMessageCopy(SecCmsMessageRef cmsg)
{
    if (cmsg == NULL)
	return NULL;

    PORT_Assert (cmsg->refCount > 0);

    cmsg->refCount++; /* XXX chrisk thread safety? */
    return cmsg;
}

/*
 * SecCmsMessageGetArena - return a pointer to the message's arena pool
 */
SecArenaPoolRef
SecCmsMessageGetArena(SecCmsMessageRef cmsg)
{
    return (SecArenaPoolRef)cmsg->poolp;
}

/*
 * SecCmsMessageGetContentInfo - return a pointer to the top level contentInfo
 */
SecCmsContentInfoRef
SecCmsMessageGetContentInfo(SecCmsMessageRef cmsg)
{
    return &(cmsg->contentInfo);
}

/*
 * Return a pointer to the actual content. 
 * In the case of those types which are encrypted, this returns the *plain* content.
 * In case of nested contentInfos, this descends and retrieves the innermost content.
 */
CSSM_DATA_PTR
SecCmsMessageGetContent(SecCmsMessageRef cmsg)
{
    /* this is a shortcut */
    SecCmsContentInfoRef cinfo = SecCmsMessageGetContentInfo(cmsg);
    CSSM_DATA_PTR pItem = SecCmsContentInfoGetInnerContent(cinfo);
    return pItem;
}

/*
 * SecCmsMessageContentLevelCount - count number of levels of CMS content objects in this message
 *
 * CMS data content objects do not count.
 */
int
SecCmsMessageContentLevelCount(SecCmsMessageRef cmsg)
{
    int count = 0;
    SecCmsContentInfoRef cinfo;

    /* walk down the chain of contentinfos */
    for (cinfo = &(cmsg->contentInfo); cinfo != NULL; ) {
	count++;
	cinfo = SecCmsContentInfoGetChildContentInfo(cinfo);
    }
    return count;
}

/*
 * SecCmsMessageContentLevel - find content level #n
 *
 * CMS data content objects do not count.
 */
SecCmsContentInfoRef
SecCmsMessageContentLevel(SecCmsMessageRef cmsg, int n)
{
    int count = 0;
    SecCmsContentInfoRef cinfo;

    /* walk down the chain of contentinfos */
    for (cinfo = &(cmsg->contentInfo); cinfo != NULL && count < n; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo)) {
	count++;
    }

    return cinfo;
}

/*
 * SecCmsMessageContainsCertsOrCrls - see if message contains certs along the way
 */
Boolean
SecCmsMessageContainsCertsOrCrls(SecCmsMessageRef cmsg)
{
    SecCmsContentInfoRef cinfo;

    /* descend into CMS message */
    for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo)) {
	if (SecCmsContentInfoGetContentTypeTag(cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
	    continue;	/* next level */
	
	if (SecCmsSignedDataContainsCertsOrCrls(cinfo->content.signedData))
	    return PR_TRUE;
    }
    return PR_FALSE;
}

/*
 * SecCmsMessageIsEncrypted - see if message contains a encrypted submessage
 */
Boolean
SecCmsMessageIsEncrypted(SecCmsMessageRef cmsg)
{
    SecCmsContentInfoRef cinfo;

    /* walk down the chain of contentinfos */
    for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo))
    {
	switch (SecCmsContentInfoGetContentTypeTag(cinfo)) {
	case SEC_OID_PKCS7_ENVELOPED_DATA:
	case SEC_OID_PKCS7_ENCRYPTED_DATA:
	    return PR_TRUE;
	default:
	    break;
	}
    }
    return PR_FALSE;
}

/*
 * SecCmsMessageIsSigned - see if message contains a signed submessage
 *
 * If the CMS message has a SignedData with a signature (not just a SignedData)
 * return true; false otherwise.  This can/should be called before calling
 * VerifySignature, which will always indicate failure if no signature is
 * present, but that does not mean there even was a signature!
 * Note that the content itself can be empty (detached content was sent
 * another way); it is the presence of the signature that matters.
 */
Boolean
SecCmsMessageIsSigned(SecCmsMessageRef cmsg)
{
    SecCmsContentInfoRef cinfo;

    /* walk down the chain of contentinfos */
    for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo))
    {
	switch (SecCmsContentInfoGetContentTypeTag(cinfo)) {
	case SEC_OID_PKCS7_SIGNED_DATA:
	    if (!SecCmsArrayIsEmpty((void **)cinfo->content.signedData->signerInfos))
		return PR_TRUE;
	    break;
	default:
	    break;
	}
    }
    return PR_FALSE;
}

/*
 * SecCmsMessageIsContentEmpty - see if content is empty
 *
 * returns PR_TRUE is innermost content length is < minLen
 * XXX need the encrypted content length (why?)
 */
Boolean
SecCmsMessageIsContentEmpty(SecCmsMessageRef cmsg, unsigned int minLen)
{
    CSSM_DATA_PTR item = NULL;

    if (cmsg == NULL)
	return PR_TRUE;

    item = SecCmsContentInfoGetContent(SecCmsMessageGetContentInfo(cmsg));

    if (!item) {
	return PR_TRUE;
    } else if(item->Length <= minLen) {
	return PR_TRUE;
    }

    return PR_FALSE;
}

/*
 * SecCmsMessageContainsTSTInfo - see if message contains a TimeStamping info block
 */
Boolean
SecCmsMessageContainsTSTInfo(SecCmsMessageRef cmsg)
{
    SecCmsContentInfoRef cinfo;

    /* walk down the chain of contentinfos */
    for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = SecCmsContentInfoGetChildContentInfo(cinfo))
    {
        switch (SecCmsContentInfoGetContentTypeTag(cinfo))
        {
        case SEC_OID_PKCS9_ID_CT_TSTInfo:
            // TSTInfo is in cinfo->rawContent->Data
            return PR_TRUE;
        default:
            break;
        }
    }
    return PR_FALSE;
}

void
SecCmsMessageSetTSACallback(SecCmsMessageRef cmsg, SecCmsTSACallback tsaCallback)
{
    if (cmsg)
        cmsg->tsaCallback = tsaCallback;
}

void
SecCmsMessageSetTSAContext(SecCmsMessageRef cmsg, const void *tsaContext)   //CFTypeRef
{
    if (cmsg)
        cmsg->tsaContext = tsaContext;
}