Source code
Revision control
Copy as Markdown
Other Tools
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
/*
* CMS message methods.
*/
#include "cmslocal.h"
#include "cert.h"
#include "secasn1.h"
#include "secitem.h"
#include "secoid.h"
#include "pk11func.h"
#include "secerr.h"
/*
* NSS_CMSMessage_Create - create a CMS message object
*
* "poolp" - arena to allocate memory from, or NULL if new arena should be created
*/
NSSCMSMessage *
NSS_CMSMessage_Create(PLArenaPool *poolp)
{
void *mark = NULL;
NSSCMSMessage *cmsg;
PRBool poolp_is_ours = PR_FALSE;
if (poolp == NULL) {
poolp = PORT_NewArena(1024); /* XXX what is right value? */
if (poolp == NULL) {
return NULL;
}
poolp_is_ours = PR_TRUE;
}
if (!poolp_is_ours)
mark = PORT_ArenaMark(poolp);
cmsg = (NSSCMSMessage *)PORT_ArenaZAlloc(poolp, sizeof(NSSCMSMessage));
if (cmsg == NULL ||
NSS_CMSContentInfo_Private_Init(&(cmsg->contentInfo)) != SECSuccess) {
if (!poolp_is_ours) {
if (mark) {
PORT_ArenaRelease(poolp, mark);
}
} else {
PORT_FreeArena(poolp, PR_FALSE);
}
return NULL;
}
cmsg->poolp = poolp;
cmsg->poolp_is_ours = poolp_is_ours;
cmsg->refCount = 1;
if (mark) {
PORT_ArenaUnmark(poolp, mark);
}
return cmsg;
}
/*
* NSS_CMSMessage_SetEncodingParams - set up a CMS message object for encoding or decoding
*
* "cmsg" - message object
* "pwfn", pwfn_arg" - callback function for getting token password
* "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
* "detached_digestalgs", "detached_digests" - digests from detached content
*/
void
NSS_CMSMessage_SetEncodingParams(NSSCMSMessage *cmsg,
PK11PasswordFunc pwfn, void *pwfn_arg,
NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
SECAlgorithmID **detached_digestalgs, SECItem **detached_digests)
{
if (cmsg == NULL) {
return;
}
if (pwfn) {
PK11_SetPasswordFunc(pwfn);
}
cmsg->pwfn_arg = pwfn_arg;
cmsg->decrypt_key_cb = decrypt_key_cb;
cmsg->decrypt_key_cb_arg = decrypt_key_cb_arg;
cmsg->detached_digestalgs = detached_digestalgs;
cmsg->detached_digests = detached_digests;
}
/*
* NSS_CMSMessage_Destroy - destroy a CMS message and all of its sub-pieces.
*/
void
NSS_CMSMessage_Destroy(NSSCMSMessage *cmsg)
{
if (cmsg == NULL)
return;
PORT_Assert(cmsg->refCount > 0);
if (cmsg->refCount <= 0) { /* oops */
return;
}
cmsg->refCount--; /* thread safety? */
if (cmsg->refCount > 0) {
return;
}
NSS_CMSContentInfo_Destroy(&(cmsg->contentInfo));
/* if poolp is not NULL, cmsg is the owner of its arena */
if (cmsg->poolp_is_ours) {
PORT_FreeArena(cmsg->poolp, PR_FALSE); /* XXX clear it? */
}
}
/*
* NSS_CMSMessage_Copy - return a copy of the given message.
*
* The copy may be virtual or may be real -- either way, the result needs
* to be passed to NSS_CMSMessage_Destroy later (as does the original).
*/
NSSCMSMessage *
NSS_CMSMessage_Copy(NSSCMSMessage *cmsg)
{
if (cmsg == NULL) {
return NULL;
}
PORT_Assert(cmsg->refCount > 0);
cmsg->refCount++; /* XXX chrisk thread safety? */
return cmsg;
}
/*
* NSS_CMSMessage_GetArena - return a pointer to the message's arena pool
*/
PLArenaPool *
NSS_CMSMessage_GetArena(NSSCMSMessage *cmsg)
{
if (cmsg == NULL) {
return NULL;
}
return cmsg->poolp;
}
/*
* NSS_CMSMessage_GetContentInfo - return a pointer to the top level contentInfo
*/
NSSCMSContentInfo *
NSS_CMSMessage_GetContentInfo(NSSCMSMessage *cmsg)
{
if (cmsg == NULL) {
return NULL;
}
return &(cmsg->contentInfo);
}
/*
* Return a pointer to the actual content.
* In the case of those types which are encrypted, this returns the *plain* content.
* In case of nested contentInfos, this descends and retrieves the innermost content.
*/
SECItem *
NSS_CMSMessage_GetContent(NSSCMSMessage *cmsg)
{
if (cmsg == NULL) {
return NULL;
}
/* this is a shortcut */
NSSCMSContentInfo *cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
SECItem *pItem = NSS_CMSContentInfo_GetInnerContent(cinfo);
return pItem;
}
/*
* NSS_CMSMessage_ContentLevelCount - count number of levels of CMS content objects in this message
*
* CMS data content objects do not count.
*/
int
NSS_CMSMessage_ContentLevelCount(NSSCMSMessage *cmsg)
{
int count = 0;
NSSCMSContentInfo *cinfo;
if (cmsg == NULL) {
return 0;
}
/* walk down the chain of contentinfos */
for (cinfo = &(cmsg->contentInfo); cinfo != NULL;) {
count++;
cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo);
}
return count;
}
/*
* NSS_CMSMessage_ContentLevel - find content level #n
*
* CMS data content objects do not count.
*/
NSSCMSContentInfo *
NSS_CMSMessage_ContentLevel(NSSCMSMessage *cmsg, int n)
{
int count = 0;
NSSCMSContentInfo *cinfo;
if (cmsg == NULL) {
return NULL;
}
/* walk down the chain of contentinfos */
for (cinfo = &(cmsg->contentInfo); cinfo != NULL && count < n;
cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) {
count++;
}
return cinfo;
}
/*
* NSS_CMSMessage_ContainsCertsOrCrls - see if message contains certs along the way
*/
PRBool
NSS_CMSMessage_ContainsCertsOrCrls(NSSCMSMessage *cmsg)
{
NSSCMSContentInfo *cinfo;
if (cmsg == NULL) {
return PR_FALSE;
}
/* descend into CMS message */
for (cinfo = &(cmsg->contentInfo); cinfo != NULL;
cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) {
if (!NSS_CMSType_IsData(NSS_CMSContentInfo_GetContentTypeTag(cinfo)))
continue; /* next level */
if (NSS_CMSSignedData_ContainsCertsOrCrls(cinfo->content.signedData))
return PR_TRUE;
/* callback here for generic wrappers? */
}
return PR_FALSE;
}
/*
* NSS_CMSMessage_IsEncrypted - see if message contains a encrypted submessage
*/
PRBool
NSS_CMSMessage_IsEncrypted(NSSCMSMessage *cmsg)
{
NSSCMSContentInfo *cinfo;
if (cmsg == NULL) {
return PR_FALSE;
}
/* walk down the chain of contentinfos */
for (cinfo = &(cmsg->contentInfo); cinfo != NULL;
cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) {
switch (NSS_CMSContentInfo_GetContentTypeTag(cinfo)) {
case SEC_OID_PKCS7_ENVELOPED_DATA:
case SEC_OID_PKCS7_ENCRYPTED_DATA:
return PR_TRUE;
default:
/* callback here for generic wrappers? */
break;
}
}
return PR_FALSE;
}
/*
* NSS_CMSMessage_IsSigned - see if message contains a signed submessage
*
* If the CMS message has a SignedData with a signature (not just a SignedData)
* return true; false otherwise. This can/should be called before calling
* VerifySignature, which will always indicate failure if no signature is
* present, but that does not mean there even was a signature!
* Note that the content itself can be empty (detached content was sent
* another way); it is the presence of the signature that matters.
*/
PRBool
NSS_CMSMessage_IsSigned(NSSCMSMessage *cmsg)
{
NSSCMSContentInfo *cinfo;
if (cmsg == NULL) {
return PR_FALSE;
}
/* walk down the chain of contentinfos */
for (cinfo = &(cmsg->contentInfo); cinfo != NULL;
cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) {
switch (NSS_CMSContentInfo_GetContentTypeTag(cinfo)) {
case SEC_OID_PKCS7_SIGNED_DATA:
if (cinfo->content.signedData == NULL) {
return PR_FALSE;
}
if (!NSS_CMSArray_IsEmpty((void **)cinfo->content.signedData->signerInfos)) {
return PR_TRUE;
}
break;
default:
/* callback here for generic wrappers? */
break;
}
}
return PR_FALSE;
}
/*
* NSS_CMSMessage_IsContentEmpty - see if content is empty
*
* returns PR_TRUE is innermost content length is < minLen
* XXX need the encrypted content length (why?)
*/
PRBool
NSS_CMSMessage_IsContentEmpty(NSSCMSMessage *cmsg, unsigned int minLen)
{
SECItem *item = NULL;
if (cmsg == NULL) {
return PR_TRUE;
}
item = NSS_CMSContentInfo_GetContent(NSS_CMSMessage_GetContentInfo(cmsg));
if (!item) {
return PR_TRUE;
} else if (item->len <= minLen) {
return PR_TRUE;
}
return PR_FALSE;
}