The Tor Browser: security/nss/lib/smime/cmssiginfo.c@7e26c7da4463 (annotated)

security/nss/lib/smime/cmssiginfo.c@7e26c7da4463 (annotated)

security/nss/lib/smime/cmssiginfo.c

Wed, 31 Dec 2014 06:55:50 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Wed, 31 Dec 2014 06:55:50 +0100
changeset 2: 7e26c7da4463
permissions: -rw-r--r--

Added tag UPSTREAM_283F7C6 for changeset ca08bd8f51b2

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * CMS signerInfo methods.
  */
 #include "cmslocal.h"
 #include "cert.h"
 #include "key.h"
 #include "secasn1.h"
 #include "secitem.h"
 #include "secoid.h"
 #include "pk11func.h"
 #include "prtime.h"
 #include "secerr.h"
 #include "secder.h"
 #include "cryptohi.h"
 #include "smime.h"
 /* =============================================================================
  * SIGNERINFO
  */
 NSSCMSSignerInfo *
 nss_cmssignerinfo_create(NSSCMSMessage *cmsg, NSSCMSSignerIDSelector type,
 	CERTCertificate *cert, SECItem *subjKeyID, SECKEYPublicKey *pubKey,
 	SECKEYPrivateKey *signingKey, SECOidTag digestalgtag);
 NSSCMSSignerInfo *
 NSS_CMSSignerInfo_CreateWithSubjKeyID(NSSCMSMessage *cmsg, SECItem *subjKeyID,
 	SECKEYPublicKey *pubKey, SECKEYPrivateKey *signingKey, SECOidTag digestalgtag)
 {
     return nss_cmssignerinfo_create(cmsg, NSSCMSSignerID_SubjectKeyID, NULL, subjKeyID, pubKey, signingKey, digestalgtag);
 }
 NSSCMSSignerInfo *
 NSS_CMSSignerInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert, SECOidTag digestalgtag)
 {
     return nss_cmssignerinfo_create(cmsg, NSSCMSSignerID_IssuerSN, cert, NULL, NULL, NULL, digestalgtag);
 }
 NSSCMSSignerInfo *
 nss_cmssignerinfo_create(NSSCMSMessage *cmsg, NSSCMSSignerIDSelector type,
 	CERTCertificate *cert, SECItem *subjKeyID, SECKEYPublicKey *pubKey,
 	SECKEYPrivateKey *signingKey, SECOidTag digestalgtag)
 {
     void *mark;
     NSSCMSSignerInfo *signerinfo;
     int version;
     PLArenaPool *poolp;
     poolp = cmsg->poolp;
     mark = PORT_ArenaMark(poolp);
     signerinfo = (NSSCMSSignerInfo *)PORT_ArenaZAlloc(poolp, sizeof(NSSCMSSignerInfo));
     if (signerinfo == NULL) {
 	PORT_ArenaRelease(poolp, mark);
 	return NULL;
     }
     signerinfo->cmsg = cmsg;
     switch(type) {
     case NSSCMSSignerID_IssuerSN:
         signerinfo->signerIdentifier.identifierType = NSSCMSSignerID_IssuerSN;
         if ((signerinfo->cert = CERT_DupCertificate(cert)) == NULL)
 	    goto loser;
         if ((signerinfo->signerIdentifier.id.issuerAndSN = CERT_GetCertIssuerAndSN(poolp, cert)) == NULL)
 	    goto loser;
         break;
     case NSSCMSSignerID_SubjectKeyID:
         signerinfo->signerIdentifier.identifierType = NSSCMSSignerID_SubjectKeyID;
         PORT_Assert(subjKeyID);
         if (!subjKeyID)
             goto loser;
         signerinfo->signerIdentifier.id.subjectKeyID = PORT_ArenaNew(poolp, SECItem);
         SECITEM_CopyItem(poolp, signerinfo->signerIdentifier.id.subjectKeyID,
                          subjKeyID);
         signerinfo->signingKey = SECKEY_CopyPrivateKey(signingKey);
         if (!signerinfo->signingKey)
             goto loser;
         signerinfo->pubKey = SECKEY_CopyPublicKey(pubKey);
         if (!signerinfo->pubKey)
             goto loser;
         break;
     default:
         goto loser;
     }
     /* set version right now */
     version = NSS_CMS_SIGNER_INFO_VERSION_ISSUERSN;
     /* RFC2630 5.3 "version is the syntax version number. If the .... " */
     if (signerinfo->signerIdentifier.identifierType == NSSCMSSignerID_SubjectKeyID)
 	version = NSS_CMS_SIGNER_INFO_VERSION_SUBJKEY;
     (void)SEC_ASN1EncodeInteger(poolp, &(signerinfo->version), (long)version);
     if (SECOID_SetAlgorithmID(poolp, &signerinfo->digestAlg, digestalgtag, NULL) != SECSuccess)
 	goto loser;
     PORT_ArenaUnmark(poolp, mark);
     return signerinfo;
 loser:
     PORT_ArenaRelease(poolp, mark);
     return NULL;
 }
 /*
  * NSS_CMSSignerInfo_Destroy - destroy a SignerInfo data structure
  */
 void
 NSS_CMSSignerInfo_Destroy(NSSCMSSignerInfo *si)
 {
     if (si->cert != NULL)
 	CERT_DestroyCertificate(si->cert);
     if (si->certList != NULL)
 	CERT_DestroyCertificateList(si->certList);
     /* XXX storage ??? */
 }
 /*
  * NSS_CMSSignerInfo_Sign - sign something
  *
  */
 SECStatus
 NSS_CMSSignerInfo_Sign(NSSCMSSignerInfo *signerinfo, SECItem *digest,
                        SECItem *contentType)
 {
     CERTCertificate *cert;
     SECKEYPrivateKey *privkey = NULL;
     SECOidTag digestalgtag;
     SECOidTag pubkAlgTag;
     SECItem signature = { 0 };
     SECStatus rv;
     PLArenaPool *poolp, *tmppoolp = NULL;
     SECAlgorithmID *algID, freeAlgID;
     CERTSubjectPublicKeyInfo *spki;
     PORT_Assert (digest != NULL);
     poolp = signerinfo->cmsg->poolp;
     switch (signerinfo->signerIdentifier.identifierType) {
     case NSSCMSSignerID_IssuerSN:
         cert = signerinfo->cert;
         privkey = PK11_FindKeyByAnyCert(cert, signerinfo->cmsg->pwfn_arg);
         if (privkey == NULL)
 	    goto loser;
         algID = &cert->subjectPublicKeyInfo.algorithm;
         break;
     case NSSCMSSignerID_SubjectKeyID:
         privkey = signerinfo->signingKey;
         signerinfo->signingKey = NULL;
         spki = SECKEY_CreateSubjectPublicKeyInfo(signerinfo->pubKey);
         SECKEY_DestroyPublicKey(signerinfo->pubKey);
         signerinfo->pubKey = NULL;
         SECOID_CopyAlgorithmID(NULL, &freeAlgID, &spki->algorithm);
         SECKEY_DestroySubjectPublicKeyInfo(spki);
         algID = &freeAlgID;
         break;
     default:
         goto loser;
     }
     digestalgtag = NSS_CMSSignerInfo_GetDigestAlgTag(signerinfo);
     /*
      * XXX I think there should be a cert-level interface for this,
      * so that I do not have to know about subjectPublicKeyInfo...
      */
     pubkAlgTag = SECOID_GetAlgorithmTag(algID);
     if (signerinfo->signerIdentifier.identifierType == NSSCMSSignerID_SubjectKeyID) {
       SECOID_DestroyAlgorithmID(&freeAlgID, PR_FALSE);
     }
     if (signerinfo->authAttr != NULL) {
 	SECOidTag signAlgTag;
 	SECItem encoded_attrs;
 	/* find and fill in the message digest attribute. */
 	rv = NSS_CMSAttributeArray_SetAttr(poolp, &(signerinfo->authAttr),
 	                       SEC_OID_PKCS9_MESSAGE_DIGEST, digest, PR_FALSE);
 	if (rv != SECSuccess)
 	    goto loser;
 	if (contentType != NULL) {
 	    /* if the caller wants us to, find and fill in the content type attribute. */
 	    rv = NSS_CMSAttributeArray_SetAttr(poolp, &(signerinfo->authAttr),
 	                    SEC_OID_PKCS9_CONTENT_TYPE, contentType, PR_FALSE);
 	    if (rv != SECSuccess)
 		goto loser;
 	}
 	if ((tmppoolp = PORT_NewArena (1024)) == NULL) {
 	    PORT_SetError(SEC_ERROR_NO_MEMORY);
 	    goto loser;
 	}
 	/*
 	 * Before encoding, reorder the attributes so that when they
 	 * are encoded, they will be conforming DER, which is required
 	 * to have a specific order and that is what must be used for
 	 * the hash/signature.  We do this here, rather than building
 	 * it into EncodeAttributes, because we do not want to do
 	 * such reordering on incoming messages (which also uses
 	 * EncodeAttributes) or our old signatures (and other "broken"
 	 * implementations) will not verify.  So, we want to guarantee
 	 * that we send out good DER encodings of attributes, but not
 	 * to expect to receive them.
 	 */
 	if (NSS_CMSAttributeArray_Reorder(signerinfo->authAttr) != SECSuccess)
 	    goto loser;
 	encoded_attrs.data = NULL;
 	encoded_attrs.len = 0;
 	if (NSS_CMSAttributeArray_Encode(tmppoolp, &(signerinfo->authAttr),
 	                &encoded_attrs) == NULL)
 	    goto loser;
 	signAlgTag = SEC_GetSignatureAlgorithmOidTag(privkey->keyType,
                                                      digestalgtag);
 	if (signAlgTag == SEC_OID_UNKNOWN) {
 	    PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
 	    goto loser;
 	}
 	rv = SEC_SignData(&signature, encoded_attrs.data, encoded_attrs.len,
 	                  privkey, signAlgTag);
 	PORT_FreeArena(tmppoolp, PR_FALSE); /* awkward memory management :-( */
 	tmppoolp = 0;
     } else {
 	rv = SGN_Digest(privkey, digestalgtag, &signature, digest);
     }
     SECKEY_DestroyPrivateKey(privkey);
     privkey = NULL;
     if (rv != SECSuccess)
 	goto loser;
     if (SECITEM_CopyItem(poolp, &(signerinfo->encDigest), &signature)
           != SECSuccess)
 	goto loser;
     SECITEM_FreeItem(&signature, PR_FALSE);
     if (SECOID_SetAlgorithmID(poolp, &(signerinfo->digestEncAlg), pubkAlgTag,
                               NULL) != SECSuccess)
 	goto loser;
     return SECSuccess;
 loser:
     if (signature.len != 0)
 	SECITEM_FreeItem (&signature, PR_FALSE);
     if (privkey)
 	SECKEY_DestroyPrivateKey(privkey);
     if (tmppoolp)
 	PORT_FreeArena(tmppoolp, PR_FALSE);
     return SECFailure;
 }
 SECStatus
 NSS_CMSSignerInfo_VerifyCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDBHandle *certdb,
 			    SECCertUsage certusage)
 {
     CERTCertificate *cert;
     PRTime stime;
     if ((cert = NSS_CMSSignerInfo_GetSigningCertificate(signerinfo, certdb)) == NULL) {
 	signerinfo->verificationStatus = NSSCMSVS_SigningCertNotFound;
 	return SECFailure;
     }
     /*
      * Get and convert the signing time; if available, it will be used
      * both on the cert verification and for importing the sender
      * email profile.
      */
     if (NSS_CMSSignerInfo_GetSigningTime (signerinfo, &stime) != SECSuccess)
 	stime = PR_Now(); /* not found or conversion failed, so check against now */
     /*
      * XXX  This uses the signing time, if available.  Additionally, we
      * might want to, if there is no signing time, get the message time
      * from the mail header itself, and use that.  That would require
      * a change to our interface though, and for S/MIME callers to pass
      * in a time (and for non-S/MIME callers to pass in nothing, or
      * maybe make them pass in the current time, always?).
      */
     if (CERT_VerifyCert(certdb, cert, PR_TRUE, certusage, stime,
                         signerinfo->cmsg->pwfn_arg, NULL) != SECSuccess) {
 	signerinfo->verificationStatus = NSSCMSVS_SigningCertNotTrusted;
 	return SECFailure;
     }
     return SECSuccess;
 }
 /*
  * NSS_CMSSignerInfo_Verify - verify the signature of a single SignerInfo
  *
  * Just verifies the signature. The assumption is that verification of
  * the certificate is done already.
  */
 SECStatus
 NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo,
                          SECItem *digest,               /* may be NULL */
                          SECItem *contentType)          /* may be NULL */
 {
     SECKEYPublicKey *publickey = NULL;
     NSSCMSAttribute *attr;
     SECItem encoded_attrs;
     CERTCertificate *cert;
     NSSCMSVerificationStatus vs = NSSCMSVS_Unverified;
     PLArenaPool *poolp;
     SECOidTag    digestalgtag;
     SECOidTag    pubkAlgTag;
     if (signerinfo == NULL)
 	return SECFailure;
     /* NSS_CMSSignerInfo_GetSigningCertificate will fail if 2nd parm is NULL
     ** and cert has not been verified
     */
     cert = NSS_CMSSignerInfo_GetSigningCertificate(signerinfo, NULL);
     if (cert == NULL) {
 	vs = NSSCMSVS_SigningCertNotFound;
 	goto loser;
     }
     if ((publickey = CERT_ExtractPublicKey(cert)) == NULL) {
 	vs = NSSCMSVS_ProcessingError;
 	goto loser;
     }
     digestalgtag = NSS_CMSSignerInfo_GetDigestAlgTag(signerinfo);
     pubkAlgTag = SECOID_GetAlgorithmTag(&(signerinfo->digestEncAlg));
     if ((pubkAlgTag == SEC_OID_UNKNOWN) || (digestalgtag == SEC_OID_UNKNOWN)) {
 	vs = NSSCMSVS_SignatureAlgorithmUnknown;
 	goto loser;
     }
     if (!NSS_CMSArray_IsEmpty((void **)signerinfo->authAttr)) {
 	if (contentType) {
 	    /*
 	     * Check content type
 	     *
 	     * RFC2630 sez that if there are any authenticated attributes,
 	     * then there must be one for content type which matches the
 	     * content type of the content being signed, and there must
 	     * be one for message digest which matches our message digest.
 	     * So check these things first.
 	     */
 	    attr = NSS_CMSAttributeArray_FindAttrByOidTag(signerinfo->authAttr,
 					SEC_OID_PKCS9_CONTENT_TYPE, PR_TRUE);
 	    if (attr == NULL) {
 		vs = NSSCMSVS_MalformedSignature;
 		goto loser;
 	    }
 	    if (NSS_CMSAttribute_CompareValue(attr, contentType) == PR_FALSE) {
 		vs = NSSCMSVS_MalformedSignature;
 		goto loser;
 	    }
 	}
 	/*
 	 * Check digest
 	 */
 	attr = NSS_CMSAttributeArray_FindAttrByOidTag(signerinfo->authAttr,
 	                              SEC_OID_PKCS9_MESSAGE_DIGEST, PR_TRUE);
 	if (attr == NULL) {
 	    vs = NSSCMSVS_MalformedSignature;
 	    goto loser;
 	}
 	if (!digest ||
 	    NSS_CMSAttribute_CompareValue(attr, digest) == PR_FALSE) {
 	    vs = NSSCMSVS_DigestMismatch;
 	    goto loser;
 	}
 	if ((poolp = PORT_NewArena (1024)) == NULL) {
 	    vs = NSSCMSVS_ProcessingError;
 	    goto loser;
 	}
 	/*
 	 * Check signature
 	 *
 	 * The signature is based on a digest of the DER-encoded authenticated
 	 * attributes.  So, first we encode and then we digest/verify.
 	 * we trust the decoder to have the attributes in the right (sorted)
 	 * order
 	 */
 	encoded_attrs.data = NULL;
 	encoded_attrs.len = 0;
 	if (NSS_CMSAttributeArray_Encode(poolp, &(signerinfo->authAttr),
 	                                 &encoded_attrs) == NULL ||
 		encoded_attrs.data == NULL || encoded_attrs.len == 0) {
 	    vs = NSSCMSVS_ProcessingError;
 	    goto loser;
 	}
 	vs = (VFY_VerifyDataDirect(encoded_attrs.data, encoded_attrs.len,
 		publickey, &(signerinfo->encDigest), pubkAlgTag,
 		digestalgtag, NULL, signerinfo->cmsg->pwfn_arg) != SECSuccess)
 		? NSSCMSVS_BadSignature : NSSCMSVS_GoodSignature;
 	PORT_FreeArena(poolp, PR_FALSE);  /* awkward memory management :-( */
     } else {
 	SECItem *sig;
 	/* No authenticated attributes.
 	** The signature is based on the plain message digest.
 	*/
 	sig = &(signerinfo->encDigest);
 	if (sig->len == 0)
 	    goto loser;
 	vs = (!digest ||
 	      VFY_VerifyDigestDirect(digest, publickey, sig, pubkAlgTag,
 		digestalgtag, signerinfo->cmsg->pwfn_arg) != SECSuccess)
 		? NSSCMSVS_BadSignature : NSSCMSVS_GoodSignature;
     }
     if (vs == NSSCMSVS_BadSignature) {
 	int error = PORT_GetError();
 	/*
 	 * XXX Change the generic error into our specific one, because
 	 * in that case we get a better explanation out of the Security
 	 * Advisor.  This is really a bug in the PSM error strings (the
 	 * "generic" error has a lousy/wrong message associated with it
 	 * which assumes the signature verification was done for the
 	 * purposes of checking the issuer signature on a certificate)
 	 * but this is at least an easy workaround and/or in the
 	 * Security Advisor, which specifically checks for the error
 	 * SEC_ERROR_PKCS7_BAD_SIGNATURE and gives more explanation
 	 * in that case but does not similarly check for
 	 * SEC_ERROR_BAD_SIGNATURE.  It probably should, but then would
 	 * probably say the wrong thing in the case that it *was* the
 	 * certificate signature check that failed during the cert
 	 * verification done above.  Our error handling is really a mess.
 	 */
 	if (error == SEC_ERROR_BAD_SIGNATURE)
 	    PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
 	/*
 	 * map algorithm failures to NSSCMSVS values
 	 */
 	if ((error == SEC_ERROR_PKCS7_KEYALG_MISMATCH) ||
 	    (error == SEC_ERROR_INVALID_ALGORITHM)) {
 	    /* keep the same error code as 3.11 and before */
 	    PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
 	    vs = NSSCMSVS_SignatureAlgorithmUnsupported;
 	}
     }
     if (publickey != NULL)
 	SECKEY_DestroyPublicKey (publickey);
     signerinfo->verificationStatus = vs;
     return (vs == NSSCMSVS_GoodSignature) ? SECSuccess : SECFailure;
 loser:
     if (publickey != NULL)
 	SECKEY_DestroyPublicKey (publickey);
     signerinfo->verificationStatus = vs;
     PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
     return SECFailure;
 }
 NSSCMSVerificationStatus
 NSS_CMSSignerInfo_GetVerificationStatus(NSSCMSSignerInfo *signerinfo)
 {
     return signerinfo->verificationStatus;
 }
 SECOidData *
 NSS_CMSSignerInfo_GetDigestAlg(NSSCMSSignerInfo *signerinfo)
 {
     SECOidData *algdata;
     SECOidTag   algtag;
     algdata = SECOID_FindOID (&(signerinfo->digestAlg.algorithm));
     if (algdata == NULL) {
 	return algdata;
     }
     /* Windows may have given us a signer algorithm oid instead of a digest
      * algorithm oid. This call will map to a signer oid to a digest one,
      * otherwise it leaves the oid alone and let the chips fall as they may
      * if it's not a digest oid.
      */
     algtag = NSS_CMSUtil_MapSignAlgs(algdata->offset);
     if (algtag != algdata->offset) {
 	/* if the tags don't match, then we must have received a signer
 	 * algorithID. Now we need to get the oid data for the digest
 	 * oid, which the rest of the code is expecting */
 	algdata = SECOID_FindOIDByTag(algtag);
     }
     return algdata;
 }
 SECOidTag
 NSS_CMSSignerInfo_GetDigestAlgTag(NSSCMSSignerInfo *signerinfo)
 {
     SECOidData *algdata;
     if (!signerinfo) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SEC_OID_UNKNOWN;
     }
     algdata = NSS_CMSSignerInfo_GetDigestAlg(signerinfo);
     if (algdata != NULL)
 	return algdata->offset;
     else
 	return SEC_OID_UNKNOWN;
 }
 CERTCertificateList *
 NSS_CMSSignerInfo_GetCertList(NSSCMSSignerInfo *signerinfo)
 {
     return signerinfo->certList;
 }
 int
 NSS_CMSSignerInfo_GetVersion(NSSCMSSignerInfo *signerinfo)
 {
     unsigned long version;
     /* always take apart the SECItem */
     if (SEC_ASN1DecodeInteger(&(signerinfo->version), &version) != SECSuccess)
 	return 0;
     else
 	return (int)version;
 }
 /*
  * NSS_CMSSignerInfo_GetSigningTime - return the signing time,
  *				      in UTCTime or GeneralizedTime format,
  *                                    of a CMS signerInfo.
  *
  * sinfo - signerInfo data for this signer
  *
  * Returns a pointer to XXXX (what?)
  * A return value of NULL is an error.
  */
 SECStatus
 NSS_CMSSignerInfo_GetSigningTime(NSSCMSSignerInfo *sinfo, PRTime *stime)
 {
     NSSCMSAttribute *attr;
     SECItem *value;
     if (sinfo == NULL)
 	return SECFailure;
     if (sinfo->signingTime != 0) {
 	*stime = sinfo->signingTime;	/* cached copy */
 	return SECSuccess;
     }
     attr = NSS_CMSAttributeArray_FindAttrByOidTag(sinfo->authAttr, SEC_OID_PKCS9_SIGNING_TIME, PR_TRUE);
     /* XXXX multi-valued attributes NIH */
     if (attr == NULL || (value = NSS_CMSAttribute_GetValue(attr)) == NULL)
 	return SECFailure;
     if (DER_DecodeTimeChoice(stime, value) != SECSuccess)
 	return SECFailure;
     sinfo->signingTime = *stime;	/* make cached copy */
     return SECSuccess;
 }
 /*
  * Return the signing cert of a CMS signerInfo.
  *
  * the certs in the enclosing SignedData must have been imported already
  */
 CERTCertificate *
 NSS_CMSSignerInfo_GetSigningCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDBHandle *certdb)
 {
     CERTCertificate *cert;
     NSSCMSSignerIdentifier *sid;
     if (signerinfo->cert != NULL)
 	return signerinfo->cert;
     /* no certdb, and cert hasn't been set yet? */
     if (certdb == NULL)
 	return NULL;
     /*
      * This cert will also need to be freed, but since we save it
      * in signerinfo for later, we do not want to destroy it when
      * we leave this function -- we let the clean-up of the entire
      * cinfo structure later do the destroy of this cert.
      */
     sid = &signerinfo->signerIdentifier;
     switch (sid->identifierType) {
     case NSSCMSSignerID_IssuerSN:
 	cert = CERT_FindCertByIssuerAndSN(certdb, sid->id.issuerAndSN);
 	break;
     case NSSCMSSignerID_SubjectKeyID:
 	cert = CERT_FindCertBySubjectKeyID(certdb, sid->id.subjectKeyID);
 	break;
     default:
 	cert = NULL;
 	break;
     }
     /* cert can be NULL at that point */
     signerinfo->cert = cert;	/* earmark it */
     return cert;
 }
 /*
  * NSS_CMSSignerInfo_GetSignerCommonName - return the common name of the signer
  *
  * sinfo - signerInfo data for this signer
  *
  * Returns a pointer to allocated memory, which must be freed with PORT_Free.
  * A return value of NULL is an error.
  */
 char *
 NSS_CMSSignerInfo_GetSignerCommonName(NSSCMSSignerInfo *sinfo)
 {
     CERTCertificate *signercert;
     /* will fail if cert is not verified */
     if ((signercert = NSS_CMSSignerInfo_GetSigningCertificate(sinfo, NULL)) == NULL)
 	return NULL;
     return (CERT_GetCommonName(&signercert->subject));
 }
 /*
  * NSS_CMSSignerInfo_GetSignerEmailAddress - return the common name of the signer
  *
  * sinfo - signerInfo data for this signer
  *
  * Returns a pointer to allocated memory, which must be freed.
  * A return value of NULL is an error.
  */
 char *
 NSS_CMSSignerInfo_GetSignerEmailAddress(NSSCMSSignerInfo *sinfo)
 {
     CERTCertificate *signercert;
     if ((signercert = NSS_CMSSignerInfo_GetSigningCertificate(sinfo, NULL)) == NULL)
 	return NULL;
     if (!signercert->emailAddr || !signercert->emailAddr[0])
 	return NULL;
     return (PORT_Strdup(signercert->emailAddr));
 }
 /*
  * NSS_CMSSignerInfo_AddAuthAttr - add an attribute to the
  * authenticated (i.e. signed) attributes of "signerinfo".
  */
 SECStatus
 NSS_CMSSignerInfo_AddAuthAttr(NSSCMSSignerInfo *signerinfo, NSSCMSAttribute *attr)
 {
     return NSS_CMSAttributeArray_AddAttr(signerinfo->cmsg->poolp, &(signerinfo->authAttr), attr);
 }
 /*
  * NSS_CMSSignerInfo_AddUnauthAttr - add an attribute to the
  * unauthenticated attributes of "signerinfo".
  */
 SECStatus
 NSS_CMSSignerInfo_AddUnauthAttr(NSSCMSSignerInfo *signerinfo, NSSCMSAttribute *attr)
 {
     return NSS_CMSAttributeArray_AddAttr(signerinfo->cmsg->poolp, &(signerinfo->unAuthAttr), attr);
 }
 /*
  * NSS_CMSSignerInfo_AddSigningTime - add the signing time to the
  * authenticated (i.e. signed) attributes of "signerinfo".
  *
  * This is expected to be included in outgoing signed
  * messages for email (S/MIME) but is likely useful in other situations.
  *
  * This should only be added once; a second call will do nothing.
  *
  * XXX This will probably just shove the current time into "signerinfo"
  * but it will not actually get signed until the entire item is
  * processed for encoding.  Is this (expected to be small) delay okay?
  */
 SECStatus
 NSS_CMSSignerInfo_AddSigningTime(NSSCMSSignerInfo *signerinfo, PRTime t)
 {
     NSSCMSAttribute *attr;
     SECItem stime;
     void *mark;
     PLArenaPool *poolp;
     poolp = signerinfo->cmsg->poolp;
     mark = PORT_ArenaMark(poolp);
     /* create new signing time attribute */
     if (DER_EncodeTimeChoice(NULL, &stime, t) != SECSuccess)
 	goto loser;
     if ((attr = NSS_CMSAttribute_Create(poolp, SEC_OID_PKCS9_SIGNING_TIME, &stime, PR_FALSE)) == NULL) {
 	SECITEM_FreeItem (&stime, PR_FALSE);
 	goto loser;
     }
     SECITEM_FreeItem (&stime, PR_FALSE);
     if (NSS_CMSSignerInfo_AddAuthAttr(signerinfo, attr) != SECSuccess)
 	goto loser;
     PORT_ArenaUnmark (poolp, mark);
     return SECSuccess;
 loser:
     PORT_ArenaRelease (poolp, mark);
     return SECFailure;
 }
 /*
  * NSS_CMSSignerInfo_AddSMIMECaps - add a SMIMECapabilities attribute to the
  * authenticated (i.e. signed) attributes of "signerinfo".
  *
  * This is expected to be included in outgoing signed
  * messages for email (S/MIME).
  */
 SECStatus
 NSS_CMSSignerInfo_AddSMIMECaps(NSSCMSSignerInfo *signerinfo)
 {
     NSSCMSAttribute *attr;
     SECItem *smimecaps = NULL;
     void *mark;
     PLArenaPool *poolp;
     poolp = signerinfo->cmsg->poolp;
     mark = PORT_ArenaMark(poolp);
     smimecaps = SECITEM_AllocItem(poolp, NULL, 0);
     if (smimecaps == NULL)
 	goto loser;
     /* create new signing time attribute */
     if (NSS_SMIMEUtil_CreateSMIMECapabilities(poolp, smimecaps) != SECSuccess)
 	goto loser;
     if ((attr = NSS_CMSAttribute_Create(poolp, SEC_OID_PKCS9_SMIME_CAPABILITIES, smimecaps, PR_TRUE)) == NULL)
 	goto loser;
     if (NSS_CMSSignerInfo_AddAuthAttr(signerinfo, attr) != SECSuccess)
 	goto loser;
     PORT_ArenaUnmark (poolp, mark);
     return SECSuccess;
 loser:
     PORT_ArenaRelease (poolp, mark);
     return SECFailure;
 }
 /*
  * NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs - add a SMIMEEncryptionKeyPreferences attribute to the
  * authenticated (i.e. signed) attributes of "signerinfo".
  *
  * This is expected to be included in outgoing signed messages for email (S/MIME).
  */
 SECStatus
 NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(NSSCMSSignerInfo *signerinfo, CERTCertificate *cert, CERTCertDBHandle *certdb)
 {
     NSSCMSAttribute *attr;
     SECItem *smimeekp = NULL;
     void *mark;
     PLArenaPool *poolp;
     /* verify this cert for encryption */
     if (CERT_VerifyCert(certdb, cert, PR_TRUE, certUsageEmailRecipient, PR_Now(), signerinfo->cmsg->pwfn_arg, NULL) != SECSuccess) {
 	return SECFailure;
     }
     poolp = signerinfo->cmsg->poolp;
     mark = PORT_ArenaMark(poolp);
     smimeekp = SECITEM_AllocItem(poolp, NULL, 0);
     if (smimeekp == NULL)
 	goto loser;
     /* create new signing time attribute */
     if (NSS_SMIMEUtil_CreateSMIMEEncKeyPrefs(poolp, smimeekp, cert) != SECSuccess)
 	goto loser;
     if ((attr = NSS_CMSAttribute_Create(poolp, SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE, smimeekp, PR_TRUE)) == NULL)
 	goto loser;
     if (NSS_CMSSignerInfo_AddAuthAttr(signerinfo, attr) != SECSuccess)
 	goto loser;
     PORT_ArenaUnmark (poolp, mark);
     return SECSuccess;
 loser:
     PORT_ArenaRelease (poolp, mark);
     return SECFailure;
 }
 /*
  * NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs - add a SMIMEEncryptionKeyPreferences attribute to the
  * authenticated (i.e. signed) attributes of "signerinfo", using the OID preferred by Microsoft.
  *
  * This is expected to be included in outgoing signed messages for email (S/MIME),
  * if compatibility with Microsoft mail clients is wanted.
  */
 SECStatus
 NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(NSSCMSSignerInfo *signerinfo, CERTCertificate *cert, CERTCertDBHandle *certdb)
 {
     NSSCMSAttribute *attr;
     SECItem *smimeekp = NULL;
     void *mark;
     PLArenaPool *poolp;
     /* verify this cert for encryption */
     if (CERT_VerifyCert(certdb, cert, PR_TRUE, certUsageEmailRecipient, PR_Now(), signerinfo->cmsg->pwfn_arg, NULL) != SECSuccess) {
 	return SECFailure;
     }
     poolp = signerinfo->cmsg->poolp;
     mark = PORT_ArenaMark(poolp);
     smimeekp = SECITEM_AllocItem(poolp, NULL, 0);
     if (smimeekp == NULL)
 	goto loser;
     /* create new signing time attribute */
     if (NSS_SMIMEUtil_CreateMSSMIMEEncKeyPrefs(poolp, smimeekp, cert) != SECSuccess)
 	goto loser;
     if ((attr = NSS_CMSAttribute_Create(poolp, SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE, smimeekp, PR_TRUE)) == NULL)
 	goto loser;
     if (NSS_CMSSignerInfo_AddAuthAttr(signerinfo, attr) != SECSuccess)
 	goto loser;
     PORT_ArenaUnmark (poolp, mark);
     return SECSuccess;
 loser:
     PORT_ArenaRelease (poolp, mark);
     return SECFailure;
 }
 /*
  * NSS_CMSSignerInfo_AddCounterSignature - countersign a signerinfo
  *
  * 1. digest the DER-encoded signature value of the original signerinfo
  * 2. create new signerinfo with correct version, sid, digestAlg
  * 3. add message-digest authAttr, but NO content-type
  * 4. sign the authAttrs
  * 5. DER-encode the new signerInfo
  * 6. add the whole thing to original signerInfo's unAuthAttrs
  *    as a SEC_OID_PKCS9_COUNTER_SIGNATURE attribute
  *
  * XXXX give back the new signerinfo?
  */
 SECStatus
 NSS_CMSSignerInfo_AddCounterSignature(NSSCMSSignerInfo *signerinfo,
 				    SECOidTag digestalg, CERTCertificate signingcert)
 {
     /* XXXX TBD XXXX */
     return SECFailure;
 }
 /*
  * XXXX the following needs to be done in the S/MIME layer code
  * after signature of a signerinfo is verified
  */
 SECStatus
 NSS_SMIMESignerInfo_SaveSMIMEProfile(NSSCMSSignerInfo *signerinfo)
 {
     CERTCertificate *cert = NULL;
     SECItem *profile = NULL;
     NSSCMSAttribute *attr;
     SECItem *stime = NULL;
     SECItem *ekp;
     CERTCertDBHandle *certdb;
     int save_error;
     SECStatus rv;
     PRBool must_free_cert = PR_FALSE;
     certdb = CERT_GetDefaultCertDB();
     /* sanity check - see if verification status is ok (unverified does not count...) */
     if (signerinfo->verificationStatus != NSSCMSVS_GoodSignature)
 	return SECFailure;
     /* find preferred encryption cert */
     if (!NSS_CMSArray_IsEmpty((void **)signerinfo->authAttr) &&
 	(attr = NSS_CMSAttributeArray_FindAttrByOidTag(signerinfo->authAttr,
 			       SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE, PR_TRUE)) != NULL)
     { /* we have a SMIME_ENCRYPTION_KEY_PREFERENCE attribute! */
 	ekp = NSS_CMSAttribute_GetValue(attr);
 	if (ekp == NULL)
 	    return SECFailure;
 	/* we assume that all certs coming with the message have been imported to the */
 	/* temporary database */
 	cert = NSS_SMIMEUtil_GetCertFromEncryptionKeyPreference(certdb, ekp);
 	if (cert == NULL)
 	    return SECFailure;
 	must_free_cert = PR_TRUE;
     }
     if (cert == NULL) {
 	/* no preferred cert found?
 	 * find the cert the signerinfo is signed with instead */
 	cert = NSS_CMSSignerInfo_GetSigningCertificate(signerinfo, certdb);
 	if (cert == NULL || cert->emailAddr == NULL || !cert->emailAddr[0])
 	    return SECFailure;
     }
     /* verify this cert for encryption (has been verified for signing so far) */
     /* don't verify this cert for encryption. It may just be a signing cert.
      * that's OK, we can still save the S/MIME profile. The encryption cert
      * should have already been saved */
 #ifdef notdef
     if (CERT_VerifyCert(certdb, cert, PR_TRUE, certUsageEmailRecipient, PR_Now(), signerinfo->cmsg->pwfn_arg, NULL) != SECSuccess) {
 	if (must_free_cert)
 	    CERT_DestroyCertificate(cert);
 	return SECFailure;
     }
 #endif
     /* XXX store encryption cert permanently? */
     /*
      * Remember the current error set because we do not care about
      * anything set by the functions we are about to call.
      */
     save_error = PORT_GetError();
     if (!NSS_CMSArray_IsEmpty((void **)signerinfo->authAttr)) {
 	attr = NSS_CMSAttributeArray_FindAttrByOidTag(signerinfo->authAttr,
 				       SEC_OID_PKCS9_SMIME_CAPABILITIES,
 				       PR_TRUE);
 	profile = NSS_CMSAttribute_GetValue(attr);
 	attr = NSS_CMSAttributeArray_FindAttrByOidTag(signerinfo->authAttr,
 				       SEC_OID_PKCS9_SIGNING_TIME,
 				       PR_TRUE);
 	stime = NSS_CMSAttribute_GetValue(attr);
     }
     rv = CERT_SaveSMimeProfile (cert, profile, stime);
     if (must_free_cert)
 	CERT_DestroyCertificate(cert);
     /*
      * Restore the saved error in case the calls above set a new
      * one that we do not actually care about.
      */
     PORT_SetError (save_error);
     return rv;
 }
 /*
  * NSS_CMSSignerInfo_IncludeCerts - set cert chain inclusion mode for this signer
  */
 SECStatus
 NSS_CMSSignerInfo_IncludeCerts(NSSCMSSignerInfo *signerinfo, NSSCMSCertChainMode cm, SECCertUsage usage)
 {
     if (signerinfo->cert == NULL)
 	return SECFailure;
     /* don't leak if we get called twice */
     if (signerinfo->certList != NULL) {
 	CERT_DestroyCertificateList(signerinfo->certList);
 	signerinfo->certList = NULL;
     }
     switch (cm) {
     case NSSCMSCM_None:
 	signerinfo->certList = NULL;
 	break;
     case NSSCMSCM_CertOnly:
 	signerinfo->certList = CERT_CertListFromCert(signerinfo->cert);
 	break;
     case NSSCMSCM_CertChain:
 	signerinfo->certList = CERT_CertChainFromCert(signerinfo->cert, usage, PR_FALSE);
 	break;
     case NSSCMSCM_CertChainWithRoot:
 	signerinfo->certList = CERT_CertChainFromCert(signerinfo->cert, usage, PR_TRUE);
 	break;
     }
     if (cm != NSSCMSCM_None && signerinfo->certList == NULL)
 	return SECFailure;
     return SECSuccess;
 }

The Tor Browser / annotate

security/nss/lib/smime/cmssiginfo.c@7e26c7da4463 (annotated)

security/nss/lib/smime/cmssiginfo.c