michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: /* michael@0: * PKCS7 decoding, verification. michael@0: */ michael@0: michael@0: #include "p7local.h" michael@0: michael@0: #include "cert.h" michael@0: /* XXX do not want to have to include */ michael@0: #include "certdb.h" /* certdb.h -- the trust stuff needed by */ michael@0: /* the add certificate code needs to get */ michael@0: /* rewritten/abstracted and then this */ michael@0: /* include should be removed! */ michael@0: /*#include "cdbhdl.h" */ michael@0: #include "cryptohi.h" michael@0: #include "key.h" michael@0: #include "secasn1.h" michael@0: #include "secitem.h" michael@0: #include "secoid.h" michael@0: #include "pk11func.h" michael@0: #include "prtime.h" michael@0: #include "secerr.h" michael@0: #include "sechash.h" /* for HASH_GetHashObject() */ michael@0: #include "secder.h" michael@0: #include "secpkcs5.h" michael@0: michael@0: struct sec_pkcs7_decoder_worker { michael@0: int depth; michael@0: int digcnt; michael@0: void **digcxs; michael@0: const SECHashObject **digobjs; michael@0: sec_PKCS7CipherObject *decryptobj; michael@0: PRBool saw_contents; michael@0: }; michael@0: michael@0: struct SEC_PKCS7DecoderContextStr { michael@0: SEC_ASN1DecoderContext *dcx; michael@0: SEC_PKCS7ContentInfo *cinfo; michael@0: SEC_PKCS7DecoderContentCallback cb; michael@0: void *cb_arg; michael@0: SECKEYGetPasswordKey pwfn; michael@0: void *pwfn_arg; michael@0: struct sec_pkcs7_decoder_worker worker; michael@0: PLArenaPool *tmp_poolp; michael@0: int error; michael@0: SEC_PKCS7GetDecryptKeyCallback dkcb; michael@0: void *dkcb_arg; michael@0: SEC_PKCS7DecryptionAllowedCallback decrypt_allowed_cb; michael@0: }; michael@0: michael@0: /* michael@0: * Handle one worker, decrypting and digesting the data as necessary. michael@0: * michael@0: * XXX If/when we support nested contents, this probably needs to be michael@0: * revised somewhat to get passed the content-info (which unfortunately michael@0: * can be two different types depending on whether it is encrypted or not) michael@0: * corresponding to the given worker. michael@0: */ michael@0: static void michael@0: sec_pkcs7_decoder_work_data (SEC_PKCS7DecoderContext *p7dcx, michael@0: struct sec_pkcs7_decoder_worker *worker, michael@0: const unsigned char *data, unsigned long len, michael@0: PRBool final) michael@0: { michael@0: unsigned char *buf = NULL; michael@0: SECStatus rv; michael@0: int i; michael@0: michael@0: /* michael@0: * We should really have data to process, or we should be trying michael@0: * to finish/flush the last block. (This is an overly paranoid michael@0: * check since all callers are in this file and simple inspection michael@0: * proves they do it right. But it could find a bug in future michael@0: * modifications/development, that is why it is here.) michael@0: */ michael@0: PORT_Assert ((data != NULL && len) || final); michael@0: michael@0: /* michael@0: * Decrypt this chunk. michael@0: * michael@0: * XXX If we get an error, we do not want to do the digest or callback, michael@0: * but we want to keep decoding. Or maybe we want to stop decoding michael@0: * altogether if there is a callback, because obviously we are not michael@0: * sending the data back and they want to know that. michael@0: */ michael@0: if (worker->decryptobj != NULL) { michael@0: /* XXX the following lengths should all be longs? */ michael@0: unsigned int inlen; /* length of data being decrypted */ michael@0: unsigned int outlen; /* length of decrypted data */ michael@0: unsigned int buflen; /* length available for decrypted data */ michael@0: SECItem *plain; michael@0: michael@0: inlen = len; michael@0: buflen = sec_PKCS7DecryptLength (worker->decryptobj, inlen, final); michael@0: if (buflen == 0) { michael@0: if (inlen == 0) /* no input and no output */ michael@0: return; michael@0: /* michael@0: * No output is expected, but the input data may be buffered michael@0: * so we still have to call Decrypt. michael@0: */ michael@0: rv = sec_PKCS7Decrypt (worker->decryptobj, NULL, NULL, 0, michael@0: data, inlen, final); michael@0: if (rv != SECSuccess) { michael@0: p7dcx->error = PORT_GetError(); michael@0: return; /* XXX indicate error? */ michael@0: } michael@0: return; michael@0: } michael@0: michael@0: if (p7dcx->cb != NULL) { michael@0: buf = (unsigned char *) PORT_Alloc (buflen); michael@0: plain = NULL; michael@0: } else { michael@0: unsigned long oldlen; michael@0: michael@0: /* michael@0: * XXX This assumes one level of content only. michael@0: * See comment above about nested content types. michael@0: * XXX Also, it should work for signedAndEnvelopedData, too! michael@0: */ michael@0: plain = &(p7dcx->cinfo-> michael@0: content.envelopedData->encContentInfo.plainContent); michael@0: michael@0: oldlen = plain->len; michael@0: if (oldlen == 0) { michael@0: buf = (unsigned char*)PORT_ArenaAlloc (p7dcx->cinfo->poolp, michael@0: buflen); michael@0: } else { michael@0: buf = (unsigned char*)PORT_ArenaGrow (p7dcx->cinfo->poolp, michael@0: plain->data, michael@0: oldlen, oldlen + buflen); michael@0: if (buf != NULL) michael@0: buf += oldlen; michael@0: } michael@0: plain->data = buf; michael@0: } michael@0: if (buf == NULL) { michael@0: p7dcx->error = SEC_ERROR_NO_MEMORY; michael@0: return; /* XXX indicate error? */ michael@0: } michael@0: rv = sec_PKCS7Decrypt (worker->decryptobj, buf, &outlen, buflen, michael@0: data, inlen, final); michael@0: if (rv != SECSuccess) { michael@0: p7dcx->error = PORT_GetError(); michael@0: return; /* XXX indicate error? */ michael@0: } michael@0: if (plain != NULL) { michael@0: PORT_Assert (final || outlen == buflen); michael@0: plain->len += outlen; michael@0: } michael@0: data = buf; michael@0: len = outlen; michael@0: } michael@0: michael@0: /* michael@0: * Update the running digests. michael@0: */ michael@0: if (len) { michael@0: for (i = 0; i < worker->digcnt; i++) { michael@0: (* worker->digobjs[i]->update) (worker->digcxs[i], data, len); michael@0: } michael@0: } michael@0: michael@0: /* michael@0: * Pass back the contents bytes, and free the temporary buffer. michael@0: */ michael@0: if (p7dcx->cb != NULL) { michael@0: if (len) michael@0: (* p7dcx->cb) (p7dcx->cb_arg, (const char *)data, len); michael@0: if (worker->decryptobj != NULL) { michael@0: PORT_Assert (buf != NULL); michael@0: PORT_Free (buf); michael@0: } michael@0: } michael@0: } michael@0: michael@0: static void michael@0: sec_pkcs7_decoder_filter (void *arg, const char *data, unsigned long len, michael@0: int depth, SEC_ASN1EncodingPart data_kind) michael@0: { michael@0: SEC_PKCS7DecoderContext *p7dcx; michael@0: struct sec_pkcs7_decoder_worker *worker; michael@0: michael@0: /* michael@0: * Since we do not handle any nested contents, the only bytes we michael@0: * are really interested in are the actual contents bytes (not michael@0: * the identifier, length, or end-of-contents bytes). If we were michael@0: * handling nested types we would probably need to do something michael@0: * smarter based on depth and data_kind. michael@0: */ michael@0: if (data_kind != SEC_ASN1_Contents) michael@0: return; michael@0: michael@0: /* michael@0: * The ASN.1 decoder should not even call us with a length of 0. michael@0: * Just being paranoid. michael@0: */ michael@0: PORT_Assert (len); michael@0: if (len == 0) michael@0: return; michael@0: michael@0: p7dcx = (SEC_PKCS7DecoderContext*)arg; michael@0: michael@0: /* michael@0: * Handling nested contents would mean that there is a chain michael@0: * of workers -- one per each level of content. The following michael@0: * would start with the first worker and loop over them. michael@0: */ michael@0: worker = &(p7dcx->worker); michael@0: michael@0: worker->saw_contents = PR_TRUE; michael@0: michael@0: sec_pkcs7_decoder_work_data (p7dcx, worker, michael@0: (const unsigned char *) data, len, PR_FALSE); michael@0: } michael@0: michael@0: michael@0: /* michael@0: * Create digest contexts for each algorithm in "digestalgs". michael@0: * No algorithms is not an error, we just do not do anything. michael@0: * An error (like trouble allocating memory), marks the error michael@0: * in "p7dcx" and returns SECFailure, which means that our caller michael@0: * should just give up altogether. michael@0: */ michael@0: static SECStatus michael@0: sec_pkcs7_decoder_start_digests (SEC_PKCS7DecoderContext *p7dcx, int depth, michael@0: SECAlgorithmID **digestalgs) michael@0: { michael@0: int i, digcnt; michael@0: michael@0: if (digestalgs == NULL) michael@0: return SECSuccess; michael@0: michael@0: /* michael@0: * Count the algorithms. michael@0: */ michael@0: digcnt = 0; michael@0: while (digestalgs[digcnt] != NULL) michael@0: digcnt++; michael@0: michael@0: /* michael@0: * No algorithms means no work to do. michael@0: * Just act as if there were no algorithms specified. michael@0: */ michael@0: if (digcnt == 0) michael@0: return SECSuccess; michael@0: michael@0: p7dcx->worker.digcxs = (void**)PORT_ArenaAlloc (p7dcx->tmp_poolp, michael@0: digcnt * sizeof (void *)); michael@0: p7dcx->worker.digobjs = (const SECHashObject**)PORT_ArenaAlloc (p7dcx->tmp_poolp, michael@0: digcnt * sizeof (SECHashObject *)); michael@0: if (p7dcx->worker.digcxs == NULL || p7dcx->worker.digobjs == NULL) { michael@0: p7dcx->error = SEC_ERROR_NO_MEMORY; michael@0: return SECFailure; michael@0: } michael@0: michael@0: p7dcx->worker.depth = depth; michael@0: p7dcx->worker.digcnt = 0; michael@0: michael@0: /* michael@0: * Create a digest context for each algorithm. michael@0: */ michael@0: for (i = 0; i < digcnt; i++) { michael@0: SECAlgorithmID * algid = digestalgs[i]; michael@0: SECOidTag oidTag = SECOID_FindOIDTag(&(algid->algorithm)); michael@0: const SECHashObject *digobj = HASH_GetHashObjectByOidTag(oidTag); michael@0: void *digcx; michael@0: michael@0: /* michael@0: * Skip any algorithm we do not even recognize; obviously, michael@0: * this could be a problem, but if it is critical then the michael@0: * result will just be that the signature does not verify. michael@0: * We do not necessarily want to error out here, because michael@0: * the particular algorithm may not actually be important, michael@0: * but we cannot know that until later. michael@0: */ michael@0: if (digobj == NULL) { michael@0: p7dcx->worker.digcnt--; michael@0: continue; michael@0: } michael@0: michael@0: digcx = (* digobj->create)(); michael@0: if (digcx != NULL) { michael@0: (* digobj->begin) (digcx); michael@0: p7dcx->worker.digobjs[p7dcx->worker.digcnt] = digobj; michael@0: p7dcx->worker.digcxs[p7dcx->worker.digcnt] = digcx; michael@0: p7dcx->worker.digcnt++; michael@0: } michael@0: } michael@0: michael@0: if (p7dcx->worker.digcnt != 0) michael@0: SEC_ASN1DecoderSetFilterProc (p7dcx->dcx, michael@0: sec_pkcs7_decoder_filter, michael@0: p7dcx, michael@0: (PRBool)(p7dcx->cb != NULL)); michael@0: return SECSuccess; michael@0: } michael@0: michael@0: michael@0: /* michael@0: * Close out all of the digest contexts, storing the results in "digestsp". michael@0: */ michael@0: static SECStatus michael@0: sec_pkcs7_decoder_finish_digests (SEC_PKCS7DecoderContext *p7dcx, michael@0: PLArenaPool *poolp, michael@0: SECItem ***digestsp) michael@0: { michael@0: struct sec_pkcs7_decoder_worker *worker; michael@0: const SECHashObject *digobj; michael@0: void *digcx; michael@0: SECItem **digests, *digest; michael@0: int i; michael@0: void *mark; michael@0: michael@0: /* michael@0: * XXX Handling nested contents would mean that there is a chain michael@0: * of workers -- one per each level of content. The following michael@0: * would want to find the last worker in the chain. michael@0: */ michael@0: worker = &(p7dcx->worker); michael@0: michael@0: /* michael@0: * If no digests, then we have nothing to do. michael@0: */ michael@0: if (worker->digcnt == 0) michael@0: return SECSuccess; michael@0: michael@0: /* michael@0: * No matter what happens after this, we want to stop filtering. michael@0: * XXX If we handle nested contents, we only want to stop filtering michael@0: * if we are finishing off the *last* worker. michael@0: */ michael@0: SEC_ASN1DecoderClearFilterProc (p7dcx->dcx); michael@0: michael@0: /* michael@0: * If we ended up with no contents, just destroy each michael@0: * digest context -- they are meaningless and potentially michael@0: * confusing, because their presence would imply some content michael@0: * was digested. michael@0: */ michael@0: if (! worker->saw_contents) { michael@0: for (i = 0; i < worker->digcnt; i++) { michael@0: digcx = worker->digcxs[i]; michael@0: digobj = worker->digobjs[i]; michael@0: (* digobj->destroy) (digcx, PR_TRUE); michael@0: } michael@0: return SECSuccess; michael@0: } michael@0: michael@0: mark = PORT_ArenaMark (poolp); michael@0: michael@0: /* michael@0: * Close out each digest context, saving digest away. michael@0: */ michael@0: digests = michael@0: (SECItem**)PORT_ArenaAlloc (poolp,(worker->digcnt+1)*sizeof(SECItem *)); michael@0: digest = (SECItem*)PORT_ArenaAlloc (poolp, worker->digcnt*sizeof(SECItem)); michael@0: if (digests == NULL || digest == NULL) { michael@0: p7dcx->error = PORT_GetError(); michael@0: PORT_ArenaRelease (poolp, mark); michael@0: return SECFailure; michael@0: } michael@0: michael@0: for (i = 0; i < worker->digcnt; i++, digest++) { michael@0: digcx = worker->digcxs[i]; michael@0: digobj = worker->digobjs[i]; michael@0: michael@0: digest->data = (unsigned char*)PORT_ArenaAlloc (poolp, digobj->length); michael@0: if (digest->data == NULL) { michael@0: p7dcx->error = PORT_GetError(); michael@0: PORT_ArenaRelease (poolp, mark); michael@0: return SECFailure; michael@0: } michael@0: michael@0: digest->len = digobj->length; michael@0: (* digobj->end) (digcx, digest->data, &(digest->len), digest->len); michael@0: (* digobj->destroy) (digcx, PR_TRUE); michael@0: michael@0: digests[i] = digest; michael@0: } michael@0: digests[i] = NULL; michael@0: *digestsp = digests; michael@0: michael@0: PORT_ArenaUnmark (poolp, mark); michael@0: return SECSuccess; michael@0: } michael@0: michael@0: /* michael@0: * XXX Need comment explaining following helper function (which is used michael@0: * by sec_pkcs7_decoder_start_decrypt). michael@0: */ michael@0: michael@0: static PK11SymKey * michael@0: sec_pkcs7_decoder_get_recipient_key (SEC_PKCS7DecoderContext *p7dcx, michael@0: SEC_PKCS7RecipientInfo **recipientinfos, michael@0: SEC_PKCS7EncryptedContentInfo *enccinfo) michael@0: { michael@0: SEC_PKCS7RecipientInfo *ri; michael@0: CERTCertificate *cert = NULL; michael@0: SECKEYPrivateKey *privkey = NULL; michael@0: PK11SymKey *bulkkey = NULL; michael@0: SECOidTag keyalgtag, bulkalgtag, encalgtag; michael@0: PK11SlotInfo *slot = NULL; michael@0: michael@0: if (recipientinfos == NULL || recipientinfos[0] == NULL) { michael@0: p7dcx->error = SEC_ERROR_NOT_A_RECIPIENT; michael@0: goto no_key_found; michael@0: } michael@0: michael@0: cert = PK11_FindCertAndKeyByRecipientList(&slot,recipientinfos,&ri, michael@0: &privkey, p7dcx->pwfn_arg); michael@0: if (cert == NULL) { michael@0: p7dcx->error = SEC_ERROR_NOT_A_RECIPIENT; michael@0: goto no_key_found; michael@0: } michael@0: michael@0: ri->cert = cert; /* so we can find it later */ michael@0: PORT_Assert(privkey != NULL); michael@0: michael@0: keyalgtag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm)); michael@0: encalgtag = SECOID_GetAlgorithmTag (&(ri->keyEncAlg)); michael@0: if (keyalgtag != encalgtag) { michael@0: p7dcx->error = SEC_ERROR_PKCS7_KEYALG_MISMATCH; michael@0: goto no_key_found; michael@0: } michael@0: bulkalgtag = SECOID_GetAlgorithmTag (&(enccinfo->contentEncAlg)); michael@0: michael@0: switch (encalgtag) { michael@0: case SEC_OID_PKCS1_RSA_ENCRYPTION: michael@0: bulkkey = PK11_PubUnwrapSymKey (privkey, &ri->encKey, michael@0: PK11_AlgtagToMechanism (bulkalgtag), michael@0: CKA_DECRYPT, 0); michael@0: if (bulkkey == NULL) { michael@0: p7dcx->error = PORT_GetError(); michael@0: PORT_SetError(0); michael@0: goto no_key_found; michael@0: } michael@0: break; michael@0: default: michael@0: p7dcx->error = SEC_ERROR_UNSUPPORTED_KEYALG; michael@0: break; michael@0: } michael@0: michael@0: no_key_found: michael@0: if (privkey != NULL) michael@0: SECKEY_DestroyPrivateKey (privkey); michael@0: if (slot != NULL) michael@0: PK11_FreeSlot(slot); michael@0: michael@0: return bulkkey; michael@0: } michael@0: michael@0: /* michael@0: * XXX The following comment is old -- the function used to only handle michael@0: * EnvelopedData or SignedAndEnvelopedData but now handles EncryptedData michael@0: * as well (and it had all of the code of the helper function above michael@0: * built into it), though the comment was left as is. Fix it... michael@0: * michael@0: * We are just about to decode the content of an EnvelopedData. michael@0: * Set up a decryption context so we can decrypt as we go. michael@0: * Presumably we are one of the recipients listed in "recipientinfos". michael@0: * (XXX And if we are not, or if we have trouble, what should we do? michael@0: * It would be nice to let the decoding still work. Maybe it should michael@0: * be an error if there is a content callback, but not an error otherwise?) michael@0: * The encryption key and related information can be found in "enccinfo". michael@0: */ michael@0: static SECStatus michael@0: sec_pkcs7_decoder_start_decrypt (SEC_PKCS7DecoderContext *p7dcx, int depth, michael@0: SEC_PKCS7RecipientInfo **recipientinfos, michael@0: SEC_PKCS7EncryptedContentInfo *enccinfo, michael@0: PK11SymKey **copy_key_for_signature) michael@0: { michael@0: PK11SymKey *bulkkey = NULL; michael@0: sec_PKCS7CipherObject *decryptobj; michael@0: michael@0: /* michael@0: * If a callback is supplied to retrieve the encryption key, michael@0: * for instance, for Encrypted Content infos, then retrieve michael@0: * the bulkkey from the callback. Otherwise, assume that michael@0: * we are processing Enveloped or SignedAndEnveloped data michael@0: * content infos. michael@0: * michael@0: * XXX Put an assert here? michael@0: */ michael@0: if (SEC_PKCS7ContentType(p7dcx->cinfo) == SEC_OID_PKCS7_ENCRYPTED_DATA) { michael@0: if (p7dcx->dkcb != NULL) { michael@0: bulkkey = (*p7dcx->dkcb)(p7dcx->dkcb_arg, michael@0: &(enccinfo->contentEncAlg)); michael@0: } michael@0: enccinfo->keysize = 0; michael@0: } else { michael@0: bulkkey = sec_pkcs7_decoder_get_recipient_key (p7dcx, recipientinfos, michael@0: enccinfo); michael@0: if (bulkkey == NULL) goto no_decryption; michael@0: enccinfo->keysize = PK11_GetKeyStrength(bulkkey, michael@0: &(enccinfo->contentEncAlg)); michael@0: michael@0: } michael@0: michael@0: /* michael@0: * XXX I think following should set error in p7dcx and clear set error michael@0: * (as used to be done here, or as is done in get_receipient_key above. michael@0: */ michael@0: if(bulkkey == NULL) { michael@0: goto no_decryption; michael@0: } michael@0: michael@0: /* michael@0: * We want to make sure decryption is allowed. This is done via michael@0: * a callback specified in SEC_PKCS7DecoderStart(). michael@0: */ michael@0: if (p7dcx->decrypt_allowed_cb) { michael@0: if ((*p7dcx->decrypt_allowed_cb) (&(enccinfo->contentEncAlg), michael@0: bulkkey) == PR_FALSE) { michael@0: p7dcx->error = SEC_ERROR_DECRYPTION_DISALLOWED; michael@0: goto no_decryption; michael@0: } michael@0: } else { michael@0: p7dcx->error = SEC_ERROR_DECRYPTION_DISALLOWED; michael@0: goto no_decryption; michael@0: } michael@0: michael@0: /* michael@0: * When decrypting a signedAndEnvelopedData, the signature also has michael@0: * to be decrypted with the bulk encryption key; to avoid having to michael@0: * get it all over again later (and do another potentially expensive michael@0: * RSA operation), copy it for later signature verification to use. michael@0: */ michael@0: if (copy_key_for_signature != NULL) michael@0: *copy_key_for_signature = PK11_ReferenceSymKey (bulkkey); michael@0: michael@0: /* michael@0: * Now we have the bulk encryption key (in bulkkey) and the michael@0: * the algorithm (in enccinfo->contentEncAlg). Using those, michael@0: * create a decryption context. michael@0: */ michael@0: decryptobj = sec_PKCS7CreateDecryptObject (bulkkey, michael@0: &(enccinfo->contentEncAlg)); michael@0: michael@0: /* michael@0: * We are done with (this) bulkkey now. michael@0: */ michael@0: PK11_FreeSymKey (bulkkey); michael@0: michael@0: if (decryptobj == NULL) { michael@0: p7dcx->error = PORT_GetError(); michael@0: PORT_SetError(0); michael@0: goto no_decryption; michael@0: } michael@0: michael@0: SEC_ASN1DecoderSetFilterProc (p7dcx->dcx, michael@0: sec_pkcs7_decoder_filter, michael@0: p7dcx, michael@0: (PRBool)(p7dcx->cb != NULL)); michael@0: michael@0: p7dcx->worker.depth = depth; michael@0: p7dcx->worker.decryptobj = decryptobj; michael@0: michael@0: return SECSuccess; michael@0: michael@0: no_decryption: michael@0: /* michael@0: * For some reason (error set already, if appropriate), we cannot michael@0: * decrypt the content. I am not sure what exactly is the right michael@0: * thing to do here; in some cases we want to just stop, and in michael@0: * others we want to let the decoding finish even though we cannot michael@0: * decrypt the content. My current thinking is that if the caller michael@0: * set up a content callback, then they are really interested in michael@0: * getting (decrypted) content, and if they cannot they will want michael@0: * to know about it. However, if no callback was specified, then michael@0: * maybe it is not important that the decryption failed. michael@0: */ michael@0: if (p7dcx->cb != NULL) michael@0: return SECFailure; michael@0: else michael@0: return SECSuccess; /* Let the decoding continue. */ michael@0: } michael@0: michael@0: michael@0: static SECStatus michael@0: sec_pkcs7_decoder_finish_decrypt (SEC_PKCS7DecoderContext *p7dcx, michael@0: PLArenaPool *poolp, michael@0: SEC_PKCS7EncryptedContentInfo *enccinfo) michael@0: { michael@0: struct sec_pkcs7_decoder_worker *worker; michael@0: michael@0: /* michael@0: * XXX Handling nested contents would mean that there is a chain michael@0: * of workers -- one per each level of content. The following michael@0: * would want to find the last worker in the chain. michael@0: */ michael@0: worker = &(p7dcx->worker); michael@0: michael@0: /* michael@0: * If no decryption context, then we have nothing to do. michael@0: */ michael@0: if (worker->decryptobj == NULL) michael@0: return SECSuccess; michael@0: michael@0: /* michael@0: * No matter what happens after this, we want to stop filtering. michael@0: * XXX If we handle nested contents, we only want to stop filtering michael@0: * if we are finishing off the *last* worker. michael@0: */ michael@0: SEC_ASN1DecoderClearFilterProc (p7dcx->dcx); michael@0: michael@0: /* michael@0: * Handle the last block. michael@0: */ michael@0: sec_pkcs7_decoder_work_data (p7dcx, worker, NULL, 0, PR_TRUE); michael@0: michael@0: /* michael@0: * All done, destroy it. michael@0: */ michael@0: sec_PKCS7DestroyDecryptObject (worker->decryptobj); michael@0: worker->decryptobj = NULL; michael@0: michael@0: return SECSuccess; michael@0: } michael@0: michael@0: michael@0: static void michael@0: sec_pkcs7_decoder_notify (void *arg, PRBool before, void *dest, int depth) michael@0: { michael@0: SEC_PKCS7DecoderContext *p7dcx; michael@0: SEC_PKCS7ContentInfo *cinfo; michael@0: SEC_PKCS7SignedData *sigd; michael@0: SEC_PKCS7EnvelopedData *envd; michael@0: SEC_PKCS7SignedAndEnvelopedData *saed; michael@0: SEC_PKCS7EncryptedData *encd; michael@0: SEC_PKCS7DigestedData *digd; michael@0: PRBool after; michael@0: SECStatus rv; michael@0: michael@0: /* michael@0: * Just to make the code easier to read, create an "after" variable michael@0: * that is equivalent to "not before". michael@0: * (This used to be just the statement "after = !before", but that michael@0: * causes a warning on the mac; to avoid that, we do it the long way.) michael@0: */ michael@0: if (before) michael@0: after = PR_FALSE; michael@0: else michael@0: after = PR_TRUE; michael@0: michael@0: p7dcx = (SEC_PKCS7DecoderContext*)arg; michael@0: cinfo = p7dcx->cinfo; michael@0: michael@0: if (cinfo->contentTypeTag == NULL) { michael@0: if (after && dest == &(cinfo->contentType)) michael@0: cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType)); michael@0: return; michael@0: } michael@0: michael@0: switch (cinfo->contentTypeTag->offset) { michael@0: case SEC_OID_PKCS7_SIGNED_DATA: michael@0: sigd = cinfo->content.signedData; michael@0: if (sigd == NULL) michael@0: break; michael@0: michael@0: if (sigd->contentInfo.contentTypeTag == NULL) { michael@0: if (after && dest == &(sigd->contentInfo.contentType)) michael@0: sigd->contentInfo.contentTypeTag = michael@0: SECOID_FindOID(&(sigd->contentInfo.contentType)); michael@0: break; michael@0: } michael@0: michael@0: /* michael@0: * We only set up a filtering digest if the content is michael@0: * plain DATA; anything else needs more work because a michael@0: * second pass is required to produce a DER encoding from michael@0: * an input that can be BER encoded. (This is a requirement michael@0: * of PKCS7 that is unfortunate, but there you have it.) michael@0: * michael@0: * XXX Also, since we stop here if this is not DATA, the michael@0: * inner content is not getting processed at all. Someday michael@0: * we may want to fix that. michael@0: */ michael@0: if (sigd->contentInfo.contentTypeTag->offset != SEC_OID_PKCS7_DATA) { michael@0: /* XXX Set an error in p7dcx->error */ michael@0: SEC_ASN1DecoderClearNotifyProc (p7dcx->dcx); michael@0: break; michael@0: } michael@0: michael@0: /* michael@0: * Just before the content, we want to set up a digest context michael@0: * for each digest algorithm listed, and start a filter which michael@0: * will run all of the contents bytes through that digest. michael@0: */ michael@0: if (before && dest == &(sigd->contentInfo.content)) { michael@0: rv = sec_pkcs7_decoder_start_digests (p7dcx, depth, michael@0: sigd->digestAlgorithms); michael@0: if (rv != SECSuccess) michael@0: SEC_ASN1DecoderClearNotifyProc (p7dcx->dcx); michael@0: michael@0: break; michael@0: } michael@0: michael@0: /* michael@0: * XXX To handle nested types, here is where we would want michael@0: * to check for inner boundaries that need handling. michael@0: */ michael@0: michael@0: /* michael@0: * Are we done? michael@0: */ michael@0: if (after && dest == &(sigd->contentInfo.content)) { michael@0: /* michael@0: * Close out the digest contexts. We ignore any error michael@0: * because we are stopping anyway; the error status left michael@0: * behind in p7dcx will be seen by outer functions. michael@0: */ michael@0: (void) sec_pkcs7_decoder_finish_digests (p7dcx, cinfo->poolp, michael@0: &(sigd->digests)); michael@0: michael@0: /* michael@0: * XXX To handle nested contents, we would need to remove michael@0: * the worker from the chain (and free it). michael@0: */ michael@0: michael@0: /* michael@0: * Stop notify. michael@0: */ michael@0: SEC_ASN1DecoderClearNotifyProc (p7dcx->dcx); michael@0: } michael@0: break; michael@0: michael@0: case SEC_OID_PKCS7_ENVELOPED_DATA: michael@0: envd = cinfo->content.envelopedData; michael@0: if (envd == NULL) michael@0: break; michael@0: michael@0: if (envd->encContentInfo.contentTypeTag == NULL) { michael@0: if (after && dest == &(envd->encContentInfo.contentType)) michael@0: envd->encContentInfo.contentTypeTag = michael@0: SECOID_FindOID(&(envd->encContentInfo.contentType)); michael@0: break; michael@0: } michael@0: michael@0: /* michael@0: * Just before the content, we want to set up a decryption michael@0: * context, and start a filter which will run all of the michael@0: * contents bytes through it to determine the plain content. michael@0: */ michael@0: if (before && dest == &(envd->encContentInfo.encContent)) { michael@0: rv = sec_pkcs7_decoder_start_decrypt (p7dcx, depth, michael@0: envd->recipientInfos, michael@0: &(envd->encContentInfo), michael@0: NULL); michael@0: if (rv != SECSuccess) michael@0: SEC_ASN1DecoderClearNotifyProc (p7dcx->dcx); michael@0: michael@0: break; michael@0: } michael@0: michael@0: /* michael@0: * Are we done? michael@0: */ michael@0: if (after && dest == &(envd->encContentInfo.encContent)) { michael@0: /* michael@0: * Close out the decryption context. We ignore any error michael@0: * because we are stopping anyway; the error status left michael@0: * behind in p7dcx will be seen by outer functions. michael@0: */ michael@0: (void) sec_pkcs7_decoder_finish_decrypt (p7dcx, cinfo->poolp, michael@0: &(envd->encContentInfo)); michael@0: michael@0: /* michael@0: * XXX To handle nested contents, we would need to remove michael@0: * the worker from the chain (and free it). michael@0: */ michael@0: michael@0: /* michael@0: * Stop notify. michael@0: */ michael@0: SEC_ASN1DecoderClearNotifyProc (p7dcx->dcx); michael@0: } michael@0: break; michael@0: michael@0: case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: michael@0: saed = cinfo->content.signedAndEnvelopedData; michael@0: if (saed == NULL) michael@0: break; michael@0: michael@0: if (saed->encContentInfo.contentTypeTag == NULL) { michael@0: if (after && dest == &(saed->encContentInfo.contentType)) michael@0: saed->encContentInfo.contentTypeTag = michael@0: SECOID_FindOID(&(saed->encContentInfo.contentType)); michael@0: break; michael@0: } michael@0: michael@0: /* michael@0: * Just before the content, we want to set up a decryption michael@0: * context *and* digest contexts, and start a filter which michael@0: * will run all of the contents bytes through both. michael@0: */ michael@0: if (before && dest == &(saed->encContentInfo.encContent)) { michael@0: rv = sec_pkcs7_decoder_start_decrypt (p7dcx, depth, michael@0: saed->recipientInfos, michael@0: &(saed->encContentInfo), michael@0: &(saed->sigKey)); michael@0: if (rv == SECSuccess) michael@0: rv = sec_pkcs7_decoder_start_digests (p7dcx, depth, michael@0: saed->digestAlgorithms); michael@0: if (rv != SECSuccess) michael@0: SEC_ASN1DecoderClearNotifyProc (p7dcx->dcx); michael@0: michael@0: break; michael@0: } michael@0: michael@0: /* michael@0: * Are we done? michael@0: */ michael@0: if (after && dest == &(saed->encContentInfo.encContent)) { michael@0: /* michael@0: * Close out the decryption and digests contexts. michael@0: * We ignore any errors because we are stopping anyway; michael@0: * the error status left behind in p7dcx will be seen by michael@0: * outer functions. michael@0: * michael@0: * Note that the decrypt stuff must be called first; michael@0: * it may have a last buffer to do which in turn has michael@0: * to be added to the digest. michael@0: */ michael@0: (void) sec_pkcs7_decoder_finish_decrypt (p7dcx, cinfo->poolp, michael@0: &(saed->encContentInfo)); michael@0: (void) sec_pkcs7_decoder_finish_digests (p7dcx, cinfo->poolp, michael@0: &(saed->digests)); michael@0: michael@0: /* michael@0: * XXX To handle nested contents, we would need to remove michael@0: * the worker from the chain (and free it). michael@0: */ michael@0: michael@0: /* michael@0: * Stop notify. michael@0: */ michael@0: SEC_ASN1DecoderClearNotifyProc (p7dcx->dcx); michael@0: } michael@0: break; michael@0: michael@0: case SEC_OID_PKCS7_DIGESTED_DATA: michael@0: digd = cinfo->content.digestedData; michael@0: michael@0: /* michael@0: * XXX Want to do the digest or not? Maybe future enhancement... michael@0: */ michael@0: if (before && dest == &(digd->contentInfo.content.data)) { michael@0: SEC_ASN1DecoderSetFilterProc (p7dcx->dcx, sec_pkcs7_decoder_filter, michael@0: p7dcx, michael@0: (PRBool)(p7dcx->cb != NULL)); michael@0: break; michael@0: } michael@0: michael@0: /* michael@0: * Are we done? michael@0: */ michael@0: if (after && dest == &(digd->contentInfo.content.data)) { michael@0: SEC_ASN1DecoderClearFilterProc (p7dcx->dcx); michael@0: } michael@0: break; michael@0: michael@0: case SEC_OID_PKCS7_ENCRYPTED_DATA: michael@0: encd = cinfo->content.encryptedData; michael@0: michael@0: /* michael@0: * XXX If the decryption key callback is set, we want to start michael@0: * the decryption. If the callback is not set, we will treat the michael@0: * content as plain data, since we do not have the key. michael@0: * michael@0: * Is this the proper thing to do? michael@0: */ michael@0: if (before && dest == &(encd->encContentInfo.encContent)) { michael@0: /* michael@0: * Start the encryption process if the decryption key callback michael@0: * is present. Otherwise, treat the content like plain data. michael@0: */ michael@0: rv = SECSuccess; michael@0: if (p7dcx->dkcb != NULL) { michael@0: rv = sec_pkcs7_decoder_start_decrypt (p7dcx, depth, NULL, michael@0: &(encd->encContentInfo), michael@0: NULL); michael@0: } michael@0: michael@0: if (rv != SECSuccess) michael@0: SEC_ASN1DecoderClearNotifyProc (p7dcx->dcx); michael@0: michael@0: break; michael@0: } michael@0: michael@0: /* michael@0: * Are we done? michael@0: */ michael@0: if (after && dest == &(encd->encContentInfo.encContent)) { michael@0: /* michael@0: * Close out the decryption context. We ignore any error michael@0: * because we are stopping anyway; the error status left michael@0: * behind in p7dcx will be seen by outer functions. michael@0: */ michael@0: (void) sec_pkcs7_decoder_finish_decrypt (p7dcx, cinfo->poolp, michael@0: &(encd->encContentInfo)); michael@0: michael@0: /* michael@0: * Stop notify. michael@0: */ michael@0: SEC_ASN1DecoderClearNotifyProc (p7dcx->dcx); michael@0: } michael@0: break; michael@0: michael@0: case SEC_OID_PKCS7_DATA: michael@0: /* michael@0: * If a output callback has been specified, we want to set the filter michael@0: * to call the callback. This is taken care of in michael@0: * sec_pkcs7_decoder_start_decrypt() or michael@0: * sec_pkcs7_decoder_start_digests() for the other content types. michael@0: */ michael@0: michael@0: if (before && dest == &(cinfo->content.data)) { michael@0: michael@0: /* michael@0: * Set the filter proc up. michael@0: */ michael@0: SEC_ASN1DecoderSetFilterProc (p7dcx->dcx, michael@0: sec_pkcs7_decoder_filter, michael@0: p7dcx, michael@0: (PRBool)(p7dcx->cb != NULL)); michael@0: break; michael@0: } michael@0: michael@0: if (after && dest == &(cinfo->content.data)) { michael@0: /* michael@0: * Time to clean up after ourself, stop the Notify and Filter michael@0: * procedures. michael@0: */ michael@0: SEC_ASN1DecoderClearNotifyProc (p7dcx->dcx); michael@0: SEC_ASN1DecoderClearFilterProc (p7dcx->dcx); michael@0: } michael@0: break; michael@0: michael@0: default: michael@0: SEC_ASN1DecoderClearNotifyProc (p7dcx->dcx); michael@0: break; michael@0: } michael@0: } michael@0: michael@0: michael@0: SEC_PKCS7DecoderContext * michael@0: SEC_PKCS7DecoderStart(SEC_PKCS7DecoderContentCallback cb, void *cb_arg, michael@0: SECKEYGetPasswordKey pwfn, void *pwfn_arg, michael@0: SEC_PKCS7GetDecryptKeyCallback decrypt_key_cb, michael@0: void *decrypt_key_cb_arg, michael@0: SEC_PKCS7DecryptionAllowedCallback decrypt_allowed_cb) michael@0: { michael@0: SEC_PKCS7DecoderContext *p7dcx; michael@0: SEC_ASN1DecoderContext *dcx; michael@0: SEC_PKCS7ContentInfo *cinfo; michael@0: PLArenaPool *poolp; michael@0: michael@0: poolp = PORT_NewArena (1024); /* XXX what is right value? */ michael@0: if (poolp == NULL) michael@0: return NULL; michael@0: michael@0: cinfo = (SEC_PKCS7ContentInfo*)PORT_ArenaZAlloc (poolp, sizeof(*cinfo)); michael@0: if (cinfo == NULL) { michael@0: PORT_FreeArena (poolp, PR_FALSE); michael@0: return NULL; michael@0: } michael@0: michael@0: cinfo->poolp = poolp; michael@0: cinfo->pwfn = pwfn; michael@0: cinfo->pwfn_arg = pwfn_arg; michael@0: cinfo->created = PR_FALSE; michael@0: cinfo->refCount = 1; michael@0: michael@0: p7dcx = michael@0: (SEC_PKCS7DecoderContext*)PORT_ZAlloc (sizeof(SEC_PKCS7DecoderContext)); michael@0: if (p7dcx == NULL) { michael@0: PORT_FreeArena (poolp, PR_FALSE); michael@0: return NULL; michael@0: } michael@0: michael@0: p7dcx->tmp_poolp = PORT_NewArena (1024); /* XXX what is right value? */ michael@0: if (p7dcx->tmp_poolp == NULL) { michael@0: PORT_Free (p7dcx); michael@0: PORT_FreeArena (poolp, PR_FALSE); michael@0: return NULL; michael@0: } michael@0: michael@0: dcx = SEC_ASN1DecoderStart (poolp, cinfo, sec_PKCS7ContentInfoTemplate); michael@0: if (dcx == NULL) { michael@0: PORT_FreeArena (p7dcx->tmp_poolp, PR_FALSE); michael@0: PORT_Free (p7dcx); michael@0: PORT_FreeArena (poolp, PR_FALSE); michael@0: return NULL; michael@0: } michael@0: michael@0: SEC_ASN1DecoderSetNotifyProc (dcx, sec_pkcs7_decoder_notify, p7dcx); michael@0: michael@0: p7dcx->dcx = dcx; michael@0: p7dcx->cinfo = cinfo; michael@0: p7dcx->cb = cb; michael@0: p7dcx->cb_arg = cb_arg; michael@0: p7dcx->pwfn = pwfn; michael@0: p7dcx->pwfn_arg = pwfn_arg; michael@0: p7dcx->dkcb = decrypt_key_cb; michael@0: p7dcx->dkcb_arg = decrypt_key_cb_arg; michael@0: p7dcx->decrypt_allowed_cb = decrypt_allowed_cb; michael@0: michael@0: return p7dcx; michael@0: } michael@0: michael@0: michael@0: /* michael@0: * Do the next chunk of PKCS7 decoding. If there is a problem, set michael@0: * an error and return a failure status. Note that in the case of michael@0: * an error, this routine is still prepared to be called again and michael@0: * again in case that is the easiest route for our caller to take. michael@0: * We simply detect it and do not do anything except keep setting michael@0: * that error in case our caller has not noticed it yet... michael@0: */ michael@0: SECStatus michael@0: SEC_PKCS7DecoderUpdate(SEC_PKCS7DecoderContext *p7dcx, michael@0: const char *buf, unsigned long len) michael@0: { michael@0: if (p7dcx->cinfo != NULL && p7dcx->dcx != NULL) { michael@0: PORT_Assert (p7dcx->error == 0); michael@0: if (p7dcx->error == 0) { michael@0: if (SEC_ASN1DecoderUpdate (p7dcx->dcx, buf, len) != SECSuccess) { michael@0: p7dcx->error = PORT_GetError(); michael@0: PORT_Assert (p7dcx->error); michael@0: if (p7dcx->error == 0) michael@0: p7dcx->error = -1; michael@0: } michael@0: } michael@0: } michael@0: michael@0: if (p7dcx->error) { michael@0: if (p7dcx->dcx != NULL) { michael@0: (void) SEC_ASN1DecoderFinish (p7dcx->dcx); michael@0: p7dcx->dcx = NULL; michael@0: } michael@0: if (p7dcx->cinfo != NULL) { michael@0: SEC_PKCS7DestroyContentInfo (p7dcx->cinfo); michael@0: p7dcx->cinfo = NULL; michael@0: } michael@0: PORT_SetError (p7dcx->error); michael@0: return SECFailure; michael@0: } michael@0: michael@0: return SECSuccess; michael@0: } michael@0: michael@0: michael@0: SEC_PKCS7ContentInfo * michael@0: SEC_PKCS7DecoderFinish(SEC_PKCS7DecoderContext *p7dcx) michael@0: { michael@0: SEC_PKCS7ContentInfo *cinfo; michael@0: michael@0: cinfo = p7dcx->cinfo; michael@0: if (p7dcx->dcx != NULL) { michael@0: if (SEC_ASN1DecoderFinish (p7dcx->dcx) != SECSuccess) { michael@0: SEC_PKCS7DestroyContentInfo (cinfo); michael@0: cinfo = NULL; michael@0: } michael@0: } michael@0: /* free any NSS data structures */ michael@0: if (p7dcx->worker.decryptobj) { michael@0: sec_PKCS7DestroyDecryptObject (p7dcx->worker.decryptobj); michael@0: } michael@0: PORT_FreeArena (p7dcx->tmp_poolp, PR_FALSE); michael@0: PORT_Free (p7dcx); michael@0: return cinfo; michael@0: } michael@0: michael@0: michael@0: SEC_PKCS7ContentInfo * michael@0: SEC_PKCS7DecodeItem(SECItem *p7item, michael@0: SEC_PKCS7DecoderContentCallback cb, void *cb_arg, michael@0: SECKEYGetPasswordKey pwfn, void *pwfn_arg, michael@0: SEC_PKCS7GetDecryptKeyCallback decrypt_key_cb, michael@0: void *decrypt_key_cb_arg, michael@0: SEC_PKCS7DecryptionAllowedCallback decrypt_allowed_cb) michael@0: { michael@0: SEC_PKCS7DecoderContext *p7dcx; michael@0: michael@0: p7dcx = SEC_PKCS7DecoderStart(cb, cb_arg, pwfn, pwfn_arg, decrypt_key_cb, michael@0: decrypt_key_cb_arg, decrypt_allowed_cb); michael@0: if (!p7dcx) { michael@0: /* error code is set */ michael@0: return NULL; michael@0: } michael@0: (void) SEC_PKCS7DecoderUpdate(p7dcx, (char *) p7item->data, p7item->len); michael@0: return SEC_PKCS7DecoderFinish(p7dcx); michael@0: } michael@0: michael@0: /* michael@0: * Abort the ASN.1 stream. Used by pkcs 12 michael@0: */ michael@0: void michael@0: SEC_PKCS7DecoderAbort(SEC_PKCS7DecoderContext *p7dcx, int error) michael@0: { michael@0: PORT_Assert(p7dcx); michael@0: SEC_ASN1DecoderAbort(p7dcx->dcx, error); michael@0: } michael@0: michael@0: michael@0: /* michael@0: * If the thing contains any certs or crls return true; false otherwise. michael@0: */ michael@0: PRBool michael@0: SEC_PKCS7ContainsCertsOrCrls(SEC_PKCS7ContentInfo *cinfo) michael@0: { michael@0: SECOidTag kind; michael@0: SECItem **certs; michael@0: CERTSignedCrl **crls; michael@0: michael@0: kind = SEC_PKCS7ContentType (cinfo); michael@0: switch (kind) { michael@0: default: michael@0: case SEC_OID_PKCS7_DATA: michael@0: case SEC_OID_PKCS7_DIGESTED_DATA: michael@0: case SEC_OID_PKCS7_ENVELOPED_DATA: michael@0: case SEC_OID_PKCS7_ENCRYPTED_DATA: michael@0: return PR_FALSE; michael@0: case SEC_OID_PKCS7_SIGNED_DATA: michael@0: certs = cinfo->content.signedData->rawCerts; michael@0: crls = cinfo->content.signedData->crls; michael@0: break; michael@0: case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: michael@0: certs = cinfo->content.signedAndEnvelopedData->rawCerts; michael@0: crls = cinfo->content.signedAndEnvelopedData->crls; michael@0: break; michael@0: } michael@0: michael@0: /* michael@0: * I know this could be collapsed, but I was in a mood to be explicit. michael@0: */ michael@0: if (certs != NULL && certs[0] != NULL) michael@0: return PR_TRUE; michael@0: else if (crls != NULL && crls[0] != NULL) michael@0: return PR_TRUE; michael@0: else michael@0: return PR_FALSE; michael@0: } michael@0: michael@0: /* return the content length...could use GetContent, however we michael@0: * need the encrypted content length michael@0: */ michael@0: PRBool michael@0: SEC_PKCS7IsContentEmpty(SEC_PKCS7ContentInfo *cinfo, unsigned int minLen) michael@0: { michael@0: SECItem *item = NULL; michael@0: michael@0: if(cinfo == NULL) { michael@0: return PR_TRUE; michael@0: } michael@0: michael@0: switch(SEC_PKCS7ContentType(cinfo)) michael@0: { michael@0: case SEC_OID_PKCS7_DATA: michael@0: item = cinfo->content.data; michael@0: break; michael@0: case SEC_OID_PKCS7_ENCRYPTED_DATA: michael@0: item = &cinfo->content.encryptedData->encContentInfo.encContent; michael@0: break; michael@0: default: michael@0: /* add other types */ michael@0: return PR_FALSE; michael@0: } michael@0: michael@0: if(!item) { michael@0: return PR_TRUE; michael@0: } else if(item->len <= minLen) { michael@0: return PR_TRUE; michael@0: } michael@0: michael@0: return PR_FALSE; michael@0: } michael@0: michael@0: michael@0: PRBool michael@0: SEC_PKCS7ContentIsEncrypted(SEC_PKCS7ContentInfo *cinfo) michael@0: { michael@0: SECOidTag kind; michael@0: michael@0: kind = SEC_PKCS7ContentType (cinfo); michael@0: switch (kind) { michael@0: default: michael@0: case SEC_OID_PKCS7_DATA: michael@0: case SEC_OID_PKCS7_DIGESTED_DATA: michael@0: case SEC_OID_PKCS7_SIGNED_DATA: michael@0: return PR_FALSE; michael@0: case SEC_OID_PKCS7_ENCRYPTED_DATA: michael@0: case SEC_OID_PKCS7_ENVELOPED_DATA: michael@0: case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: michael@0: return PR_TRUE; michael@0: } michael@0: } michael@0: michael@0: michael@0: /* michael@0: * If the PKCS7 content has a signature (not just *could* have a signature) michael@0: * return true; false otherwise. This can/should be called before calling michael@0: * VerifySignature, which will always indicate failure if no signature is michael@0: * present, but that does not mean there even was a signature! michael@0: * Note that the content itself can be empty (detached content was sent michael@0: * another way); it is the presence of the signature that matters. michael@0: */ michael@0: PRBool michael@0: SEC_PKCS7ContentIsSigned(SEC_PKCS7ContentInfo *cinfo) michael@0: { michael@0: SECOidTag kind; michael@0: SEC_PKCS7SignerInfo **signerinfos; michael@0: michael@0: kind = SEC_PKCS7ContentType (cinfo); michael@0: switch (kind) { michael@0: default: michael@0: case SEC_OID_PKCS7_DATA: michael@0: case SEC_OID_PKCS7_DIGESTED_DATA: michael@0: case SEC_OID_PKCS7_ENVELOPED_DATA: michael@0: case SEC_OID_PKCS7_ENCRYPTED_DATA: michael@0: return PR_FALSE; michael@0: case SEC_OID_PKCS7_SIGNED_DATA: michael@0: signerinfos = cinfo->content.signedData->signerInfos; michael@0: break; michael@0: case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: michael@0: signerinfos = cinfo->content.signedAndEnvelopedData->signerInfos; michael@0: break; michael@0: } michael@0: michael@0: /* michael@0: * I know this could be collapsed; but I kind of think it will get michael@0: * more complicated before I am finished, so... michael@0: */ michael@0: if (signerinfos != NULL && signerinfos[0] != NULL) michael@0: return PR_TRUE; michael@0: else michael@0: return PR_FALSE; michael@0: } michael@0: michael@0: michael@0: /* michael@0: * sec_pkcs7_verify_signature michael@0: * michael@0: * Look at a PKCS7 contentInfo and check if the signature is good. michael@0: * The digest was either calculated earlier (and is stored in the michael@0: * contentInfo itself) or is passed in via "detached_digest". michael@0: * michael@0: * The verification checks that the signing cert is valid and trusted michael@0: * for the purpose specified by "certusage" at michael@0: * - "*atTime" if "atTime" is not null, or michael@0: * - the signing time if the signing time is available in "cinfo", or michael@0: * - the current time (as returned by PR_Now). michael@0: * michael@0: * In addition, if "keepcerts" is true, add any new certificates found michael@0: * into our local database. michael@0: * michael@0: * XXX Each place which returns PR_FALSE should be sure to have a good michael@0: * error set for inspection by the caller. Alternatively, we could create michael@0: * an enumeration of success and each type of failure and return that michael@0: * instead of a boolean. For now, the default in a bad situation is to michael@0: * set the error to SEC_ERROR_PKCS7_BAD_SIGNATURE. But this should be michael@0: * reviewed; better (more specific) errors should be possible (to distinguish michael@0: * a signature failure from a badly-formed pkcs7 signedData, for example). michael@0: * Some of the errors should probably just be SEC_ERROR_BAD_SIGNATURE, michael@0: * but that has a less helpful error string associated with it right now; michael@0: * if/when that changes, review and change these as needed. michael@0: * michael@0: * XXX This is broken wrt signedAndEnvelopedData. In that case, the michael@0: * message digest is doubly encrypted -- first encrypted with the signer michael@0: * private key but then again encrypted with the bulk encryption key used michael@0: * to encrypt the content. So before we can pass the digest to VerifyDigest, michael@0: * we need to decrypt it with the bulk encryption key. Also, in this case, michael@0: * there should be NO authenticatedAttributes (signerinfo->authAttr should michael@0: * be NULL). michael@0: */ michael@0: static PRBool michael@0: sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo, michael@0: SECCertUsage certusage, michael@0: const SECItem *detached_digest, michael@0: HASH_HashType digest_type, michael@0: PRBool keepcerts, michael@0: const PRTime *atTime) michael@0: { michael@0: SECAlgorithmID **digestalgs, *bulkid; michael@0: const SECItem *digest; michael@0: SECItem **digests; michael@0: SECItem **rawcerts; michael@0: CERTSignedCrl **crls; michael@0: SEC_PKCS7SignerInfo **signerinfos, *signerinfo; michael@0: CERTCertificate *cert, **certs; michael@0: PRBool goodsig; michael@0: CERTCertDBHandle *certdb, *defaultdb; michael@0: SECOidTag encTag,digestTag; michael@0: HASH_HashType found_type; michael@0: int i, certcount; michael@0: SECKEYPublicKey *publickey; michael@0: SECItem *content_type; michael@0: PK11SymKey *sigkey; michael@0: SECItem *encoded_stime; michael@0: PRTime stime; michael@0: PRTime verificationTime; michael@0: SECStatus rv; michael@0: michael@0: /* michael@0: * Everything needed in order to "goto done" safely. michael@0: */ michael@0: goodsig = PR_FALSE; michael@0: certcount = 0; michael@0: cert = NULL; michael@0: certs = NULL; michael@0: certdb = NULL; michael@0: defaultdb = CERT_GetDefaultCertDB(); michael@0: publickey = NULL; michael@0: michael@0: if (! SEC_PKCS7ContentIsSigned(cinfo)) { michael@0: PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE); michael@0: goto done; michael@0: } michael@0: michael@0: PORT_Assert (cinfo->contentTypeTag != NULL); michael@0: michael@0: switch (cinfo->contentTypeTag->offset) { michael@0: default: michael@0: case SEC_OID_PKCS7_DATA: michael@0: case SEC_OID_PKCS7_DIGESTED_DATA: michael@0: case SEC_OID_PKCS7_ENVELOPED_DATA: michael@0: case SEC_OID_PKCS7_ENCRYPTED_DATA: michael@0: /* Could only get here if SEC_PKCS7ContentIsSigned is broken. */ michael@0: PORT_Assert (0); michael@0: case SEC_OID_PKCS7_SIGNED_DATA: michael@0: { michael@0: SEC_PKCS7SignedData *sdp; michael@0: michael@0: sdp = cinfo->content.signedData; michael@0: digestalgs = sdp->digestAlgorithms; michael@0: digests = sdp->digests; michael@0: rawcerts = sdp->rawCerts; michael@0: crls = sdp->crls; michael@0: signerinfos = sdp->signerInfos; michael@0: content_type = &(sdp->contentInfo.contentType); michael@0: sigkey = NULL; michael@0: bulkid = NULL; michael@0: } michael@0: break; michael@0: case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: michael@0: { michael@0: SEC_PKCS7SignedAndEnvelopedData *saedp; michael@0: michael@0: saedp = cinfo->content.signedAndEnvelopedData; michael@0: digestalgs = saedp->digestAlgorithms; michael@0: digests = saedp->digests; michael@0: rawcerts = saedp->rawCerts; michael@0: crls = saedp->crls; michael@0: signerinfos = saedp->signerInfos; michael@0: content_type = &(saedp->encContentInfo.contentType); michael@0: sigkey = saedp->sigKey; michael@0: bulkid = &(saedp->encContentInfo.contentEncAlg); michael@0: } michael@0: break; michael@0: } michael@0: michael@0: if ((signerinfos == NULL) || (signerinfos[0] == NULL)) { michael@0: PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE); michael@0: goto done; michael@0: } michael@0: michael@0: /* michael@0: * XXX Need to handle multiple signatures; checking them is easy, michael@0: * but what should be the semantics here (like, return value)? michael@0: */ michael@0: if (signerinfos[1] != NULL) { michael@0: PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE); michael@0: goto done; michael@0: } michael@0: michael@0: signerinfo = signerinfos[0]; michael@0: michael@0: /* michael@0: * XXX I would like to just pass the issuerAndSN, along with the rawcerts michael@0: * and crls, to some function that did all of this certificate stuff michael@0: * (open/close the database if necessary, verifying the certs, etc.) michael@0: * and gave me back a cert pointer if all was good. michael@0: */ michael@0: certdb = defaultdb; michael@0: if (certdb == NULL) { michael@0: goto done; michael@0: } michael@0: michael@0: certcount = 0; michael@0: if (rawcerts != NULL) { michael@0: for (; rawcerts[certcount] != NULL; certcount++) { michael@0: /* just counting */ michael@0: } michael@0: } michael@0: michael@0: /* michael@0: * Note that the result of this is that each cert in "certs" michael@0: * needs to be destroyed. michael@0: */ michael@0: rv = CERT_ImportCerts(certdb, certusage, certcount, rawcerts, &certs, michael@0: keepcerts, PR_FALSE, NULL); michael@0: if ( rv != SECSuccess ) { michael@0: goto done; michael@0: } michael@0: michael@0: /* michael@0: * This cert will also need to be freed, but since we save it michael@0: * in signerinfo for later, we do not want to destroy it when michael@0: * we leave this function -- we let the clean-up of the entire michael@0: * cinfo structure later do the destroy of this cert. michael@0: */ michael@0: cert = CERT_FindCertByIssuerAndSN(certdb, signerinfo->issuerAndSN); michael@0: if (cert == NULL) { michael@0: goto done; michael@0: } michael@0: michael@0: signerinfo->cert = cert; michael@0: michael@0: /* michael@0: * Get and convert the signing time; if available, it will be used michael@0: * both on the cert verification and for importing the sender michael@0: * email profile. michael@0: */ michael@0: encoded_stime = SEC_PKCS7GetSigningTime (cinfo); michael@0: if (encoded_stime != NULL) { michael@0: if (DER_DecodeTimeChoice (&stime, encoded_stime) != SECSuccess) michael@0: encoded_stime = NULL; /* conversion failed, so pretend none */ michael@0: } michael@0: michael@0: /* michael@0: * XXX This uses the signing time, if available. Additionally, we michael@0: * might want to, if there is no signing time, get the message time michael@0: * from the mail header itself, and use that. That would require michael@0: * a change to our interface though, and for S/MIME callers to pass michael@0: * in a time (and for non-S/MIME callers to pass in nothing, or michael@0: * maybe make them pass in the current time, always?). michael@0: */ michael@0: if (atTime) { michael@0: verificationTime = *atTime; michael@0: } else if (encoded_stime != NULL) { michael@0: verificationTime = stime; michael@0: } else { michael@0: verificationTime = PR_Now(); michael@0: } michael@0: if (CERT_VerifyCert (certdb, cert, PR_TRUE, certusage, verificationTime, michael@0: cinfo->pwfn_arg, NULL) != SECSuccess) michael@0: { michael@0: /* michael@0: * XXX Give the user an option to check the signature anyway? michael@0: * If we want to do this, need to give a way to leave and display michael@0: * some dialog and get the answer and come back through (or do michael@0: * the rest of what we do below elsewhere, maybe by putting it michael@0: * in a function that we call below and could call from a dialog michael@0: * finish handler). michael@0: */ michael@0: goto savecert; michael@0: } michael@0: michael@0: publickey = CERT_ExtractPublicKey (cert); michael@0: if (publickey == NULL) michael@0: goto done; michael@0: michael@0: /* michael@0: * XXX No! If digests is empty, see if we can create it now by michael@0: * digesting the contents. This is necessary if we want to allow michael@0: * somebody to do a simple decode (without filtering, etc.) and michael@0: * then later call us here to do the verification. michael@0: * OR, we can just specify that the interface to this routine michael@0: * *requires* that the digest(s) be done before calling and either michael@0: * stashed in the struct itself or passed in explicitly (as would michael@0: * be done for detached contents). michael@0: */ michael@0: if ((digests == NULL || digests[0] == NULL) michael@0: && (detached_digest == NULL || detached_digest->data == NULL)) michael@0: goto done; michael@0: michael@0: /* michael@0: * Find and confirm digest algorithm. michael@0: */ michael@0: digestTag = SECOID_FindOIDTag(&(signerinfo->digestAlg.algorithm)); michael@0: michael@0: /* make sure we understand the digest type first */ michael@0: found_type = HASH_GetHashTypeByOidTag(digestTag); michael@0: if ((digestTag == SEC_OID_UNKNOWN) || (found_type == HASH_AlgNULL)) { michael@0: PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE); michael@0: goto done; michael@0: } michael@0: michael@0: if (detached_digest != NULL) { michael@0: unsigned int hashLen = HASH_ResultLen(found_type); michael@0: michael@0: if (digest_type != found_type || michael@0: detached_digest->len != hashLen) { michael@0: PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE); michael@0: goto done; michael@0: } michael@0: digest = detached_digest; michael@0: } else { michael@0: PORT_Assert (digestalgs != NULL && digestalgs[0] != NULL); michael@0: if (digestalgs == NULL || digestalgs[0] == NULL) { michael@0: PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE); michael@0: goto done; michael@0: } michael@0: michael@0: /* michael@0: * pick digest matching signerinfo->digestAlg from digests michael@0: */ michael@0: for (i = 0; digestalgs[i] != NULL; i++) { michael@0: if (SECOID_FindOIDTag(&(digestalgs[i]->algorithm)) == digestTag) michael@0: break; michael@0: } michael@0: if (digestalgs[i] == NULL) { michael@0: PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE); michael@0: goto done; michael@0: } michael@0: michael@0: digest = digests[i]; michael@0: } michael@0: michael@0: encTag = SECOID_FindOIDTag(&(signerinfo->digestEncAlg.algorithm)); michael@0: if (encTag == SEC_OID_UNKNOWN) { michael@0: PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE); michael@0: goto done; michael@0: } michael@0: michael@0: if (signerinfo->authAttr != NULL) { michael@0: SEC_PKCS7Attribute *attr; michael@0: SECItem *value; michael@0: SECItem encoded_attrs; michael@0: michael@0: /* michael@0: * We have a sigkey only for signedAndEnvelopedData, which is michael@0: * not supposed to have any authenticated attributes. michael@0: */ michael@0: if (sigkey != NULL) { michael@0: PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE); michael@0: goto done; michael@0: } michael@0: michael@0: /* michael@0: * PKCS #7 says that if there are any authenticated attributes, michael@0: * then there must be one for content type which matches the michael@0: * content type of the content being signed, and there must michael@0: * be one for message digest which matches our message digest. michael@0: * So check these things first. michael@0: * XXX Might be nice to have a compare-attribute-value function michael@0: * which could collapse the following nicely. michael@0: */ michael@0: attr = sec_PKCS7FindAttribute (signerinfo->authAttr, michael@0: SEC_OID_PKCS9_CONTENT_TYPE, PR_TRUE); michael@0: value = sec_PKCS7AttributeValue (attr); michael@0: if (value == NULL || value->len != content_type->len) { michael@0: PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE); michael@0: goto done; michael@0: } michael@0: if (PORT_Memcmp (value->data, content_type->data, value->len) != 0) { michael@0: PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE); michael@0: goto done; michael@0: } michael@0: michael@0: attr = sec_PKCS7FindAttribute (signerinfo->authAttr, michael@0: SEC_OID_PKCS9_MESSAGE_DIGEST, PR_TRUE); michael@0: value = sec_PKCS7AttributeValue (attr); michael@0: if (value == NULL || value->len != digest->len) { michael@0: PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE); michael@0: goto done; michael@0: } michael@0: if (PORT_Memcmp (value->data, digest->data, value->len) != 0) { michael@0: PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE); michael@0: goto done; michael@0: } michael@0: michael@0: /* michael@0: * Okay, we met the constraints of the basic attributes. michael@0: * Now check the signature, which is based on a digest of michael@0: * the DER-encoded authenticated attributes. So, first we michael@0: * encode and then we digest/verify. michael@0: */ michael@0: encoded_attrs.data = NULL; michael@0: encoded_attrs.len = 0; michael@0: if (sec_PKCS7EncodeAttributes (NULL, &encoded_attrs, michael@0: &(signerinfo->authAttr)) == NULL) michael@0: goto done; michael@0: michael@0: if (encoded_attrs.data == NULL || encoded_attrs.len == 0) { michael@0: PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE); michael@0: goto done; michael@0: } michael@0: michael@0: goodsig = (PRBool)(VFY_VerifyDataDirect(encoded_attrs.data, michael@0: encoded_attrs.len, michael@0: publickey, &(signerinfo->encDigest), michael@0: encTag, digestTag, NULL, michael@0: cinfo->pwfn_arg) == SECSuccess); michael@0: PORT_Free (encoded_attrs.data); michael@0: } else { michael@0: SECItem *sig; michael@0: SECItem holder; michael@0: SECStatus rv; michael@0: michael@0: /* michael@0: * No authenticated attributes. michael@0: * The signature is based on the plain message digest. michael@0: */ michael@0: michael@0: sig = &(signerinfo->encDigest); michael@0: if (sig->len == 0) { /* bad signature */ michael@0: PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE); michael@0: goto done; michael@0: } michael@0: michael@0: if (sigkey != NULL) { michael@0: sec_PKCS7CipherObject *decryptobj; michael@0: unsigned int buflen; michael@0: michael@0: /* michael@0: * For signedAndEnvelopedData, we first must decrypt the encrypted michael@0: * digest with the bulk encryption key. The result is the normal michael@0: * encrypted digest (aka the signature). michael@0: */ michael@0: decryptobj = sec_PKCS7CreateDecryptObject (sigkey, bulkid); michael@0: if (decryptobj == NULL) michael@0: goto done; michael@0: michael@0: buflen = sec_PKCS7DecryptLength (decryptobj, sig->len, PR_TRUE); michael@0: PORT_Assert (buflen); michael@0: if (buflen == 0) { /* something is wrong */ michael@0: sec_PKCS7DestroyDecryptObject (decryptobj); michael@0: goto done; michael@0: } michael@0: michael@0: holder.data = (unsigned char*)PORT_Alloc (buflen); michael@0: if (holder.data == NULL) { michael@0: sec_PKCS7DestroyDecryptObject (decryptobj); michael@0: goto done; michael@0: } michael@0: michael@0: rv = sec_PKCS7Decrypt (decryptobj, holder.data, &holder.len, buflen, michael@0: sig->data, sig->len, PR_TRUE); michael@0: sec_PKCS7DestroyDecryptObject (decryptobj); michael@0: if (rv != SECSuccess) { michael@0: goto done; michael@0: } michael@0: michael@0: sig = &holder; michael@0: } michael@0: michael@0: goodsig = (PRBool)(VFY_VerifyDigestDirect(digest, publickey, sig, michael@0: encTag, digestTag, cinfo->pwfn_arg) michael@0: == SECSuccess); michael@0: michael@0: if (sigkey != NULL) { michael@0: PORT_Assert (sig == &holder); michael@0: PORT_ZFree (holder.data, holder.len); michael@0: } michael@0: } michael@0: michael@0: if (! goodsig) { michael@0: /* michael@0: * XXX Change the generic error into our specific one, because michael@0: * in that case we get a better explanation out of the Security michael@0: * Advisor. This is really a bug in our error strings (the michael@0: * "generic" error has a lousy/wrong message associated with it michael@0: * which assumes the signature verification was done for the michael@0: * purposes of checking the issuer signature on a certificate) michael@0: * but this is at least an easy workaround and/or in the michael@0: * Security Advisor, which specifically checks for the error michael@0: * SEC_ERROR_PKCS7_BAD_SIGNATURE and gives more explanation michael@0: * in that case but does not similarly check for michael@0: * SEC_ERROR_BAD_SIGNATURE. It probably should, but then would michael@0: * probably say the wrong thing in the case that it *was* the michael@0: * certificate signature check that failed during the cert michael@0: * verification done above. Our error handling is really a mess. michael@0: */ michael@0: if (PORT_GetError() == SEC_ERROR_BAD_SIGNATURE) michael@0: PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE); michael@0: } michael@0: michael@0: savecert: michael@0: /* michael@0: * Only save the smime profile if we are checking an email message and michael@0: * the cert has an email address in it. michael@0: */ michael@0: if ( cert->emailAddr && cert->emailAddr[0] && michael@0: ( ( certusage == certUsageEmailSigner ) || michael@0: ( certusage == certUsageEmailRecipient ) ) ) { michael@0: SECItem *profile = NULL; michael@0: int save_error; michael@0: michael@0: /* michael@0: * Remember the current error set because we do not care about michael@0: * anything set by the functions we are about to call. michael@0: */ michael@0: save_error = PORT_GetError(); michael@0: michael@0: if (goodsig && (signerinfo->authAttr != NULL)) { michael@0: /* michael@0: * If the signature is good, then we can save the S/MIME profile, michael@0: * if we have one. michael@0: */ michael@0: SEC_PKCS7Attribute *attr; michael@0: michael@0: attr = sec_PKCS7FindAttribute (signerinfo->authAttr, michael@0: SEC_OID_PKCS9_SMIME_CAPABILITIES, michael@0: PR_TRUE); michael@0: profile = sec_PKCS7AttributeValue (attr); michael@0: } michael@0: michael@0: rv = CERT_SaveSMimeProfile (cert, profile, encoded_stime); michael@0: michael@0: /* michael@0: * Restore the saved error in case the calls above set a new michael@0: * one that we do not actually care about. michael@0: */ michael@0: PORT_SetError (save_error); michael@0: michael@0: /* michael@0: * XXX Failure is not indicated anywhere -- the signature michael@0: * verification itself is unaffected by whether or not the michael@0: * profile was successfully saved. michael@0: */ michael@0: } michael@0: michael@0: michael@0: done: michael@0: michael@0: /* michael@0: * See comment above about why we do not want to destroy cert michael@0: * itself here. michael@0: */ michael@0: michael@0: if (certs != NULL) michael@0: CERT_DestroyCertArray (certs, certcount); michael@0: michael@0: if (publickey != NULL) michael@0: SECKEY_DestroyPublicKey (publickey); michael@0: michael@0: return goodsig; michael@0: } michael@0: michael@0: /* michael@0: * SEC_PKCS7VerifySignature michael@0: * Look at a PKCS7 contentInfo and check if the signature is good. michael@0: * The verification checks that the signing cert is valid and trusted michael@0: * for the purpose specified by "certusage". michael@0: * michael@0: * In addition, if "keepcerts" is true, add any new certificates found michael@0: * into our local database. michael@0: */ michael@0: PRBool michael@0: SEC_PKCS7VerifySignature(SEC_PKCS7ContentInfo *cinfo, michael@0: SECCertUsage certusage, michael@0: PRBool keepcerts) michael@0: { michael@0: return sec_pkcs7_verify_signature (cinfo, certusage, michael@0: NULL, HASH_AlgNULL, keepcerts, NULL); michael@0: } michael@0: michael@0: /* michael@0: * SEC_PKCS7VerifyDetachedSignature michael@0: * Look at a PKCS7 contentInfo and check if the signature matches michael@0: * a passed-in digest (calculated, supposedly, from detached contents). michael@0: * The verification checks that the signing cert is valid and trusted michael@0: * for the purpose specified by "certusage". michael@0: * michael@0: * In addition, if "keepcerts" is true, add any new certificates found michael@0: * into our local database. michael@0: */ michael@0: PRBool michael@0: SEC_PKCS7VerifyDetachedSignature(SEC_PKCS7ContentInfo *cinfo, michael@0: SECCertUsage certusage, michael@0: const SECItem *detached_digest, michael@0: HASH_HashType digest_type, michael@0: PRBool keepcerts) michael@0: { michael@0: return sec_pkcs7_verify_signature (cinfo, certusage, michael@0: detached_digest, digest_type, michael@0: keepcerts, NULL); michael@0: } michael@0: michael@0: /* michael@0: * SEC_PKCS7VerifyDetachedSignatureAtTime michael@0: * Look at a PKCS7 contentInfo and check if the signature matches michael@0: * a passed-in digest (calculated, supposedly, from detached contents). michael@0: * The verification checks that the signing cert is valid and trusted michael@0: * for the purpose specified by "certusage" at time "atTime". michael@0: * michael@0: * In addition, if "keepcerts" is true, add any new certificates found michael@0: * into our local database. michael@0: */ michael@0: PRBool michael@0: SEC_PKCS7VerifyDetachedSignatureAtTime(SEC_PKCS7ContentInfo *cinfo, michael@0: SECCertUsage certusage, michael@0: const SECItem *detached_digest, michael@0: HASH_HashType digest_type, michael@0: PRBool keepcerts, michael@0: PRTime atTime) michael@0: { michael@0: return sec_pkcs7_verify_signature (cinfo, certusage, michael@0: detached_digest, digest_type, michael@0: keepcerts, &atTime); michael@0: } michael@0: michael@0: /* michael@0: * Return the asked-for portion of the name of the signer of a PKCS7 michael@0: * signed object. michael@0: * michael@0: * Returns a pointer to allocated memory, which must be freed. michael@0: * A NULL return value is an error. michael@0: */ michael@0: michael@0: #define sec_common_name 1 michael@0: #define sec_email_address 2 michael@0: michael@0: static char * michael@0: sec_pkcs7_get_signer_cert_info(SEC_PKCS7ContentInfo *cinfo, int selector) michael@0: { michael@0: SECOidTag kind; michael@0: SEC_PKCS7SignerInfo **signerinfos; michael@0: CERTCertificate *signercert; michael@0: char *container; michael@0: michael@0: kind = SEC_PKCS7ContentType (cinfo); michael@0: switch (kind) { michael@0: default: michael@0: case SEC_OID_PKCS7_DATA: michael@0: case SEC_OID_PKCS7_DIGESTED_DATA: michael@0: case SEC_OID_PKCS7_ENVELOPED_DATA: michael@0: case SEC_OID_PKCS7_ENCRYPTED_DATA: michael@0: PORT_Assert (0); michael@0: return NULL; michael@0: case SEC_OID_PKCS7_SIGNED_DATA: michael@0: { michael@0: SEC_PKCS7SignedData *sdp; michael@0: michael@0: sdp = cinfo->content.signedData; michael@0: signerinfos = sdp->signerInfos; michael@0: } michael@0: break; michael@0: case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: michael@0: { michael@0: SEC_PKCS7SignedAndEnvelopedData *saedp; michael@0: michael@0: saedp = cinfo->content.signedAndEnvelopedData; michael@0: signerinfos = saedp->signerInfos; michael@0: } michael@0: break; michael@0: } michael@0: michael@0: if (signerinfos == NULL || signerinfos[0] == NULL) michael@0: return NULL; michael@0: michael@0: signercert = signerinfos[0]->cert; michael@0: michael@0: /* michael@0: * No cert there; see if we can find one by calling verify ourselves. michael@0: */ michael@0: if (signercert == NULL) { michael@0: /* michael@0: * The cert usage does not matter in this case, because we do not michael@0: * actually care about the verification itself, but we have to pick michael@0: * some valid usage to pass in. michael@0: */ michael@0: (void) sec_pkcs7_verify_signature (cinfo, certUsageEmailSigner, michael@0: NULL, HASH_AlgNULL, PR_FALSE, NULL); michael@0: signercert = signerinfos[0]->cert; michael@0: if (signercert == NULL) michael@0: return NULL; michael@0: } michael@0: michael@0: switch (selector) { michael@0: case sec_common_name: michael@0: container = CERT_GetCommonName (&signercert->subject); michael@0: break; michael@0: case sec_email_address: michael@0: if(signercert->emailAddr && signercert->emailAddr[0]) { michael@0: container = PORT_Strdup(signercert->emailAddr); michael@0: } else { michael@0: container = NULL; michael@0: } michael@0: break; michael@0: default: michael@0: PORT_Assert (0); michael@0: container = NULL; michael@0: break; michael@0: } michael@0: michael@0: return container; michael@0: } michael@0: michael@0: char * michael@0: SEC_PKCS7GetSignerCommonName(SEC_PKCS7ContentInfo *cinfo) michael@0: { michael@0: return sec_pkcs7_get_signer_cert_info(cinfo, sec_common_name); michael@0: } michael@0: michael@0: char * michael@0: SEC_PKCS7GetSignerEmailAddress(SEC_PKCS7ContentInfo *cinfo) michael@0: { michael@0: return sec_pkcs7_get_signer_cert_info(cinfo, sec_email_address); michael@0: } michael@0: michael@0: michael@0: /* michael@0: * Return the signing time, in UTCTime format, of a PKCS7 contentInfo. michael@0: */ michael@0: SECItem * michael@0: SEC_PKCS7GetSigningTime(SEC_PKCS7ContentInfo *cinfo) michael@0: { michael@0: SEC_PKCS7SignerInfo **signerinfos; michael@0: SEC_PKCS7Attribute *attr; michael@0: michael@0: if (SEC_PKCS7ContentType (cinfo) != SEC_OID_PKCS7_SIGNED_DATA) michael@0: return NULL; michael@0: michael@0: signerinfos = cinfo->content.signedData->signerInfos; michael@0: michael@0: /* michael@0: * No signature, or more than one, means no deal. michael@0: */ michael@0: if (signerinfos == NULL || signerinfos[0] == NULL || signerinfos[1] != NULL) michael@0: return NULL; michael@0: michael@0: attr = sec_PKCS7FindAttribute (signerinfos[0]->authAttr, michael@0: SEC_OID_PKCS9_SIGNING_TIME, PR_TRUE); michael@0: return sec_PKCS7AttributeValue (attr); michael@0: }