Coverage Report

Created: 2018-09-25 14:53

/src/mozilla-central/security/nss/lib/smime/cmsmessage.c
Line
Count
Source (jump to first uncovered line)
1
/* This Source Code Form is subject to the terms of the Mozilla Public
2
 * License, v. 2.0. If a copy of the MPL was not distributed with this
3
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5
/*
6
 * CMS message methods.
7
 */
8
9
#include "cmslocal.h"
10
11
#include "cert.h"
12
#include "secasn1.h"
13
#include "secitem.h"
14
#include "secoid.h"
15
#include "pk11func.h"
16
#include "secerr.h"
17
18
/*
19
 * NSS_CMSMessage_Create - create a CMS message object
20
 *
21
 * "poolp" - arena to allocate memory from, or NULL if new arena should be created
22
 */
23
NSSCMSMessage *
24
NSS_CMSMessage_Create(PLArenaPool *poolp)
25
0
{
26
0
    void *mark = NULL;
27
0
    NSSCMSMessage *cmsg;
28
0
    PRBool poolp_is_ours = PR_FALSE;
29
0
30
0
    if (poolp == NULL) {
31
0
        poolp = PORT_NewArena(1024); /* XXX what is right value? */
32
0
        if (poolp == NULL)
33
0
            return NULL;
34
0
        poolp_is_ours = PR_TRUE;
35
0
    }
36
0
37
0
    if (!poolp_is_ours)
38
0
        mark = PORT_ArenaMark(poolp);
39
0
40
0
    cmsg = (NSSCMSMessage *)PORT_ArenaZAlloc(poolp, sizeof(NSSCMSMessage));
41
0
    if (cmsg == NULL ||
42
0
        NSS_CMSContentInfo_Private_Init(&(cmsg->contentInfo)) != SECSuccess) {
43
0
        if (!poolp_is_ours) {
44
0
            if (mark) {
45
0
                PORT_ArenaRelease(poolp, mark);
46
0
            }
47
0
        } else
48
0
            PORT_FreeArena(poolp, PR_FALSE);
49
0
        return NULL;
50
0
    }
51
0
52
0
    cmsg->poolp = poolp;
53
0
    cmsg->poolp_is_ours = poolp_is_ours;
54
0
    cmsg->refCount = 1;
55
0
56
0
    if (mark)
57
0
        PORT_ArenaUnmark(poolp, mark);
58
0
59
0
    return cmsg;
60
0
}
61
62
/*
63
 * NSS_CMSMessage_SetEncodingParams - set up a CMS message object for encoding or decoding
64
 *
65
 * "cmsg" - message object
66
 * "pwfn", pwfn_arg" - callback function for getting token password
67
 * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
68
 * "detached_digestalgs", "detached_digests" - digests from detached content
69
 */
70
void
71
NSS_CMSMessage_SetEncodingParams(NSSCMSMessage *cmsg,
72
                                 PK11PasswordFunc pwfn, void *pwfn_arg,
73
                                 NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
74
                                 SECAlgorithmID **detached_digestalgs, SECItem **detached_digests)
75
0
{
76
0
    if (pwfn)
77
0
        PK11_SetPasswordFunc(pwfn);
78
0
    cmsg->pwfn_arg = pwfn_arg;
79
0
    cmsg->decrypt_key_cb = decrypt_key_cb;
80
0
    cmsg->decrypt_key_cb_arg = decrypt_key_cb_arg;
81
0
    cmsg->detached_digestalgs = detached_digestalgs;
82
0
    cmsg->detached_digests = detached_digests;
83
0
}
84
85
/*
86
 * NSS_CMSMessage_Destroy - destroy a CMS message and all of its sub-pieces.
87
 */
88
void
89
NSS_CMSMessage_Destroy(NSSCMSMessage *cmsg)
90
0
{
91
0
    PORT_Assert(cmsg->refCount > 0);
92
0
    if (cmsg->refCount <= 0) /* oops */
93
0
        return;
94
0
95
0
    cmsg->refCount--; /* thread safety? */
96
0
    if (cmsg->refCount > 0)
97
0
        return;
98
0
99
0
    NSS_CMSContentInfo_Destroy(&(cmsg->contentInfo));
100
0
101
0
    /* if poolp is not NULL, cmsg is the owner of its arena */
102
0
    if (cmsg->poolp_is_ours)
103
0
        PORT_FreeArena(cmsg->poolp, PR_FALSE); /* XXX clear it? */
104
0
}
105
106
/*
107
 * NSS_CMSMessage_Copy - return a copy of the given message.
108
 *
109
 * The copy may be virtual or may be real -- either way, the result needs
110
 * to be passed to NSS_CMSMessage_Destroy later (as does the original).
111
 */
112
NSSCMSMessage *
113
NSS_CMSMessage_Copy(NSSCMSMessage *cmsg)
114
0
{
115
0
    if (cmsg == NULL)
116
0
        return NULL;
117
0
118
0
    PORT_Assert(cmsg->refCount > 0);
119
0
120
0
    cmsg->refCount++; /* XXX chrisk thread safety? */
121
0
    return cmsg;
122
0
}
123
124
/*
125
 * NSS_CMSMessage_GetArena - return a pointer to the message's arena pool
126
 */
127
PLArenaPool *
128
NSS_CMSMessage_GetArena(NSSCMSMessage *cmsg)
129
0
{
130
0
    return cmsg->poolp;
131
0
}
132
133
/*
134
 * NSS_CMSMessage_GetContentInfo - return a pointer to the top level contentInfo
135
 */
136
NSSCMSContentInfo *
137
NSS_CMSMessage_GetContentInfo(NSSCMSMessage *cmsg)
138
0
{
139
0
    return &(cmsg->contentInfo);
140
0
}
141
142
/*
143
 * Return a pointer to the actual content.
144
 * In the case of those types which are encrypted, this returns the *plain* content.
145
 * In case of nested contentInfos, this descends and retrieves the innermost content.
146
 */
147
SECItem *
148
NSS_CMSMessage_GetContent(NSSCMSMessage *cmsg)
149
0
{
150
0
    /* this is a shortcut */
151
0
    NSSCMSContentInfo *cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
152
0
    SECItem *pItem = NSS_CMSContentInfo_GetInnerContent(cinfo);
153
0
    return pItem;
154
0
}
155
156
/*
157
 * NSS_CMSMessage_ContentLevelCount - count number of levels of CMS content objects in this message
158
 *
159
 * CMS data content objects do not count.
160
 */
161
int
162
NSS_CMSMessage_ContentLevelCount(NSSCMSMessage *cmsg)
163
0
{
164
0
    int count = 0;
165
0
    NSSCMSContentInfo *cinfo;
166
0
167
0
    /* walk down the chain of contentinfos */
168
0
    for (cinfo = &(cmsg->contentInfo); cinfo != NULL;) {
169
0
        count++;
170
0
        cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo);
171
0
    }
172
0
    return count;
173
0
}
174
175
/*
176
 * NSS_CMSMessage_ContentLevel - find content level #n
177
 *
178
 * CMS data content objects do not count.
179
 */
180
NSSCMSContentInfo *
181
NSS_CMSMessage_ContentLevel(NSSCMSMessage *cmsg, int n)
182
0
{
183
0
    int count = 0;
184
0
    NSSCMSContentInfo *cinfo;
185
0
186
0
    /* walk down the chain of contentinfos */
187
0
    for (cinfo = &(cmsg->contentInfo); cinfo != NULL && count < n;
188
0
         cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) {
189
0
        count++;
190
0
    }
191
0
192
0
    return cinfo;
193
0
}
194
195
/*
196
 * NSS_CMSMessage_ContainsCertsOrCrls - see if message contains certs along the way
197
 */
198
PRBool
199
NSS_CMSMessage_ContainsCertsOrCrls(NSSCMSMessage *cmsg)
200
0
{
201
0
    NSSCMSContentInfo *cinfo;
202
0
203
0
    /* descend into CMS message */
204
0
    for (cinfo = &(cmsg->contentInfo); cinfo != NULL;
205
0
         cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) {
206
0
        if (!NSS_CMSType_IsData(NSS_CMSContentInfo_GetContentTypeTag(cinfo)))
207
0
            continue; /* next level */
208
0
209
0
        if (NSS_CMSSignedData_ContainsCertsOrCrls(cinfo->content.signedData))
210
0
            return PR_TRUE;
211
0
        /* callback here for generic wrappers? */
212
0
    }
213
0
    return PR_FALSE;
214
0
}
215
216
/*
217
 * NSS_CMSMessage_IsEncrypted - see if message contains a encrypted submessage
218
 */
219
PRBool
220
NSS_CMSMessage_IsEncrypted(NSSCMSMessage *cmsg)
221
0
{
222
0
    NSSCMSContentInfo *cinfo;
223
0
224
0
    /* walk down the chain of contentinfos */
225
0
    for (cinfo = &(cmsg->contentInfo); cinfo != NULL;
226
0
         cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) {
227
0
        switch (NSS_CMSContentInfo_GetContentTypeTag(cinfo)) {
228
0
            case SEC_OID_PKCS7_ENVELOPED_DATA:
229
0
            case SEC_OID_PKCS7_ENCRYPTED_DATA:
230
0
                return PR_TRUE;
231
0
            default:
232
0
                /* callback here for generic wrappers? */
233
0
                break;
234
0
        }
235
0
    }
236
0
    return PR_FALSE;
237
0
}
238
239
/*
240
 * NSS_CMSMessage_IsSigned - see if message contains a signed submessage
241
 *
242
 * If the CMS message has a SignedData with a signature (not just a SignedData)
243
 * return true; false otherwise.  This can/should be called before calling
244
 * VerifySignature, which will always indicate failure if no signature is
245
 * present, but that does not mean there even was a signature!
246
 * Note that the content itself can be empty (detached content was sent
247
 * another way); it is the presence of the signature that matters.
248
 */
249
PRBool
250
NSS_CMSMessage_IsSigned(NSSCMSMessage *cmsg)
251
0
{
252
0
    NSSCMSContentInfo *cinfo;
253
0
254
0
    /* walk down the chain of contentinfos */
255
0
    for (cinfo = &(cmsg->contentInfo); cinfo != NULL;
256
0
         cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) {
257
0
        switch (NSS_CMSContentInfo_GetContentTypeTag(cinfo)) {
258
0
            case SEC_OID_PKCS7_SIGNED_DATA:
259
0
                if (!NSS_CMSArray_IsEmpty((void **)cinfo->content.signedData->signerInfos))
260
0
                    return PR_TRUE;
261
0
                break;
262
0
            default:
263
0
                /* callback here for generic wrappers? */
264
0
                break;
265
0
        }
266
0
    }
267
0
    return PR_FALSE;
268
0
}
269
270
/*
271
 * NSS_CMSMessage_IsContentEmpty - see if content is empty
272
 *
273
 * returns PR_TRUE is innermost content length is < minLen
274
 * XXX need the encrypted content length (why?)
275
 */
276
PRBool
277
NSS_CMSMessage_IsContentEmpty(NSSCMSMessage *cmsg, unsigned int minLen)
278
0
{
279
0
    SECItem *item = NULL;
280
0
281
0
    if (cmsg == NULL)
282
0
        return PR_TRUE;
283
0
284
0
    item = NSS_CMSContentInfo_GetContent(NSS_CMSMessage_GetContentInfo(cmsg));
285
0
286
0
    if (!item) {
287
0
        return PR_TRUE;
288
0
    } else if (item->len <= minLen) {
289
0
        return PR_TRUE;
290
0
    }
291
0
292
0
    return PR_FALSE;
293
0
}