/*
* NSS_CMSDigestedData_Create - create a digestedData object (presumably for encoding)
*
* version will be set by NSS_CMSDigestedData_Encode_BeforeStart
* digestAlg is passed as parameter
* contentInfo must be filled by the user
* digest will be calculated while encoding
*/
NSSCMSDigestedData *
NSS_CMSDigestedData_Create(NSSCMSMessage *cmsg, SECAlgorithmID *digestalg)
{
void *mark;
NSSCMSDigestedData *digd;
PLArenaPool *poolp;
poolp = cmsg->poolp;
mark = PORT_ArenaMark(poolp);
digd = (NSSCMSDigestedData *)PORT_ArenaZAlloc(poolp, sizeof(NSSCMSDigestedData));
if (digd == NULL)
goto loser;
digd->cmsg = cmsg;
if (SECOID_CopyAlgorithmID (poolp, &(digd->digestAlg), digestalg) != SECSuccess)
goto loser;
PORT_ArenaUnmark(poolp, mark);
return digd;
loser:
PORT_ArenaRelease(poolp, mark);
return NULL;
}
SECStatus
crmf_template_copy_secalg (PLArenaPool *poolp, SECAlgorithmID **dest,
SECAlgorithmID* src)
{
SECStatus rv;
void *mark = NULL;
SECAlgorithmID *mySecAlg;
if (!poolp) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
mark = PORT_ArenaMark(poolp);
*dest = mySecAlg = PORT_ArenaZNew(poolp, SECAlgorithmID);
if (mySecAlg == NULL) {
goto loser;
}
rv = SECOID_CopyAlgorithmID(poolp, mySecAlg, src);
if (rv != SECSuccess) {
goto loser;
}
if (mark) {
PORT_ArenaUnmark(poolp, mark);
}
return SECSuccess;
loser:
*dest = NULL;
if (mark) {
PORT_ArenaRelease(poolp, mark);
}
return SECFailure;
}
SECAlgorithmID *
CRMF_POPOSigningKeyGetAlgID(CRMFPOPOSigningKey *inSignKey)
{
SECAlgorithmID *newAlgId = NULL;
SECStatus rv;
PORT_Assert(inSignKey != NULL);
if (inSignKey == NULL) {
return NULL;
}
newAlgId = PORT_ZNew(SECAlgorithmID);
if (newAlgId == NULL) {
goto loser;
}
rv = SECOID_CopyAlgorithmID(NULL, newAlgId,
inSignKey->algorithmIdentifier);
if (rv != SECSuccess) {
goto loser;
}
return newAlgId;
loser:
if (newAlgId != NULL) {
SECOID_DestroyAlgorithmID(newAlgId, PR_TRUE);
}
return NULL;
}
SECStatus
crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp,
SECAlgorithmID *srcAlgId,
SECAlgorithmID **destAlgId)
{
SECAlgorithmID *newAlgId;
SECStatus rv;
newAlgId = (poolp != NULL) ? PORT_ArenaZNew(poolp, SECAlgorithmID) :
PORT_ZNew(SECAlgorithmID);
if (newAlgId == NULL) {
return SECFailure;
}
rv = SECOID_CopyAlgorithmID(poolp, newAlgId, srcAlgId);
if (rv != SECSuccess) {
if (!poolp) {
SECOID_DestroyAlgorithmID(newAlgId, PR_TRUE);
}
return rv;
}
*destAlgId = newAlgId;
return rv;
}
/*
* SecCmsDigestedDataCreate - create a digestedData object (presumably for encoding)
*
* version will be set by SecCmsDigestedDataEncodeBeforeStart
* digestAlg is passed as parameter
* contentInfo must be filled by the user
* digest will be calculated while encoding
*/
SecCmsDigestedDataRef
SecCmsDigestedDataCreate(SecCmsMessageRef cmsg, SECAlgorithmID *digestalg)
{
void *mark;
SecCmsDigestedDataRef digd;
PLArenaPool *poolp;
poolp = cmsg->poolp;
mark = PORT_ArenaMark(poolp);
digd = (SecCmsDigestedDataRef)PORT_ArenaZAlloc(poolp, sizeof(SecCmsDigestedData));
if (digd == NULL)
goto loser;
digd->contentInfo.cmsg = cmsg;
if (SECOID_CopyAlgorithmID (poolp, &(digd->digestAlg), digestalg) != SECSuccess)
goto loser;
PORT_ArenaUnmark(poolp, mark);
return digd;
loser:
PORT_ArenaRelease(poolp, mark);
return NULL;
}
OSStatus
SecCmsContentInfoSetContentEncAlgID(SecArenaPoolRef pool, SecCmsContentInfoRef cinfo,
SECAlgorithmID *algid, int keysize)
{
PLArenaPool *poolp = (PLArenaPool *)pool;
OSStatus rv;
rv = SECOID_CopyAlgorithmID(poolp, &(cinfo->contentEncAlg), algid);
if (rv != SECSuccess)
return SECFailure;
if (keysize >= 0)
cinfo->keysize = keysize;
return SECSuccess;
}
SECStatus
CRMF_CertRequestGetCertTemplateSigningAlg(CRMFCertRequest *inCertReq,
SECAlgorithmID *destAlg)
{
PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL) {
return SECFailure;
}
if (CRMF_DoesRequestHaveField(inCertReq, crmfSigningAlg)) {
return SECOID_CopyAlgorithmID(NULL, destAlg,
inCertReq->certTemplate.signingAlg);
}
return SECFailure;
}
SECStatus
NSS_CMSContentInfo_SetContentEncAlgID(PLArenaPool *poolp, NSSCMSContentInfo *cinfo,
SECAlgorithmID *algid, int keysize)
{
SECStatus rv;
if (cinfo == NULL) {
return SECFailure;
}
rv = SECOID_CopyAlgorithmID(poolp, &(cinfo->contentEncAlg), algid);
if (rv != SECSuccess) {
return SECFailure;
}
if (keysize >= 0) {
cinfo->keysize = keysize;
}
return SECSuccess;
}
static SECStatus
crmf_copy_poposigningkey(PLArenaPool *poolp,
CRMFPOPOSigningKey *inPopoSignKey,
CRMFPOPOSigningKey *destPopoSignKey)
{
SECStatus rv;
/* We don't support use of the POPOSigningKeyInput, so we'll only
* store away the DER encoding.
*/
if (inPopoSignKey->derInput.data != NULL) {
rv = SECITEM_CopyItem(poolp, &destPopoSignKey->derInput,
&inPopoSignKey->derInput);
}
destPopoSignKey->algorithmIdentifier = (poolp == NULL) ?
PORT_ZNew(SECAlgorithmID)
:
PORT_ArenaZNew(poolp, SECAlgorithmID);
if (destPopoSignKey->algorithmIdentifier == NULL) {
goto loser;
}
rv = SECOID_CopyAlgorithmID(poolp, destPopoSignKey->algorithmIdentifier,
inPopoSignKey->algorithmIdentifier);
if (rv != SECSuccess) {
goto loser;
}
rv = crmf_make_bitstring_copy(poolp, &destPopoSignKey->signature,
&inPopoSignKey->signature);
if (rv != SECSuccess) {
goto loser;
}
return SECSuccess;
loser:
if (poolp == NULL) {
CRMF_DestroyPOPOSigningKey(destPopoSignKey);
}
return SECFailure;
}
SECStatus
SGN_CopyDigestInfo(PLArenaPool *poolp, SGNDigestInfo *a, SGNDigestInfo *b)
{
SECStatus rv;
void *mark;
if((poolp == NULL) || (a == NULL) || (b == NULL))
return SECFailure;
mark = PORT_ArenaMark(poolp);
a->arena = poolp;
rv = SECOID_CopyAlgorithmID(poolp, &a->digestAlgorithm,
&b->digestAlgorithm);
if (rv == SECSuccess)
rv = SECITEM_CopyItem(poolp, &a->digest, &b->digest);
if (rv != SECSuccess) {
PORT_ArenaRelease(poolp, mark);
} else {
PORT_ArenaUnmark(poolp, mark);
}
return rv;
}
/*
* NSS_CMSSignerInfo_Sign - sign something
*
*/
SECStatus
NSS_CMSSignerInfo_Sign(NSSCMSSignerInfo *signerinfo, SECItem *digest,
SECItem *contentType)
{
CERTCertificate *cert;
SECKEYPrivateKey *privkey = NULL;
SECOidTag digestalgtag;
SECOidTag pubkAlgTag;
SECItem signature = { 0 };
SECStatus rv;
PLArenaPool *poolp, *tmppoolp = NULL;
SECAlgorithmID *algID, freeAlgID;
CERTSubjectPublicKeyInfo *spki;
PORT_Assert (digest != NULL);
poolp = signerinfo->cmsg->poolp;
switch (signerinfo->signerIdentifier.identifierType) {
case NSSCMSSignerID_IssuerSN:
cert = signerinfo->cert;
privkey = PK11_FindKeyByAnyCert(cert, signerinfo->cmsg->pwfn_arg);
if (privkey == NULL)
goto loser;
algID = &cert->subjectPublicKeyInfo.algorithm;
break;
case NSSCMSSignerID_SubjectKeyID:
privkey = signerinfo->signingKey;
signerinfo->signingKey = NULL;
spki = SECKEY_CreateSubjectPublicKeyInfo(signerinfo->pubKey);
SECKEY_DestroyPublicKey(signerinfo->pubKey);
signerinfo->pubKey = NULL;
SECOID_CopyAlgorithmID(NULL, &freeAlgID, &spki->algorithm);
SECKEY_DestroySubjectPublicKeyInfo(spki);
algID = &freeAlgID;
break;
default:
goto loser;
}
digestalgtag = NSS_CMSSignerInfo_GetDigestAlgTag(signerinfo);
/*
* XXX I think there should be a cert-level interface for this,
* so that I do not have to know about subjectPublicKeyInfo...
*/
pubkAlgTag = SECOID_GetAlgorithmTag(algID);
if (signerinfo->signerIdentifier.identifierType == NSSCMSSignerID_SubjectKeyID) {
SECOID_DestroyAlgorithmID(&freeAlgID, PR_FALSE);
}
if (signerinfo->authAttr != NULL) {
SECOidTag signAlgTag;
SECItem encoded_attrs;
/* find and fill in the message digest attribute. */
rv = NSS_CMSAttributeArray_SetAttr(poolp, &(signerinfo->authAttr),
SEC_OID_PKCS9_MESSAGE_DIGEST, digest, PR_FALSE);
if (rv != SECSuccess)
goto loser;
if (contentType != NULL) {
/* if the caller wants us to, find and fill in the content type attribute. */
rv = NSS_CMSAttributeArray_SetAttr(poolp, &(signerinfo->authAttr),
SEC_OID_PKCS9_CONTENT_TYPE, contentType, PR_FALSE);
if (rv != SECSuccess)
goto loser;
}
if ((tmppoolp = PORT_NewArena (1024)) == NULL) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
goto loser;
}
/*
* Before encoding, reorder the attributes so that when they
* are encoded, they will be conforming DER, which is required
* to have a specific order and that is what must be used for
* the hash/signature. We do this here, rather than building
* it into EncodeAttributes, because we do not want to do
* such reordering on incoming messages (which also uses
* EncodeAttributes) or our old signatures (and other "broken"
* implementations) will not verify. So, we want to guarantee
* that we send out good DER encodings of attributes, but not
* to expect to receive them.
*/
if (NSS_CMSAttributeArray_Reorder(signerinfo->authAttr) != SECSuccess)
goto loser;
encoded_attrs.data = NULL;
encoded_attrs.len = 0;
if (NSS_CMSAttributeArray_Encode(tmppoolp, &(signerinfo->authAttr),
&encoded_attrs) == NULL)
goto loser;
signAlgTag = SEC_GetSignatureAlgorithmOidTag(privkey->keyType,
digestalgtag);
if (signAlgTag == SEC_OID_UNKNOWN) {
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
goto loser;
}
rv = SEC_SignData(&signature, encoded_attrs.data, encoded_attrs.len,
privkey, signAlgTag);
PORT_FreeArena(tmppoolp, PR_FALSE); /* awkward memory management :-( */
tmppoolp = 0;
} else {
rv = SGN_Digest(privkey, digestalgtag, &signature, digest);
}
SECKEY_DestroyPrivateKey(privkey);
privkey = NULL;
if (rv != SECSuccess)
goto loser;
if (SECITEM_CopyItem(poolp, &(signerinfo->encDigest), &signature)
!= SECSuccess)
goto loser;
SECITEM_FreeItem(&signature, PR_FALSE);
if (SECOID_SetAlgorithmID(poolp, &(signerinfo->digestEncAlg), pubkAlgTag,
NULL) != SECSuccess)
goto loser;
return SECSuccess;
loser:
if (signature.len != 0)
SECITEM_FreeItem (&signature, PR_FALSE);
if (privkey)
SECKEY_DestroyPrivateKey(privkey);
if (tmppoolp)
PORT_FreeArena(tmppoolp, PR_FALSE);
return SECFailure;
}
/*
* SecCmsSignerInfoSign - sign something
*
*/
OSStatus
SecCmsSignerInfoSign(SecCmsSignerInfoRef signerinfo, CSSM_DATA_PTR digest, CSSM_DATA_PTR contentType)
{
SecCertificateRef cert;
SecPrivateKeyRef privkey = NULL;
SECOidTag digestalgtag;
SECOidTag pubkAlgTag;
CSSM_DATA signature = { 0 };
OSStatus rv;
PLArenaPool *poolp, *tmppoolp = NULL;
const SECAlgorithmID *algID;
SECAlgorithmID freeAlgID;
//CERTSubjectPublicKeyInfo *spki;
PORT_Assert (digest != NULL);
poolp = signerinfo->cmsg->poolp;
switch (signerinfo->signerIdentifier.identifierType) {
case SecCmsSignerIDIssuerSN:
privkey = signerinfo->signingKey;
signerinfo->signingKey = NULL;
cert = signerinfo->cert;
if (SecCertificateGetAlgorithmID(cert,&algID)) {
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
goto loser;
}
break;
case SecCmsSignerIDSubjectKeyID:
privkey = signerinfo->signingKey;
signerinfo->signingKey = NULL;
#if 0
spki = SECKEY_CreateSubjectPublicKeyInfo(signerinfo->pubKey);
SECKEY_DestroyPublicKey(signerinfo->pubKey);
signerinfo->pubKey = NULL;
SECOID_CopyAlgorithmID(NULL, &freeAlgID, &spki->algorithm);
SECKEY_DestroySubjectPublicKeyInfo(spki);
algID = &freeAlgID;
#else
#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE || TARGET_IPHONE_SIMULATOR))
if (SecKeyGetAlgorithmID(signerinfo->pubKey,&algID)) {
#else
/* TBD: Unify this code. Currently, iOS has an incompatible
* SecKeyGetAlgorithmID implementation. */
if (true) {
#endif
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
goto loser;
}
CFRelease(signerinfo->pubKey);
signerinfo->pubKey = NULL;
#endif
break;
default:
PORT_SetError(SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE);
goto loser;
}
digestalgtag = SecCmsSignerInfoGetDigestAlgTag(signerinfo);
/*
* XXX I think there should be a cert-level interface for this,
* so that I do not have to know about subjectPublicKeyInfo...
*/
pubkAlgTag = SECOID_GetAlgorithmTag(algID);
if (signerinfo->signerIdentifier.identifierType == SecCmsSignerIDSubjectKeyID) {
SECOID_DestroyAlgorithmID(&freeAlgID, PR_FALSE);
}
#if 0
// @@@ Not yet
/* Fortezza MISSI have weird signature formats.
* Map them to standard DSA formats
*/
pubkAlgTag = PK11_FortezzaMapSig(pubkAlgTag);
#endif
if (signerinfo->authAttr != NULL) {
CSSM_DATA encoded_attrs;
/* find and fill in the message digest attribute. */
rv = SecCmsAttributeArraySetAttr(poolp, &(signerinfo->authAttr),
SEC_OID_PKCS9_MESSAGE_DIGEST, digest, PR_FALSE);
if (rv != SECSuccess)
goto loser;
if (contentType != NULL) {
/* if the caller wants us to, find and fill in the content type attribute. */
rv = SecCmsAttributeArraySetAttr(poolp, &(signerinfo->authAttr),
SEC_OID_PKCS9_CONTENT_TYPE, contentType, PR_FALSE);
if (rv != SECSuccess)
goto loser;
}
if ((tmppoolp = PORT_NewArena (1024)) == NULL) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
goto loser;
}
/*
* Before encoding, reorder the attributes so that when they
* are encoded, they will be conforming DER, which is required
* to have a specific order and that is what must be used for
* the hash/signature. We do this here, rather than building
* it into EncodeAttributes, because we do not want to do
* such reordering on incoming messages (which also uses
* EncodeAttributes) or our old signatures (and other "broken"
* implementations) will not verify. So, we want to guarantee
* that we send out good DER encodings of attributes, but not
* to expect to receive them.
*/
if (SecCmsAttributeArrayReorder(signerinfo->authAttr) != SECSuccess)
goto loser;
encoded_attrs.Data = NULL;
encoded_attrs.Length = 0;
if (SecCmsAttributeArrayEncode(tmppoolp, &(signerinfo->authAttr),
&encoded_attrs) == NULL)
goto loser;
rv = SEC_SignData(&signature, encoded_attrs.Data, (int)encoded_attrs.Length,
privkey, digestalgtag, pubkAlgTag);
PORT_FreeArena(tmppoolp, PR_FALSE); /* awkward memory management :-( */
tmppoolp = 0;
} else {
rv = SGN_Digest(privkey, digestalgtag, pubkAlgTag, &signature, digest);
}
SECKEY_DestroyPrivateKey(privkey);
privkey = NULL;
if (rv != SECSuccess)
goto loser;
if (SECITEM_CopyItem(poolp, &(signerinfo->encDigest), &signature)
!= SECSuccess)
goto loser;
SECITEM_FreeItem(&signature, PR_FALSE);
if(pubkAlgTag == SEC_OID_EC_PUBLIC_KEY) {
/*
* RFC 3278 section section 2.1.1 states that the signatureAlgorithm
* field contains the full ecdsa-with-SHA1 OID, not plain old ecPublicKey
* as would appear in other forms of signed datas. However Microsoft doesn't
* do this, it puts ecPublicKey there, and if we put ecdsa-with-SHA1 there,
* MS can't verify - presumably because it takes the digest of the digest
* before feeding it to ECDSA.
* We handle this with a preference; default if it's not there is
* "Microsoft compatibility mode".
*/
if(!SecCmsMsEcdsaCompatMode()) {
pubkAlgTag = SEC_OID_ECDSA_WithSHA1;
}
/* else violating the spec for compatibility */
}
if (SECOID_SetAlgorithmID(poolp, &(signerinfo->digestEncAlg), pubkAlgTag,
NULL) != SECSuccess)
goto loser;
return SECSuccess;
loser:
if (signature.Length != 0)
SECITEM_FreeItem (&signature, PR_FALSE);
if (privkey)
SECKEY_DestroyPrivateKey(privkey);
if (tmppoolp)
PORT_FreeArena(tmppoolp, PR_FALSE);
return SECFailure;
}
OSStatus
SecCmsSignerInfoVerifyCertificate(SecCmsSignerInfoRef signerinfo, SecKeychainRef keychainOrArray,
CFTypeRef policies, SecTrustRef *trustRef)
{
SecCertificateRef cert;
CFAbsoluteTime stime;
OSStatus rv;
CSSM_DATA_PTR *otherCerts;
if ((cert = SecCmsSignerInfoGetSigningCertificate(signerinfo, keychainOrArray)) == NULL) {
dprintf("SecCmsSignerInfoVerifyCertificate: no signing cert\n");
signerinfo->verificationStatus = SecCmsVSSigningCertNotFound;
return SECFailure;
}
/*
* Get and convert the signing time; if available, it will be used
* both on the cert verification and for importing the sender
* email profile.
*/
CFTypeRef timeStampPolicies=SecPolicyCreateAppleTimeStampingAndRevocationPolicies(policies);
if (SecCmsSignerInfoGetTimestampTimeWithPolicy(signerinfo, timeStampPolicies, &stime) != SECSuccess)
if (SecCmsSignerInfoGetSigningTime(signerinfo, &stime) != SECSuccess)
stime = CFAbsoluteTimeGetCurrent();
CFReleaseSafe(timeStampPolicies);
rv = SecCmsSignedDataRawCerts(signerinfo->sigd, &otherCerts);
if(rv) {
return rv;
}
rv = CERT_VerifyCert(keychainOrArray, cert, otherCerts, policies, stime, trustRef);
dprintfRC("SecCmsSignerInfoVerifyCertificate after vfy: certp %p cert.rc %d\n",
cert, (int)CFGetRetainCount(cert));
if (rv || !trustRef)
{
if (PORT_GetError() == SEC_ERROR_UNTRUSTED_CERT)
{
/* Signature or digest level verificationStatus errors should supercede certificate level errors, so only change the verificationStatus if the status was GoodSignature. */
if (signerinfo->verificationStatus == SecCmsVSGoodSignature)
signerinfo->verificationStatus = SecCmsVSSigningCertNotTrusted;
}
}
/* FIXME isn't this leaking the cert? */
dprintf("SecCmsSignerInfoVerifyCertificate: CertVerify rtn %d\n", (int)rv);
return rv;
}
