/*
* Obtain the timestamp of signer 'signerIndex' of a CMS message, if
* present. This timestamp is an authenticated timestamp provided by
* a timestamping authority.
*
* Returns errSecParam if the CMS message was not signed or if signerIndex
* is greater than the number of signers of the message minus one.
*
* This cannot be called until after CMSDecoderFinalizeMessage() is called.
*/
OSStatus CMSDecoderCopySignerTimestamp(
CMSDecoderRef cmsDecoder,
size_t signerIndex, /* usually 0 */
CFAbsoluteTime *timestamp) /* RETURNED */
{
OSStatus status = errSecParam;
SecCmsMessageRef cmsg;
SecCmsSignedDataRef signedData = NULL;
int numContentInfos = 0;
require(cmsDecoder && timestamp, xit);
require_noerr(CMSDecoderGetCmsMessage(cmsDecoder, &cmsg), xit);
numContentInfos = SecCmsMessageContentLevelCount(cmsg);
for (int dex = 0; !signedData && dex < numContentInfos; dex++)
{
SecCmsContentInfoRef ci = SecCmsMessageContentLevel(cmsg, dex);
SECOidTag tag = SecCmsContentInfoGetContentTypeTag(ci);
if (tag == SEC_OID_PKCS7_SIGNED_DATA)
if ((signedData = SecCmsSignedDataRef(SecCmsContentInfoGetContent(ci))))
if (SecCmsSignerInfoRef signerInfo = SecCmsSignedDataGetSignerInfo(signedData, (int)signerIndex))
{
status = SecCmsSignerInfoGetTimestampTime(signerInfo, timestamp);
break;
}
}
xit:
return status;
}
/*
* Obtain the email address of signer 'signerIndex' of a CMS message, if
* present.
*
* This cannot be called until after CMSDecoderFinalizeMessage() is called.
*/
OSStatus CMSDecoderCopySignerEmailAddress(
CMSDecoderRef cmsDecoder,
size_t signerIndex,
CFStringRef *signerEmailAddress) /* RETURNED */
{
if((cmsDecoder == NULL) ||
(signerEmailAddress == NULL) ||
(cmsDecoder->signedData == NULL) || /* not signed */
(signerIndex >= cmsDecoder->numSigners) || /* index out of range */
(cmsDecoder->decState != DS_Final)) {
return errSecParam;
}
SecCmsSignerInfoRef signerInfo =
SecCmsSignedDataGetSignerInfo(cmsDecoder->signedData, (int)signerIndex);
if(signerInfo == NULL) {
/* should never happen */
ASSERT(0);
dprintf("CMSDecoderCopySignerEmailAddress: no signerInfo\n");
return errSecInternalComponent;
}
/*
* This is leaking memory in libsecurityKeychain per Radar 4412699.
*/
*signerEmailAddress = SecCmsSignerInfoGetSignerEmailAddress(signerInfo);
return errSecSuccess;
}
/*
* Obtain the certificate of signer 'signerIndex' of a CMS message, if
* present.
*
* This cannot be called until after CMSDecoderFinalizeMessage() is called.
*/
OSStatus CMSDecoderCopySignerCert(
CMSDecoderRef cmsDecoder,
size_t signerIndex,
SecCertificateRef *signerCert) /* RETURNED */
{
if((cmsDecoder == NULL) ||
(signerCert == NULL) ||
(cmsDecoder->signedData == NULL) || /* not signed */
(signerIndex >= cmsDecoder->numSigners) || /* index out of range */
(cmsDecoder->decState != DS_Final)) {
return errSecParam;
}
SecCmsSignerInfoRef signerInfo =
SecCmsSignedDataGetSignerInfo(cmsDecoder->signedData, (int)signerIndex);
if(signerInfo == NULL) {
/* should never happen */
ASSERT(0);
dprintf("CMSDecoderCopySignerCertificate: no signerInfo\n");
return errSecInternalComponent;
}
*signerCert = SecCmsSignerInfoGetSigningCertificate(signerInfo, NULL);
/* libsecurity_smime does NOT retain that */
if(*signerCert == NULL) {
/* should never happen */
ASSERT(0);
dprintf("CMSDecoderCopySignerCertificate: no signerCert\n");
return errSecInternalComponent;
}
CFRetain(*signerCert);
return errSecSuccess;
}
OSStatus createTSAMessageImprint(SecCmsSignedDataRef signedData, CSSM_DATA_PTR encDigest,
SecAsn1TSAMessageImprint *messageImprint)
{
// Calculate hash of encDigest and put in messageImprint.hashedMessage
// We pass in encDigest, since in the verification case, it comes from a different signedData
OSStatus status = SECFailure;
require(signedData && messageImprint, xit);
SECAlgorithmID **digestAlgorithms = SecCmsSignedDataGetDigestAlgs(signedData);
require(digestAlgorithms, xit);
SecCmsDigestContextRef digcx = SecCmsDigestContextStartMultiple(digestAlgorithms);
require(digcx, xit);
require(encDigest, xit);
SecCmsSignerInfoRef signerinfo = SecCmsSignedDataGetSignerInfo(signedData, 0); // NB - assume 1 signer only!
messageImprint->hashAlgorithm = signerinfo->digestAlg;
SecCmsDigestContextUpdate(digcx, encDigest->Data, encDigest->Length);
require_noerr(SecCmsDigestContextFinishSingle(digcx, (SecArenaPoolRef)signedData->cmsg->poolp,
&messageImprint->hashedMessage), xit);
status = SECSuccess;
xit:
return status;
}
static void debugShowSignerInfo(SecCmsSignedDataRef signedData)
{
#ifndef NDEBUG
int numberOfSigners = SecCmsSignedDataSignerInfoCount (signedData);
dtprintf("numberOfSigners : %d\n", numberOfSigners);
int ix;
for (ix=0;ix < numberOfSigners;ix++)
{
SecCmsSignerInfoRef sigi = SecCmsSignedDataGetSignerInfo(signedData,ix);
if (sigi)
{
CFStringRef commonName = SecCmsSignerInfoGetSignerCommonName(sigi);
const char *signerhdr = " signer : ";
if (commonName)
{
char *cn = cfStringToChar(commonName);
dtprintf("%s%s\n", signerhdr, cn);
if (cn)
free(cn);
CFReleaseNull(commonName);
}
else
dtprintf("%s<NULL>\n", signerhdr);
}
}
#endif
}
/*
* Obtain an array of the certificates in a timestamp response. Elements of the
* returned array are SecCertificateRefs. The caller must CFRelease the returned
* array. This timestamp is an authenticated timestamp provided by
* a timestamping authority.
*
* Returns errSecParam if the CMS message was not signed or if signerIndex
* is greater than the number of signers of the message minus one. It returns
* errSecItemNotFound if no certificates were found.
*
* This cannot be called until after CMSDecoderFinalizeMessage() is called.
*/
OSStatus CMSDecoderCopySignerTimestampCertificates(
CMSDecoderRef cmsDecoder,
size_t signerIndex, /* usually 0 */
CFArrayRef *certificateRefs) /* RETURNED */
{
OSStatus status = errSecParam;
SecCmsMessageRef cmsg = NULL;
SecCmsSignedDataRef signedData = NULL;
int numContentInfos = 0;
CFIndex tsn = 0;
bool good = false;
require(cmsDecoder && certificateRefs, xit);
require_noerr(CMSDecoderGetCmsMessage(cmsDecoder, &cmsg), xit);
numContentInfos = SecCmsMessageContentLevelCount(cmsg);
for (int dex = 0; !signedData && dex < numContentInfos; dex++)
{
SecCmsContentInfoRef ci = SecCmsMessageContentLevel(cmsg, dex);
SECOidTag tag = SecCmsContentInfoGetContentTypeTag(ci);
if (tag == SEC_OID_PKCS7_SIGNED_DATA)
if ((signedData = SecCmsSignedDataRef(SecCmsContentInfoGetContent(ci))))
if (SecCmsSignerInfoRef signerInfo = SecCmsSignedDataGetSignerInfo(signedData, (int)signerIndex))
{
CFArrayRef certList = SecCmsSignerInfoGetTimestampCertList(signerInfo);
require_action(certList, xit, status = errSecItemNotFound);
CFMutableArrayRef certs = CFArrayCreateMutableCopy(kCFAllocatorDefault, CFArrayGetCount(certList), certList);
if(certs){
//reorder certificates:
tsn = CFArrayGetCount(certs);
good = tsn > 0 && Security::CodeSigning::isAppleCA(SecCertificateRef(CFArrayGetValueAtIndex(certs, tsn-1)));
if ( good == false )
{
//change TS certificate ordering.
for (CFIndex n = 0; n < tsn; n++)
{
if (SecCertificateRef tsRoot = SecCertificateRef(CFArrayGetValueAtIndex(certs, n)))
if ((good = Security::CodeSigning::isAppleCA(tsRoot))) {
CFArrayExchangeValuesAtIndices(certs, n, tsn-1);
break;
}
}
}
*certificateRefs = CFArrayCreateCopy(kCFAllocatorDefault, certs);
CFRelease(certs);
status = errSecSuccess;
}
break;
}
}
xit:
return status;
}
/*
* Obtain the status of a CMS message's signature. A CMS message can
* be signed my multiple signers; this function returns the status
* associated with signer 'n' as indicated by the signerIndex parameter.
*/
OSStatus CMSDecoderCopySignerStatus(
CMSDecoderRef cmsDecoder,
size_t signerIndex,
CFTypeRef policyOrArray,
Boolean evaluateSecTrust,
CMSSignerStatus *signerStatus, /* optional; RETURNED */
SecTrustRef *secTrust, /* optional; RETURNED */
OSStatus *certVerifyResultCode) /* optional; RETURNED */
{
if((cmsDecoder == NULL) || (cmsDecoder->decState != DS_Final)) {
return errSecParam;
}
/* initialize return values */
if(signerStatus) {
*signerStatus = kCMSSignerUnsigned;
}
if(secTrust) {
*secTrust = NULL;
}
if(certVerifyResultCode) {
*certVerifyResultCode = 0;
}
if(cmsDecoder->signedData == NULL) {
*signerStatus = kCMSSignerUnsigned; /* redundant, I know, but explicit */
return errSecSuccess;
}
ASSERT(cmsDecoder->numSigners > 0);
if(signerIndex >= cmsDecoder->numSigners) {
*signerStatus = kCMSSignerInvalidIndex;
return errSecSuccess;
}
if(!SecCmsSignedDataHasDigests(cmsDecoder->signedData)) {
*signerStatus = kCMSSignerNeedsDetachedContent;
return errSecSuccess;
}
/*
* OK, we should be able to verify this signerInfo.
* I think we have to do the SecCmsSignedDataVerifySignerInfo first
* in order get all the cert pieces into place before returning them
* to the caller.
*/
SecTrustRef theTrust = NULL;
OSStatus vfyRtn = SecCmsSignedDataVerifySignerInfo(cmsDecoder->signedData,
(int)signerIndex,
/*
* FIXME this cast should not be necessary, but libsecurity_smime
* declares this argument as a SecKeychainRef
*/
(SecKeychainRef)cmsDecoder->keychainOrArray,
policyOrArray,
&theTrust);
/* Subsequent errors to errOut: */
/*
* NOTE the smime lib did NOT evaluate that SecTrust - it only does
* SecTrustEvaluate() if we don't ask for a copy.
*
* FIXME deal with multitudes of status returns here...for now, proceed with
* obtaining components the caller wants and assume that a nonzero vfyRtn
* means "bad signature".
*/
OSStatus ortn = errSecSuccess;
SecTrustResultType secTrustResult;
CSSM_RETURN tpVfyStatus = CSSM_OK;
OSStatus evalRtn;
if(secTrust != NULL) {
*secTrust = theTrust;
/* we'll release our reference at the end */
if (theTrust)
CFRetain(theTrust);
}
SecCmsSignerInfoRef signerInfo =
SecCmsSignedDataGetSignerInfo(cmsDecoder->signedData, (int)signerIndex);
if(signerInfo == NULL) {
/* should never happen */
ASSERT(0);
dprintf("CMSDecoderCopySignerStatus: no signerInfo\n");
ortn = errSecInternalComponent;
goto errOut;
}
/* now do the actual cert verify */
if(evaluateSecTrust) {
evalRtn = SecTrustEvaluate(theTrust, &secTrustResult);
if(evalRtn) {
/* should never happen */
CSSM_PERROR("SecTrustEvaluate", evalRtn);
dprintf("CMSDecoderCopySignerStatus: SecTrustEvaluate error\n");
ortn = errSecInternalComponent;
goto errOut;
}
switch(secTrustResult) {
case kSecTrustResultUnspecified:
/* cert chain valid, no special UserTrust assignments */
case kSecTrustResultProceed:
/* cert chain valid AND user explicitly trusts this */
break;
case kSecTrustResultDeny:
tpVfyStatus = CSSMERR_APPLETP_TRUST_SETTING_DENY;
break;
case kSecTrustResultConfirm:
dprintf("SecTrustEvaluate reported confirm\n");
tpVfyStatus = CSSMERR_TP_NOT_TRUSTED;
break;
default:
{
/* get low-level TP error */
OSStatus tpStatus;
ortn = SecTrustGetCssmResultCode(theTrust, &tpStatus);
if(ortn) {
CSSM_PERROR("SecTrustGetCssmResultCode", ortn);
}
else {
tpVfyStatus = tpStatus;
}
CSSM_PERROR("TP status after SecTrustEvaluate", tpVfyStatus);
break;
}
} /* switch(secTrustResult) */
} /* evaluateSecTrust true */
if(certVerifyResultCode != NULL) {
*certVerifyResultCode = tpVfyStatus;
}
/* cook up global status based on vfyRtn and tpVfyStatus */
if(signerStatus != NULL) {
if((vfyRtn == errSecSuccess) && (tpVfyStatus == CSSM_OK)) {
*signerStatus = kCMSSignerValid;
}
else if(vfyRtn != errSecSuccess) {
/* this could mean other things, but for now... */
*signerStatus = kCMSSignerInvalidSignature;
}
else {
*signerStatus = kCMSSignerInvalidCert;
}
}
errOut:
CFRELEASE(theTrust);
return ortn;
}
/*
* SecCmsSignedDataEncodeAfterData - do all the necessary things to a SignedData
* after all the encapsulated data was passed through the encoder.
*
* In detail:
* - create the signatures in all the SignerInfos
*
* Please note that nothing is done to the Certificates and CRLs in the message - this
* is entirely the responsibility of our callers.
*/
OSStatus
SecCmsSignedDataEncodeAfterData(SecCmsSignedDataRef sigd)
{
SecCmsSignerInfoRef *signerinfos, signerinfo;
SecCmsContentInfoRef cinfo;
SECOidTag digestalgtag;
OSStatus ret = SECFailure;
OSStatus rv;
CSSM_DATA_PTR contentType;
int certcount;
int i, ci, n, rci, si;
PLArenaPool *poolp;
CFArrayRef certlist;
extern const SecAsn1Template SecCmsSignerInfoTemplate[];
poolp = sigd->cmsg->poolp;
cinfo = &(sigd->contentInfo);
/* did we have digest calculation going on? */
if (cinfo->digcx) {
rv = SecCmsDigestContextFinishMultiple(cinfo->digcx, (SecArenaPoolRef)poolp, &(sigd->digests));
if (rv != SECSuccess)
goto loser; /* error has been set by SecCmsDigestContextFinishMultiple */
cinfo->digcx = NULL;
}
signerinfos = sigd->signerInfos;
certcount = 0;
/* prepare all the SignerInfos (there may be none) */
for (i=0; i < SecCmsSignedDataSignerInfoCount(sigd); i++) {
signerinfo = SecCmsSignedDataGetSignerInfo(sigd, i);
/* find correct digest for this signerinfo */
digestalgtag = SecCmsSignerInfoGetDigestAlgTag(signerinfo);
n = SecCmsAlgArrayGetIndexByAlgTag(sigd->digestAlgorithms, digestalgtag);
if (n < 0 || sigd->digests == NULL || sigd->digests[n] == NULL) {
/* oops - digest not found */
PORT_SetError(SEC_ERROR_DIGEST_NOT_FOUND);
goto loser;
}
/* XXX if our content is anything else but data, we need to force the
* presence of signed attributes (RFC2630 5.3 "signedAttributes is a
* collection...") */
/* pass contentType here as we want a contentType attribute */
if ((contentType = SecCmsContentInfoGetContentTypeOID(cinfo)) == NULL)
goto loser;
/* sign the thing */
rv = SecCmsSignerInfoSign(signerinfo, sigd->digests[n], contentType);
if (rv != SECSuccess)
goto loser;
/* while we're at it, count number of certs in certLists */
certlist = SecCmsSignerInfoGetCertList(signerinfo);
if (certlist)
certcount += CFArrayGetCount(certlist);
}
/* Now we can get a timestamp, since we have all the digests */
// We force the setting of a callback, since this is the most usual case
if (!sigd->cmsg->tsaCallback)
SecCmsMessageSetTSACallback(sigd->cmsg, (SecCmsTSACallback)SecCmsTSADefaultCallback);
if (sigd->cmsg->tsaCallback && sigd->cmsg->tsaContext)
{
CSSM_DATA tsaResponse = {0,};
SecAsn1TSAMessageImprint messageImprint = {{{0},},{0,}};
// <rdar://problem/11073466> Add nonce support for timestamping client
uint64_t nonce = 0;
require_noerr(getRandomNonce(&nonce), tsxit);
dprintf("SecCmsSignedDataSignerInfoCount: %d\n", SecCmsSignedDataSignerInfoCount(sigd));
// Calculate hash of encDigest and put in messageImprint.hashedMessage
SecCmsSignerInfoRef signerinfo = SecCmsSignedDataGetSignerInfo(sigd, 0); // NB - assume 1 signer only!
CSSM_DATA *encDigest = SecCmsSignerInfoGetEncDigest(signerinfo);
require_noerr(createTSAMessageImprint(sigd, encDigest, &messageImprint), tsxit);
// Callback to fire up XPC service to talk to TimeStamping server, etc.
require_noerr(rv =(*sigd->cmsg->tsaCallback)(sigd->cmsg->tsaContext, &messageImprint,
nonce, &tsaResponse), tsxit);
require_noerr(rv = validateTSAResponseAndAddTimeStamp(signerinfo, &tsaResponse, nonce), tsxit);
/*
It is likely that every occurrence of "goto loser" in this file should
also do a PORT_SetError. Since it is not clear what might depend on this
behavior, we just do this in the timestamping case.
*/
tsxit:
if (rv)
{
dprintf("Original timestamp error: %d\n", (int)rv);
rv = remapTimestampError(rv);
PORT_SetError(rv);
goto loser;
}
}
/* this is a SET OF, so we need to sort them guys */
rv = SecCmsArraySortByDER((void **)signerinfos, SecCmsSignerInfoTemplate, NULL);
if (rv != SECSuccess)
goto loser;
/*
* now prepare certs & crls
*/
/* count the rest of the certs */
if (sigd->certs != NULL)
certcount += CFArrayGetCount(sigd->certs);
if (certcount == 0) {
sigd->rawCerts = NULL;
} else {
/*
* Combine all of the certs and cert chains into rawcerts.
* Note: certcount is an upper bound; we may not need that many slots
* but we will allocate anyway to avoid having to do another pass.
* (The temporary space saving is not worth it.)
*
* XXX ARGH - this NEEDS to be fixed. need to come up with a decent
* SetOfDERcertficates implementation
*/
sigd->rawCerts = (CSSM_DATA_PTR *)PORT_ArenaAlloc(poolp, (certcount + 1) * sizeof(CSSM_DATA_PTR));
if (sigd->rawCerts == NULL)
return SECFailure;
/*
* XXX Want to check for duplicates and not add *any* cert that is
* already in the set. This will be more important when we start
* dealing with larger sets of certs, dual-key certs (signing and
* encryption), etc. For the time being we can slide by...
*
* XXX ARGH - this NEEDS to be fixed. need to come up with a decent
* SetOfDERcertficates implementation
*/
rci = 0;
if (signerinfos != NULL) {
for (si = 0; signerinfos[si] != NULL; si++) {
signerinfo = signerinfos[si];
for (ci = 0; ci < CFArrayGetCount(signerinfo->certList); ci++) {
sigd->rawCerts[rci] = PORT_ArenaZAlloc(poolp, sizeof(CSSM_DATA));
SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(signerinfo->certList, ci);
SecCertificateGetData(cert, sigd->rawCerts[rci++]);
}
}
}
if (sigd->certs != NULL) {
for (ci = 0; ci < CFArrayGetCount(sigd->certs); ci++) {
sigd->rawCerts[rci] = PORT_ArenaZAlloc(poolp, sizeof(CSSM_DATA));
SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(sigd->certs, ci);
SecCertificateGetData(cert, sigd->rawCerts[rci++]);
}
}
sigd->rawCerts[rci] = NULL;
/* this is a SET OF, so we need to sort them guys - we have the DER already, though */
SecCmsArraySort((void **)sigd->rawCerts, SecCmsUtilDERCompare, NULL, NULL);
}
ret = SECSuccess;
loser:
dprintf("SecCmsSignedDataEncodeAfterData: ret: %ld, rv: %ld\n", (long)ret, (long)rv);
return ret;
}
/*
* SecCmsSignedDataEncodeBeforeStart - do all the necessary things to a SignedData
* before start of encoding.
*
* In detail:
* - find out about the right value to put into sigd->version
* - come up with a list of digestAlgorithms (which should be the union of the algorithms
* in the signerinfos).
* If we happen to have a pre-set list of algorithms (and digest values!), we
* check if we have all the signerinfos' algorithms. If not, this is an error.
*/
OSStatus
SecCmsSignedDataEncodeBeforeStart(SecCmsSignedDataRef sigd)
{
SecCmsSignerInfoRef signerinfo;
SECOidTag digestalgtag;
CSSM_DATA_PTR dummy;
int version;
OSStatus rv;
Boolean haveDigests = PR_FALSE;
int n, i;
PLArenaPool *poolp;
poolp = sigd->cmsg->poolp;
/* we assume that we have precomputed digests if there is a list of algorithms, and */
/* a chunk of data for each of those algorithms */
if (sigd->digestAlgorithms != NULL && sigd->digests != NULL) {
for (i=0; sigd->digestAlgorithms[i] != NULL; i++) {
if (sigd->digests[i] == NULL)
break;
}
if (sigd->digestAlgorithms[i] == NULL) /* reached the end of the array? */
haveDigests = PR_TRUE; /* yes: we must have all the digests */
}
version = SEC_CMS_SIGNED_DATA_VERSION_BASIC;
/* RFC2630 5.1 "version is the syntax version number..." */
if (SecCmsContentInfoGetContentTypeTag(&(sigd->contentInfo)) != SEC_OID_PKCS7_DATA)
version = SEC_CMS_SIGNED_DATA_VERSION_EXT;
/* prepare all the SignerInfos (there may be none) */
for (i=0; i < SecCmsSignedDataSignerInfoCount(sigd); i++) {
signerinfo = SecCmsSignedDataGetSignerInfo(sigd, i);
/* RFC2630 5.1 "version is the syntax version number..." */
if (SecCmsSignerInfoGetVersion(signerinfo) != SEC_CMS_SIGNER_INFO_VERSION_ISSUERSN)
version = SEC_CMS_SIGNED_DATA_VERSION_EXT;
/* collect digestAlgorithms from SignerInfos */
/* (we need to know which algorithms we have when the content comes in) */
/* do not overwrite any existing digestAlgorithms (and digest) */
digestalgtag = SecCmsSignerInfoGetDigestAlgTag(signerinfo);
n = SecCmsAlgArrayGetIndexByAlgTag(sigd->digestAlgorithms, digestalgtag);
if (n < 0 && haveDigests) {
/* oops, there is a digestalg we do not have a digest for */
/* but we were supposed to have all the digests already... */
goto loser;
} else if (n < 0) {
/* add the digestAlgorithm & a NULL digest */
rv = SecCmsSignedDataAddDigest((SecArenaPoolRef)poolp, sigd, digestalgtag, NULL);
if (rv != SECSuccess)
goto loser;
} else {
/* found it, nothing to do */
}
}
dummy = SEC_ASN1EncodeInteger(poolp, &(sigd->version), (long)version);
if (dummy == NULL)
return SECFailure;
/* this is a SET OF, so we need to sort them guys */
rv = SecCmsArraySortByDER((void **)sigd->digestAlgorithms,
SEC_ASN1_GET(SECOID_AlgorithmIDTemplate),
(void **)sigd->digests);
if (rv != SECSuccess)
return SECFailure;
return SECSuccess;
loser:
return SECFailure;
}
