| blob | 474bc2e9a329c5b200e792e860c7544e560d6cf8 |
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
19 * the Initial Developer. All Rights Reserved.
20 *
21 * Contributor(s):
22 *
23 * Alternatively, the contents of this file may be used under the terms of
24 * either the GNU General Public License Version 2 or later (the "GPL"), or
25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 * in which case the provisions of the GPL or the LGPL are applicable instead
27 * of those above. If you wish to allow use of your version of this file only
28 * under the terms of either the GPL or the LGPL, and not to allow others to
29 * use your version of this file under the terms of the MPL, indicate your
30 * decision by deleting the provisions above and replace them with the notice
31 * and other provisions required by the GPL or the LGPL. If you do not delete
32 * the provisions above, a recipient may use your version of this file under
33 * the terms of any one of the MPL, the GPL or the LGPL.
34 *
35 * ***** END LICENSE BLOCK ***** */
37 /*
38 * PKCS7 creation.
39 *
40 * $Id: p7create.c,v 1.9 2008/02/03 06:08:48 nelson%bolyard.com Exp $
41 */
55 static SECStatus
58 {
62 SECStatus rv;
121 }
134 }
137 }
143 {
146 SECStatus rv;
156 }
168 }
171 }
174 /*
175 * Add a signer to a PKCS7 thing, verifying the signature cert first.
176 * Any error returns SECFailure.
177 *
178 * XXX Right now this only adds the *first* signer. It fails if you try
179 * to add a second one -- this needs to be fixed.
180 */
181 static SECStatus
184 SECCertUsage certusage,
186 SECOidTag digestalgtag,
188 {
194 SECStatus rv;
195 SECOidTag kind;
200 {
207 }
210 {
217 }
221 }
223 /*
224 * XXX I think that CERT_VerifyCert should do this if *it* is passed
225 * a NULL database.
226 */
231 }
235 {
236 /* XXX Did CERT_VerifyCert set an error? */
238 }
240 /*
241 * XXX This is the check that we do not already have a signer.
242 * This is not what we really want -- we want to allow this
243 * and *add* the new signer.
244 */
257 }
260 SEC_PKCS7_SIGNER_INFO_VERSION);
264 }
271 }
277 }
284 }
286 /*
287 * Okay, now signerinfo is all set. We just need to put it and its
288 * companions (another copy of the digest algorithm, and the digest
289 * itself if given) into the main structure.
290 *
291 * XXX If we are handling more than one signer, the following code
292 * needs to look through the digest algorithms already specified
293 * and see if the same one is there already. If it is, it does not
294 * need to be added again. Also, if it is there *and* the digest
295 * is not null, then the digest given should match the digest already
296 * specified -- if not, that is an error. Finally, the new signerinfo
297 * should be *added* to the set already found.
298 */
305 }
314 }
319 }
330 }
335 }
340 }
348 }
351 /*
352 * Helper function for creating an empty signedData.
353 */
356 {
359 SECStatus rv;
369 /*
370 * XXX Might we want to allow content types other than data?
371 * If so, via what interface?
372 */
378 }
381 }
384 /*
385 * Start a PKCS7 signing context.
386 *
387 * "cert" is the cert that will be used to sign the data. It will be
388 * checked for validity.
389 *
390 * "certusage" describes the signing usage (e.g. certUsageEmailSigner)
391 * XXX Maybe SECCertUsage should be split so that our caller just says
392 * "email" and *we* add the "signing" part -- otherwise our caller
393 * could be lying about the usage; we do not want to allow encryption
394 * certs for signing or vice versa.
395 *
396 * "certdb" is the cert database to use for verifying the cert.
397 * It can be NULL if a default database is available (like in the client).
398 *
399 * "digestalg" names the digest algorithm (e.g. SEC_OID_SHA1).
400 *
401 * "digest" is the actual digest of the data. It must be provided in
402 * the case of detached data or NULL if the content will be included.
403 *
404 * The return value can be passed to functions which add things to
405 * it like attributes, then eventually to SEC_PKCS7Encode() or to
406 * SEC_PKCS7EncoderStart() to create the encoded data, and finally to
407 * SEC_PKCS7DestroyContentInfo().
408 *
409 * An error results in a return value of NULL and an error set.
410 * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
411 */
412 SEC_PKCS7ContentInfo *
414 SECCertUsage certusage,
416 SECOidTag digestalg,
419 {
421 SECStatus rv;
432 }
435 }
441 {
477 }
487 loser:
491 }
494 static SECStatus
498 {
511 /*
512 * We already have some attributes, and just need to add this
513 * new one.
514 */
516 /*
517 * We should already have the *required* attributes, which were
518 * created/added at the same time the first attribute was added.
519 */
521 SEC_OID_PKCS9_CONTENT_TYPE,
524 SEC_OID_PKCS9_MESSAGE_DIGEST,
528 ;
540 }
542 /*
543 * This is the first time an attribute is going in.
544 * We need to create and add the required attributes, and then
545 * we will also add in the one our caller gave us.
546 */
548 /*
549 * There are 2 required attributes, plus the one our caller wants
550 * to add, plus we always end with a NULL one. Thus, four slots.
551 */
559 /*
560 * First required attribute is the content type of the data
561 * being signed.
562 */
565 SEC_OID_PKCS9_CONTENT_TYPE,
567 /*
568 * Second required attribute is the message digest of the data
569 * being signed; we leave the value NULL for now (just create
570 * the place for it to go), and the encoder will fill it in later.
571 */
573 SEC_OID_PKCS9_MESSAGE_DIGEST,
578 }
586 }
589 /*
590 * Add the signing time to the authenticated (i.e. signed) attributes
591 * of "cinfo". This is expected to be included in outgoing signed
592 * messages for email (S/MIME) but is likely useful in other situations.
593 *
594 * This should only be added once; a second call will either do
595 * nothing or replace an old signing time with a newer one.
596 *
597 * XXX This will probably just shove the current time into "cinfo"
598 * but it will not actually get signed until the entire item is
599 * processed for encoding. Is this (expected to be small) delay okay?
600 *
601 * "cinfo" should be of type signedData (the only kind of pkcs7 data
602 * that is allowed authenticated attributes); SECFailure will be returned
603 * if it is not.
604 */
605 SECStatus
607 {
610 SECItem stime;
611 SECStatus rv;
620 /* There has to be a signer, or it makes no sense. */
629 SEC_OID_PKCS9_SIGNING_TIME,
647 attr);
650 }
653 }
656 /*
657 * Add the specified attribute to the authenticated (i.e. signed) attributes
658 * of "cinfo" -- "oidtag" describes the attribute and "value" is the
659 * value to be associated with it. NOTE! "value" must already be encoded;
660 * no interpretation of "oidtag" is done. Also, it is assumed that this
661 * signedData has only one signer -- if we ever need to add attributes
662 * when there is more than one signature, we need a way to specify *which*
663 * signature should get the attribute.
664 *
665 * XXX Technically, a signed attribute can have multiple values; if/when
666 * we ever need to support an attribute which takes multiple values, we
667 * either need to change this interface or create an AddSignedAttributeValue
668 * which can be called subsequently, and would then append a value.
669 *
670 * "cinfo" should be of type signedData (the only kind of pkcs7 data
671 * that is allowed authenticated attributes); SECFailure will be returned
672 * if it is not.
673 */
674 SECStatus
676 SECOidTag oidtag,
678 {
688 /*
689 * No signature or more than one means no deal.
690 */
699 }
702 /*
703 * Mark that the signer certificates and their issuing chain should
704 * be included in the encoded data. This is expected to be used
705 * in outgoing signed messages for email (S/MIME).
706 *
707 * "certdb" is the cert database to use for finding the chain.
708 * It can be NULL, meaning use the default database.
709 *
710 * "cinfo" should be of type signedData or signedAndEnvelopedData;
711 * SECFailure will be returned if it is not.
712 */
713 SECStatus
716 {
717 SECOidTag kind;
730 }
740 }
741 }
743 /* XXX Should it be an error if we find no signerinfo or no certs? */
746 /* get the cert chain. don't send the root to avoid contamination
747 * of old clients with a new root that they don't trust
748 */
750 certUsageEmailSigner,
751 PR_FALSE);
752 }
755 }
758 /*
759 * Helper function to add a certificate chain for inclusion in the
760 * bag of certificates in a signedData.
761 */
762 static SECStatus
766 {
767 SECOidTag kind;
774 {
779 }
782 {
787 }
791 }
798 }
799 }
812 ;
815 certlists,
818 }
823 }
831 }
834 /*
835 * Helper function to add a certificate for inclusion in the bag of
836 * certificates in a signedData.
837 */
838 static SECStatus
841 {
842 SECOidTag kind;
849 {
854 }
857 {
862 }
866 }
879 ;
884 }
889 }
897 }
900 /*
901 * Create a PKCS7 certs-only container.
902 *
903 * "cert" is the (first) cert that will be included.
904 *
905 * "include_chain" specifies whether the entire chain for "cert" should
906 * be included.
907 *
908 * "certdb" is the cert database to use for finding the chain.
909 * It can be NULL in when "include_chain" is false, or when meaning
910 * use the default database.
911 *
912 * More certs and chains can be added via AddCertificate and AddCertChain.
913 *
914 * An error results in a return value of NULL and an error set.
915 * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
916 */
917 SEC_PKCS7ContentInfo *
919 PRBool include_chain,
921 {
923 SECStatus rv;
931 else
937 }
940 }
943 /*
944 * Add "cert" and its entire chain to the set of certs included in "cinfo".
945 *
946 * "certdb" is the cert database to use for finding the chain.
947 * It can be NULL, meaning use the default database.
948 *
949 * "cinfo" should be of type signedData or signedAndEnvelopedData;
950 * SECFailure will be returned if it is not.
951 */
952 SECStatus
956 {
957 SECOidTag kind;
965 }
968 /*
969 * Add "cert" to the set of certs included in "cinfo".
970 *
971 * "cinfo" should be of type signedData or signedAndEnvelopedData;
972 * SECFailure will be returned if it is not.
973 */
974 SECStatus
976 {
977 SECOidTag kind;
985 }
988 static SECStatus
993 {
994 SECStatus rv;
1000 /*
1001 * XXX Some day we may want to allow for other kinds. That needs
1002 * more work and modifications to the creation interface, etc.
1003 * For now, allow but notice callers who pass in other kinds.
1004 * They are responsible for creating the inner type and encoding,
1005 * if it is other than DATA.
1006 */
1018 /* Save keysize and algorithm for later. */
1023 }
1026 /*
1027 * Add a recipient to a PKCS7 thing, verifying their cert first.
1028 * Any error returns SECFailure.
1029 */
1030 static SECStatus
1033 SECCertUsage certusage,
1035 {
1036 SECOidTag kind;
1045 {
1050 }
1053 {
1058 }
1062 }
1064 /*
1065 * XXX I think that CERT_VerifyCert should do this if *it* is passed
1066 * a NULL database.
1067 */
1072 }
1076 {
1077 /* XXX Did CERT_VerifyCert set an error? */
1079 }
1088 }
1091 SEC_PKCS7_RECIPIENT_INFO_VERSION);
1095 }
1102 }
1108 }
1110 /*
1111 * Okay, now recipientinfo is all set. We just need to put it into
1112 * the main structure.
1113 *
1114 * If this is the first recipient, allocate a new recipientinfos array;
1115 * otherwise, reallocate the array, making room for the new entry.
1116 */
1125 ;
1131 }
1136 }
1145 }
1148 /*
1149 * Start a PKCS7 enveloping context.
1150 *
1151 * "cert" is the cert for the recipient. It will be checked for validity.
1152 *
1153 * "certusage" describes the encryption usage (e.g. certUsageEmailRecipient)
1154 * XXX Maybe SECCertUsage should be split so that our caller just says
1155 * "email" and *we* add the "recipient" part -- otherwise our caller
1156 * could be lying about the usage; we do not want to allow encryption
1157 * certs for signing or vice versa.
1158 *
1159 * "certdb" is the cert database to use for verifying the cert.
1160 * It can be NULL if a default database is available (like in the client).
1161 *
1162 * "encalg" specifies the bulk encryption algorithm to use (e.g. SEC_OID_RC2).
1163 *
1164 * "keysize" specifies the bulk encryption key size, in bits.
1165 *
1166 * The return value can be passed to functions which add things to
1167 * it like more recipients, then eventually to SEC_PKCS7Encode() or to
1168 * SEC_PKCS7EncoderStart() to create the encoded data, and finally to
1169 * SEC_PKCS7DestroyContentInfo().
1170 *
1171 * An error results in a return value of NULL and an error set.
1172 * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
1173 */
1176 SECCertUsage certusage,
1178 SECOidTag encalg,
1181 {
1184 SECStatus rv;
1195 }
1200 /*
1201 * XXX Might we want to allow content types other than data?
1202 * If so, via what interface?
1203 */
1211 }
1213 /* XXX Anything more to do here? */
1216 }
1219 /*
1220 * Add another recipient to an encrypted message.
1221 *
1222 * "cinfo" should be of type envelopedData or signedAndEnvelopedData;
1223 * SECFailure will be returned if it is not.
1224 *
1225 * "cert" is the cert for the recipient. It will be checked for validity.
1226 *
1227 * "certusage" describes the encryption usage (e.g. certUsageEmailRecipient)
1228 * XXX Maybe SECCertUsage should be split so that our caller just says
1229 * "email" and *we* add the "recipient" part -- otherwise our caller
1230 * could be lying about the usage; we do not want to allow encryption
1231 * certs for signing or vice versa.
1232 *
1233 * "certdb" is the cert database to use for verifying the cert.
1234 * It can be NULL if a default database is available (like in the client).
1235 */
1236 SECStatus
1239 SECCertUsage certusage,
1241 {
1243 }
1246 /*
1247 * Create an empty PKCS7 data content info.
1248 *
1249 * An error results in a return value of NULL and an error set.
1250 * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
1251 */
1252 SEC_PKCS7ContentInfo *
1254 {
1257 }
1260 /*
1261 * Create an empty PKCS7 encrypted content info.
1262 *
1263 * "algorithm" specifies the bulk encryption algorithm to use.
1264 *
1265 * An error results in a return value of NULL and an error set.
1266 * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
1267 */
1268 SEC_PKCS7ContentInfo *
1271 {
1275 SECStatus rv;
1288 /* Assume password-based-encryption.
1289 * Note: we can't generate pkcs5v2 from this interface.
1290 * PK11_CreateBPEAlgorithmID generates pkcs5v2 by accepting
1291 * non-PBE oids and assuming that they are pkcs5v2 oids, but
1292 * NSS_CMSEncryptedData_Create accepts non-PBE oids as regular
1293 * CMS encrypted data, so we can't tell SEC_PKCS7CreateEncryptedtedData
1294 * to create pkcs5v2 PBEs */
1302 }
1303 }
1308 }
1317 }
1320 }