/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* set version right now */
version = NSS_CMS_SIGNER_INFO_VERSION_ISSUERSN; /* RFC2630 5.3 "version is the syntax version number. If the .... " */ if (signerinfo->signerIdentifier.identifierType == NSSCMSSignerID_SubjectKeyID)
version = NSS_CMS_SIGNER_INFO_VERSION_SUBJKEY;
(void)SEC_ASN1EncodeInteger(poolp, &(signerinfo->version), (long)version);
if (SECOID_SetAlgorithmID(poolp, &signerinfo->digestAlg, digestalgtag, NULL) != SECSuccess) goto loser;
switch (signerinfo->signerIdentifier.identifierType) { case NSSCMSSignerID_IssuerSN:
cert = signerinfo->cert;
privkey = PK11_FindKeyByAnyCert(cert, signerinfo->cmsg->pwfn_arg); if (privkey == NULL) goto loser;
algID = &cert->subjectPublicKeyInfo.algorithm; break; case NSSCMSSignerID_SubjectKeyID:
privkey = signerinfo->signingKey;
signerinfo->signingKey = NULL;
spki = SECKEY_CreateSubjectPublicKeyInfo(signerinfo->pubKey);
SECKEY_DestroyPublicKey(signerinfo->pubKey);
signerinfo->pubKey = NULL;
SECOID_CopyAlgorithmID(NULL, &freeAlgID, &spki->algorithm);
SECKEY_DestroySubjectPublicKeyInfo(spki);
algID = &freeAlgID; break; default: goto loser;
}
digestalgtag = NSS_CMSSignerInfo_GetDigestAlgTag(signerinfo); /* * XXX I think there should be a cert-level interface for this, * so that I do not have to know about subjectPublicKeyInfo...
*/
pubkAlgTag = SECOID_GetAlgorithmTag(algID); if (algID == &freeAlgID) {
SECOID_DestroyAlgorithmID(&freeAlgID, PR_FALSE);
}
if (SECOID_SetAlgorithmID(poolp, &(signerinfo->digestEncAlg),
cmsSignAlgTag, NULL) != SECSuccess) goto loser;
if (!NSS_SMIMEUtil_SigningAllowed(&signerinfo->digestEncAlg)) {
PORT_SetError(SEC_ERROR_BAD_EXPORT_ALGORITHM); goto loser;
}
if (signerinfo->authAttr != NULL) {
SECItem encoded_attrs;
/* find and fill in the message digest attribute. */
rv = NSS_CMSAttributeArray_SetAttr(poolp, &(signerinfo->authAttr),
SEC_OID_PKCS9_MESSAGE_DIGEST, digest, PR_FALSE); if (rv != SECSuccess) goto loser;
if (contentType != NULL) { /* if the caller wants us to, find and fill in the content type attribute. */
rv = NSS_CMSAttributeArray_SetAttr(poolp, &(signerinfo->authAttr),
SEC_OID_PKCS9_CONTENT_TYPE, contentType, PR_FALSE); if (rv != SECSuccess) goto loser;
}
/* * Before encoding, reorder the attributes so that when they * are encoded, they will be conforming DER, which is required * to have a specific order and that is what must be used for * the hash/signature. We do this here, rather than building * it into EncodeAttributes, because we do not want to do * such reordering on incoming messages (which also uses * EncodeAttributes) or our old signatures (and other "broken" * implementations) will not verify. So, we want to guarantee * that we send out good DER encodings of attributes, but not * to expect to receive them.
*/ if (NSS_CMSAttributeArray_Reorder(signerinfo->authAttr) != SECSuccess) goto loser;
/* * Get and convert the signing time; if available, it will be used * both on the cert verification and for importing the sender * email profile.
*/ if (NSS_CMSSignerInfo_GetSigningTime(signerinfo, &stime) != SECSuccess)
stime = PR_Now(); /* not found or conversion failed, so check against now */
/* * XXX This uses the signing time, if available. Additionally, we * might want to, if there is no signing time, get the message time * from the mail header itself, and use that. That would require * a change to our interface though, and for S/MIME callers to pass * in a time (and for non-S/MIME callers to pass in nothing, or * maybe make them pass in the current time, always?).
*/ if (CERT_VerifyCert(certdb, cert, PR_TRUE, certusage, stime,
signerinfo->cmsg->pwfn_arg, NULL) != SECSuccess) {
signerinfo->verificationStatus = NSSCMSVS_SigningCertNotTrusted; return SECFailure;
} return SECSuccess;
}
/* * NSS_CMSSignerInfo_Verify - verify the signature of a single SignerInfo * * Just verifies the signature. The assumption is that verification of * the certificate is done already.
*/
SECStatus
NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo,
SECItem *digest, /* may be NULL */
SECItem *contentType) /* may be NULL */
{
SECKEYPublicKey *publickey = NULL;
NSSCMSAttribute *attr;
SECItem encoded_attrs;
CERTCertificate *cert;
NSSCMSVerificationStatus vs = NSSCMSVS_Unverified;
PLArenaPool *poolp;
SECOidTag digestalgtag;
SECOidTag pubkAlgTag;
SECOidTag digestalgtagCmp;
SECOidTag sigAlgTag;
if (signerinfo == NULL) return SECFailure;
/* NSS_CMSSignerInfo_GetSigningCertificate will fail if 2nd parm is NULL ** and cert has not been verified
*/
cert = NSS_CMSSignerInfo_GetSigningCertificate(signerinfo, NULL); if (cert == NULL) {
vs = NSSCMSVS_SigningCertNotFound; goto loser;
}
if ((publickey = CERT_ExtractPublicKey(cert)) == NULL) {
vs = NSSCMSVS_ProcessingError; goto loser;
}
digestalgtag = NSS_CMSSignerInfo_GetDigestAlgTag(signerinfo);
pubkAlgTag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
sigAlgTag = SECOID_GetAlgorithmTag(&(signerinfo->digestEncAlg)); if ((pubkAlgTag == SEC_OID_UNKNOWN) || (digestalgtag == SEC_OID_UNKNOWN) ||
(sigAlgTag == SEC_OID_UNKNOWN)) {
vs = NSSCMSVS_SignatureAlgorithmUnknown; goto loser;
} if (!NSS_SMIMEUtil_SigningAllowed(&signerinfo->digestEncAlg)) {
vs = NSSCMSVS_SignatureAlgorithmUnsupported; goto loser;
}
if (!NSS_CMSArray_IsEmpty((void **)signerinfo->authAttr)) { if (contentType) { /* * Check content type * * RFC2630 sez that if there are any authenticated attributes, * then there must be one for content type which matches the * content type of the content being signed, and there must * be one for message digest which matches our message digest. * So check these things first.
*/
attr = NSS_CMSAttributeArray_FindAttrByOidTag(signerinfo->authAttr,
SEC_OID_PKCS9_CONTENT_TYPE, PR_TRUE); if (attr == NULL) {
vs = NSSCMSVS_MalformedSignature; goto loser;
}
if (NSS_CMSAttribute_CompareValue(attr, contentType) == PR_FALSE) {
vs = NSSCMSVS_MalformedSignature; goto loser;
}
}
/* * Check digest
*/
attr = NSS_CMSAttributeArray_FindAttrByOidTag(signerinfo->authAttr,
SEC_OID_PKCS9_MESSAGE_DIGEST, PR_TRUE); if (attr == NULL) {
vs = NSSCMSVS_MalformedSignature; goto loser;
} if (!digest ||
NSS_CMSAttribute_CompareValue(attr, digest) == PR_FALSE) {
vs = NSSCMSVS_DigestMismatch; goto loser;
}
if ((poolp = PORT_NewArena(1024)) == NULL) {
vs = NSSCMSVS_ProcessingError; goto loser;
}
/* * Check signature * * The signature is based on a digest of the DER-encoded authenticated * attributes. So, first we encode and then we digest/verify. * we trust the decoder to have the attributes in the right (sorted) * order
*/
encoded_attrs.data = NULL;
encoded_attrs.len = 0;
if (sigAlgTag == pubkAlgTag) { /* This is to handle cases in which signatureAlgorithm field * specifies the public key algorithm rather than a signature
* algorithm. */
vs = (VFY_VerifyDataDirect(encoded_attrs.data, encoded_attrs.len,
publickey, &(signerinfo->encDigest), pubkAlgTag,
digestalgtag, NULL, signerinfo->cmsg->pwfn_arg) != SECSuccess)
? NSSCMSVS_BadSignature
: NSSCMSVS_GoodSignature;
} else { if (VFY_VerifyDataWithAlgorithmID(encoded_attrs.data,
encoded_attrs.len, publickey, &(signerinfo->encDigest),
&(signerinfo->digestEncAlg), &digestalgtagCmp,
signerinfo->cmsg->pwfn_arg) != SECSuccess) {
vs = NSSCMSVS_BadSignature;
} elseif (digestalgtagCmp != digestalgtag) {
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
vs = NSSCMSVS_BadSignature;
} else {
vs = NSSCMSVS_GoodSignature;
}
}
/* No authenticated attributes. ** The signature is based on the plain message digest.
*/
sig = &(signerinfo->encDigest); if (sig->len == 0) goto loser;
if (sigAlgTag == pubkAlgTag) { /* This is to handle cases in which signatureAlgorithm field * specifies the public key algorithm rather than a signature
* algorithm. */
vs = (!digest ||
VFY_VerifyDigestDirect(digest, publickey, sig, pubkAlgTag,
digestalgtag, signerinfo->cmsg->pwfn_arg) != SECSuccess)
? NSSCMSVS_BadSignature
: NSSCMSVS_GoodSignature;
} else {
vs = (!digest ||
VFY_VerifyDigestWithAlgorithmID(digest, publickey, sig,
&(signerinfo->digestEncAlg), digestalgtag,
signerinfo->cmsg->pwfn_arg) != SECSuccess)
? NSSCMSVS_BadSignature
: NSSCMSVS_GoodSignature;
}
}
if (vs == NSSCMSVS_BadSignature) { int error = PORT_GetError(); /* * XXX Change the generic error into our specific one, because * in that case we get a better explanation out of the Security * Advisor. This is really a bug in the PSM error strings (the * "generic" error has a lousy/wrong message associated with it * which assumes the signature verification was done for the * purposes of checking the issuer signature on a certificate) * but this is at least an easy workaround and/or in the * Security Advisor, which specifically checks for the error * SEC_ERROR_PKCS7_BAD_SIGNATURE and gives more explanation * in that case but does not similarly check for * SEC_ERROR_BAD_SIGNATURE. It probably should, but then would * probably say the wrong thing in the case that it *was* the * certificate signature check that failed during the cert * verification done above. Our error handling is really a mess.
*/ if (error == SEC_ERROR_BAD_SIGNATURE)
PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE); /* * map algorithm failures to NSSCMSVS values
*/ if ((error == SEC_ERROR_PKCS7_KEYALG_MISMATCH) ||
(error == SEC_ERROR_INVALID_ALGORITHM)) { /* keep the same error code as 3.11 and before */
PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
vs = NSSCMSVS_SignatureAlgorithmUnsupported;
}
}
if (publickey != NULL)
SECKEY_DestroyPublicKey(publickey);
algdata = SECOID_FindOID(&(signerinfo->digestAlg.algorithm)); if (algdata == NULL) { return algdata;
} /* Windows may have given us a signer algorithm oid instead of a digest * algorithm oid. This call will map to a signer oid to a digest one, * otherwise it leaves the oid alone and let the chips fall as they may * if it's not a digest oid.
*/
algtag = NSS_CMSUtil_MapSignAlgs(algdata->offset); if (algtag != algdata->offset) { /* if the tags don't match, then we must have received a signer * algorithID. Now we need to get the oid data for the digest
* oid, which the rest of the code is expecting */
algdata = SECOID_FindOIDByTag(algtag);
}
int
NSS_CMSSignerInfo_GetVersion(NSSCMSSignerInfo *signerinfo)
{ unsignedlong version;
/* always take apart the SECItem */ if (SEC_ASN1DecodeInteger(&(signerinfo->version), &version) != SECSuccess) return 0; else return (int)version;
}
/* * NSS_CMSSignerInfo_GetSigningTime - return the signing time, * in UTCTime or GeneralizedTime format, * of a CMS signerInfo. * * sinfo - signerInfo data for this signer * * Returns a pointer to XXXX (what?) * A return value of NULL is an error.
*/
SECStatus
NSS_CMSSignerInfo_GetSigningTime(NSSCMSSignerInfo *sinfo, PRTime *stime)
{
NSSCMSAttribute *attr;
SECItem *value;
/* * Return the signing cert of a CMS signerInfo. * * the certs in the enclosing SignedData must have been imported already
*/
CERTCertificate *
NSS_CMSSignerInfo_GetSigningCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDBHandle *certdb)
{
CERTCertificate *cert;
NSSCMSSignerIdentifier *sid;
if (signerinfo->cert != NULL) return signerinfo->cert;
/* no certdb, and cert hasn't been set yet? */ if (certdb == NULL) return NULL;
/* * This cert will also need to be freed, but since we save it * in signerinfo for later, we do not want to destroy it when * we leave this function -- we let the clean-up of the entire * cinfo structure later do the destroy of this cert.
*/
sid = &signerinfo->signerIdentifier; switch (sid->identifierType) { case NSSCMSSignerID_IssuerSN:
cert = CERT_FindCertByIssuerAndSN(certdb, sid->id.issuerAndSN); break; case NSSCMSSignerID_SubjectKeyID:
cert = CERT_FindCertBySubjectKeyID(certdb, sid->id.subjectKeyID); break; default:
cert = NULL; break;
}
/* cert can be NULL at that point */
signerinfo->cert = cert; /* earmark it */
return cert;
}
/* * NSS_CMSSignerInfo_GetSignerCommonName - return the common name of the signer * * sinfo - signerInfo data for this signer * * Returns a pointer to allocated memory, which must be freed with PORT_Free. * A return value of NULL is an error.
*/ char *
NSS_CMSSignerInfo_GetSignerCommonName(NSSCMSSignerInfo *sinfo)
{
CERTCertificate *signercert;
/* will fail if cert is not verified */ if ((signercert = NSS_CMSSignerInfo_GetSigningCertificate(sinfo, NULL)) == NULL) return NULL;
/* * NSS_CMSSignerInfo_GetSignerEmailAddress - return the common name of the signer * * sinfo - signerInfo data for this signer * * Returns a pointer to allocated memory, which must be freed. * A return value of NULL is an error.
*/ char *
NSS_CMSSignerInfo_GetSignerEmailAddress(NSSCMSSignerInfo *sinfo)
{
CERTCertificate *signercert;
if ((signercert = NSS_CMSSignerInfo_GetSigningCertificate(sinfo, NULL)) == NULL) return NULL;
if (!signercert->emailAddr || !signercert->emailAddr[0]) return NULL;
return (PORT_Strdup(signercert->emailAddr));
}
/* * NSS_CMSSignerInfo_AddAuthAttr - add an attribute to the * authenticated (i.e. signed) attributes of "signerinfo".
*/
SECStatus
NSS_CMSSignerInfo_AddAuthAttr(NSSCMSSignerInfo *signerinfo, NSSCMSAttribute *attr)
{ return NSS_CMSAttributeArray_AddAttr(signerinfo->cmsg->poolp, &(signerinfo->authAttr), attr);
}
/* * NSS_CMSSignerInfo_AddUnauthAttr - add an attribute to the * unauthenticated attributes of "signerinfo".
*/
SECStatus
NSS_CMSSignerInfo_AddUnauthAttr(NSSCMSSignerInfo *signerinfo, NSSCMSAttribute *attr)
{ return NSS_CMSAttributeArray_AddAttr(signerinfo->cmsg->poolp, &(signerinfo->unAuthAttr), attr);
}
/* * NSS_CMSSignerInfo_AddSigningTime - add the signing time to the * authenticated (i.e. signed) attributes of "signerinfo". * * This is expected to be included in outgoing signed * messages for email (S/MIME) but is likely useful in other situations. * * This should only be added once; a second call will do nothing. * * XXX This will probably just shove the current time into "signerinfo" * but it will not actually get signed until the entire item is * processed for encoding. Is this (expected to be small) delay okay?
*/
SECStatus
NSS_CMSSignerInfo_AddSigningTime(NSSCMSSignerInfo *signerinfo, PRTime t)
{
NSSCMSAttribute *attr;
SECItem stime; void *mark;
PLArenaPool *poolp;
poolp = signerinfo->cmsg->poolp;
mark = PORT_ArenaMark(poolp);
/* create new signing time attribute */ if (DER_EncodeTimeChoice(NULL, &stime, t) != SECSuccess) goto loser;
/* * NSS_CMSSignerInfo_AddSMIMECaps - add a SMIMECapabilities attribute to the * authenticated (i.e. signed) attributes of "signerinfo". * * This is expected to be included in outgoing signed * messages for email (S/MIME).
*/
SECStatus
NSS_CMSSignerInfo_AddSMIMECaps(NSSCMSSignerInfo *signerinfo)
{
NSSCMSAttribute *attr;
SECItem *smimecaps = NULL; void *mark;
PLArenaPool *poolp;
/* * NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs - add a SMIMEEncryptionKeyPreferences attribute to the * authenticated (i.e. signed) attributes of "signerinfo". * * This is expected to be included in outgoing signed messages for email (S/MIME).
*/
SECStatus
NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(NSSCMSSignerInfo *signerinfo, CERTCertificate *cert, CERTCertDBHandle *certdb)
{
NSSCMSAttribute *attr;
SECItem *smimeekp = NULL; void *mark;
PLArenaPool *poolp;
/* verify this cert for encryption */ if (CERT_VerifyCert(certdb, cert, PR_TRUE, certUsageEmailRecipient, PR_Now(), signerinfo->cmsg->pwfn_arg, NULL) != SECSuccess) { return SECFailure;
}
poolp = signerinfo->cmsg->poolp;
mark = PORT_ArenaMark(poolp);
/* * NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs - add a SMIMEEncryptionKeyPreferences attribute to the * authenticated (i.e. signed) attributes of "signerinfo", using the OID preferred by Microsoft. * * This is expected to be included in outgoing signed messages for email (S/MIME), * if compatibility with Microsoft mail clients is wanted.
*/
SECStatus
NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(NSSCMSSignerInfo *signerinfo, CERTCertificate *cert, CERTCertDBHandle *certdb)
{
NSSCMSAttribute *attr;
SECItem *smimeekp = NULL; void *mark;
PLArenaPool *poolp;
/* verify this cert for encryption */ if (CERT_VerifyCert(certdb, cert, PR_TRUE, certUsageEmailRecipient, PR_Now(), signerinfo->cmsg->pwfn_arg, NULL) != SECSuccess) { return SECFailure;
}
poolp = signerinfo->cmsg->poolp;
mark = PORT_ArenaMark(poolp);
/* * NSS_CMSSignerInfo_AddCounterSignature - countersign a signerinfo * * 1. digest the DER-encoded signature value of the original signerinfo * 2. create new signerinfo with correct version, sid, digestAlg * 3. add message-digest authAttr, but NO content-type * 4. sign the authAttrs * 5. DER-encode the new signerInfo * 6. add the whole thing to original signerInfo's unAuthAttrs * as a SEC_OID_PKCS9_COUNTER_SIGNATURE attribute * * XXXX give back the new signerinfo?
*/
SECStatus
NSS_CMSSignerInfo_AddCounterSignature(NSSCMSSignerInfo *signerinfo,
SECOidTag digestalg, CERTCertificate signingcert)
{ /* XXXX TBD XXXX */ return SECFailure;
}
/* * XXXX the following needs to be done in the S/MIME layer code * after signature of a signerinfo is verified
*/
SECStatus
NSS_SMIMESignerInfo_SaveSMIMEProfile(NSSCMSSignerInfo *signerinfo)
{
CERTCertificate *cert = NULL;
SECItem *profile = NULL;
NSSCMSAttribute *attr;
SECItem *stime = NULL;
SECItem *ekp;
CERTCertDBHandle *certdb; int save_error;
SECStatus rv;
PRBool must_free_cert = PR_FALSE;
certdb = CERT_GetDefaultCertDB();
/* sanity check - see if verification status is ok (unverified does not count...) */ if (signerinfo->verificationStatus != NSSCMSVS_GoodSignature) return SECFailure;
/* find preferred encryption cert */ if (!NSS_CMSArray_IsEmpty((void **)signerinfo->authAttr) &&
(attr = NSS_CMSAttributeArray_FindAttrByOidTag(signerinfo->authAttr,
SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE, PR_TRUE)) != NULL) { /* we have a SMIME_ENCRYPTION_KEY_PREFERENCE attribute! */
ekp = NSS_CMSAttribute_GetValue(attr); if (ekp == NULL) return SECFailure;
/* we assume that all certs coming with the message have been imported to the */ /* temporary database */
cert = NSS_SMIMEUtil_GetCertFromEncryptionKeyPreference(certdb, ekp); if (cert == NULL) return SECFailure;
must_free_cert = PR_TRUE;
}
if (cert == NULL) { /* no preferred cert found?
* find the cert the signerinfo is signed with instead */
cert = NSS_CMSSignerInfo_GetSigningCertificate(signerinfo, certdb); if (cert == NULL || cert->emailAddr == NULL || !cert->emailAddr[0]) return SECFailure;
}
/* verify this cert for encryption (has been verified for signing so far) */ /* don't verify this cert for encryption. It may just be a signing cert. * that's OK, we can still save the S/MIME profile. The encryption cert
* should have already been saved */ #ifdef notdef if (CERT_VerifyCert(certdb, cert, PR_TRUE, certUsageEmailRecipient, PR_Now(), signerinfo->cmsg->pwfn_arg, NULL) != SECSuccess) { if (must_free_cert)
CERT_DestroyCertificate(cert); return SECFailure;
} #endif
/* XXX store encryption cert permanently? */
/* * Remember the current error set because we do not care about * anything set by the functions we are about to call.
*/
save_error = PORT_GetError();
rv = CERT_SaveSMimeProfile(cert, profile, stime); if (must_free_cert)
CERT_DestroyCertificate(cert);
/* * Restore the saved error in case the calls above set a new * one that we do not actually care about.
*/
PORT_SetError(save_error);
return rv;
}
/* * NSS_CMSSignerInfo_IncludeCerts - set cert chain inclusion mode for this signer
*/
SECStatus
NSS_CMSSignerInfo_IncludeCerts(NSSCMSSignerInfo *signerinfo,
NSSCMSCertChainMode cm, SECCertUsage usage)
{ if (signerinfo->cert == NULL) return SECFailure;
/* don't leak if we get called twice */ if (signerinfo->certList != NULL) {
CERT_DestroyCertificateList(signerinfo->certList);
signerinfo->certList = NULL;
}
switch (cm) { case NSSCMSCM_None:
signerinfo->certList = NULL; break; case NSSCMSCM_CertOnly:
signerinfo->certList = CERT_CertListFromCert(signerinfo->cert); break; case NSSCMSCM_CertChain:
signerinfo->certList = CERT_CertChainFromCert(signerinfo->cert,
usage, PR_FALSE); break; case NSSCMSCM_CertChainWithRoot:
signerinfo->certList = CERT_CertChainFromCert(signerinfo->cert,
usage, PR_TRUE); break;
}
if (cm != NSSCMSCM_None && signerinfo->certList == NULL) return SECFailure;
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.
