| /* |
| * Verification stuff. |
| * |
| * ***** BEGIN LICENSE BLOCK ***** |
| * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| * |
| * The contents of this file are subject to the Mozilla Public License Version |
| * 1.1 (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * http://www.mozilla.org/MPL/ |
| * |
| * Software distributed under the License is distributed on an "AS IS" basis, |
| * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License |
| * for the specific language governing rights and limitations under the |
| * License. |
| * |
| * The Original Code is the Netscape security libraries. |
| * |
| * The Initial Developer of the Original Code is |
| * Netscape Communications Corporation. |
| * Portions created by the Initial Developer are Copyright (C) 1994-2000 |
| * the Initial Developer. All Rights Reserved. |
| * |
| * Contributor(s): |
| * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories |
| * |
| * Alternatively, the contents of this file may be used under the terms of |
| * either the GNU General Public License Version 2 or later (the "GPL"), or |
| * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), |
| * in which case the provisions of the GPL or the LGPL are applicable instead |
| * of those above. If you wish to allow use of your version of this file only |
| * under the terms of either the GPL or the LGPL, and not to allow others to |
| * use your version of this file under the terms of the MPL, indicate your |
| * decision by deleting the provisions above and replace them with the notice |
| * and other provisions required by the GPL or the LGPL. If you do not delete |
| * the provisions above, a recipient may use your version of this file under |
| * the terms of any one of the MPL, the GPL or the LGPL. |
| * |
| * ***** END LICENSE BLOCK ***** */ |
| /* $Id: secvfy.c,v 1.23 2010/02/10 00:49:43 wtc%google.com Exp $ */ |
| |
| #include <stdio.h> |
| #include "cryptohi.h" |
| #include "sechash.h" |
| #include "keyhi.h" |
| #include "secasn1.h" |
| #include "secoid.h" |
| #include "pk11func.h" |
| #include "secdig.h" |
| #include "secerr.h" |
| #include "keyi.h" |
| |
| /* |
| ** Decrypt signature block using public key |
| ** Store the hash algorithm oid tag in *tagp |
| ** Store the digest in the digest buffer |
| ** Store the digest length in *digestlen |
| ** XXX this is assuming that the signature algorithm has WITH_RSA_ENCRYPTION |
| */ |
| static SECStatus |
| DecryptSigBlock(SECOidTag *tagp, unsigned char *digest, |
| unsigned int *digestlen, unsigned int maxdigestlen, |
| SECKEYPublicKey *key, const SECItem *sig, char *wincx) |
| { |
| SGNDigestInfo *di = NULL; |
| unsigned char *buf = NULL; |
| SECStatus rv; |
| SECOidTag tag; |
| SECItem it; |
| |
| if (key == NULL) goto loser; |
| |
| it.len = SECKEY_PublicKeyStrength(key); |
| if (!it.len) goto loser; |
| it.data = buf = (unsigned char *)PORT_Alloc(it.len); |
| if (!buf) goto loser; |
| |
| /* decrypt the block */ |
| rv = PK11_VerifyRecover(key, (SECItem *)sig, &it, wincx); |
| if (rv != SECSuccess) goto loser; |
| |
| di = SGN_DecodeDigestInfo(&it); |
| if (di == NULL) goto sigloser; |
| |
| /* |
| ** Finally we have the digest info; now we can extract the algorithm |
| ** ID and the signature block |
| */ |
| tag = SECOID_GetAlgorithmTag(&di->digestAlgorithm); |
| /* Check that tag is an appropriate algorithm */ |
| if (tag == SEC_OID_UNKNOWN) { |
| goto sigloser; |
| } |
| /* make sure the "parameters" are not too bogus. */ |
| if (di->digestAlgorithm.parameters.len > 2) { |
| goto sigloser; |
| } |
| if (di->digest.len > maxdigestlen) { |
| PORT_SetError(SEC_ERROR_OUTPUT_LEN); |
| goto loser; |
| } |
| PORT_Memcpy(digest, di->digest.data, di->digest.len); |
| *tagp = tag; |
| *digestlen = di->digest.len; |
| goto done; |
| |
| sigloser: |
| PORT_SetError(SEC_ERROR_BAD_SIGNATURE); |
| |
| loser: |
| rv = SECFailure; |
| |
| done: |
| if (di != NULL) SGN_DestroyDigestInfo(di); |
| if (buf != NULL) PORT_Free(buf); |
| |
| return rv; |
| } |
| |
| |
| struct VFYContextStr { |
| SECOidTag hashAlg; /* the hash algorithm */ |
| SECKEYPublicKey *key; |
| /* |
| * This buffer holds either the digest or the full signature |
| * depending on the type of the signature (key->keyType). It is |
| * defined as a union to make sure it always has enough space. |
| * |
| * Use the "buffer" union member to reference the buffer. |
| * Note: do not take the size of the "buffer" union member. Take |
| * the size of the union or some other union member instead. |
| */ |
| union { |
| unsigned char buffer[1]; |
| |
| /* the digest in the decrypted RSA signature */ |
| unsigned char rsadigest[HASH_LENGTH_MAX]; |
| /* the full DSA signature... 40 bytes */ |
| unsigned char dsasig[DSA_SIGNATURE_LEN]; |
| /* the full ECDSA signature */ |
| unsigned char ecdsasig[2 * MAX_ECKEY_LEN]; |
| } u; |
| unsigned int rsadigestlen; |
| void * wincx; |
| void *hashcx; |
| const SECHashObject *hashobj; |
| SECOidTag encAlg; /* enc alg */ |
| PRBool hasSignature; /* true if the signature was provided in the |
| * VFY_CreateContext call. If false, the |
| * signature must be provided with a |
| * VFY_EndWithSignature call. */ |
| }; |
| |
| /* |
| * decode the ECDSA or DSA signature from it's DER wrapping. |
| * The unwrapped/raw signature is placed in the buffer pointed |
| * to by dsig and has enough room for len bytes. |
| */ |
| static SECStatus |
| decodeECorDSASignature(SECOidTag algid, const SECItem *sig, unsigned char *dsig, |
| unsigned int len) { |
| SECItem *dsasig = NULL; /* also used for ECDSA */ |
| SECStatus rv=SECSuccess; |
| |
| if ((algid != SEC_OID_ANSIX9_DSA_SIGNATURE) && |
| (algid != SEC_OID_ANSIX962_EC_PUBLIC_KEY) ) { |
| if (sig->len != len) { |
| PORT_SetError(SEC_ERROR_BAD_DER); |
| return SECFailure; |
| } |
| |
| PORT_Memcpy(dsig, sig->data, sig->len); |
| return SECSuccess; |
| } |
| |
| if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) { |
| if (len > MAX_ECKEY_LEN * 2) { |
| PORT_SetError(SEC_ERROR_BAD_DER); |
| return SECFailure; |
| } |
| } |
| dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len); |
| |
| if ((dsasig == NULL) || (dsasig->len != len)) { |
| rv = SECFailure; |
| } else { |
| PORT_Memcpy(dsig, dsasig->data, dsasig->len); |
| } |
| |
| if (dsasig != NULL) SECITEM_FreeItem(dsasig, PR_TRUE); |
| if (rv == SECFailure) PORT_SetError(SEC_ERROR_BAD_DER); |
| return rv; |
| } |
| |
| const SEC_ASN1Template hashParameterTemplate[] = |
| { |
| { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECItem) }, |
| { SEC_ASN1_OBJECT_ID, 0 }, |
| { SEC_ASN1_SKIP_REST }, |
| { 0, } |
| }; |
| |
| /* |
| * Pulls the hash algorithm, signing algorithm, and key type out of a |
| * composite algorithm. |
| * |
| * sigAlg: the composite algorithm to dissect. |
| * hashalg: address of a SECOidTag which will be set with the hash algorithm. |
| * encalg: address of a SECOidTag which will be set with the signing alg. |
| * |
| * Returns: SECSuccess if the algorithm was acceptable, SECFailure if the |
| * algorithm was not found or was not a signing algorithm. |
| */ |
| SECStatus |
| sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, |
| const SECItem *param, SECOidTag *encalg, SECOidTag *hashalg) |
| { |
| int len; |
| PRArenaPool *arena; |
| SECStatus rv; |
| SECItem oid; |
| |
| PR_ASSERT(hashalg!=NULL); |
| PR_ASSERT(encalg!=NULL); |
| |
| switch (sigAlg) { |
| /* We probably shouldn't be generating MD2 signatures either */ |
| case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION: |
| *hashalg = SEC_OID_MD2; |
| break; |
| case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: |
| *hashalg = SEC_OID_MD5; |
| break; |
| case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: |
| case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE: |
| case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE: |
| *hashalg = SEC_OID_SHA1; |
| break; |
| case SEC_OID_PKCS1_RSA_ENCRYPTION: |
| *hashalg = SEC_OID_UNKNOWN; /* get it from the RSA signature */ |
| break; |
| |
| case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: |
| case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: |
| *hashalg = SEC_OID_SHA256; |
| break; |
| case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: |
| case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: |
| *hashalg = SEC_OID_SHA384; |
| break; |
| case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: |
| case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: |
| *hashalg = SEC_OID_SHA512; |
| break; |
| |
| /* what about normal DSA? */ |
| case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST: |
| case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST: |
| case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: |
| *hashalg = SEC_OID_SHA1; |
| break; |
| case SEC_OID_MISSI_DSS: |
| case SEC_OID_MISSI_KEA_DSS: |
| case SEC_OID_MISSI_KEA_DSS_OLD: |
| case SEC_OID_MISSI_DSS_OLD: |
| *hashalg = SEC_OID_SHA1; |
| break; |
| case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST: |
| /* This is an EC algorithm. Recommended means the largest |
| * hash algorithm that is not reduced by the keysize of |
| * the EC algorithm. Note that key strength is in bytes and |
| * algorithms are specified in bits. Never use an algorithm |
| * weaker than sha1. */ |
| len = SECKEY_PublicKeyStrength(key); |
| if (len < 28) { /* 28 bytes == 224 bits */ |
| *hashalg = SEC_OID_SHA1; |
| } else if (len < 32) { /* 32 bytes == 256 bits */ |
| /* SHA 224 not supported in NSS */ |
| PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); |
| return SECFailure; |
| } else if (len < 48) { /* 48 bytes == 384 bits */ |
| *hashalg = SEC_OID_SHA256; |
| } else if (len < 64) { /* 48 bytes == 512 bits */ |
| *hashalg = SEC_OID_SHA384; |
| } else { |
| /* use the largest in this case */ |
| *hashalg = SEC_OID_SHA512; |
| } |
| break; |
| case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST: |
| if (param == NULL) { |
| PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); |
| return SECFailure; |
| } |
| arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
| if (arena == NULL) { |
| return SECFailure; |
| } |
| rv = SEC_QuickDERDecodeItem(arena, &oid, hashParameterTemplate, param); |
| if (rv != SECSuccess) { |
| PORT_FreeArena(arena, PR_FALSE); |
| return rv; |
| } |
| *hashalg = SECOID_FindOIDTag(&oid); |
| /* only accept hash algorithms */ |
| if (HASH_GetHashTypeByOidTag(*hashalg) == HASH_AlgNULL) { |
| /* error set by HASH_GetHashTypeByOidTag */ |
| return SECFailure; |
| } |
| break; |
| /* we don't implement MD4 hashes */ |
| case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION: |
| default: |
| PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); |
| return SECFailure; |
| } |
| /* get the "encryption" algorithm */ |
| switch (sigAlg) { |
| case SEC_OID_PKCS1_RSA_ENCRYPTION: |
| case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION: |
| case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: |
| case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: |
| case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE: |
| case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE: |
| case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: |
| case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: |
| case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: |
| *encalg = SEC_OID_PKCS1_RSA_ENCRYPTION; |
| break; |
| |
| /* what about normal DSA? */ |
| case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST: |
| case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST: |
| *encalg = SEC_OID_ANSIX9_DSA_SIGNATURE; |
| break; |
| case SEC_OID_MISSI_DSS: |
| case SEC_OID_MISSI_KEA_DSS: |
| case SEC_OID_MISSI_KEA_DSS_OLD: |
| case SEC_OID_MISSI_DSS_OLD: |
| *encalg = SEC_OID_MISSI_DSS; |
| break; |
| case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: |
| case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: |
| case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: |
| case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: |
| case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST: |
| case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST: |
| *encalg = SEC_OID_ANSIX962_EC_PUBLIC_KEY; |
| break; |
| /* we don't implement MD4 hashes */ |
| case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION: |
| default: |
| PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); |
| return SECFailure; |
| } |
| return SECSuccess; |
| } |
| |
| /* |
| * we can verify signatures that come from 2 different sources: |
| * one in with the signature contains a signature oid, and the other |
| * in which the signature is managed by a Public key (encAlg) oid |
| * and a hash oid. The latter is the more basic, so that's what |
| * our base vfyCreate function takes. |
| * |
| * There is one noteworthy corner case, if we are using an RSA key, and the |
| * signature block is provided, then the hashAlg can be specified as |
| * SEC_OID_UNKNOWN. In this case, verify will use the hash oid supplied |
| * in the RSA signature block. |
| */ |
| static VFYContext * |
| vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig, |
| SECOidTag encAlg, SECOidTag hashAlg, SECOidTag *hash, void *wincx) |
| { |
| VFYContext *cx; |
| SECStatus rv; |
| unsigned int sigLen; |
| KeyType type; |
| |
| /* make sure the encryption algorithm matches the key type */ |
| type = seckey_GetKeyType(encAlg); |
| if (key->keyType != type) { |
| PORT_SetError(SEC_ERROR_PKCS7_KEYALG_MISMATCH); |
| return NULL; |
| } |
| |
| cx = (VFYContext*) PORT_ZAlloc(sizeof(VFYContext)); |
| if (cx == NULL) { |
| goto loser; |
| } |
| |
| cx->wincx = wincx; |
| cx->hasSignature = (sig != NULL); |
| cx->encAlg = encAlg; |
| cx->hashAlg = hashAlg; |
| cx->key = SECKEY_CopyPublicKey(key); |
| rv = SECSuccess; |
| if (sig) { |
| switch (key->keyType) { |
| case rsaKey: |
| rv = DecryptSigBlock(&cx->hashAlg, cx->u.buffer, &cx->rsadigestlen, |
| HASH_LENGTH_MAX, cx->key, sig, (char*)wincx); |
| if (cx->hashAlg != hashAlg && hashAlg != SEC_OID_UNKNOWN) { |
| PORT_SetError(SEC_ERROR_BAD_SIGNATURE); |
| rv = SECFailure; |
| } |
| break; |
| case dsaKey: |
| case ecKey: |
| sigLen = SECKEY_SignatureLen(key); |
| if (sigLen == 0) { |
| /* error set by SECKEY_SignatureLen */ |
| rv = SECFailure; |
| break; |
| } |
| rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen); |
| break; |
| default: |
| rv = SECFailure; |
| PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); |
| break; |
| } |
| } |
| |
| if (rv) goto loser; |
| |
| /* check hash alg again, RSA may have changed it.*/ |
| if (HASH_GetHashTypeByOidTag(cx->hashAlg) == HASH_AlgNULL) { |
| /* error set by HASH_GetHashTypeByOidTag */ |
| goto loser; |
| } |
| |
| if (hash) { |
| *hash = cx->hashAlg; |
| } |
| return cx; |
| |
| loser: |
| if (cx) { |
| VFY_DestroyContext(cx, PR_TRUE); |
| } |
| return 0; |
| } |
| |
| VFYContext * |
| VFY_CreateContext(SECKEYPublicKey *key, SECItem *sig, SECOidTag sigAlg, |
| void *wincx) |
| { |
| SECOidTag encAlg, hashAlg; |
| SECStatus rv = sec_DecodeSigAlg(key, sigAlg, NULL, &encAlg, &hashAlg); |
| if (rv != SECSuccess) { |
| return NULL; |
| } |
| return vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx); |
| } |
| |
| VFYContext * |
| VFY_CreateContextDirect(const SECKEYPublicKey *key, const SECItem *sig, |
| SECOidTag encAlg, SECOidTag hashAlg, |
| SECOidTag *hash, void *wincx) |
| { |
| return vfy_CreateContext(key, sig, encAlg, hashAlg, hash, wincx); |
| } |
| |
| VFYContext * |
| VFY_CreateContextWithAlgorithmID(const SECKEYPublicKey *key, const SECItem *sig, |
| const SECAlgorithmID *sigAlgorithm, SECOidTag *hash, void *wincx) |
| { |
| SECOidTag encAlg, hashAlg; |
| SECStatus rv = sec_DecodeSigAlg(key, |
| SECOID_GetAlgorithmTag((SECAlgorithmID *)sigAlgorithm), |
| &sigAlgorithm->parameters, &encAlg, &hashAlg); |
| if (rv != SECSuccess) { |
| return NULL; |
| } |
| return vfy_CreateContext(key, sig, encAlg, hashAlg, hash, wincx); |
| } |
| |
| void |
| VFY_DestroyContext(VFYContext *cx, PRBool freeit) |
| { |
| if (cx) { |
| if (cx->hashcx != NULL) { |
| (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE); |
| cx->hashcx = NULL; |
| } |
| if (cx->key) { |
| SECKEY_DestroyPublicKey(cx->key); |
| } |
| if (freeit) { |
| PORT_ZFree(cx, sizeof(VFYContext)); |
| } |
| } |
| } |
| |
| SECStatus |
| VFY_Begin(VFYContext *cx) |
| { |
| if (cx->hashcx != NULL) { |
| (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE); |
| cx->hashcx = NULL; |
| } |
| |
| cx->hashobj = HASH_GetHashObjectByOidTag(cx->hashAlg); |
| if (!cx->hashobj) |
| return SECFailure; /* error code is set */ |
| |
| cx->hashcx = (*cx->hashobj->create)(); |
| if (cx->hashcx == NULL) |
| return SECFailure; |
| |
| (*cx->hashobj->begin)(cx->hashcx); |
| return SECSuccess; |
| } |
| |
| SECStatus |
| VFY_Update(VFYContext *cx, const unsigned char *input, unsigned inputLen) |
| { |
| if (cx->hashcx == NULL) { |
| PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| return SECFailure; |
| } |
| (*cx->hashobj->update)(cx->hashcx, input, inputLen); |
| return SECSuccess; |
| } |
| |
| SECStatus |
| VFY_EndWithSignature(VFYContext *cx, SECItem *sig) |
| { |
| unsigned char final[HASH_LENGTH_MAX]; |
| unsigned part; |
| SECItem hash,dsasig; /* dsasig is also used for ECDSA */ |
| SECStatus rv; |
| |
| if ((cx->hasSignature == PR_FALSE) && (sig == NULL)) { |
| PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| return SECFailure; |
| } |
| |
| if (cx->hashcx == NULL) { |
| PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| return SECFailure; |
| } |
| (*cx->hashobj->end)(cx->hashcx, final, &part, sizeof(final)); |
| switch (cx->key->keyType) { |
| case ecKey: |
| case dsaKey: |
| dsasig.data = cx->u.buffer; |
| dsasig.len = SECKEY_SignatureLen(cx->key); |
| if (dsasig.len == 0) { |
| return SECFailure; |
| } |
| if (sig) { |
| rv = decodeECorDSASignature(cx->encAlg, sig, dsasig.data, |
| dsasig.len); |
| if (rv != SECSuccess) { |
| PORT_SetError(SEC_ERROR_BAD_SIGNATURE); |
| return SECFailure; |
| } |
| } |
| hash.data = final; |
| hash.len = part; |
| if (PK11_Verify(cx->key,&dsasig,&hash,cx->wincx) != SECSuccess) { |
| PORT_SetError(SEC_ERROR_BAD_SIGNATURE); |
| return SECFailure; |
| } |
| break; |
| case rsaKey: |
| if (sig) { |
| SECOidTag hashid = SEC_OID_UNKNOWN; |
| rv = DecryptSigBlock(&hashid, cx->u.buffer, &cx->rsadigestlen, |
| HASH_LENGTH_MAX, cx->key, sig, (char*)cx->wincx); |
| if ((rv != SECSuccess) || (hashid != cx->hashAlg)) { |
| PORT_SetError(SEC_ERROR_BAD_SIGNATURE); |
| return SECFailure; |
| } |
| } |
| if ((part != cx->rsadigestlen) || |
| PORT_Memcmp(final, cx->u.buffer, part)) { |
| PORT_SetError(SEC_ERROR_BAD_SIGNATURE); |
| return SECFailure; |
| } |
| break; |
| default: |
| PORT_SetError(SEC_ERROR_BAD_SIGNATURE); |
| return SECFailure; /* shouldn't happen */ |
| } |
| return SECSuccess; |
| } |
| |
| SECStatus |
| VFY_End(VFYContext *cx) |
| { |
| return VFY_EndWithSignature(cx,NULL); |
| } |
| |
| /************************************************************************/ |
| /* |
| * Verify that a previously-computed digest matches a signature. |
| */ |
| static SECStatus |
| vfy_VerifyDigest(const SECItem *digest, const SECKEYPublicKey *key, |
| const SECItem *sig, SECOidTag encAlg, SECOidTag hashAlg, |
| void *wincx) |
| { |
| SECStatus rv; |
| VFYContext *cx; |
| SECItem dsasig; /* also used for ECDSA */ |
| |
| rv = SECFailure; |
| |
| cx = vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx); |
| if (cx != NULL) { |
| switch (key->keyType) { |
| case rsaKey: |
| if ((digest->len != cx->rsadigestlen) || |
| PORT_Memcmp(digest->data, cx->u.buffer, digest->len)) { |
| PORT_SetError(SEC_ERROR_BAD_SIGNATURE); |
| } else { |
| rv = SECSuccess; |
| } |
| break; |
| case dsaKey: |
| case ecKey: |
| dsasig.data = cx->u.buffer; |
| dsasig.len = SECKEY_SignatureLen(cx->key); |
| if (dsasig.len == 0) { |
| break; |
| } |
| if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) |
| != SECSuccess) { |
| PORT_SetError(SEC_ERROR_BAD_SIGNATURE); |
| } else { |
| rv = SECSuccess; |
| } |
| break; |
| default: |
| break; |
| } |
| VFY_DestroyContext(cx, PR_TRUE); |
| } |
| return rv; |
| } |
| |
| SECStatus |
| VFY_VerifyDigestDirect(const SECItem *digest, const SECKEYPublicKey *key, |
| const SECItem *sig, SECOidTag encAlg, |
| SECOidTag hashAlg, void *wincx) |
| { |
| return vfy_VerifyDigest(digest, key, sig, encAlg, hashAlg, wincx); |
| } |
| |
| SECStatus |
| VFY_VerifyDigest(SECItem *digest, SECKEYPublicKey *key, SECItem *sig, |
| SECOidTag algid, void *wincx) |
| { |
| SECOidTag encAlg, hashAlg; |
| SECStatus rv = sec_DecodeSigAlg(key, algid, NULL, &encAlg, &hashAlg); |
| if (rv != SECSuccess) { |
| return SECFailure; |
| } |
| return vfy_VerifyDigest(digest, key, sig, encAlg, hashAlg, wincx); |
| } |
| |
| /* |
| * this function takes an optional hash oid, which the digest function |
| * will be compared with our target hash value. |
| */ |
| SECStatus |
| VFY_VerifyDigestWithAlgorithmID(const SECItem *digest, |
| const SECKEYPublicKey *key, const SECItem *sig, |
| const SECAlgorithmID *sigAlgorithm, |
| SECOidTag hashCmp, void *wincx) |
| { |
| SECOidTag encAlg, hashAlg; |
| SECStatus rv = sec_DecodeSigAlg(key, |
| SECOID_GetAlgorithmTag((SECAlgorithmID *)sigAlgorithm), |
| &sigAlgorithm->parameters, &encAlg, &hashAlg); |
| if (rv != SECSuccess) { |
| return rv; |
| } |
| if ( hashCmp != SEC_OID_UNKNOWN && |
| hashAlg != SEC_OID_UNKNOWN && |
| hashCmp != hashAlg) { |
| PORT_SetError(SEC_ERROR_BAD_SIGNATURE); |
| return SECFailure; |
| } |
| return vfy_VerifyDigest(digest, key, sig, encAlg, hashAlg, wincx); |
| } |
| |
| static SECStatus |
| vfy_VerifyData(const unsigned char *buf, int len, const SECKEYPublicKey *key, |
| const SECItem *sig, SECOidTag encAlg, SECOidTag hashAlg, |
| SECOidTag *hash, void *wincx) |
| { |
| SECStatus rv; |
| VFYContext *cx; |
| |
| cx = vfy_CreateContext(key, sig, encAlg, hashAlg, hash, wincx); |
| if (cx == NULL) |
| return SECFailure; |
| |
| rv = VFY_Begin(cx); |
| if (rv == SECSuccess) { |
| rv = VFY_Update(cx, (unsigned char *)buf, len); |
| if (rv == SECSuccess) |
| rv = VFY_End(cx); |
| } |
| |
| VFY_DestroyContext(cx, PR_TRUE); |
| return rv; |
| } |
| |
| SECStatus |
| VFY_VerifyDataDirect(const unsigned char *buf, int len, |
| const SECKEYPublicKey *key, const SECItem *sig, |
| SECOidTag encAlg, SECOidTag hashAlg, |
| SECOidTag *hash, void *wincx) |
| { |
| return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, hash, wincx); |
| } |
| |
| SECStatus |
| VFY_VerifyData(const unsigned char *buf, int len, const SECKEYPublicKey *key, |
| const SECItem *sig, SECOidTag algid, void *wincx) |
| { |
| SECOidTag encAlg, hashAlg; |
| SECStatus rv = sec_DecodeSigAlg(key, algid, NULL, &encAlg, &hashAlg); |
| if (rv != SECSuccess) { |
| return rv; |
| } |
| return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, NULL, wincx); |
| } |
| |
| SECStatus |
| VFY_VerifyDataWithAlgorithmID(const unsigned char *buf, int len, |
| const SECKEYPublicKey *key, |
| const SECItem *sig, |
| const SECAlgorithmID *sigAlgorithm, |
| SECOidTag *hash, void *wincx) |
| { |
| SECOidTag encAlg, hashAlg; |
| SECOidTag sigAlg = SECOID_GetAlgorithmTag((SECAlgorithmID *)sigAlgorithm); |
| SECStatus rv = sec_DecodeSigAlg(key, sigAlg, |
| &sigAlgorithm->parameters, &encAlg, &hashAlg); |
| if (rv != SECSuccess) { |
| return rv; |
| } |
| return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, hash, wincx); |
| } |