The Tor Browser: security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.c@6474c204b198 (annotated)

security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.c@6474c204b198 (annotated)

security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.c

Wed, 31 Dec 2014 06:09:35 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Wed, 31 Dec 2014 06:09:35 +0100
changeset 0: 6474c204b198
permissions: -rwxr-xr-x

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * pkix_signaturechecker.c
  *
  * Functions for signature validation
  *
  */
 #include "pkix_signaturechecker.h"
 /*
  * FUNCTION: pkix_SignatureCheckerstate_Destroy
  * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
  */
 static PKIX_Error *
 pkix_SignatureCheckerState_Destroy(
         PKIX_PL_Object *object,
         void *plContext)
 {
         pkix_SignatureCheckerState *state = NULL;
         PKIX_ENTER(SIGNATURECHECKERSTATE,
                     "pkix_SignatureCheckerState_Destroy");
         PKIX_NULLCHECK_ONE(object);
         /* Check that this object is a signature checker state */
         PKIX_CHECK(pkix_CheckType
                     (object, PKIX_SIGNATURECHECKERSTATE_TYPE, plContext),
                     PKIX_OBJECTNOTSIGNATURECHECKERSTATE);
         state = (pkix_SignatureCheckerState *) object;
         state->prevCertCertSign = PKIX_FALSE;
         PKIX_DECREF(state->prevPublicKey);
         PKIX_DECREF(state->prevPublicKeyList);
         PKIX_DECREF(state->keyUsageOID);
 cleanup:
         PKIX_RETURN(SIGNATURECHECKERSTATE);
 }
 /*
  * FUNCTION: pkix_SignatureCheckerState_RegisterSelf
  *
  * DESCRIPTION:
  *  Registers PKIX_SIGNATURECHECKERSTATE_TYPE and its related functions
  *  with systemClasses[]
  *
  * THREAD SAFETY:
  *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
  *
  *  Since this function is only called by PKIX_PL_Initialize, which should
  *  only be called once, it is acceptable that this function is not
  *  thread-safe.
  */
 PKIX_Error *
 pkix_SignatureCheckerState_RegisterSelf(void *plContext)
 {
         extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
         pkix_ClassTable_Entry entry;
         PKIX_ENTER(SIGNATURECHECKERSTATE,
                     "pkix_SignatureCheckerState_RegisterSelf");
         entry.description = "SignatureCheckerState";
         entry.objCounter = 0;
         entry.typeObjectSize = sizeof(pkix_SignatureCheckerState);
         entry.destructor = pkix_SignatureCheckerState_Destroy;
         entry.equalsFunction = NULL;
         entry.hashcodeFunction = NULL;
         entry.toStringFunction = NULL;
         entry.comparator = NULL;
         entry.duplicateFunction = NULL;
         systemClasses[PKIX_SIGNATURECHECKERSTATE_TYPE] = entry;
         PKIX_RETURN(SIGNATURECHECKERSTATE);
 }
 /*
  * FUNCTION: pkix_SignatureCheckerState_Create
  *
  * DESCRIPTION:
  *  Allocate and initialize SignatureChecker state data.
  *
  * PARAMETERS
  *  "trustedPubKey"
  *      Address of trusted Anchor Public Key for verifying first Cert in the
  *      chain. Must be non-NULL.
  *  "certsRemaining"
  *      Number of certificates remaining in the chain.
  *  "pCheckerState"
  *      Address where SignatureCheckerState will be stored. Must be non-NULL.
  *  "plContext"
  *      Platform-specific context pointer.
  *
  * THREAD SAFETY:
  *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
  *
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a SignatureCheckerState Error if the function fails in a
  *  non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 static PKIX_Error *
 pkix_SignatureCheckerState_Create(
     PKIX_PL_PublicKey *trustedPubKey,
     PKIX_UInt32 certsRemaining,
     pkix_SignatureCheckerState **pCheckerState,
     void *plContext)
 {
         pkix_SignatureCheckerState *state = NULL;
         PKIX_PL_OID *keyUsageOID = NULL;
         PKIX_ENTER(SIGNATURECHECKERSTATE, "pkix_SignatureCheckerState_Create");
         PKIX_NULLCHECK_TWO(trustedPubKey, pCheckerState);
         PKIX_CHECK(PKIX_PL_Object_Alloc
                     (PKIX_SIGNATURECHECKERSTATE_TYPE,
                     sizeof (pkix_SignatureCheckerState),
                     (PKIX_PL_Object **)&state,
                     plContext),
                     PKIX_COULDNOTCREATESIGNATURECHECKERSTATEOBJECT);
         /* Initialize fields */
         state->prevCertCertSign = PKIX_TRUE;
         state->prevPublicKeyList = NULL;
         state->certsRemaining = certsRemaining;
         PKIX_INCREF(trustedPubKey);
         state->prevPublicKey = trustedPubKey;
         PKIX_CHECK(PKIX_PL_OID_Create
                     (PKIX_CERTKEYUSAGE_OID,
                     &keyUsageOID,
                     plContext),
                     PKIX_OIDCREATEFAILED);
         state->keyUsageOID = keyUsageOID;
         keyUsageOID = NULL;
         *pCheckerState = state;
         state = NULL;
 cleanup:
         PKIX_DECREF(keyUsageOID);
         PKIX_DECREF(state);
         PKIX_RETURN(SIGNATURECHECKERSTATE);
 }
 /* --Private-Functions-------------------------------------------- */
 /*
  * FUNCTION: pkix_SignatureChecker_Check
  * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
  */
 PKIX_Error *
 pkix_SignatureChecker_Check(
         PKIX_CertChainChecker *checker,
         PKIX_PL_Cert *cert,
         PKIX_List *unresolvedCriticalExtensions,
         void **pNBIOContext,
         void *plContext)
 {
         pkix_SignatureCheckerState *state = NULL;
         PKIX_PL_PublicKey *prevPubKey = NULL;
         PKIX_PL_PublicKey *currPubKey = NULL;
         PKIX_PL_PublicKey *newPubKey = NULL;
         PKIX_PL_PublicKey *pKey = NULL;
         PKIX_PL_CertBasicConstraints *basicConstraints = NULL;
         PKIX_Error *checkKeyUsageFail = NULL;
         PKIX_Error *verifyFail = NULL;
         PKIX_Boolean certVerified = PKIX_FALSE;
         PKIX_ENTER(CERTCHAINCHECKER, "pkix_SignatureChecker_Check");
         PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
         *pNBIOContext = NULL; /* we never block on pending I/O */
         PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
                     (checker, (PKIX_PL_Object **)&state, plContext),
                     PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
         (state->certsRemaining)--;
         PKIX_INCREF(state->prevPublicKey);
         prevPubKey = state->prevPublicKey;
         /*
          * Previous Cert doesn't have CertSign bit on for signature
          * verification and it is not a self-issued Cert so there is no
          * old key saved. This is considered error.
          */
         if (state->prevCertCertSign == PKIX_FALSE &&
                 state->prevPublicKeyList == NULL) {
                     PKIX_ERROR(PKIX_KEYUSAGEKEYCERTSIGNBITNOTON);
         }
         /* Previous Cert is valid for signature verification, try it first */
         if (state->prevCertCertSign == PKIX_TRUE) {
                 verifyFail = PKIX_PL_Cert_VerifySignature
                         (cert, prevPubKey, plContext);
                 if (verifyFail == NULL) {
                         certVerified = PKIX_TRUE;
                 } else {
                         certVerified = PKIX_FALSE;
                 }
         }
 #ifdef NIST_TEST_4_5_4_AND_4_5_6
         /*
          * Following codes under this compiler flag is implemented for
          * special cases of NIST tests 4.5.4 and 4.5.6. We are not sure
          * we should handle these two tests as what is implemented so the
          * codes are commented out, and the tests fails (for now).
          * For Cert chain validation, our assumption is all the Certs on
          * the chain are using its previous Cert's public key to decode
          * its current key. But for thses two tests, keys are used not
          * in this precedent order, we can either
          * 1) Use what is implemented here: take in what Cert order NIST
          *    specified and for continuous self-issued Certs, stacking up
          *    their keys and tries all of them in FILO order.
          *    But this method breaks the idea of chain key presdency.
          * 2) Use Build Chain facility: we will specify the valid Certs
          *    order (means key precedency is kept) and count on Build Chain
          *    to get the Certs that can fill for the needed keys. This may have
          *    performance impact.
          * 3) Fetch Certs from CertStore: we will specifiy the valid Certs
          *    order and use CertSelector on SubjectName to get a list of
          *    candidates Certs to fill in for the needed keys.
          * Anyhow, the codes are kept around just in case we want to use
          * solution one...
          */
         /* If failed and previous key is self-issued, try its old key(s) */
         if (certVerified == PKIX_FALSE && state->prevPublicKeyList != NULL) {
                 /* Verify from keys on the list */
                 PKIX_CHECK(PKIX_List_GetLength
                         (state->prevPublicKeyList, &numKeys, plContext),
                         PKIX_LISTGETLENGTHFAILED);
                 for (i = numKeys - 1; i >= 0; i--) {
                         PKIX_CHECK(PKIX_List_GetItem
                                 (state->prevPublicKeyList,
                                 i,
                                 (PKIX_PL_Object **) &pKey,
                                 plContext),
                                 PKIX_LISTGETITEMFAILED);
                         PKIX_DECREF(verifyFail);
                         verifyFail = PKIX_PL_Cert_VerifySignature
                                 (cert, pKey, plContext);
                         if (verifyFail == NULL) {
                                 certVerified = PKIX_TRUE;
                                 break;
                         } else {
                                 certVerified = PKIX_FALSE;
                         }
                         PKIX_DECREF(pKey);
                 }
         }
 #endif
         if (certVerified == PKIX_FALSE) {
                 pkixErrorResult = verifyFail;
                 verifyFail = NULL;
                 PKIX_ERROR(PKIX_VALIDATIONFAILEDCERTSIGNATURECHECKING);
         }
 #ifdef NIST_TEST_4_5_4_AND_4_5_6
         /*
          * Check if Cert is self-issued. If so, the old key(s) is saved, in
          * conjunction to the new key, for verifying CERT validity later.
          */
         PKIX_CHECK(pkix_IsCertSelfIssued(cert, &selfIssued, plContext),
                     PKIX_ISCERTSELFISSUEFAILED);
         /*
          * Check if Cert is self-issued. If so, the public key of the Cert
          * that issues this Cert (old key) can be used together with this
          * current key (new key) for key verification. If there are multiple
          * self-issued certs, keys of those Certs (old keys) can also be used
          * for key verification. Old key(s) is saved in a list (PrevPublickKey-
          * List) and cleared when a Cert is no longer self-issued. PrevPublic-
          * Key keep key of the previous Cert.
          */
         if (selfIssued == PKIX_TRUE) {
             /* Make sure previous Cert is valid for signature verification */
             if (state->prevCertCertSign == PKIX_TRUE) {
                 if (state->prevPublicKeyList == NULL) {
                         PKIX_CHECK(PKIX_List_Create
                                 (&state->prevPublicKeyList, plContext),
                                 PKIX_LISTCREATEFALIED);
                 }
                 PKIX_CHECK(PKIX_List_AppendItem
                             (state->prevPublicKeyList,
                             (PKIX_PL_Object *) state->prevPublicKey,
                             plContext),
                             PKIX_LISTAPPENDITEMFAILED);
             }
         } else {
             /* Not self-issued Cert any more, clear old key(s) saved */
             PKIX_DECREF(state->prevPublicKeyList);
         }
 #endif
         /* Save current key as prevPublicKey */
         PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKey
                     (cert, &currPubKey, plContext),
                     PKIX_CERTGETSUBJECTPUBLICKEYFAILED);
         PKIX_CHECK(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey
                     (currPubKey, prevPubKey, &newPubKey, plContext),
                     PKIX_PUBLICKEYMAKEINHERITEDDSAPUBLICKEYFAILED);
         if (newPubKey == NULL){
                 PKIX_INCREF(currPubKey);
                 newPubKey = currPubKey;
         }
         PKIX_INCREF(newPubKey);
         PKIX_DECREF(state->prevPublicKey);
         state->prevPublicKey = newPubKey;
         /* Save this Cert key usage CertSign bit */
         if (state->certsRemaining != 0) {
                 checkKeyUsageFail = PKIX_PL_Cert_VerifyKeyUsage
                         (cert, PKIX_KEY_CERT_SIGN, plContext);
                 state->prevCertCertSign = (checkKeyUsageFail == NULL)?
                         PKIX_TRUE:PKIX_FALSE;
                 PKIX_DECREF(checkKeyUsageFail);
         }
         /* Remove Key Usage Extension OID from list */
         if (unresolvedCriticalExtensions != NULL) {
                 PKIX_CHECK(pkix_List_Remove
                             (unresolvedCriticalExtensions,
                             (PKIX_PL_Object *) state->keyUsageOID,
                             plContext),
                             PKIX_LISTREMOVEFAILED);
         }
         PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerState
                     (checker, (PKIX_PL_Object *)state, plContext),
                     PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED);
 cleanup:
         PKIX_DECREF(state);
         PKIX_DECREF(pKey);
         PKIX_DECREF(prevPubKey);
         PKIX_DECREF(currPubKey);
         PKIX_DECREF(newPubKey);
         PKIX_DECREF(basicConstraints);
         PKIX_DECREF(verifyFail);
         PKIX_DECREF(checkKeyUsageFail);
         PKIX_RETURN(CERTCHAINCHECKER);
 }
 /*
  * FUNCTION: pkix_SignatureChecker_Initialize
  * DESCRIPTION:
  *
  *  Creates a new CertChainChecker and stores it at "pChecker", where it will
  *  be used by pkix_SignatureChecker_Check to check that the public key in
  *  the checker's state is able to successfully validate the certificate's
  *  signature. The PublicKey pointed to by "trustedPubKey" is used to
  *  initialize the checker's state.
  *
  * PARAMETERS:
  *  "trustedPubKey"
  *      Address of PublicKey representing the trusted public key used to
  *      initialize the state of this checker. Must be non-NULL.
  *  "certsRemaining"
  *      Number of certificates remaining in the chain.
  *  "pChecker"
  *      Address where object pointer will be stored. Must be non-NULL.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a CertChainChecker Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 pkix_SignatureChecker_Initialize(
         PKIX_PL_PublicKey *trustedPubKey,
         PKIX_UInt32 certsRemaining,
         PKIX_CertChainChecker **pChecker,
         void *plContext)
 {
         pkix_SignatureCheckerState* state = NULL;
         PKIX_ENTER(CERTCHAINCHECKER, "PKIX_SignatureChecker_Initialize");
         PKIX_NULLCHECK_TWO(pChecker, trustedPubKey);
         PKIX_CHECK(pkix_SignatureCheckerState_Create
                     (trustedPubKey, certsRemaining, &state, plContext),
                     PKIX_SIGNATURECHECKERSTATECREATEFAILED);
         PKIX_CHECK(PKIX_CertChainChecker_Create
                     (pkix_SignatureChecker_Check,
                     PKIX_FALSE,
                     PKIX_FALSE,
                     NULL,
                     (PKIX_PL_Object *) state,
                     pChecker,
                     plContext),
                     PKIX_CERTCHAINCHECKERCREATEFAILED);
 cleanup:
         PKIX_DECREF(state);
         PKIX_RETURN(CERTCHAINCHECKER);
 }

The Tor Browser / annotate

security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.c@6474c204b198 (annotated)

security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.c