The Tor Browser: security/nss/lib/cryptohi/dsautil.c@b8a032363ba2 (annotated)

security/nss/lib/cryptohi/dsautil.c@b8a032363ba2 (annotated)

security/nss/lib/cryptohi/dsautil.c

Thu, 22 Jan 2015 13:21:57 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Thu, 22 Jan 2015 13:21:57 +0100
branch: TOR_BUG_9701
changeset 15: b8a032363ba2
permissions: -rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "cryptohi.h"
 #include "secasn1.h"
 #include "secitem.h"
 #include "prerr.h"
 #ifndef DSA1_SUBPRIME_LEN
 #define DSA1_SUBPRIME_LEN 20	/* bytes */
 #endif
 typedef struct {
     SECItem r;
     SECItem s;
 } DSA_ASN1Signature;
 const SEC_ASN1Template DSA_SignatureTemplate[] =
 {
     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(DSA_ASN1Signature) },
     { SEC_ASN1_INTEGER, offsetof(DSA_ASN1Signature,r) },
     { SEC_ASN1_INTEGER, offsetof(DSA_ASN1Signature,s) },
     { 0, }
 };
 /* Input is variable length multi-byte integer, MSB first (big endian).
 ** Most signficant bit of first byte is NOT treated as a sign bit.
 ** May be one or more leading bytes of zeros.
 ** Output is variable length multi-byte integer, MSB first (big endian).
 ** Most significant bit of first byte will be zero (positive sign bit)
 ** No more than one leading zero byte.
 ** Caller supplies dest buffer, and assures that it is long enough,
 ** e.g. at least one byte longer that src's buffer.
 */
 void
 DSAU_ConvertUnsignedToSigned(SECItem *dest, SECItem *src)
 {
     unsigned char *pSrc = src->data;
     unsigned char *pDst = dest->data;
     unsigned int   cntSrc = src->len;
     /* skip any leading zeros. */
     while (cntSrc && !(*pSrc)) {
     	pSrc++;
 	cntSrc--;
     }
     if (!cntSrc) {
     	*pDst = 0;
 	dest->len = 1;
 	return;
     }
     if (*pSrc & 0x80)
     	*pDst++ = 0;
     PORT_Memcpy(pDst, pSrc, cntSrc);
     dest->len = (pDst - dest->data) + cntSrc;
 }
 /*
 ** src is a buffer holding a signed variable length integer.
 ** dest is a buffer which will be filled with an unsigned integer,
 ** MSB first (big endian) with leading zeros, so that the last byte
 ** of src will be the LSB of the integer.  The result will be exactly
 ** the length specified by the caller in dest->len.
 ** src can be shorter than dest.  src can be longer than dst, but only
 ** if the extra leading bytes are zeros.
 */
 SECStatus
 DSAU_ConvertSignedToFixedUnsigned(SECItem *dest, SECItem *src)
 {
     unsigned char *pSrc = src->data;
     unsigned char *pDst = dest->data;
     unsigned int   cntSrc = src->len;
     unsigned int   cntDst = dest->len;
     int            zCount = cntDst - cntSrc;
     if (zCount > 0) {
     	PORT_Memset(pDst, 0, zCount);
 	PORT_Memcpy(pDst + zCount, pSrc, cntSrc);
 	return SECSuccess;
     }
     if (zCount <= 0) {
 	/* Source is longer than destination.  Check for leading zeros. */
 	while (zCount++ < 0) {
 	    if (*pSrc++ != 0)
 		goto loser;
 	}
     }
     PORT_Memcpy(pDst, pSrc, cntDst);
     return SECSuccess;
 loser:
     PORT_SetError( PR_INVALID_ARGUMENT_ERROR );
     return SECFailure;
 }
 /* src is a "raw" ECDSA or DSA signature, the first half contains r
  * and the second half contains s. dest is the DER encoded signature.
 */
 static SECStatus
 common_EncodeDerSig(SECItem *dest, SECItem *src)
 {
     SECItem *         item;
     SECItem           srcItem;
     DSA_ASN1Signature sig;
     unsigned char     *signedR;
     unsigned char     *signedS;
     unsigned int len;
     /* Allocate memory with room for an extra byte that
      * may be required if the top bit in the first byte
      * is already set.
      */
     len = src->len/2;
     signedR = (unsigned char *) PORT_Alloc(len + 1);
     if (!signedR) return SECFailure;
     signedS = (unsigned char *) PORT_ZAlloc(len + 1);
     if (!signedS) {
         if (signedR) PORT_Free(signedR);
 	return SECFailure;
     }
     PORT_Memset(&sig, 0, sizeof(sig));
     /* Must convert r and s from "unsigned" integers to "signed" integers.
     ** If the high order bit of the first byte (MSB) is 1, then must
     ** prepend with leading zero.
     ** Must remove all but one leading zero byte from numbers.
     */
     sig.r.type = siUnsignedInteger;
     sig.r.data = signedR;
     sig.r.len  = sizeof signedR;
     sig.s.type = siUnsignedInteger;
     sig.s.data = signedS;
     sig.s.len  = sizeof signedR;
     srcItem.data = src->data;
     srcItem.len  = len;
     DSAU_ConvertUnsignedToSigned(&sig.r, &srcItem);
     srcItem.data += len;
     DSAU_ConvertUnsignedToSigned(&sig.s, &srcItem);
     item = SEC_ASN1EncodeItem(NULL, dest, &sig, DSA_SignatureTemplate);
     if (signedR) PORT_Free(signedR);
     if (signedS) PORT_Free(signedS);
     if (item == NULL)
 	return SECFailure;
     /* XXX leak item? */
     return SECSuccess;
 }
 /* src is a DER-encoded ECDSA or DSA signature.
 ** Returns a newly-allocated SECItem structure, pointing at a newly allocated
 ** buffer containing the "raw" signature, which is len bytes of r,
 ** followed by len bytes of s. For DSA, len is the length of q.
 ** For ECDSA, len depends on the key size used to create the signature.
 */
 static SECItem *
 common_DecodeDerSig(const SECItem *item, unsigned int len)
 {
     SECItem *         result = NULL;
     SECStatus         status;
     DSA_ASN1Signature sig;
     SECItem           dst;
     PORT_Memset(&sig, 0, sizeof(sig));
     result = PORT_ZNew(SECItem);
     if (result == NULL)
 	goto loser;
     result->len  = 2 * len;
     result->data = (unsigned char*)PORT_Alloc(2 * len);
     if (result->data == NULL)
 	goto loser;
     sig.r.type = siUnsignedInteger;
     sig.s.type = siUnsignedInteger;
     status = SEC_ASN1DecodeItem(NULL, &sig, DSA_SignatureTemplate, item);
     if (status != SECSuccess)
 	goto loser;
     /* Convert sig.r and sig.s from variable  length signed integers to
     ** fixed length unsigned integers.
     */
     dst.data = result->data;
     dst.len  = len;
     status = DSAU_ConvertSignedToFixedUnsigned(&dst, &sig.r);
     if (status != SECSuccess)
     	goto loser;
     dst.data += len;
     status = DSAU_ConvertSignedToFixedUnsigned(&dst, &sig.s);
     if (status != SECSuccess)
     	goto loser;
 done:
     if (sig.r.data != NULL)
 	PORT_Free(sig.r.data);
     if (sig.s.data != NULL)
 	PORT_Free(sig.s.data);
     return result;
 loser:
     if (result != NULL) {
 	SECITEM_FreeItem(result, PR_TRUE);
 	result = NULL;
     }
     goto done;
 }
 /* src is a "raw" DSA1 signature, 20 bytes of r followed by 20 bytes of s.
 ** dest is the signature DER encoded. ?
 */
 SECStatus
 DSAU_EncodeDerSig(SECItem *dest, SECItem *src)
 {
     PORT_Assert(src->len == 2 * DSA1_SUBPRIME_LEN);
     if (src->len != 2 * DSA1_SUBPRIME_LEN) {
     	PORT_SetError( PR_INVALID_ARGUMENT_ERROR );
 	return SECFailure;
     }
     return common_EncodeDerSig(dest, src);
 }
 /* src is a "raw" DSA signature of length len (len/2 bytes of r followed
 ** by len/2 bytes of s). dest is the signature DER encoded.
 */
 SECStatus
 DSAU_EncodeDerSigWithLen(SECItem *dest, SECItem *src, unsigned int len)
 {
     PORT_Assert((src->len == len) && (len % 2 == 0));
     if ((src->len != len) || (src->len % 2 != 0)) {
     	PORT_SetError( PR_INVALID_ARGUMENT_ERROR );
 	return SECFailure;
     }
     return common_EncodeDerSig(dest, src);
 }
 /* src is a DER-encoded DSA signature.
 ** Returns a newly-allocated SECItem structure, pointing at a newly allocated
 ** buffer containing the "raw" DSA1 signature, which is 20 bytes of r,
 ** followed by 20 bytes of s.
 */
 SECItem *
 DSAU_DecodeDerSig(const SECItem *item)
 {
     return common_DecodeDerSig(item, DSA1_SUBPRIME_LEN);
 }
 /* src is a DER-encoded ECDSA signature.
 ** Returns a newly-allocated SECItem structure, pointing at a newly allocated
 ** buffer containing the "raw" ECDSA signature of length len containing
 ** r followed by s (both padded to take up exactly len/2 bytes).
 */
 SECItem *
 DSAU_DecodeDerSigToLen(const SECItem *item, unsigned int len)
 {
     return common_DecodeDerSig(item, len/2);
 }

The Tor Browser / annotate

security/nss/lib/cryptohi/dsautil.c@b8a032363ba2 (annotated)

security/nss/lib/cryptohi/dsautil.c