The Tor Browser / annotate

security/nss/lib/util/pkcs1sig.c@b8a032363ba2 (annotated)

security/nss/lib/util/pkcs1sig.c

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

michael@0 1 /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
michael@0 4 */
michael@0 5
michael@0 6 #include "pkcs1sig.h"
michael@0 7 #include "hasht.h"
michael@0 8 #include "secerr.h"
michael@0 9 #include "secasn1t.h"
michael@0 10 #include "secoid.h"
michael@0 11
michael@0 12 typedef struct pkcs1PrefixStr pkcs1Prefix;
michael@0 13 struct pkcs1PrefixStr {
michael@0 14 unsigned int len;
michael@0 15 PRUint8 *data;
michael@0 16 };
michael@0 17
michael@0 18 typedef struct pkcs1PrefixesStr pkcs1Prefixes;
michael@0 19 struct pkcs1PrefixesStr {
michael@0 20 unsigned int digestLen;
michael@0 21 pkcs1Prefix prefixWithParams;
michael@0 22 pkcs1Prefix prefixWithoutParams;
michael@0 23 };
michael@0 24
michael@0 25 /* The value for SGN_PKCS1_DIGESTINFO_MAX_PREFIX_LEN_EXCLUDING_OID is based on
michael@0 26 * the possible prefix encodings as explained below.
michael@0 27 */
michael@0 28 #define MAX_PREFIX_LEN_EXCLUDING_OID 10
michael@0 29
michael@0 30 static SECStatus
michael@0 31 encodePrefix(const SECOidData *hashOid, unsigned int digestLen,
michael@0 32 pkcs1Prefix *prefix, PRBool withParams)
michael@0 33 {
michael@0 34 /* with params coding is:
michael@0 35 * Sequence (2 bytes) {
michael@0 36 * Sequence (2 bytes) {
michael@0 37 * Oid (2 bytes) {
michael@0 38 * Oid value (derOid->oid.len)
michael@0 39 * }
michael@0 40 * NULL (2 bytes)
michael@0 41 * }
michael@0 42 * OCTECT (2 bytes);
michael@0 43 *
michael@0 44 * without params coding is:
michael@0 45 * Sequence (2 bytes) {
michael@0 46 * Sequence (2 bytes) {
michael@0 47 * Oid (2 bytes) {
michael@0 48 * Oid value (derOid->oid.len)
michael@0 49 * }
michael@0 50 * }
michael@0 51 * OCTECT (2 bytes);
michael@0 52 */
michael@0 53
michael@0 54 unsigned int innerSeqLen = 2 + hashOid->oid.len;
michael@0 55 unsigned int outerSeqLen = 2 + innerSeqLen + 2 + digestLen;
michael@0 56 unsigned int extra = 0;
michael@0 57
michael@0 58 if (withParams) {
michael@0 59 innerSeqLen += 2;
michael@0 60 outerSeqLen += 2;
michael@0 61 extra = 2;
michael@0 62 }
michael@0 63
michael@0 64 if (innerSeqLen >= 128 ||
michael@0 65 outerSeqLen >= 128 ||
michael@0 66 (outerSeqLen + 2 - digestLen) >
michael@0 67 (MAX_PREFIX_LEN_EXCLUDING_OID + hashOid->oid.len)) {
michael@0 68 /* this is actually a library failure, It shouldn't happen */
michael@0 69 PORT_SetError(SEC_ERROR_INVALID_ARGS);
michael@0 70 return SECFailure;
michael@0 71 }
michael@0 72
michael@0 73 prefix->len = 6 + hashOid->oid.len + extra + 2;
michael@0 74 prefix->data = PORT_Alloc(prefix->len);
michael@0 75 if (!prefix->data) {
michael@0 76 PORT_SetError(SEC_ERROR_NO_MEMORY);
michael@0 77 return SECFailure;
michael@0 78 }
michael@0 79
michael@0 80 prefix->data[0] = SEC_ASN1_SEQUENCE|SEC_ASN1_CONSTRUCTED;
michael@0 81 prefix->data[1] = outerSeqLen;
michael@0 82 prefix->data[2] = SEC_ASN1_SEQUENCE|SEC_ASN1_CONSTRUCTED;
michael@0 83 prefix->data[3] = innerSeqLen;
michael@0 84 prefix->data[4] = SEC_ASN1_OBJECT_ID;
michael@0 85 prefix->data[5] = hashOid->oid.len;
michael@0 86 PORT_Memcpy(&prefix->data[6], hashOid->oid.data, hashOid->oid.len);
michael@0 87 if (withParams) {
michael@0 88 prefix->data[6 + hashOid->oid.len] = SEC_ASN1_NULL;
michael@0 89 prefix->data[6 + hashOid->oid.len + 1] = 0;
michael@0 90 }
michael@0 91 prefix->data[6 + hashOid->oid.len + extra] = SEC_ASN1_OCTET_STRING;
michael@0 92 prefix->data[6 + hashOid->oid.len + extra + 1] = digestLen;
michael@0 93
michael@0 94 return SECSuccess;
michael@0 95 }
michael@0 96
michael@0 97 SECStatus
michael@0 98 _SGN_VerifyPKCS1DigestInfo(SECOidTag digestAlg,
michael@0 99 const SECItem* digest,
michael@0 100 const SECItem* dataRecoveredFromSignature,
michael@0 101 PRBool unsafeAllowMissingParameters)
michael@0 102 {
michael@0 103 SECOidData *hashOid;
michael@0 104 pkcs1Prefixes pp;
michael@0 105 const pkcs1Prefix* expectedPrefix;
michael@0 106 SECStatus rv, rv2, rv3;
michael@0 107
michael@0 108 if (!digest || !digest->data ||
michael@0 109 !dataRecoveredFromSignature || !dataRecoveredFromSignature->data) {
michael@0 110 PORT_SetError(SEC_ERROR_INVALID_ARGS);
michael@0 111 return SECFailure;
michael@0 112 }
michael@0 113
michael@0 114 hashOid = SECOID_FindOIDByTag(digestAlg);
michael@0 115 if (hashOid == NULL) {
michael@0 116 PORT_SetError(SEC_ERROR_INVALID_ARGS);
michael@0 117 return SECFailure;
michael@0 118 }
michael@0 119
michael@0 120 pp.digestLen = digest->len;
michael@0 121 pp.prefixWithParams.data = NULL;
michael@0 122 pp.prefixWithoutParams.data = NULL;
michael@0 123
michael@0 124 rv2 = encodePrefix(hashOid, pp.digestLen, &pp.prefixWithParams, PR_TRUE);
michael@0 125 rv3 = encodePrefix(hashOid, pp.digestLen, &pp.prefixWithoutParams, PR_FALSE);
michael@0 126
michael@0 127 rv = SECSuccess;
michael@0 128 if (rv2 != SECSuccess || rv3 != SECSuccess) {
michael@0 129 rv = SECFailure;
michael@0 130 }
michael@0 131
michael@0 132 if (rv == SECSuccess) {
michael@0 133 /* We don't attempt to avoid timing attacks on these comparisons because
michael@0 134 * signature verification is a public key operation, not a private key
michael@0 135 * operation.
michael@0 136 */
michael@0 137
michael@0 138 if (dataRecoveredFromSignature->len ==
michael@0 139 pp.prefixWithParams.len + pp.digestLen) {
michael@0 140 expectedPrefix = &pp.prefixWithParams;
michael@0 141 } else if (unsafeAllowMissingParameters &&
michael@0 142 dataRecoveredFromSignature->len ==
michael@0 143 pp.prefixWithoutParams.len + pp.digestLen) {
michael@0 144 expectedPrefix = &pp.prefixWithoutParams;
michael@0 145 } else {
michael@0 146 PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
michael@0 147 rv = SECFailure;
michael@0 148 }
michael@0 149 }
michael@0 150
michael@0 151 if (rv == SECSuccess) {
michael@0 152 if (memcmp(dataRecoveredFromSignature->data, expectedPrefix->data,
michael@0 153 expectedPrefix->len) ||
michael@0 154 memcmp(dataRecoveredFromSignature->data + expectedPrefix->len,
michael@0 155 digest->data, digest->len)) {
michael@0 156 PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
michael@0 157 rv = SECFailure;
michael@0 158 }
michael@0 159 }
michael@0 160
michael@0 161 if (pp.prefixWithParams.data) {
michael@0 162 PORT_Free(pp.prefixWithParams.data);
michael@0 163 }
michael@0 164 if (pp.prefixWithoutParams.data) {
michael@0 165 PORT_Free(pp.prefixWithoutParams.data);
michael@0 166 }
michael@0 167
michael@0 168 return rv;
michael@0 169 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial