The Tor Browser: comparison security/nss/lib/cryptohi/dsautil.c

--1:000000000000
+:2f842d5e770f
+/* This Source Code Form is subject to the terms of the Mozilla Public
+* License, v. 2.0. If a copy of the MPL was not distributed with this
+* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "cryptohi.h"
+#include "secasn1.h"
+#include "secitem.h"
+#include "prerr.h"
+#ifndef DSA1_SUBPRIME_LEN
+#define DSA1_SUBPRIME_LEN 20	/* bytes */
+#endif
+typedef struct {
+SECItem r;
+SECItem s;
+} DSA_ASN1Signature;
+const SEC_ASN1Template DSA_SignatureTemplate[] =
+{
+{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(DSA_ASN1Signature) },
+{ SEC_ASN1_INTEGER, offsetof(DSA_ASN1Signature,r) },
+{ SEC_ASN1_INTEGER, offsetof(DSA_ASN1Signature,s) },
+{ 0, }
+};
+/* Input is variable length multi-byte integer, MSB first (big endian).
+** Most signficant bit of first byte is NOT treated as a sign bit.
+** May be one or more leading bytes of zeros.
+** Output is variable length multi-byte integer, MSB first (big endian).
+** Most significant bit of first byte will be zero (positive sign bit)
+** No more than one leading zero byte.
+** Caller supplies dest buffer, and assures that it is long enough,
+** e.g. at least one byte longer that src's buffer.
+*/
+void
+DSAU_ConvertUnsignedToSigned(SECItem *dest, SECItem *src)
+{
+unsigned char *pSrc = src->data;
+unsigned char *pDst = dest->data;
+unsigned int   cntSrc = src->len;
+/* skip any leading zeros. */
+while (cntSrc && !(*pSrc)) {
+	pSrc++;
+	cntSrc--;
+}
+if (!cntSrc) {
+	*pDst = 0;
+	dest->len = 1;
+	return;
+}
+if (*pSrc & 0x80)
+	*pDst++ = 0;
+PORT_Memcpy(pDst, pSrc, cntSrc);
+dest->len = (pDst - dest->data) + cntSrc;
+}
+/*
+** src is a buffer holding a signed variable length integer.
+** dest is a buffer which will be filled with an unsigned integer,
+** MSB first (big endian) with leading zeros, so that the last byte
+** of src will be the LSB of the integer.  The result will be exactly
+** the length specified by the caller in dest->len.
+** src can be shorter than dest.  src can be longer than dst, but only
+** if the extra leading bytes are zeros.
+*/
+SECStatus
+DSAU_ConvertSignedToFixedUnsigned(SECItem *dest, SECItem *src)
+{
+unsigned char *pSrc = src->data;
+unsigned char *pDst = dest->data;
+unsigned int   cntSrc = src->len;
+unsigned int   cntDst = dest->len;
+int            zCount = cntDst - cntSrc;
+if (zCount > 0) {
+	PORT_Memset(pDst, 0, zCount);
+	PORT_Memcpy(pDst + zCount, pSrc, cntSrc);
+	return SECSuccess;
+}
+if (zCount <= 0) {
+	/* Source is longer than destination.  Check for leading zeros. */
+	while (zCount++ < 0) {
+	    if (*pSrc++ != 0)
+		goto loser;
+	}
+}
+PORT_Memcpy(pDst, pSrc, cntDst);
+return SECSuccess;
+loser:
+PORT_SetError( PR_INVALID_ARGUMENT_ERROR );
+return SECFailure;
+}
+/* src is a "raw" ECDSA or DSA signature, the first half contains r
+* and the second half contains s. dest is the DER encoded signature.
+*/
+static SECStatus
+common_EncodeDerSig(SECItem *dest, SECItem *src)
+{
+SECItem *         item;
+SECItem           srcItem;
+DSA_ASN1Signature sig;
+unsigned char     *signedR;
+unsigned char     *signedS;
+unsigned int len;
+/* Allocate memory with room for an extra byte that
+* may be required if the top bit in the first byte
+* is already set.
+*/
+len = src->len/2;
+signedR = (unsigned char *) PORT_Alloc(len + 1);
+if (!signedR) return SECFailure;
+signedS = (unsigned char *) PORT_ZAlloc(len + 1);
+if (!signedS) {
+if (signedR) PORT_Free(signedR);
+	return SECFailure;
+}
+PORT_Memset(&sig, 0, sizeof(sig));
+/* Must convert r and s from "unsigned" integers to "signed" integers.
+** If the high order bit of the first byte (MSB) is 1, then must
+** prepend with leading zero.
+** Must remove all but one leading zero byte from numbers.
+*/
+sig.r.type = siUnsignedInteger;
+sig.r.data = signedR;
+sig.r.len  = sizeof signedR;
+sig.s.type = siUnsignedInteger;
+sig.s.data = signedS;
+sig.s.len  = sizeof signedR;
+srcItem.data = src->data;
+srcItem.len  = len;
+DSAU_ConvertUnsignedToSigned(&sig.r, &srcItem);
+srcItem.data += len;
+DSAU_ConvertUnsignedToSigned(&sig.s, &srcItem);
+item = SEC_ASN1EncodeItem(NULL, dest, &sig, DSA_SignatureTemplate);
+if (signedR) PORT_Free(signedR);
+if (signedS) PORT_Free(signedS);
+if (item == NULL)
+	return SECFailure;
+/* XXX leak item? */
+return SECSuccess;
+}
+/* src is a DER-encoded ECDSA or DSA signature.
+** Returns a newly-allocated SECItem structure, pointing at a newly allocated
+** buffer containing the "raw" signature, which is len bytes of r,
+** followed by len bytes of s. For DSA, len is the length of q.
+** For ECDSA, len depends on the key size used to create the signature.
+*/
+static SECItem *
+common_DecodeDerSig(const SECItem *item, unsigned int len)
+{
+SECItem *         result = NULL;
+SECStatus         status;
+DSA_ASN1Signature sig;
+SECItem           dst;
+PORT_Memset(&sig, 0, sizeof(sig));
+result = PORT_ZNew(SECItem);
+if (result == NULL)
+	goto loser;
+result->len  = 2 * len;
+result->data = (unsigned char*)PORT_Alloc(2 * len);
+if (result->data == NULL)
+	goto loser;
+sig.r.type = siUnsignedInteger;
+sig.s.type = siUnsignedInteger;
+status = SEC_ASN1DecodeItem(NULL, &sig, DSA_SignatureTemplate, item);
+if (status != SECSuccess)
+	goto loser;
+/* Convert sig.r and sig.s from variable  length signed integers to
+** fixed length unsigned integers.
+*/
+dst.data = result->data;
+dst.len  = len;
+status = DSAU_ConvertSignedToFixedUnsigned(&dst, &sig.r);
+if (status != SECSuccess)
+	goto loser;
+dst.data += len;
+status = DSAU_ConvertSignedToFixedUnsigned(&dst, &sig.s);
+if (status != SECSuccess)
+	goto loser;
+done:
+if (sig.r.data != NULL)
+	PORT_Free(sig.r.data);
+if (sig.s.data != NULL)
+	PORT_Free(sig.s.data);
+return result;
+loser:
+if (result != NULL) {
+	SECITEM_FreeItem(result, PR_TRUE);
+	result = NULL;
+}
+goto done;
+}
+/* src is a "raw" DSA1 signature, 20 bytes of r followed by 20 bytes of s.
+** dest is the signature DER encoded. ?
+*/
+SECStatus
+DSAU_EncodeDerSig(SECItem *dest, SECItem *src)
+{
+PORT_Assert(src->len == 2 * DSA1_SUBPRIME_LEN);
+if (src->len != 2 * DSA1_SUBPRIME_LEN) {
+	PORT_SetError( PR_INVALID_ARGUMENT_ERROR );
+	return SECFailure;
+}
+return common_EncodeDerSig(dest, src);
+}
+/* src is a "raw" DSA signature of length len (len/2 bytes of r followed
+** by len/2 bytes of s). dest is the signature DER encoded.
+*/
+SECStatus
+DSAU_EncodeDerSigWithLen(SECItem *dest, SECItem *src, unsigned int len)
+{
+PORT_Assert((src->len == len) && (len % 2 == 0));
+if ((src->len != len) || (src->len % 2 != 0)) {
+	PORT_SetError( PR_INVALID_ARGUMENT_ERROR );
+	return SECFailure;
+}
+return common_EncodeDerSig(dest, src);
+}
+/* src is a DER-encoded DSA signature.
+** Returns a newly-allocated SECItem structure, pointing at a newly allocated
+** buffer containing the "raw" DSA1 signature, which is 20 bytes of r,
+** followed by 20 bytes of s.
+*/
+SECItem *
+DSAU_DecodeDerSig(const SECItem *item)
+{
+return common_DecodeDerSig(item, DSA1_SUBPRIME_LEN);
+}
+/* src is a DER-encoded ECDSA signature.
+** Returns a newly-allocated SECItem structure, pointing at a newly allocated
+** buffer containing the "raw" ECDSA signature of length len containing
+** r followed by s (both padded to take up exactly len/2 bytes).
+*/
+SECItem *
+DSAU_DecodeDerSigToLen(const SECItem *item, unsigned int len)
+{
+return common_DecodeDerSig(item, len/2);
+}

The Tor Browser / file comparison

comparison: security/nss/lib/cryptohi/dsautil.c

security/nss/lib/cryptohi/dsautil.c