OLD | NEW |
1 /* | 1 /* |
2 * Verification stuff. | 2 * Verification stuff. |
3 * | 3 * |
4 * ***** BEGIN LICENSE BLOCK ***** | 4 * ***** BEGIN LICENSE BLOCK ***** |
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
6 * | 6 * |
7 * The contents of this file are subject to the Mozilla Public License Version | 7 * The contents of this file are subject to the Mozilla Public License Version |
8 * 1.1 (the "License"); you may not use this file except in compliance with | 8 * 1.1 (the "License"); you may not use this file except in compliance with |
9 * the License. You may obtain a copy of the License at | 9 * the License. You may obtain a copy of the License at |
10 * http://www.mozilla.org/MPL/ | 10 * http://www.mozilla.org/MPL/ |
(...skipping 19 matching lines...) Expand all Loading... |
30 * in which case the provisions of the GPL or the LGPL are applicable instead | 30 * in which case the provisions of the GPL or the LGPL are applicable instead |
31 * of those above. If you wish to allow use of your version of this file only | 31 * of those above. If you wish to allow use of your version of this file only |
32 * under the terms of either the GPL or the LGPL, and not to allow others to | 32 * under the terms of either the GPL or the LGPL, and not to allow others to |
33 * use your version of this file under the terms of the MPL, indicate your | 33 * use your version of this file under the terms of the MPL, indicate your |
34 * decision by deleting the provisions above and replace them with the notice | 34 * decision by deleting the provisions above and replace them with the notice |
35 * and other provisions required by the GPL or the LGPL. If you do not delete | 35 * and other provisions required by the GPL or the LGPL. If you do not delete |
36 * the provisions above, a recipient may use your version of this file under | 36 * the provisions above, a recipient may use your version of this file under |
37 * the terms of any one of the MPL, the GPL or the LGPL. | 37 * the terms of any one of the MPL, the GPL or the LGPL. |
38 * | 38 * |
39 * ***** END LICENSE BLOCK ***** */ | 39 * ***** END LICENSE BLOCK ***** */ |
40 /* $Id: secvfy.c,v 1.23 2010/02/10 00:49:43 wtc%google.com Exp $ */ | 40 /* $Id: secvfy.c,v 1.24 2010/06/23 02:13:56 wtc%google.com Exp $ */ |
41 | 41 |
42 #include <stdio.h> | 42 #include <stdio.h> |
43 #include "cryptohi.h" | 43 #include "cryptohi.h" |
44 #include "sechash.h" | 44 #include "sechash.h" |
45 #include "keyhi.h" | 45 #include "keyhi.h" |
46 #include "secasn1.h" | 46 #include "secasn1.h" |
47 #include "secoid.h" | 47 #include "secoid.h" |
48 #include "pk11func.h" | 48 #include "pk11func.h" |
49 #include "secdig.h" | 49 #include "secdig.h" |
50 #include "secerr.h" | 50 #include "secerr.h" |
(...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
230 break; | 230 break; |
231 case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: | 231 case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: |
232 *hashalg = SEC_OID_MD5; | 232 *hashalg = SEC_OID_MD5; |
233 break; | 233 break; |
234 case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: | 234 case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: |
235 case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE: | 235 case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE: |
236 case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE: | 236 case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE: |
237 *hashalg = SEC_OID_SHA1; | 237 *hashalg = SEC_OID_SHA1; |
238 break; | 238 break; |
239 case SEC_OID_PKCS1_RSA_ENCRYPTION: | 239 case SEC_OID_PKCS1_RSA_ENCRYPTION: |
| 240 case SEC_OID_PKCS1_RSA_PSS_SIGNATURE: |
240 *hashalg = SEC_OID_UNKNOWN; /* get it from the RSA signature */ | 241 *hashalg = SEC_OID_UNKNOWN; /* get it from the RSA signature */ |
241 break; | 242 break; |
242 | 243 |
243 case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: | 244 case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: |
244 case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: | 245 case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: |
245 *hashalg = SEC_OID_SHA256; | 246 *hashalg = SEC_OID_SHA256; |
246 break; | 247 break; |
247 case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: | 248 case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: |
248 case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: | 249 case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: |
249 *hashalg = SEC_OID_SHA384; | 250 *hashalg = SEC_OID_SHA384; |
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
320 case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION: | 321 case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION: |
321 case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: | 322 case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: |
322 case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: | 323 case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: |
323 case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE: | 324 case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE: |
324 case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE: | 325 case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE: |
325 case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: | 326 case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: |
326 case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: | 327 case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: |
327 case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: | 328 case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: |
328 *encalg = SEC_OID_PKCS1_RSA_ENCRYPTION; | 329 *encalg = SEC_OID_PKCS1_RSA_ENCRYPTION; |
329 break; | 330 break; |
| 331 case SEC_OID_PKCS1_RSA_PSS_SIGNATURE: |
| 332 *encalg = SEC_OID_PKCS1_RSA_PSS_SIGNATURE; |
| 333 break; |
330 | 334 |
331 /* what about normal DSA? */ | 335 /* what about normal DSA? */ |
332 case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST: | 336 case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST: |
333 case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST: | 337 case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST: |
334 *encalg = SEC_OID_ANSIX9_DSA_SIGNATURE; | 338 *encalg = SEC_OID_ANSIX9_DSA_SIGNATURE; |
335 break; | 339 break; |
336 case SEC_OID_MISSI_DSS: | 340 case SEC_OID_MISSI_DSS: |
337 case SEC_OID_MISSI_KEA_DSS: | 341 case SEC_OID_MISSI_KEA_DSS: |
338 case SEC_OID_MISSI_KEA_DSS_OLD: | 342 case SEC_OID_MISSI_KEA_DSS_OLD: |
339 case SEC_OID_MISSI_DSS_OLD: | 343 case SEC_OID_MISSI_DSS_OLD: |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
371 static VFYContext * | 375 static VFYContext * |
372 vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig, | 376 vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig, |
373 SECOidTag encAlg, SECOidTag hashAlg, SECOidTag *hash, void *wincx) | 377 SECOidTag encAlg, SECOidTag hashAlg, SECOidTag *hash, void *wincx) |
374 { | 378 { |
375 VFYContext *cx; | 379 VFYContext *cx; |
376 SECStatus rv; | 380 SECStatus rv; |
377 unsigned int sigLen; | 381 unsigned int sigLen; |
378 KeyType type; | 382 KeyType type; |
379 | 383 |
380 /* make sure the encryption algorithm matches the key type */ | 384 /* make sure the encryption algorithm matches the key type */ |
| 385 /* RSA-PSS algorithm can be used with both rsaKey and rsaPssKey */ |
381 type = seckey_GetKeyType(encAlg); | 386 type = seckey_GetKeyType(encAlg); |
382 if (key->keyType != type) { | 387 if ((key->keyType != type) && |
| 388 » ((key->keyType != rsaKey) || (type != rsaPssKey))) { |
383 PORT_SetError(SEC_ERROR_PKCS7_KEYALG_MISMATCH); | 389 PORT_SetError(SEC_ERROR_PKCS7_KEYALG_MISMATCH); |
384 return NULL; | 390 return NULL; |
385 } | 391 } |
386 | 392 |
387 cx = (VFYContext*) PORT_ZAlloc(sizeof(VFYContext)); | 393 cx = (VFYContext*) PORT_ZAlloc(sizeof(VFYContext)); |
388 if (cx == NULL) { | 394 if (cx == NULL) { |
389 goto loser; | 395 goto loser; |
390 } | 396 } |
391 | 397 |
392 cx->wincx = wincx; | 398 cx->wincx = wincx; |
393 cx->hasSignature = (sig != NULL); | 399 cx->hasSignature = (sig != NULL); |
394 cx->encAlg = encAlg; | 400 cx->encAlg = encAlg; |
395 cx->hashAlg = hashAlg; | 401 cx->hashAlg = hashAlg; |
396 cx->key = SECKEY_CopyPublicKey(key); | 402 cx->key = SECKEY_CopyPublicKey(key); |
397 rv = SECSuccess; | 403 rv = SECSuccess; |
398 if (sig) { | 404 if (sig) { |
399 » switch (key->keyType) { | 405 » switch (type) { |
400 case rsaKey: | 406 case rsaKey: |
401 rv = DecryptSigBlock(&cx->hashAlg, cx->u.buffer, &cx->rsadigestlen, | 407 rv = DecryptSigBlock(&cx->hashAlg, cx->u.buffer, &cx->rsadigestlen, |
402 HASH_LENGTH_MAX, cx->key, sig, (char*)wincx); | 408 HASH_LENGTH_MAX, cx->key, sig, (char*)wincx); |
403 if (cx->hashAlg != hashAlg && hashAlg != SEC_OID_UNKNOWN) { | 409 if (cx->hashAlg != hashAlg && hashAlg != SEC_OID_UNKNOWN) { |
404 PORT_SetError(SEC_ERROR_BAD_SIGNATURE); | 410 PORT_SetError(SEC_ERROR_BAD_SIGNATURE); |
405 rv = SECFailure; | 411 rv = SECFailure; |
406 } | 412 } |
407 break; | 413 break; |
408 case dsaKey: | 414 case dsaKey: |
409 case ecKey: | 415 case ecKey: |
(...skipping 331 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
741 { | 747 { |
742 SECOidTag encAlg, hashAlg; | 748 SECOidTag encAlg, hashAlg; |
743 SECOidTag sigAlg = SECOID_GetAlgorithmTag((SECAlgorithmID *)sigAlgorithm); | 749 SECOidTag sigAlg = SECOID_GetAlgorithmTag((SECAlgorithmID *)sigAlgorithm); |
744 SECStatus rv = sec_DecodeSigAlg(key, sigAlg, | 750 SECStatus rv = sec_DecodeSigAlg(key, sigAlg, |
745 &sigAlgorithm->parameters, &encAlg, &hashAlg); | 751 &sigAlgorithm->parameters, &encAlg, &hashAlg); |
746 if (rv != SECSuccess) { | 752 if (rv != SECSuccess) { |
747 return rv; | 753 return rv; |
748 } | 754 } |
749 return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, hash, wincx); | 755 return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, hash, wincx); |
750 } | 756 } |
OLD | NEW |