Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(593)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: firmware/lib/cryptolib/rsa.c

Issue 3216010: Use SafeMemcmp() in RSAVerify() just to be safe. (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git
Patch Set: Created 10 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | firmware/version.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be 2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file. 3 * found in the LICENSE file.
4 */ 4 */
5 5
6 /* Implementation of RSA signature verification which uses a pre-processed 6 /* Implementation of RSA signature verification which uses a pre-processed
7 * key for computation. The code extends Android's RSA verification code to 7 * key for computation. The code extends Android's RSA verification code to
8 * support multiple RSA key lengths and hash digest algorithms. 8 * support multiple RSA key lengths and hash digest algorithms.
9 */ 9 */
10 10
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after
122 } 122 }
123 123
124 /* Verify a RSA PKCS1.5 signature against an expected hash. 124 /* Verify a RSA PKCS1.5 signature against an expected hash.
125 * Returns 0 on failure, 1 on success. 125 * Returns 0 on failure, 1 on success.
126 */ 126 */
127 int RSAVerify(const RSAPublicKey *key, 127 int RSAVerify(const RSAPublicKey *key,
128 const uint8_t *sig, 128 const uint8_t *sig,
129 const uint32_t sig_len, 129 const uint32_t sig_len,
130 const uint8_t sig_type, 130 const uint8_t sig_type,
131 const uint8_t *hash) { 131 const uint8_t *hash) {
132 int i;
133 uint8_t* buf; 132 uint8_t* buf;
134 const uint8_t* padding; 133 const uint8_t* padding;
134 int padding_len;
135 int success = 1; 135 int success = 1;
136 136
137 if (!key || !sig || !hash) 137 if (!key || !sig || !hash)
138 return 0; 138 return 0;
139 139
140 if (sig_len != (key->len * sizeof(uint32_t))) { 140 if (sig_len != (key->len * sizeof(uint32_t))) {
141 VBDEBUG(("Signature is of incorrect length!\n")); 141 VBDEBUG(("Signature is of incorrect length!\n"));
142 return 0; 142 return 0;
143 } 143 }
144 144
145 if (sig_type >= kNumAlgorithms) { 145 if (sig_type >= kNumAlgorithms) {
146 VBDEBUG(("Invalid signature type!\n")); 146 VBDEBUG(("Invalid signature type!\n"));
147 return 0; 147 return 0;
148 } 148 }
149 149
150 if (key->len != siglen_map[sig_type] / sizeof(uint32_t)) { 150 if (key->len != siglen_map[sig_type] / sizeof(uint32_t)) {
151 VBDEBUG(("Wrong key passed in!\n")); 151 VBDEBUG(("Wrong key passed in!\n"));
152 return 0; 152 return 0;
153 } 153 }
154 154
155 buf = (uint8_t*) Malloc(sig_len); 155 buf = (uint8_t*) Malloc(sig_len);
156 if (!buf) 156 if (!buf)
157 return 0; 157 return 0;
158 Memcpy(buf, sig, sig_len); 158 Memcpy(buf, sig, sig_len);
159 159
160 modpowF4(key, buf); 160 modpowF4(key, buf);
161 161
162 /* Determine padding to use depending on the signature type. */ 162 /* Determine padding to use depending on the signature type. */
163 padding = padding_map[sig_type]; 163 padding = padding_map[sig_type];
164 padding_len = padding_size_map[sig_type];
165
166 /* Even though there are probably no timing issues here, we use
167 * SafeMemcmp() just to be on the safe side. */
164 168
165 /* Check pkcs1.5 padding bytes. */ 169 /* Check pkcs1.5 padding bytes. */
166 for (i = 0; i < padding_size_map[sig_type]; ++i) { 170 if (SafeMemcmp(buf, padding, padding_len)) {
167 if (buf[i] != padding[i]) { 171 VBDEBUG(("In RSAVerify(): Padding check failed!\n"));
168 #ifndef NDEBUG 172 success = 0;
169 VBDEBUG(("Padding: Expecting = %02x Got = %02x\n", padding[i], buf[i]));
170 #endif
171 success = 0;
172 }
173 } 173 }
174 174
175 /* Check if digest matches. */ 175 /* Check hash. */
176 for (; i < (int)sig_len; ++i) { 176 if (SafeMemcmp(buf + padding_len, hash, sig_len - padding_len)) {
177 if (buf[i] != *hash++) { 177 VBDEBUG(("In RSAVerify(): Hash check failed!\n"));
178 #ifndef NDEBUG 178 success = 0;
179 VBDEBUG(("Digest: Expecting = %02x Got = %02x\n", padding[i], buf[i]));
180 #endif
181 success = 0;
182 }
183 } 179 }
184
185 Free(buf); 180 Free(buf);
186 181
187 return success; 182 return success;
188 } 183 }
OLDNEW
« no previous file with comments | « no previous file | firmware/version.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698