| Index: nss/mozilla/security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.c
|
| ===================================================================
|
| --- nss/mozilla/security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.c (revision 0)
|
| +++ nss/mozilla/security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.c (revision 0)
|
| @@ -0,0 +1,475 @@
|
| +/* ***** BEGIN LICENSE BLOCK *****
|
| + * Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
| + *
|
| + * The contents of this file are subject to the Mozilla Public License Version
|
| + * 1.1 (the "License"); you may not use this file except in compliance with
|
| + * the License. You may obtain a copy of the License at
|
| + * http://www.mozilla.org/MPL/
|
| + *
|
| + * Software distributed under the License is distributed on an "AS IS" basis,
|
| + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
| + * for the specific language governing rights and limitations under the
|
| + * License.
|
| + *
|
| + * The Original Code is the PKIX-C library.
|
| + *
|
| + * The Initial Developer of the Original Code is
|
| + * Sun Microsystems, Inc.
|
| + * Portions created by the Initial Developer are
|
| + * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
|
| + *
|
| + * Contributor(s):
|
| + * Sun Microsystems, Inc.
|
| + *
|
| + * Alternatively, the contents of this file may be used under the terms of
|
| + * either the GNU General Public License Version 2 or later (the "GPL"), or
|
| + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
| + * in which case the provisions of the GPL or the LGPL are applicable instead
|
| + * of those above. If you wish to allow use of your version of this file only
|
| + * under the terms of either the GPL or the LGPL, and not to allow others to
|
| + * use your version of this file under the terms of the MPL, indicate your
|
| + * decision by deleting the provisions above and replace them with the notice
|
| + * and other provisions required by the GPL or the LGPL. If you do not delete
|
| + * the provisions above, a recipient may use your version of this file under
|
| + * the terms of any one of the MPL, the GPL or the LGPL.
|
| + *
|
| + * ***** END LICENSE BLOCK ***** */
|
| +/*
|
| + * pkix_signaturechecker.c
|
| + *
|
| + * Functions for signature validation
|
| + *
|
| + */
|
| +
|
| +#include "pkix_signaturechecker.h"
|
| +
|
| +/*
|
| + * FUNCTION: pkix_SignatureCheckerstate_Destroy
|
| + * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
|
| + */
|
| +static PKIX_Error *
|
| +pkix_SignatureCheckerState_Destroy(
|
| + PKIX_PL_Object *object,
|
| + void *plContext)
|
| +{
|
| + pkix_SignatureCheckerState *state = NULL;
|
| +
|
| + PKIX_ENTER(SIGNATURECHECKERSTATE,
|
| + "pkix_SignatureCheckerState_Destroy");
|
| + PKIX_NULLCHECK_ONE(object);
|
| +
|
| + /* Check that this object is a signature checker state */
|
| + PKIX_CHECK(pkix_CheckType
|
| + (object, PKIX_SIGNATURECHECKERSTATE_TYPE, plContext),
|
| + PKIX_OBJECTNOTSIGNATURECHECKERSTATE);
|
| +
|
| + state = (pkix_SignatureCheckerState *) object;
|
| +
|
| + state->prevCertCertSign = PKIX_FALSE;
|
| +
|
| + PKIX_DECREF(state->prevPublicKey);
|
| + PKIX_DECREF(state->prevPublicKeyList);
|
| + PKIX_DECREF(state->keyUsageOID);
|
| +
|
| +cleanup:
|
| +
|
| + PKIX_RETURN(SIGNATURECHECKERSTATE);
|
| +}
|
| +
|
| +/*
|
| + * FUNCTION: pkix_SignatureCheckerState_RegisterSelf
|
| + *
|
| + * DESCRIPTION:
|
| + * Registers PKIX_SIGNATURECHECKERSTATE_TYPE and its related functions
|
| + * with systemClasses[]
|
| + *
|
| + * THREAD SAFETY:
|
| + * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
| + *
|
| + * Since this function is only called by PKIX_PL_Initialize, which should
|
| + * only be called once, it is acceptable that this function is not
|
| + * thread-safe.
|
| + */
|
| +PKIX_Error *
|
| +pkix_SignatureCheckerState_RegisterSelf(void *plContext)
|
| +{
|
| + extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
|
| + pkix_ClassTable_Entry entry;
|
| +
|
| + PKIX_ENTER(SIGNATURECHECKERSTATE,
|
| + "pkix_SignatureCheckerState_RegisterSelf");
|
| +
|
| + entry.description = "SignatureCheckerState";
|
| + entry.objCounter = 0;
|
| + entry.typeObjectSize = sizeof(pkix_SignatureCheckerState);
|
| + entry.destructor = pkix_SignatureCheckerState_Destroy;
|
| + entry.equalsFunction = NULL;
|
| + entry.hashcodeFunction = NULL;
|
| + entry.toStringFunction = NULL;
|
| + entry.comparator = NULL;
|
| + entry.duplicateFunction = NULL;
|
| +
|
| + systemClasses[PKIX_SIGNATURECHECKERSTATE_TYPE] = entry;
|
| +
|
| + PKIX_RETURN(SIGNATURECHECKERSTATE);
|
| +}
|
| +
|
| +/*
|
| + * FUNCTION: pkix_SignatureCheckerState_Create
|
| + *
|
| + * DESCRIPTION:
|
| + * Allocate and initialize SignatureChecker state data.
|
| + *
|
| + * PARAMETERS
|
| + * "trustedPubKey"
|
| + * Address of trusted Anchor Public Key for verifying first Cert in the
|
| + * chain. Must be non-NULL.
|
| + * "certsRemaining"
|
| + * Number of certificates remaining in the chain.
|
| + * "pCheckerState"
|
| + * Address where SignatureCheckerState will be stored. Must be non-NULL.
|
| + * "plContext"
|
| + * Platform-specific context pointer.
|
| + *
|
| + * THREAD SAFETY:
|
| + * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
| + *
|
| + * RETURNS:
|
| + * Returns NULL if the function succeeds.
|
| + * Returns a SignatureCheckerState Error if the function fails in a
|
| + * non-fatal way.
|
| + * Returns a Fatal Error if the function fails in an unrecoverable way.
|
| + */
|
| +static PKIX_Error *
|
| +pkix_SignatureCheckerState_Create(
|
| + PKIX_PL_PublicKey *trustedPubKey,
|
| + PKIX_UInt32 certsRemaining,
|
| + pkix_SignatureCheckerState **pCheckerState,
|
| + void *plContext)
|
| +{
|
| + pkix_SignatureCheckerState *state = NULL;
|
| + PKIX_PL_OID *keyUsageOID = NULL;
|
| +
|
| + PKIX_ENTER(SIGNATURECHECKERSTATE, "pkix_SignatureCheckerState_Create");
|
| + PKIX_NULLCHECK_TWO(trustedPubKey, pCheckerState);
|
| +
|
| + PKIX_CHECK(PKIX_PL_Object_Alloc
|
| + (PKIX_SIGNATURECHECKERSTATE_TYPE,
|
| + sizeof (pkix_SignatureCheckerState),
|
| + (PKIX_PL_Object **)&state,
|
| + plContext),
|
| + PKIX_COULDNOTCREATESIGNATURECHECKERSTATEOBJECT);
|
| +
|
| + /* Initialize fields */
|
| +
|
| + state->prevCertCertSign = PKIX_TRUE;
|
| + state->prevPublicKeyList = NULL;
|
| + state->certsRemaining = certsRemaining;
|
| +
|
| + PKIX_INCREF(trustedPubKey);
|
| + state->prevPublicKey = trustedPubKey;
|
| +
|
| + PKIX_CHECK(PKIX_PL_OID_Create
|
| + (PKIX_CERTKEYUSAGE_OID,
|
| + &keyUsageOID,
|
| + plContext),
|
| + PKIX_OIDCREATEFAILED);
|
| +
|
| + state->keyUsageOID = keyUsageOID;
|
| + keyUsageOID = NULL;
|
| +
|
| + *pCheckerState = state;
|
| + state = NULL;
|
| +
|
| +cleanup:
|
| +
|
| + PKIX_DECREF(keyUsageOID);
|
| + PKIX_DECREF(state);
|
| +
|
| + PKIX_RETURN(SIGNATURECHECKERSTATE);
|
| +}
|
| +
|
| +/* --Private-Functions-------------------------------------------- */
|
| +
|
| +/*
|
| + * FUNCTION: pkix_SignatureChecker_Check
|
| + * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
|
| + */
|
| +PKIX_Error *
|
| +pkix_SignatureChecker_Check(
|
| + PKIX_CertChainChecker *checker,
|
| + PKIX_PL_Cert *cert,
|
| + PKIX_List *unresolvedCriticalExtensions,
|
| + void **pNBIOContext,
|
| + void *plContext)
|
| +{
|
| + pkix_SignatureCheckerState *state = NULL;
|
| + PKIX_PL_PublicKey *prevPubKey = NULL;
|
| + PKIX_PL_PublicKey *currPubKey = NULL;
|
| + PKIX_PL_PublicKey *newPubKey = NULL;
|
| + PKIX_PL_PublicKey *pKey = NULL;
|
| + PKIX_PL_CertBasicConstraints *basicConstraints = NULL;
|
| + PKIX_Error *checkKeyUsageFail = NULL;
|
| + PKIX_Error *verifyFail = NULL;
|
| + PKIX_Boolean certVerified = PKIX_FALSE;
|
| +
|
| + PKIX_ENTER(CERTCHAINCHECKER, "pkix_SignatureChecker_Check");
|
| + PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
|
| +
|
| + *pNBIOContext = NULL; /* we never block on pending I/O */
|
| +
|
| + PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
|
| + (checker, (PKIX_PL_Object **)&state, plContext),
|
| + PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
|
| +
|
| + (state->certsRemaining)--;
|
| +
|
| + PKIX_INCREF(state->prevPublicKey);
|
| + prevPubKey = state->prevPublicKey;
|
| +
|
| + /*
|
| + * Previous Cert doesn't have CertSign bit on for signature
|
| + * verification and it is not a self-issued Cert so there is no
|
| + * old key saved. This is considered error.
|
| + */
|
| + if (state->prevCertCertSign == PKIX_FALSE &&
|
| + state->prevPublicKeyList == NULL) {
|
| + PKIX_ERROR(PKIX_KEYUSAGEKEYCERTSIGNBITNOTON);
|
| + }
|
| +
|
| + /* Previous Cert is valid for signature verification, try it first */
|
| + if (state->prevCertCertSign == PKIX_TRUE) {
|
| + verifyFail = PKIX_PL_Cert_VerifySignature
|
| + (cert, prevPubKey, plContext);
|
| + if (verifyFail == NULL) {
|
| + certVerified = PKIX_TRUE;
|
| + } else {
|
| + certVerified = PKIX_FALSE;
|
| + PKIX_DECREF(verifyFail);
|
| + }
|
| + }
|
| +
|
| +#ifdef NIST_TEST_4_5_4_AND_4_5_6
|
| +
|
| + /*
|
| + * Following codes under this compiler flag is implemented for
|
| + * special cases of NIST tests 4.5.4 and 4.5.6. We are not sure
|
| + * we should handle these two tests as what is implemented so the
|
| + * codes are commented out, and the tests fails (for now).
|
| + * For Cert chain validation, our assumption is all the Certs on
|
| + * the chain are using its previous Cert's public key to decode
|
| + * its current key. But for thses two tests, keys are used not
|
| + * in this precedent order, we can either
|
| + * 1) Use what is implemented here: take in what Cert order NIST
|
| + * specified and for continuous self-issued Certs, stacking up
|
| + * their keys and tries all of them in FILO order.
|
| + * But this method breaks the idea of chain key presdency.
|
| + * 2) Use Build Chain facility: we will specify the valid Certs
|
| + * order (means key precedency is kept) and count on Build Chain
|
| + * to get the Certs that can fill for the needed keys. This may have
|
| + * performance impact.
|
| + * 3) Fetch Certs from CertStore: we will specifiy the valid Certs
|
| + * order and use CertSelector on SubjectName to get a list of
|
| + * candidates Certs to fill in for the needed keys.
|
| + * Anyhow, the codes are kept around just in case we want to use
|
| + * solution one...
|
| + */
|
| +
|
| + /* If failed and previous key is self-issued, try its old key(s) */
|
| + if (certVerified == PKIX_FALSE && state->prevPublicKeyList != NULL) {
|
| +
|
| + /* Verify from keys on the list */
|
| + PKIX_CHECK(PKIX_List_GetLength
|
| + (state->prevPublicKeyList, &numKeys, plContext),
|
| + PKIX_LISTGETLENGTHFAILED);
|
| +
|
| + for (i = numKeys - 1; i >= 0; i--) {
|
| +
|
| + PKIX_CHECK(PKIX_List_GetItem
|
| + (state->prevPublicKeyList,
|
| + i,
|
| + (PKIX_PL_Object **) &pKey,
|
| + plContext),
|
| + PKIX_LISTGETITEMFAILED);
|
| +
|
| + verifyFail = PKIX_PL_Cert_VerifySignature
|
| + (cert, pKey, plContext);
|
| +
|
| + if (verifyFail == NULL) {
|
| + certVerified = PKIX_TRUE;
|
| + break;
|
| + } else {
|
| + certVerified = PKIX_FALSE;
|
| + PKIX_DECREF(verifyFail);
|
| + }
|
| +
|
| + PKIX_DECREF(pKey);
|
| + }
|
| + }
|
| +#endif
|
| +
|
| + if (certVerified == PKIX_FALSE) {
|
| + PKIX_ERROR(PKIX_VALIDATIONFAILEDCERTSIGNATURECHECKING);
|
| + }
|
| +
|
| +#ifdef NIST_TEST_4_5_4_AND_4_5_6
|
| + /*
|
| + * Check if Cert is self-issued. If so, the old key(s) is saved, in
|
| + * conjunction to the new key, for verifying CERT validity later.
|
| + */
|
| + PKIX_CHECK(pkix_IsCertSelfIssued(cert, &selfIssued, plContext),
|
| + PKIX_ISCERTSELFISSUEFAILED);
|
| +
|
| + /*
|
| + * Check if Cert is self-issued. If so, the public key of the Cert
|
| + * that issues this Cert (old key) can be used together with this
|
| + * current key (new key) for key verification. If there are multiple
|
| + * self-issued certs, keys of those Certs (old keys) can also be used
|
| + * for key verification. Old key(s) is saved in a list (PrevPublickKey-
|
| + * List) and cleared when a Cert is no longer self-issued. PrevPublic-
|
| + * Key keep key of the previous Cert.
|
| + */
|
| + if (selfIssued == PKIX_TRUE) {
|
| +
|
| + /* Make sure previous Cert is valid for signature verification */
|
| + if (state->prevCertCertSign == PKIX_TRUE) {
|
| +
|
| + if (state->prevPublicKeyList == NULL) {
|
| +
|
| + PKIX_CHECK(PKIX_List_Create
|
| + (&state->prevPublicKeyList, plContext),
|
| + PKIX_LISTCREATEFALIED);
|
| +
|
| + }
|
| +
|
| + PKIX_CHECK(PKIX_List_AppendItem
|
| + (state->prevPublicKeyList,
|
| + (PKIX_PL_Object *) state->prevPublicKey,
|
| + plContext),
|
| + PKIX_LISTAPPENDITEMFAILED);
|
| + }
|
| +
|
| + } else {
|
| + /* Not self-issued Cert any more, clear old key(s) saved */
|
| + PKIX_DECREF(state->prevPublicKeyList);
|
| + }
|
| +#endif
|
| +
|
| + /* Save current key as prevPublicKey */
|
| + PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKey
|
| + (cert, &currPubKey, plContext),
|
| + PKIX_CERTGETSUBJECTPUBLICKEYFAILED);
|
| +
|
| + PKIX_CHECK(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey
|
| + (currPubKey, prevPubKey, &newPubKey, plContext),
|
| + PKIX_PUBLICKEYMAKEINHERITEDDSAPUBLICKEYFAILED);
|
| +
|
| + if (newPubKey == NULL){
|
| + PKIX_INCREF(currPubKey);
|
| + newPubKey = currPubKey;
|
| + }
|
| +
|
| + PKIX_INCREF(newPubKey);
|
| + PKIX_DECREF(state->prevPublicKey);
|
| +
|
| + state->prevPublicKey = newPubKey;
|
| +
|
| + /* Save this Cert key usage CertSign bit */
|
| + if (state->certsRemaining != 0) {
|
| + checkKeyUsageFail = PKIX_PL_Cert_VerifyKeyUsage
|
| + (cert, PKIX_KEY_CERT_SIGN, plContext);
|
| +
|
| + state->prevCertCertSign = (checkKeyUsageFail == NULL)?
|
| + PKIX_TRUE:PKIX_FALSE;
|
| +
|
| + PKIX_DECREF(checkKeyUsageFail);
|
| + }
|
| +
|
| + /* Remove Key Usage Extension OID from list */
|
| + if (unresolvedCriticalExtensions != NULL) {
|
| +
|
| + PKIX_CHECK(pkix_List_Remove
|
| + (unresolvedCriticalExtensions,
|
| + (PKIX_PL_Object *) state->keyUsageOID,
|
| + plContext),
|
| + PKIX_LISTREMOVEFAILED);
|
| + }
|
| +
|
| + PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerState
|
| + (checker, (PKIX_PL_Object *)state, plContext),
|
| + PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED);
|
| +
|
| +cleanup:
|
| +
|
| + PKIX_DECREF(state);
|
| + PKIX_DECREF(pKey);
|
| + PKIX_DECREF(prevPubKey);
|
| + PKIX_DECREF(currPubKey);
|
| + PKIX_DECREF(newPubKey);
|
| + PKIX_DECREF(basicConstraints);
|
| + PKIX_DECREF(verifyFail);
|
| + PKIX_DECREF(checkKeyUsageFail);
|
| +
|
| + PKIX_RETURN(CERTCHAINCHECKER);
|
| +
|
| +}
|
| +
|
| +/*
|
| + * FUNCTION: pkix_SignatureChecker_Initialize
|
| + * DESCRIPTION:
|
| + *
|
| + * Creates a new CertChainChecker and stores it at "pChecker", where it will
|
| + * be used by pkix_SignatureChecker_Check to check that the public key in
|
| + * the checker's state is able to successfully validate the certificate's
|
| + * signature. The PublicKey pointed to by "trustedPubKey" is used to
|
| + * initialize the checker's state.
|
| + *
|
| + * PARAMETERS:
|
| + * "trustedPubKey"
|
| + * Address of PublicKey representing the trusted public key used to
|
| + * initialize the state of this checker. Must be non-NULL.
|
| + * "certsRemaining"
|
| + * Number of certificates remaining in the chain.
|
| + * "pChecker"
|
| + * Address where object pointer will be stored. Must be non-NULL.
|
| + * "plContext"
|
| + * Platform-specific context pointer.
|
| + * THREAD SAFETY:
|
| + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
| + * RETURNS:
|
| + * Returns NULL if the function succeeds.
|
| + * Returns a CertChainChecker Error if the function fails in a non-fatal way.
|
| + * Returns a Fatal Error if the function fails in an unrecoverable way.
|
| + */
|
| +PKIX_Error *
|
| +pkix_SignatureChecker_Initialize(
|
| + PKIX_PL_PublicKey *trustedPubKey,
|
| + PKIX_UInt32 certsRemaining,
|
| + PKIX_CertChainChecker **pChecker,
|
| + void *plContext)
|
| +{
|
| + pkix_SignatureCheckerState* state = NULL;
|
| + PKIX_ENTER(CERTCHAINCHECKER, "PKIX_SignatureChecker_Initialize");
|
| + PKIX_NULLCHECK_TWO(pChecker, trustedPubKey);
|
| +
|
| + PKIX_CHECK(pkix_SignatureCheckerState_Create
|
| + (trustedPubKey, certsRemaining, &state, plContext),
|
| + PKIX_SIGNATURECHECKERSTATECREATEFAILED);
|
| +
|
| + PKIX_CHECK(PKIX_CertChainChecker_Create
|
| + (pkix_SignatureChecker_Check,
|
| + PKIX_FALSE,
|
| + PKIX_FALSE,
|
| + NULL,
|
| + (PKIX_PL_Object *) state,
|
| + pChecker,
|
| + plContext),
|
| + PKIX_CERTCHAINCHECKERCREATEFAILED);
|
| +
|
| +cleanup:
|
| +
|
| + PKIX_DECREF(state);
|
| +
|
| + PKIX_RETURN(CERTCHAINCHECKER);
|
| +
|
| +}
|
|
|
| Property changes on: nss/mozilla/security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.c
|
| ___________________________________________________________________
|
| Added: svn:executable
|
| + *
|
| Added: svn:eol-style
|
| + LF
|
|
|
|
|
Chromium Code Reviews
Issue 7530005:
Add all NSS files to allow using a complete NSS in the future. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/