1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This code is made available to you under your choice of the following sets
4 * of licensing terms:
5 */
6 /* This Source Code Form is subject to the terms of the Mozilla Public
7 * License, v. 2.0. If a copy of the MPL was not distributed with this
8 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
9 */
10 /* Copyright 2015 Mozilla Contributors
11 *
12 * Licensed under the Apache License, Version 2.0 (the "License");
13 * you may not use this file except in compliance with the License.
14 * You may obtain a copy of the License at
15 *
16 * http://www.apache.org/licenses/LICENSE-2.0
17 *
18 * Unless required by applicable law or agreed to in writing, software
19 * distributed under the License is distributed on an "AS IS" BASIS,
20 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21 * See the License for the specific language governing permissions and
22 * limitations under the License.
23 */
24
25 #include "pkixutil.h"
26
27 namespace mozilla {
28 namespace pkix {
29
DigestSignedData(TrustDomain & trustDomain,const der::SignedDataWithSignature & signedData,uint8_t (& digestBuf)[MAX_DIGEST_SIZE_IN_BYTES],der::PublicKeyAlgorithm & publicKeyAlg,SignedDigest & signedDigest)30 Result DigestSignedData(TrustDomain& trustDomain,
31 const der::SignedDataWithSignature& signedData,
32 /*out*/ uint8_t (&digestBuf)[MAX_DIGEST_SIZE_IN_BYTES],
33 /*out*/ der::PublicKeyAlgorithm& publicKeyAlg,
34 /*out*/ SignedDigest& signedDigest) {
35 Reader signatureAlg(signedData.algorithm);
36 Result rv = der::SignatureAlgorithmIdentifierValue(
37 signatureAlg, publicKeyAlg, signedDigest.digestAlgorithm);
38 if (rv != Success) {
39 return rv;
40 }
41 if (!signatureAlg.AtEnd()) {
42 return Result::ERROR_BAD_DER;
43 }
44
45 size_t digestLen;
46 switch (signedDigest.digestAlgorithm) {
47 case DigestAlgorithm::sha512:
48 digestLen = 512 / 8;
49 break;
50 case DigestAlgorithm::sha384:
51 digestLen = 384 / 8;
52 break;
53 case DigestAlgorithm::sha256:
54 digestLen = 256 / 8;
55 break;
56 case DigestAlgorithm::sha1:
57 digestLen = 160 / 8;
58 break;
59 MOZILLA_PKIX_UNREACHABLE_DEFAULT_ENUM
60 }
61 assert(digestLen <= sizeof(digestBuf));
62
63 rv = trustDomain.DigestBuf(signedData.data, signedDigest.digestAlgorithm,
64 digestBuf, digestLen);
65 if (rv != Success) {
66 return rv;
67 }
68 rv = signedDigest.digest.Init(digestBuf, digestLen);
69 if (rv != Success) {
70 return rv;
71 }
72
73 return signedDigest.signature.Init(signedData.signature);
74 }
75
VerifySignedDigest(TrustDomain & trustDomain,der::PublicKeyAlgorithm publicKeyAlg,const SignedDigest & signedDigest,Input signerSubjectPublicKeyInfo)76 Result VerifySignedDigest(TrustDomain& trustDomain,
77 der::PublicKeyAlgorithm publicKeyAlg,
78 const SignedDigest& signedDigest,
79 Input signerSubjectPublicKeyInfo) {
80 switch (publicKeyAlg) {
81 case der::PublicKeyAlgorithm::ECDSA:
82 return trustDomain.VerifyECDSASignedDigest(signedDigest,
83 signerSubjectPublicKeyInfo);
84 case der::PublicKeyAlgorithm::RSA_PKCS1:
85 return trustDomain.VerifyRSAPKCS1SignedDigest(signedDigest,
86 signerSubjectPublicKeyInfo);
87 MOZILLA_PKIX_UNREACHABLE_DEFAULT_ENUM
88 }
89 }
90
VerifySignedData(TrustDomain & trustDomain,const der::SignedDataWithSignature & signedData,Input signerSubjectPublicKeyInfo)91 Result VerifySignedData(TrustDomain& trustDomain,
92 const der::SignedDataWithSignature& signedData,
93 Input signerSubjectPublicKeyInfo) {
94 uint8_t digestBuf[MAX_DIGEST_SIZE_IN_BYTES];
95 der::PublicKeyAlgorithm publicKeyAlg;
96 SignedDigest signedDigest;
97 Result rv = DigestSignedData(trustDomain, signedData, digestBuf, publicKeyAlg,
98 signedDigest);
99 if (rv != Success) {
100 return rv;
101 }
102 return VerifySignedDigest(trustDomain, publicKeyAlg, signedDigest,
103 signerSubjectPublicKeyInfo);
104 }
105
106 } // namespace pkix
107 } // namespace mozilla
108