Bug 921890: Add key extraction and signature verification to insanity::pkix, r=keeler, r=cviecco, a=sledru
authorBrian Smith <brian@briansmith.org>
Tue, 01 Oct 2013 01:08:42 -0700
changeset 182818 107e019c0b8a378b5fa5c92f9730578a2f0342e9
parent 182817 6c70ddf788440785f56b53550a7b7e491301c13e
child 182819 0a2d092dc40ebce83467bb4c71017a4372672a36
push id3343
push userffxbld
push dateMon, 17 Mar 2014 21:55:32 +0000
treeherdermozilla-beta@2f7d3415f79f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler, cviecco, sledru
bugs921890
milestone29.0a2
Bug 921890: Add key extraction and signature verification to insanity::pkix, r=keeler, r=cviecco, a=sledru
security/certverifier/moz.build
security/insanity/include/insanity/pkix.h
security/insanity/lib/pkixkey.cpp
--- a/security/certverifier/moz.build
+++ b/security/certverifier/moz.build
@@ -6,16 +6,17 @@
 
 UNIFIED_SOURCES += [
     'CertVerifier.cpp',
     'NSSCertDBTrustDomain.cpp',
 ]
 
 if not CONFIG['NSS_NO_LIBPKIX']:
     UNIFIED_SOURCES += [
+        '../insanity/lib/pkixkey.cpp',
         'ExtendedValidation.cpp',
     ]
 
 LOCAL_INCLUDES += [
     '../insanity/include',
 ]
 
 FINAL_LIBRARY = 'xul'
new file mode 100644
--- /dev/null
+++ b/security/insanity/include/insanity/pkix.h
@@ -0,0 +1,34 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* Copyright 2013 Mozilla Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef insanity_pkix__pkix_h
+#define insanity_pkix__pkix_h
+
+#include "certt.h"
+#include "seccomon.h"
+
+namespace insanity { namespace pkix {
+
+// Verify the given signed data using the public key of the given certificate.
+// (EC)DSA parameter inheritance is not supported.
+SECStatus VerifySignedData(const CERTSignedData* sd,
+                           const CERTCertificate* cert,
+                           void* pkcs11PinArg);
+
+} } // namespace insanity::pkix
+
+#endif // insanity_pkix__pkix_h
new file mode 100644
--- /dev/null
+++ b/security/insanity/lib/pkixkey.cpp
@@ -0,0 +1,90 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* Copyright 2013 Mozilla Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "insanity/pkix.h"
+#include "insanity/pkixtypes.h"
+
+#include <limits>
+#include <stdint.h>
+
+#include "cert.h"
+#include "cryptohi.h"
+#include "prerror.h"
+#include "secerr.h"
+
+namespace insanity { namespace pkix {
+
+SECStatus
+VerifySignedData(const CERTSignedData* sd, const CERTCertificate* cert,
+                 void* pkcs11PinArg)
+{
+  if (!sd || !sd->data.data || !sd->signatureAlgorithm.algorithm.data ||
+      !sd->signature.data || !cert) {
+    PR_NOT_REACHED("invalid args to VerifySignedData");
+    PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
+    return SECFailure;
+  }
+
+  // See bug 921585.
+  if (sd->data.len > static_cast<unsigned int>(std::numeric_limits<int>::max())) {
+    PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
+    return SECFailure;
+  }
+
+  // convert sig->len from bit counts to byte count.
+  SECItem sig = sd->signature;
+  DER_ConvertBitString(&sig);
+
+  // Use SECKEY_ExtractPublicKey instead of CERT_ExtractPublicKey because
+  // CERT_ExtractPublicKey would try to do (EC)DSA parameter inheritance, using
+  // the classic (wrong) NSS path building logic. We intentionally do not
+  // support parameter inheritance.
+  ScopedSECKEYPublicKey
+    pubKey(SECKEY_ExtractPublicKey(&cert->subjectPublicKeyInfo));
+  if (!pubKey) {
+    return SECFailure;
+  }
+
+  SECOidTag hashAlg;
+  if (VFY_VerifyDataWithAlgorithmID(sd->data.data, static_cast<int>(sd->data.len),
+                                    pubKey.get(), &sig, &sd->signatureAlgorithm,
+                                    &hashAlg, pkcs11PinArg) != SECSuccess) {
+    return SECFailure;
+  }
+
+  // TODO: Ideally, we would do this check before we call
+  // VFY_VerifyDataWithAlgorithmID. But, VFY_VerifyDataWithAlgorithmID gives us
+  // the hash algorithm so it is more convenient to do things in this order.
+  uint32_t policy;
+  if (NSS_GetAlgorithmPolicy(hashAlg, &policy) != SECSuccess) {
+    return SECFailure;
+  }
+
+  // XXX: I'm not sure why there isn't NSS_USE_ALG_IN_SSL_SIGNATURE, but there
+  // isn't. Since we don't know the context in which we're being called, be as
+  // strict as we can be given the NSS API that is available.
+  static const uint32_t requiredPolicy = NSS_USE_ALG_IN_CERT_SIGNATURE |
+                                         NSS_USE_ALG_IN_CMS_SIGNATURE;
+  if ((policy & requiredPolicy) != requiredPolicy) {
+    PR_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED, 0);
+    return SECFailure;
+  }
+
+  return SECSuccess;
+}
+
+} } // namespace insanity::pkix