Bug 921890: Add key extraction and signature verification to insanity::pkix, r=keeler, r=cviecco, a=sledru
--- a/security/certverifier/moz.build
+++ b/security/certverifier/moz.build
@@ -6,16 +6,17 @@
UNIFIED_SOURCES += [
'CertVerifier.cpp',
'NSSCertDBTrustDomain.cpp',
]
if not CONFIG['NSS_NO_LIBPKIX']:
UNIFIED_SOURCES += [
+ '../insanity/lib/pkixkey.cpp',
'ExtendedValidation.cpp',
]
LOCAL_INCLUDES += [
'../insanity/include',
]
FINAL_LIBRARY = 'xul'
new file mode 100644
--- /dev/null
+++ b/security/insanity/include/insanity/pkix.h
@@ -0,0 +1,34 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* Copyright 2013 Mozilla Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef insanity_pkix__pkix_h
+#define insanity_pkix__pkix_h
+
+#include "certt.h"
+#include "seccomon.h"
+
+namespace insanity { namespace pkix {
+
+// Verify the given signed data using the public key of the given certificate.
+// (EC)DSA parameter inheritance is not supported.
+SECStatus VerifySignedData(const CERTSignedData* sd,
+ const CERTCertificate* cert,
+ void* pkcs11PinArg);
+
+} } // namespace insanity::pkix
+
+#endif // insanity_pkix__pkix_h
new file mode 100644
--- /dev/null
+++ b/security/insanity/lib/pkixkey.cpp
@@ -0,0 +1,90 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* Copyright 2013 Mozilla Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "insanity/pkix.h"
+#include "insanity/pkixtypes.h"
+
+#include <limits>
+#include <stdint.h>
+
+#include "cert.h"
+#include "cryptohi.h"
+#include "prerror.h"
+#include "secerr.h"
+
+namespace insanity { namespace pkix {
+
+SECStatus
+VerifySignedData(const CERTSignedData* sd, const CERTCertificate* cert,
+ void* pkcs11PinArg)
+{
+ if (!sd || !sd->data.data || !sd->signatureAlgorithm.algorithm.data ||
+ !sd->signature.data || !cert) {
+ PR_NOT_REACHED("invalid args to VerifySignedData");
+ PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
+ return SECFailure;
+ }
+
+ // See bug 921585.
+ if (sd->data.len > static_cast<unsigned int>(std::numeric_limits<int>::max())) {
+ PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
+ return SECFailure;
+ }
+
+ // convert sig->len from bit counts to byte count.
+ SECItem sig = sd->signature;
+ DER_ConvertBitString(&sig);
+
+ // Use SECKEY_ExtractPublicKey instead of CERT_ExtractPublicKey because
+ // CERT_ExtractPublicKey would try to do (EC)DSA parameter inheritance, using
+ // the classic (wrong) NSS path building logic. We intentionally do not
+ // support parameter inheritance.
+ ScopedSECKEYPublicKey
+ pubKey(SECKEY_ExtractPublicKey(&cert->subjectPublicKeyInfo));
+ if (!pubKey) {
+ return SECFailure;
+ }
+
+ SECOidTag hashAlg;
+ if (VFY_VerifyDataWithAlgorithmID(sd->data.data, static_cast<int>(sd->data.len),
+ pubKey.get(), &sig, &sd->signatureAlgorithm,
+ &hashAlg, pkcs11PinArg) != SECSuccess) {
+ return SECFailure;
+ }
+
+ // TODO: Ideally, we would do this check before we call
+ // VFY_VerifyDataWithAlgorithmID. But, VFY_VerifyDataWithAlgorithmID gives us
+ // the hash algorithm so it is more convenient to do things in this order.
+ uint32_t policy;
+ if (NSS_GetAlgorithmPolicy(hashAlg, &policy) != SECSuccess) {
+ return SECFailure;
+ }
+
+ // XXX: I'm not sure why there isn't NSS_USE_ALG_IN_SSL_SIGNATURE, but there
+ // isn't. Since we don't know the context in which we're being called, be as
+ // strict as we can be given the NSS API that is available.
+ static const uint32_t requiredPolicy = NSS_USE_ALG_IN_CERT_SIGNATURE |
+ NSS_USE_ALG_IN_CMS_SIGNATURE;
+ if ((policy & requiredPolicy) != requiredPolicy) {
+ PR_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED, 0);
+ return SECFailure;
+ }
+
+ return SECSuccess;
+}
+
+} } // namespace insanity::pkix