/src/mozilla-central/security/pkix/lib/pkixverify.cpp

Source (jump to first uncovered line)
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This code is made available to you under your choice of the following sets
 * of licensing terms:
 */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */
/* Copyright 2015 Mozilla Contributors
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include "pkixutil.h"

namespace mozilla { namespace pkix {

Result
DigestSignedData(TrustDomain& trustDomain,
                 const der::SignedDataWithSignature& signedData,
                 /*out*/ uint8_t(&digestBuf)[MAX_DIGEST_SIZE_IN_BYTES],
                 /*out*/ der::PublicKeyAlgorithm& publicKeyAlg,
                 /*out*/ SignedDigest& signedDigest)
{
  Reader signatureAlg(signedData.algorithm);
  Result rv = der::SignatureAlgorithmIdentifierValue(
                signatureAlg, publicKeyAlg, signedDigest.digestAlgorithm);
  if (rv != Success) {
    return rv;
  }
  if (!signatureAlg.AtEnd()) {
    return Result::ERROR_BAD_DER;
  }

  size_t digestLen;
  switch (signedDigest.digestAlgorithm) {
    case DigestAlgorithm::sha512: digestLen = 512 / 8; break;
    case DigestAlgorithm::sha384: digestLen = 384 / 8; break;
    case DigestAlgorithm::sha256: digestLen = 256 / 8; break;
    case DigestAlgorithm::sha1: digestLen = 160 / 8; break;
    MOZILLA_PKIX_UNREACHABLE_DEFAULT_ENUM
  }
  assert(digestLen <= sizeof(digestBuf));

  rv = trustDomain.DigestBuf(signedData.data, signedDigest.digestAlgorithm,
                             digestBuf, digestLen);
  if (rv != Success) {
    return rv;
  }
  rv = signedDigest.digest.Init(digestBuf, digestLen);
  if (rv != Success) {
    return rv;
  }

  return signedDigest.signature.Init(signedData.signature);
}

Result
VerifySignedDigest(TrustDomain& trustDomain,
                   der::PublicKeyAlgorithm publicKeyAlg,
                   const SignedDigest& signedDigest,
                   Input signerSubjectPublicKeyInfo)
{
  switch (publicKeyAlg) {
    case der::PublicKeyAlgorithm::ECDSA:
      return trustDomain.VerifyECDSASignedDigest(signedDigest,
                                                 signerSubjectPublicKeyInfo);
    case der::PublicKeyAlgorithm::RSA_PKCS1:
      return trustDomain.VerifyRSAPKCS1SignedDigest(signedDigest,
                                                    signerSubjectPublicKeyInfo);
    case der::PublicKeyAlgorithm::Uninitialized:
      assert(false);
      return Result::FATAL_ERROR_LIBRARY_FAILURE;
    MOZILLA_PKIX_UNREACHABLE_DEFAULT_ENUM
  }
}

Result
VerifySignedData(TrustDomain& trustDomain,
                 const der::SignedDataWithSignature& signedData,
                 Input signerSubjectPublicKeyInfo)
{
  uint8_t digestBuf[MAX_DIGEST_SIZE_IN_BYTES];
  der::PublicKeyAlgorithm publicKeyAlg;
  SignedDigest signedDigest;
  Result rv = DigestSignedData(trustDomain, signedData, digestBuf,
                               publicKeyAlg, signedDigest);
  if (rv != Success) {
    return rv;
  }
  return VerifySignedDigest(trustDomain, publicKeyAlg, signedDigest,
                            signerSubjectPublicKeyInfo);
}

} } // namespace mozilla::pkix

Coverage Report

Created: 2018-09-25 14:53

Line	Count	Source (jump to first uncovered line)
1		/* -- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -- */
2		/* vim: set ts=8 sts=2 et sw=2 tw=80: */
3		/* This code is made available to you under your choice of the following sets
4		* of licensing terms:
5		*/
6		/* This Source Code Form is subject to the terms of the Mozilla Public
7		* License, v. 2.0. If a copy of the MPL was not distributed with this
8		* file, You can obtain one at http://mozilla.org/MPL/2.0/.
9		*/
10		/* Copyright 2015 Mozilla Contributors
11		*
12		* Licensed under the Apache License, Version 2.0 (the "License");
13		* you may not use this file except in compliance with the License.
14		* You may obtain a copy of the License at
15		*
16		* http://www.apache.org/licenses/LICENSE-2.0
17		*
18		* Unless required by applicable law or agreed to in writing, software
19		* distributed under the License is distributed on an "AS IS" BASIS,
20		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21		* See the License for the specific language governing permissions and
22		* limitations under the License.
23		*/
24
25		#include "pkixutil.h"
26
27		namespace mozilla { namespace pkix {
28
29		Result
30		DigestSignedData(TrustDomain& trustDomain,
31		const der::SignedDataWithSignature& signedData,
32		/out/ uint8_t(&digestBuf)[MAX_DIGEST_SIZE_IN_BYTES],
33		/out/ der::PublicKeyAlgorithm& publicKeyAlg,
34		/out/ SignedDigest& signedDigest)
35	0	{
36	0	Reader signatureAlg(signedData.algorithm);
37	0	Result rv = der::SignatureAlgorithmIdentifierValue(
38	0	signatureAlg, publicKeyAlg, signedDigest.digestAlgorithm);
39	0	if (rv != Success) {
40	0	return rv;
41	0	}
42	0	if (!signatureAlg.AtEnd()) {
43	0	return Result::ERROR_BAD_DER;
44	0	}
45	0
46	0	size_t digestLen;
47	0	switch (signedDigest.digestAlgorithm) {
48	0	case DigestAlgorithm::sha512: digestLen = 512 / 8; break;
49	0	case DigestAlgorithm::sha384: digestLen = 384 / 8; break;
50	0	case DigestAlgorithm::sha256: digestLen = 256 / 8; break;
51	0	case DigestAlgorithm::sha1: digestLen = 160 / 8; break;
52	0	MOZILLA_PKIX_UNREACHABLE_DEFAULT_ENUM
53	0	}
54	0	assert(digestLen <= sizeof(digestBuf));
55	0
56	0	rv = trustDomain.DigestBuf(signedData.data, signedDigest.digestAlgorithm,
57	0	digestBuf, digestLen);
58	0	if (rv != Success) {
59	0	return rv;
60	0	}
61	0	rv = signedDigest.digest.Init(digestBuf, digestLen);
62	0	if (rv != Success) {
63	0	return rv;
64	0	}
65	0
66	0	return signedDigest.signature.Init(signedData.signature);
67	0	}
68
69		Result
70		VerifySignedDigest(TrustDomain& trustDomain,
71		der::PublicKeyAlgorithm publicKeyAlg,
72		const SignedDigest& signedDigest,
73		Input signerSubjectPublicKeyInfo)
74		{
75		switch (publicKeyAlg) {
76		case der::PublicKeyAlgorithm::ECDSA:
77		return trustDomain.VerifyECDSASignedDigest(signedDigest,
78		signerSubjectPublicKeyInfo);
79		case der::PublicKeyAlgorithm::RSA_PKCS1:
80		return trustDomain.VerifyRSAPKCS1SignedDigest(signedDigest,
81		signerSubjectPublicKeyInfo);
82		case der::PublicKeyAlgorithm::Uninitialized:
83		assert(false);
84		return Result::FATAL_ERROR_LIBRARY_FAILURE;
85		MOZILLA_PKIX_UNREACHABLE_DEFAULT_ENUM
86		}
87		}
88
89		Result
90		VerifySignedData(TrustDomain& trustDomain,
91		const der::SignedDataWithSignature& signedData,
92		Input signerSubjectPublicKeyInfo)
93	0	{
94	0	uint8_t digestBuf[MAX_DIGEST_SIZE_IN_BYTES];
95	0	der::PublicKeyAlgorithm publicKeyAlg;
96	0	SignedDigest signedDigest;
97	0	Result rv = DigestSignedData(trustDomain, signedData, digestBuf,
98	0	publicKeyAlg, signedDigest);
99	0	if (rv != Success) {
100	0	return rv;
101	0	}
102	0	return VerifySignedDigest(trustDomain, publicKeyAlg, signedDigest,
103	0	signerSubjectPublicKeyInfo);
104	0	}
105
106		} } // namespace mozilla::pkix