1 : /* ***** BEGIN LICENSE BLOCK *****
2 : * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 : *
4 : * The contents of this file are subject to the Mozilla Public License Version
5 : * 1.1 (the "License"); you may not use this file except in compliance with
6 : * the License. You may obtain a copy of the License at
7 : * http://www.mozilla.org/MPL/
8 : *
9 : * Software distributed under the License is distributed on an "AS IS" basis,
10 : * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 : * for the specific language governing rights and limitations under the
12 : * License.
13 : *
14 : * The Original Code is mozilla.org code.
15 : *
16 : * Contributor(s):
17 : * Dave Townsend <dtownsend@oxymoronical.com>
18 : *
19 : * Alternatively, the contents of this file may be used under the terms of
20 : * either the GNU General Public License Version 2 or later (the "GPL"), or
21 : * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
22 : * in which case the provisions of the GPL or the LGPL are applicable instead
23 : * of those above. If you wish to allow use of your version of this file only
24 : * under the terms of either the GPL or the LGPL, and not to allow others to
25 : * use your version of this file under the terms of the MPL, indicate your
26 : * decision by deleting the provisions above and replace them with the notice
27 : * and other provisions required by the GPL or the LGPL. If you do not delete
28 : * the provisions above, a recipient may use your version of this file under
29 : * the terms of any one of the MPL, the GPL or the LGPL.
30 : *
31 : * ***** END LICENSE BLOCK ***** */
32 :
33 : #include "nsDataSignatureVerifier.h"
34 : #include "nsCOMPtr.h"
35 : #include "nsString.h"
36 :
37 : #include "seccomon.h"
38 : #include "nssb64.h"
39 : #include "certt.h"
40 : #include "keyhi.h"
41 : #include "cryptohi.h"
42 :
43 : SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
44 :
45 266 : NS_IMPL_ISUPPORTS1(nsDataSignatureVerifier, nsIDataSignatureVerifier)
46 :
47 : const SEC_ASN1Template CERT_SignatureDataTemplate[] =
48 : {
49 : { SEC_ASN1_SEQUENCE,
50 : 0, NULL, sizeof(CERTSignedData) },
51 : { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
52 : offsetof(CERTSignedData,signatureAlgorithm),
53 : SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate), },
54 : { SEC_ASN1_BIT_STRING,
55 : offsetof(CERTSignedData,signature), },
56 : { 0, }
57 : };
58 :
59 : NS_IMETHODIMP
60 54 : nsDataSignatureVerifier::VerifyData(const nsACString & aData,
61 : const nsACString & aSignature,
62 : const nsACString & aPublicKey,
63 : bool *_retval)
64 : {
65 : // Allocate an arena to handle the majority of the allocations
66 : PRArenaPool *arena;
67 54 : arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
68 54 : if (!arena)
69 0 : return NS_ERROR_OUT_OF_MEMORY;
70 :
71 : // Base 64 decode the key
72 : SECItem keyItem;
73 54 : PORT_Memset(&keyItem, 0, sizeof(SECItem));
74 108 : if (!NSSBase64_DecodeBuffer(arena, &keyItem,
75 54 : nsPromiseFlatCString(aPublicKey).get(),
76 54 : aPublicKey.Length())) {
77 0 : PORT_FreeArena(arena, false);
78 0 : return NS_ERROR_FAILURE;
79 : }
80 :
81 : // Extract the public key from the data
82 54 : CERTSubjectPublicKeyInfo *pki = SECKEY_DecodeDERSubjectPublicKeyInfo(&keyItem);
83 54 : if (!pki) {
84 2 : PORT_FreeArena(arena, false);
85 2 : return NS_ERROR_FAILURE;
86 : }
87 52 : SECKEYPublicKey *publicKey = SECKEY_ExtractPublicKey(pki);
88 52 : SECKEY_DestroySubjectPublicKeyInfo(pki);
89 52 : pki = nsnull;
90 :
91 52 : if (!publicKey) {
92 0 : PORT_FreeArena(arena, false);
93 0 : return NS_ERROR_FAILURE;
94 : }
95 :
96 : // Base 64 decode the signature
97 : SECItem signatureItem;
98 52 : PORT_Memset(&signatureItem, 0, sizeof(SECItem));
99 104 : if (!NSSBase64_DecodeBuffer(arena, &signatureItem,
100 52 : nsPromiseFlatCString(aSignature).get(),
101 52 : aSignature.Length())) {
102 0 : SECKEY_DestroyPublicKey(publicKey);
103 0 : PORT_FreeArena(arena, false);
104 0 : return NS_ERROR_FAILURE;
105 : }
106 :
107 : // Decode the signature and algorithm
108 : CERTSignedData sigData;
109 52 : PORT_Memset(&sigData, 0, sizeof(CERTSignedData));
110 : SECStatus ss = SEC_QuickDERDecodeItem(arena, &sigData,
111 : CERT_SignatureDataTemplate,
112 52 : &signatureItem);
113 52 : if (ss != SECSuccess) {
114 2 : SECKEY_DestroyPublicKey(publicKey);
115 2 : PORT_FreeArena(arena, false);
116 2 : return NS_ERROR_FAILURE;
117 : }
118 :
119 : // Perform the final verification
120 50 : DER_ConvertBitString(&(sigData.signature));
121 100 : ss = VFY_VerifyDataWithAlgorithmID((const unsigned char*)nsPromiseFlatCString(aData).get(),
122 50 : aData.Length(), publicKey,
123 : &(sigData.signature),
124 : &(sigData.signatureAlgorithm),
125 100 : NULL, NULL);
126 :
127 : // Clean up remaining objects
128 50 : SECKEY_DestroyPublicKey(publicKey);
129 50 : PORT_FreeArena(arena, false);
130 :
131 50 : *_retval = (ss == SECSuccess);
132 :
133 50 : return NS_OK;
134 : }
|