LCOV - code coverage report
Current view: directory - security/manager/ssl/src - nsDataSignatureVerifier.cpp (source / functions) Found Hit Coverage
Test: app.info Lines: 42 34 81.0 %
Date: 2012-06-02 Functions: 4 4 100.0 %

       1                 : /* ***** BEGIN LICENSE BLOCK *****
       2                 :  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
       3                 :  *
       4                 :  * The contents of this file are subject to the Mozilla Public License Version
       5                 :  * 1.1 (the "License"); you may not use this file except in compliance with
       6                 :  * the License. You may obtain a copy of the License at
       7                 :  * http://www.mozilla.org/MPL/
       8                 :  *
       9                 :  * Software distributed under the License is distributed on an "AS IS" basis,
      10                 :  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
      11                 :  * for the specific language governing rights and limitations under the
      12                 :  * License.
      13                 :  *
      14                 :  * The Original Code is mozilla.org code.
      15                 :  *
      16                 :  * Contributor(s):
      17                 :  *  Dave Townsend <dtownsend@oxymoronical.com>
      18                 :  *
      19                 :  * Alternatively, the contents of this file may be used under the terms of
      20                 :  * either the GNU General Public License Version 2 or later (the "GPL"), or
      21                 :  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
      22                 :  * in which case the provisions of the GPL or the LGPL are applicable instead
      23                 :  * of those above. If you wish to allow use of your version of this file only
      24                 :  * under the terms of either the GPL or the LGPL, and not to allow others to
      25                 :  * use your version of this file under the terms of the MPL, indicate your
      26                 :  * decision by deleting the provisions above and replace them with the notice
      27                 :  * and other provisions required by the GPL or the LGPL. If you do not delete
      28                 :  * the provisions above, a recipient may use your version of this file under
      29                 :  * the terms of any one of the MPL, the GPL or the LGPL.
      30                 :  *
      31                 :  * ***** END LICENSE BLOCK ***** */
      32                 : 
      33                 : #include "nsDataSignatureVerifier.h"
      34                 : #include "nsCOMPtr.h"
      35                 : #include "nsString.h"
      36                 : 
      37                 : #include "seccomon.h"
      38                 : #include "nssb64.h"
      39                 : #include "certt.h"
      40                 : #include "keyhi.h"
      41                 : #include "cryptohi.h"
      42                 : 
      43                 : SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
      44                 : 
      45             266 : NS_IMPL_ISUPPORTS1(nsDataSignatureVerifier, nsIDataSignatureVerifier)
      46                 : 
      47                 : const SEC_ASN1Template CERT_SignatureDataTemplate[] =
      48                 : {
      49                 :     { SEC_ASN1_SEQUENCE,
      50                 :         0, NULL, sizeof(CERTSignedData) },
      51                 :     { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
      52                 :         offsetof(CERTSignedData,signatureAlgorithm),
      53                 :         SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate), },
      54                 :     { SEC_ASN1_BIT_STRING,
      55                 :         offsetof(CERTSignedData,signature), },
      56                 :     { 0, }
      57                 : };
      58                 : 
      59                 : NS_IMETHODIMP
      60              54 : nsDataSignatureVerifier::VerifyData(const nsACString & aData,
      61                 :                                     const nsACString & aSignature,
      62                 :                                     const nsACString & aPublicKey,
      63                 :                                     bool *_retval)
      64                 : {
      65                 :     // Allocate an arena to handle the majority of the allocations
      66                 :     PRArenaPool *arena;
      67              54 :     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
      68              54 :     if (!arena)
      69               0 :         return NS_ERROR_OUT_OF_MEMORY;
      70                 : 
      71                 :     // Base 64 decode the key
      72                 :     SECItem keyItem;
      73              54 :     PORT_Memset(&keyItem, 0, sizeof(SECItem));
      74             108 :     if (!NSSBase64_DecodeBuffer(arena, &keyItem,
      75              54 :                                 nsPromiseFlatCString(aPublicKey).get(),
      76              54 :                                 aPublicKey.Length())) {
      77               0 :         PORT_FreeArena(arena, false);
      78               0 :         return NS_ERROR_FAILURE;
      79                 :     }
      80                 :     
      81                 :     // Extract the public key from the data
      82              54 :     CERTSubjectPublicKeyInfo *pki = SECKEY_DecodeDERSubjectPublicKeyInfo(&keyItem);
      83              54 :     if (!pki) {
      84               2 :         PORT_FreeArena(arena, false);
      85               2 :         return NS_ERROR_FAILURE;
      86                 :     }
      87              52 :     SECKEYPublicKey *publicKey = SECKEY_ExtractPublicKey(pki);
      88              52 :     SECKEY_DestroySubjectPublicKeyInfo(pki);
      89              52 :     pki = nsnull;
      90                 :     
      91              52 :     if (!publicKey) {
      92               0 :         PORT_FreeArena(arena, false);
      93               0 :         return NS_ERROR_FAILURE;
      94                 :     }
      95                 :     
      96                 :     // Base 64 decode the signature
      97                 :     SECItem signatureItem;
      98              52 :     PORT_Memset(&signatureItem, 0, sizeof(SECItem));
      99             104 :     if (!NSSBase64_DecodeBuffer(arena, &signatureItem,
     100              52 :                                 nsPromiseFlatCString(aSignature).get(),
     101              52 :                                 aSignature.Length())) {
     102               0 :         SECKEY_DestroyPublicKey(publicKey);
     103               0 :         PORT_FreeArena(arena, false);
     104               0 :         return NS_ERROR_FAILURE;
     105                 :     }
     106                 :     
     107                 :     // Decode the signature and algorithm
     108                 :     CERTSignedData sigData;
     109              52 :     PORT_Memset(&sigData, 0, sizeof(CERTSignedData));
     110                 :     SECStatus ss = SEC_QuickDERDecodeItem(arena, &sigData, 
     111                 :                                           CERT_SignatureDataTemplate,
     112              52 :                                           &signatureItem);
     113              52 :     if (ss != SECSuccess) {
     114               2 :         SECKEY_DestroyPublicKey(publicKey);
     115               2 :         PORT_FreeArena(arena, false);
     116               2 :         return NS_ERROR_FAILURE;
     117                 :     }
     118                 :     
     119                 :     // Perform the final verification
     120              50 :     DER_ConvertBitString(&(sigData.signature));
     121             100 :     ss = VFY_VerifyDataWithAlgorithmID((const unsigned char*)nsPromiseFlatCString(aData).get(),
     122              50 :                                        aData.Length(), publicKey,
     123                 :                                        &(sigData.signature),
     124                 :                                        &(sigData.signatureAlgorithm),
     125             100 :                                        NULL, NULL);
     126                 :     
     127                 :     // Clean up remaining objects
     128              50 :     SECKEY_DestroyPublicKey(publicKey);
     129              50 :     PORT_FreeArena(arena, false);
     130                 :     
     131              50 :     *_retval = (ss == SECSuccess);
     132                 : 
     133              50 :     return NS_OK;
     134                 : }

Generated by: LCOV version 1.7