Line data Source code
1 : /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 : /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 : /* This code is made available to you under your choice of the following sets
4 : * of licensing terms:
5 : */
6 : /* This Source Code Form is subject to the terms of the Mozilla Public
7 : * License, v. 2.0. If a copy of the MPL was not distributed with this
8 : * file, You can obtain one at http://mozilla.org/MPL/2.0/.
9 : */
10 : /* Copyright 2015 Mozilla Contributors
11 : *
12 : * Licensed under the Apache License, Version 2.0 (the "License");
13 : * you may not use this file except in compliance with the License.
14 : * You may obtain a copy of the License at
15 : *
16 : * http://www.apache.org/licenses/LICENSE-2.0
17 : *
18 : * Unless required by applicable law or agreed to in writing, software
19 : * distributed under the License is distributed on an "AS IS" BASIS,
20 : * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21 : * See the License for the specific language governing permissions and
22 : * limitations under the License.
23 : */
24 :
25 : #include "pkixutil.h"
26 :
27 : namespace mozilla { namespace pkix {
28 :
29 : Result
30 0 : DigestSignedData(TrustDomain& trustDomain,
31 : const der::SignedDataWithSignature& signedData,
32 : /*out*/ uint8_t(&digestBuf)[MAX_DIGEST_SIZE_IN_BYTES],
33 : /*out*/ der::PublicKeyAlgorithm& publicKeyAlg,
34 : /*out*/ SignedDigest& signedDigest)
35 : {
36 0 : Reader signatureAlg(signedData.algorithm);
37 0 : Result rv = der::SignatureAlgorithmIdentifierValue(
38 0 : signatureAlg, publicKeyAlg, signedDigest.digestAlgorithm);
39 0 : if (rv != Success) {
40 0 : return rv;
41 : }
42 0 : if (!signatureAlg.AtEnd()) {
43 0 : return Result::ERROR_BAD_DER;
44 : }
45 :
46 : size_t digestLen;
47 0 : switch (signedDigest.digestAlgorithm) {
48 0 : case DigestAlgorithm::sha512: digestLen = 512 / 8; break;
49 0 : case DigestAlgorithm::sha384: digestLen = 384 / 8; break;
50 0 : case DigestAlgorithm::sha256: digestLen = 256 / 8; break;
51 0 : case DigestAlgorithm::sha1: digestLen = 160 / 8; break;
52 0 : MOZILLA_PKIX_UNREACHABLE_DEFAULT_ENUM
53 : }
54 0 : assert(digestLen <= sizeof(digestBuf));
55 :
56 0 : rv = trustDomain.DigestBuf(signedData.data, signedDigest.digestAlgorithm,
57 0 : digestBuf, digestLen);
58 0 : if (rv != Success) {
59 0 : return rv;
60 : }
61 0 : rv = signedDigest.digest.Init(digestBuf, digestLen);
62 0 : if (rv != Success) {
63 0 : return rv;
64 : }
65 :
66 0 : return signedDigest.signature.Init(signedData.signature);
67 : }
68 :
69 : Result
70 0 : VerifySignedDigest(TrustDomain& trustDomain,
71 : der::PublicKeyAlgorithm publicKeyAlg,
72 : const SignedDigest& signedDigest,
73 : Input signerSubjectPublicKeyInfo)
74 : {
75 0 : switch (publicKeyAlg) {
76 : case der::PublicKeyAlgorithm::ECDSA:
77 : return trustDomain.VerifyECDSASignedDigest(signedDigest,
78 0 : signerSubjectPublicKeyInfo);
79 : case der::PublicKeyAlgorithm::RSA_PKCS1:
80 : return trustDomain.VerifyRSAPKCS1SignedDigest(signedDigest,
81 0 : signerSubjectPublicKeyInfo);
82 0 : MOZILLA_PKIX_UNREACHABLE_DEFAULT_ENUM
83 : }
84 : }
85 :
86 : Result
87 0 : VerifySignedData(TrustDomain& trustDomain,
88 : const der::SignedDataWithSignature& signedData,
89 : Input signerSubjectPublicKeyInfo)
90 : {
91 : uint8_t digestBuf[MAX_DIGEST_SIZE_IN_BYTES];
92 : der::PublicKeyAlgorithm publicKeyAlg;
93 0 : SignedDigest signedDigest;
94 : Result rv = DigestSignedData(trustDomain, signedData, digestBuf,
95 0 : publicKeyAlg, signedDigest);
96 0 : if (rv != Success) {
97 0 : return rv;
98 : }
99 0 : return VerifySignedDigest(trustDomain, publicKeyAlg, signedDigest,
100 0 : signerSubjectPublicKeyInfo);
101 : }
102 :
103 : } } // namespace mozilla::pkix
|
