TACK_RETVAL tackNssVerifyFunc(uint8_t publicKeyBytes[TACK_PUBKEY_LENGTH],
uint8_t signature[TACK_SIG_LENGTH],
uint8_t *data,
uint32_t dataLength)
{
SECItem signatureItem;
SECItem hashItem;
uint8_t hashBuffer[TACK_HASH_LENGTH];
SECKEYPublicKey *publicKey = getPublicKeyFromBytes(publicKeyBytes);
PK11_HashBuf(SEC_OID_SHA256, hashBuffer, data, dataLength);
signatureItem.data = signature;
signatureItem.len = TACK_SIG_LENGTH;
hashItem.data = hashBuffer;
hashItem.len = sizeof(hashBuffer);
uint32_t result = PK11_Verify(publicKey, &signatureItem, &hashItem, NULL);
SECKEY_DestroyPublicKey(publicKey);
if (result == SECSuccess) return TACK_OK;
else return TACK_ERR_BAD_SIGNATURE;
}
/**
* Check a canonical sig+rrset and signature against a dnskey
* @param buf: buffer with data to verify, the first rrsig part and the
* canonicalized rrset.
* @param algo: DNSKEY algorithm.
* @param sigblock: signature rdata field from RRSIG
* @param sigblock_len: length of sigblock data.
* @param key: public key data from DNSKEY RR.
* @param keylen: length of keydata.
* @param reason: bogus reason in more detail.
* @return secure if verification succeeded, bogus on crypto failure,
* unchecked on format errors and alloc failures.
*/
enum sec_status
verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
unsigned int sigblock_len, unsigned char* key, unsigned int keylen,
char** reason)
{
/* uses libNSS */
/* large enough for the different hashes */
unsigned char hash[HASH_LENGTH_MAX];
unsigned char hash2[HASH_LENGTH_MAX*2];
HASH_HashType htype = 0;
SECKEYPublicKey* pubkey = NULL;
SECItem secsig = {siBuffer, sigblock, sigblock_len};
SECItem sechash = {siBuffer, hash, 0};
SECStatus res;
unsigned char* prefix = NULL; /* prefix for hash, RFC3110, RFC5702 */
size_t prefixlen = 0;
int err;
if(!nss_setup_key_digest(algo, &pubkey, &htype, key, keylen,
&prefix, &prefixlen)) {
verbose(VERB_QUERY, "verify: failed to setup key");
*reason = "use of key for crypto failed";
SECKEY_DestroyPublicKey(pubkey);
return sec_status_bogus;
}
#if defined(USE_DSA) && defined(USE_SHA1)
/* need to convert DSA, ECDSA signatures? */
if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3)) {
if(sigblock_len == 1+2*SHA1_LENGTH) {
secsig.data ++;
secsig.len --;
} else {
SECItem* p = DSAU_DecodeDerSig(&secsig);
if(!p) {
verbose(VERB_QUERY, "verify: failed DER decode");
*reason = "signature DER decode failed";
SECKEY_DestroyPublicKey(pubkey);
return sec_status_bogus;
}
if(SECITEM_CopyItem(pubkey->arena, &secsig, p)) {
log_err("alloc failure in DER decode");
SECKEY_DestroyPublicKey(pubkey);
SECITEM_FreeItem(p, PR_TRUE);
return sec_status_unchecked;
}
SECITEM_FreeItem(p, PR_TRUE);
}
}
#endif /* USE_DSA */
/* do the signature cryptography work */
/* hash the data */
sechash.len = HASH_ResultLen(htype);
if(sechash.len > sizeof(hash)) {
verbose(VERB_QUERY, "verify: hash too large for buffer");
SECKEY_DestroyPublicKey(pubkey);
return sec_status_unchecked;
}
if(HASH_HashBuf(htype, hash, (unsigned char*)sldns_buffer_begin(buf),
(unsigned int)sldns_buffer_limit(buf)) != SECSuccess) {
verbose(VERB_QUERY, "verify: HASH_HashBuf failed");
SECKEY_DestroyPublicKey(pubkey);
return sec_status_unchecked;
}
if(prefix) {
int hashlen = sechash.len;
if(prefixlen+hashlen > sizeof(hash2)) {
verbose(VERB_QUERY, "verify: hashprefix too large");
SECKEY_DestroyPublicKey(pubkey);
return sec_status_unchecked;
}
sechash.data = hash2;
sechash.len = prefixlen+hashlen;
memcpy(sechash.data, prefix, prefixlen);
memmove(sechash.data+prefixlen, hash, hashlen);
}
/* verify the signature */
res = PK11_Verify(pubkey, &secsig, &sechash, NULL /*wincx*/);
SECKEY_DestroyPublicKey(pubkey);
if(res == SECSuccess) {
return sec_status_secure;
}
err = PORT_GetError();
if(err != SEC_ERROR_BAD_SIGNATURE) {
/* failed to verify */
verbose(VERB_QUERY, "verify: PK11_Verify failed: %s",
PORT_ErrorToString(err));
/* if it is not supported, like ECC is removed, we get,
* SEC_ERROR_NO_MODULE */
if(err == SEC_ERROR_NO_MODULE)
return sec_status_unchecked;
/* but other errors are commonly returned
* for a bad signature from NSS. Thus we return bogus,
* not unchecked */
*reason = "signature crypto failed";
return sec_status_bogus;
}
verbose(VERB_QUERY, "verify: signature mismatch: %s",
PORT_ErrorToString(err));
*reason = "signature crypto failed";
return sec_status_bogus;
}
bool NSSCryptoKeyRSA::verifySHA1PKCS1Base64Signature(const unsigned char * hashBuf,
unsigned int hashLen,
const char * base64Signature,
unsigned int sigLen,
hashMethod hm) {
// Use the currently loaded key to validate the Base64 encoded signature
if (mp_pubkey == 0) {
// Try to import from the parameters
importKey();
if (mp_pubkey == 0) {
throw XSECCryptoException(XSECCryptoException::RSAError,
"NSS:RSA - Attempt to validate signature with empty key");
}
}
// Decode the signature
unsigned char * rawSig;
unsigned int rawSigLen;
XSECnew(rawSig, unsigned char[sigLen]);
ArrayJanitor<unsigned char> j_rawSig(rawSig);
// Decode the signature
XSCryptCryptoBase64 b64;
b64.decodeInit();
rawSigLen = b64.decode((unsigned char *) base64Signature, sigLen, rawSig, sigLen);
rawSigLen += b64.decodeFinish(&rawSig[rawSigLen], sigLen - rawSigLen);
SECItem signature;
signature.type = siBuffer;
signature.data = rawSig;
signature.len = rawSigLen;
SECItem data;
data.data = 0;
data.len = 0;
SECOidTag hashalg;
PRArenaPool * arena = 0;
SGNDigestInfo *di = 0;
SECItem * res;
switch (hm) {
case (HASH_MD5):
hashalg = SEC_OID_MD5;
break;
case (HASH_SHA1):
hashalg = SEC_OID_SHA1;
break;
case (HASH_SHA256):
hashalg = SEC_OID_SHA256;
break;
case (HASH_SHA384):
hashalg = SEC_OID_SHA384;
break;
case (HASH_SHA512):
hashalg = SEC_OID_SHA512;
break;
default:
throw XSECCryptoException(XSECCryptoException::RSAError,
"NSS:RSA - Unsupported hash algorithm in RSA sign");
}
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!arena) {
throw XSECCryptoException(XSECCryptoException::RSAError,
"NSS:RSA - Error creating arena");
}
di = SGN_CreateDigestInfo(hashalg, (unsigned char * )hashBuf, hashLen);
if (di == NULL) {
PORT_FreeArena(arena, PR_FALSE);
throw XSECCryptoException(XSECCryptoException::RSAError,
"NSS:RSA - Error creating digest info");
}
res = SEC_ASN1EncodeItem(arena, &data, di, NSS_Get_sgn_DigestInfoTemplate(NULL, 0));
if (!res) {
SGN_DestroyDigestInfo(di);
PORT_FreeArena(arena, PR_FALSE);
throw XSECCryptoException(XSECCryptoException::RSAError,
"NSS:RSA - Error encoding digest info for RSA sign");
}
// Verify signature
SECStatus s = PK11_Verify(mp_pubkey, &signature, &data, NULL);
return s == SECSuccess;
}
