TACK_RETVAL tackNssVerifyFunc(uint8_t publicKeyBytes[TACK_PUBKEY_LENGTH], uint8_t signature[TACK_SIG_LENGTH], uint8_t *data, uint32_t dataLength) { SECItem signatureItem; SECItem hashItem; uint8_t hashBuffer[TACK_HASH_LENGTH]; SECKEYPublicKey *publicKey = getPublicKeyFromBytes(publicKeyBytes); PK11_HashBuf(SEC_OID_SHA256, hashBuffer, data, dataLength); signatureItem.data = signature; signatureItem.len = TACK_SIG_LENGTH; hashItem.data = hashBuffer; hashItem.len = sizeof(hashBuffer); uint32_t result = PK11_Verify(publicKey, &signatureItem, &hashItem, NULL); SECKEY_DestroyPublicKey(publicKey); if (result == SECSuccess) return TACK_OK; else return TACK_ERR_BAD_SIGNATURE; }
/** * Check a canonical sig+rrset and signature against a dnskey * @param buf: buffer with data to verify, the first rrsig part and the * canonicalized rrset. * @param algo: DNSKEY algorithm. * @param sigblock: signature rdata field from RRSIG * @param sigblock_len: length of sigblock data. * @param key: public key data from DNSKEY RR. * @param keylen: length of keydata. * @param reason: bogus reason in more detail. * @return secure if verification succeeded, bogus on crypto failure, * unchecked on format errors and alloc failures. */ enum sec_status verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, unsigned int sigblock_len, unsigned char* key, unsigned int keylen, char** reason) { /* uses libNSS */ /* large enough for the different hashes */ unsigned char hash[HASH_LENGTH_MAX]; unsigned char hash2[HASH_LENGTH_MAX*2]; HASH_HashType htype = 0; SECKEYPublicKey* pubkey = NULL; SECItem secsig = {siBuffer, sigblock, sigblock_len}; SECItem sechash = {siBuffer, hash, 0}; SECStatus res; unsigned char* prefix = NULL; /* prefix for hash, RFC3110, RFC5702 */ size_t prefixlen = 0; int err; if(!nss_setup_key_digest(algo, &pubkey, &htype, key, keylen, &prefix, &prefixlen)) { verbose(VERB_QUERY, "verify: failed to setup key"); *reason = "use of key for crypto failed"; SECKEY_DestroyPublicKey(pubkey); return sec_status_bogus; } #if defined(USE_DSA) && defined(USE_SHA1) /* need to convert DSA, ECDSA signatures? */ if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3)) { if(sigblock_len == 1+2*SHA1_LENGTH) { secsig.data ++; secsig.len --; } else { SECItem* p = DSAU_DecodeDerSig(&secsig); if(!p) { verbose(VERB_QUERY, "verify: failed DER decode"); *reason = "signature DER decode failed"; SECKEY_DestroyPublicKey(pubkey); return sec_status_bogus; } if(SECITEM_CopyItem(pubkey->arena, &secsig, p)) { log_err("alloc failure in DER decode"); SECKEY_DestroyPublicKey(pubkey); SECITEM_FreeItem(p, PR_TRUE); return sec_status_unchecked; } SECITEM_FreeItem(p, PR_TRUE); } } #endif /* USE_DSA */ /* do the signature cryptography work */ /* hash the data */ sechash.len = HASH_ResultLen(htype); if(sechash.len > sizeof(hash)) { verbose(VERB_QUERY, "verify: hash too large for buffer"); SECKEY_DestroyPublicKey(pubkey); return sec_status_unchecked; } if(HASH_HashBuf(htype, hash, (unsigned char*)sldns_buffer_begin(buf), (unsigned int)sldns_buffer_limit(buf)) != SECSuccess) { verbose(VERB_QUERY, "verify: HASH_HashBuf failed"); SECKEY_DestroyPublicKey(pubkey); return sec_status_unchecked; } if(prefix) { int hashlen = sechash.len; if(prefixlen+hashlen > sizeof(hash2)) { verbose(VERB_QUERY, "verify: hashprefix too large"); SECKEY_DestroyPublicKey(pubkey); return sec_status_unchecked; } sechash.data = hash2; sechash.len = prefixlen+hashlen; memcpy(sechash.data, prefix, prefixlen); memmove(sechash.data+prefixlen, hash, hashlen); } /* verify the signature */ res = PK11_Verify(pubkey, &secsig, &sechash, NULL /*wincx*/); SECKEY_DestroyPublicKey(pubkey); if(res == SECSuccess) { return sec_status_secure; } err = PORT_GetError(); if(err != SEC_ERROR_BAD_SIGNATURE) { /* failed to verify */ verbose(VERB_QUERY, "verify: PK11_Verify failed: %s", PORT_ErrorToString(err)); /* if it is not supported, like ECC is removed, we get, * SEC_ERROR_NO_MODULE */ if(err == SEC_ERROR_NO_MODULE) return sec_status_unchecked; /* but other errors are commonly returned * for a bad signature from NSS. Thus we return bogus, * not unchecked */ *reason = "signature crypto failed"; return sec_status_bogus; } verbose(VERB_QUERY, "verify: signature mismatch: %s", PORT_ErrorToString(err)); *reason = "signature crypto failed"; return sec_status_bogus; }
bool NSSCryptoKeyRSA::verifySHA1PKCS1Base64Signature(const unsigned char * hashBuf, unsigned int hashLen, const char * base64Signature, unsigned int sigLen, hashMethod hm) { // Use the currently loaded key to validate the Base64 encoded signature if (mp_pubkey == 0) { // Try to import from the parameters importKey(); if (mp_pubkey == 0) { throw XSECCryptoException(XSECCryptoException::RSAError, "NSS:RSA - Attempt to validate signature with empty key"); } } // Decode the signature unsigned char * rawSig; unsigned int rawSigLen; XSECnew(rawSig, unsigned char[sigLen]); ArrayJanitor<unsigned char> j_rawSig(rawSig); // Decode the signature XSCryptCryptoBase64 b64; b64.decodeInit(); rawSigLen = b64.decode((unsigned char *) base64Signature, sigLen, rawSig, sigLen); rawSigLen += b64.decodeFinish(&rawSig[rawSigLen], sigLen - rawSigLen); SECItem signature; signature.type = siBuffer; signature.data = rawSig; signature.len = rawSigLen; SECItem data; data.data = 0; data.len = 0; SECOidTag hashalg; PRArenaPool * arena = 0; SGNDigestInfo *di = 0; SECItem * res; switch (hm) { case (HASH_MD5): hashalg = SEC_OID_MD5; break; case (HASH_SHA1): hashalg = SEC_OID_SHA1; break; case (HASH_SHA256): hashalg = SEC_OID_SHA256; break; case (HASH_SHA384): hashalg = SEC_OID_SHA384; break; case (HASH_SHA512): hashalg = SEC_OID_SHA512; break; default: throw XSECCryptoException(XSECCryptoException::RSAError, "NSS:RSA - Unsupported hash algorithm in RSA sign"); } arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!arena) { throw XSECCryptoException(XSECCryptoException::RSAError, "NSS:RSA - Error creating arena"); } di = SGN_CreateDigestInfo(hashalg, (unsigned char * )hashBuf, hashLen); if (di == NULL) { PORT_FreeArena(arena, PR_FALSE); throw XSECCryptoException(XSECCryptoException::RSAError, "NSS:RSA - Error creating digest info"); } res = SEC_ASN1EncodeItem(arena, &data, di, NSS_Get_sgn_DigestInfoTemplate(NULL, 0)); if (!res) { SGN_DestroyDigestInfo(di); PORT_FreeArena(arena, PR_FALSE); throw XSECCryptoException(XSECCryptoException::RSAError, "NSS:RSA - Error encoding digest info for RSA sign"); } // Verify signature SECStatus s = PK11_Verify(mp_pubkey, &signature, &data, NULL); return s == SECSuccess; }