static ECName
params2ecName(SECKEYECParams * params)
{
SECItem oid = { siBuffer, NULL, 0};
SECOidData *oidData = NULL;
PRUint32 policyFlags = 0;
ECName i;
/*
* params->data needs to contain the ASN encoding of an object ID (OID)
* representing a named curve. Here, we strip away everything
* before the actual OID and use the OID to look up a named curve.
*/
if (params->data[0] != SEC_ASN1_OBJECT_ID) return ec_noName;
oid.len = params->len - 2;
oid.data = params->data + 2;
if ((oidData = SECOID_FindOID(&oid)) == NULL) return ec_noName;
for (i = ec_noName + 1; i < ec_pastLastName; i++) {
if (ecName2OIDTag[i] == oidData->offset) {
if (NSS_GetAlgorithmPolicy(oidData->offset, &policyFlags) == SECSuccess &&
(policyFlags & NSS_USE_ALG_IN_SSL_KX)) {
return i;
}
}
}
return ec_noName;
}
SECStatus
ssl3_ECName2Params(PLArenaPool * arena, ECName curve, SECKEYECParams * params)
{
SECOidData *oidData = NULL;
PRUint32 policyFlags = 0;
if ((curve <= ec_noName) || (curve >= ec_pastLastName) ||
((oidData = SECOID_FindOIDByTag(ecName2OIDTag[curve])) == NULL)) {
PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
return SECFailure;
}
if (NSS_GetAlgorithmPolicy(ecName2OIDTag[curve], &policyFlags) == SECFailure ||
!(policyFlags & NSS_USE_ALG_IN_SSL_KX)) {
PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
return SECFailure;
}
SECITEM_AllocItem(arena, params, (2 + oidData->oid.len));
/*
* params->data needs to contain the ASN encoding of an object ID (OID)
* representing the named curve. The actual OID is in
* oidData->oid.data so we simply prepend 0x06 and OID length
*/
params->data[0] = SEC_ASN1_OBJECT_ID;
params->data[1] = oidData->oid.len;
memcpy(params->data + 2, oidData->oid.data, oidData->oid.len);
return SECSuccess;
}
SECStatus
VerifySignedData(const CERTSignedData* sd, const CERTCertificate* cert,
void* pkcs11PinArg)
{
if (!sd || !sd->data.data || !sd->signatureAlgorithm.algorithm.data ||
!sd->signature.data || !cert) {
PR_NOT_REACHED("invalid args to VerifySignedData");
PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
return SECFailure;
}
// See bug 921585.
if (sd->data.len > static_cast<unsigned int>(std::numeric_limits<int>::max())) {
PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
return SECFailure;
}
// convert sig->len from bit counts to byte count.
SECItem sig = sd->signature;
DER_ConvertBitString(&sig);
// Use SECKEY_ExtractPublicKey instead of CERT_ExtractPublicKey because
// CERT_ExtractPublicKey would try to do (EC)DSA parameter inheritance, using
// the classic (wrong) NSS path building logic. We intentionally do not
// support parameter inheritance.
ScopedSECKEYPublicKey
pubKey(SECKEY_ExtractPublicKey(&cert->subjectPublicKeyInfo));
if (!pubKey) {
return SECFailure;
}
SECOidTag hashAlg;
if (VFY_VerifyDataWithAlgorithmID(sd->data.data, static_cast<int>(sd->data.len),
pubKey.get(), &sig, &sd->signatureAlgorithm,
&hashAlg, pkcs11PinArg) != SECSuccess) {
return SECFailure;
}
// TODO: Ideally, we would do this check before we call
// VFY_VerifyDataWithAlgorithmID. But, VFY_VerifyDataWithAlgorithmID gives us
// the hash algorithm so it is more convenient to do things in this order.
uint32_t policy;
if (NSS_GetAlgorithmPolicy(hashAlg, &policy) != SECSuccess) {
return SECFailure;
}
// XXX: I'm not sure why there isn't NSS_USE_ALG_IN_SSL_SIGNATURE, but there
// isn't. Since we don't know the context in which we're being called, be as
// strict as we can be given the NSS API that is available.
static const uint32_t requiredPolicy = NSS_USE_ALG_IN_CERT_SIGNATURE |
NSS_USE_ALG_IN_CMS_SIGNATURE;
if ((policy & requiredPolicy) != requiredPolicy) {
PR_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED, 0);
return SECFailure;
}
return SECSuccess;
}
SECStatus
ssl_NamedGroup2ECParams(PLArenaPool *arena, const namedGroupDef *ecGroup,
SECKEYECParams *params)
{
SECOidData *oidData = NULL;
PRUint32 policyFlags = 0;
SECStatus rv;
if (!params) {
PORT_Assert(0);
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
if (!ecGroup || ecGroup->type != group_type_ec ||
(oidData = SECOID_FindOIDByTag(ecGroup->oidTag)) == NULL) {
PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
return SECFailure;
}
rv = NSS_GetAlgorithmPolicy(ecGroup->oidTag, &policyFlags);
if (rv == SECSuccess && !(policyFlags & NSS_USE_ALG_IN_SSL_KX)) {
PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
return SECFailure;
}
if (SECITEM_AllocItem(arena, params, (2 + oidData->oid.len)) == NULL) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
return SECFailure;
}
/*
* params->data needs to contain the ASN encoding of an object ID (OID)
* representing the named curve. The actual OID is in
* oidData->oid.data so we simply prepend 0x06 and OID length
*/
params->data[0] = SEC_ASN1_OBJECT_ID;
params->data[1] = oidData->oid.len;
memcpy(params->data + 2, oidData->oid.data, oidData->oid.len);
return SECSuccess;
}
const namedGroupDef *
ssl_ECPubKey2NamedGroup(const SECKEYPublicKey *pubKey)
{
SECItem oid = { siBuffer, NULL, 0 };
SECOidData *oidData = NULL;
PRUint32 policyFlags = 0;
unsigned int i;
const SECKEYECParams *params;
if (pubKey->keyType != ecKey) {
PORT_Assert(0);
return NULL;
}
params = &pubKey->u.ec.DEREncodedParams;
/*
* params->data needs to contain the ASN encoding of an object ID (OID)
* representing a named curve. Here, we strip away everything
* before the actual OID and use the OID to look up a named curve.
*/
if (params->data[0] != SEC_ASN1_OBJECT_ID)
return NULL;
oid.len = params->len - 2;
oid.data = params->data + 2;
if ((oidData = SECOID_FindOID(&oid)) == NULL)
return NULL;
if ((NSS_GetAlgorithmPolicy(oidData->offset, &policyFlags) ==
SECSuccess) &&
!(policyFlags & NSS_USE_ALG_IN_SSL_KX)) {
return NULL;
}
for (i = 0; i < ssl_named_group_count; ++i) {
if (ssl_named_groups[i].oidTag == oidData->offset) {
return &ssl_named_groups[i];
}
}
return NULL;
}
