| | 1 | /* |
| | 2 | * The contents of this file are subject to the Mozilla Public |
| | 3 | * License Version 1.1 (the "License"); you may not use this file |
| | 4 | * except in compliance with the License. You may obtain a copy of |
| | 5 | * the License at http://www.mozilla.org/MPL/ |
| | 6 | * |
| | 7 | * Software distributed under the License is distributed on an "AS |
| | 8 | * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or |
| | 9 | * implied. See the License for the specific language governing |
| | 10 | * rights and limitations under the License. |
| | 11 | * |
| | 12 | * The Original Code is the Netscape security libraries. |
| | 13 | * |
| | 14 | * The Initial Developer of the Original Code is Netscape |
| | 15 | * Communications Corporation. Portions created by Netscape are |
| | 16 | * Copyright (C) 1994-2000 Netscape Communications Corporation. All |
| | 17 | * Rights Reserved. |
| | 18 | * |
| | 19 | * Contributor(s): |
| | 20 | * |
| | 21 | * Alternatively, the contents of this file may be used under the |
| | 22 | * terms of the GNU General Public License Version 2 or later (the |
| | 23 | * "GPL"), in which case the provisions of the GPL are applicable |
| | 24 | * instead of those above. If you wish to allow use of your |
| | 25 | * version of this file only under the terms of the GPL and not to |
| | 26 | * allow others to use your version of this file under the MPL, |
| | 27 | * indicate your decision by deleting the provisions above and |
| | 28 | * replace them with the notice and other provisions required by |
| | 29 | * the GPL. If you do not delete the provisions above, a recipient |
| | 30 | * may use your version of this file under either the MPL or the |
| | 31 | * GPL. |
| | 32 | */ |
| | 33 | |
| | 34 | /* |
| | 35 | * CMS digesting. |
| | 36 | */ |
| | 37 | #include <assert.h> |
| | 38 | |
| | 39 | #include "cmslocal.h" |
| | 40 | |
| | 41 | #include "SecAsn1Item.h" |
| | 42 | #include "secoid.h" |
| | 43 | |
| | 44 | #include <security_asn1/secerr.h> |
| | 45 | #include <security_asn1/secport.h> |
| | 46 | |
| | 47 | #if USE_CDSA_CRYPTO |
| | 48 | #include <Security/cssmapi.h> |
| | 49 | #else |
| | 50 | #include <CommonCrypto/CommonDigest.h> |
| | 51 | #endif |
| | 52 | |
| | 53 | #include "SecCmsDigestContext.h" |
| | 54 | |
| | 55 | /* Return the maximum value between S and T (and U) */ |
| | 56 | #define MAX(S, T) ({__typeof__(S) _max_s = S; __typeof__(T) _max_t = T; _max_s > _max_t ? _max_s : _max_t;}) |
| | 57 | #define MAX_OF_3(S, T, U) ({__typeof__(U) _max_st = MAX(S,T); MAX(_max_st,U);}) |
| | 58 | |
| | 59 | struct SecCmsDigestContextStr { |
| | 60 | PLArenaPool * poolp; |
| | 61 | Boolean saw_contents; |
| | 62 | int digcnt; |
| | 63 | #if USE_CDSA_CRYPTO |
| | 64 | CSSM_CC_HANDLE * digobjs; |
| | 65 | #else |
| | 66 | void ** digobjs; |
| | 67 | #endif |
| | 68 | SECAlgorithmID ** digestalgs; |
| | 69 | }; |
| | 70 | |
| | 71 | /* |
| | 72 | * SecCmsDigestContextStartMultiple - start digest calculation using all the |
| | 73 | * digest algorithms in "digestalgs" in parallel. |
| | 74 | */ |
| | 75 | SecCmsDigestContextRef |
| | 76 | SecCmsDigestContextStartMultiple(SECAlgorithmID **digestalgs) |
| | 77 | { |
| | 78 | PLArenaPool *poolp; |
| | 79 | SecCmsDigestContextRef cmsdigcx; |
| | 80 | #if USE_CDSA_CRYPTO |
| | 81 | CSSM_CC_HANDLE digobj; |
| | 82 | #else |
| | 83 | void * digobj; |
| | 84 | #endif |
| | 85 | int digcnt; |
| | 86 | int i; |
| | 87 | |
| | 88 | poolp = PORT_NewArena(1024); |
| | 89 | if (poolp == NULL) |
| | 90 | goto loser; |
| | 91 | |
| | 92 | digcnt = (digestalgs == NULL) ? 0 : SecCmsArrayCount((void **)digestalgs); |
| | 93 | |
| | 94 | cmsdigcx = (SecCmsDigestContextRef)PORT_ArenaAlloc(poolp, sizeof(struct SecCmsDigestContextStr)); |
| | 95 | if (cmsdigcx == NULL) |
| | 96 | return NULL; |
| | 97 | cmsdigcx->poolp = poolp; |
| | 98 | |
| | 99 | if (digcnt > 0) { |
| | 100 | #if USE_CDSA_CRYPTO |
| | 101 | /* Security check to prevent under-allocation */ |
| | 102 | if (digcnt >= (int)((INT_MAX/(MAX(sizeof(CSSM_CC_HANDLE),sizeof(SECAlgorithmID *))))-1)) { |
| | 103 | goto loser; |
| | 104 | } |
| | 105 | cmsdigcx->digobjs = (CSSM_CC_HANDLE *)PORT_ArenaAlloc(poolp, digcnt * sizeof(CSSM_CC_HANDLE)); |
| | 106 | if (cmsdigcx->digobjs == NULL) |
| | 107 | goto loser; |
| | 108 | #else |
| | 109 | /* Security check to prevent under-allocation */ |
| | 110 | if (digcnt >= (int)((INT_MAX/(MAX(sizeof(void *),sizeof(SECAlgorithmID *))))-1)) { |
| | 111 | goto loser; |
| | 112 | } |
| | 113 | cmsdigcx->digobjs = (void**)PORT_ArenaAlloc(poolp, digcnt * sizeof(void *)); |
| | 114 | if (cmsdigcx->digobjs == NULL) |
| | 115 | goto loser; |
| | 116 | #endif |
| | 117 | cmsdigcx->digestalgs = (SECAlgorithmID **)PORT_ArenaZAlloc(poolp, |
| | 118 | (digcnt + 1) * sizeof(SECAlgorithmID *)); |
| | 119 | if (cmsdigcx->digestalgs == NULL) |
| | 120 | goto loser; |
| | 121 | } |
| | 122 | |
| | 123 | cmsdigcx->digcnt = 0; |
| | 124 | |
| | 125 | /* |
| | 126 | * Create a digest object context for each algorithm. |
| | 127 | */ |
| | 128 | for (i = 0; i < digcnt; i++) { |
| | 129 | digobj = SecCmsUtilGetHashObjByAlgID(digestalgs[i]); |
| | 130 | /* |
| | 131 | * Skip any algorithm we do not even recognize; obviously, |
| | 132 | * this could be a problem, but if it is critical then the |
| | 133 | * result will just be that the signature does not verify. |
| | 134 | * We do not necessarily want to error out here, because |
| | 135 | * the particular algorithm may not actually be important, |
| | 136 | * but we cannot know that until later. |
| | 137 | */ |
| | 138 | #if USE_CDSA_CRYPTO |
| | 139 | if (digobj) |
| | 140 | if (CSSM_DigestDataInit(digobj)) |
| | 141 | goto loser; |
| | 142 | #endif |
| | 143 | |
| | 144 | cmsdigcx->digobjs[cmsdigcx->digcnt] = digobj; |
| | 145 | cmsdigcx->digestalgs[cmsdigcx->digcnt] = PORT_ArenaAlloc(poolp, sizeof(SECAlgorithmID)); |
| | 146 | if (SECITEM_CopyItem(poolp, |
| | 147 | &(cmsdigcx->digestalgs[cmsdigcx->digcnt]->algorithm), |
| | 148 | &(digestalgs[i]->algorithm)) |
| | 149 | || SECITEM_CopyItem(poolp, |
| | 150 | &(cmsdigcx->digestalgs[cmsdigcx->digcnt]->parameters), |
| | 151 | &(digestalgs[i]->parameters))) |
| | 152 | goto loser; |
| | 153 | cmsdigcx->digcnt++; |
| | 154 | } |
| | 155 | |
| | 156 | cmsdigcx->saw_contents = PR_FALSE; |
| | 157 | |
| | 158 | return cmsdigcx; |
| | 159 | |
| | 160 | loser: |
| | 161 | if (poolp) |
| | 162 | PORT_FreeArena(poolp, PR_FALSE); |
| | 163 | |
| | 164 | return NULL; |
| | 165 | } |
| | 166 | |
| | 167 | /* |
| | 168 | * SecCmsDigestContextStartSingle - same as SecCmsDigestContextStartMultiple, but |
| | 169 | * only one algorithm. |
| | 170 | */ |
| | 171 | SecCmsDigestContextRef |
| | 172 | SecCmsDigestContextStartSingle(SECAlgorithmID *digestalg) |
| | 173 | { |
| | 174 | SECAlgorithmID *digestalgs[] = { NULL, NULL }; /* fake array */ |
| | 175 | |
| | 176 | digestalgs[0] = digestalg; |
| | 177 | return SecCmsDigestContextStartMultiple(digestalgs); |
| | 178 | } |
| | 179 | |
| | 180 | /* |
| | 181 | * SecCmsDigestContextUpdate - feed more data into the digest machine |
| | 182 | */ |
| | 183 | void |
| | 184 | SecCmsDigestContextUpdate(SecCmsDigestContextRef cmsdigcx, const unsigned char *data, size_t len) |
| | 185 | { |
| | 186 | SecAsn1Item dataBuf; |
| | 187 | int i; |
| | 188 | |
| | 189 | dataBuf.Length = len; |
| | 190 | dataBuf.Data = (uint8_t *)data; |
| | 191 | cmsdigcx->saw_contents = PR_TRUE; |
| | 192 | for (i = 0; i < cmsdigcx->digcnt; i++) { |
| | 193 | if (cmsdigcx->digobjs[i]) { |
| | 194 | #if USE_CDSA_CRYPTO |
| | 195 | CSSM_DigestDataUpdate(cmsdigcx->digobjs[i], &dataBuf, 1); |
| | 196 | #else |
| | 197 | /* 64 bits cast: worst case is we truncate the length and we dont hash all the data. |
| | 198 | This may cause an invalid CMS blob larger than 4GB to be validated. Unlikely, but |
| | 199 | possible security issue. There is no way to return an error here, but a check at |
| | 200 | the upper level may happen. */ |
| | 201 | /* |
| | 202 | rdar://problem/20642513 |
| | 203 | Let's just die a horrible death rather than have the security issue. |
| | 204 | CMS blob over 4GB? Oh well. |
| | 205 | */ |
| | 206 | if (len > UINT32_MAX) { |
| | 207 | /* Ugh. */ |
| | 208 | abort(); |
| | 209 | } |
| | 210 | assert(len<=UINT32_MAX); /* Debug check. Correct as long as CC_LONG is uint32_t */ |
| | 211 | switch (SECOID_GetAlgorithmTag(cmsdigcx->digestalgs[i])) { |
| | 212 | case SEC_OID_SHA1: CC_SHA1_Update((CC_SHA1_CTX *)cmsdigcx->digobjs[i], data, (CC_LONG)len); break; |
| | 213 | case SEC_OID_MD5: CC_MD5_Update((CC_MD5_CTX *)cmsdigcx->digobjs[i], data, (CC_LONG)len); break; |
| | 214 | case SEC_OID_SHA224: CC_SHA224_Update((CC_SHA256_CTX *)cmsdigcx->digobjs[i], data, (CC_LONG)len); break; |
| | 215 | case SEC_OID_SHA256: CC_SHA256_Update((CC_SHA256_CTX *)cmsdigcx->digobjs[i], data, (CC_LONG)len); break; |
| | 216 | case SEC_OID_SHA384: CC_SHA384_Update((CC_SHA512_CTX *)cmsdigcx->digobjs[i], data, (CC_LONG)len); break; |
| | 217 | case SEC_OID_SHA512: CC_SHA512_Update((CC_SHA512_CTX *)cmsdigcx->digobjs[i], data, (CC_LONG)len); break; |
| | 218 | default: |
| | 219 | break; |
| | 220 | } |
| | 221 | #endif |
| | 222 | } |
| | 223 | } |
| | 224 | } |
| | 225 | |
| | 226 | /* |
| | 227 | * SecCmsDigestContextCancel - cancel digesting operation |
| | 228 | */ |
| | 229 | void |
| | 230 | SecCmsDigestContextCancel(SecCmsDigestContextRef cmsdigcx) |
| | 231 | { |
| | 232 | int i; |
| | 233 | |
| | 234 | for (i = 0; i < cmsdigcx->digcnt; i++) |
| | 235 | if (cmsdigcx->digobjs[i]) |
| | 236 | #if USE_CDSA_CRYPTO |
| | 237 | CSSM_DeleteContext(cmsdigcx->digobjs[i]); |
| | 238 | #else |
| | 239 | free(cmsdigcx->digobjs[i]); |
| | 240 | #endif |
| | 241 | |
| | 242 | PORT_FreeArena(cmsdigcx->poolp, PR_FALSE); |
| | 243 | } |
| | 244 | |
| | 245 | /* |
| | 246 | * SecCmsDigestContextDestroy - delete a digesting operation |
| | 247 | */ |
| | 248 | void |
| | 249 | SecCmsDigestContextDestroy(SecCmsDigestContextRef cmsdigcx) |
| | 250 | { |
| | 251 | SecCmsDigestContextCancel(cmsdigcx); |
| | 252 | } |
| | 253 | |
| | 254 | /* |
| | 255 | * SecCmsDigestContextFinishMultiple - finish the digests |
| | 256 | */ |
| | 257 | OSStatus |
| | 258 | SecCmsDigestContextFinishMultiple(SecCmsDigestContextRef cmsdigcx, |
| | 259 | SECAlgorithmID ***digestalgsp, |
| | 260 | SecAsn1Item * **digestsp) |
| | 261 | { |
| | 262 | #if USE_CDSA_CRYPTO |
| | 263 | CSSM_CC_HANDLE digboj; |
| | 264 | #else |
| | 265 | void * digobj; |
| | 266 | #endif |
| | 267 | SecAsn1Item **digests, *digest; |
| | 268 | SECAlgorithmID **digestalgs; |
| | 269 | int i; |
| | 270 | void *mark; |
| | 271 | OSStatus rv = SECFailure; |
| | 272 | |
| | 273 | assert(cmsdigcx != NULL); |
| | 274 | |
| | 275 | /* A message with no contents (just signed attributes) is used within SCEP */ |
| | 276 | #if 0 |
| | 277 | /* no contents? do not update digests */ |
| | 278 | if (digestsp == NULL || !cmsdigcx->saw_contents) { |
| | 279 | for (i = 0; i < cmsdigcx->digcnt; i++) |
| | 280 | if (cmsdigcx->digobjs[i]) |
| | 281 | #if USE_CDSA_CRYPTO |
| | 282 | CSSM_DeleteContext(cmsdigcx->digobjs[i]); |
| | 283 | #else |
| | 284 | free(cmsdigcx->digobjs[i]); |
| | 285 | #endif |
| | 286 | rv = SECSuccess; |
| | 287 | if (digestsp) |
| | 288 | *digestsp = NULL; |
| | 289 | goto cleanup; |
| | 290 | } |
| | 291 | #endif |
| | 292 | |
| | 293 | assert(digestsp != NULL); |
| | 294 | assert(digestalgsp != NULL); |
| | 295 | |
| | 296 | mark = PORT_ArenaMark (cmsdigcx->poolp); |
| | 297 | |
| | 298 | /* Security check to prevent under-allocation */ |
| | 299 | if (cmsdigcx->digcnt >= (int)((INT_MAX/(MAX_OF_3(sizeof(SECAlgorithmID *),sizeof(SecAsn1Item *),sizeof(SecAsn1Item))))-1)) { |
| | 300 | goto loser; |
| | 301 | } |
| | 302 | /* allocate digest array & SecAsn1Items on arena */ |
| | 303 | digestalgs = (SECAlgorithmID **)PORT_ArenaZAlloc(cmsdigcx->poolp, (cmsdigcx->digcnt+1) * sizeof(SECAlgorithmID *)); |
| | 304 | digests = (SecAsn1Item * *)PORT_ArenaZAlloc(cmsdigcx->poolp, (cmsdigcx->digcnt+1) * sizeof(SecAsn1Item *)); |
| | 305 | digest = (SecAsn1Item *)PORT_ArenaZAlloc(cmsdigcx->poolp, cmsdigcx->digcnt * sizeof(SecAsn1Item)); |
| | 306 | if (digestalgs == NULL || digests == NULL || digest == NULL) { |
| | 307 | goto loser; |
| | 308 | } |
| | 309 | |
| | 310 | for (i = 0; i < cmsdigcx->digcnt; i++, digest++) { |
| | 311 | |
| | 312 | SECOidTag hash_alg = SECOID_GetAlgorithmTag(cmsdigcx->digestalgs[i]); |
| | 313 | int diglength = 0; |
| | 314 | |
| | 315 | switch (hash_alg) { |
| | 316 | case SEC_OID_SHA1: diglength = CC_SHA1_DIGEST_LENGTH; break; |
| | 317 | case SEC_OID_MD5: diglength = CC_MD5_DIGEST_LENGTH; break; |
| | 318 | case SEC_OID_SHA224: diglength = CC_SHA224_DIGEST_LENGTH; break; |
| | 319 | case SEC_OID_SHA256: diglength = CC_SHA256_DIGEST_LENGTH; break; |
| | 320 | case SEC_OID_SHA384: diglength = CC_SHA384_DIGEST_LENGTH; break; |
| | 321 | case SEC_OID_SHA512: diglength = CC_SHA512_DIGEST_LENGTH; break; |
| | 322 | default: goto loser; break; |
| | 323 | } |
| | 324 | |
| | 325 | digobj = cmsdigcx->digobjs[i]; |
| | 326 | if (digobj) |
| | 327 | { |
| | 328 | digest->Data = (unsigned char*)PORT_ArenaAlloc(cmsdigcx->poolp, diglength); |
| | 329 | if (digest->Data == NULL) |
| | 330 | goto loser; |
| | 331 | digest->Length = diglength; |
| | 332 | #if USE_CDSA_CRYPTO |
| | 333 | CSSM_DigestDataFinal(digobj, digest); |
| | 334 | CSSM_DeleteContext(digobj); |
| | 335 | #else |
| | 336 | switch (hash_alg) { |
| | 337 | case SEC_OID_SHA1: CC_SHA1_Final(digest->Data, digobj); break; |
| | 338 | case SEC_OID_MD5: CC_MD5_Final(digest->Data, digobj); break; |
| | 339 | case SEC_OID_SHA224: CC_SHA224_Final(digest->Data, digobj); break; |
| | 340 | case SEC_OID_SHA256: CC_SHA256_Final(digest->Data, digobj); break; |
| | 341 | case SEC_OID_SHA384: CC_SHA384_Final(digest->Data, digobj); break; |
| | 342 | case SEC_OID_SHA512: CC_SHA512_Final(digest->Data, digobj); break; |
| | 343 | default: goto loser; break; |
| | 344 | } |
| | 345 | |
| | 346 | free(digobj); |
| | 347 | #endif |
| | 348 | digestalgs[i] = cmsdigcx->digestalgs[i]; |
| | 349 | digests[i] = digest; |
| | 350 | } |
| | 351 | else |
| | 352 | { |
| | 353 | digest->Data = NULL; |
| | 354 | digest->Length = 0; |
| | 355 | } |
| | 356 | } |
| | 357 | digestalgs[i] = NULL; |
| | 358 | digests[i] = NULL; |
| | 359 | *digestalgsp = digestalgs; |
| | 360 | *digestsp = digests; |
| | 361 | |
| | 362 | rv = SECSuccess; |
| | 363 | |
| | 364 | loser: |
| | 365 | if (rv == SECSuccess) |
| | 366 | PORT_ArenaUnmark(cmsdigcx->poolp, mark); |
| | 367 | else |
| | 368 | PORT_ArenaRelease(cmsdigcx->poolp, mark); |
| | 369 | |
| | 370 | /*cleanup:*/ |
| | 371 | /* Set things up so SecCmsDigestContextDestroy won't call CSSM_DeleteContext again. */ |
| | 372 | cmsdigcx->digcnt = 0; |
| | 373 | |
| | 374 | return rv; |
| | 375 | } |
| | 376 | |
| | 377 | /* |
| | 378 | * SecCmsDigestContextFinishSingle - same as SecCmsDigestContextFinishMultiple, |
| | 379 | * but for one digest. |
| | 380 | */ |
| | 381 | OSStatus |
| | 382 | SecCmsDigestContextFinishSingle(SecCmsDigestContextRef cmsdigcx, |
| | 383 | SecAsn1Item * digest) |
| | 384 | { |
| | 385 | OSStatus rv = SECFailure; |
| | 386 | SecAsn1Item * *dp; |
| | 387 | SECAlgorithmID **ap; |
| | 388 | |
| | 389 | /* get the digests into arena, then copy the first digest into poolp */ |
| | 390 | if (SecCmsDigestContextFinishMultiple(cmsdigcx, &ap, &dp) != SECSuccess) |
| | 391 | goto loser; |
| | 392 | |
| | 393 | /* Return the first element in the digest array. */ |
| | 394 | digest = *dp; |
| | 395 | |
| | 396 | rv = SECSuccess; |
| | 397 | |
| | 398 | loser: |
| | 399 | return rv; |
| | 400 | } |
projects / apple / security.git / blame_incremental