]> git.saurik.com Git - apple/security.git/blob - OSX/sec/Security/SecSignatureVerificationSupport.c
Security-58286.41.2.tar.gz
[apple/security.git] / OSX / sec / Security / SecSignatureVerificationSupport.c
1 //
2 // SecSignatureVerificationSupport.c
3 // sec
4 //
5
6 #include <TargetConditionals.h>
7 #include <AssertMacros.h>
8 #include <Security/SecSignatureVerificationSupport.h>
9
10 #include <CoreFoundation/CFString.h>
11 #include <utilities/SecCFError.h>
12 #include <utilities/SecCFWrappers.h>
13
14 #include <Security/SecBasePriv.h>
15 #include <Security/SecKey.h>
16 #include <Security/SecKeyPriv.h>
17 #include <Security/SecECKeyPriv.h>
18
19 #include <corecrypto/ccn.h>
20 #include <corecrypto/ccec.h>
21 #include <corecrypto/ccder.h>
22
23 static const uint8_t *sec_decode_forced_uint(cc_size n,
24 cc_unit *r, const uint8_t *der, const uint8_t *der_end)
25 {
26 size_t len;
27 der = ccder_decode_tl(CCDER_INTEGER, &len, der, der_end);
28 if (der && ccn_read_uint(n, r, len, der) >= 0) {
29 return der + len;
30 }
31 return NULL;
32 }
33
34 static CFErrorRef
35 SecCreateSignatureVerificationError(OSStatus errorCode, CFStringRef descriptionString)
36 {
37 const CFStringRef defaultDescription = CFSTR("Error verifying signature.");
38 const void* keys[1] = { kCFErrorDescriptionKey };
39 const void* values[2] = { (descriptionString) ? descriptionString : defaultDescription };
40 return CFErrorCreateWithUserInfoKeysAndValues(kCFAllocatorDefault,
41 kCFErrorDomainOSStatus, errorCode, keys, values, 1);
42 }
43
44 static void
45 SecRecreateSignatureWithAlgId(SecKeyRef publicKey, const SecAsn1AlgId *publicKeyAlgId,
46 const uint8_t *oldSignature, size_t oldSignatureSize,
47 uint8_t **newSignature, size_t *newSignatureSize)
48 {
49 if (!publicKey || !publicKeyAlgId ||
50 kSecECDSAAlgorithmID != SecKeyGetAlgorithmId(publicKey)) {
51 // ECDSA SHA-256 is the only type of signature currently supported by this function
52 return;
53 }
54
55 cc_size n = ccec_cp_n(ccec_cp_256());
56 cc_unit r[n], s[n];
57
58 const uint8_t *oldSignatureEnd = oldSignature + oldSignatureSize;
59
60 oldSignature = ccder_decode_sequence_tl(&oldSignatureEnd, oldSignature, oldSignatureEnd);
61 oldSignature = sec_decode_forced_uint(n, r, oldSignature, oldSignatureEnd);
62 oldSignature = sec_decode_forced_uint(n, s, oldSignature, oldSignatureEnd);
63 if (!oldSignature || !(oldSignatureEnd == oldSignature)) {
64 // failed to decode the old signature successfully
65 *newSignature = NULL;
66 return;
67 }
68
69 const uint8_t *outputPointer = *newSignature;
70 uint8_t *outputEndPointer = *newSignature + *newSignatureSize;
71
72 *newSignature = ccder_encode_constructed_tl(CCDER_CONSTRUCTED_SEQUENCE,
73 outputEndPointer, outputPointer,
74 ccder_encode_integer(n, r, outputPointer, ccder_encode_integer(n, s, outputPointer, outputEndPointer)));
75 long newSigSize = outputEndPointer - *newSignature;
76 *newSignatureSize = (newSigSize >= 0) ? (size_t)newSigSize : 0;
77 }
78
79 bool SecVerifySignatureWithPublicKey(SecKeyRef publicKey, const SecAsn1AlgId *publicKeyAlgId,
80 const uint8_t *dataToHash, size_t amountToHash,
81 const uint8_t *signatureStart, size_t signatureSize,
82 CFErrorRef *error)
83 {
84 OSStatus errorCode = errSecParam;
85 require(signatureSize > 0, fail);
86
87 errorCode = SecKeyDigestAndVerify(publicKey, publicKeyAlgId,
88 dataToHash, amountToHash,
89 (uint8_t*)signatureStart, signatureSize);
90 require_noerr(errorCode, fail);
91 return true;
92
93 fail:
94 ; // Semicolon works around compiler issue that won't recognize a declaration directly after a label
95
96 // fallback to potentially fix signatures with missing zero-byte padding.
97 // worst-case is that both integers get zero-padded, plus size of each integer and sequence size increases by 1
98 size_t replacementSignatureLen = signatureSize + 5;
99 uint8_t *replacementSignature = malloc(replacementSignatureLen);
100 require_quiet(replacementSignature, fail2);
101
102 uint8_t *replacementSignaturePtr = replacementSignature;
103 SecRecreateSignatureWithAlgId(publicKey, publicKeyAlgId, signatureStart, signatureSize, &replacementSignaturePtr, &replacementSignatureLen);
104 require_quiet(replacementSignaturePtr, fail2);
105
106 require_noerr_quiet(SecKeyDigestAndVerify(publicKey, publicKeyAlgId, dataToHash, amountToHash, replacementSignaturePtr, replacementSignatureLen), fail2);
107
108 free(replacementSignature);
109 return true;
110
111 fail2:
112 if (replacementSignature) {
113 free(replacementSignature);
114 }
115 if (error) {
116 *error = SecCreateSignatureVerificationError(errorCode, CFSTR("Unable to verify signature"));
117 }
118 return false;
119 }