]> git.saurik.com Git - apple/security.git/blob - OSX/sec/Security/SecSignatureVerificationSupport.c
Security-59306.101.1.tar.gz
[apple/security.git] / OSX / sec / Security / SecSignatureVerificationSupport.c
1 //
2 // SecSignatureVerificationSupport.c
3 // sec
4 //
5
6 #include <TargetConditionals.h>
7 #include <AssertMacros.h>
8 #include <Security/SecSignatureVerificationSupport.h>
9
10 #include <CoreFoundation/CFString.h>
11 #include <utilities/SecCFError.h>
12 #include <utilities/SecCFWrappers.h>
13
14 #include <Security/SecBasePriv.h>
15 #include <Security/SecKey.h>
16 #include <Security/SecKeyPriv.h>
17 #include <Security/SecECKeyPriv.h>
18
19 #include <corecrypto/ccn.h>
20 #include <corecrypto/ccec.h>
21 #include <corecrypto/ccder.h>
22
23 static const uint8_t *sec_decode_forced_uint(cc_size n,
24 cc_unit *r, const uint8_t *der, const uint8_t *der_end)
25 {
26 size_t len;
27 der = ccder_decode_tl(CCDER_INTEGER, &len, der, der_end);
28 if (der && ccn_read_uint(n, r, len, der) >= 0) {
29 return der + len;
30 }
31 return NULL;
32 }
33
34 static CFErrorRef
35 SecCreateSignatureVerificationError(OSStatus errorCode, CFStringRef descriptionString)
36 {
37 const CFStringRef defaultDescription = CFSTR("Error verifying signature.");
38 const void* keys[1] = { kCFErrorDescriptionKey };
39 const void* values[2] = { (descriptionString) ? descriptionString : defaultDescription };
40 return CFErrorCreateWithUserInfoKeysAndValues(kCFAllocatorDefault,
41 kCFErrorDomainOSStatus, errorCode, keys, values, 1);
42 }
43
44 #pragma clang diagnostic push
45 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
46 static void
47 SecRecreateSignatureWithAlgId(SecKeyRef publicKey, const SecAsn1AlgId *publicKeyAlgId,
48 const uint8_t *oldSignature, size_t oldSignatureSize,
49 uint8_t **newSignature, size_t *newSignatureSize)
50 #pragma clang diagnostic pop
51 {
52 if (!publicKey || !publicKeyAlgId ||
53 kSecECDSAAlgorithmID != SecKeyGetAlgorithmId(publicKey)) {
54 // ECDSA SHA-256 is the only type of signature currently supported by this function
55 return;
56 }
57
58 cc_size n = ccec_cp_n(ccec_cp_256());
59 cc_unit r[n], s[n];
60
61 const uint8_t *oldSignatureEnd = oldSignature + oldSignatureSize;
62
63 oldSignature = ccder_decode_sequence_tl(&oldSignatureEnd, oldSignature, oldSignatureEnd);
64 oldSignature = sec_decode_forced_uint(n, r, oldSignature, oldSignatureEnd);
65 oldSignature = sec_decode_forced_uint(n, s, oldSignature, oldSignatureEnd);
66 if (!oldSignature || !(oldSignatureEnd == oldSignature)) {
67 // failed to decode the old signature successfully
68 *newSignature = NULL;
69 return;
70 }
71
72 const uint8_t *outputPointer = *newSignature;
73 uint8_t *outputEndPointer = *newSignature + *newSignatureSize;
74
75 *newSignature = ccder_encode_constructed_tl(CCDER_CONSTRUCTED_SEQUENCE,
76 outputEndPointer, outputPointer,
77 ccder_encode_integer(n, r, outputPointer, ccder_encode_integer(n, s, outputPointer, outputEndPointer)));
78 long newSigSize = outputEndPointer - *newSignature;
79 *newSignatureSize = (newSigSize >= 0) ? (size_t)newSigSize : 0;
80 }
81
82 #pragma clang diagnostic push
83 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
84 bool SecVerifySignatureWithPublicKey(SecKeyRef publicKey, const SecAsn1AlgId *publicKeyAlgId,
85 const uint8_t *dataToHash, size_t amountToHash,
86 const uint8_t *signatureStart, size_t signatureSize,
87 CFErrorRef *error)
88 #pragma clang diagnostic pop
89 {
90 OSStatus errorCode = errSecParam;
91 require(signatureSize > 0, fail);
92
93 errorCode = SecKeyDigestAndVerify(publicKey, publicKeyAlgId,
94 dataToHash, amountToHash,
95 (uint8_t*)signatureStart, signatureSize);
96 require_noerr_quiet(errorCode, fail);
97 return true;
98
99 fail:
100 ; // Semicolon works around compiler issue that won't recognize a declaration directly after a label
101
102 // fallback to potentially fix signatures with missing zero-byte padding.
103 // worst-case is that both integers get zero-padded, plus size of each integer and sequence size increases by 1
104 size_t replacementSignatureLen = signatureSize + 5;
105 uint8_t *replacementSignature = malloc(replacementSignatureLen);
106 require_quiet(replacementSignature, fail2);
107
108 uint8_t *replacementSignaturePtr = replacementSignature;
109 SecRecreateSignatureWithAlgId(publicKey, publicKeyAlgId, signatureStart, signatureSize, &replacementSignaturePtr, &replacementSignatureLen);
110 require_quiet(replacementSignaturePtr, fail2);
111
112 require_noerr_quiet(SecKeyDigestAndVerify(publicKey, publicKeyAlgId, dataToHash, amountToHash, replacementSignaturePtr, replacementSignatureLen), fail2);
113
114 free(replacementSignature);
115 return true;
116
117 fail2:
118 if (replacementSignature) {
119 free(replacementSignature);
120 }
121 if (error) {
122 *error = SecCreateSignatureVerificationError(errorCode, CFSTR("Unable to verify signature"));
123 }
124 return false;
125 }