andre@0: /* This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: /* andre@0: * pkix_signaturechecker.c andre@0: * andre@0: * Functions for signature validation andre@0: * andre@0: */ andre@0: andre@0: #include "pkix_signaturechecker.h" andre@0: andre@0: /* andre@0: * FUNCTION: pkix_SignatureCheckerstate_Destroy andre@0: * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h) andre@0: */ andre@0: static PKIX_Error * andre@0: pkix_SignatureCheckerState_Destroy( andre@0: PKIX_PL_Object *object, andre@0: void *plContext) andre@0: { andre@0: pkix_SignatureCheckerState *state = NULL; andre@0: andre@0: PKIX_ENTER(SIGNATURECHECKERSTATE, andre@0: "pkix_SignatureCheckerState_Destroy"); andre@0: PKIX_NULLCHECK_ONE(object); andre@0: andre@0: /* Check that this object is a signature checker state */ andre@0: PKIX_CHECK(pkix_CheckType andre@0: (object, PKIX_SIGNATURECHECKERSTATE_TYPE, plContext), andre@0: PKIX_OBJECTNOTSIGNATURECHECKERSTATE); andre@0: andre@0: state = (pkix_SignatureCheckerState *) object; andre@0: andre@0: state->prevCertCertSign = PKIX_FALSE; andre@0: andre@0: PKIX_DECREF(state->prevPublicKey); andre@0: PKIX_DECREF(state->prevPublicKeyList); andre@0: PKIX_DECREF(state->keyUsageOID); andre@0: andre@0: cleanup: andre@0: andre@0: PKIX_RETURN(SIGNATURECHECKERSTATE); andre@0: } andre@0: andre@0: /* andre@0: * FUNCTION: pkix_SignatureCheckerState_RegisterSelf andre@0: * andre@0: * DESCRIPTION: andre@0: * Registers PKIX_SIGNATURECHECKERSTATE_TYPE and its related functions andre@0: * with systemClasses[] andre@0: * andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * andre@0: * Since this function is only called by PKIX_PL_Initialize, which should andre@0: * only be called once, it is acceptable that this function is not andre@0: * thread-safe. andre@0: */ andre@0: PKIX_Error * andre@0: pkix_SignatureCheckerState_RegisterSelf(void *plContext) andre@0: { andre@0: extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES]; andre@0: pkix_ClassTable_Entry entry; andre@0: andre@0: PKIX_ENTER(SIGNATURECHECKERSTATE, andre@0: "pkix_SignatureCheckerState_RegisterSelf"); andre@0: andre@0: entry.description = "SignatureCheckerState"; andre@0: entry.objCounter = 0; andre@0: entry.typeObjectSize = sizeof(pkix_SignatureCheckerState); andre@0: entry.destructor = pkix_SignatureCheckerState_Destroy; andre@0: entry.equalsFunction = NULL; andre@0: entry.hashcodeFunction = NULL; andre@0: entry.toStringFunction = NULL; andre@0: entry.comparator = NULL; andre@0: entry.duplicateFunction = NULL; andre@0: andre@0: systemClasses[PKIX_SIGNATURECHECKERSTATE_TYPE] = entry; andre@0: andre@0: PKIX_RETURN(SIGNATURECHECKERSTATE); andre@0: } andre@0: andre@0: /* andre@0: * FUNCTION: pkix_SignatureCheckerState_Create andre@0: * andre@0: * DESCRIPTION: andre@0: * Allocate and initialize SignatureChecker state data. andre@0: * andre@0: * PARAMETERS andre@0: * "trustedPubKey" andre@0: * Address of trusted Anchor Public Key for verifying first Cert in the andre@0: * chain. Must be non-NULL. andre@0: * "certsRemaining" andre@0: * Number of certificates remaining in the chain. andre@0: * "pCheckerState" andre@0: * Address where SignatureCheckerState will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a SignatureCheckerState Error if the function fails in a andre@0: * non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: static PKIX_Error * andre@0: pkix_SignatureCheckerState_Create( andre@0: PKIX_PL_PublicKey *trustedPubKey, andre@0: PKIX_UInt32 certsRemaining, andre@0: pkix_SignatureCheckerState **pCheckerState, andre@0: void *plContext) andre@0: { andre@0: pkix_SignatureCheckerState *state = NULL; andre@0: PKIX_PL_OID *keyUsageOID = NULL; andre@0: andre@0: PKIX_ENTER(SIGNATURECHECKERSTATE, "pkix_SignatureCheckerState_Create"); andre@0: PKIX_NULLCHECK_TWO(trustedPubKey, pCheckerState); andre@0: andre@0: PKIX_CHECK(PKIX_PL_Object_Alloc andre@0: (PKIX_SIGNATURECHECKERSTATE_TYPE, andre@0: sizeof (pkix_SignatureCheckerState), andre@0: (PKIX_PL_Object **)&state, andre@0: plContext), andre@0: PKIX_COULDNOTCREATESIGNATURECHECKERSTATEOBJECT); andre@0: andre@0: /* Initialize fields */ andre@0: andre@0: state->prevCertCertSign = PKIX_TRUE; andre@0: state->prevPublicKeyList = NULL; andre@0: state->certsRemaining = certsRemaining; andre@0: andre@0: PKIX_INCREF(trustedPubKey); andre@0: state->prevPublicKey = trustedPubKey; andre@0: andre@0: PKIX_CHECK(PKIX_PL_OID_Create andre@0: (PKIX_CERTKEYUSAGE_OID, andre@0: &keyUsageOID, andre@0: plContext), andre@0: PKIX_OIDCREATEFAILED); andre@0: andre@0: state->keyUsageOID = keyUsageOID; andre@0: keyUsageOID = NULL; andre@0: andre@0: *pCheckerState = state; andre@0: state = NULL; andre@0: andre@0: cleanup: andre@0: andre@0: PKIX_DECREF(keyUsageOID); andre@0: PKIX_DECREF(state); andre@0: andre@0: PKIX_RETURN(SIGNATURECHECKERSTATE); andre@0: } andre@0: andre@0: /* --Private-Functions-------------------------------------------- */ andre@0: andre@0: /* andre@0: * FUNCTION: pkix_SignatureChecker_Check andre@0: * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h) andre@0: */ andre@0: PKIX_Error * andre@0: pkix_SignatureChecker_Check( andre@0: PKIX_CertChainChecker *checker, andre@0: PKIX_PL_Cert *cert, andre@0: PKIX_List *unresolvedCriticalExtensions, andre@0: void **pNBIOContext, andre@0: void *plContext) andre@0: { andre@0: pkix_SignatureCheckerState *state = NULL; andre@0: PKIX_PL_PublicKey *prevPubKey = NULL; andre@0: PKIX_PL_PublicKey *currPubKey = NULL; andre@0: PKIX_PL_PublicKey *newPubKey = NULL; andre@0: PKIX_PL_PublicKey *pKey = NULL; andre@0: PKIX_PL_CertBasicConstraints *basicConstraints = NULL; andre@0: PKIX_Error *checkKeyUsageFail = NULL; andre@0: PKIX_Error *verifyFail = NULL; andre@0: PKIX_Boolean certVerified = PKIX_FALSE; andre@0: andre@0: PKIX_ENTER(CERTCHAINCHECKER, "pkix_SignatureChecker_Check"); andre@0: PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext); andre@0: andre@0: *pNBIOContext = NULL; /* we never block on pending I/O */ andre@0: andre@0: PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState andre@0: (checker, (PKIX_PL_Object **)&state, plContext), andre@0: PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED); andre@0: andre@0: (state->certsRemaining)--; andre@0: andre@0: PKIX_INCREF(state->prevPublicKey); andre@0: prevPubKey = state->prevPublicKey; andre@0: andre@0: /* andre@0: * Previous Cert doesn't have CertSign bit on for signature andre@0: * verification and it is not a self-issued Cert so there is no andre@0: * old key saved. This is considered error. andre@0: */ andre@0: if (state->prevCertCertSign == PKIX_FALSE && andre@0: state->prevPublicKeyList == NULL) { andre@0: PKIX_ERROR(PKIX_KEYUSAGEKEYCERTSIGNBITNOTON); andre@0: } andre@0: andre@0: /* Previous Cert is valid for signature verification, try it first */ andre@0: if (state->prevCertCertSign == PKIX_TRUE) { andre@0: verifyFail = PKIX_PL_Cert_VerifySignature andre@0: (cert, prevPubKey, plContext); andre@0: if (verifyFail == NULL) { andre@0: certVerified = PKIX_TRUE; andre@0: } else { andre@0: certVerified = PKIX_FALSE; andre@0: } andre@0: } andre@0: andre@0: #ifdef NIST_TEST_4_5_4_AND_4_5_6 andre@0: andre@0: /* andre@0: * Following codes under this compiler flag is implemented for andre@0: * special cases of NIST tests 4.5.4 and 4.5.6. We are not sure andre@0: * we should handle these two tests as what is implemented so the andre@0: * codes are commented out, and the tests fails (for now). andre@0: * For Cert chain validation, our assumption is all the Certs on andre@0: * the chain are using its previous Cert's public key to decode andre@0: * its current key. But for thses two tests, keys are used not andre@0: * in this precedent order, we can either andre@0: * 1) Use what is implemented here: take in what Cert order NIST andre@0: * specified and for continuous self-issued Certs, stacking up andre@0: * their keys and tries all of them in FILO order. andre@0: * But this method breaks the idea of chain key presdency. andre@0: * 2) Use Build Chain facility: we will specify the valid Certs andre@0: * order (means key precedency is kept) and count on Build Chain andre@0: * to get the Certs that can fill for the needed keys. This may have andre@0: * performance impact. andre@0: * 3) Fetch Certs from CertStore: we will specifiy the valid Certs andre@0: * order and use CertSelector on SubjectName to get a list of andre@0: * candidates Certs to fill in for the needed keys. andre@0: * Anyhow, the codes are kept around just in case we want to use andre@0: * solution one... andre@0: */ andre@0: andre@0: /* If failed and previous key is self-issued, try its old key(s) */ andre@0: if (certVerified == PKIX_FALSE && state->prevPublicKeyList != NULL) { andre@0: andre@0: /* Verify from keys on the list */ andre@0: PKIX_CHECK(PKIX_List_GetLength andre@0: (state->prevPublicKeyList, &numKeys, plContext), andre@0: PKIX_LISTGETLENGTHFAILED); andre@0: andre@0: for (i = numKeys - 1; i >= 0; i--) { andre@0: andre@0: PKIX_CHECK(PKIX_List_GetItem andre@0: (state->prevPublicKeyList, andre@0: i, andre@0: (PKIX_PL_Object **) &pKey, andre@0: plContext), andre@0: PKIX_LISTGETITEMFAILED); andre@0: andre@0: PKIX_DECREF(verifyFail); andre@0: verifyFail = PKIX_PL_Cert_VerifySignature andre@0: (cert, pKey, plContext); andre@0: andre@0: if (verifyFail == NULL) { andre@0: certVerified = PKIX_TRUE; andre@0: break; andre@0: } else { andre@0: certVerified = PKIX_FALSE; andre@0: } andre@0: andre@0: PKIX_DECREF(pKey); andre@0: } andre@0: } andre@0: #endif andre@0: andre@0: if (certVerified == PKIX_FALSE) { andre@0: pkixErrorResult = verifyFail; andre@0: verifyFail = NULL; andre@0: PKIX_ERROR(PKIX_VALIDATIONFAILEDCERTSIGNATURECHECKING); andre@0: } andre@0: andre@0: #ifdef NIST_TEST_4_5_4_AND_4_5_6 andre@0: /* andre@0: * Check if Cert is self-issued. If so, the old key(s) is saved, in andre@0: * conjunction to the new key, for verifying CERT validity later. andre@0: */ andre@0: PKIX_CHECK(pkix_IsCertSelfIssued(cert, &selfIssued, plContext), andre@0: PKIX_ISCERTSELFISSUEFAILED); andre@0: andre@0: /* andre@0: * Check if Cert is self-issued. If so, the public key of the Cert andre@0: * that issues this Cert (old key) can be used together with this andre@0: * current key (new key) for key verification. If there are multiple andre@0: * self-issued certs, keys of those Certs (old keys) can also be used andre@0: * for key verification. Old key(s) is saved in a list (PrevPublickKey- andre@0: * List) and cleared when a Cert is no longer self-issued. PrevPublic- andre@0: * Key keep key of the previous Cert. andre@0: */ andre@0: if (selfIssued == PKIX_TRUE) { andre@0: andre@0: /* Make sure previous Cert is valid for signature verification */ andre@0: if (state->prevCertCertSign == PKIX_TRUE) { andre@0: andre@0: if (state->prevPublicKeyList == NULL) { andre@0: andre@0: PKIX_CHECK(PKIX_List_Create andre@0: (&state->prevPublicKeyList, plContext), andre@0: PKIX_LISTCREATEFALIED); andre@0: andre@0: } andre@0: andre@0: PKIX_CHECK(PKIX_List_AppendItem andre@0: (state->prevPublicKeyList, andre@0: (PKIX_PL_Object *) state->prevPublicKey, andre@0: plContext), andre@0: PKIX_LISTAPPENDITEMFAILED); andre@0: } andre@0: andre@0: } else { andre@0: /* Not self-issued Cert any more, clear old key(s) saved */ andre@0: PKIX_DECREF(state->prevPublicKeyList); andre@0: } andre@0: #endif andre@0: andre@0: /* Save current key as prevPublicKey */ andre@0: PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKey andre@0: (cert, &currPubKey, plContext), andre@0: PKIX_CERTGETSUBJECTPUBLICKEYFAILED); andre@0: andre@0: PKIX_CHECK(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey andre@0: (currPubKey, prevPubKey, &newPubKey, plContext), andre@0: PKIX_PUBLICKEYMAKEINHERITEDDSAPUBLICKEYFAILED); andre@0: andre@0: if (newPubKey == NULL){ andre@0: PKIX_INCREF(currPubKey); andre@0: newPubKey = currPubKey; andre@0: } andre@0: andre@0: PKIX_INCREF(newPubKey); andre@0: PKIX_DECREF(state->prevPublicKey); andre@0: andre@0: state->prevPublicKey = newPubKey; andre@0: andre@0: /* Save this Cert key usage CertSign bit */ andre@0: if (state->certsRemaining != 0) { andre@0: checkKeyUsageFail = PKIX_PL_Cert_VerifyKeyUsage andre@0: (cert, PKIX_KEY_CERT_SIGN, plContext); andre@0: andre@0: state->prevCertCertSign = (checkKeyUsageFail == NULL)? andre@0: PKIX_TRUE:PKIX_FALSE; andre@0: andre@0: PKIX_DECREF(checkKeyUsageFail); andre@0: } andre@0: andre@0: /* Remove Key Usage Extension OID from list */ andre@0: if (unresolvedCriticalExtensions != NULL) { andre@0: andre@0: PKIX_CHECK(pkix_List_Remove andre@0: (unresolvedCriticalExtensions, andre@0: (PKIX_PL_Object *) state->keyUsageOID, andre@0: plContext), andre@0: PKIX_LISTREMOVEFAILED); andre@0: } andre@0: andre@0: PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerState andre@0: (checker, (PKIX_PL_Object *)state, plContext), andre@0: PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED); andre@0: andre@0: cleanup: andre@0: andre@0: PKIX_DECREF(state); andre@0: PKIX_DECREF(pKey); andre@0: PKIX_DECREF(prevPubKey); andre@0: PKIX_DECREF(currPubKey); andre@0: PKIX_DECREF(newPubKey); andre@0: PKIX_DECREF(basicConstraints); andre@0: PKIX_DECREF(verifyFail); andre@0: PKIX_DECREF(checkKeyUsageFail); andre@0: andre@0: PKIX_RETURN(CERTCHAINCHECKER); andre@0: andre@0: } andre@0: andre@0: /* andre@0: * FUNCTION: pkix_SignatureChecker_Initialize andre@0: * DESCRIPTION: andre@0: * andre@0: * Creates a new CertChainChecker and stores it at "pChecker", where it will andre@0: * be used by pkix_SignatureChecker_Check to check that the public key in andre@0: * the checker's state is able to successfully validate the certificate's andre@0: * signature. The PublicKey pointed to by "trustedPubKey" is used to andre@0: * initialize the checker's state. andre@0: * andre@0: * PARAMETERS: andre@0: * "trustedPubKey" andre@0: * Address of PublicKey representing the trusted public key used to andre@0: * initialize the state of this checker. Must be non-NULL. andre@0: * "certsRemaining" andre@0: * Number of certificates remaining in the chain. andre@0: * "pChecker" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertChainChecker Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: pkix_SignatureChecker_Initialize( andre@0: PKIX_PL_PublicKey *trustedPubKey, andre@0: PKIX_UInt32 certsRemaining, andre@0: PKIX_CertChainChecker **pChecker, andre@0: void *plContext) andre@0: { andre@0: pkix_SignatureCheckerState* state = NULL; andre@0: PKIX_ENTER(CERTCHAINCHECKER, "PKIX_SignatureChecker_Initialize"); andre@0: PKIX_NULLCHECK_TWO(pChecker, trustedPubKey); andre@0: andre@0: PKIX_CHECK(pkix_SignatureCheckerState_Create andre@0: (trustedPubKey, certsRemaining, &state, plContext), andre@0: PKIX_SIGNATURECHECKERSTATECREATEFAILED); andre@0: andre@0: PKIX_CHECK(PKIX_CertChainChecker_Create andre@0: (pkix_SignatureChecker_Check, andre@0: PKIX_FALSE, andre@0: PKIX_FALSE, andre@0: NULL, andre@0: (PKIX_PL_Object *) state, andre@0: pChecker, andre@0: plContext), andre@0: PKIX_CERTCHAINCHECKERCREATEFAILED); andre@0: andre@0: cleanup: andre@0: andre@0: PKIX_DECREF(state); andre@0: andre@0: PKIX_RETURN(CERTCHAINCHECKER); andre@0: andre@0: }