Cradicle Explorer
darling-security
/ OSX / sec / Security / SecSignatureVerificationSupport.c
SecSignatureVerificationSupport.c
  1  //
  2  //  SecSignatureVerificationSupport.c
  3  //  sec
  4  //
  5  
  6  #include <TargetConditionals.h>
  7  #include <AssertMacros.h>
  8  #include <Security/SecSignatureVerificationSupport.h>
  9  
 10  #include <CoreFoundation/CFString.h>
 11  #include <utilities/SecCFError.h>
 12  #include <utilities/SecCFWrappers.h>
 13  
 14  #include <Security/SecBasePriv.h>
 15  #include <Security/SecKey.h>
 16  #include <Security/SecKeyPriv.h>
 17  #include <Security/SecECKeyPriv.h>
 18  
 19  #include <corecrypto/ccn.h>
 20  #include <corecrypto/ccec.h>
 21  #include <corecrypto/ccder.h>
 22  
 23  static const uint8_t *sec_decode_forced_uint(cc_size n,
 24      cc_unit *r, const uint8_t *der, const uint8_t *der_end)
 25  {
 26      size_t len;
 27      der = ccder_decode_tl(CCDER_INTEGER, &len, der, der_end);
 28      if (der && ccn_read_uint(n, r, len, der) >= 0) {
 29          return der + len;
 30      }
 31      return NULL;
 32  }
 33  
 34  static CFErrorRef
 35  SecCreateSignatureVerificationError(OSStatus errorCode, CFStringRef descriptionString)
 36  {
 37      const CFStringRef defaultDescription = CFSTR("Error verifying signature.");
 38      const void* keys[1] = { kCFErrorDescriptionKey };
 39      const void* values[2] = { (descriptionString) ? descriptionString : defaultDescription };
 40      return CFErrorCreateWithUserInfoKeysAndValues(kCFAllocatorDefault,
 41          kCFErrorDomainOSStatus, errorCode, keys, values, 1);
 42  }
 43  
 44  #pragma clang diagnostic push
 45  #pragma clang diagnostic ignored "-Wdeprecated-declarations"
 46  static void
 47  SecRecreateSignatureWithAlgId(SecKeyRef publicKey, const SecAsn1AlgId *publicKeyAlgId,
 48      const uint8_t *oldSignature, size_t oldSignatureSize,
 49      uint8_t **newSignature, size_t *newSignatureSize)
 50  #pragma clang diagnostic pop
 51  {
 52      if (!publicKey || !publicKeyAlgId ||
 53          kSecECDSAAlgorithmID != SecKeyGetAlgorithmId(publicKey)) {
 54          // ECDSA SHA-256 is the only type of signature currently supported by this function
 55          return;
 56      }
 57  
 58      cc_size n = ccec_cp_n(ccec_cp_256());
 59      cc_unit r[n], s[n];
 60  
 61      const uint8_t *oldSignatureEnd = oldSignature + oldSignatureSize;
 62  
 63      oldSignature = ccder_decode_sequence_tl(&oldSignatureEnd, oldSignature, oldSignatureEnd);
 64      oldSignature = sec_decode_forced_uint(n, r, oldSignature, oldSignatureEnd);
 65      oldSignature = sec_decode_forced_uint(n, s, oldSignature, oldSignatureEnd);
 66      if (!oldSignature || !(oldSignatureEnd == oldSignature)) {
 67          // failed to decode the old signature successfully
 68          *newSignature = NULL;
 69          return;
 70      }
 71  
 72      const uint8_t *outputPointer = *newSignature;
 73      uint8_t *outputEndPointer = *newSignature + *newSignatureSize;
 74  
 75      *newSignature = ccder_encode_constructed_tl(CCDER_CONSTRUCTED_SEQUENCE,
 76          outputEndPointer, outputPointer,
 77          ccder_encode_integer(n, r, outputPointer, ccder_encode_integer(n, s, outputPointer, outputEndPointer)));
 78      long newSigSize = outputEndPointer - *newSignature;
 79      *newSignatureSize = (newSigSize >= 0) ? (size_t)newSigSize : 0;
 80  }
 81  
 82  #pragma clang diagnostic push
 83  #pragma clang diagnostic ignored "-Wdeprecated-declarations"
 84  bool SecVerifySignatureWithPublicKey(SecKeyRef publicKey, const SecAsn1AlgId *publicKeyAlgId,
 85                                       const uint8_t *dataToHash, size_t amountToHash,
 86                                       const uint8_t *signatureStart, size_t signatureSize,
 87                                       CFErrorRef *error)
 88  #pragma clang diagnostic pop
 89  {
 90      OSStatus errorCode = errSecParam;
 91      require(signatureSize > 0, fail);
 92  
 93      errorCode = SecKeyDigestAndVerify(publicKey, publicKeyAlgId,
 94                                        dataToHash, amountToHash,
 95                                        (uint8_t*)signatureStart, signatureSize);
 96      require_noerr_quiet(errorCode, fail);
 97      return true;
 98  
 99  fail:
100      ; // Semicolon works around compiler issue that won't recognize a declaration directly after a label
101  
102      // fallback to potentially fix signatures with missing zero-byte padding.
103      // worst-case is that both integers get zero-padded, plus size of each integer and sequence size increases by 1
104      size_t replacementSignatureLen = signatureSize + 5;
105      uint8_t *replacementSignature = malloc(replacementSignatureLen);
106      require_quiet(replacementSignature, fail2);
107  
108      uint8_t *replacementSignaturePtr = replacementSignature;
109      SecRecreateSignatureWithAlgId(publicKey, publicKeyAlgId, signatureStart, signatureSize, &replacementSignaturePtr, &replacementSignatureLen);
110      require_quiet(replacementSignaturePtr, fail2);
111  
112      require_noerr_quiet(SecKeyDigestAndVerify(publicKey, publicKeyAlgId, dataToHash, amountToHash, replacementSignaturePtr, replacementSignatureLen), fail2);
113  
114      free(replacementSignature);
115      return true;
116  
117  fail2:
118      if (replacementSignature) {
119          free(replacementSignature);
120      }
121      if (error) {
122          *error = SecCreateSignatureVerificationError(errorCode, CFSTR("Unable to verify signature"));
123      }
124      return false;
125  }