/* * Copyright 2013 The Android Open Source Project * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Google Inc. nor the names of its contributors may * be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO * EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include <string.h> #include "mincrypt/dsa_sig.h" #include "mincrypt/p256.h" /** * Trims off the leading zero bytes and copy it to a buffer aligning it to the end. */ static inline int trim_to_p256_bytes(unsigned char dst[P256_NBYTES], unsigned char *src, int src_len) { int dst_offset; while (*src == '\0' && src_len > 0) { src++; src_len--; } if (src_len > P256_NBYTES || src_len < 1) { return 0; } dst_offset = P256_NBYTES - src_len; memset(dst, 0, dst_offset); memcpy(dst + dst_offset, src, src_len); return 1; } /** * Unpacks the ASN.1 DSA signature sequence. */ int dsa_sig_unpack(unsigned char* sig, int sig_len, p256_int* r_int, p256_int* s_int) { /* * Structure is: * 0x30 0xNN SEQUENCE + s_length * 0x02 0xNN INTEGER + r_length * 0xAA 0xBB .. r_length bytes of "r" (offset 4) * 0x02 0xNN INTEGER + s_length * 0xMM 0xNN .. s_length bytes of "s" (offset 6 + r_len) */ int seq_len; unsigned char r_bytes[P256_NBYTES]; unsigned char s_bytes[P256_NBYTES]; int r_len; int s_len; memset(r_bytes, 0, sizeof(r_bytes)); memset(s_bytes, 0, sizeof(s_bytes)); /* * Must have at least: * 2 bytes sequence header and length * 2 bytes R integer header and length * 1 byte of R * 2 bytes S integer header and length * 1 byte of S * * 8 bytes total */ if (sig_len < 8 || sig[0] != 0x30 || sig[2] != 0x02) { return 0; } seq_len = sig[1]; if ((seq_len <= 0) || (seq_len + 2 != sig_len)) { return 0; } r_len = sig[3]; /* * Must have at least: * 2 bytes for R header and length * 2 bytes S integer header and length * 1 byte of S */ if ((r_len < 1) || (r_len > seq_len - 5) || (sig[4 + r_len] != 0x02)) { return 0; } s_len = sig[5 + r_len]; /** * Must have: * 2 bytes for R header and length * r_len bytes for R * 2 bytes S integer header and length */ if ((s_len < 1) || (s_len != seq_len - 4 - r_len)) { return 0; } /* * ASN.1 encoded integers are zero-padded for positive integers. Make sure we have * a correctly-sized buffer and that the resulting integer isn't too large. */ if (!trim_to_p256_bytes(r_bytes, &sig[4], r_len) || !trim_to_p256_bytes(s_bytes, &sig[6 + r_len], s_len)) { return 0; } p256_from_bin(r_bytes, r_int); p256_from_bin(s_bytes, s_int); return 1; }