FIPS library verifier

author: relyea%netscape.com <devnull@localhost> 2003-01-30 23:36:37 +0000
committer: relyea%netscape.com <devnull@localhost> 2003-01-30 23:36:37 +0000
commit: 723cfd60813a0682bedea9614504213902bdc395 (patch)
tree: c54672292ad417b9d37387d0b209087801f75d9c
parent: 932e92cbf42242ce6d74c22303ae70489fd3f814 (diff)
download: nss-hg-723cfd60813a0682bedea9614504213902bdc395.tar.gz
9 files changed, 319 insertions, 7 deletions
diff --git a/security/nss/lib/freebl/blapi.h b/security/nss/lib/freebl/blapi.h
index 1a7e1d12c..f0ac400fe 100644
--- a/security/nss/lib/freebl/blapi.h
+++ b/security/nss/lib/freebl/blapi.h
@@ -918,6 +918,17 @@ extern void PQG_DestroyParams(PQGParams *params);
  **************************************************************************/
 extern void PQG_DestroyVerify(PQGVerify *vfy);
 
+
+/**************************************************************************
+ *  Verify a given Shared library signature                               *
+ **************************************************************************/
+PRBool BLAPI_SHVerify(const char *name, PRFuncPtr addr);
+
+/**************************************************************************
+ *  Verify Are Own Shared library signature                               *
+ **************************************************************************/
+PRBool BLAPI_VerifySelf(const char *name);
+
 SEC_END_PROTOS
 
 #endif /* _BLAPI_H_ */
diff --git a/security/nss/lib/freebl/blapit.h b/security/nss/lib/freebl/blapit.h
index abee7985f..30249d885 100644
--- a/security/nss/lib/freebl/blapit.h
+++ b/security/nss/lib/freebl/blapit.h
@@ -39,8 +39,10 @@
 #define _BLAPIT_H_
 
 #include "seccomon.h"
+#include "prlink.h"
 #include "plarena.h"
 
+
 /* RC2 operation modes */
 #define NSS_RC2			0
 #define NSS_RC2_CBC		1
diff --git a/security/nss/lib/freebl/config.mk b/security/nss/lib/freebl/config.mk
index 51a4482f5..c3ffb1dcc 100644
--- a/security/nss/lib/freebl/config.mk
+++ b/security/nss/lib/freebl/config.mk
@@ -55,7 +55,7 @@ ifdef FREEBL_EXTENDED_BUILD
 # To build libfreebl.a with just loader.c, we must now override many
 # of the make variables setup by the prior inclusion of CORECONF's config.mk
 
-CSRCS		= loader.c sysrand.c libpath.c
+CSRCS		= loader.c sysrand.c
 SIMPLE_OBJS 	= $(CSRCS:.c=$(OBJ_SUFFIX))
 OBJS 		= $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(SIMPLE_OBJS))
 ALL_TRASH :=    $(TARGETS) $(OBJS) $(OBJDIR) LOGS TAGS $(GARBAGE) \
@@ -100,4 +100,9 @@ PROGRAM      =
 	-lc
 #endif
 
+ifeq ($(OS_TARGET), SunOS)
+  EXTRA_LIBS        += \
+	-ldl
+endif
+
 endif
diff --git a/security/nss/lib/freebl/ldvector.c b/security/nss/lib/freebl/ldvector.c
index e05c6b620..83d4fd523 100644
--- a/security/nss/lib/freebl/ldvector.c
+++ b/security/nss/lib/freebl/ldvector.c
@@ -167,6 +167,10 @@ static const struct FREEBLVectorStr vector = {
 
     /* End of Version 3.004. */
 
+    BLAPI_SHVerify,
+    BLAPI_VerifySelf,
+
+    /* End of Version 3.005. */
 };
 
 
diff --git a/security/nss/lib/freebl/libpath.c b/security/nss/lib/freebl/libpath.c
index 43ce39dde..9b76ab9d8 100644
--- a/security/nss/lib/freebl/libpath.c
+++ b/security/nss/lib/freebl/libpath.c
@@ -43,6 +43,7 @@
 
 #include "prmem.h"
 #include "prerror.h"
+#include "prlink.h"
 
 #include <stdio.h>
 #include <errno.h>
@@ -66,6 +67,7 @@
 #include <rld_interface.h>
 #endif
 
+
 /*
  * Return the pathname of the file that the library "name" was loaded
  * from. "addr" is the address of a function defined in the library.
@@ -74,7 +76,7 @@
  */
 
 char *
-freebl_GetLibraryFilePathname(const char *name, void (*addr)())
+freebl_GetLibraryFilePathname(const char *name, PRFuncPtr addr)
 {
 #if defined(SOLARIS) || defined(LINUX)
     Dl_info dli;
diff --git a/security/nss/lib/freebl/loader.c b/security/nss/lib/freebl/loader.c
index 8e536db26..c00d02adf 100644
--- a/security/nss/lib/freebl/loader.c
+++ b/security/nss/lib/freebl/loader.c
@@ -242,6 +242,7 @@ bl_UnloadLibrary(BLLibrary *lib)
 #define MSB(x) ((x)>>8)
 
 static const FREEBLVector *vector;
+static const char *libraryName = NULL;
 
 /* This function must be run only once. */
 /*  determine if hybrid platform, then actually load the DSO. */
@@ -273,7 +274,8 @@ freebl_LoadDSO( void )
 	if (MSB(dsoVersion) == MSB(myVersion) && 
 	    LSB(dsoVersion) >= LSB(myVersion) &&
 	    dsoVector->length >= sizeof(FREEBLVector)) {
-	  vector = dsoVector;
+          vector = dsoVector;
+	  libraryName = name;
 	  return PR_SUCCESS;
 	}
       }
@@ -1271,3 +1273,24 @@ AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output,
 		                      input, inputLen);
 }
 
+PRBool
+BLAPI_SHVerify(const char *name, PRFuncPtr addr)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return PR_FALSE;
+  return vector->p_BLAPI_SHVerify(name, addr);
+}
+
+/*
+ * The Caller is expected to pass NULL as the name, which will
+ * trigger the p_BLAPI_VerifySelf() to return 'TRUE'. If we really loaded
+ * from a shared library, BLAPI_VerifySelf will get pick up the real name
+ * from the static set in freebl_LoadDSO( void ) 
+ */
+PRBool
+BLAPI_VerifySelf(const char *name)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return PR_FALSE;
+  return vector->p_BLAPI_VerifySelf(libraryName);
+}
diff --git a/security/nss/lib/freebl/loader.h b/security/nss/lib/freebl/loader.h
index fe23b4388..410cd3100 100644
--- a/security/nss/lib/freebl/loader.h
+++ b/security/nss/lib/freebl/loader.h
@@ -40,7 +40,7 @@
 
 #include "blapi.h"
 
-#define FREEBL_VERSION 0x0304
+#define FREEBL_VERSION 0x0305
 
 struct FREEBLVectorStr {
 
@@ -329,6 +329,10 @@ struct FREEBLVectorStr {
 
   /* Version 3.004 came to here */
 
+ PRBool (*p_BLAPI_SHVerify)(const char *name, PRFuncPtr addr);
+ PRBool (*p_BLAPI_VerifySelf)(const char *name);
+
+  /* Version 3.005 came to here */
 };
 
 typedef struct FREEBLVectorStr FREEBLVector;
diff --git a/security/nss/lib/freebl/manifest.mn b/security/nss/lib/freebl/manifest.mn
index 21f14e205..606a31154 100644
--- a/security/nss/lib/freebl/manifest.mn
+++ b/security/nss/lib/freebl/manifest.mn
@@ -96,12 +96,11 @@ CSRCS = \
 	pqg.c \
 	dsa.c \
 	rsa.c \
+	shvfy.c \
+	libpath.c \
 	$(MPI_SRCS) \
 	$(NULL)
 endif
-ifndef FREEBL_RECURSIVE_BUILD
-CSRCS += libpath.c
-endif
 
 ALL_CSRCS := $(CSRCS)
 
diff --git a/security/nss/lib/freebl/shvfy.c b/security/nss/lib/freebl/shvfy.c
new file mode 100644
index 000000000..219aa0567
--- /dev/null
+++ b/security/nss/lib/freebl/shvfy.c
@@ -0,0 +1,262 @@
+
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 2003 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ *
+ * shvfy.c - routines to verifh signature.
+ *
+ * $Id$
+ */
+
+#include "shsign.h"
+#include "prlink.h"
+#include "prio.h"
+#include "blapi.h"
+#include "seccomon.h"
+
+#ifndef NSPR_HAS_FILEPATH_FUNC
+char *
+freebl_GetLibraryFilePathname(const char *name, PRFuncPtr addr);
+#else
+#define freebl_GetLibraryFilePathname NSPR_GetLibraryFilePathname
+#endif
+
+static char *
+mkCheckFileName(const char *libName)
+{
+    int ln_len = PORT_Strlen(libName);
+    char *output = PORT_Alloc(ln_len+sizeof(SGN_SUFFIX));
+    int index = ln_len + 1 - sizeof("."SHLIB_SUFFIX);
+
+    if ((index > 0) &&
+        (PORT_Strncmp(&libName[index],
+                        "."SHLIB_SUFFIX,sizeof("."SHLIB_SUFFIX)) == 0)) {
+        ln_len = index;
+    }
+    PORT_Memcpy(output,libName,ln_len);
+    PORT_Memcpy(&output[ln_len],SGN_SUFFIX,sizeof(SGN_SUFFIX));
+    return output;
+}
+
+static int
+decodeInt(unsigned char *buf)
+{
+    return (buf[3]) | (buf[2] << 8) | (buf[1] << 16) | (buf[0] << 24);
+}
+
+static SECStatus
+readItem(PRFileDesc *fd, SECItem *item)
+{
+    unsigned char buf[4];
+    int bytesRead;
+
+
+    bytesRead = PR_Read(fd, buf, 4);
+    if (bytesRead != 4) {
+	return SECFailure;
+    }
+    item->len = decodeInt(buf);
+
+    item->data = PORT_Alloc(item->len);
+    if (item->data == NULL) {
+	item->len = 0;
+	return SECFailure;
+    }
+    bytesRead = PR_Read(fd, item->data, item->len);
+    if (bytesRead != item->len) {
+	PORT_Free(item->data);
+	item->data = NULL;
+	item->len = 0;
+	return SECFailure;
+    }
+    return SECSuccess;
+}
+
+PRBool
+BLAPI_SHVerify(const char *name, PRFuncPtr addr)
+{
+    /* find our shared library name */
+    char *shName = freebl_GetLibraryFilePathname(name, addr);
+    char *checkName = NULL;
+    PRFileDesc *checkFD = NULL;
+    PRFileDesc *shFD = NULL;
+    SHA1Context *hashcx = NULL;
+    SECItem signature = { 0, NULL, 0 };
+    SECItem hash;
+    int bytesRead, offset;
+    SECStatus rv;
+    DSAPublicKey key;
+
+    PRBool result = PR_FALSE; /* if anything goes wrong,
+			       * the signature does not verify */
+    unsigned char buf[512];
+    unsigned char hashBuf[SHA1_LENGTH];
+
+    PORT_Memset(&key,0,sizeof(key));
+    hash.data = hashBuf;
+    hash.len = sizeof(hashBuf);
+
+    if (!shName) {
+	goto loser;
+    }
+
+    /* figure out the name of our check file */
+    checkName = mkCheckFileName(shName);
+    if (!checkName) {
+	goto loser;
+    }
+
+    /* open the check File */
+    checkFD = PR_Open(checkName, PR_RDONLY, 0);
+    if (checkFD == NULL) {
+	goto loser;
+    }
+
+    /* read and Verify the headerthe header */
+    bytesRead = PR_Read(checkFD, buf, 12);
+    if (bytesRead != 12) {
+	goto loser;
+    }
+    if ((buf[0] != NSS_SIGN_CHK_MAGIC1) || (buf[1] != NSS_SIGN_CHK_MAGIC2)) {
+	goto loser;
+    }
+    if ((buf[2] != NSS_SIGN_CHK_MAJOR_VERSION) || 
+				(buf[3] < NSS_SIGN_CHK_MINOR_VERSION)) {
+	goto loser;
+    }
+#ifdef notdef
+    if (decodeInt(&buf[8]) != CKK_DSA) {
+	goto loser;
+    }
+#endif
+
+    /* seek past any future header extensions */
+    offset = decodeInt(&buf[4]);
+    PR_Seek(checkFD, offset, PR_SEEK_SET);
+
+    /* read the key */
+    rv = readItem(checkFD,&key.params.prime);
+    if (rv != SECSuccess) {
+	goto loser;
+    }
+    rv = readItem(checkFD,&key.params.subPrime);
+    if (rv != SECSuccess) {
+	goto loser;
+    }
+    rv = readItem(checkFD,&key.params.base);
+    if (rv != SECSuccess) {
+	goto loser;
+    }
+    rv = readItem(checkFD,&key.publicValue);
+    if (rv != SECSuccess) {
+	goto loser;
+    }
+    /* read the siganture */
+    rv = readItem(checkFD,&signature);
+    if (rv != SECSuccess) {
+	goto loser;
+    }
+
+    /* done with the check file */
+    PR_Close(checkFD);
+    checkFD = NULL;
+
+    /* open our library file */
+    shFD = PR_Open(shName, PR_RDONLY, 0);
+    if (shFD == NULL) {
+	goto loser;
+    }
+
+    /* hash our library file with SHA1 */
+    hashcx = SHA1_NewContext();
+    if (hashcx == NULL) {
+	goto loser;
+    }
+    SHA1_Begin(hashcx);
+
+    while ((bytesRead = PR_Read(shFD, buf, sizeof(buf))) > 0) {
+	SHA1_Update(hashcx, buf, bytesRead);
+    }
+    PR_Close(shFD);
+    shFD = NULL;
+
+    SHA1_End(hashcx, hash.data, &hash.len, hash.len);
+
+
+    /* verify the hash against the check file */
+    if (DSA_VerifyDigest(&key, &signature, &hash) == SECSuccess) {
+	result = PR_TRUE;
+    }
+
+loser:
+    if (shName != NULL) {
+	PR_Free(shName);
+    }
+    if (checkName != NULL) {
+	PORT_Free(checkName);
+    }
+    if (checkFD != NULL) {
+	PR_Close(checkFD);
+    }
+    if (shFD != NULL) {
+	PR_Close(shFD);
+    }
+    if (hashcx != NULL) {
+	SHA1_DestroyContext(hashcx,PR_TRUE);
+    }
+    if (signature.data != NULL) {
+	PORT_Free(signature.data);
+    }
+    if (key.params.prime.data != NULL) {
+	PORT_Free(key.params.prime.data);
+    }
+    if (key.params.subPrime.data != NULL) {
+	PORT_Free(key.params.subPrime.data);
+    }
+    if (key.params.base.data != NULL) {
+	PORT_Free(key.params.base.data);
+    }
+    if (key.publicValue.data != NULL) {
+	PORT_Free(key.publicValue.data);
+    }
+
+    return result;
+}
+
+PRBool
+BLAPI_VerifySelf(const char *name)
+{
+    /* to separate shlib to verify if name is NULL */
+    if (name == NULL) {
+	return PR_TRUE;
+    }
+    return BLAPI_SHVerify(name, (PRFuncPtr) decodeInt);
+}
author	relyea%netscape.com <devnull@localhost>	2003-01-30 23:36:37 +0000
committer	relyea%netscape.com <devnull@localhost>	2003-01-30 23:36:37 +0000
commit	723cfd60813a0682bedea9614504213902bdc395 (patch)
tree	c54672292ad417b9d37387d0b209087801f75d9c
parent	932e92cbf42242ce6d74c22303ae70489fd3f814 (diff)
download	nss-hg-723cfd60813a0682bedea9614504213902bdc395.tar.gz