Add m-esr52 at 52.6.0

1 files changed, 271 insertions, 0 deletions

diff --git a/security/nss/lib/cryptohi/dsautil.c b/security/nss/lib/cryptohi/dsautil.c
new file mode 100644
index 000000000..db397dfd5
--- /dev/null
+++ b/security/nss/lib/cryptohi/dsautil.c
@@ -0,0 +1,271 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "cryptohi.h"
+#include "secasn1.h"
+#include "secitem.h"
+#include "prerr.h"
+
+#ifndef DSA1_SUBPRIME_LEN
+#define DSA1_SUBPRIME_LEN 20 /* bytes */
+#endif
+
+typedef struct {
+    SECItem r;
+    SECItem s;
+} DSA_ASN1Signature;
+
+const SEC_ASN1Template DSA_SignatureTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(DSA_ASN1Signature) },
+      { SEC_ASN1_INTEGER, offsetof(DSA_ASN1Signature, r) },
+      { SEC_ASN1_INTEGER, offsetof(DSA_ASN1Signature, s) },
+      { 0 }
+    };
+
+/* Input is variable length multi-byte integer, MSB first (big endian).
+** Most signficant bit of first byte is NOT treated as a sign bit.
+** May be one or more leading bytes of zeros.
+** Output is variable length multi-byte integer, MSB first (big endian).
+** Most significant bit of first byte will be zero (positive sign bit)
+** No more than one leading zero byte.
+** Caller supplies dest buffer, and assures that it is long enough,
+** e.g. at least one byte longer that src's buffer.
+*/
+void
+DSAU_ConvertUnsignedToSigned(SECItem *dest, SECItem *src)
+{
+    unsigned char *pSrc = src->data;
+    unsigned char *pDst = dest->data;
+    unsigned int cntSrc = src->len;
+
+    /* skip any leading zeros. */
+    while (cntSrc && !(*pSrc)) {
+        pSrc++;
+        cntSrc--;
+    }
+    if (!cntSrc) {
+        *pDst = 0;
+        dest->len = 1;
+        return;
+    }
+
+    if (*pSrc & 0x80)
+        *pDst++ = 0;
+
+    PORT_Memcpy(pDst, pSrc, cntSrc);
+    dest->len = (pDst - dest->data) + cntSrc;
+}
+
+/*
+** src is a buffer holding a signed variable length integer.
+** dest is a buffer which will be filled with an unsigned integer,
+** MSB first (big endian) with leading zeros, so that the last byte
+** of src will be the LSB of the integer.  The result will be exactly
+** the length specified by the caller in dest->len.
+** src can be shorter than dest.  src can be longer than dst, but only
+** if the extra leading bytes are zeros.
+*/
+SECStatus
+DSAU_ConvertSignedToFixedUnsigned(SECItem *dest, SECItem *src)
+{
+    unsigned char *pSrc = src->data;
+    unsigned char *pDst = dest->data;
+    unsigned int cntSrc = src->len;
+    unsigned int cntDst = dest->len;
+    int zCount = cntDst - cntSrc;
+
+    if (zCount > 0) {
+        PORT_Memset(pDst, 0, zCount);
+        PORT_Memcpy(pDst + zCount, pSrc, cntSrc);
+        return SECSuccess;
+    }
+    if (zCount <= 0) {
+        /* Source is longer than destination.  Check for leading zeros. */
+        while (zCount++ < 0) {
+            if (*pSrc++ != 0)
+                goto loser;
+        }
+    }
+    PORT_Memcpy(pDst, pSrc, cntDst);
+    return SECSuccess;
+
+loser:
+    PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+    return SECFailure;
+}
+
+/* src is a "raw" ECDSA or DSA signature, the first half contains r
+ * and the second half contains s. dest is the DER encoded signature.
+*/
+static SECStatus
+common_EncodeDerSig(SECItem *dest, SECItem *src)
+{
+    SECItem *item;
+    SECItem srcItem;
+    DSA_ASN1Signature sig;
+    unsigned char *signedR;
+    unsigned char *signedS;
+    unsigned int len;
+
+    /* Allocate memory with room for an extra byte that
+     * may be required if the top bit in the first byte
+     * is already set.
+     */
+    len = src->len / 2;
+    signedR = (unsigned char *)PORT_Alloc(len + 1);
+    if (!signedR)
+        return SECFailure;
+    signedS = (unsigned char *)PORT_ZAlloc(len + 1);
+    if (!signedS) {
+        if (signedR)
+            PORT_Free(signedR);
+        return SECFailure;
+    }
+
+    PORT_Memset(&sig, 0, sizeof(sig));
+
+    /* Must convert r and s from "unsigned" integers to "signed" integers.
+    ** If the high order bit of the first byte (MSB) is 1, then must
+    ** prepend with leading zero.
+    ** Must remove all but one leading zero byte from numbers.
+    */
+    sig.r.type = siUnsignedInteger;
+    sig.r.data = signedR;
+    sig.r.len = sizeof signedR;
+    sig.s.type = siUnsignedInteger;
+    sig.s.data = signedS;
+    sig.s.len = sizeof signedR;
+
+    srcItem.data = src->data;
+    srcItem.len = len;
+
+    DSAU_ConvertUnsignedToSigned(&sig.r, &srcItem);
+    srcItem.data += len;
+    DSAU_ConvertUnsignedToSigned(&sig.s, &srcItem);
+
+    item = SEC_ASN1EncodeItem(NULL, dest, &sig, DSA_SignatureTemplate);
+    if (signedR)
+        PORT_Free(signedR);
+    if (signedS)
+        PORT_Free(signedS);
+    if (item == NULL)
+        return SECFailure;
+
+    /* XXX leak item? */
+    return SECSuccess;
+}
+
+/* src is a DER-encoded ECDSA or DSA signature.
+** Returns a newly-allocated SECItem structure, pointing at a newly allocated
+** buffer containing the "raw" signature, which is len bytes of r,
+** followed by len bytes of s. For DSA, len is the length of q.
+** For ECDSA, len depends on the key size used to create the signature.
+*/
+static SECItem *
+common_DecodeDerSig(const SECItem *item, unsigned int len)
+{
+    SECItem *result = NULL;
+    SECStatus status;
+    DSA_ASN1Signature sig;
+    SECItem dst;
+
+    PORT_Memset(&sig, 0, sizeof(sig));
+
+    result = PORT_ZNew(SECItem);
+    if (result == NULL)
+        goto loser;
+
+    result->len = 2 * len;
+    result->data = (unsigned char *)PORT_Alloc(2 * len);
+    if (result->data == NULL)
+        goto loser;
+
+    sig.r.type = siUnsignedInteger;
+    sig.s.type = siUnsignedInteger;
+    status = SEC_ASN1DecodeItem(NULL, &sig, DSA_SignatureTemplate, item);
+    if (status != SECSuccess)
+        goto loser;
+
+    /* Convert sig.r and sig.s from variable  length signed integers to
+    ** fixed length unsigned integers.
+    */
+    dst.data = result->data;
+    dst.len = len;
+    status = DSAU_ConvertSignedToFixedUnsigned(&dst, &sig.r);
+    if (status != SECSuccess)
+        goto loser;
+
+    dst.data += len;
+    status = DSAU_ConvertSignedToFixedUnsigned(&dst, &sig.s);
+    if (status != SECSuccess)
+        goto loser;
+
+done:
+    if (sig.r.data != NULL)
+        PORT_Free(sig.r.data);
+    if (sig.s.data != NULL)
+        PORT_Free(sig.s.data);
+
+    return result;
+
+loser:
+    if (result != NULL) {
+        SECITEM_FreeItem(result, PR_TRUE);
+        result = NULL;
+    }
+    goto done;
+}
+
+/* src is a "raw" DSA1 signature, 20 bytes of r followed by 20 bytes of s.
+** dest is the signature DER encoded. ?
+*/
+SECStatus
+DSAU_EncodeDerSig(SECItem *dest, SECItem *src)
+{
+    PORT_Assert(src->len == 2 * DSA1_SUBPRIME_LEN);
+    if (src->len != 2 * DSA1_SUBPRIME_LEN) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return SECFailure;
+    }
+
+    return common_EncodeDerSig(dest, src);
+}
+
+/* src is a "raw" DSA signature of length len (len/2 bytes of r followed
+** by len/2 bytes of s). dest is the signature DER encoded.
+*/
+SECStatus
+DSAU_EncodeDerSigWithLen(SECItem *dest, SECItem *src, unsigned int len)
+{
+
+    PORT_Assert((src->len == len) && (len % 2 == 0));
+    if ((src->len != len) || (src->len % 2 != 0)) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return SECFailure;
+    }
+
+    return common_EncodeDerSig(dest, src);
+}
+
+/* src is a DER-encoded DSA signature.
+** Returns a newly-allocated SECItem structure, pointing at a newly allocated
+** buffer containing the "raw" DSA1 signature, which is 20 bytes of r,
+** followed by 20 bytes of s.
+*/
+SECItem *
+DSAU_DecodeDerSig(const SECItem *item)
+{
+    return common_DecodeDerSig(item, DSA1_SUBPRIME_LEN);
+}
+
+/* src is a DER-encoded ECDSA signature.
+** Returns a newly-allocated SECItem structure, pointing at a newly allocated
+** buffer containing the "raw" ECDSA signature of length len containing
+** r followed by s (both padded to take up exactly len/2 bytes).
+*/
+SECItem *
+DSAU_DecodeDerSigToLen(const SECItem *item, unsigned int len)
+{
+    return common_DecodeDerSig(item, len / 2);
+}