| // Copyright 2013 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "net/cert/ct_log_verifier.h" |
| |
| #include <cryptohi.h> |
| #include <keyhi.h> |
| #include <nss.h> |
| #include <pk11pub.h> |
| #include <secitem.h> |
| #include <secoid.h> |
| |
| #include "base/logging.h" |
| #include "crypto/nss_util.h" |
| #include "crypto/sha2.h" |
| #include "net/cert/signed_tree_head.h" |
| |
| namespace net { |
| |
| namespace { |
| |
| SECOidTag GetNSSSigAlg(ct::DigitallySigned::SignatureAlgorithm alg) { |
| switch (alg) { |
| case ct::DigitallySigned::SIG_ALGO_RSA: |
| return SEC_OID_PKCS1_RSA_ENCRYPTION; |
| case ct::DigitallySigned::SIG_ALGO_DSA: |
| return SEC_OID_ANSIX9_DSA_SIGNATURE; |
| case ct::DigitallySigned::SIG_ALGO_ECDSA: |
| return SEC_OID_ANSIX962_EC_PUBLIC_KEY; |
| case ct::DigitallySigned::SIG_ALGO_ANONYMOUS: |
| default: |
| NOTREACHED(); |
| return SEC_OID_UNKNOWN; |
| } |
| } |
| |
| SECOidTag GetNSSHashAlg(ct::DigitallySigned::HashAlgorithm alg) { |
| switch (alg) { |
| case ct::DigitallySigned::HASH_ALGO_MD5: |
| return SEC_OID_MD5; |
| case ct::DigitallySigned::HASH_ALGO_SHA1: |
| return SEC_OID_SHA1; |
| case ct::DigitallySigned::HASH_ALGO_SHA224: |
| return SEC_OID_SHA224; |
| case ct::DigitallySigned::HASH_ALGO_SHA256: |
| return SEC_OID_SHA256; |
| case ct::DigitallySigned::HASH_ALGO_SHA384: |
| return SEC_OID_SHA384; |
| case ct::DigitallySigned::HASH_ALGO_SHA512: |
| return SEC_OID_SHA512; |
| case ct::DigitallySigned::HASH_ALGO_NONE: |
| default: |
| NOTREACHED(); |
| return SEC_OID_UNKNOWN; |
| } |
| } |
| |
| } // namespace |
| |
| CTLogVerifier::~CTLogVerifier() { |
| if (public_key_) |
| SECKEY_DestroyPublicKey(public_key_); |
| } |
| |
| CTLogVerifier::CTLogVerifier() |
| : hash_algorithm_(ct::DigitallySigned::HASH_ALGO_NONE), |
| signature_algorithm_(ct::DigitallySigned::SIG_ALGO_ANONYMOUS), |
| public_key_(NULL) {} |
| |
| bool CTLogVerifier::Init(const base::StringPiece& public_key, |
| const base::StringPiece& description) { |
| SECItem key_data; |
| |
| crypto::EnsureNSSInit(); |
| |
| key_data.data = reinterpret_cast<unsigned char*>( |
| const_cast<char*>(public_key.data())); |
| key_data.len = public_key.size(); |
| |
| CERTSubjectPublicKeyInfo* public_key_info = |
| SECKEY_DecodeDERSubjectPublicKeyInfo(&key_data); |
| if (!public_key_info) { |
| DVLOG(1) << "Failed decoding public key."; |
| return false; |
| } |
| |
| public_key_ = SECKEY_ExtractPublicKey(public_key_info); |
| SECKEY_DestroySubjectPublicKeyInfo(public_key_info); |
| |
| if (!public_key_) { |
| DVLOG(1) << "Failed extracting public key."; |
| return false; |
| } |
| |
| key_id_ = crypto::SHA256HashString(public_key); |
| description_ = description.as_string(); |
| |
| // Right now, only RSASSA-PKCS1v15 with SHA-256 and ECDSA with SHA-256 are |
| // supported. |
| switch (SECKEY_GetPublicKeyType(public_key_)) { |
| case rsaKey: |
| hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256; |
| signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_RSA; |
| break; |
| case ecKey: |
| hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256; |
| signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_ECDSA; |
| break; |
| default: |
| DVLOG(1) << "Unsupported key type: " |
| << SECKEY_GetPublicKeyType(public_key_); |
| return false; |
| } |
| |
| // Extra sanity check: Require RSA keys of at least 2048 bits. |
| if (signature_algorithm_ == ct::DigitallySigned::SIG_ALGO_RSA && |
| SECKEY_PublicKeyStrengthInBits(public_key_) < 2048) { |
| DVLOG(1) << "Too small a public key."; |
| return false; |
| } |
| |
| return true; |
| } |
| |
| bool CTLogVerifier::VerifySignature(const base::StringPiece& data_to_sign, |
| const base::StringPiece& signature) { |
| SECItem sig_data; |
| sig_data.data = reinterpret_cast<unsigned char*>(const_cast<char*>( |
| signature.data())); |
| sig_data.len = signature.size(); |
| |
| SECStatus rv = VFY_VerifyDataDirect( |
| reinterpret_cast<const unsigned char*>(data_to_sign.data()), |
| data_to_sign.size(), public_key_, &sig_data, |
| GetNSSSigAlg(signature_algorithm_), GetNSSHashAlg(hash_algorithm_), |
| NULL, NULL); |
| DVLOG(1) << "Signature verification result: " << (rv == SECSuccess); |
| return rv == SECSuccess; |
| } |
| |
| } // namespace net |