OLD | NEW |
| (Empty) |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "net/cert/ct_log_verifier.h" | |
6 | |
7 #include <cryptohi.h> | |
8 #include <keyhi.h> | |
9 #include <nss.h> | |
10 #include <pk11pub.h> | |
11 #include <secitem.h> | |
12 #include <secoid.h> | |
13 | |
14 #include "base/logging.h" | |
15 #include "crypto/nss_util.h" | |
16 #include "crypto/sha2.h" | |
17 #include "net/cert/signed_tree_head.h" | |
18 | |
19 namespace net { | |
20 | |
21 namespace { | |
22 | |
23 SECOidTag GetNSSSigAlg(ct::DigitallySigned::SignatureAlgorithm alg) { | |
24 switch (alg) { | |
25 case ct::DigitallySigned::SIG_ALGO_RSA: | |
26 return SEC_OID_PKCS1_RSA_ENCRYPTION; | |
27 case ct::DigitallySigned::SIG_ALGO_DSA: | |
28 return SEC_OID_ANSIX9_DSA_SIGNATURE; | |
29 case ct::DigitallySigned::SIG_ALGO_ECDSA: | |
30 return SEC_OID_ANSIX962_EC_PUBLIC_KEY; | |
31 case ct::DigitallySigned::SIG_ALGO_ANONYMOUS: | |
32 default: | |
33 NOTREACHED(); | |
34 return SEC_OID_UNKNOWN; | |
35 } | |
36 } | |
37 | |
38 SECOidTag GetNSSHashAlg(ct::DigitallySigned::HashAlgorithm alg) { | |
39 switch (alg) { | |
40 case ct::DigitallySigned::HASH_ALGO_MD5: | |
41 return SEC_OID_MD5; | |
42 case ct::DigitallySigned::HASH_ALGO_SHA1: | |
43 return SEC_OID_SHA1; | |
44 case ct::DigitallySigned::HASH_ALGO_SHA224: | |
45 return SEC_OID_SHA224; | |
46 case ct::DigitallySigned::HASH_ALGO_SHA256: | |
47 return SEC_OID_SHA256; | |
48 case ct::DigitallySigned::HASH_ALGO_SHA384: | |
49 return SEC_OID_SHA384; | |
50 case ct::DigitallySigned::HASH_ALGO_SHA512: | |
51 return SEC_OID_SHA512; | |
52 case ct::DigitallySigned::HASH_ALGO_NONE: | |
53 default: | |
54 NOTREACHED(); | |
55 return SEC_OID_UNKNOWN; | |
56 } | |
57 } | |
58 | |
59 } // namespace | |
60 | |
61 CTLogVerifier::~CTLogVerifier() { | |
62 if (public_key_) | |
63 SECKEY_DestroyPublicKey(public_key_); | |
64 } | |
65 | |
66 bool CTLogVerifier::Init(const base::StringPiece& public_key) { | |
67 SECItem key_data; | |
68 | |
69 crypto::EnsureNSSInit(); | |
70 | |
71 key_data.data = reinterpret_cast<unsigned char*>( | |
72 const_cast<char*>(public_key.data())); | |
73 key_data.len = public_key.size(); | |
74 | |
75 CERTSubjectPublicKeyInfo* public_key_info = | |
76 SECKEY_DecodeDERSubjectPublicKeyInfo(&key_data); | |
77 if (!public_key_info) { | |
78 DVLOG(1) << "Failed decoding public key."; | |
79 return false; | |
80 } | |
81 | |
82 public_key_ = SECKEY_ExtractPublicKey(public_key_info); | |
83 SECKEY_DestroySubjectPublicKeyInfo(public_key_info); | |
84 | |
85 if (!public_key_) { | |
86 DVLOG(1) << "Failed extracting public key."; | |
87 return false; | |
88 } | |
89 | |
90 key_id_ = crypto::SHA256HashString(public_key); | |
91 | |
92 // Right now, only RSASSA-PKCS1v15 with SHA-256 and ECDSA with SHA-256 are | |
93 // supported. | |
94 switch (SECKEY_GetPublicKeyType(public_key_)) { | |
95 case rsaKey: | |
96 hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256; | |
97 signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_RSA; | |
98 break; | |
99 case ecKey: | |
100 hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256; | |
101 signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_ECDSA; | |
102 break; | |
103 default: | |
104 DVLOG(1) << "Unsupported key type: " | |
105 << SECKEY_GetPublicKeyType(public_key_); | |
106 return false; | |
107 } | |
108 | |
109 // Extra sanity check: Require RSA keys of at least 2048 bits. | |
110 if (signature_algorithm_ == ct::DigitallySigned::SIG_ALGO_RSA && | |
111 SECKEY_PublicKeyStrengthInBits(public_key_) < 2048) { | |
112 DVLOG(1) << "Too small a public key."; | |
113 return false; | |
114 } | |
115 | |
116 return true; | |
117 } | |
118 | |
119 bool CTLogVerifier::VerifySignature(const base::StringPiece& data_to_sign, | |
120 const base::StringPiece& signature) const { | |
121 SECItem sig_data; | |
122 sig_data.data = reinterpret_cast<unsigned char*>(const_cast<char*>( | |
123 signature.data())); | |
124 sig_data.len = signature.size(); | |
125 | |
126 SECStatus rv = VFY_VerifyDataDirect( | |
127 reinterpret_cast<const unsigned char*>(data_to_sign.data()), | |
128 data_to_sign.size(), public_key_, &sig_data, | |
129 GetNSSSigAlg(signature_algorithm_), GetNSSHashAlg(hash_algorithm_), | |
130 NULL, NULL); | |
131 DVLOG(1) << "Signature verification result: " << (rv == SECSuccess); | |
132 return rv == SECSuccess; | |
133 } | |
134 | |
135 } // namespace net | |
OLD | NEW |