CT: Adding SCT verification functionality: A CTLogVerifier instance can verify SCTs signed by a sin…

net/cert/ct_log_verifier_nss.cc

Index: net/cert/ct_log_verifier_nss.cc
diff --git a/net/cert/ct_log_verifier_nss.cc b/net/cert/ct_log_verifier_nss.cc
new file mode 100644
index 0000000000000000000000000000000000000000..27254324625156c1caa2d23aa8263854b543d1e7
--- /dev/null
+++ b/net/cert/ct_log_verifier_nss.cc
@@ -0,0 +1,142 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/cert/ct_log_verifier.h"
+
+#include <cryptohi.h>
+#include <keyhi.h>
+#include <nss.h>
+#include <pk11pub.h>
+#include <secitem.h>
+#include <secoid.h>
+
+#include "base/logging.h"
+#include "crypto/nss_util.h"
+#include "crypto/sha2.h"
+#include "net/cert/signed_certificate_timestamp.h"
+
+namespace net {
+
+namespace {
+
+SECOidTag GetNSSSigAlg(ct::DigitallySigned::SignatureAlgorithm alg) {
+  switch (alg) {
+    case ct::DigitallySigned::SIG_ALGO_RSA:
+      return SEC_OID_PKCS1_RSA_ENCRYPTION;
+    case ct::DigitallySigned::SIG_ALGO_DSA:
+      return SEC_OID_ANSIX9_DSA_SIGNATURE;
+    case ct::DigitallySigned::SIG_ALGO_ECDSA:
+      return SEC_OID_ANSIX962_EC_PUBLIC_KEY;
+    case ct::DigitallySigned::SIG_ALGO_ANONYMOUS:
+    default:
+      NOTREACHED();
+      return SEC_OID_UNKNOWN;
+  }
+}
+
+SECOidTag GetNSSHashAlg(ct::DigitallySigned::HashAlgorithm alg) {
+  switch (alg) {
+    case ct::DigitallySigned::HASH_ALGO_MD5:
+      return SEC_OID_MD5;
+    case ct::DigitallySigned::HASH_ALGO_SHA1:
+      return SEC_OID_SHA1;
+    case ct::DigitallySigned::HASH_ALGO_SHA224:
+      return SEC_OID_SHA224;
+    case ct::DigitallySigned::HASH_ALGO_SHA256:
+      return SEC_OID_SHA256;
+    case ct::DigitallySigned::HASH_ALGO_SHA384:
+      return SEC_OID_SHA384;
+    case ct::DigitallySigned::HASH_ALGO_SHA512:
+      return SEC_OID_SHA512;
+    case ct::DigitallySigned::HASH_ALGO_NONE:
+    default:
+      NOTREACHED();
+      return SEC_OID_UNKNOWN;
+  }
+}
+
+}  // namespace
+
+CTLogVerifier::~CTLogVerifier() {
+  if (public_key_)
+    SECKEY_DestroyPublicKey(public_key_);
+}
+
+CTLogVerifier::CTLogVerifier() :
+  hash_algorithm_(ct::DigitallySigned::HASH_ALGO_NONE),
+  signature_algorithm_(ct::DigitallySigned::SIG_ALGO_ANONYMOUS),
+  public_key_(NULL) {}

[wtc, 2013/11/14 18:46:30]

Please see the Style Guide's recommendation on how to format a constructor
initializer list:

http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Constructor_In...

+
+bool CTLogVerifier::Init(const base::StringPiece& public_key,
+                         const base::StringPiece& description) {
+  SECItem key_data;
+
+  crypto::EnsureNSSInit();
+
+  key_data.data = reinterpret_cast<unsigned char*>(
+      const_cast<char*>(public_key.data()));
+  key_data.len = public_key.size();
+
+  CERTSubjectPublicKeyInfo* public_key_info =
+      SECKEY_DecodeDERSubjectPublicKeyInfo(&key_data);
+  if (!public_key_info) {
+    DVLOG(1) << "Failed decoding public key.";
+    return false;
+  }
+
+  public_key_ = SECKEY_ExtractPublicKey(public_key_info);
+  SECKEY_DestroySubjectPublicKeyInfo(public_key_info);
+
+  if (!public_key_) {
+    DVLOG(1) << "Failed extracting public key.";
+    return false;
+  }
+
+  key_id_ = crypto::SHA256HashString(public_key);
+  description_ = description.as_string();
+
+  // Right now, only RSASSA-PKCS1v15 with SHA-256 and ECDSA with SHA-256 are
+  // supported.
+  switch (SECKEY_GetPublicKeyType(public_key_)) {
+    case rsaKey:
+      hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
+      signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_RSA;
+      break;
+    case ecKey:
+      hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
+      signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_ECDSA;
+      break;
+    default:
+      DVLOG(1) << "Unsupported key type: " <<
+               SECKEY_GetPublicKeyType(public_key_);

[wtc, 2013/11/14 18:46:30]

Nit: this should be formatted as follows:

  DVLOG(1) << "Unsupported key type: "
           << SECKEY_GetPublicKeyType(public_key_);

You can find an example of this formatting style in the Extended Discussion at
http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Streams

and at

http://www.chromium.org/developers/coding-style#Code_Formatting

+      return false;
+  }
+
+  // Extra sanity check: Require RSA keys of at least 2048 bits.
+  if (signature_algorithm_ == ct::DigitallySigned::SIG_ALGO_RSA &&
+      SECKEY_PublicKeyStrengthInBits(public_key_) < 2048) {
+    DVLOG(1) << "Too small a public key.";
+    return false;
+  }
+
+  return true;
+}
+
+bool CTLogVerifier::VerifySignature(const base::StringPiece& data_to_sign,
+                                    const base::StringPiece& signature) {
+  SECItem sig_data;
+  sig_data.data = reinterpret_cast<unsigned char*>(const_cast<char*>(
+      signature.data()));
+  sig_data.len = signature.size();
+
+  SECStatus rv = VFY_VerifyDataDirect(
+      reinterpret_cast<const unsigned char*>(data_to_sign.data()),
+      data_to_sign.size(), public_key_, &sig_data,
+      GetNSSSigAlg(signature_algorithm_), GetNSSHashAlg(hash_algorithm_),
+      NULL, NULL);
+  DVLOG(1) << "Signature verification result: " << (rv == SECSuccess);
+  return rv == SECSuccess;
+}
+
+}  // namespace net