1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "net/cert/ct_log_verifier.h" 6 7#include <cryptohi.h> 8#include <keyhi.h> 9#include <nss.h> 10#include <pk11pub.h> 11#include <secitem.h> 12#include <secoid.h> 13 14#include "base/logging.h" 15#include "crypto/nss_util.h" 16#include "crypto/sha2.h" 17#include "net/cert/signed_tree_head.h" 18 19namespace net { 20 21namespace { 22 23SECOidTag GetNSSSigAlg(ct::DigitallySigned::SignatureAlgorithm alg) { 24 switch (alg) { 25 case ct::DigitallySigned::SIG_ALGO_RSA: 26 return SEC_OID_PKCS1_RSA_ENCRYPTION; 27 case ct::DigitallySigned::SIG_ALGO_DSA: 28 return SEC_OID_ANSIX9_DSA_SIGNATURE; 29 case ct::DigitallySigned::SIG_ALGO_ECDSA: 30 return SEC_OID_ANSIX962_EC_PUBLIC_KEY; 31 case ct::DigitallySigned::SIG_ALGO_ANONYMOUS: 32 default: 33 NOTREACHED(); 34 return SEC_OID_UNKNOWN; 35 } 36} 37 38SECOidTag GetNSSHashAlg(ct::DigitallySigned::HashAlgorithm alg) { 39 switch (alg) { 40 case ct::DigitallySigned::HASH_ALGO_MD5: 41 return SEC_OID_MD5; 42 case ct::DigitallySigned::HASH_ALGO_SHA1: 43 return SEC_OID_SHA1; 44 case ct::DigitallySigned::HASH_ALGO_SHA224: 45 return SEC_OID_SHA224; 46 case ct::DigitallySigned::HASH_ALGO_SHA256: 47 return SEC_OID_SHA256; 48 case ct::DigitallySigned::HASH_ALGO_SHA384: 49 return SEC_OID_SHA384; 50 case ct::DigitallySigned::HASH_ALGO_SHA512: 51 return SEC_OID_SHA512; 52 case ct::DigitallySigned::HASH_ALGO_NONE: 53 default: 54 NOTREACHED(); 55 return SEC_OID_UNKNOWN; 56 } 57} 58 59} // namespace 60 61CTLogVerifier::~CTLogVerifier() { 62 if (public_key_) 63 SECKEY_DestroyPublicKey(public_key_); 64} 65 66CTLogVerifier::CTLogVerifier() 67 : hash_algorithm_(ct::DigitallySigned::HASH_ALGO_NONE), 68 signature_algorithm_(ct::DigitallySigned::SIG_ALGO_ANONYMOUS), 69 public_key_(NULL) {} 70 71bool CTLogVerifier::Init(const base::StringPiece& public_key, 72 const base::StringPiece& description) { 73 SECItem key_data; 74 75 crypto::EnsureNSSInit(); 76 77 key_data.data = reinterpret_cast<unsigned char*>( 78 const_cast<char*>(public_key.data())); 79 key_data.len = public_key.size(); 80 81 CERTSubjectPublicKeyInfo* public_key_info = 82 SECKEY_DecodeDERSubjectPublicKeyInfo(&key_data); 83 if (!public_key_info) { 84 DVLOG(1) << "Failed decoding public key."; 85 return false; 86 } 87 88 public_key_ = SECKEY_ExtractPublicKey(public_key_info); 89 SECKEY_DestroySubjectPublicKeyInfo(public_key_info); 90 91 if (!public_key_) { 92 DVLOG(1) << "Failed extracting public key."; 93 return false; 94 } 95 96 key_id_ = crypto::SHA256HashString(public_key); 97 description_ = description.as_string(); 98 99 // Right now, only RSASSA-PKCS1v15 with SHA-256 and ECDSA with SHA-256 are 100 // supported. 101 switch (SECKEY_GetPublicKeyType(public_key_)) { 102 case rsaKey: 103 hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256; 104 signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_RSA; 105 break; 106 case ecKey: 107 hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256; 108 signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_ECDSA; 109 break; 110 default: 111 DVLOG(1) << "Unsupported key type: " 112 << SECKEY_GetPublicKeyType(public_key_); 113 return false; 114 } 115 116 // Extra sanity check: Require RSA keys of at least 2048 bits. 117 if (signature_algorithm_ == ct::DigitallySigned::SIG_ALGO_RSA && 118 SECKEY_PublicKeyStrengthInBits(public_key_) < 2048) { 119 DVLOG(1) << "Too small a public key."; 120 return false; 121 } 122 123 return true; 124} 125 126bool CTLogVerifier::VerifySignature(const base::StringPiece& data_to_sign, 127 const base::StringPiece& signature) { 128 SECItem sig_data; 129 sig_data.data = reinterpret_cast<unsigned char*>(const_cast<char*>( 130 signature.data())); 131 sig_data.len = signature.size(); 132 133 SECStatus rv = VFY_VerifyDataDirect( 134 reinterpret_cast<const unsigned char*>(data_to_sign.data()), 135 data_to_sign.size(), public_key_, &sig_data, 136 GetNSSSigAlg(signature_algorithm_), GetNSSHashAlg(hash_algorithm_), 137 NULL, NULL); 138 DVLOG(1) << "Signature verification result: " << (rv == SECSuccess); 139 return rv == SECSuccess; 140} 141 142} // namespace net 143