• Home
  • History
  • Annotate
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "net/cert/ct_log_verifier.h"
6 
7 #include <cryptohi.h>
8 #include <keyhi.h>
9 #include <nss.h>
10 #include <pk11pub.h>
11 #include <secitem.h>
12 #include <secoid.h>
13 
14 #include "base/logging.h"
15 #include "crypto/nss_util.h"
16 #include "crypto/sha2.h"
17 #include "net/cert/signed_tree_head.h"
18 
19 namespace net {
20 
21 namespace {
22 
GetNSSSigAlg(ct::DigitallySigned::SignatureAlgorithm alg)23 SECOidTag GetNSSSigAlg(ct::DigitallySigned::SignatureAlgorithm alg) {
24   switch (alg) {
25     case ct::DigitallySigned::SIG_ALGO_RSA:
26       return SEC_OID_PKCS1_RSA_ENCRYPTION;
27     case ct::DigitallySigned::SIG_ALGO_DSA:
28       return SEC_OID_ANSIX9_DSA_SIGNATURE;
29     case ct::DigitallySigned::SIG_ALGO_ECDSA:
30       return SEC_OID_ANSIX962_EC_PUBLIC_KEY;
31     case ct::DigitallySigned::SIG_ALGO_ANONYMOUS:
32     default:
33       NOTREACHED();
34       return SEC_OID_UNKNOWN;
35   }
36 }
37 
GetNSSHashAlg(ct::DigitallySigned::HashAlgorithm alg)38 SECOidTag GetNSSHashAlg(ct::DigitallySigned::HashAlgorithm alg) {
39   switch (alg) {
40     case ct::DigitallySigned::HASH_ALGO_MD5:
41       return SEC_OID_MD5;
42     case ct::DigitallySigned::HASH_ALGO_SHA1:
43       return SEC_OID_SHA1;
44     case ct::DigitallySigned::HASH_ALGO_SHA224:
45       return SEC_OID_SHA224;
46     case ct::DigitallySigned::HASH_ALGO_SHA256:
47       return SEC_OID_SHA256;
48     case ct::DigitallySigned::HASH_ALGO_SHA384:
49       return SEC_OID_SHA384;
50     case ct::DigitallySigned::HASH_ALGO_SHA512:
51       return SEC_OID_SHA512;
52     case ct::DigitallySigned::HASH_ALGO_NONE:
53     default:
54       NOTREACHED();
55       return SEC_OID_UNKNOWN;
56   }
57 }
58 
59 }  // namespace
60 
~CTLogVerifier()61 CTLogVerifier::~CTLogVerifier() {
62   if (public_key_)
63     SECKEY_DestroyPublicKey(public_key_);
64 }
65 
CTLogVerifier()66 CTLogVerifier::CTLogVerifier()
67     : hash_algorithm_(ct::DigitallySigned::HASH_ALGO_NONE),
68       signature_algorithm_(ct::DigitallySigned::SIG_ALGO_ANONYMOUS),
69       public_key_(NULL) {}
70 
Init(const base::StringPiece & public_key,const base::StringPiece & description)71 bool CTLogVerifier::Init(const base::StringPiece& public_key,
72                          const base::StringPiece& description) {
73   SECItem key_data;
74 
75   crypto::EnsureNSSInit();
76 
77   key_data.data = reinterpret_cast<unsigned char*>(
78       const_cast<char*>(public_key.data()));
79   key_data.len = public_key.size();
80 
81   CERTSubjectPublicKeyInfo* public_key_info =
82       SECKEY_DecodeDERSubjectPublicKeyInfo(&key_data);
83   if (!public_key_info) {
84     DVLOG(1) << "Failed decoding public key.";
85     return false;
86   }
87 
88   public_key_ = SECKEY_ExtractPublicKey(public_key_info);
89   SECKEY_DestroySubjectPublicKeyInfo(public_key_info);
90 
91   if (!public_key_) {
92     DVLOG(1) << "Failed extracting public key.";
93     return false;
94   }
95 
96   key_id_ = crypto::SHA256HashString(public_key);
97   description_ = description.as_string();
98 
99   // Right now, only RSASSA-PKCS1v15 with SHA-256 and ECDSA with SHA-256 are
100   // supported.
101   switch (SECKEY_GetPublicKeyType(public_key_)) {
102     case rsaKey:
103       hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
104       signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_RSA;
105       break;
106     case ecKey:
107       hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
108       signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_ECDSA;
109       break;
110     default:
111       DVLOG(1) << "Unsupported key type: "
112                << SECKEY_GetPublicKeyType(public_key_);
113       return false;
114   }
115 
116   // Extra sanity check: Require RSA keys of at least 2048 bits.
117   if (signature_algorithm_ == ct::DigitallySigned::SIG_ALGO_RSA &&
118       SECKEY_PublicKeyStrengthInBits(public_key_) < 2048) {
119     DVLOG(1) << "Too small a public key.";
120     return false;
121   }
122 
123   return true;
124 }
125 
VerifySignature(const base::StringPiece & data_to_sign,const base::StringPiece & signature)126 bool CTLogVerifier::VerifySignature(const base::StringPiece& data_to_sign,
127                                     const base::StringPiece& signature) {
128   SECItem sig_data;
129   sig_data.data = reinterpret_cast<unsigned char*>(const_cast<char*>(
130       signature.data()));
131   sig_data.len = signature.size();
132 
133   SECStatus rv = VFY_VerifyDataDirect(
134       reinterpret_cast<const unsigned char*>(data_to_sign.data()),
135       data_to_sign.size(), public_key_, &sig_data,
136       GetNSSSigAlg(signature_algorithm_), GetNSSHashAlg(hash_algorithm_),
137       NULL, NULL);
138   DVLOG(1) << "Signature verification result: " << (rv == SECSuccess);
139   return rv == SECSuccess;
140 }
141 
142 }  // namespace net
143