1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/ct_log_verifier.h"
6
7 #include <cryptohi.h>
8 #include <keyhi.h>
9 #include <nss.h>
10 #include <pk11pub.h>
11 #include <secitem.h>
12 #include <secoid.h>
13
14 #include "base/logging.h"
15 #include "crypto/nss_util.h"
16 #include "crypto/sha2.h"
17 #include "net/cert/signed_tree_head.h"
18
19 namespace net {
20
21 namespace {
22
GetNSSSigAlg(ct::DigitallySigned::SignatureAlgorithm alg)23 SECOidTag GetNSSSigAlg(ct::DigitallySigned::SignatureAlgorithm alg) {
24 switch (alg) {
25 case ct::DigitallySigned::SIG_ALGO_RSA:
26 return SEC_OID_PKCS1_RSA_ENCRYPTION;
27 case ct::DigitallySigned::SIG_ALGO_DSA:
28 return SEC_OID_ANSIX9_DSA_SIGNATURE;
29 case ct::DigitallySigned::SIG_ALGO_ECDSA:
30 return SEC_OID_ANSIX962_EC_PUBLIC_KEY;
31 case ct::DigitallySigned::SIG_ALGO_ANONYMOUS:
32 default:
33 NOTREACHED();
34 return SEC_OID_UNKNOWN;
35 }
36 }
37
GetNSSHashAlg(ct::DigitallySigned::HashAlgorithm alg)38 SECOidTag GetNSSHashAlg(ct::DigitallySigned::HashAlgorithm alg) {
39 switch (alg) {
40 case ct::DigitallySigned::HASH_ALGO_MD5:
41 return SEC_OID_MD5;
42 case ct::DigitallySigned::HASH_ALGO_SHA1:
43 return SEC_OID_SHA1;
44 case ct::DigitallySigned::HASH_ALGO_SHA224:
45 return SEC_OID_SHA224;
46 case ct::DigitallySigned::HASH_ALGO_SHA256:
47 return SEC_OID_SHA256;
48 case ct::DigitallySigned::HASH_ALGO_SHA384:
49 return SEC_OID_SHA384;
50 case ct::DigitallySigned::HASH_ALGO_SHA512:
51 return SEC_OID_SHA512;
52 case ct::DigitallySigned::HASH_ALGO_NONE:
53 default:
54 NOTREACHED();
55 return SEC_OID_UNKNOWN;
56 }
57 }
58
59 } // namespace
60
~CTLogVerifier()61 CTLogVerifier::~CTLogVerifier() {
62 if (public_key_)
63 SECKEY_DestroyPublicKey(public_key_);
64 }
65
CTLogVerifier()66 CTLogVerifier::CTLogVerifier()
67 : hash_algorithm_(ct::DigitallySigned::HASH_ALGO_NONE),
68 signature_algorithm_(ct::DigitallySigned::SIG_ALGO_ANONYMOUS),
69 public_key_(NULL) {}
70
Init(const base::StringPiece & public_key,const base::StringPiece & description)71 bool CTLogVerifier::Init(const base::StringPiece& public_key,
72 const base::StringPiece& description) {
73 SECItem key_data;
74
75 crypto::EnsureNSSInit();
76
77 key_data.data = reinterpret_cast<unsigned char*>(
78 const_cast<char*>(public_key.data()));
79 key_data.len = public_key.size();
80
81 CERTSubjectPublicKeyInfo* public_key_info =
82 SECKEY_DecodeDERSubjectPublicKeyInfo(&key_data);
83 if (!public_key_info) {
84 DVLOG(1) << "Failed decoding public key.";
85 return false;
86 }
87
88 public_key_ = SECKEY_ExtractPublicKey(public_key_info);
89 SECKEY_DestroySubjectPublicKeyInfo(public_key_info);
90
91 if (!public_key_) {
92 DVLOG(1) << "Failed extracting public key.";
93 return false;
94 }
95
96 key_id_ = crypto::SHA256HashString(public_key);
97 description_ = description.as_string();
98
99 // Right now, only RSASSA-PKCS1v15 with SHA-256 and ECDSA with SHA-256 are
100 // supported.
101 switch (SECKEY_GetPublicKeyType(public_key_)) {
102 case rsaKey:
103 hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
104 signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_RSA;
105 break;
106 case ecKey:
107 hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
108 signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_ECDSA;
109 break;
110 default:
111 DVLOG(1) << "Unsupported key type: "
112 << SECKEY_GetPublicKeyType(public_key_);
113 return false;
114 }
115
116 // Extra sanity check: Require RSA keys of at least 2048 bits.
117 if (signature_algorithm_ == ct::DigitallySigned::SIG_ALGO_RSA &&
118 SECKEY_PublicKeyStrengthInBits(public_key_) < 2048) {
119 DVLOG(1) << "Too small a public key.";
120 return false;
121 }
122
123 return true;
124 }
125
VerifySignature(const base::StringPiece & data_to_sign,const base::StringPiece & signature)126 bool CTLogVerifier::VerifySignature(const base::StringPiece& data_to_sign,
127 const base::StringPiece& signature) {
128 SECItem sig_data;
129 sig_data.data = reinterpret_cast<unsigned char*>(const_cast<char*>(
130 signature.data()));
131 sig_data.len = signature.size();
132
133 SECStatus rv = VFY_VerifyDataDirect(
134 reinterpret_cast<const unsigned char*>(data_to_sign.data()),
135 data_to_sign.size(), public_key_, &sig_data,
136 GetNSSSigAlg(signature_algorithm_), GetNSSHashAlg(hash_algorithm_),
137 NULL, NULL);
138 DVLOG(1) << "Signature verification result: " << (rv == SECSuccess);
139 return rv == SECSuccess;
140 }
141
142 } // namespace net
143