1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/cert/ct_log_verifier.h"
14 #include "base/logging.h"
15 #include "crypto/nss_util.h"
16 #include "crypto/sha2.h"
17 #include "net/cert/signed_tree_head.h"
23 SECOidTag
GetNSSSigAlg(ct::DigitallySigned::SignatureAlgorithm alg
) {
25 case ct::DigitallySigned::SIG_ALGO_RSA
:
26 return SEC_OID_PKCS1_RSA_ENCRYPTION
;
27 case ct::DigitallySigned::SIG_ALGO_DSA
:
28 return SEC_OID_ANSIX9_DSA_SIGNATURE
;
29 case ct::DigitallySigned::SIG_ALGO_ECDSA
:
30 return SEC_OID_ANSIX962_EC_PUBLIC_KEY
;
31 case ct::DigitallySigned::SIG_ALGO_ANONYMOUS
:
34 return SEC_OID_UNKNOWN
;
38 SECOidTag
GetNSSHashAlg(ct::DigitallySigned::HashAlgorithm alg
) {
40 case ct::DigitallySigned::HASH_ALGO_MD5
:
42 case ct::DigitallySigned::HASH_ALGO_SHA1
:
44 case ct::DigitallySigned::HASH_ALGO_SHA224
:
45 return SEC_OID_SHA224
;
46 case ct::DigitallySigned::HASH_ALGO_SHA256
:
47 return SEC_OID_SHA256
;
48 case ct::DigitallySigned::HASH_ALGO_SHA384
:
49 return SEC_OID_SHA384
;
50 case ct::DigitallySigned::HASH_ALGO_SHA512
:
51 return SEC_OID_SHA512
;
52 case ct::DigitallySigned::HASH_ALGO_NONE
:
55 return SEC_OID_UNKNOWN
;
61 CTLogVerifier::~CTLogVerifier() {
63 SECKEY_DestroyPublicKey(public_key_
);
66 CTLogVerifier::CTLogVerifier()
67 : hash_algorithm_(ct::DigitallySigned::HASH_ALGO_NONE
),
68 signature_algorithm_(ct::DigitallySigned::SIG_ALGO_ANONYMOUS
),
71 bool CTLogVerifier::Init(const base::StringPiece
& public_key
,
72 const base::StringPiece
& description
) {
75 crypto::EnsureNSSInit();
77 key_data
.data
= reinterpret_cast<unsigned char*>(
78 const_cast<char*>(public_key
.data()));
79 key_data
.len
= public_key
.size();
81 CERTSubjectPublicKeyInfo
* public_key_info
=
82 SECKEY_DecodeDERSubjectPublicKeyInfo(&key_data
);
83 if (!public_key_info
) {
84 DVLOG(1) << "Failed decoding public key.";
88 public_key_
= SECKEY_ExtractPublicKey(public_key_info
);
89 SECKEY_DestroySubjectPublicKeyInfo(public_key_info
);
92 DVLOG(1) << "Failed extracting public key.";
96 key_id_
= crypto::SHA256HashString(public_key
);
97 description_
= description
.as_string();
99 // Right now, only RSASSA-PKCS1v15 with SHA-256 and ECDSA with SHA-256 are
101 switch (SECKEY_GetPublicKeyType(public_key_
)) {
103 hash_algorithm_
= ct::DigitallySigned::HASH_ALGO_SHA256
;
104 signature_algorithm_
= ct::DigitallySigned::SIG_ALGO_RSA
;
107 hash_algorithm_
= ct::DigitallySigned::HASH_ALGO_SHA256
;
108 signature_algorithm_
= ct::DigitallySigned::SIG_ALGO_ECDSA
;
111 DVLOG(1) << "Unsupported key type: "
112 << SECKEY_GetPublicKeyType(public_key_
);
116 // Extra sanity check: Require RSA keys of at least 2048 bits.
117 if (signature_algorithm_
== ct::DigitallySigned::SIG_ALGO_RSA
&&
118 SECKEY_PublicKeyStrengthInBits(public_key_
) < 2048) {
119 DVLOG(1) << "Too small a public key.";
126 bool CTLogVerifier::VerifySignature(const base::StringPiece
& data_to_sign
,
127 const base::StringPiece
& signature
) {
129 sig_data
.data
= reinterpret_cast<unsigned char*>(const_cast<char*>(
131 sig_data
.len
= signature
.size();
133 SECStatus rv
= VFY_VerifyDataDirect(
134 reinterpret_cast<const unsigned char*>(data_to_sign
.data()),
135 data_to_sign
.size(), public_key_
, &sig_data
,
136 GetNSSSigAlg(signature_algorithm_
), GetNSSHashAlg(hash_algorithm_
),
138 DVLOG(1) << "Signature verification result: " << (rv
== SECSuccess
);
139 return rv
== SECSuccess
;