Home | History | Annotate | Download | only in cert 
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "net/cert/ct_log_verifier.h"
      6 
      7 #include <cryptohi.h>
      8 #include <keyhi.h>
      9 #include <nss.h>
     10 #include <pk11pub.h>
     11 #include <secitem.h>
     12 #include <secoid.h>
     13 
     14 #include "base/logging.h"
     15 #include "crypto/nss_util.h"
     16 #include "crypto/sha2.h"
     17 #include "net/cert/signed_tree_head.h"
     18 
     19 namespace net {
     20 
     21 namespace {
     22 
     23 SECOidTag GetNSSSigAlg(ct::DigitallySigned::SignatureAlgorithm alg) {
     24   switch (alg) {
     25     case ct::DigitallySigned::SIG_ALGO_RSA:
     26       return SEC_OID_PKCS1_RSA_ENCRYPTION;
     27     case ct::DigitallySigned::SIG_ALGO_DSA:
     28       return SEC_OID_ANSIX9_DSA_SIGNATURE;
     29     case ct::DigitallySigned::SIG_ALGO_ECDSA:
     30       return SEC_OID_ANSIX962_EC_PUBLIC_KEY;
     31     case ct::DigitallySigned::SIG_ALGO_ANONYMOUS:
     32     default:
     33       NOTREACHED();
     34       return SEC_OID_UNKNOWN;
     35   }
     36 }
     37 
     38 SECOidTag GetNSSHashAlg(ct::DigitallySigned::HashAlgorithm alg) {
     39   switch (alg) {
     40     case ct::DigitallySigned::HASH_ALGO_MD5:
     41       return SEC_OID_MD5;
     42     case ct::DigitallySigned::HASH_ALGO_SHA1:
     43       return SEC_OID_SHA1;
     44     case ct::DigitallySigned::HASH_ALGO_SHA224:
     45       return SEC_OID_SHA224;
     46     case ct::DigitallySigned::HASH_ALGO_SHA256:
     47       return SEC_OID_SHA256;
     48     case ct::DigitallySigned::HASH_ALGO_SHA384:
     49       return SEC_OID_SHA384;
     50     case ct::DigitallySigned::HASH_ALGO_SHA512:
     51       return SEC_OID_SHA512;
     52     case ct::DigitallySigned::HASH_ALGO_NONE:
     53     default:
     54       NOTREACHED();
     55       return SEC_OID_UNKNOWN;
     56   }
     57 }
     58 
     59 }  // namespace
     60 
     61 CTLogVerifier::~CTLogVerifier() {
     62   if (public_key_)
     63     SECKEY_DestroyPublicKey(public_key_);
     64 }
     65 
     66 CTLogVerifier::CTLogVerifier()
     67     : hash_algorithm_(ct::DigitallySigned::HASH_ALGO_NONE),
     68       signature_algorithm_(ct::DigitallySigned::SIG_ALGO_ANONYMOUS),
     69       public_key_(NULL) {}
     70 
     71 bool CTLogVerifier::Init(const base::StringPiece& public_key,
     72                          const base::StringPiece& description) {
     73   SECItem key_data;
     74 
     75   crypto::EnsureNSSInit();
     76 
     77   key_data.data = reinterpret_cast<unsigned char*>(
     78       const_cast<char*>(public_key.data()));
     79   key_data.len = public_key.size();
     80 
     81   CERTSubjectPublicKeyInfo* public_key_info =
     82       SECKEY_DecodeDERSubjectPublicKeyInfo(&key_data);
     83   if (!public_key_info) {
     84     DVLOG(1) << "Failed decoding public key.";
     85     return false;
     86   }
     87 
     88   public_key_ = SECKEY_ExtractPublicKey(public_key_info);
     89   SECKEY_DestroySubjectPublicKeyInfo(public_key_info);
     90 
     91   if (!public_key_) {
     92     DVLOG(1) << "Failed extracting public key.";
     93     return false;
     94   }
     95 
     96   key_id_ = crypto::SHA256HashString(public_key);
     97   description_ = description.as_string();
     98 
     99   // Right now, only RSASSA-PKCS1v15 with SHA-256 and ECDSA with SHA-256 are
    100   // supported.
    101   switch (SECKEY_GetPublicKeyType(public_key_)) {
    102     case rsaKey:
    103       hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
    104       signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_RSA;
    105       break;
    106     case ecKey:
    107       hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
    108       signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_ECDSA;
    109       break;
    110     default:
    111       DVLOG(1) << "Unsupported key type: "
    112                << SECKEY_GetPublicKeyType(public_key_);
    113       return false;
    114   }
    115 
    116   // Extra sanity check: Require RSA keys of at least 2048 bits.
    117   if (signature_algorithm_ == ct::DigitallySigned::SIG_ALGO_RSA &&
    118       SECKEY_PublicKeyStrengthInBits(public_key_) < 2048) {
    119     DVLOG(1) << "Too small a public key.";
    120     return false;
    121   }
    122 
    123   return true;
    124 }
    125 
    126 bool CTLogVerifier::VerifySignature(const base::StringPiece& data_to_sign,
    127                                     const base::StringPiece& signature) {
    128   SECItem sig_data;
    129   sig_data.data = reinterpret_cast<unsigned char*>(const_cast<char*>(
    130       signature.data()));
    131   sig_data.len = signature.size();
    132 
    133   SECStatus rv = VFY_VerifyDataDirect(
    134       reinterpret_cast<const unsigned char*>(data_to_sign.data()),
    135       data_to_sign.size(), public_key_, &sig_data,
    136       GetNSSSigAlg(signature_algorithm_), GetNSSHashAlg(hash_algorithm_),
    137       NULL, NULL);
    138   DVLOG(1) << "Signature verification result: " << (rv == SECSuccess);
    139   return rv == SECSuccess;
    140 }
    141 
    142 }  // namespace net
    143