// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/cert/ct_log_verifier.h"
#include <openssl/evp.h>
#include <openssl/x509.h>
#include "base/logging.h"
#include "crypto/openssl_util.h"
#include "crypto/sha2.h"
#include "net/cert/signed_tree_head.h"
namespace net {
namespace {
const EVP_MD* GetEvpAlg(ct::DigitallySigned::HashAlgorithm alg) {
switch (alg) {
case ct::DigitallySigned::HASH_ALGO_MD5:
return EVP_md5();
case ct::DigitallySigned::HASH_ALGO_SHA1:
return EVP_sha1();
case ct::DigitallySigned::HASH_ALGO_SHA224:
return EVP_sha224();
case ct::DigitallySigned::HASH_ALGO_SHA256:
return EVP_sha256();
case ct::DigitallySigned::HASH_ALGO_SHA384:
return EVP_sha384();
case ct::DigitallySigned::HASH_ALGO_SHA512:
return EVP_sha512();
case ct::DigitallySigned::HASH_ALGO_NONE:
default:
NOTREACHED();
return NULL;
}
}
} // namespace
CTLogVerifier::~CTLogVerifier() {
crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
if (public_key_)
EVP_PKEY_free(public_key_);
}
CTLogVerifier::CTLogVerifier()
: hash_algorithm_(ct::DigitallySigned::HASH_ALGO_NONE),
signature_algorithm_(ct::DigitallySigned::SIG_ALGO_ANONYMOUS),
public_key_(NULL) {}
bool CTLogVerifier::Init(const base::StringPiece& public_key,
const base::StringPiece& description) {
crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
crypto::ScopedOpenSSL<BIO, BIO_free_all> bio(
BIO_new_mem_buf(const_cast<char*>(public_key.data()), public_key.size()));
if (!bio.get())
return false;
public_key_ = d2i_PUBKEY_bio(bio.get(), NULL);
if (!public_key_)
return false;
key_id_ = crypto::SHA256HashString(public_key);
description_ = description.as_string();
// Right now, only RSASSA-PKCS1v15 with SHA-256 and ECDSA with SHA-256 are
// supported.
switch (EVP_PKEY_type(public_key_->type)) {
case EVP_PKEY_RSA:
hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_RSA;
break;
case EVP_PKEY_EC:
hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_ECDSA;
break;
default:
DVLOG(1) << "Unsupported key type: " << EVP_PKEY_type(public_key_->type);
return false;
}
// Extra sanity check: Require RSA keys of at least 2048 bits.
// EVP_PKEY_size returns the size in bytes. 256 = 2048-bit RSA key.
if (signature_algorithm_ == ct::DigitallySigned::SIG_ALGO_RSA &&
EVP_PKEY_size(public_key_) < 256) {
DVLOG(1) << "Too small a public key.";
return false;
}
return true;
}
bool CTLogVerifier::VerifySignature(const base::StringPiece& data_to_sign,
const base::StringPiece& signature) {
crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
const EVP_MD* hash_alg = GetEvpAlg(hash_algorithm_);
if (hash_alg == NULL)
return false;
EVP_MD_CTX ctx;
EVP_MD_CTX_init(&ctx);
bool ok = (
1 == EVP_DigestVerifyInit(&ctx, NULL, hash_alg, NULL, public_key_) &&
1 == EVP_DigestVerifyUpdate(
&ctx, data_to_sign.data(), data_to_sign.size()) &&
1 == EVP_DigestVerifyFinal(
&ctx,
reinterpret_cast<unsigned char*>(const_cast<char*>(signature.data())),
signature.size()));
EVP_MD_CTX_cleanup(&ctx);
return ok;
}
} // namespace net