net/cert/ct_log_verifier_nss.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/cert/ct_log_verifier.h"
   6
   7 #include <cryptohi.h>
   8 #include <keyhi.h>
   9 #include <nss.h>
  10 #include <pk11pub.h>
  11 #include <secitem.h>
  12 #include <secoid.h>
  13
  14 #include "base/logging.h"
  15 #include "crypto/nss_util.h"
  16 #include "crypto/sha2.h"
  17 #include "net/cert/signed_certificate_timestamp.h"
  18
  19 namespace net {
  20
  21 namespace {
  22
  23 SECOidTag GetNSSSigAlg(ct::DigitallySigned::SignatureAlgorithm alg) {
  24   switch (alg) {
  25     case ct::DigitallySigned::SIG_ALGO_RSA:
  26       return SEC_OID_PKCS1_RSA_ENCRYPTION;
  27     case ct::DigitallySigned::SIG_ALGO_DSA:
  28       return SEC_OID_ANSIX9_DSA_SIGNATURE;
  29     case ct::DigitallySigned::SIG_ALGO_ECDSA:
  30       return SEC_OID_ANSIX962_EC_PUBLIC_KEY;
  31     case ct::DigitallySigned::SIG_ALGO_ANONYMOUS:
  32     default:
  33       NOTREACHED();
  34       return SEC_OID_UNKNOWN;
  35   }
  36 }
  37
  38 SECOidTag GetNSSHashAlg(ct::DigitallySigned::HashAlgorithm alg) {
  39   switch (alg) {
  40     case ct::DigitallySigned::HASH_ALGO_MD5:
  41       return SEC_OID_MD5;
  42     case ct::DigitallySigned::HASH_ALGO_SHA1:
  43       return SEC_OID_SHA1;
  44     case ct::DigitallySigned::HASH_ALGO_SHA224:
  45       return SEC_OID_SHA224;
  46     case ct::DigitallySigned::HASH_ALGO_SHA256:
  47       return SEC_OID_SHA256;
  48     case ct::DigitallySigned::HASH_ALGO_SHA384:
  49       return SEC_OID_SHA384;
  50     case ct::DigitallySigned::HASH_ALGO_SHA512:
  51       return SEC_OID_SHA512;
  52     case ct::DigitallySigned::HASH_ALGO_NONE:
  53     default:
  54       NOTREACHED();
  55       return SEC_OID_UNKNOWN;
  56   }
  57 }
  58
  59 }  // namespace
  60
  61 CTLogVerifier::~CTLogVerifier() {
  62   if (public_key_)
  63     SECKEY_DestroyPublicKey(public_key_);
  64 }
  65
  66 CTLogVerifier::CTLogVerifier()
  67     : hash_algorithm_(ct::DigitallySigned::HASH_ALGO_NONE),
  68       signature_algorithm_(ct::DigitallySigned::SIG_ALGO_ANONYMOUS),
  69       public_key_(NULL) {}
  70
  71 bool CTLogVerifier::Init(const base::StringPiece& public_key,
  72                          const base::StringPiece& description) {
  73   SECItem key_data;
  74
  75   crypto::EnsureNSSInit();
  76
  77   key_data.data = reinterpret_cast<unsigned char*>(
  78       const_cast<char*>(public_key.data()));
  79   key_data.len = public_key.size();
  80
  81   CERTSubjectPublicKeyInfo* public_key_info =
  82       SECKEY_DecodeDERSubjectPublicKeyInfo(&key_data);
  83   if (!public_key_info) {
  84     DVLOG(1) << "Failed decoding public key.";
  85     return false;
  86   }
  87
  88   public_key_ = SECKEY_ExtractPublicKey(public_key_info);
  89   SECKEY_DestroySubjectPublicKeyInfo(public_key_info);
  90
  91   if (!public_key_) {
  92     DVLOG(1) << "Failed extracting public key.";
  93     return false;
  94   }
  95
  96   key_id_ = crypto::SHA256HashString(public_key);
  97   description_ = description.as_string();
  98
  99   // Right now, only RSASSA-PKCS1v15 with SHA-256 and ECDSA with SHA-256 are
 100   // supported.
 101   switch (SECKEY_GetPublicKeyType(public_key_)) {
 102     case rsaKey:
 103       hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
 104       signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_RSA;
 105       break;
 106     case ecKey:
 107       hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
 108       signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_ECDSA;
 109       break;
 110     default:
 111       DVLOG(1) << "Unsupported key type: "
 112                << SECKEY_GetPublicKeyType(public_key_);
 113       return false;
 114   }
 115
 116   // Extra sanity check: Require RSA keys of at least 2048 bits.
 117   if (signature_algorithm_ == ct::DigitallySigned::SIG_ALGO_RSA &&
 118       SECKEY_PublicKeyStrengthInBits(public_key_) < 2048) {
 119     DVLOG(1) << "Too small a public key.";
 120     return false;
 121   }
 122
 123   return true;
 124 }
 125
 126 bool CTLogVerifier::VerifySignature(const base::StringPiece& data_to_sign,
 127                                     const base::StringPiece& signature) {
 128   SECItem sig_data;
 129   sig_data.data = reinterpret_cast<unsigned char*>(const_cast<char*>(
 130       signature.data()));
 131   sig_data.len = signature.size();
 132
 133   SECStatus rv = VFY_VerifyDataDirect(
 134       reinterpret_cast<const unsigned char*>(data_to_sign.data()),
 135       data_to_sign.size(), public_key_, &sig_data,
 136       GetNSSSigAlg(signature_algorithm_), GetNSSHashAlg(hash_algorithm_),
 137       NULL, NULL);
 138   DVLOG(1) << "Signature verification result: " << (rv == SECSuccess);
 139   return rv == SECSuccess;
 140 }
 141
 142 }  // namespace net