1 // Copyright 2023 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include "anonymous_tokens/cpp/crypto/rsa_ssa_pss_verifier.h"
16
17 #include <stdint.h>
18
19 #include <memory>
20 #include <string>
21 #include <utility>
22
23 #include "absl/memory/memory.h"
24 #include "absl/status/status.h"
25 #include "absl/status/statusor.h"
26 #include "absl/strings/str_cat.h"
27 #include "absl/strings/string_view.h"
28 #include "anonymous_tokens/cpp/crypto/anonymous_tokens_pb_openssl_converters.h"
29 #include "anonymous_tokens/cpp/crypto/constants.h"
30 #include "anonymous_tokens/cpp/crypto/crypto_utils.h"
31 #include "anonymous_tokens/cpp/shared/status_utils.h"
32 #include "anonymous_tokens/proto/anonymous_tokens.pb.h"
33 #include <openssl/bn.h>
34 #include <openssl/rsa.h>
35
36
37 namespace anonymous_tokens {
38
New(const int salt_length,const EVP_MD * sig_hash,const EVP_MD * mgf1_hash,const RSAPublicKey & public_key,const bool use_rsa_public_exponent,std::optional<absl::string_view> public_metadata)39 absl::StatusOr<std::unique_ptr<RsaSsaPssVerifier>> RsaSsaPssVerifier::New(
40 const int salt_length, const EVP_MD* sig_hash, const EVP_MD* mgf1_hash,
41 const RSAPublicKey& public_key, const bool use_rsa_public_exponent,
42 std::optional<absl::string_view> public_metadata) {
43 bssl::UniquePtr<RSA> rsa_public_key;
44
45 if (!public_metadata.has_value()) {
46 ANON_TOKENS_ASSIGN_OR_RETURN(rsa_public_key,
47 AnonymousTokensRSAPublicKeyToRSA(public_key));
48 } else {
49 // If public metadata is passed, RsaSsaPssVerifier will compute a new public
50 // exponent using the public metadata.
51 //
52 // Empty string is a valid public metadata value.
53 ANON_TOKENS_ASSIGN_OR_RETURN(
54 rsa_public_key, CreatePublicKeyRSAWithPublicMetadata(
55 public_key.n(), public_key.e(), *public_metadata,
56 use_rsa_public_exponent));
57 }
58
59 return absl::WrapUnique(new RsaSsaPssVerifier(salt_length, public_metadata,
60 sig_hash, mgf1_hash,
61 std::move(rsa_public_key)));
62 }
63
RsaSsaPssVerifier(int salt_length,std::optional<absl::string_view> public_metadata,const EVP_MD * sig_hash,const EVP_MD * mgf1_hash,bssl::UniquePtr<RSA> rsa_public_key)64 RsaSsaPssVerifier::RsaSsaPssVerifier(
65 int salt_length, std::optional<absl::string_view> public_metadata,
66 const EVP_MD* sig_hash, const EVP_MD* mgf1_hash,
67 bssl::UniquePtr<RSA> rsa_public_key)
68 : salt_length_(salt_length),
69 public_metadata_(public_metadata),
70 sig_hash_(sig_hash),
71 mgf1_hash_(mgf1_hash),
72 rsa_public_key_(std::move(rsa_public_key)) {}
73
Verify(absl::string_view unblind_token,absl::string_view message)74 absl::Status RsaSsaPssVerifier::Verify(absl::string_view unblind_token,
75 absl::string_view message) {
76 std::string augmented_message(message);
77 if (public_metadata_.has_value()) {
78 augmented_message = EncodeMessagePublicMetadata(message, *public_metadata_);
79 }
80 return RsaBlindSignatureVerify(salt_length_, sig_hash_, mgf1_hash_,
81 unblind_token, augmented_message,
82 rsa_public_key_.get());
83 }
84
85 } // namespace anonymous_tokens
86
87