1 // Copyright 2018 Google Inc. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 /////////////////////////////////////////////////////////////////////////////// 16 17 #include "tink/signature/rsa_ssa_pkcs1_verify_key_manager.h" 18 19 #include <memory> 20 #include <utility> 21 22 #include "absl/strings/str_cat.h" 23 #include "absl/strings/string_view.h" 24 #include "openssl/bn.h" 25 #include "tink/internal/bn_util.h" 26 #include "tink/internal/md_util.h" 27 #include "tink/internal/ssl_unique_ptr.h" 28 #include "tink/public_key_verify.h" 29 #include "tink/subtle/rsa_ssa_pkcs1_verify_boringssl.h" 30 #include "tink/util/enums.h" 31 #include "tink/util/errors.h" 32 #include "tink/util/protobuf_helper.h" 33 #include "tink/util/status.h" 34 #include "tink/util/statusor.h" 35 #include "tink/util/validation.h" 36 #include "proto/rsa_ssa_pkcs1.pb.h" 37 38 namespace crypto { 39 namespace tink { 40 41 using crypto::tink::util::Enums; 42 using google::crypto::tink::RsaSsaPkcs1Params; 43 using google::crypto::tink::RsaSsaPkcs1PublicKey; 44 45 util::StatusOr<std::unique_ptr<PublicKeyVerify>> Create(const RsaSsaPkcs1PublicKey & rsa_ssa_pkcs1_public_key) const46RsaSsaPkcs1VerifyKeyManager::PublicKeyVerifyFactory::Create( 47 const RsaSsaPkcs1PublicKey& rsa_ssa_pkcs1_public_key) const { 48 internal::RsaPublicKey rsa_pub_key; 49 rsa_pub_key.n = rsa_ssa_pkcs1_public_key.n(); 50 rsa_pub_key.e = rsa_ssa_pkcs1_public_key.e(); 51 52 internal::RsaSsaPkcs1Params params; 53 RsaSsaPkcs1Params rsa_ssa_pkcs1_params = rsa_ssa_pkcs1_public_key.params(); 54 params.hash_type = Enums::ProtoToSubtle(rsa_ssa_pkcs1_params.hash_type()); 55 56 auto rsa_ssa_pkcs1_result = 57 subtle::RsaSsaPkcs1VerifyBoringSsl::New(rsa_pub_key, params); 58 if (!rsa_ssa_pkcs1_result.ok()) return rsa_ssa_pkcs1_result.status(); 59 return {std::move(rsa_ssa_pkcs1_result.value())}; 60 } 61 ValidateParams(const RsaSsaPkcs1Params & params) const62util::Status RsaSsaPkcs1VerifyKeyManager::ValidateParams( 63 const RsaSsaPkcs1Params& params) const { 64 return internal::IsHashTypeSafeForSignature( 65 Enums::ProtoToSubtle(params.hash_type())); 66 } 67 ValidateKey(const RsaSsaPkcs1PublicKey & key) const68util::Status RsaSsaPkcs1VerifyKeyManager::ValidateKey( 69 const RsaSsaPkcs1PublicKey& key) const { 70 util::Status status = ValidateVersion(key.version(), get_version()); 71 if (!status.ok()) return status; 72 util::StatusOr<internal::SslUniquePtr<BIGNUM>> n = 73 internal::StringToBignum(key.n()); 74 if (!n.ok()) { 75 return n.status(); 76 } 77 util::Status modulus_status = 78 internal::ValidateRsaModulusSize(BN_num_bits(n->get())); 79 if (!modulus_status.ok()) { 80 return modulus_status; 81 } 82 util::Status exponent_status = internal::ValidateRsaPublicExponent(key.e()); 83 if (!exponent_status.ok()) { 84 return exponent_status; 85 } 86 return ValidateParams(key.params()); 87 } 88 89 } // namespace tink 90 } // namespace crypto 91