| 1 | /* |
|---|---|
| 2 | * Copyright (C) 2017 Apple Inc. All rights reserved. |
| 3 | * Copyright (C) 2017 Metrological Group B.V. |
| 4 | * Copyright (C) 2017 Igalia S.L. |
| 5 | * |
| 6 | * Redistribution and use in source and binary forms, with or without |
| 7 | * modification, are permitted provided that the following conditions |
| 8 | * are met: |
| 9 | * 1. Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. |
| 11 | * 2. Redistributions in binary form must reproduce the above copyright |
| 12 | * notice, this list of conditions and the following disclaimer in the |
| 13 | * documentation and/or other materials provided with the distribution. |
| 14 | * |
| 15 | * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' |
| 16 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, |
| 17 | * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 18 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS |
| 19 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
| 20 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
| 21 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
| 22 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
| 23 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 24 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF |
| 25 | * THE POSSIBILITY OF SUCH DAMAGE. |
| 26 | */ |
| 27 | |
| 28 | #include "config.h" |
| 29 | #include "CryptoAlgorithmRSA_PSS.h" |
| 30 | |
| 31 | #if ENABLE(WEB_CRYPTO) |
| 32 | |
| 33 | #include "CryptoAlgorithmRsaPssParams.h" |
| 34 | #include "CryptoKeyRSA.h" |
| 35 | #include "GCryptUtilities.h" |
| 36 | |
| 37 | namespace WebCore { |
| 38 | |
| 39 | static Optional<Vector<uint8_t>> gcryptSign(gcry_sexp_t keySexp, const Vector<uint8_t>& data, CryptoAlgorithmIdentifier hashAlgorithmIdentifier, size_t saltLength, size_t keySizeInBytes) |
| 40 | { |
| 41 | // Perform digest operation with the specified algorithm on the given data. |
| 42 | Vector<uint8_t> dataHash; |
| 43 | { |
| 44 | auto digestAlgorithm = hashCryptoDigestAlgorithm(hashAlgorithmIdentifier); |
| 45 | if (!digestAlgorithm) |
| 46 | return WTF::nullopt; |
| 47 | |
| 48 | auto digest = PAL::CryptoDigest::create(*digestAlgorithm); |
| 49 | if (!digest) |
| 50 | return WTF::nullopt; |
| 51 | |
| 52 | digest->addBytes(data.data(), data.size()); |
| 53 | dataHash = digest->computeHash(); |
| 54 | } |
| 55 | |
| 56 | // Construct the `data` s-expression that contains PSS-padded hashed data. |
| 57 | PAL::GCrypt::Handle<gcry_sexp_t> dataSexp; |
| 58 | { |
| 59 | auto shaAlgorithm = hashAlgorithmName(hashAlgorithmIdentifier); |
| 60 | if (!shaAlgorithm) |
| 61 | return WTF::nullopt; |
| 62 | |
| 63 | gcry_error_t error = gcry_sexp_build(&dataSexp, nullptr, "(data(flags pss)(salt-length %u)(hash %s %b))", |
| 64 | saltLength, *shaAlgorithm, dataHash.size(), dataHash.data()); |
| 65 | if (error != GPG_ERR_NO_ERROR) { |
| 66 | PAL::GCrypt::logError(error); |
| 67 | return WTF::nullopt; |
| 68 | } |
| 69 | } |
| 70 | |
| 71 | // Perform the PK signing, retrieving a `sig-val` s-expression of the following form: |
| 72 | // (sig-val |
| 73 | // (rsa |
| 74 | // (s s-mpi))) |
| 75 | PAL::GCrypt::Handle<gcry_sexp_t> signatureSexp; |
| 76 | gcry_error_t error = gcry_pk_sign(&signatureSexp, dataSexp, keySexp); |
| 77 | if (error != GPG_ERR_NO_ERROR) { |
| 78 | PAL::GCrypt::logError(error); |
| 79 | return WTF::nullopt; |
| 80 | } |
| 81 | |
| 82 | // Retrieve MPI data of the embedded `s` integer. |
| 83 | PAL::GCrypt::Handle<gcry_sexp_t> sSexp(gcry_sexp_find_token(signatureSexp, "s", 0)); |
| 84 | if (!sSexp) |
| 85 | return WTF::nullopt; |
| 86 | |
| 87 | return mpiZeroPrefixedData(sSexp, keySizeInBytes); |
| 88 | } |
| 89 | |
| 90 | static Optional<bool> gcryptVerify(gcry_sexp_t keySexp, const Vector<uint8_t>& signature, const Vector<uint8_t>& data, CryptoAlgorithmIdentifier hashAlgorithmIdentifier, size_t saltLength) |
| 91 | { |
| 92 | // Perform digest operation with the specified algorithm on the given data. |
| 93 | Vector<uint8_t> dataHash; |
| 94 | { |
| 95 | auto digestAlgorithm = hashCryptoDigestAlgorithm(hashAlgorithmIdentifier); |
| 96 | if (!digestAlgorithm) |
| 97 | return WTF::nullopt; |
| 98 | |
| 99 | auto digest = PAL::CryptoDigest::create(*digestAlgorithm); |
| 100 | if (!digest) |
| 101 | return WTF::nullopt; |
| 102 | |
| 103 | digest->addBytes(data.data(), data.size()); |
| 104 | dataHash = digest->computeHash(); |
| 105 | } |
| 106 | |
| 107 | // Construct the `sig-val` s-expression that contains the signature data. |
| 108 | PAL::GCrypt::Handle<gcry_sexp_t> signatureSexp; |
| 109 | gcry_error_t error = gcry_sexp_build(&signatureSexp, nullptr, "(sig-val(rsa(s %b)))", |
| 110 | signature.size(), signature.data()); |
| 111 | if (error != GPG_ERR_NO_ERROR) { |
| 112 | PAL::GCrypt::logError(error); |
| 113 | return WTF::nullopt; |
| 114 | } |
| 115 | |
| 116 | // Construct the `data` s-expression that contains PSS-padded hashed data. |
| 117 | PAL::GCrypt::Handle<gcry_sexp_t> dataSexp; |
| 118 | { |
| 119 | auto shaAlgorithm = hashAlgorithmName(hashAlgorithmIdentifier); |
| 120 | if (!shaAlgorithm) |
| 121 | return WTF::nullopt; |
| 122 | |
| 123 | error = gcry_sexp_build(&dataSexp, nullptr, "(data(flags pss)(salt-length %u)(hash %s %b))", |
| 124 | saltLength, *shaAlgorithm, dataHash.size(), dataHash.data()); |
| 125 | if (error != GPG_ERR_NO_ERROR) { |
| 126 | PAL::GCrypt::logError(error); |
| 127 | return WTF::nullopt; |
| 128 | } |
| 129 | } |
| 130 | |
| 131 | // Perform the PK verification. We report success if there's no error returned, or |
| 132 | // a failure in any other case. OperationError should not be returned at this point, |
| 133 | // avoiding spilling information about the exact cause of verification failure. |
| 134 | error = gcry_pk_verify(signatureSexp, dataSexp, keySexp); |
| 135 | return { error == GPG_ERR_NO_ERROR }; |
| 136 | } |
| 137 | |
| 138 | ExceptionOr<Vector<uint8_t>> CryptoAlgorithmRSA_PSS::platformSign(const CryptoAlgorithmRsaPssParams& parameters, const CryptoKeyRSA& key, const Vector<uint8_t>& data) |
| 139 | { |
| 140 | RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(!(key.keySizeInBits() % 8)); |
| 141 | auto output = gcryptSign(key.platformKey(), data, key.hashAlgorithmIdentifier(), parameters.saltLength, key.keySizeInBits() / 8); |
| 142 | if (!output) |
| 143 | return Exception { OperationError }; |
| 144 | return WTFMove(*output); |
| 145 | } |
| 146 | |
| 147 | ExceptionOr<bool> CryptoAlgorithmRSA_PSS::platformVerify(const CryptoAlgorithmRsaPssParams& parameters, const CryptoKeyRSA& key, const Vector<uint8_t>& signature, const Vector<uint8_t>& data) |
| 148 | { |
| 149 | auto output = gcryptVerify(key.platformKey(), signature, data, key.hashAlgorithmIdentifier(), parameters.saltLength); |
| 150 | if (!output) |
| 151 | return Exception { OperationError }; |
| 152 | return WTFMove(*output); |
| 153 | } |
| 154 | |
| 155 | |
| 156 | } // namespace WebCore |
| 157 | |
| 158 | #endif // ENABLE(WEB_CRYPTO) |
| 159 |
Generated while processing webkit/WebKitBuild/Debug/DerivedSources/WebCore/unified-sources/UnifiedSource-44a97133-5.cpp
Generated on 2019-May-29 from project webkit
Powered by 
Code Browser 2.1
Generator usage only permitted with license.