1 // Copyright 2023 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include "anonymous_tokens/cpp/crypto/rsa_ssa_pss_verifier.h"
16
17 #include <stdint.h>
18
19 #include <memory>
20 #include <string>
21 #include <utility>
22
23 #include "absl/memory/memory.h"
24 #include "absl/status/status.h"
25 #include "absl/status/statusor.h"
26 #include "absl/strings/str_cat.h"
27 #include "absl/strings/string_view.h"
28 #include "anonymous_tokens/cpp/crypto/anonymous_tokens_pb_openssl_converters.h"
29 #include "anonymous_tokens/cpp/crypto/constants.h"
30 #include "anonymous_tokens/cpp/crypto/crypto_utils.h"
31 #include "anonymous_tokens/cpp/shared/status_utils.h"
32 #include "anonymous_tokens/proto/anonymous_tokens.pb.h"
33 #include <openssl/bn.h>
34 #include <openssl/rsa.h>
35
36 namespace anonymous_tokens {
37
New(const int salt_length,const EVP_MD * sig_hash,const EVP_MD * mgf1_hash,const RSAPublicKey & public_key,const bool use_rsa_public_exponent,std::optional<absl::string_view> public_metadata)38 absl::StatusOr<std::unique_ptr<RsaSsaPssVerifier>> RsaSsaPssVerifier::New(
39 const int salt_length, const EVP_MD* sig_hash, const EVP_MD* mgf1_hash,
40 const RSAPublicKey& public_key, const bool use_rsa_public_exponent,
41 std::optional<absl::string_view> public_metadata) {
42 bssl::UniquePtr<RSA> rsa_public_key;
43
44 if (!public_metadata.has_value()) {
45 ANON_TOKENS_ASSIGN_OR_RETURN(rsa_public_key,
46 AnonymousTokensRSAPublicKeyToRSA(public_key));
47 } else {
48 // If public metadata is passed, RsaSsaPssVerifier will compute a new public
49 // exponent using the public metadata.
50 //
51 // Empty string is a valid public metadata value.
52 ANON_TOKENS_ASSIGN_OR_RETURN(
53 rsa_public_key, CreatePublicKeyRSAWithPublicMetadata(
54 public_key.n(), public_key.e(), *public_metadata,
55 use_rsa_public_exponent));
56 }
57
58 return absl::WrapUnique(new RsaSsaPssVerifier(salt_length, public_metadata,
59 sig_hash, mgf1_hash,
60 std::move(rsa_public_key)));
61 }
62
RsaSsaPssVerifier(int salt_length,std::optional<absl::string_view> public_metadata,const EVP_MD * sig_hash,const EVP_MD * mgf1_hash,bssl::UniquePtr<RSA> rsa_public_key)63 RsaSsaPssVerifier::RsaSsaPssVerifier(
64 int salt_length, std::optional<absl::string_view> public_metadata,
65 const EVP_MD* sig_hash, const EVP_MD* mgf1_hash,
66 bssl::UniquePtr<RSA> rsa_public_key)
67 : salt_length_(salt_length),
68 public_metadata_(public_metadata),
69 sig_hash_(sig_hash),
70 mgf1_hash_(mgf1_hash),
71 rsa_public_key_(std::move(rsa_public_key)) {}
72
Verify(absl::string_view unblind_token,absl::string_view message)73 absl::Status RsaSsaPssVerifier::Verify(absl::string_view unblind_token,
74 absl::string_view message) {
75 std::string augmented_message(message);
76 if (public_metadata_.has_value()) {
77 augmented_message = EncodeMessagePublicMetadata(message, *public_metadata_);
78 }
79 return RsaBlindSignatureVerify(salt_length_, sig_hash_, mgf1_hash_,
80 unblind_token, augmented_message,
81 rsa_public_key_.get());
82 }
83
84 } // namespace anonymous_tokens
85