1 // Copyright 2019 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16
17 #include "tink/subtle/ed25519_verify_boringssl.h"
18
19 #include <cstring>
20 #include <memory>
21 #include <utility>
22
23 #include "absl/memory/memory.h"
24 #include "absl/status/status.h"
25 #include "absl/strings/str_format.h"
26 #include "absl/strings/string_view.h"
27 #include "openssl/evp.h"
28 #include "tink/internal/ec_util.h"
29 #include "tink/internal/util.h"
30 #include "tink/public_key_verify.h"
31 #include "tink/util/statusor.h"
32
33 namespace crypto {
34 namespace tink {
35 namespace subtle {
36
37 constexpr int kEd25519SignatureLenInBytes = 64;
38
New(absl::string_view public_key)39 util::StatusOr<std::unique_ptr<PublicKeyVerify>> Ed25519VerifyBoringSsl::New(
40 absl::string_view public_key) {
41 auto status = internal::CheckFipsCompatibility<Ed25519VerifyBoringSsl>();
42 if (!status.ok()) return status;
43
44 if (public_key.length() != internal::Ed25519KeyPubKeySize()) {
45 return util::Status(
46 absl::StatusCode::kInvalidArgument,
47 absl::StrFormat("Invalid ED25519 public key size (%d). "
48 "The only valid size is %d.",
49 public_key.length(), internal::Ed25519KeyPubKeySize()));
50 }
51
52 // Generate a new EVP_PKEY key and populate it with the public key data.
53 internal::SslUniquePtr<EVP_PKEY> ssl_pub_key(EVP_PKEY_new_raw_public_key(
54 EVP_PKEY_ED25519, /*unused=*/nullptr,
55 reinterpret_cast<const uint8_t *>(public_key.data()),
56 internal::Ed25519KeyPrivKeySize()));
57 if (ssl_pub_key == nullptr) {
58 return util::Status(absl::StatusCode::kInternal,
59 "EVP_PKEY_new_raw_public_key failed");
60 }
61
62 return {absl::WrapUnique(new Ed25519VerifyBoringSsl(std::move(ssl_pub_key)))};
63 }
64
Verify(absl::string_view signature,absl::string_view data) const65 util::Status Ed25519VerifyBoringSsl::Verify(absl::string_view signature,
66 absl::string_view data) const {
67 signature = internal::EnsureStringNonNull(signature);
68 data = internal::EnsureStringNonNull(data);
69
70 if (signature.size() != kEd25519SignatureLenInBytes) {
71 return util::Status(
72 absl::StatusCode::kInvalidArgument,
73 absl::StrFormat("Invalid ED25519 signature size (%d). "
74 "The signature must be %d bytes long.",
75 signature.size(), kEd25519SignatureLenInBytes));
76 }
77
78 internal::SslUniquePtr<EVP_MD_CTX> md_ctx(EVP_MD_CTX_create());
79 // `type` must be set to nullptr with Ed25519.
80 if (EVP_DigestVerifyInit(md_ctx.get(), /*pctx=*/nullptr, /*type=*/nullptr,
81 /*e=*/nullptr, public_key_.get()) != 1) {
82 return util::Status(absl::StatusCode::kInternal,
83 "EVP_DigestVerifyInit failed.");
84 }
85
86 if (EVP_DigestVerify(
87 md_ctx.get(),
88 /*sig=*/reinterpret_cast<const uint8_t *>(signature.data()),
89 signature.size(),
90 /*data=*/reinterpret_cast<const uint8_t *>(data.data()),
91 data.size()) != 1) {
92 return util::Status(absl::StatusCode::kInternal, "Signature is not valid.");
93 }
94
95 return util::OkStatus();
96 }
97
98 } // namespace subtle
99 } // namespace tink
100 } // namespace crypto
101