1*e7b1675dSTing-Kang Chang// Copyright 2022 Google LLC 2*e7b1675dSTing-Kang Chang// 3*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License"); 4*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License. 5*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at 6*e7b1675dSTing-Kang Chang// 7*e7b1675dSTing-Kang Chang// http://www.apache.org/licenses/LICENSE-2.0 8*e7b1675dSTing-Kang Chang// 9*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software 10*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS, 11*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and 13*e7b1675dSTing-Kang Chang// limitations under the License. 14*e7b1675dSTing-Kang Chang// 15*e7b1675dSTing-Kang Chang//////////////////////////////////////////////////////////////////////////////// 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Changpackage signature 18*e7b1675dSTing-Kang Chang 19*e7b1675dSTing-Kang Changimport ( 20*e7b1675dSTing-Kang Chang "crypto" 21*e7b1675dSTing-Kang Chang "crypto/rsa" 22*e7b1675dSTing-Kang Chang "fmt" 23*e7b1675dSTing-Kang Chang "hash" 24*e7b1675dSTing-Kang Chang 25*e7b1675dSTing-Kang Chang "github.com/google/tink/go/subtle" 26*e7b1675dSTing-Kang Chang "github.com/google/tink/go/tink" 27*e7b1675dSTing-Kang Chang) 28*e7b1675dSTing-Kang Chang 29*e7b1675dSTing-Kang Chang// RSA_SSA_PSS_Verifier is an implementation of Verifier for RSA-SSA-PSS. 30*e7b1675dSTing-Kang Changtype RSA_SSA_PSS_Verifier struct { 31*e7b1675dSTing-Kang Chang publicKey *rsa.PublicKey 32*e7b1675dSTing-Kang Chang hashFunc func() hash.Hash 33*e7b1675dSTing-Kang Chang hashID crypto.Hash 34*e7b1675dSTing-Kang Chang saltLength int 35*e7b1675dSTing-Kang Chang} 36*e7b1675dSTing-Kang Chang 37*e7b1675dSTing-Kang Changvar _ tink.Verifier = (*RSA_SSA_PSS_Verifier)(nil) 38*e7b1675dSTing-Kang Chang 39*e7b1675dSTing-Kang Chang// New_RSA_SSA_PSS_Verifier creates a new instance of RSA_SSA_PSS_Verifier. 40*e7b1675dSTing-Kang Changfunc New_RSA_SSA_PSS_Verifier(hashAlg string, saltLength int, pubKey *rsa.PublicKey) (*RSA_SSA_PSS_Verifier, error) { 41*e7b1675dSTing-Kang Chang if err := validRSAPublicKey(pubKey); err != nil { 42*e7b1675dSTing-Kang Chang return nil, err 43*e7b1675dSTing-Kang Chang } 44*e7b1675dSTing-Kang Chang hashFunc, hashID, err := rsaHashFunc(hashAlg) 45*e7b1675dSTing-Kang Chang if err != nil { 46*e7b1675dSTing-Kang Chang return nil, err 47*e7b1675dSTing-Kang Chang } 48*e7b1675dSTing-Kang Chang if saltLength < 0 { 49*e7b1675dSTing-Kang Chang return nil, fmt.Errorf("invalid salt length") 50*e7b1675dSTing-Kang Chang } 51*e7b1675dSTing-Kang Chang return &RSA_SSA_PSS_Verifier{ 52*e7b1675dSTing-Kang Chang publicKey: pubKey, 53*e7b1675dSTing-Kang Chang hashFunc: hashFunc, 54*e7b1675dSTing-Kang Chang hashID: hashID, 55*e7b1675dSTing-Kang Chang saltLength: saltLength, 56*e7b1675dSTing-Kang Chang }, nil 57*e7b1675dSTing-Kang Chang} 58*e7b1675dSTing-Kang Chang 59*e7b1675dSTing-Kang Chang// Verify verifies whether the given signature is valid for the given data. 60*e7b1675dSTing-Kang Chang// It returns an error if the signature is not valid; nil otherwise. 61*e7b1675dSTing-Kang Changfunc (v *RSA_SSA_PSS_Verifier) Verify(signature, data []byte) error { 62*e7b1675dSTing-Kang Chang digest, err := subtle.ComputeHash(v.hashFunc, data) 63*e7b1675dSTing-Kang Chang if err != nil { 64*e7b1675dSTing-Kang Chang return err 65*e7b1675dSTing-Kang Chang } 66*e7b1675dSTing-Kang Chang return rsa.VerifyPSS(v.publicKey, v.hashID, digest, signature, &rsa.PSSOptions{SaltLength: v.saltLength}) 67*e7b1675dSTing-Kang Chang} 68