/
Signature.cpp
223 lines (195 loc) · 6.93 KB
/
Signature.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
/*
* Copyright (c) 2018-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under the BSD-style license found in the
* LICENSE file in the root directory of this source tree.
*/
#include <fizz/crypto/openssl/OpenSSLKeyUtils.h>
#include <fizz/crypto/signature/Signature.h>
#include <openssl/crypto.h>
#include <folly/Conv.h>
#include <folly/ScopeGuard.h>
#include <folly/ssl/OpenSSLPtrTypes.h>
using namespace folly;
namespace fizz {
namespace detail {
static const EVP_MD* getHash(int hashNid) {
const auto hash = EVP_get_digestbynid(hashNid);
if (!hash) {
throw std::runtime_error("Invalid hash. Have you initialized openssl?");
}
return hash;
}
std::unique_ptr<folly::IOBuf> ecSign(
folly::ByteRange data,
const folly::ssl::EvpPkeyUniquePtr& pkey,
int hashNid) {
folly::ssl::EvpMdCtxUniquePtr mdCtx(EVP_MD_CTX_new());
if (!mdCtx) {
throw std::runtime_error(
to<std::string>("Could not allocate EVP_MD_CTX", getOpenSSLError()));
}
auto hash = getHash(hashNid);
if (EVP_SignInit(mdCtx.get(), hash) != 1) {
throw std::runtime_error("Could not initialize signature");
}
if (EVP_SignUpdate(mdCtx.get(), data.data(), data.size()) != 1) {
throw std::runtime_error(
to<std::string>("Could not sign data ", getOpenSSLError()));
}
auto out = folly::IOBuf::create(EVP_PKEY_size(pkey.get()));
unsigned int bytesWritten = 0;
if (EVP_SignFinal(
mdCtx.get(), out->writableData(), &bytesWritten, pkey.get()) != 1) {
throw std::runtime_error("Failed to sign");
}
out->append(bytesWritten);
return out;
}
void ecVerify(
folly::ByteRange data,
folly::ByteRange signature,
const folly::ssl::EvpPkeyUniquePtr& pkey,
int hashNid) {
auto hash = getHash(hashNid);
folly::ssl::EvpMdCtxUniquePtr mdCtx(EVP_MD_CTX_new());
if (!mdCtx) {
throw std::runtime_error(
to<std::string>("Could not allocate EVP_MD_CTX", getOpenSSLError()));
}
if (EVP_VerifyInit(mdCtx.get(), hash) != 1) {
throw std::runtime_error("Could not initialize verification");
}
if (EVP_VerifyUpdate(mdCtx.get(), data.data(), data.size()) != 1) {
throw std::runtime_error("Could not update verification");
}
if (EVP_VerifyFinal(
mdCtx.get(), signature.data(), signature.size(), pkey.get()) != 1) {
throw std::runtime_error("Signature verification failed");
}
}
#if FIZZ_OPENSSL_HAS_ED25519
std::unique_ptr<folly::IOBuf> edSign(
folly::ByteRange data,
const folly::ssl::EvpPkeyUniquePtr& pkey) {
folly::ssl::EvpMdCtxUniquePtr mdCtx(EVP_MD_CTX_new());
if (!mdCtx) {
throw std::runtime_error(
to<std::string>("Could not allocate EVP_MD_CTX", getOpenSSLError()));
}
if (EVP_DigestSignInit(mdCtx.get(), nullptr, nullptr, nullptr, pkey.get()) !=
1) {
throw std::runtime_error("Could not initialize digest signature");
}
auto out = folly::IOBuf::create(EVP_PKEY_size(pkey.get()));
size_t bytesWritten = out->capacity();
// Sign & verify APIs for EdDSA exist in OpenSSL only as one-shot digest APIs
// because they are implemented using PureEdDSA, which only provides one-shot
// digest APIs. See https://www.openssl.org/docs/manmaster/man7/Ed25519.html
// for more details on this constraint.
if (EVP_DigestSign(
mdCtx.get(),
out->writableData(),
&bytesWritten,
data.data(),
data.size()) != 1) {
throw std::runtime_error("Failed to sign");
}
out->append(bytesWritten);
return out;
}
void edVerify(
folly::ByteRange data,
folly::ByteRange signature,
const folly::ssl::EvpPkeyUniquePtr& pkey) {
folly::ssl::EvpMdCtxUniquePtr mdCtx(EVP_MD_CTX_new());
if (!mdCtx) {
throw std::runtime_error(
to<std::string>("Could not allocate EVP_MD_CTX", getOpenSSLError()));
}
if (EVP_DigestVerifyInit(
mdCtx.get(), nullptr, nullptr, nullptr, pkey.get()) != 1) {
throw std::runtime_error("Could not initialize digest signature");
}
// Sign & verify APIs for EdDSA exist in OpenSSL only as one-shot digest APIs
// because they are implemented using PureEdDSA, which only provides one-shot
// digest APIs. See https://www.openssl.org/docs/manmaster/man7/Ed25519.html
// for more details on this constraint.
if (EVP_DigestVerify(
mdCtx.get(),
signature.data(),
signature.size(),
data.data(),
data.size()) != 1) {
throw std::runtime_error("Signature verification failed");
}
}
#endif
std::unique_ptr<folly::IOBuf> rsaPssSign(
folly::ByteRange data,
const folly::ssl::EvpPkeyUniquePtr& pkey,
int hashNid) {
auto hash = getHash(hashNid);
folly::ssl::EvpMdCtxUniquePtr mdCtx(EVP_MD_CTX_new());
if (!mdCtx) {
throw std::runtime_error(
to<std::string>("Could not allocate EVP_MD_CTX", getOpenSSLError()));
}
EVP_PKEY_CTX* ctx;
if (EVP_DigestSignInit(mdCtx.get(), &ctx, hash, nullptr, pkey.get()) != 1) {
throw std::runtime_error("Could not initialize signature");
}
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING) <= 0) {
throw std::runtime_error("Could not set pss padding");
}
if (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, -1) <= 0) {
throw std::runtime_error("Could not set pss salt length");
}
if (EVP_DigestSignUpdate(mdCtx.get(), data.data(), data.size()) != 1) {
throw std::runtime_error("Could not update signature");
}
size_t bytesWritten = EVP_PKEY_size(pkey.get());
auto out = folly::IOBuf::create(bytesWritten);
if (EVP_DigestSignFinal(mdCtx.get(), out->writableData(), &bytesWritten) !=
1) {
throw std::runtime_error("Failed to sign");
}
out->append(bytesWritten);
return out;
}
void rsaPssVerify(
folly::ByteRange data,
folly::ByteRange signature,
const folly::ssl::EvpPkeyUniquePtr& pkey,
int hashNid) {
auto hash = getHash(hashNid);
folly::ssl::EvpMdCtxUniquePtr mdCtx(EVP_MD_CTX_new());
if (!mdCtx) {
throw std::runtime_error(
to<std::string>("Could not allocate EVP_MD_CTX", getOpenSSLError()));
}
EVP_PKEY_CTX* ctx;
if (EVP_DigestVerifyInit(mdCtx.get(), &ctx, hash, nullptr, pkey.get()) != 1) {
throw std::runtime_error("Could not initialize verification");
}
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING) <= 0) {
throw std::runtime_error("Could not set pss padding");
}
if (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, -1) <= 0) {
throw std::runtime_error("Could not set pss salt length");
}
if (EVP_DigestVerifyUpdate(mdCtx.get(), data.data(), data.size()) != 1) {
throw std::runtime_error("Could not update verification");
}
if (EVP_DigestVerifyFinal(
mdCtx.get(),
// const_cast<unsigned char*> is needed for OpenSSL 1.0.1 on Debian 8,
// which HHVM currently expects to support until 2020/6/30
const_cast<unsigned char*>(signature.data()),
signature.size()) != 1) {
throw std::runtime_error("Signature verification failed");
}
}
} // namespace detail
} // namespace fizz