1 /* 2 * Copyright (c) 2021 Yubico AB. All rights reserved. 3 * Use of this source code is governed by a BSD-style 4 * license that can be found in the LICENSE file. 5 */ 6 7 #include <openssl/rsa.h> 8 #include <openssl/obj_mac.h> 9 10 #include "fido.h" 11 12 #define PRAGMA(s) 13 14 static EVP_MD * 15 rs1_get_EVP_MD(void) 16 { 17 PRAGMA("GCC diagnostic push"); 18 PRAGMA("GCC diagnostic ignored \"-Wcast-qual\""); 19 return ((EVP_MD *)EVP_sha1()); 20 PRAGMA("GCC diagnostic pop"); 21 } 22 23 int 24 rs1_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey, 25 const fido_blob_t *sig) 26 { 27 EVP_PKEY_CTX *pctx = NULL; 28 EVP_MD *md = NULL; 29 int ok = -1; 30 31 if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { 32 fido_log_debug("%s: EVP_PKEY_base_id", __func__); 33 goto fail; 34 } 35 36 if ((md = rs1_get_EVP_MD()) == NULL) { 37 fido_log_debug("%s: rs1_get_EVP_MD", __func__); 38 goto fail; 39 } 40 41 if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL || 42 EVP_PKEY_verify_init(pctx) != 1 || 43 EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PADDING) != 1 || 44 EVP_PKEY_CTX_set_signature_md(pctx, md) != 1) { 45 fido_log_debug("%s: EVP_PKEY_CTX", __func__); 46 goto fail; 47 } 48 49 if (EVP_PKEY_verify(pctx, sig->ptr, sig->len, dgst->ptr, 50 dgst->len) != 1) { 51 fido_log_debug("%s: EVP_PKEY_verify", __func__); 52 goto fail; 53 } 54 55 ok = 0; 56 fail: 57 EVP_PKEY_CTX_free(pctx); 58 59 return (ok); 60 } 61