1 /* 2 * Copyright (c) 2021 Yubico AB. All rights reserved. 3 * Use of this source code is governed by a BSD-style 4 * license that can be found in the LICENSE file. 5 */ 6 7 #include <openssl/rsa.h> 8 #include <openssl/obj_mac.h> 9 10 #include "fido.h" 11 12 #if OPENSSL_VERSION_NUMBER >= 0x30000000 13 static EVP_MD * 14 rs1_get_EVP_MD(void) 15 { 16 return (EVP_MD_fetch(NULL, "SHA-1", NULL)); 17 } 18 19 static void 20 rs1_free_EVP_MD(EVP_MD *md) 21 { 22 EVP_MD_free(md); 23 } 24 #else 25 static EVP_MD * 26 rs1_get_EVP_MD(void) 27 { 28 return ((EVP_MD *)EVP_sha1()); 29 } 30 31 static void 32 rs1_free_EVP_MD(EVP_MD *md) 33 { 34 (void)md; 35 } 36 #endif /* OPENSSL_VERSION_NUMBER */ 37 38 int 39 rs1_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey, 40 const fido_blob_t *sig) 41 { 42 EVP_PKEY_CTX *pctx = NULL; 43 EVP_MD *md = NULL; 44 int ok = -1; 45 46 if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { 47 fido_log_debug("%s: EVP_PKEY_base_id", __func__); 48 goto fail; 49 } 50 51 if ((md = rs1_get_EVP_MD()) == NULL) { 52 fido_log_debug("%s: rs1_get_EVP_MD", __func__); 53 goto fail; 54 } 55 56 if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL || 57 EVP_PKEY_verify_init(pctx) != 1 || 58 EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PADDING) != 1 || 59 EVP_PKEY_CTX_set_signature_md(pctx, md) != 1) { 60 fido_log_debug("%s: EVP_PKEY_CTX", __func__); 61 goto fail; 62 } 63 64 if (EVP_PKEY_verify(pctx, sig->ptr, sig->len, dgst->ptr, 65 dgst->len) != 1) { 66 fido_log_debug("%s: EVP_PKEY_verify", __func__); 67 goto fail; 68 } 69 70 ok = 0; 71 fail: 72 EVP_PKEY_CTX_free(pctx); 73 rs1_free_EVP_MD(md); 74 75 return (ok); 76 } 77