/* SPDX-License-Identifier: LGPL-2.1-or-later */ /* * Copyright (C) 2020, Google Inc. * * pub_key.cpp - Public key signature verification */ #include "libcamera/internal/pub_key.h" #if HAVE_GNUTLS #include #endif /** * \file pub_key.h * \brief Public key signature verification */ namespace libcamera { /** * \class PubKey * \brief Public key wrapper for signature verification * * The PubKey class wraps a public key and implements signature verification. It * only supports RSA keys and the RSA-SHA256 signature algorithm. */ /** * \brief Construct a PubKey from key data * \param[in] key Key data encoded in DER format */ PubKey::PubKey([[maybe_unused]] Span key) : valid_(false) { #if HAVE_GNUTLS int ret = gnutls_pubkey_init(&pubkey_); if (ret < 0) return; const gnutls_datum_t gnuTlsKey{ const_cast(key.data()), static_cast(key.size()) }; ret = gnutls_pubkey_import(pubkey_, &gnuTlsKey, GNUTLS_X509_FMT_DER); if (ret < 0) return; valid_ = true; #endif } PubKey::~PubKey() { #if HAVE_GNUTLS gnutls_pubkey_deinit(pubkey_); #endif } /** * \fn bool PubKey::isValid() const * \brief Check is the public key is valid * \return True if the public key is valid, false otherwise */ /** * \brief Verify signature on data * \param[in] data The signed data * \param[in] sig The signature * * Verify that the signature \a sig matches the signed \a data for the public * key. The signture algorithm is hardcoded to RSA-SHA256. * * \return True if the signature is valid, false otherwise */ bool PubKey::verify([[maybe_unused]] Span data, [[maybe_unused]] Span sig) const { #if HAVE_GNUTLS const gnutls_datum_t gnuTlsData{ const_cast(data.data()), static_cast(data.size()) }; const gnutls_datum_t gnuTlsSig{ const_cast(sig.data()), static_cast(sig.size()) }; int ret = gnutls_pubkey_verify_data2(pubkey_, GNUTLS_SIGN_RSA_SHA256, 0, &gnuTlsData, &gnuTlsSig); return ret >= 0; #else return false; #endif } } /* namespace libcamera */