summaryrefslogtreecommitdiff
path: root/src/libcamera/pub_key.cpp
blob: 064d2dd200e15b688cd1167b709fecc36a020ef6 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
/* SPDX-License-Identifier: LGPL-2.1-or-later */
/*
 * Copyright (C) 2020, Google Inc.
 *
 * pub_key.cpp - Public key signature verification
 */

#include "pub_key.h"

#if HAVE_GNUTLS
#include <gnutls/abstract.h>
#endif

/**
 * \file pub_key.h
 * \brief Public key signature verification
 */

namespace libcamera {

/**
 * \class PubKey
 * \brief Public key wrapper for signature verification
 *
 * The PubKey class wraps a public key and implements signature verification. It
 * only supports RSA keys and the RSA-SHA256 signature algorithm.
 */

/**
 * \brief Construct a PubKey from key data
 * \param[in] key Key data encoded in DER format
 */
PubKey::PubKey(Span<const uint8_t> key)
	: valid_(false)
{
#if HAVE_GNUTLS
	int ret = gnutls_pubkey_init(&pubkey_);
	if (ret < 0)
		return;

	const gnutls_datum_t gnuTlsKey{
		const_cast<unsigned char *>(key.data()),
		static_cast<unsigned int>(key.size())
	};
	ret = gnutls_pubkey_import(pubkey_, &gnuTlsKey, GNUTLS_X509_FMT_DER);
	if (ret < 0)
		return;

	valid_ = true;
#endif
}

PubKey::~PubKey()
{
#if HAVE_GNUTLS
	gnutls_pubkey_deinit(pubkey_);
#endif
}

/**
 * \fn bool PubKey::isValid() const
 * \brief Check is the public key is valid
 * \return True if the public key is valid, false otherwise
 */

/**
 * \brief Verify signature on data
 * \param[in] data The signed data
 * \param[in] sig The signature
 *
 * Verify that the signature \a sig matches the signed \a data for the public
 * key. The signture algorithm is hardcoded to RSA-SHA256.
 *
 * \return True if the signature is valid, false otherwise
 */
bool PubKey::verify(Span<const uint8_t> data, Span<const uint8_t> sig) const
{
#if HAVE_GNUTLS
	const gnutls_datum_t gnuTlsData{
		const_cast<unsigned char *>(data.data()),
		static_cast<unsigned int>(data.size())
	};

	const gnutls_datum_t gnuTlsSig{
		const_cast<unsigned char *>(sig.data()),
		static_cast<unsigned int>(sig.size())
	};

	int ret = gnutls_pubkey_verify_data2(pubkey_, GNUTLS_SIGN_RSA_SHA256, 0,
					     &gnuTlsData, &gnuTlsSig);
	return ret >= 0;
#else
	return false;
#endif
}

} /* namespace libcamera */