| Line | Count | Source (jump to first uncovered line) | 
| 1 |  | /* | 
| 2 |  |  * Copyright (c) 2021 Yubico AB. All rights reserved. | 
| 3 |  |  * Use of this source code is governed by a BSD-style | 
| 4 |  |  * license that can be found in the LICENSE file. | 
| 5 |  |  * SPDX-License-Identifier: BSD-2-Clause | 
| 6 |  |  */ | 
| 7 |  |  | 
| 8 |  | #include <openssl/rsa.h> | 
| 9 |  | #include <openssl/obj_mac.h> | 
| 10 |  |  | 
| 11 |  | #include "fido.h" | 
| 12 |  |  | 
| 13 |  | #if defined(__GNUC__) | 
| 14 |  | #define PRAGMA(s) _Pragma(s) | 
| 15 |  | #else | 
| 16 |  | #define PRAGMA(s) | 
| 17 |  | #endif | 
| 18 |  |  | 
| 19 |  | static EVP_MD * | 
| 20 |  | rs1_get_EVP_MD(void) | 
| 21 | 129 | { | 
| 22 | 129 | PRAGMA("GCC diagnostic push") | 
| 23 | 129 | PRAGMA("GCC diagnostic ignored \"-Wcast-qual\"") | 
| 24 | 129 |         return ((EVP_MD *)EVP_sha1()); | 
| 25 | 129 | PRAGMA("GCC diagnostic pop") | 
| 26 | 129 | } | 
| 27 |  |  | 
| 28 |  | int | 
| 29 |  | rs1_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey, | 
| 30 |  |     const fido_blob_t *sig) | 
| 31 | 129 | { | 
| 32 | 129 |         EVP_PKEY_CTX    *pctx = NULL; | 
| 33 | 129 |         EVP_MD          *md = NULL; | 
| 34 | 129 |         int              ok = -1; | 
| 35 |  |  | 
| 36 | 129 |         if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { | 
| 37 | 0 |                 fido_log_debug("%s: EVP_PKEY_base_id", __func__); | 
| 38 | 0 |                 goto fail; | 
| 39 | 0 |         } | 
| 40 |  |  | 
| 41 | 129 |         if ((md = rs1_get_EVP_MD()) == NULL) { | 
| 42 | 1 |                 fido_log_debug("%s: rs1_get_EVP_MD", __func__); | 
| 43 | 1 |                 goto fail; | 
| 44 | 1 |         } | 
| 45 |  |  | 
| 46 | 128 |         if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL || | 
| 47 | 128 |             EVP_PKEY_verify_init(pctx) != 1 || | 
| 48 | 128 |             EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PADDING) != 1 || | 
| 49 | 128 |             EVP_PKEY_CTX_set_signature_md(pctx, md) != 1) { | 
| 50 | 2 |                 fido_log_debug("%s: EVP_PKEY_CTX", __func__); | 
| 51 | 2 |                 goto fail; | 
| 52 | 2 |         } | 
| 53 |  |  | 
| 54 | 126 |         if (EVP_PKEY_verify(pctx, sig->ptr, sig->len, dgst->ptr, | 
| 55 | 126 |             dgst->len) != 1) { | 
| 56 | 125 |                 fido_log_debug("%s: EVP_PKEY_verify", __func__); | 
| 57 | 125 |                 goto fail; | 
| 58 | 125 |         } | 
| 59 |  |  | 
| 60 | 1 |         ok = 0; | 
| 61 | 129 | fail: | 
| 62 | 129 |         EVP_PKEY_CTX_free(pctx); | 
| 63 |  |  | 
| 64 | 129 |         return (ok); | 
| 65 | 1 | } |