Added PublicKey/PrivateKey methods for signatures

Author: snej

Crypto/PublicKey.cc

@@ -12,6 +12,7 @@
 
 #include "mbedtls/config.h"
 #include "PublicKey.hh"
+#include "SecureRandomize.hh"
 #include "TLSContext.hh"
 #include "Logging.hh"
 #include "StringUtil.hh"
@@ -78,11 +79,36 @@ namespace litecore { namespace crypto {
     }
 
 
+#pragma mark - PUBLIC KEY:
+
+
     PublicKey::PublicKey(slice data) {
         parsePEMorDER(data, "public key", context(), &mbedtls_pk_parse_public_key);
     }
 
 
+    static int rngFunction(void *ctx, unsigned char *dst, size_t size) {
+        SecureRandomize({dst, size});
+        return 0;
+    }
+
+
+    bool PublicKey::verifySignature(const SHA256 &inputDigest, slice signature) {
+        int result = mbedtls_pk_verify(context(),
+                                       MBEDTLS_MD_SHA256, // declares that input is a SHA256 digest.
+                                       (const uint8_t*)inputDigest.asSlice().buf,
+                                       inputDigest.asSlice().size,
+                                       (const uint8_t*)signature.buf, signature.size);
+        if (result == MBEDTLS_ERR_RSA_VERIFY_FAILED)
+            return false;
+        TRY(result);        // other error codes throw exceptions
+        return true;
+    }
+
+
+#pragma mark - PRIVATE KEY:
+
+
     PrivateKey::PrivateKey(slice data, slice password) {
         if (password.size == 0)
             password = nullslice; // interpret empty password as 'no password'
@@ -123,7 +149,19 @@ namespace litecore { namespace crypto {
             default:
                 Assert(false, "Invalid key format received (%d)", format);
         }
+    }
+
 
+    alloc_slice PrivateKey::sign(const SHA256 &inputDigest) {
+        alloc_slice signature(MBEDTLS_PK_SIGNATURE_MAX_SIZE);
+        size_t sigLen = 0;
+        TRY(mbedtls_pk_sign(context(),
+                            MBEDTLS_MD_SHA256,  // declares that input is a SHA256 digest.
+                            (const uint8_t*)inputDigest.asSlice().buf, inputDigest.asSlice().size,
+                            (uint8_t*)signature.buf, &sigLen,
+                            rngFunction, nullptr));
+        signature.shorten(sigLen);
+        return signature;
     }
 
 

Crypto/PublicKey.hh

@@ -75,6 +75,16 @@ namespace litecore { namespace crypto {
 
         virtual bool isPrivate() override       {return false;}
 
+        /** Checks whether `signature` is a valid signature, created by my matching private key,
+            of the given SHA256 digest. */
+        virtual bool verifySignature(const SHA256 &inputDigest, fleece::slice signature);
+
+        /** Checks whether `signature` is a valid signature, created by my matching private key,
+            of a SHA256 digest of the input data. */
+        bool verifySignature(fleece::slice inputData, fleece::slice signature) {
+            return verifySignature(SHA256(inputData), signature);
+        }
+
     protected:
         friend class CertBase;
 
@@ -114,6 +124,12 @@ namespace litecore { namespace crypto {
             return new PublicKey(publicKeyData(KeyFormat::Raw));
         }
 
+        /** Generates a signature of a SHA256 digest. */
+        virtual fleece::alloc_slice sign(const SHA256 &inputDigest);
+
+        /** Generates a signature of a SHA256 digest of the input data. */
+        fleece::alloc_slice sign(fleece::slice inputData)   {return sign(SHA256(inputData));}
+
     protected:
         PrivateKey()                                    =default;
     };

Crypto/SignatureTest.cc

@@ -0,0 +1,48 @@
+//
+// SignatureTest.cc
+//
+// Copyright 2022-Present Couchbase, Inc.
+//
+// Use of this software is governed by the Business Source License included
+// in the file licenses/BSL-Couchbase.txt.  As of the Change Date specified
+// in that file, in accordance with the Business Source License, use of this
+// software will be governed by the Apache License, Version 2.0, included in
+// the file licenses/APL2.txt.
+//
+
+#include "PublicKey.hh"
+#include "Base64.hh"
+#include "Error.hh"
+#include "LiteCoreTest.hh"
+#include <iostream>
+
+
+using namespace litecore;
+using namespace litecore::crypto;
+using namespace std;
+using namespace fleece;
+
+
+TEST_CASE("RSA Signatures", "[Signatures]") {
+    static constexpr slice kDataToSign = "The only thing we learn from history"
+                                         " is that people do not learn from history. --Hegel";
+    Retained<PrivateKey> key = PrivateKey::generateTemporaryRSA(2048);
+    alloc_slice signature = key->sign(kDataToSign);
+    cout << "Signature is " << signature.size << " bytes: " << base64::encode(signature) << endl;
+
+    // Verify:
+    CHECK(key->publicKey()->verifySignature(kDataToSign, signature));
+
+    // Verification fails with wrong public key:
+    auto key2 = PrivateKey::generateTemporaryRSA(2048);
+    CHECK(!key2->publicKey()->verifySignature(kDataToSign, signature));
+
+    // Verification fails with incorrect digest:
+    auto badDigest = SHA256(kDataToSign);
+    ((uint8_t*)&badDigest)[10]++;
+    CHECK(!key->publicKey()->verifySignature(badDigest, signature));
+
+    // Verification fails with altered signature:
+    ((uint8_t&)signature[100])++;
+    CHECK(!key->publicKey()->verifySignature(kDataToSign, signature));
+}

Xcode/LiteCore.xcodeproj/project.pbxproj

@@ -160,6 +160,7 @@
 		27469D08233D719800A1EE1A /* PublicKey+Apple.mm in Sources */ = {isa = PBXBuildFile; fileRef = 2762A02022EF8C4E00F9AB18 /* PublicKey+Apple.mm */; };
 		27469D09233D719800A1EE1A /* mbedUtils.cc in Sources */ = {isa = PBXBuildFile; fileRef = 2762A01C22EB933100F9AB18 /* mbedUtils.cc */; };
 		2746C8E62639E88700A3B2CC /* ThreadUtil.cc in Sources */ = {isa = PBXBuildFile; fileRef = 2746C8E52639E88700A3B2CC /* ThreadUtil.cc */; };
+		2747A1BE2798847300F286AF /* SignatureTest.cc in Sources */ = {isa = PBXBuildFile; fileRef = 2747A1BD2798847300F286AF /* SignatureTest.cc */; };
 		27480E37253A5D9C0091CF37 /* VectorRecordTest.cc in Sources */ = {isa = PBXBuildFile; fileRef = 27480E36253A5D9C0091CF37 /* VectorRecordTest.cc */; };
 		2749B9871EB298360068DBF9 /* RESTListener+Handlers.cc in Sources */ = {isa = PBXBuildFile; fileRef = 2749B9861EB298360068DBF9 /* RESTListener+Handlers.cc */; };
 		274B36D225B271F7001FC28D /* Version.cc in Sources */ = {isa = PBXBuildFile; fileRef = 274B36D125B271F7001FC28D /* Version.cc */; };
@@ -1048,6 +1049,7 @@
 		2747664520190841007B39D1 /* CMakeLists.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = CMakeLists.txt; sourceTree = "<group>"; };
 		2747664720190841007B39D1 /* sqlite3.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = sqlite3.c; sourceTree = "<group>"; };
 		2747664820190841007B39D1 /* sqlite3.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sqlite3.h; sourceTree = "<group>"; };
+		2747A1BD2798847300F286AF /* SignatureTest.cc */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = SignatureTest.cc; sourceTree = "<group>"; };
 		27480E36253A5D9C0091CF37 /* VectorRecordTest.cc */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = VectorRecordTest.cc; sourceTree = "<group>"; };
 		27491C9A1E7B1001001DC54B /* c4Socket.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = c4Socket.h; sourceTree = "<group>"; };
 		27491C9E1E7B2532001DC54B /* c4Socket.cc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = c4Socket.cc; sourceTree = "<group>"; };
@@ -2324,6 +2326,7 @@
 			isa = PBXGroup;
 			children = (
 				2762A01422EB7CC800F9AB18 /* CertificateTest.cc */,
+				2747A1BD2798847300F286AF /* SignatureTest.cc */,
 			);
 			name = tests;
 			sourceTree = "<group>";
@@ -3949,6 +3952,7 @@
 				27E19D662316EDEA00E031F8 /* RESTClientTest.cc in Sources */,
 				27B9669723284F2900B2897F /* RESTListenerTest.cc in Sources */,
 				27AFF3BA2303758E00B4D6C4 /* ReplicatorAPITest.cc in Sources */,
+				2747A1BE2798847300F286AF /* SignatureTest.cc in Sources */,
 				277071D5230B682100F7EB95 /* SyncListenerTest.cc in Sources */,
 				27AFF3BB2303759400B4D6C4 /* ReplicatorSGTest.cc in Sources */,
 				27480E37253A5D9C0091CF37 /* VectorRecordTest.cc in Sources */,