Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1207)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: base/crypto/signature_verifier_win.cc

Issue 1528021: Implement PBKDF2-based key derivation, random key generation,... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Make albertb's suggested changes. Created 10 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « base/crypto/signature_verifier.h ('k') | base/crypto/symmetric_key.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/crypto/signature_verifier.h" 5 #include "base/crypto/signature_verifier.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 8
9 #pragma comment(lib, "crypt32.lib") 9 #pragma comment(lib, "crypt32.lib")
10 10
11 namespace { 11 namespace {
12 12
13 // Wrappers of malloc and free for CRYPT_DECODE_PARA, which requires the 13 // Wrappers of malloc and free for CRYPT_DECODE_PARA, which requires the
14 // WINAPI calling convention. 14 // WINAPI calling convention.
15 void* WINAPI MyCryptAlloc(size_t size) { 15 void* WINAPI MyCryptAlloc(size_t size) {
16 return malloc(size); 16 return malloc(size);
17 } 17 }
18 18
19 void WINAPI MyCryptFree(void* p) { 19 void WINAPI MyCryptFree(void* p) {
20 free(p); 20 free(p);
21 } 21 }
22 22
23 } // namespace 23 } // namespace
24 24
25 namespace base { 25 namespace base {
26 26
27 SignatureVerifier::SignatureVerifier() : hash_object_(0), public_key_(0) { 27 SignatureVerifier::SignatureVerifier() : hash_object_(0), public_key_(0) {
28 if (!CryptAcquireContext(&provider_, NULL, NULL, 28 if (!CryptAcquireContext(provider_.receive(), NULL, NULL,
29 PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) 29 PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
30 provider_ = 0; 30 provider_.reset();
31 } 31 }
32 32
33 SignatureVerifier::~SignatureVerifier() { 33 SignatureVerifier::~SignatureVerifier() {
34 Reset();
35 if (provider_) {
36 BOOL ok = CryptReleaseContext(provider_, 0);
37 DCHECK(ok);
38 }
39 } 34 }
40 35
41 bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm, 36 bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm,
42 int signature_algorithm_len, 37 int signature_algorithm_len,
43 const uint8* signature, 38 const uint8* signature,
44 int signature_len, 39 int signature_len,
45 const uint8* public_key_info, 40 const uint8* public_key_info,
46 int public_key_info_len) { 41 int public_key_info_len) {
47 signature_.reserve(signature_len); 42 signature_.reserve(signature_len);
48 // CryptoAPI uses big integers in the little-endian byte order, so we need 43 // CryptoAPI uses big integers in the little-endian byte order, so we need
(...skipping 14 matching lines...) Expand all
63 public_key_info_len, 58 public_key_info_len,
64 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, 59 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG,
65 &decode_para, 60 &decode_para,
66 &cert_public_key_info, 61 &cert_public_key_info,
67 &struct_len); 62 &struct_len);
68 if (!ok) 63 if (!ok)
69 return false; 64 return false;
70 65
71 ok = CryptImportPublicKeyInfo(provider_, 66 ok = CryptImportPublicKeyInfo(provider_,
72 X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 67 X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
73 cert_public_key_info, &public_key_); 68 cert_public_key_info, public_key_.receive());
74 free(cert_public_key_info); 69 free(cert_public_key_info);
75 if (!ok) 70 if (!ok)
76 return false; 71 return false;
77 72
78 CRYPT_ALGORITHM_IDENTIFIER* signature_algorithm_id; 73 CRYPT_ALGORITHM_IDENTIFIER* signature_algorithm_id;
79 struct_len = 0; 74 struct_len = 0;
80 ok = CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 75 ok = CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
81 X509_ALGORITHM_IDENTIFIER, 76 X509_ALGORITHM_IDENTIFIER,
82 signature_algorithm, 77 signature_algorithm,
83 signature_algorithm_len, 78 signature_algorithm_len,
(...skipping 17 matching lines...) Expand all
101 } else if (GetLastError() == ERROR_FILE_NOT_FOUND) { 96 } else if (GetLastError() == ERROR_FILE_NOT_FOUND) {
102 // TODO(wtc): X509_ALGORITHM_IDENTIFIER isn't supported on XP SP2. We 97 // TODO(wtc): X509_ALGORITHM_IDENTIFIER isn't supported on XP SP2. We
103 // may be able to encapsulate signature_algorithm in a dummy SignedContent 98 // may be able to encapsulate signature_algorithm in a dummy SignedContent
104 // and decode it with X509_CERT into a CERT_SIGNED_CONTENT_INFO. For now, 99 // and decode it with X509_CERT into a CERT_SIGNED_CONTENT_INFO. For now,
105 // just hardcode the hash algorithm to be SHA-1. 100 // just hardcode the hash algorithm to be SHA-1.
106 hash_alg_id = CALG_SHA1; 101 hash_alg_id = CALG_SHA1;
107 } else { 102 } else {
108 return false; 103 return false;
109 } 104 }
110 105
111 ok = CryptCreateHash(provider_, hash_alg_id, 0, 0, &hash_object_); 106 ok = CryptCreateHash(provider_, hash_alg_id, 0, 0, hash_object_.receive());
112 if (!ok) 107 if (!ok)
113 return false; 108 return false;
114 return true; 109 return true;
115 } 110 }
116 111
117 void SignatureVerifier::VerifyUpdate(const uint8* data_part, 112 void SignatureVerifier::VerifyUpdate(const uint8* data_part,
118 int data_part_len) { 113 int data_part_len) {
119 BOOL ok = CryptHashData(hash_object_, data_part, data_part_len, 0); 114 BOOL ok = CryptHashData(hash_object_, data_part, data_part_len, 0);
120 DCHECK(ok) << "CryptHashData failed: " << GetLastError(); 115 DCHECK(ok) << "CryptHashData failed: " << GetLastError();
121 } 116 }
122 117
123 bool SignatureVerifier::VerifyFinal() { 118 bool SignatureVerifier::VerifyFinal() {
124 BOOL ok = CryptVerifySignature(hash_object_, &signature_[0], 119 BOOL ok = CryptVerifySignature(hash_object_, &signature_[0],
125 signature_.size(), public_key_, NULL, 0); 120 signature_.size(), public_key_, NULL, 0);
126 Reset(); 121 Reset();
127 if (!ok) 122 if (!ok)
128 return false; 123 return false;
129 return true; 124 return true;
130 } 125 }
131 126
132 void SignatureVerifier::Reset() { 127 void SignatureVerifier::Reset() {
133 BOOL ok; 128 hash_object_.reset();
134 if (hash_object_) { 129 public_key_.reset();
135 ok = CryptDestroyHash(hash_object_);
136 DCHECK(ok);
137 hash_object_ = 0;
138 }
139 if (public_key_) {
140 ok = CryptDestroyKey(public_key_);
141 DCHECK(ok);
142 public_key_ = 0;
143 }
144 signature_.clear(); 130 signature_.clear();
145 } 131 }
146 132
147 } // namespace base 133 } // namespace base
148 134
OLDNEW
« no previous file with comments | « base/crypto/signature_verifier.h ('k') | base/crypto/symmetric_key.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698