OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/crypto/signature_verifier.h" | 5 #include "base/crypto/signature_verifier.h" |
6 | 6 |
| 7 #include <openssl/evp.h> |
| 8 #include <openssl/x509.h> |
| 9 |
| 10 #include <vector> |
| 11 |
7 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "base/openssl_util.h" |
| 14 #include "base/scoped_ptr.h" |
8 | 15 |
9 namespace base { | 16 namespace base { |
10 | 17 |
11 SignatureVerifier::SignatureVerifier() { | 18 struct SignatureVerifier::VerifyContext { |
| 19 ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> public_key; |
| 20 ScopedOpenSSL<EVP_MD_CTX, EVP_MD_CTX_destroy> ctx; |
| 21 }; |
| 22 |
| 23 SignatureVerifier::SignatureVerifier() |
| 24 : verify_context_(NULL) { |
12 } | 25 } |
13 | 26 |
14 SignatureVerifier::~SignatureVerifier() { | 27 SignatureVerifier::~SignatureVerifier() { |
| 28 Reset(); |
15 } | 29 } |
16 | 30 |
17 bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm, | 31 bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm, |
18 int signature_algorithm_len, | 32 int signature_algorithm_len, |
19 const uint8* signature, | 33 const uint8* signature, |
20 int signature_len, | 34 int signature_len, |
21 const uint8* public_key_info, | 35 const uint8* public_key_info, |
22 int public_key_info_len) { | 36 int public_key_info_len) { |
23 NOTIMPLEMENTED(); | 37 DCHECK(!verify_context_); |
24 return false; | 38 verify_context_ = new VerifyContext; |
| 39 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 40 |
| 41 ScopedOpenSSL<X509_ALGOR, X509_ALGOR_free> algorithm( |
| 42 d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len)); |
| 43 if (!algorithm.get()) |
| 44 return false; |
| 45 |
| 46 const EVP_MD* digest = EVP_get_digestbyobj(algorithm.get()->algorithm); |
| 47 DCHECK(digest); |
| 48 |
| 49 signature_.assign(signature, signature + signature_len); |
| 50 |
| 51 // BIO_new_mem_buf is not const aware, but it does not modify the buffer. |
| 52 char* data = reinterpret_cast<char*>(const_cast<uint8*>(public_key_info)); |
| 53 ScopedOpenSSL<BIO, BIO_free_all> bio(BIO_new_mem_buf(data, |
| 54 public_key_info_len)); |
| 55 if (!bio.get()) |
| 56 return false; |
| 57 |
| 58 verify_context_->public_key.reset(d2i_PUBKEY_bio(bio.get(), NULL)); |
| 59 if (!verify_context_->public_key.get()) |
| 60 return false; |
| 61 |
| 62 verify_context_->ctx.reset(EVP_MD_CTX_create()); |
| 63 int rv = EVP_VerifyInit_ex(verify_context_->ctx.get(), digest, NULL); |
| 64 return rv == 1; |
25 } | 65 } |
26 | 66 |
27 void SignatureVerifier::VerifyUpdate(const uint8* data_part, | 67 void SignatureVerifier::VerifyUpdate(const uint8* data_part, |
28 int data_part_len) { | 68 int data_part_len) { |
29 NOTIMPLEMENTED(); | 69 DCHECK(verify_context_); |
| 70 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 71 int rv = EVP_VerifyUpdate(verify_context_->ctx.get(), |
| 72 data_part, data_part_len); |
| 73 DCHECK_EQ(rv, 1); |
30 } | 74 } |
31 | 75 |
32 bool SignatureVerifier::VerifyFinal() { | 76 bool SignatureVerifier::VerifyFinal() { |
33 NOTIMPLEMENTED(); | 77 DCHECK(verify_context_); |
34 return false; | 78 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 79 int rv = EVP_VerifyFinal(verify_context_->ctx.get(), |
| 80 signature_.data(), signature_.size(), |
| 81 verify_context_->public_key.get()); |
| 82 DCHECK_GE(rv, 0); |
| 83 Reset(); |
| 84 return rv == 1; |
35 } | 85 } |
36 | 86 |
37 void SignatureVerifier::Reset() { | 87 void SignatureVerifier::Reset() { |
38 NOTIMPLEMENTED(); | 88 delete verify_context_; |
| 89 verify_context_ = NULL; |
| 90 signature_.clear(); |
39 } | 91 } |
40 | 92 |
41 } // namespace base | 93 } // namespace base |
OLD | NEW |