Chromium Code Reviews Chromium Code Reviews
Issue 5105003:
Implements Signature Creator & Verifier for openssl (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: base/crypto/signature_verifier_openssl.cc |
| diff --git a/base/crypto/signature_verifier_openssl.cc b/base/crypto/signature_verifier_openssl.cc |
| index 49b5e073d1171bd9dffe0295047bee329bf1215b..1ef5601a1bb85c74fa459fe294d3757b0003b5eb 100644 |
| --- a/base/crypto/signature_verifier_openssl.cc |
| +++ b/base/crypto/signature_verifier_openssl.cc |
| @@ -4,14 +4,29 @@ |
| #include "base/crypto/signature_verifier.h" |
| +#include <openssl/evp.h> |
| +#include <openssl/x509.h> |
| + |
| +#include <vector> |
| + |
| #include "base/logging.h" |
| +#include "base/openssl_util.h" |
| +#include "base/scoped_ptr.h" |
| +#include "base/stl_util-inl.h" |
| namespace base { |
| -SignatureVerifier::SignatureVerifier() { |
| +struct SignatureVerifier::VerifyContext { |
| + ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> public_key; |
| + ScopedOpenSSL<EVP_MD_CTX, EVP_MD_CTX_destroy> ctx; |
| +}; |
| + |
| +SignatureVerifier::SignatureVerifier() |
| + : verify_context_(NULL) { |
| } |
| SignatureVerifier::~SignatureVerifier() { |
| + Reset(); |
| } |
| bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm, |
| @@ -20,22 +35,64 @@ bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm, |
| int signature_len, |
| const uint8* public_key_info, |
| int public_key_info_len) { |
| - NOTIMPLEMENTED(); |
| - return false; |
| + DCHECK(!verify_context_); |
| + verify_context_ = new VerifyContext; |
| + EnsureOpenSSLInit(); |
| + OpenSSLErrStackTracer err_tracer("VerifyInit"); |
|
bulach
2010/11/17 14:35:09
maybe: SignatureVerifier::VerifyInit
joth
2010/11/17 14:49:31
Done.
|
| + |
| + ScopedOpenSSL<X509_ALGOR, X509_ALGOR_free> algorithm( |
| + d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len)); |
| + if (!algorithm.get()) |
| + return false; |
| + |
| + const EVP_MD* digest = EVP_get_digestbyobj(algorithm.get()->algorithm); |
| + DCHECK(digest); |
| + |
| + signature_.assign(signature, signature + signature_len); |
| + |
| + // BIO_new_mem_buf is not const aware, but it does not modify the buffer. |
| + char* data = reinterpret_cast<char*>(const_cast<uint8*>(public_key_info)); |
| + ScopedOpenSSL<BIO, BIO_free_all> bio(BIO_new_mem_buf(data, |
| + public_key_info_len)); |
| + if (!bio.get()) |
| + return false; |
| + |
| + verify_context_->public_key.reset(d2i_PUBKEY_bio(bio.get(), NULL)); |
| + if (!verify_context_->public_key.get()) |
| + return false; |
| + |
| + verify_context_->ctx.reset(EVP_MD_CTX_create()); |
| + int rv = EVP_VerifyInit_ex(verify_context_->ctx.get(), digest, NULL); |
| + if (!rv) |
| + return false; |
| + |
| + return true; |
| } |
| void SignatureVerifier::VerifyUpdate(const uint8* data_part, |
| int data_part_len) { |
| - NOTIMPLEMENTED(); |
| + DCHECK(verify_context_); |
| + OpenSSLErrStackTracer err_tracer("VerifyUpdate"); |
|
bulach
2010/11/17 14:35:09
ditto
joth
2010/11/17 14:49:31
Done.
|
| + int rv = EVP_VerifyUpdate(verify_context_->ctx.get(), |
| + data_part, data_part_len); |
| + DCHECK_EQ(rv, 1); |
| } |
| bool SignatureVerifier::VerifyFinal() { |
| - NOTIMPLEMENTED(); |
| - return false; |
| + DCHECK(verify_context_); |
| + OpenSSLErrStackTracer err_tracer("VerifyFinal"); |
|
bulach
2010/11/17 14:35:09
ditto
joth
2010/11/17 14:49:31
Done.
|
| + int rv = EVP_VerifyFinal(verify_context_->ctx.get(), |
| + signature_.data(), signature_.size(), |
| + verify_context_->public_key.get()); |
| + DCHECK_GE(rv, 0); |
| + Reset(); |
| + return rv == 1; |
| } |
| void SignatureVerifier::Reset() { |
| - NOTIMPLEMENTED(); |
| + delete verify_context_; |
| + verify_context_ = NULL; |
| + signature_.clear(); |
| } |
| } // namespace base |
