Index: base/crypto/signature_verifier_nss.cc |
=================================================================== |
--- base/crypto/signature_verifier_nss.cc (revision 80572) |
+++ base/crypto/signature_verifier_nss.cc (working copy) |
@@ -1,113 +0,0 @@ |
-// Copyright (c) 2009 The Chromium Authors. All rights reserved. |
-// Use of this source code is governed by a BSD-style license that can be |
-// found in the LICENSE file. |
- |
-#include "base/crypto/signature_verifier.h" |
- |
-#include <cryptohi.h> |
-#include <keyhi.h> |
-#include <stdlib.h> |
- |
-#include "base/logging.h" |
-#include "base/nss_util.h" |
- |
-namespace base { |
- |
-SignatureVerifier::SignatureVerifier() : vfy_context_(NULL) { |
- EnsureNSSInit(); |
-} |
- |
-SignatureVerifier::~SignatureVerifier() { |
- Reset(); |
-} |
- |
-bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm, |
- int signature_algorithm_len, |
- const uint8* signature, |
- int signature_len, |
- const uint8* public_key_info, |
- int public_key_info_len) { |
- signature_.assign(signature, signature + signature_len); |
- |
- CERTSubjectPublicKeyInfo* spki = NULL; |
- SECItem spki_der; |
- spki_der.type = siBuffer; |
- spki_der.data = const_cast<uint8*>(public_key_info); |
- spki_der.len = public_key_info_len; |
- spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&spki_der); |
- if (!spki) |
- return false; |
- SECKEYPublicKey* public_key = SECKEY_ExtractPublicKey(spki); |
- SECKEY_DestroySubjectPublicKeyInfo(spki); // Done with spki. |
- if (!public_key) |
- return false; |
- |
- PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
- if (!arena) { |
- SECKEY_DestroyPublicKey(public_key); |
- return false; |
- } |
- |
- SECItem sig_alg_der; |
- sig_alg_der.type = siBuffer; |
- sig_alg_der.data = const_cast<uint8*>(signature_algorithm); |
- sig_alg_der.len = signature_algorithm_len; |
- SECAlgorithmID sig_alg_id; |
- SECStatus rv; |
- rv = SEC_QuickDERDecodeItem(arena, &sig_alg_id, SECOID_AlgorithmIDTemplate, |
- &sig_alg_der); |
- if (rv != SECSuccess) { |
- SECKEY_DestroyPublicKey(public_key); |
- PORT_FreeArena(arena, PR_TRUE); |
- return false; |
- } |
- |
- SECItem sig; |
- sig.type = siBuffer; |
- sig.data = const_cast<uint8*>(signature); |
- sig.len = signature_len; |
- SECOidTag hash_alg_tag; |
- vfy_context_ = VFY_CreateContextWithAlgorithmID(public_key, &sig, |
- &sig_alg_id, &hash_alg_tag, |
- NULL); |
- SECKEY_DestroyPublicKey(public_key); // Done with public_key. |
- PORT_FreeArena(arena, PR_TRUE); // Done with sig_alg_id. |
- if (!vfy_context_) { |
- // A corrupted RSA signature could be detected without the data, so |
- // VFY_CreateContextWithAlgorithmID may fail with SEC_ERROR_BAD_SIGNATURE |
- // (-8182). |
- return false; |
- } |
- |
- rv = VFY_Begin(vfy_context_); |
- if (rv != SECSuccess) { |
- NOTREACHED(); |
- return false; |
- } |
- return true; |
-} |
- |
-void SignatureVerifier::VerifyUpdate(const uint8* data_part, |
- int data_part_len) { |
- SECStatus rv = VFY_Update(vfy_context_, data_part, data_part_len); |
- DCHECK(rv == SECSuccess); |
-} |
- |
-bool SignatureVerifier::VerifyFinal() { |
- SECStatus rv = VFY_End(vfy_context_); |
- Reset(); |
- |
- // If signature verification fails, the error code is |
- // SEC_ERROR_BAD_SIGNATURE (-8182). |
- return (rv == SECSuccess); |
-} |
- |
-void SignatureVerifier::Reset() { |
- if (vfy_context_) { |
- VFY_DestroyContext(vfy_context_, PR_TRUE); |
- vfy_context_ = NULL; |
- } |
- signature_.clear(); |
-} |
- |
-} // namespace base |