net/cert/ct_log_verifier_openssl.cc - Issue 1100003006: Certificate Transparency: Fetching of Signed Tree Heads (DRAFT)

Side by Side Diff: net/cert/ct_log_verifier_openssl.cc

Issue 1100003006: Certificate Transparency: Fetching of Signed Tree Heads (DRAFT) (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Revised design, addressed some comments Created 5 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/ct_log_verifier.h"	5 #include "net/cert/ct_log_verifier.h"

6	6

7 #include <openssl/evp.h>	7 #include <openssl/evp.h>

8 #include <openssl/x509.h>	8 #include <openssl/x509.h>

9	9

10 #include "base/logging.h"	10 #include "base/logging.h"

(...skipping 29 matching lines...) Expand all Loading...
40	40

41 } // namespace	41 } // namespace

42	42

43 CTLogVerifier::~CTLogVerifier() {	43 CTLogVerifier::~CTLogVerifier() {

44 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);	44 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

45	45

46 if (public_key_)	46 if (public_key_)

47 EVP_PKEY_free(public_key_);	47 EVP_PKEY_free(public_key_);

48 }	48 }

49	49

	50 CTLogVerifier::CTLogVerifier(const CTLogVerifier& other)

	51 : key_id_(other.key_id_),

	52 description_(other.description_),

	53 url_(url),

	54 hash_algorithm_(other.hash_algorithm_),

	55 signature_algorithm_(other.signature_algorithm_),

	56 public_key_(NULL) {

	57 // No direct function for copying EVP_PKEY: Serialize to PEM

	58 // and de-serialize.

	59 BIO* tbio = BIO_new(BIO_s_mem());

	60

	61 if (PEM_write_bio_PUBKEY(tbio, other.public_key) == 1) {

	62 if (PEM_read_bio_PUBKEY(tbio, &public_key_, 0, 0) == 0) {

	63 // Will fail VerifySignature later.

	64 public_key_ = NULL;

	65 }

	66 }

	67

	68 BIO_free(tbio);

	69 }

	70

50 bool CTLogVerifier::Init(const base::StringPiece& public_key) {	71 bool CTLogVerifier::Init(const base::StringPiece& public_key) {

51 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);	72 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

52	73

53 const uint8_t* ptr = reinterpret_cast<const uint8_t*>(public_key.data());	74 const uint8_t* ptr = reinterpret_cast<const uint8_t*>(public_key.data());

54 const uint8_t* end = ptr + public_key.size();	75 const uint8_t* end = ptr + public_key.size();

55 public_key_ = d2i_PUBKEY(nullptr, &ptr, public_key.size());	76 public_key_ = d2i_PUBKEY(nullptr, &ptr, public_key.size());

56 if (!public_key_ \|\| ptr != end)	77 if (!public_key_ \|\| ptr != end)

57 return false;	78 return false;

58	79

59 key_id_ = crypto::SHA256HashString(public_key);	80 key_id_ = crypto::SHA256HashString(public_key);

(...skipping 21 matching lines...) Expand all Loading...
81 DVLOG(1) << "Too small a public key.";	102 DVLOG(1) << "Too small a public key.";

82 return false;	103 return false;

83 }	104 }

84	105

85 return true;	106 return true;

86 }	107 }

87	108

88 bool CTLogVerifier::VerifySignature(const base::StringPiece& data_to_sign,	109 bool CTLogVerifier::VerifySignature(const base::StringPiece& data_to_sign,

89 const base::StringPiece& signature) {	110 const base::StringPiece& signature) {

90 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);	111 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

	112 if (public_key_ == NULL) {
	Ryan Sleevi 2015/06/29 11:58:13 if (!public_key_) if (!public_key_)
	113 return false;

	114 }

91	115

92 const EVP_MD* hash_alg = GetEvpAlg(hash_algorithm_);	116 const EVP_MD* hash_alg = GetEvpAlg(hash_algorithm_);

93 if (hash_alg == NULL)	117 if (hash_alg == NULL)

94 return false;	118 return false;

95	119

96 EVP_MD_CTX ctx;	120 EVP_MD_CTX ctx;

97 EVP_MD_CTX_init(&ctx);	121 EVP_MD_CTX_init(&ctx);

98	122

99 bool ok = (	123 bool ok = (

100 1 == EVP_DigestVerifyInit(&ctx, NULL, hash_alg, NULL, public_key_) &&	124 1 == EVP_DigestVerifyInit(&ctx, NULL, hash_alg, NULL, public_key_) &&

101 1 == EVP_DigestVerifyUpdate(	125 1 == EVP_DigestVerifyUpdate(

102 &ctx, data_to_sign.data(), data_to_sign.size()) &&	126 &ctx, data_to_sign.data(), data_to_sign.size()) &&

103 1 == EVP_DigestVerifyFinal(	127 1 == EVP_DigestVerifyFinal(

104 &ctx,	128 &ctx,

105 reinterpret_cast<const uint8_t*>(signature.data()),	129 reinterpret_cast<const uint8_t*>(signature.data()),

106 signature.size()));	130 signature.size()));

107	131

108 EVP_MD_CTX_cleanup(&ctx);	132 EVP_MD_CTX_cleanup(&ctx);

109 return ok;	133 return ok;

110 }	134 }

111	135

112 } // namespace net	136 } // namespace net

OLD	NEW

« components/safe_json_parser/safe_json_parser.cc ('K') | « net/cert/ct_log_verifier_nss.cc ('k') | net/cert/ct_log_verifier_unittest.cc » ('j') | net/cert/ct_verifier.h » ('J')