OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "crypto/signature_verifier.h" | 5 #include "crypto/signature_verifier.h" |
6 | 6 |
7 #include <openssl/evp.h> | 7 #include <openssl/evp.h> |
8 #include <openssl/x509.h> | 8 #include <openssl/x509.h> |
| 9 #include <stdint.h> |
9 | 10 |
10 #include <vector> | 11 #include <vector> |
11 | 12 |
12 #include "base/logging.h" | 13 #include "base/logging.h" |
13 #include "base/memory/scoped_ptr.h" | 14 #include "base/memory/scoped_ptr.h" |
14 #include "crypto/openssl_util.h" | 15 #include "crypto/openssl_util.h" |
15 #include "crypto/scoped_openssl_types.h" | 16 #include "crypto/scoped_openssl_types.h" |
16 | 17 |
17 namespace crypto { | 18 namespace crypto { |
18 | 19 |
(...skipping 16 matching lines...) Expand all Loading... |
35 }; | 36 }; |
36 | 37 |
37 SignatureVerifier::SignatureVerifier() | 38 SignatureVerifier::SignatureVerifier() |
38 : verify_context_(NULL) { | 39 : verify_context_(NULL) { |
39 } | 40 } |
40 | 41 |
41 SignatureVerifier::~SignatureVerifier() { | 42 SignatureVerifier::~SignatureVerifier() { |
42 Reset(); | 43 Reset(); |
43 } | 44 } |
44 | 45 |
45 bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm, | 46 bool SignatureVerifier::VerifyInit(const uint8_t* signature_algorithm, |
46 int signature_algorithm_len, | 47 int signature_algorithm_len, |
47 const uint8* signature, | 48 const uint8_t* signature, |
48 int signature_len, | 49 int signature_len, |
49 const uint8* public_key_info, | 50 const uint8_t* public_key_info, |
50 int public_key_info_len) { | 51 int public_key_info_len) { |
51 OpenSSLErrStackTracer err_tracer(FROM_HERE); | 52 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
52 ScopedOpenSSL<X509_ALGOR, X509_ALGOR_free> algorithm( | 53 ScopedOpenSSL<X509_ALGOR, X509_ALGOR_free> algorithm( |
53 d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len)); | 54 d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len)); |
54 if (!algorithm.get()) | 55 if (!algorithm.get()) |
55 return false; | 56 return false; |
56 int nid = OBJ_obj2nid(algorithm.get()->algorithm); | 57 int nid = OBJ_obj2nid(algorithm.get()->algorithm); |
57 const EVP_MD* digest; | 58 const EVP_MD* digest; |
58 if (nid == NID_ecdsa_with_SHA1) { | 59 if (nid == NID_ecdsa_with_SHA1) { |
59 digest = EVP_sha1(); | 60 digest = EVP_sha1(); |
60 } else if (nid == NID_ecdsa_with_SHA256) { | 61 } else if (nid == NID_ecdsa_with_SHA256) { |
61 digest = EVP_sha256(); | 62 digest = EVP_sha256(); |
62 } else { | 63 } else { |
63 // This works for PKCS #1 v1.5 RSA signatures, but not for ECDSA | 64 // This works for PKCS #1 v1.5 RSA signatures, but not for ECDSA |
64 // signatures. | 65 // signatures. |
65 digest = EVP_get_digestbyobj(algorithm.get()->algorithm); | 66 digest = EVP_get_digestbyobj(algorithm.get()->algorithm); |
66 } | 67 } |
67 if (!digest) | 68 if (!digest) |
68 return false; | 69 return false; |
69 | 70 |
70 return CommonInit(digest, signature, signature_len, public_key_info, | 71 return CommonInit(digest, signature, signature_len, public_key_info, |
71 public_key_info_len, NULL); | 72 public_key_info_len, NULL); |
72 } | 73 } |
73 | 74 |
74 bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg, | 75 bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg, |
75 HashAlgorithm mask_hash_alg, | 76 HashAlgorithm mask_hash_alg, |
76 int salt_len, | 77 int salt_len, |
77 const uint8* signature, | 78 const uint8_t* signature, |
78 int signature_len, | 79 int signature_len, |
79 const uint8* public_key_info, | 80 const uint8_t* public_key_info, |
80 int public_key_info_len) { | 81 int public_key_info_len) { |
81 OpenSSLErrStackTracer err_tracer(FROM_HERE); | 82 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
82 const EVP_MD* const digest = ToOpenSSLDigest(hash_alg); | 83 const EVP_MD* const digest = ToOpenSSLDigest(hash_alg); |
83 DCHECK(digest); | 84 DCHECK(digest); |
84 if (!digest) { | 85 if (!digest) { |
85 return false; | 86 return false; |
86 } | 87 } |
87 | 88 |
88 EVP_PKEY_CTX* pkey_ctx; | 89 EVP_PKEY_CTX* pkey_ctx; |
89 if (!CommonInit(digest, signature, signature_len, public_key_info, | 90 if (!CommonInit(digest, signature, signature_len, public_key_info, |
90 public_key_info_len, &pkey_ctx)) { | 91 public_key_info_len, &pkey_ctx)) { |
91 return false; | 92 return false; |
92 } | 93 } |
93 | 94 |
94 int rv = EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING); | 95 int rv = EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING); |
95 if (rv != 1) | 96 if (rv != 1) |
96 return false; | 97 return false; |
97 const EVP_MD* const mgf_digest = ToOpenSSLDigest(mask_hash_alg); | 98 const EVP_MD* const mgf_digest = ToOpenSSLDigest(mask_hash_alg); |
98 DCHECK(mgf_digest); | 99 DCHECK(mgf_digest); |
99 if (!mgf_digest) { | 100 if (!mgf_digest) { |
100 return false; | 101 return false; |
101 } | 102 } |
102 rv = EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, mgf_digest); | 103 rv = EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, mgf_digest); |
103 if (rv != 1) | 104 if (rv != 1) |
104 return false; | 105 return false; |
105 rv = EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len); | 106 rv = EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len); |
106 return rv == 1; | 107 return rv == 1; |
107 } | 108 } |
108 | 109 |
109 void SignatureVerifier::VerifyUpdate(const uint8* data_part, | 110 void SignatureVerifier::VerifyUpdate(const uint8_t* data_part, |
110 int data_part_len) { | 111 int data_part_len) { |
111 DCHECK(verify_context_); | 112 DCHECK(verify_context_); |
112 OpenSSLErrStackTracer err_tracer(FROM_HERE); | 113 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
113 int rv = EVP_DigestVerifyUpdate(verify_context_->ctx.get(), | 114 int rv = EVP_DigestVerifyUpdate(verify_context_->ctx.get(), |
114 data_part, data_part_len); | 115 data_part, data_part_len); |
115 DCHECK_EQ(rv, 1); | 116 DCHECK_EQ(rv, 1); |
116 } | 117 } |
117 | 118 |
118 bool SignatureVerifier::VerifyFinal() { | 119 bool SignatureVerifier::VerifyFinal() { |
119 DCHECK(verify_context_); | 120 DCHECK(verify_context_); |
120 OpenSSLErrStackTracer err_tracer(FROM_HERE); | 121 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
121 int rv = EVP_DigestVerifyFinal(verify_context_->ctx.get(), signature_.data(), | 122 int rv = EVP_DigestVerifyFinal(verify_context_->ctx.get(), signature_.data(), |
122 signature_.size()); | 123 signature_.size()); |
123 DCHECK_EQ(static_cast<int>(!!rv), rv); | 124 DCHECK_EQ(static_cast<int>(!!rv), rv); |
124 Reset(); | 125 Reset(); |
125 return rv == 1; | 126 return rv == 1; |
126 } | 127 } |
127 | 128 |
128 bool SignatureVerifier::CommonInit(const EVP_MD* digest, | 129 bool SignatureVerifier::CommonInit(const EVP_MD* digest, |
129 const uint8* signature, | 130 const uint8_t* signature, |
130 int signature_len, | 131 int signature_len, |
131 const uint8* public_key_info, | 132 const uint8_t* public_key_info, |
132 int public_key_info_len, | 133 int public_key_info_len, |
133 EVP_PKEY_CTX** pkey_ctx) { | 134 EVP_PKEY_CTX** pkey_ctx) { |
134 if (verify_context_) | 135 if (verify_context_) |
135 return false; | 136 return false; |
136 | 137 |
137 verify_context_ = new VerifyContext; | 138 verify_context_ = new VerifyContext; |
138 | 139 |
139 signature_.assign(signature, signature + signature_len); | 140 signature_.assign(signature, signature + signature_len); |
140 | 141 |
141 const uint8_t* ptr = public_key_info; | 142 const uint8_t* ptr = public_key_info; |
142 ScopedEVP_PKEY public_key(d2i_PUBKEY(nullptr, &ptr, public_key_info_len)); | 143 ScopedEVP_PKEY public_key(d2i_PUBKEY(nullptr, &ptr, public_key_info_len)); |
143 if (!public_key.get() || ptr != public_key_info + public_key_info_len) | 144 if (!public_key.get() || ptr != public_key_info + public_key_info_len) |
144 return false; | 145 return false; |
145 | 146 |
146 verify_context_->ctx.reset(EVP_MD_CTX_create()); | 147 verify_context_->ctx.reset(EVP_MD_CTX_create()); |
147 int rv = EVP_DigestVerifyInit(verify_context_->ctx.get(), pkey_ctx, | 148 int rv = EVP_DigestVerifyInit(verify_context_->ctx.get(), pkey_ctx, |
148 digest, nullptr, public_key.get()); | 149 digest, nullptr, public_key.get()); |
149 return rv == 1; | 150 return rv == 1; |
150 } | 151 } |
151 | 152 |
152 void SignatureVerifier::Reset() { | 153 void SignatureVerifier::Reset() { |
153 delete verify_context_; | 154 delete verify_context_; |
154 verify_context_ = NULL; | 155 verify_context_ = NULL; |
155 signature_.clear(); | 156 signature_.clear(); |
156 } | 157 } |
157 | 158 |
158 } // namespace crypto | 159 } // namespace crypto |
OLD | NEW |