| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/channel_id.h" | 5 #include "net/quic/crypto/channel_id.h" |
| 6 | 6 |
| 7 #include <openssl/bn.h> | 7 #include <openssl/bn.h> |
| 8 #include <openssl/ec.h> | 8 #include <openssl/ec.h> |
| 9 #include <openssl/ecdsa.h> | 9 #include <openssl/ecdsa.h> |
| 10 #include <openssl/obj_mac.h> | 10 #include <openssl/obj_mac.h> |
| 11 #include <openssl/sha.h> | 11 #include <openssl/sha.h> |
| 12 | 12 |
| 13 #include "crypto/openssl_util.h" | 13 #include "crypto/openssl_util.h" |
| 14 | 14 |
| 15 using base::StringPiece; | 15 using base::StringPiece; |
| 16 using std::string; |
| 16 | 17 |
| 17 namespace net { | 18 namespace net { |
| 18 | 19 |
| 19 // static | 20 // static |
| 20 bool ChannelIDVerifier::Verify(StringPiece key, | 21 bool ChannelIDVerifier::Verify(StringPiece key, |
| 21 StringPiece signed_data, | 22 StringPiece signed_data, |
| 22 StringPiece signature) { | 23 StringPiece signature) { |
| 24 return VerifyRaw(key, signed_data, signature, true); |
| 25 } |
| 26 |
| 27 // static |
| 28 bool ChannelIDVerifier::VerifyRaw(StringPiece key, |
| 29 StringPiece signed_data, |
| 30 StringPiece signature, |
| 31 bool is_channel_id_signature) { |
| 23 if (key.size() != 32 * 2 || | 32 if (key.size() != 32 * 2 || |
| 24 signature.size() != 32 * 2) { | 33 signature.size() != 32 * 2) { |
| 25 return false; | 34 return false; |
| 26 } | 35 } |
| 27 | 36 |
| 28 crypto::ScopedOpenSSL<EC_GROUP, EC_GROUP_free> p256( | 37 crypto::ScopedOpenSSL<EC_GROUP, EC_GROUP_free> p256( |
| 29 EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); | 38 EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); |
| 30 if (p256.get() == NULL) { | 39 if (p256.get() == NULL) { |
| 31 return false; | 40 return false; |
| 32 } | 41 } |
| (...skipping 25 matching lines...) Expand all Loading... |
| 58 | 67 |
| 59 crypto::ScopedOpenSSL<EC_KEY, EC_KEY_free> ecdsa_key(EC_KEY_new()); | 68 crypto::ScopedOpenSSL<EC_KEY, EC_KEY_free> ecdsa_key(EC_KEY_new()); |
| 60 if (ecdsa_key.get() == NULL || | 69 if (ecdsa_key.get() == NULL || |
| 61 !EC_KEY_set_group(ecdsa_key.get(), p256.get()) || | 70 !EC_KEY_set_group(ecdsa_key.get(), p256.get()) || |
| 62 !EC_KEY_set_public_key(ecdsa_key.get(), point.get())) { | 71 !EC_KEY_set_public_key(ecdsa_key.get(), point.get())) { |
| 63 return false; | 72 return false; |
| 64 } | 73 } |
| 65 | 74 |
| 66 SHA256_CTX sha256; | 75 SHA256_CTX sha256; |
| 67 SHA256_Init(&sha256); | 76 SHA256_Init(&sha256); |
| 68 SHA256_Update(&sha256, ChannelIDVerifier::kContextStr, | 77 if (is_channel_id_signature) { |
| 69 strlen(ChannelIDVerifier::kContextStr) + 1); | 78 SHA256_Update(&sha256, kContextStr, strlen(kContextStr) + 1); |
| 70 SHA256_Update(&sha256, ChannelIDVerifier::kClientToServerStr, | 79 SHA256_Update(&sha256, kClientToServerStr, strlen(kClientToServerStr) + 1); |
| 71 strlen(ChannelIDVerifier::kClientToServerStr) + 1); | 80 } |
| 72 SHA256_Update(&sha256, signed_data.data(), signed_data.size()); | 81 SHA256_Update(&sha256, signed_data.data(), signed_data.size()); |
| 73 | 82 |
| 74 unsigned char digest[SHA256_DIGEST_LENGTH]; | 83 unsigned char digest[SHA256_DIGEST_LENGTH]; |
| 75 SHA256_Final(digest, &sha256); | 84 SHA256_Final(digest, &sha256); |
| 76 | 85 |
| 77 return ECDSA_do_verify(digest, sizeof(digest), &sig, ecdsa_key.get()) == 1; | 86 return ECDSA_do_verify(digest, sizeof(digest), &sig, ecdsa_key.get()) == 1; |
| 78 } | 87 } |
| 79 | 88 |
| 80 } // namespace net | 89 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 16638016:
Implement ChannelIDVerifier using NSS. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/