| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "crypto/signature_verifier.h" | 5 #include "crypto/signature_verifier.h" |
| 6 | 6 |
| 7 #include <cryptohi.h> | 7 #include <cryptohi.h> |
| 8 #include <keyhi.h> | 8 #include <keyhi.h> |
| 9 #include <pk11pub.h> | 9 #include <pk11pub.h> |
| 10 #include <secerr.h> | 10 #include <secerr.h> |
| (...skipping 12 matching lines...) Expand all Loading... |
| 23 HASH_HashType ToNSSHashType(SignatureVerifier::HashAlgorithm hash_alg) { | 23 HASH_HashType ToNSSHashType(SignatureVerifier::HashAlgorithm hash_alg) { |
| 24 switch (hash_alg) { | 24 switch (hash_alg) { |
| 25 case SignatureVerifier::SHA1: | 25 case SignatureVerifier::SHA1: |
| 26 return HASH_AlgSHA1; | 26 return HASH_AlgSHA1; |
| 27 case SignatureVerifier::SHA256: | 27 case SignatureVerifier::SHA256: |
| 28 return HASH_AlgSHA256; | 28 return HASH_AlgSHA256; |
| 29 } | 29 } |
| 30 return HASH_AlgNULL; | 30 return HASH_AlgNULL; |
| 31 } | 31 } |
| 32 | 32 |
| 33 SECOidTag ToNSSSignatureType(SignatureVerifier::SignatureAlgorithm sig_alg) { |
| 34 switch (sig_alg) { |
| 35 case SignatureVerifier::RSA_PKCS1_SHA1: |
| 36 return SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; |
| 37 case SignatureVerifier::RSA_PKCS1_SHA256: |
| 38 return SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION; |
| 39 case SignatureVerifier::ECDSA_SHA256: |
| 40 return SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE; |
| 41 } |
| 42 return SEC_OID_UNKNOWN; |
| 43 } |
| 44 |
| 33 SECStatus VerifyRSAPSS_End(SECKEYPublicKey* public_key, | 45 SECStatus VerifyRSAPSS_End(SECKEYPublicKey* public_key, |
| 34 HASHContext* hash_context, | 46 HASHContext* hash_context, |
| 35 HASH_HashType mask_hash_alg, | 47 HASH_HashType mask_hash_alg, |
| 36 unsigned int salt_len, | 48 unsigned int salt_len, |
| 37 const unsigned char* signature, | 49 const unsigned char* signature, |
| 38 unsigned int signature_len) { | 50 unsigned int signature_len) { |
| 39 unsigned int hash_len = HASH_ResultLenContext(hash_context); | 51 unsigned int hash_len = HASH_ResultLenContext(hash_context); |
| 40 std::vector<unsigned char> hash(hash_len); | 52 std::vector<unsigned char> hash(hash_len); |
| 41 HASH_End(hash_context, &hash[0], &hash_len, hash.size()); | 53 HASH_End(hash_context, &hash[0], &hash_len, hash.size()); |
| 42 | 54 |
| (...skipping 24 matching lines...) Expand all Loading... |
| 67 salt_len_(0), | 79 salt_len_(0), |
| 68 public_key_(NULL), | 80 public_key_(NULL), |
| 69 hash_context_(NULL) { | 81 hash_context_(NULL) { |
| 70 EnsureNSSInit(); | 82 EnsureNSSInit(); |
| 71 } | 83 } |
| 72 | 84 |
| 73 SignatureVerifier::~SignatureVerifier() { | 85 SignatureVerifier::~SignatureVerifier() { |
| 74 Reset(); | 86 Reset(); |
| 75 } | 87 } |
| 76 | 88 |
| 77 bool SignatureVerifier::VerifyInit(const uint8_t* signature_algorithm, | 89 bool SignatureVerifier::VerifyInit(SignatureAlgorithm signature_algorithm, |
| 78 int signature_algorithm_len, | |
| 79 const uint8_t* signature, | 90 const uint8_t* signature, |
| 80 int signature_len, | 91 int signature_len, |
| 81 const uint8_t* public_key_info, | 92 const uint8_t* public_key_info, |
| 82 int public_key_info_len) { | 93 int public_key_info_len) { |
| 83 if (vfy_context_ || hash_context_) | 94 if (vfy_context_ || hash_context_) |
| 84 return false; | 95 return false; |
| 85 | 96 |
| 86 signature_.assign(signature, signature + signature_len); | 97 signature_.assign(signature, signature + signature_len); |
| 87 | 98 |
| 88 SECKEYPublicKey* public_key = DecodePublicKeyInfo(public_key_info, | 99 SECKEYPublicKey* public_key = DecodePublicKeyInfo(public_key_info, |
| 89 public_key_info_len); | 100 public_key_info_len); |
| 90 if (!public_key) | 101 if (!public_key) |
| 91 return false; | 102 return false; |
| 92 | 103 |
| 93 PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | |
| 94 if (!arena) { | |
| 95 SECKEY_DestroyPublicKey(public_key); | |
| 96 return false; | |
| 97 } | |
| 98 | |
| 99 SECItem sig_alg_der; | |
| 100 sig_alg_der.type = siBuffer; | |
| 101 sig_alg_der.data = const_cast<uint8_t*>(signature_algorithm); | |
| 102 sig_alg_der.len = signature_algorithm_len; | |
| 103 SECAlgorithmID sig_alg_id; | |
| 104 SECStatus rv; | |
| 105 rv = SEC_QuickDERDecodeItem(arena, &sig_alg_id, | |
| 106 SEC_ASN1_GET(SECOID_AlgorithmIDTemplate), | |
| 107 &sig_alg_der); | |
| 108 if (rv != SECSuccess) { | |
| 109 SECKEY_DestroyPublicKey(public_key); | |
| 110 PORT_FreeArena(arena, PR_TRUE); | |
| 111 return false; | |
| 112 } | |
| 113 | |
| 114 SECItem sig; | 104 SECItem sig; |
| 115 sig.type = siBuffer; | 105 sig.type = siBuffer; |
| 116 sig.data = const_cast<uint8_t*>(signature); | 106 sig.data = const_cast<uint8_t*>(signature); |
| 117 sig.len = signature_len; | 107 sig.len = signature_len; |
| 118 SECOidTag hash_alg_tag; | 108 vfy_context_ = VFY_CreateContext( |
| 119 vfy_context_ = VFY_CreateContextWithAlgorithmID(public_key, &sig, | 109 public_key, &sig, ToNSSSignatureType(signature_algorithm), nullptr); |
| 120 &sig_alg_id, &hash_alg_tag, | |
| 121 NULL); | |
| 122 SECKEY_DestroyPublicKey(public_key); // Done with public_key. | 110 SECKEY_DestroyPublicKey(public_key); // Done with public_key. |
| 123 PORT_FreeArena(arena, PR_TRUE); // Done with sig_alg_id. | |
| 124 if (!vfy_context_) { | 111 if (!vfy_context_) { |
| 125 // A corrupted RSA signature could be detected without the data, so | 112 // A corrupted RSA signature could be detected without the data, so |
| 126 // VFY_CreateContextWithAlgorithmID may fail with SEC_ERROR_BAD_SIGNATURE | 113 // VFY_CreateContextWithAlgorithmID may fail with SEC_ERROR_BAD_SIGNATURE |
| 127 // (-8182). | 114 // (-8182). |
| 128 return false; | 115 return false; |
| 129 } | 116 } |
| 130 | 117 |
| 131 rv = VFY_Begin(vfy_context_); | 118 if (VFY_Begin(vfy_context_) != SECSuccess) { |
| 132 if (rv != SECSuccess) { | |
| 133 NOTREACHED(); | 119 NOTREACHED(); |
| 134 return false; | 120 return false; |
| 135 } | 121 } |
| 136 return true; | 122 return true; |
| 137 } | 123 } |
| 138 | 124 |
| 139 bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg, | 125 bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg, |
| 140 HashAlgorithm mask_hash_alg, | 126 HashAlgorithm mask_hash_alg, |
| 141 int salt_len, | 127 int salt_len, |
| 142 const uint8_t* signature, | 128 const uint8_t* signature, |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 218 hash_context_ = NULL; | 204 hash_context_ = NULL; |
| 219 } | 205 } |
| 220 if (public_key_) { | 206 if (public_key_) { |
| 221 SECKEY_DestroyPublicKey(public_key_); | 207 SECKEY_DestroyPublicKey(public_key_); |
| 222 public_key_ = NULL; | 208 public_key_ = NULL; |
| 223 } | 209 } |
| 224 signature_.clear(); | 210 signature_.clear(); |
| 225 } | 211 } |
| 226 | 212 |
| 227 } // namespace crypto | 213 } // namespace crypto |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1679873005:
Switch SignatureVerifier to taking an algorithm enum. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master