Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(373)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: crypto/signature_verifier_openssl.cc

Issue 17385010: OpenSSL/NSS implementation of ProofVerfifier. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: added quic_ in front of all QUIC specific .crt file names and added them to net/ssl/certificates Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « crypto/ec_signature_creator_unittest.cc ('k') | net/data/ssl/certificates/README » ('j') | net/data/ssl/certificates/README » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "crypto/signature_verifier.h" 5 #include "crypto/signature_verifier.h"
6 6
7 #include <openssl/evp.h> 7 #include <openssl/evp.h>
8 #include <openssl/x509.h> 8 #include <openssl/x509.h>
9 9
10 #include <vector> 10 #include <vector>
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after
46 int signature_algorithm_len, 46 int signature_algorithm_len,
47 const uint8* signature, 47 const uint8* signature,
48 int signature_len, 48 int signature_len,
49 const uint8* public_key_info, 49 const uint8* public_key_info,
50 int public_key_info_len) { 50 int public_key_info_len) {
51 OpenSSLErrStackTracer err_tracer(FROM_HERE); 51 OpenSSLErrStackTracer err_tracer(FROM_HERE);
52 ScopedOpenSSL<X509_ALGOR, X509_ALGOR_free> algorithm( 52 ScopedOpenSSL<X509_ALGOR, X509_ALGOR_free> algorithm(
53 d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len)); 53 d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len));
54 if (!algorithm.get()) 54 if (!algorithm.get())
55 return false; 55 return false;
56 const EVP_MD* digest = EVP_get_digestbyobj(algorithm.get()->algorithm); 56 int nid = OBJ_obj2nid(algorithm.get()->algorithm);
57 const EVP_MD* digest;
58 if (nid == NID_ecdsa_with_SHA1) {
59 digest = EVP_sha1();
60 } else if (nid == NID_ecdsa_with_SHA256) {
61 digest = EVP_sha256();
62 } else {
63 // This works for PKCS #1 v1.5 RSA signatures, but not for ECDSA
64 // signatures.
65 digest = EVP_get_digestbyobj(algorithm.get()->algorithm);
66 }
57 if (!digest) 67 if (!digest)
58 return false; 68 return false;
59 69
60 return CommonInit(digest, signature, signature_len, public_key_info, 70 return CommonInit(digest, signature, signature_len, public_key_info,
61 public_key_info_len, NULL); 71 public_key_info_len, NULL);
62 } 72 }
63 73
64 bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg, 74 bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg,
65 HashAlgorithm mask_hash_alg, 75 HashAlgorithm mask_hash_alg,
66 int salt_len, 76 int salt_len,
(...skipping 30 matching lines...) Expand all
97 data_part, data_part_len); 107 data_part, data_part_len);
98 DCHECK_EQ(rv, 1); 108 DCHECK_EQ(rv, 1);
99 } 109 }
100 110
101 bool SignatureVerifier::VerifyFinal() { 111 bool SignatureVerifier::VerifyFinal() {
102 DCHECK(verify_context_); 112 DCHECK(verify_context_);
103 OpenSSLErrStackTracer err_tracer(FROM_HERE); 113 OpenSSLErrStackTracer err_tracer(FROM_HERE);
104 int rv = EVP_DigestVerifyFinal(verify_context_->ctx.get(), 114 int rv = EVP_DigestVerifyFinal(verify_context_->ctx.get(),
105 vector_as_array(&signature_), 115 vector_as_array(&signature_),
106 signature_.size()); 116 signature_.size());
107 DCHECK_GE(rv, 0); 117 // rv is -1 if a DER-encoded ECDSA signature cannot be decoded correctly.
118 DCHECK_GE(rv, -1);
108 Reset(); 119 Reset();
109 return rv == 1; 120 return rv == 1;
110 } 121 }
111 122
112 bool SignatureVerifier::CommonInit(const EVP_MD* digest, 123 bool SignatureVerifier::CommonInit(const EVP_MD* digest,
113 const uint8* signature, 124 const uint8* signature,
114 int signature_len, 125 int signature_len,
115 const uint8* public_key_info, 126 const uint8* public_key_info,
116 int public_key_info_len, 127 int public_key_info_len,
117 EVP_PKEY_CTX** pkey_ctx) { 128 EVP_PKEY_CTX** pkey_ctx) {
(...skipping 22 matching lines...) Expand all
140 return rv == 1; 151 return rv == 1;
141 } 152 }
142 153
143 void SignatureVerifier::Reset() { 154 void SignatureVerifier::Reset() {
144 delete verify_context_; 155 delete verify_context_;
145 verify_context_ = NULL; 156 verify_context_ = NULL;
146 signature_.clear(); 157 signature_.clear();
147 } 158 }
148 159
149 } // namespace crypto 160 } // namespace crypto
OLDNEW
« no previous file with comments | « crypto/ec_signature_creator_unittest.cc ('k') | net/data/ssl/certificates/README » ('j') | net/data/ssl/certificates/README » ('J')

Powered by Google App Engine
This is Rietveld 408576698