Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(392)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: crypto/signature_verifier_openssl.cc

Issue 1909513003: Rename crypto/ *_openssl files (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « crypto/signature_verifier.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "crypto/signature_verifier.h"
6
7 #include <openssl/bytestring.h>
8 #include <openssl/digest.h>
9 #include <openssl/evp.h>
10 #include <stdint.h>
11
12 #include <memory>
13 #include <vector>
14
15 #include "base/logging.h"
16 #include "crypto/openssl_util.h"
17 #include "crypto/scoped_openssl_types.h"
18
19 namespace crypto {
20
21 namespace {
22
23 const EVP_MD* ToOpenSSLDigest(SignatureVerifier::HashAlgorithm hash_alg) {
24 switch (hash_alg) {
25 case SignatureVerifier::SHA1:
26 return EVP_sha1();
27 case SignatureVerifier::SHA256:
28 return EVP_sha256();
29 }
30 return NULL;
31 }
32
33 } // namespace
34
35 struct SignatureVerifier::VerifyContext {
36 ScopedEVP_MD_CTX ctx;
37 };
38
39 SignatureVerifier::SignatureVerifier()
40 : verify_context_(NULL) {
41 }
42
43 SignatureVerifier::~SignatureVerifier() {
44 Reset();
45 }
46
47 bool SignatureVerifier::VerifyInit(SignatureAlgorithm signature_algorithm,
48 const uint8_t* signature,
49 int signature_len,
50 const uint8_t* public_key_info,
51 int public_key_info_len) {
52 int pkey_type = EVP_PKEY_NONE;
53 const EVP_MD* digest = nullptr;
54 switch (signature_algorithm) {
55 case RSA_PKCS1_SHA1:
56 pkey_type = EVP_PKEY_RSA;
57 digest = EVP_sha1();
58 break;
59 case RSA_PKCS1_SHA256:
60 pkey_type = EVP_PKEY_RSA;
61 digest = EVP_sha256();
62 break;
63 case ECDSA_SHA256:
64 pkey_type = EVP_PKEY_EC;
65 digest = EVP_sha256();
66 break;
67 }
68 DCHECK_NE(EVP_PKEY_NONE, pkey_type);
69 DCHECK(digest);
70
71 return CommonInit(pkey_type, digest, signature, signature_len,
72 public_key_info, public_key_info_len, nullptr);
73 }
74
75 bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg,
76 HashAlgorithm mask_hash_alg,
77 int salt_len,
78 const uint8_t* signature,
79 int signature_len,
80 const uint8_t* public_key_info,
81 int public_key_info_len) {
82 OpenSSLErrStackTracer err_tracer(FROM_HERE);
83 const EVP_MD* const digest = ToOpenSSLDigest(hash_alg);
84 DCHECK(digest);
85 if (!digest) {
86 return false;
87 }
88
89 EVP_PKEY_CTX* pkey_ctx;
90 if (!CommonInit(EVP_PKEY_RSA, digest, signature, signature_len,
91 public_key_info, public_key_info_len, &pkey_ctx)) {
92 return false;
93 }
94
95 int rv = EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING);
96 if (rv != 1)
97 return false;
98 const EVP_MD* const mgf_digest = ToOpenSSLDigest(mask_hash_alg);
99 DCHECK(mgf_digest);
100 if (!mgf_digest) {
101 return false;
102 }
103 return EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, mgf_digest) &&
104 EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len);
105 }
106
107 void SignatureVerifier::VerifyUpdate(const uint8_t* data_part,
108 int data_part_len) {
109 DCHECK(verify_context_);
110 OpenSSLErrStackTracer err_tracer(FROM_HERE);
111 int rv = EVP_DigestVerifyUpdate(verify_context_->ctx.get(),
112 data_part, data_part_len);
113 DCHECK_EQ(rv, 1);
114 }
115
116 bool SignatureVerifier::VerifyFinal() {
117 DCHECK(verify_context_);
118 OpenSSLErrStackTracer err_tracer(FROM_HERE);
119 int rv = EVP_DigestVerifyFinal(verify_context_->ctx.get(), signature_.data(),
120 signature_.size());
121 DCHECK_EQ(static_cast<int>(!!rv), rv);
122 Reset();
123 return rv == 1;
124 }
125
126 bool SignatureVerifier::CommonInit(int pkey_type,
127 const EVP_MD* digest,
128 const uint8_t* signature,
129 int signature_len,
130 const uint8_t* public_key_info,
131 int public_key_info_len,
132 EVP_PKEY_CTX** pkey_ctx) {
133 if (verify_context_)
134 return false;
135
136 verify_context_ = new VerifyContext;
137
138 signature_.assign(signature, signature + signature_len);
139
140 CBS cbs;
141 CBS_init(&cbs, public_key_info, public_key_info_len);
142 ScopedEVP_PKEY public_key(EVP_parse_public_key(&cbs));
143 if (!public_key || CBS_len(&cbs) != 0 ||
144 EVP_PKEY_id(public_key.get()) != pkey_type) {
145 return false;
146 }
147
148 verify_context_->ctx.reset(EVP_MD_CTX_create());
149 int rv = EVP_DigestVerifyInit(verify_context_->ctx.get(), pkey_ctx,
150 digest, nullptr, public_key.get());
151 return rv == 1;
152 }
153
154 void SignatureVerifier::Reset() {
155 delete verify_context_;
156 verify_context_ = NULL;
157 signature_.clear();
158 }
159
160 } // namespace crypto
OLDNEW
« no previous file with comments | « crypto/signature_verifier.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698