net/cert/ct_log_verifier_openssl.cc - Issue 1918903002: Rename net/ _openssl files

Side by Side Diff: net/cert/ct_log_verifier_openssl.cc

Issue 1918903002: Rename net/ _openssl files (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fix unused method. Created 4 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
	(Empty)
1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #include "net/cert/ct_log_verifier.h"

6

7 #include <openssl/bytestring.h>

8 #include <openssl/evp.h>

9

10 #include "base/logging.h"

11 #include "crypto/openssl_util.h"

12 #include "crypto/scoped_openssl_types.h"

13 #include "crypto/sha2.h"

14 #include "net/cert/signed_tree_head.h"

15

16 namespace net {

17

18 namespace {

19

20 const EVP_MD* GetEvpAlg(ct::DigitallySigned::HashAlgorithm alg) {

21 switch (alg) {

22 case ct::DigitallySigned::HASH_ALGO_MD5:

23 return EVP_md5();

24 case ct::DigitallySigned::HASH_ALGO_SHA1:

25 return EVP_sha1();

26 case ct::DigitallySigned::HASH_ALGO_SHA224:

27 return EVP_sha224();

28 case ct::DigitallySigned::HASH_ALGO_SHA256:

29 return EVP_sha256();

30 case ct::DigitallySigned::HASH_ALGO_SHA384:

31 return EVP_sha384();

32 case ct::DigitallySigned::HASH_ALGO_SHA512:

33 return EVP_sha512();

34 case ct::DigitallySigned::HASH_ALGO_NONE:

35 default:

36 NOTREACHED();

37 return NULL;

38 }

39 }

40

41 } // namespace

42

43 CTLogVerifier::~CTLogVerifier() {

44 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

45

46 if (public_key_)

47 EVP_PKEY_free(public_key_);

48 }

49

50 bool CTLogVerifier::Init(const base::StringPiece& public_key) {

51 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

52

53 CBS cbs;

54 CBS_init(&cbs, reinterpret_cast<const uint8_t*>(public_key.data()),

55 public_key.size());

56 public_key_ = EVP_parse_public_key(&cbs);

57 if (!public_key_ \|\| CBS_len(&cbs) != 0)

58 return false;

59

60 key_id_ = crypto::SHA256HashString(public_key);

61

62 // Right now, only RSASSA-PKCS1v15 with SHA-256 and ECDSA with SHA-256 are

63 // supported.

64 switch (EVP_PKEY_type(public_key_->type)) {

65 case EVP_PKEY_RSA:

66 hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;

67 signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_RSA;

68 break;

69 case EVP_PKEY_EC:

70 hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;

71 signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_ECDSA;

72 break;

73 default:

74 DVLOG(1) << "Unsupported key type: " << EVP_PKEY_type(public_key_->type);

75 return false;

76 }

77

78 // Extra sanity check: Require RSA keys of at least 2048 bits.

79 // EVP_PKEY_size returns the size in bytes. 256 = 2048-bit RSA key.

80 if (signature_algorithm_ == ct::DigitallySigned::SIG_ALGO_RSA &&

81 EVP_PKEY_size(public_key_) < 256) {

82 DVLOG(1) << "Too small a public key.";

83 return false;

84 }

85

86 return true;

87 }

88

89 bool CTLogVerifier::VerifySignature(const base::StringPiece& data_to_sign,

90 const base::StringPiece& signature) const {

91 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

92

93 const EVP_MD* hash_alg = GetEvpAlg(hash_algorithm_);

94 if (hash_alg == NULL)

95 return false;

96

97 EVP_MD_CTX ctx;

98 EVP_MD_CTX_init(&ctx);

99

100 bool ok = (

101 1 == EVP_DigestVerifyInit(&ctx, NULL, hash_alg, NULL, public_key_) &&

102 1 == EVP_DigestVerifyUpdate(

103 &ctx, data_to_sign.data(), data_to_sign.size()) &&

104 1 == EVP_DigestVerifyFinal(

105 &ctx,

106 reinterpret_cast<const uint8_t*>(signature.data()),

107 signature.size()));

108

109 EVP_MD_CTX_cleanup(&ctx);

110 return ok;

111 }

112

113 } // namespace net

OLD	NEW

« no previous file with comments | « net/cert/ct_log_verifier.cc ('k') | net/cert/ct_objects_extractor.cc » ('j') | no next file with comments »