| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/core/crypto/channel_id.h" | 5 #include "net/quic/core/crypto/channel_id.h" |
| 6 | 6 |
| 7 #include <openssl/bn.h> | 7 #include <openssl/bn.h> |
| 8 #include <openssl/ec.h> | 8 #include <openssl/ec.h> |
| 9 #include <openssl/ec_key.h> |
| 9 #include <openssl/ecdsa.h> | 10 #include <openssl/ecdsa.h> |
| 10 #include <openssl/obj_mac.h> | 11 #include <openssl/nid.h> |
| 11 #include <openssl/sha.h> | 12 #include <openssl/sha.h> |
| 12 | 13 |
| 13 #include "crypto/openssl_util.h" | 14 #include "crypto/openssl_util.h" |
| 14 #include "crypto/scoped_openssl_types.h" | |
| 15 | 15 |
| 16 using base::StringPiece; | 16 using base::StringPiece; |
| 17 | 17 |
| 18 namespace net { | 18 namespace net { |
| 19 | 19 |
| 20 // static | 20 // static |
| 21 const char ChannelIDVerifier::kContextStr[] = "QUIC ChannelID"; | 21 const char ChannelIDVerifier::kContextStr[] = "QUIC ChannelID"; |
| 22 // static | 22 // static |
| 23 const char ChannelIDVerifier::kClientToServerStr[] = "client -> server"; | 23 const char ChannelIDVerifier::kClientToServerStr[] = "client -> server"; |
| 24 | 24 |
| 25 // static | 25 // static |
| 26 bool ChannelIDVerifier::Verify(StringPiece key, | 26 bool ChannelIDVerifier::Verify(StringPiece key, |
| 27 StringPiece signed_data, | 27 StringPiece signed_data, |
| 28 StringPiece signature) { | 28 StringPiece signature) { |
| 29 return VerifyRaw(key, signed_data, signature, true); | 29 return VerifyRaw(key, signed_data, signature, true); |
| 30 } | 30 } |
| 31 | 31 |
| 32 // static | 32 // static |
| 33 bool ChannelIDVerifier::VerifyRaw(StringPiece key, | 33 bool ChannelIDVerifier::VerifyRaw(StringPiece key, |
| 34 StringPiece signed_data, | 34 StringPiece signed_data, |
| 35 StringPiece signature, | 35 StringPiece signature, |
| 36 bool is_channel_id_signature) { | 36 bool is_channel_id_signature) { |
| 37 if (key.size() != 32 * 2 || signature.size() != 32 * 2) { | 37 if (key.size() != 32 * 2 || signature.size() != 32 * 2) { |
| 38 return false; | 38 return false; |
| 39 } | 39 } |
| 40 | 40 |
| 41 crypto::ScopedEC_GROUP p256(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); | 41 bssl::UniquePtr<EC_GROUP> p256( |
| 42 EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); |
| 42 if (!p256) { | 43 if (!p256) { |
| 43 return false; | 44 return false; |
| 44 } | 45 } |
| 45 | 46 |
| 46 crypto::ScopedBIGNUM x(BN_new()), y(BN_new()), r(BN_new()), s(BN_new()); | 47 bssl::UniquePtr<BIGNUM> x(BN_new()), y(BN_new()), r(BN_new()), s(BN_new()); |
| 47 | 48 |
| 48 ECDSA_SIG sig; | 49 ECDSA_SIG sig; |
| 49 sig.r = r.get(); | 50 sig.r = r.get(); |
| 50 sig.s = s.get(); | 51 sig.s = s.get(); |
| 51 | 52 |
| 52 const uint8_t* key_bytes = reinterpret_cast<const uint8_t*>(key.data()); | 53 const uint8_t* key_bytes = reinterpret_cast<const uint8_t*>(key.data()); |
| 53 const uint8_t* signature_bytes = | 54 const uint8_t* signature_bytes = |
| 54 reinterpret_cast<const uint8_t*>(signature.data()); | 55 reinterpret_cast<const uint8_t*>(signature.data()); |
| 55 | 56 |
| 56 if (BN_bin2bn(key_bytes + 0, 32, x.get()) == nullptr || | 57 if (BN_bin2bn(key_bytes + 0, 32, x.get()) == nullptr || |
| 57 BN_bin2bn(key_bytes + 32, 32, y.get()) == nullptr || | 58 BN_bin2bn(key_bytes + 32, 32, y.get()) == nullptr || |
| 58 BN_bin2bn(signature_bytes + 0, 32, sig.r) == nullptr || | 59 BN_bin2bn(signature_bytes + 0, 32, sig.r) == nullptr || |
| 59 BN_bin2bn(signature_bytes + 32, 32, sig.s) == nullptr) { | 60 BN_bin2bn(signature_bytes + 32, 32, sig.s) == nullptr) { |
| 60 return false; | 61 return false; |
| 61 } | 62 } |
| 62 | 63 |
| 63 crypto::ScopedEC_POINT point(EC_POINT_new(p256.get())); | 64 bssl::UniquePtr<EC_POINT> point(EC_POINT_new(p256.get())); |
| 64 if (!point || | 65 if (!point || |
| 65 !EC_POINT_set_affine_coordinates_GFp(p256.get(), point.get(), x.get(), | 66 !EC_POINT_set_affine_coordinates_GFp(p256.get(), point.get(), x.get(), |
| 66 y.get(), nullptr)) { | 67 y.get(), nullptr)) { |
| 67 return false; | 68 return false; |
| 68 } | 69 } |
| 69 | 70 |
| 70 crypto::ScopedEC_KEY ecdsa_key(EC_KEY_new()); | 71 bssl::UniquePtr<EC_KEY> ecdsa_key(EC_KEY_new()); |
| 71 if (ecdsa_key.get() == nullptr || | 72 if (ecdsa_key.get() == nullptr || |
| 72 !EC_KEY_set_group(ecdsa_key.get(), p256.get()) || | 73 !EC_KEY_set_group(ecdsa_key.get(), p256.get()) || |
| 73 !EC_KEY_set_public_key(ecdsa_key.get(), point.get())) { | 74 !EC_KEY_set_public_key(ecdsa_key.get(), point.get())) { |
| 74 return false; | 75 return false; |
| 75 } | 76 } |
| 76 | 77 |
| 77 SHA256_CTX sha256; | 78 SHA256_CTX sha256; |
| 78 SHA256_Init(&sha256); | 79 SHA256_Init(&sha256); |
| 79 if (is_channel_id_signature) { | 80 if (is_channel_id_signature) { |
| 80 SHA256_Update(&sha256, kContextStr, strlen(kContextStr) + 1); | 81 SHA256_Update(&sha256, kContextStr, strlen(kContextStr) + 1); |
| 81 SHA256_Update(&sha256, kClientToServerStr, strlen(kClientToServerStr) + 1); | 82 SHA256_Update(&sha256, kClientToServerStr, strlen(kClientToServerStr) + 1); |
| 82 } | 83 } |
| 83 SHA256_Update(&sha256, signed_data.data(), signed_data.size()); | 84 SHA256_Update(&sha256, signed_data.data(), signed_data.size()); |
| 84 | 85 |
| 85 unsigned char digest[SHA256_DIGEST_LENGTH]; | 86 unsigned char digest[SHA256_DIGEST_LENGTH]; |
| 86 SHA256_Final(digest, &sha256); | 87 SHA256_Final(digest, &sha256); |
| 87 | 88 |
| 88 return ECDSA_do_verify(digest, sizeof(digest), &sig, ecdsa_key.get()) == 1; | 89 return ECDSA_do_verify(digest, sizeof(digest), &sig, ecdsa_key.get()) == 1; |
| 89 } | 90 } |
| 90 | 91 |
| 91 } // namespace net | 92 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2400033005:
Use BoringSSL scopers in //net. (Closed)
