| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <openssl/digest.h> |
| 6 #include <openssl/evp.h> |
| 7 #include <openssl/rsa.h> |
| 5 #include <stddef.h> | 8 #include <stddef.h> |
| 6 | 9 |
| 7 #include "base/numerics/safe_math.h" | 10 #include "base/numerics/safe_math.h" |
| 8 #include "components/webcrypto/algorithms/rsa_sign.h" | 11 #include "components/webcrypto/algorithms/rsa_sign.h" |
| 9 #include "components/webcrypto/algorithms/util.h" | 12 #include "components/webcrypto/algorithms/util.h" |
| 10 #include "components/webcrypto/blink_key_handle.h" | 13 #include "components/webcrypto/blink_key_handle.h" |
| 11 #include "components/webcrypto/crypto_data.h" | 14 #include "components/webcrypto/crypto_data.h" |
| 12 #include "components/webcrypto/status.h" | 15 #include "components/webcrypto/status.h" |
| 13 #include "crypto/openssl_util.h" | 16 #include "crypto/openssl_util.h" |
| 14 #include "crypto/scoped_openssl_types.h" | |
| 15 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" | 17 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" |
| 16 | 18 |
| 17 namespace webcrypto { | 19 namespace webcrypto { |
| 18 | 20 |
| 19 namespace { | 21 namespace { |
| 20 | 22 |
| 21 // Extracts the OpenSSL key and digest from a WebCrypto key. The returned | 23 // Extracts the OpenSSL key and digest from a WebCrypto key. The returned |
| 22 // pointers will remain valid as long as |key| is alive. | 24 // pointers will remain valid as long as |key| is alive. |
| 23 Status GetPKeyAndDigest(const blink::WebCryptoKey& key, | 25 Status GetPKeyAndDigest(const blink::WebCryptoKey& key, |
| 24 EVP_PKEY** pkey, | 26 EVP_PKEY** pkey, |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 67 } // namespace | 69 } // namespace |
| 68 | 70 |
| 69 Status RsaSign(const blink::WebCryptoKey& key, | 71 Status RsaSign(const blink::WebCryptoKey& key, |
| 70 unsigned int pss_salt_length_bytes, | 72 unsigned int pss_salt_length_bytes, |
| 71 const CryptoData& data, | 73 const CryptoData& data, |
| 72 std::vector<uint8_t>* buffer) { | 74 std::vector<uint8_t>* buffer) { |
| 73 if (key.type() != blink::WebCryptoKeyTypePrivate) | 75 if (key.type() != blink::WebCryptoKeyTypePrivate) |
| 74 return Status::ErrorUnexpectedKeyType(); | 76 return Status::ErrorUnexpectedKeyType(); |
| 75 | 77 |
| 76 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 78 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 77 crypto::ScopedEVP_MD_CTX ctx(EVP_MD_CTX_create()); | 79 bssl::ScopedEVP_MD_CTX ctx; |
| 78 EVP_PKEY_CTX* pctx = NULL; // Owned by |ctx|. | 80 EVP_PKEY_CTX* pctx = NULL; // Owned by |ctx|. |
| 79 | 81 |
| 80 EVP_PKEY* private_key = NULL; | 82 EVP_PKEY* private_key = NULL; |
| 81 const EVP_MD* digest = NULL; | 83 const EVP_MD* digest = NULL; |
| 82 Status status = GetPKeyAndDigest(key, &private_key, &digest); | 84 Status status = GetPKeyAndDigest(key, &private_key, &digest); |
| 83 if (status.IsError()) | 85 if (status.IsError()) |
| 84 return status; | 86 return status; |
| 85 | 87 |
| 86 // NOTE: A call to EVP_DigestSignFinal() with a NULL second parameter | 88 // NOTE: A call to EVP_DigestSignFinal() with a NULL second parameter |
| 87 // returns a maximum allocation size, while the call without a NULL returns | 89 // returns a maximum allocation size, while the call without a NULL returns |
| 88 // the real one, which may be smaller. | 90 // the real one, which may be smaller. |
| 89 size_t sig_len = 0; | 91 size_t sig_len = 0; |
| 90 if (!ctx.get() || | 92 if (!EVP_DigestSignInit(ctx.get(), &pctx, digest, NULL, private_key)) { |
| 91 !EVP_DigestSignInit(ctx.get(), &pctx, digest, NULL, private_key)) { | |
| 92 return Status::OperationError(); | 93 return Status::OperationError(); |
| 93 } | 94 } |
| 94 | 95 |
| 95 // Set PSS-specific options (if applicable). | 96 // Set PSS-specific options (if applicable). |
| 96 status = ApplyRsaPssOptions(key, digest, pss_salt_length_bytes, pctx); | 97 status = ApplyRsaPssOptions(key, digest, pss_salt_length_bytes, pctx); |
| 97 if (status.IsError()) | 98 if (status.IsError()) |
| 98 return status; | 99 return status; |
| 99 | 100 |
| 100 if (!EVP_DigestSignUpdate(ctx.get(), data.bytes(), data.byte_length()) || | 101 if (!EVP_DigestSignUpdate(ctx.get(), data.bytes(), data.byte_length()) || |
| 101 !EVP_DigestSignFinal(ctx.get(), NULL, &sig_len)) { | 102 !EVP_DigestSignFinal(ctx.get(), NULL, &sig_len)) { |
| (...skipping 10 matching lines...) Expand all Loading... |
| 112 | 113 |
| 113 Status RsaVerify(const blink::WebCryptoKey& key, | 114 Status RsaVerify(const blink::WebCryptoKey& key, |
| 114 unsigned int pss_salt_length_bytes, | 115 unsigned int pss_salt_length_bytes, |
| 115 const CryptoData& signature, | 116 const CryptoData& signature, |
| 116 const CryptoData& data, | 117 const CryptoData& data, |
| 117 bool* signature_match) { | 118 bool* signature_match) { |
| 118 if (key.type() != blink::WebCryptoKeyTypePublic) | 119 if (key.type() != blink::WebCryptoKeyTypePublic) |
| 119 return Status::ErrorUnexpectedKeyType(); | 120 return Status::ErrorUnexpectedKeyType(); |
| 120 | 121 |
| 121 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 122 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 122 crypto::ScopedEVP_MD_CTX ctx(EVP_MD_CTX_create()); | 123 bssl::ScopedEVP_MD_CTX ctx; |
| 123 EVP_PKEY_CTX* pctx = NULL; // Owned by |ctx|. | 124 EVP_PKEY_CTX* pctx = NULL; // Owned by |ctx|. |
| 124 | 125 |
| 125 EVP_PKEY* public_key = NULL; | 126 EVP_PKEY* public_key = NULL; |
| 126 const EVP_MD* digest = NULL; | 127 const EVP_MD* digest = NULL; |
| 127 Status status = GetPKeyAndDigest(key, &public_key, &digest); | 128 Status status = GetPKeyAndDigest(key, &public_key, &digest); |
| 128 if (status.IsError()) | 129 if (status.IsError()) |
| 129 return status; | 130 return status; |
| 130 | 131 |
| 131 if (!EVP_DigestVerifyInit(ctx.get(), &pctx, digest, NULL, public_key)) | 132 if (!EVP_DigestVerifyInit(ctx.get(), &pctx, digest, NULL, public_key)) |
| 132 return Status::OperationError(); | 133 return Status::OperationError(); |
| 133 | 134 |
| 134 // Set PSS-specific options (if applicable). | 135 // Set PSS-specific options (if applicable). |
| 135 status = ApplyRsaPssOptions(key, digest, pss_salt_length_bytes, pctx); | 136 status = ApplyRsaPssOptions(key, digest, pss_salt_length_bytes, pctx); |
| 136 if (status.IsError()) | 137 if (status.IsError()) |
| 137 return status; | 138 return status; |
| 138 | 139 |
| 139 if (!EVP_DigestVerifyUpdate(ctx.get(), data.bytes(), data.byte_length())) | 140 if (!EVP_DigestVerifyUpdate(ctx.get(), data.bytes(), data.byte_length())) |
| 140 return Status::OperationError(); | 141 return Status::OperationError(); |
| 141 | 142 |
| 142 *signature_match = 1 == EVP_DigestVerifyFinal(ctx.get(), signature.bytes(), | 143 *signature_match = 1 == EVP_DigestVerifyFinal(ctx.get(), signature.bytes(), |
| 143 signature.byte_length()); | 144 signature.byte_length()); |
| 144 return Status::Success(); | 145 return Status::Success(); |
| 145 } | 146 } |
| 146 | 147 |
| 147 } // namespace webcrypto | 148 } // namespace webcrypto |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2407633002:
Use new BoringSSL scopers in //components. (Closed)
