OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "crypto/ec_signature_creator_impl.h" | 5 #include "crypto/ec_signature_creator_impl.h" |
6 | 6 |
7 #include <openssl/bn.h> | |
8 #include <openssl/ec.h> | |
9 #include <openssl/ecdsa.h> | |
10 #include <openssl/evp.h> | |
11 #include <openssl/sha.h> | |
12 | |
7 #include "base/logging.h" | 13 #include "base/logging.h" |
14 #include "crypto/ec_private_key.h" | |
15 #include "crypto/openssl_util.h" | |
8 | 16 |
9 namespace crypto { | 17 namespace crypto { |
10 | 18 |
11 ECSignatureCreatorImpl::ECSignatureCreatorImpl(ECPrivateKey* key) | 19 ECSignatureCreatorImpl::ECSignatureCreatorImpl(ECPrivateKey* key) |
12 : key_(key) { | 20 : key_(key), signature_len_(0) { |
13 NOTIMPLEMENTED(); | 21 EnsureOpenSSLInit(); |
14 } | 22 } |
15 | 23 |
16 ECSignatureCreatorImpl::~ECSignatureCreatorImpl() {} | 24 ECSignatureCreatorImpl::~ECSignatureCreatorImpl() {} |
17 | 25 |
18 bool ECSignatureCreatorImpl::Sign(const uint8* data, | 26 bool ECSignatureCreatorImpl::Sign(const uint8* data, |
19 int data_len, | 27 int data_len, |
20 std::vector<uint8>* signature) { | 28 std::vector<uint8>* signature) { |
21 NOTIMPLEMENTED(); | 29 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
22 return false; | 30 // OpenSSL provides APIs to perform hashing + signing directly, but the |
31 // result is a byte string that cannot be easily converted into the required | |
32 // output format. To work-around this, perform the operations separately. | |
agl
2013/10/15 15:00:08
The output format of this function is a DER encode
digit1
2013/10/15 15:41:52
I must admit that the documentation for these func
| |
33 | |
34 // First, compute the SHA-256 hash of the input data. | |
35 // Don't use SHA256(), while convenient, it uses a static global buffer | |
36 // and thus isn't thread-safe :-( | |
37 SHA256_CTX hash_ctx; | |
38 unsigned char digest[SHA256_DIGEST_LENGTH]; | |
39 if (!SHA256_Init(&hash_ctx) || !SHA256_Update(&hash_ctx, data, data_len) || | |
agl
2013/10/15 15:00:08
The three terms of the disjunction should each hav
digit1
2013/10/15 15:41:52
That was the output of "git cl format" :-/ Not rel
| |
40 !SHA256_Final(digest, &hash_ctx)) | |
41 return false; | |
42 | |
43 // Sign it with our key, then encode it directly. | |
44 ScopedOpenSSL<EC_KEY, EC_KEY_free> ec_key(EVP_PKEY_get1_EC_KEY(key_->key())); | |
45 if (!ec_key.get()) | |
46 return false; | |
47 | |
48 signature->resize(ECDSA_size(ec_key.get())); | |
49 | |
50 unsigned int siglen = 0; | |
51 if (!ECDSA_sign_ex(0 /* type - ignored */, | |
52 digest, | |
53 static_cast<int>(sizeof(digest)), | |
54 &(*signature)[0], | |
55 &siglen, | |
56 NULL /* kinv - optional */, | |
57 NULL /* rp - optional */, | |
58 ec_key.get())) | |
59 return false; | |
60 | |
61 return true; | |
23 } | 62 } |
24 | 63 |
25 bool ECSignatureCreatorImpl::DecodeSignature(const std::vector<uint8>& der_sig, | 64 bool ECSignatureCreatorImpl::DecodeSignature(const std::vector<uint8>& der_sig, |
26 std::vector<uint8>* out_raw_sig) { | 65 std::vector<uint8>* out_raw_sig) { |
27 NOTIMPLEMENTED(); | 66 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
28 return false; | 67 // Create ECDSA_SIG object from DER-encoded data. |
68 const unsigned char* der_data = | |
69 reinterpret_cast<const unsigned char*>(der_sig.front()); | |
70 ScopedOpenSSL<ECDSA_SIG, ECDSA_SIG_free> ecdsa_sig( | |
71 d2i_ECDSA_SIG(NULL, &der_data, static_cast<long>(der_sig.size()))); | |
72 if (!ecdsa_sig.get()) | |
73 return false; | |
74 | |
75 // The result is made of two 256-bit vectors. | |
76 const size_t kMaxBitsPerBN = 256; | |
77 const size_t kMaxBytesPerBN = (kMaxBitsPerBN + 7) / 8; | |
78 std::vector<uint8> result; | |
79 result.resize(2 * kMaxBytesPerBN); | |
80 memset(&result[0], 0, result.size()); | |
81 | |
82 // NOTE: Can't really check for equality here since sometimes the value | |
83 // returned by BN_num_bytes() will be slightly smaller than kMaxBytesPerBN. | |
84 if (BN_num_bytes(ecdsa_sig.get()->r) > kMaxBytesPerBN || | |
85 BN_num_bytes(ecdsa_sig.get()->s) > kMaxBytesPerBN) { | |
86 DLOG(ERROR) << "Invalid key sizes."; | |
87 return false; | |
88 } | |
89 | |
90 BN_bn2bin(ecdsa_sig.get()->r, &result[0]); | |
agl
2013/10/15 15:00:08
Isn't this wrong 1/128 of the time?
If r or s are
digit1
2013/10/15 15:41:52
I admit I had no idea. I've implemented your recom
| |
91 BN_bn2bin(ecdsa_sig.get()->s, &result[kMaxBytesPerBN]); | |
92 out_raw_sig->swap(result); | |
93 return true; | |
29 } | 94 } |
30 | 95 |
31 } // namespace crypto | 96 } // namespace crypto |
OLD | NEW |