OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "crypto/ec_signature_creator_impl.h" | 5 #include "crypto/ec_signature_creator_impl.h" |
6 | 6 |
7 #include <openssl/bn.h> | 7 #include <openssl/bn.h> |
8 #include <openssl/ec.h> | 8 #include <openssl/ec.h> |
9 #include <openssl/ecdsa.h> | 9 #include <openssl/ecdsa.h> |
10 #include <openssl/evp.h> | 10 #include <openssl/evp.h> |
11 #include <openssl/sha.h> | 11 #include <openssl/sha.h> |
12 | 12 |
13 #include "base/logging.h" | 13 #include "base/logging.h" |
14 #include "crypto/ec_private_key.h" | 14 #include "crypto/ec_private_key.h" |
15 #include "crypto/openssl_util.h" | 15 #include "crypto/openssl_util.h" |
16 #include "crypto/scoped_openssl_types.h" | |
16 | 17 |
17 namespace crypto { | 18 namespace crypto { |
18 | 19 |
20 namespace { | |
21 | |
22 typedef scoped_ptr<ECDSA_SIG, OpenSSLDestroyer<ECDSA_SIG, ECDSA_SIG_free> > | |
23 ScopedECDSA_SIG; | |
wtc
2014/07/02 20:13:13
You can use the ScopedECDSA_SIG typedef from "cryp
| |
24 | |
25 } // namespace | |
26 | |
19 ECSignatureCreatorImpl::ECSignatureCreatorImpl(ECPrivateKey* key) | 27 ECSignatureCreatorImpl::ECSignatureCreatorImpl(ECPrivateKey* key) |
20 : key_(key), signature_len_(0) { | 28 : key_(key), signature_len_(0) { |
21 EnsureOpenSSLInit(); | 29 EnsureOpenSSLInit(); |
22 } | 30 } |
23 | 31 |
24 ECSignatureCreatorImpl::~ECSignatureCreatorImpl() {} | 32 ECSignatureCreatorImpl::~ECSignatureCreatorImpl() {} |
25 | 33 |
26 bool ECSignatureCreatorImpl::Sign(const uint8* data, | 34 bool ECSignatureCreatorImpl::Sign(const uint8* data, |
27 int data_len, | 35 int data_len, |
28 std::vector<uint8>* signature) { | 36 std::vector<uint8>* signature) { |
29 OpenSSLErrStackTracer err_tracer(FROM_HERE); | 37 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
30 ScopedOpenSSL<EVP_MD_CTX, EVP_MD_CTX_destroy> ctx(EVP_MD_CTX_create()); | 38 ScopedEVP_MD_CTX ctx(EVP_MD_CTX_create()); |
31 size_t sig_len = 0; | 39 size_t sig_len = 0; |
32 if (!ctx.get() || | 40 if (!ctx.get() || |
33 !EVP_DigestSignInit(ctx.get(), NULL, EVP_sha256(), NULL, key_->key()) || | 41 !EVP_DigestSignInit(ctx.get(), NULL, EVP_sha256(), NULL, key_->key()) || |
34 !EVP_DigestSignUpdate(ctx.get(), data, data_len) || | 42 !EVP_DigestSignUpdate(ctx.get(), data, data_len) || |
35 !EVP_DigestSignFinal(ctx.get(), NULL, &sig_len)) { | 43 !EVP_DigestSignFinal(ctx.get(), NULL, &sig_len)) { |
36 return false; | 44 return false; |
37 } | 45 } |
38 | 46 |
39 signature->resize(sig_len); | 47 signature->resize(sig_len); |
40 if (!EVP_DigestSignFinal(ctx.get(), &signature->front(), &sig_len)) | 48 if (!EVP_DigestSignFinal(ctx.get(), &signature->front(), &sig_len)) |
41 return false; | 49 return false; |
42 | 50 |
43 // NOTE: A call to EVP_DigestSignFinal() with a NULL second parameter returns | 51 // NOTE: A call to EVP_DigestSignFinal() with a NULL second parameter returns |
44 // a maximum allocation size, while the call without a NULL returns the real | 52 // a maximum allocation size, while the call without a NULL returns the real |
45 // one, which may be smaller. | 53 // one, which may be smaller. |
46 signature->resize(sig_len); | 54 signature->resize(sig_len); |
47 return true; | 55 return true; |
48 } | 56 } |
49 | 57 |
50 bool ECSignatureCreatorImpl::DecodeSignature(const std::vector<uint8>& der_sig, | 58 bool ECSignatureCreatorImpl::DecodeSignature(const std::vector<uint8>& der_sig, |
51 std::vector<uint8>* out_raw_sig) { | 59 std::vector<uint8>* out_raw_sig) { |
52 OpenSSLErrStackTracer err_tracer(FROM_HERE); | 60 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
53 // Create ECDSA_SIG object from DER-encoded data. | 61 // Create ECDSA_SIG object from DER-encoded data. |
54 const unsigned char* der_data = &der_sig.front(); | 62 const unsigned char* der_data = &der_sig.front(); |
55 ScopedOpenSSL<ECDSA_SIG, ECDSA_SIG_free> ecdsa_sig( | 63 ScopedECDSA_SIG ecdsa_sig( |
56 d2i_ECDSA_SIG(NULL, &der_data, static_cast<long>(der_sig.size()))); | 64 d2i_ECDSA_SIG(NULL, &der_data, static_cast<long>(der_sig.size()))); |
57 if (!ecdsa_sig.get()) | 65 if (!ecdsa_sig.get()) |
58 return false; | 66 return false; |
59 | 67 |
60 // The result is made of two 32-byte vectors. | 68 // The result is made of two 32-byte vectors. |
61 const size_t kMaxBytesPerBN = 32; | 69 const size_t kMaxBytesPerBN = 32; |
62 std::vector<uint8> result; | 70 std::vector<uint8> result; |
63 result.resize(2 * kMaxBytesPerBN); | 71 result.resize(2 * kMaxBytesPerBN); |
64 memset(&result[0], 0, result.size()); | 72 memset(&result[0], 0, result.size()); |
65 | 73 |
66 BIGNUM* r = ecdsa_sig.get()->r; | 74 BIGNUM* r = ecdsa_sig.get()->r; |
67 BIGNUM* s = ecdsa_sig.get()->s; | 75 BIGNUM* s = ecdsa_sig.get()->s; |
68 int r_bytes = BN_num_bytes(r); | 76 int r_bytes = BN_num_bytes(r); |
69 int s_bytes = BN_num_bytes(s); | 77 int s_bytes = BN_num_bytes(s); |
70 // NOTE: Can't really check for equality here since sometimes the value | 78 // NOTE: Can't really check for equality here since sometimes the value |
71 // returned by BN_num_bytes() will be slightly smaller than kMaxBytesPerBN. | 79 // returned by BN_num_bytes() will be slightly smaller than kMaxBytesPerBN. |
72 if (r_bytes > static_cast<int>(kMaxBytesPerBN) || | 80 if (r_bytes > static_cast<int>(kMaxBytesPerBN) || |
73 s_bytes > static_cast<int>(kMaxBytesPerBN)) { | 81 s_bytes > static_cast<int>(kMaxBytesPerBN)) { |
74 DLOG(ERROR) << "Invalid key sizes r(" << r_bytes << ") s(" << s_bytes | 82 DLOG(ERROR) << "Invalid key sizes r(" << r_bytes << ") s(" << s_bytes |
75 << ")"; | 83 << ")"; |
76 return false; | 84 return false; |
77 } | 85 } |
78 BN_bn2bin(ecdsa_sig.get()->r, &result[kMaxBytesPerBN - r_bytes]); | 86 BN_bn2bin(ecdsa_sig.get()->r, &result[kMaxBytesPerBN - r_bytes]); |
79 BN_bn2bin(ecdsa_sig.get()->s, &result[2 * kMaxBytesPerBN - s_bytes]); | 87 BN_bn2bin(ecdsa_sig.get()->s, &result[2 * kMaxBytesPerBN - s_bytes]); |
80 out_raw_sig->swap(result); | 88 out_raw_sig->swap(result); |
81 return true; | 89 return true; |
82 } | 90 } |
83 | 91 |
84 } // namespace crypto | 92 } // namespace crypto |
OLD | NEW |