OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/crypto/channel_id.h" | 5 #include "net/quic/crypto/channel_id.h" |
6 | 6 |
7 #include <openssl/bn.h> | 7 #include <openssl/bn.h> |
8 #include <openssl/ec.h> | 8 #include <openssl/ec.h> |
9 #include <openssl/ecdsa.h> | 9 #include <openssl/ecdsa.h> |
10 #include <openssl/obj_mac.h> | 10 #include <openssl/obj_mac.h> |
11 #include <openssl/sha.h> | 11 #include <openssl/sha.h> |
12 | 12 |
13 #include "crypto/openssl_util.h" | 13 #include "crypto/openssl_util.h" |
| 14 #include "crypto/scoped_openssl_types.h" |
14 | 15 |
15 using base::StringPiece; | 16 using base::StringPiece; |
16 | 17 |
17 namespace net { | 18 namespace net { |
18 | 19 |
19 // static | 20 // static |
20 bool ChannelIDVerifier::Verify(StringPiece key, | 21 bool ChannelIDVerifier::Verify(StringPiece key, |
21 StringPiece signed_data, | 22 StringPiece signed_data, |
22 StringPiece signature) { | 23 StringPiece signature) { |
23 return VerifyRaw(key, signed_data, signature, true); | 24 return VerifyRaw(key, signed_data, signature, true); |
24 } | 25 } |
25 | 26 |
26 // static | 27 // static |
27 bool ChannelIDVerifier::VerifyRaw(StringPiece key, | 28 bool ChannelIDVerifier::VerifyRaw(StringPiece key, |
28 StringPiece signed_data, | 29 StringPiece signed_data, |
29 StringPiece signature, | 30 StringPiece signature, |
30 bool is_channel_id_signature) { | 31 bool is_channel_id_signature) { |
31 if (key.size() != 32 * 2 || | 32 if (key.size() != 32 * 2 || |
32 signature.size() != 32 * 2) { | 33 signature.size() != 32 * 2) { |
33 return false; | 34 return false; |
34 } | 35 } |
35 | 36 |
36 crypto::ScopedOpenSSL<EC_GROUP, EC_GROUP_free> p256( | 37 crypto::ScopedOpenSSL<EC_GROUP, EC_GROUP_free>::Type p256( |
37 EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); | 38 EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); |
38 if (p256.get() == NULL) { | 39 if (p256.get() == NULL) { |
39 return false; | 40 return false; |
40 } | 41 } |
41 | 42 |
42 crypto::ScopedOpenSSL<BIGNUM, BN_free> x(BN_new()), y(BN_new()), | 43 crypto::ScopedBIGNUM x(BN_new()), y(BN_new()), r(BN_new()), s(BN_new()); |
43 r(BN_new()), s(BN_new()); | |
44 | 44 |
45 ECDSA_SIG sig; | 45 ECDSA_SIG sig; |
46 sig.r = r.get(); | 46 sig.r = r.get(); |
47 sig.s = s.get(); | 47 sig.s = s.get(); |
48 | 48 |
49 const uint8* key_bytes = reinterpret_cast<const uint8*>(key.data()); | 49 const uint8* key_bytes = reinterpret_cast<const uint8*>(key.data()); |
50 const uint8* signature_bytes = | 50 const uint8* signature_bytes = |
51 reinterpret_cast<const uint8*>(signature.data()); | 51 reinterpret_cast<const uint8*>(signature.data()); |
52 | 52 |
53 if (BN_bin2bn(key_bytes + 0, 32, x.get()) == NULL || | 53 if (BN_bin2bn(key_bytes + 0, 32, x.get()) == NULL || |
54 BN_bin2bn(key_bytes + 32, 32, y.get()) == NULL || | 54 BN_bin2bn(key_bytes + 32, 32, y.get()) == NULL || |
55 BN_bin2bn(signature_bytes + 0, 32, sig.r) == NULL || | 55 BN_bin2bn(signature_bytes + 0, 32, sig.r) == NULL || |
56 BN_bin2bn(signature_bytes + 32, 32, sig.s) == NULL) { | 56 BN_bin2bn(signature_bytes + 32, 32, sig.s) == NULL) { |
57 return false; | 57 return false; |
58 } | 58 } |
59 | 59 |
60 crypto::ScopedOpenSSL<EC_POINT, EC_POINT_free> point( | 60 crypto::ScopedOpenSSL<EC_POINT, EC_POINT_free>::Type point( |
61 EC_POINT_new(p256.get())); | 61 EC_POINT_new(p256.get())); |
62 if (point.get() == NULL || | 62 if (point.get() == NULL || |
63 !EC_POINT_set_affine_coordinates_GFp(p256.get(), point.get(), x.get(), | 63 !EC_POINT_set_affine_coordinates_GFp(p256.get(), point.get(), x.get(), |
64 y.get(), NULL)) { | 64 y.get(), NULL)) { |
65 return false; | 65 return false; |
66 } | 66 } |
67 | 67 |
68 crypto::ScopedOpenSSL<EC_KEY, EC_KEY_free> ecdsa_key(EC_KEY_new()); | 68 crypto::ScopedEC_KEY ecdsa_key(EC_KEY_new()); |
69 if (ecdsa_key.get() == NULL || | 69 if (ecdsa_key.get() == NULL || |
70 !EC_KEY_set_group(ecdsa_key.get(), p256.get()) || | 70 !EC_KEY_set_group(ecdsa_key.get(), p256.get()) || |
71 !EC_KEY_set_public_key(ecdsa_key.get(), point.get())) { | 71 !EC_KEY_set_public_key(ecdsa_key.get(), point.get())) { |
72 return false; | 72 return false; |
73 } | 73 } |
74 | 74 |
75 SHA256_CTX sha256; | 75 SHA256_CTX sha256; |
76 SHA256_Init(&sha256); | 76 SHA256_Init(&sha256); |
77 if (is_channel_id_signature) { | 77 if (is_channel_id_signature) { |
78 SHA256_Update(&sha256, kContextStr, strlen(kContextStr) + 1); | 78 SHA256_Update(&sha256, kContextStr, strlen(kContextStr) + 1); |
79 SHA256_Update(&sha256, kClientToServerStr, strlen(kClientToServerStr) + 1); | 79 SHA256_Update(&sha256, kClientToServerStr, strlen(kClientToServerStr) + 1); |
80 } | 80 } |
81 SHA256_Update(&sha256, signed_data.data(), signed_data.size()); | 81 SHA256_Update(&sha256, signed_data.data(), signed_data.size()); |
82 | 82 |
83 unsigned char digest[SHA256_DIGEST_LENGTH]; | 83 unsigned char digest[SHA256_DIGEST_LENGTH]; |
84 SHA256_Final(digest, &sha256); | 84 SHA256_Final(digest, &sha256); |
85 | 85 |
86 return ECDSA_do_verify(digest, sizeof(digest), &sig, ecdsa_key.get()) == 1; | 86 return ECDSA_do_verify(digest, sizeof(digest), &sig, ecdsa_key.get()) == 1; |
87 } | 87 } |
88 | 88 |
89 } // namespace net | 89 } // namespace net |
OLD | NEW |