| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/webcrypto/crypto_data.h" | 5 #include "content/child/webcrypto/crypto_data.h" |
| 6 #include "content/child/webcrypto/openssl/key_openssl.h" | 6 #include "content/child/webcrypto/openssl/key_openssl.h" |
| 7 #include "content/child/webcrypto/openssl/rsa_key_openssl.h" | 7 #include "content/child/webcrypto/openssl/rsa_key_openssl.h" |
| 8 #include "content/child/webcrypto/openssl/util_openssl.h" |
| 8 #include "content/child/webcrypto/status.h" | 9 #include "content/child/webcrypto/status.h" |
| 10 #include "crypto/openssl_util.h" |
| 11 #include "crypto/scoped_openssl_types.h" |
| 9 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" | 12 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" |
| 10 | 13 |
| 11 namespace content { | 14 namespace content { |
| 12 | 15 |
| 13 namespace webcrypto { | 16 namespace webcrypto { |
| 14 | 17 |
| 15 namespace { | 18 namespace { |
| 16 | 19 |
| 20 // Extracts the OpenSSL key and digest from a WebCrypto key. The returned |
| 21 // pointers will remain valid as long as |key| is alive. |
| 22 Status GetPKeyAndDigest(const blink::WebCryptoKey& key, |
| 23 EVP_PKEY** pkey, |
| 24 const EVP_MD** digest) { |
| 25 *pkey = AsymKeyOpenSsl::Cast(key)->key(); |
| 26 |
| 27 *digest = GetDigest(key.algorithm().rsaHashedParams()->hash().id()); |
| 28 if (!*digest) |
| 29 return Status::ErrorUnsupported(); |
| 30 |
| 31 return Status::Success(); |
| 32 } |
| 33 |
| 17 class RsaSsaImplementation : public RsaHashedAlgorithm { | 34 class RsaSsaImplementation : public RsaHashedAlgorithm { |
| 18 public: | 35 public: |
| 19 RsaSsaImplementation() | 36 RsaSsaImplementation() |
| 20 : RsaHashedAlgorithm(blink::WebCryptoKeyUsageVerify, | 37 : RsaHashedAlgorithm(blink::WebCryptoKeyUsageVerify, |
| 21 blink::WebCryptoKeyUsageSign) {} | 38 blink::WebCryptoKeyUsageSign) {} |
| 22 | 39 |
| 23 // TODO(eroman): Implement Sign() and Verify(). | 40 virtual Status Sign(const blink::WebCryptoAlgorithm& algorithm, |
| 41 const blink::WebCryptoKey& key, |
| 42 const CryptoData& data, |
| 43 std::vector<uint8_t>* buffer) const OVERRIDE { |
| 44 if (key.type() != blink::WebCryptoKeyTypePrivate) |
| 45 return Status::ErrorUnexpectedKeyType(); |
| 46 |
| 47 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 48 crypto::ScopedEVP_MD_CTX ctx(EVP_MD_CTX_create()); |
| 49 |
| 50 EVP_PKEY* private_key = NULL; |
| 51 const EVP_MD* digest = NULL; |
| 52 Status status = GetPKeyAndDigest(key, &private_key, &digest); |
| 53 if (status.IsError()) |
| 54 return status; |
| 55 |
| 56 // NOTE: A call to EVP_DigestSignFinal() with a NULL second parameter |
| 57 // returns a maximum allocation size, while the call without a NULL returns |
| 58 // the real one, which may be smaller. |
| 59 size_t sig_len = 0; |
| 60 if (!ctx.get() || |
| 61 !EVP_DigestSignInit(ctx.get(), NULL, digest, NULL, private_key) || |
| 62 !EVP_DigestSignUpdate(ctx.get(), data.bytes(), data.byte_length()) || |
| 63 !EVP_DigestSignFinal(ctx.get(), NULL, &sig_len)) { |
| 64 return Status::OperationError(); |
| 65 } |
| 66 |
| 67 buffer->resize(sig_len); |
| 68 if (!EVP_DigestSignFinal(ctx.get(), &buffer->front(), &sig_len)) |
| 69 return Status::OperationError(); |
| 70 |
| 71 buffer->resize(sig_len); |
| 72 return Status::Success(); |
| 73 } |
| 74 |
| 75 virtual Status Verify(const blink::WebCryptoAlgorithm& algorithm, |
| 76 const blink::WebCryptoKey& key, |
| 77 const CryptoData& signature, |
| 78 const CryptoData& data, |
| 79 bool* signature_match) const OVERRIDE { |
| 80 if (key.type() != blink::WebCryptoKeyTypePublic) |
| 81 return Status::ErrorUnexpectedKeyType(); |
| 82 |
| 83 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 84 crypto::ScopedEVP_MD_CTX ctx(EVP_MD_CTX_create()); |
| 85 |
| 86 EVP_PKEY* public_key = NULL; |
| 87 const EVP_MD* digest = NULL; |
| 88 Status status = GetPKeyAndDigest(key, &public_key, &digest); |
| 89 if (status.IsError()) |
| 90 return status; |
| 91 |
| 92 if (1 != EVP_DigestVerifyInit(ctx.get(), NULL, digest, NULL, public_key)) |
| 93 return Status::OperationError(); |
| 94 |
| 95 if (1 != |
| 96 EVP_DigestVerifyUpdate(ctx.get(), data.bytes(), data.byte_length())) { |
| 97 return Status::OperationError(); |
| 98 } |
| 99 |
| 100 // This function takes a non-const pointer to the signature, however does |
| 101 // not mutate it, so casting is safe. |
| 102 // Also note that the return value can be: |
| 103 // 1 --> Success |
| 104 // 0 --> Verification failed |
| 105 // <0 --> Operation error |
| 106 int rv = EVP_DigestVerifyFinal(ctx.get(), |
| 107 const_cast<uint8_t*>(signature.bytes()), |
| 108 signature.byte_length()); |
| 109 *signature_match = rv == 1; |
| 110 return rv >= 0 ? Status::Success() : Status::OperationError(); |
| 111 } |
| 24 }; | 112 }; |
| 25 | 113 |
| 26 } // namespace | 114 } // namespace |
| 27 | 115 |
| 28 AlgorithmImplementation* CreatePlatformRsaSsaImplementation() { | 116 AlgorithmImplementation* CreatePlatformRsaSsaImplementation() { |
| 29 return new RsaSsaImplementation; | 117 return new RsaSsaImplementation; |
| 30 } | 118 } |
| 31 | 119 |
| 32 } // namespace webcrypto | 120 } // namespace webcrypto |
| 33 | 121 |
| 34 } // namespace content | 122 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 404273002:
[webcrypto] Implement Sign() and Verify() for RSA-SSA using OpenSSL. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src