Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1549)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/child/webcrypto/openssl/rsa_ssa_openssl.cc

Issue 404273002: [webcrypto] Implement Sign() and Verify() for RSA-SSA using OpenSSL. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase onto master Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | content/child/webcrypto/shared_crypto_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/child/webcrypto/openssl/rsa_ssa_openssl.cc
diff --git a/content/child/webcrypto/openssl/rsa_ssa_openssl.cc b/content/child/webcrypto/openssl/rsa_ssa_openssl.cc
index 31e3c84774f82380c46d13918faa8a6286ea02c2..dbe813edf78248d1ab8fe525bc00e8c1352584f2 100644
--- a/content/child/webcrypto/openssl/rsa_ssa_openssl.cc
+++ b/content/child/webcrypto/openssl/rsa_ssa_openssl.cc
@@ -5,7 +5,10 @@
#include "content/child/webcrypto/crypto_data.h"
#include "content/child/webcrypto/openssl/key_openssl.h"
#include "content/child/webcrypto/openssl/rsa_key_openssl.h"
+#include "content/child/webcrypto/openssl/util_openssl.h"
#include "content/child/webcrypto/status.h"
+#include "crypto/openssl_util.h"
+#include "crypto/scoped_openssl_types.h"
#include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
namespace content {
@@ -14,13 +17,98 @@ namespace webcrypto {
namespace {
+// Extracts the OpenSSL key and digest from a WebCrypto key. The returned
+// pointers will remain valid as long as |key| is alive.
+Status GetPKeyAndDigest(const blink::WebCryptoKey& key,
+ EVP_PKEY** pkey,
+ const EVP_MD** digest) {
+ *pkey = AsymKeyOpenSsl::Cast(key)->key();
+
+ *digest = GetDigest(key.algorithm().rsaHashedParams()->hash().id());
+ if (!*digest)
+ return Status::ErrorUnsupported();
+
+ return Status::Success();
+}
+
class RsaSsaImplementation : public RsaHashedAlgorithm {
public:
RsaSsaImplementation()
: RsaHashedAlgorithm(blink::WebCryptoKeyUsageVerify,
blink::WebCryptoKeyUsageSign) {}
- // TODO(eroman): Implement Sign() and Verify().
+ virtual Status Sign(const blink::WebCryptoAlgorithm& algorithm,
+ const blink::WebCryptoKey& key,
+ const CryptoData& data,
+ std::vector<uint8_t>* buffer) const OVERRIDE {
+ if (key.type() != blink::WebCryptoKeyTypePrivate)
+ return Status::ErrorUnexpectedKeyType();
+
+ crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
+ crypto::ScopedEVP_MD_CTX ctx(EVP_MD_CTX_create());
+
+ EVP_PKEY* private_key = NULL;
+ const EVP_MD* digest = NULL;
+ Status status = GetPKeyAndDigest(key, &private_key, &digest);
+ if (status.IsError())
+ return status;
+
+ // NOTE: A call to EVP_DigestSignFinal() with a NULL second parameter
+ // returns a maximum allocation size, while the call without a NULL returns
+ // the real one, which may be smaller.
+ size_t sig_len = 0;
+ if (!ctx.get() ||
+ !EVP_DigestSignInit(ctx.get(), NULL, digest, NULL, private_key) ||
+ !EVP_DigestSignUpdate(ctx.get(), data.bytes(), data.byte_length()) ||
+ !EVP_DigestSignFinal(ctx.get(), NULL, &sig_len)) {
+ return Status::OperationError();
+ }
+
+ buffer->resize(sig_len);
+ if (!EVP_DigestSignFinal(ctx.get(), &buffer->front(), &sig_len))
+ return Status::OperationError();
+
+ buffer->resize(sig_len);
+ return Status::Success();
+ }
+
+ virtual Status Verify(const blink::WebCryptoAlgorithm& algorithm,
+ const blink::WebCryptoKey& key,
+ const CryptoData& signature,
+ const CryptoData& data,
+ bool* signature_match) const OVERRIDE {
+ if (key.type() != blink::WebCryptoKeyTypePublic)
+ return Status::ErrorUnexpectedKeyType();
+
+ crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
+ crypto::ScopedEVP_MD_CTX ctx(EVP_MD_CTX_create());
+
+ EVP_PKEY* public_key = NULL;
+ const EVP_MD* digest = NULL;
+ Status status = GetPKeyAndDigest(key, &public_key, &digest);
+ if (status.IsError())
+ return status;
+
+ if (1 != EVP_DigestVerifyInit(ctx.get(), NULL, digest, NULL, public_key))
+ return Status::OperationError();
+
+ if (1 !=
+ EVP_DigestVerifyUpdate(ctx.get(), data.bytes(), data.byte_length())) {
+ return Status::OperationError();
+ }
+
+ // This function takes a non-const pointer to the signature, however does
+ // not mutate it, so casting is safe.
+ // Also note that the return value can be:
+ // 1 --> Success
+ // 0 --> Verification failed
+ // <0 --> Operation error
+ int rv = EVP_DigestVerifyFinal(ctx.get(),
+ const_cast<uint8_t*>(signature.bytes()),
+ signature.byte_length());
+ *signature_match = rv == 1;
+ return rv >= 0 ? Status::Success() : Status::OperationError();
+ }
};
} // namespace
« no previous file with comments | « no previous file | content/child/webcrypto/shared_crypto_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698