net/cert/ct_log_verifier_openssl.cc - Issue 55953002: CT: Adding SCT verification functionality: A CTLogVerifier instance can verify SCTs signed by a sin…

Side by Side Diff: net/cert/ct_log_verifier_openssl.cc

Issue 55953002: CT: Adding SCT verification functionality: A CTLogVerifier instance can verify SCTs signed by a sin… (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 7 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "net/cert/ct_log_verifier.h"

	6

	7 #include <openssl/evp.h>

	8 #include <openssl/x509.h>

	9

	10 #include "base/logging.h"

	11 #include "crypto/openssl_util.h"

	12 #include "crypto/sha2.h"

	13

	14 namespace net {

	15

	16 namespace {

	17

	18 const EVP_MD* GetEvpAlg(ct::DigitallySigned::HashAlgorithm alg) {

	19 switch (alg) {

	20 case ct::DigitallySigned::HASH_ALGO_MD5:

	21 return EVP_md5();

	22 case ct::DigitallySigned::HASH_ALGO_SHA1:

	23 return EVP_sha1();

	24 case ct::DigitallySigned::HASH_ALGO_SHA224:

	25 return EVP_sha224();

	26 case ct::DigitallySigned::HASH_ALGO_SHA256:

	27 return EVP_sha256();

	28 case ct::DigitallySigned::HASH_ALGO_SHA384:

	29 return EVP_sha384();

	30 case ct::DigitallySigned::HASH_ALGO_SHA512:

	31 return EVP_sha512();

	32 case ct::DigitallySigned::HASH_ALGO_NONE:
	wtc 2013/11/08 21:04:00 Nit: add a default case, unless you know it is imp Nit: add a default case, unless you know it is impossible. Eran M. (Google) 2013/11/12 12:01:28 Done. Show quoted text On 2013/11/08 21:04:00, wtc wrote: > > Nit: add a default case, unless you know it is impossible. Done.
	33 NOTREACHED();

	34 return NULL;

	35 }

	36 }

	37

	38 } // namespace

	39

	40 CTLogVerifier::~CTLogVerifier() {

	41 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

	42

	43 if (public_key_)

	44 EVP_PKEY_free(public_key_);

	45 }

	46

	47 CTLogVerifier::CTLogVerifier() : public_key_(NULL) {}
	wtc 2013/11/08 21:04:00 Should also initialize hash_algorithm_ and sig_alg Should also initialize hash_algorithm_ and sig_algorithm_. Eran M. (Google) 2013/11/12 12:01:28 Done. Show quoted text On 2013/11/08 21:04:00, wtc wrote: > > Should also initialize hash_algorithm_ and sig_algorithm_. Done.
	48

	49 bool CTLogVerifier::Init(const base::StringPiece& public_key,

	50 const base::StringPiece& description) {

	51 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

	52

	53 crypto::ScopedOpenSSL<BIO, BIO_free_all> bio(

	54 BIO_new_mem_buf(const_cast<char*>(public_key.data()), public_key.size()));

	55 if (!bio.get())

	56 return false;

	57

	58 public_key_ = d2i_PUBKEY_bio(bio.get(), NULL);

	59 if (!public_key_)

	60 return false;

	61

	62 key_id_ = crypto::SHA256HashString(public_key);

	63 description_ = description.as_string();

	64

	65 switch (EVP_PKEY_type(public_key_->type)) {

	66 case EVP_PKEY_RSA:

	67 hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;

	68 sig_algorithm_ = ct::DigitallySigned::SIG_ALGO_RSA;

	69 break;

	70 case EVP_PKEY_EC:

	71 hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;

	72 sig_algorithm_ = ct::DigitallySigned::SIG_ALGO_ECDSA;

	73 break;

	74 default:

	75 DVLOG(1) << "Unsupported key type: " << EVP_PKEY_type(public_key_->type);

	76 return false;

	77 }

	78

	79 // EVP_PKEY_size returns the size in bytes. 256 = 2048-bit RSA key.

	80 if (sig_algorithm_ == ct::DigitallySigned::SIG_ALGO_RSA &&

	81 EVP_PKEY_size(public_key_) < 256) {

	82 DVLOG(1) << "Too small a public key.";

	83 return false;

	84 }

	85

	86 return true;

	87 }

	88

	89 bool CTLogVerifier::VerifySignature(const base::StringPiece& data_to_sign,

	90 const base::StringPiece& signature) {

	91 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

	92

	93 const EVP_MD* hash_alg = GetEvpAlg(hash_algorithm_);

	94 if (hash_alg == NULL)

	95 return false;

	96

	97 EVP_MD_CTX ctx;

	98 EVP_MD_CTX_init(&ctx);

	99

	100 bool ok =

	101 (1 == EVP_VerifyInit(&ctx, hash_alg) &&
	wtc 2013/11/08 21:04:00 I am not familiar with OpenSSL. Would EVP_DigestVe I am not familiar with OpenSSL. Would EVP_DigestVerify* be a better interface than EVP_Verify? Chromium's crypto/signature_verifier_openssl.cc uses the EVP_DigestVerify interface. Eran M. (Google) 2013/11/12 12:01:28 Converted the code to using EVP_DigestVerify altho Show quoted text On 2013/11/08 21:04:00, wtc wrote: > > I am not familiar with OpenSSL. Would EVP_DigestVerify* be a better interface > than EVP_Verify? Chromium's crypto/signature_verifier_openssl.cc uses the > EVP_DigestVerify interface. Converted the code to using EVP_DigestVerify although I can't judge if it's better - it's the same number of calls and same arguments. wtc 2013/11/14 18:46:30 I was hoping you could ask Ben Laurie :-) The onl Show quoted text On 2013/11/12 12:01:28, eranm wrote: > > Converted the code to using EVP_DigestVerify although I can't judge if it's > better - it's the same number of calls and same arguments. I was hoping you could ask Ben Laurie :-) The only external difference I can tell is that EVP_DigestVerifyInit has two more arguments, but we are not using them. I am curious if there is an internal difference. Eran M. (Google) 2013/11/16 22:59:16 As mentioned in an offline email, I ended up askin Show quoted text On 2013/11/14 18:46:30, wtc wrote: > > On 2013/11/12 12:01:28, eranm wrote: > > > > Converted the code to using EVP_DigestVerify although I can't judge if it's > > better - it's the same number of calls and same arguments. > > I was hoping you could ask Ben Laurie :-) > > The only external difference I can tell is that EVP_DigestVerifyInit has two > more arguments, but we are not using them. I am curious if there is an internal > difference. As mentioned in an offline email, I ended up asking the author of the API, Steve. He explained the difference (it's not relevant here) and pointed out that EVP_DigestVerify is the newer API of the two. So I just migrated the code to use the newer one.
	102 1 == EVP_VerifyUpdate(&ctx, data_to_sign.data(), data_to_sign.size()) &&

	103 1 == EVP_VerifyFinal(

	104 &ctx,

	105 reinterpret_cast<const unsigned char*>(signature.data()),

	106 signature.size(),

	107 public_key_));

	108

	109 EVP_MD_CTX_cleanup(&ctx);

	110 return ok;

	111 }

	112

	113 } // namespace net

OLD	NEW

« net/cert/ct_log_verifier_nss.cc ('K') | « net/cert/ct_log_verifier_nss.cc ('k') | net/cert/ct_log_verifier_unittest.cc » ('j') | net/cert/ct_log_verifier_unittest.cc » ('J')