Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(398)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: base/crypto/signature_verifier_mac.cc

Issue 63089: Implement the signature verification API. (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Upload before checkin Created 11 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « base/crypto/signature_verifier.h ('k') | base/crypto/signature_verifier_nss.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: base/crypto/signature_verifier_mac.cc
===================================================================
--- base/crypto/signature_verifier_mac.cc (revision 0)
+++ base/crypto/signature_verifier_mac.cc (revision 0)
@@ -0,0 +1,143 @@
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/crypto/signature_verifier.h"
+
+#include <stdlib.h>
+
+#include "base/crypto/cssm_init.h"
+#include "base/logging.h"
+
+namespace {
+
+void* AppMalloc(CSSM_SIZE size, void *alloc_ref) {
+ return malloc(size);
+}
+
+void AppFree(void* mem_ptr, void* alloc_ref) {
+ free(mem_ptr);
+}
+
+void* AppRealloc(void* ptr, CSSM_SIZE size, void* alloc_ref) {
+ return realloc(ptr, size);
+}
+
+void* AppCalloc(uint32 num, CSSM_SIZE size, void* alloc_ref) {
+ return calloc(num, size);
+}
+
+const CSSM_API_MEMORY_FUNCS mem_funcs = {
+ AppMalloc,
+ AppFree,
+ AppRealloc,
+ AppCalloc,
+ NULL
+};
+
+} // namespace
+
+namespace base {
+
+SignatureVerifier::SignatureVerifier() : csp_handle_(0), sig_handle_(0) {
+ EnsureCSSMInit();
+
+ static CSSM_VERSION version = {2, 0};
+ CSSM_RETURN crtn;
+ crtn = CSSM_ModuleAttach(&gGuidAppleCSP, &version, &mem_funcs, 0,
+ CSSM_SERVICE_CSP, 0, CSSM_KEY_HIERARCHY_NONE,
+ NULL, 0, NULL, &csp_handle_);
+ DCHECK(crtn == CSSM_OK);
+}
+
+SignatureVerifier::~SignatureVerifier() {
+ Reset();
+ if (csp_handle_) {
+ CSSM_RETURN crtn = CSSM_ModuleDetach(csp_handle_);
+ DCHECK(crtn == CSSM_OK);
+ }
+}
+
+bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm,
+ int signature_algorithm_len,
+ const uint8* signature,
+ int signature_len,
+ const uint8* public_key_info,
+ int public_key_info_len) {
+ signature_.assign(signature, signature + signature_len);
+ public_key_info_.assign(public_key_info,
+ public_key_info + public_key_info_len);
+
+ CSSM_ALGORITHMS key_alg = CSSM_ALGID_RSA; // TODO(wtc): hardcoded.
+
+ memset(&public_key_, 0, sizeof(public_key_));
+ public_key_.KeyData.Data = const_cast<uint8*>(&public_key_info_[0]);
+ public_key_.KeyData.Length = public_key_info_.size();
+ public_key_.KeyHeader.HeaderVersion = CSSM_KEYHEADER_VERSION;
+ public_key_.KeyHeader.BlobType = CSSM_KEYBLOB_RAW;
+ public_key_.KeyHeader.Format = CSSM_KEYBLOB_RAW_FORMAT_X509;
+ public_key_.KeyHeader.AlgorithmId = key_alg;
+ public_key_.KeyHeader.KeyClass = CSSM_KEYCLASS_PUBLIC_KEY;
+ public_key_.KeyHeader.KeyAttr = CSSM_KEYATTR_EXTRACTABLE;
+ public_key_.KeyHeader.KeyUsage = CSSM_KEYUSE_VERIFY;
+ CSSM_KEY_SIZE key_size;
+ CSSM_RETURN crtn;
+ crtn = CSSM_QueryKeySizeInBits(csp_handle_, NULL, &public_key_, &key_size);
+ if (crtn) {
+ NOTREACHED() << "CSSM_QueryKeySizeInBits failed: " << crtn;
+ return false;
+ }
+ public_key_.KeyHeader.LogicalKeySizeInBits = key_size.LogicalKeySizeInBits;
+
+ // TODO(wtc): decode signature_algorithm...
+ CSSM_ALGORITHMS sig_alg = CSSM_ALGID_SHA1WithRSA;
+
+ crtn = CSSM_CSP_CreateSignatureContext(csp_handle_, sig_alg, NULL,
+ &public_key_, &sig_handle_);
+ if (crtn) {
+ NOTREACHED();
+ return false;
+ }
+ crtn = CSSM_VerifyDataInit(sig_handle_);
+ if (crtn) {
+ NOTREACHED();
+ return false;
+ }
+ return true;
+}
+
+void SignatureVerifier::VerifyUpdate(const uint8* data_part,
+ int data_part_len) {
+ CSSM_DATA data;
+ data.Data = const_cast<uint8*>(data_part);
+ data.Length = data_part_len;
+ CSSM_RETURN crtn = CSSM_VerifyDataUpdate(sig_handle_, &data, 1);
+ DCHECK(crtn == CSSM_OK);
+}
+
+bool SignatureVerifier::VerifyFinal() {
+ CSSM_DATA sig;
+ sig.Data = const_cast<uint8*>(&signature_[0]);
+ sig.Length = signature_.size();
+ CSSM_RETURN crtn = CSSM_VerifyDataFinal(sig_handle_, &sig);
+ Reset();
+
+ // crtn is CSSMERR_CSP_VERIFY_FAILED if signature verification fails.
+ return (crtn == CSSM_OK);
+}
+
+void SignatureVerifier::Reset() {
+ CSSM_RETURN crtn;
+ if (sig_handle_) {
+ crtn = CSSM_DeleteContext(sig_handle_);
+ DCHECK(crtn == CSSM_OK);
+ sig_handle_ = 0;
+ }
+ signature_.clear();
+
+ // Can't call CSSM_FreeKey on public_key_ because we constructed
+ // public_key_ manually.
+}
+
+} // namespace base
+
« no previous file with comments | « base/crypto/signature_verifier.h ('k') | base/crypto/signature_verifier_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698