| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/webcrypto/crypto_data.h" | |
| 6 #include "content/child/webcrypto/openssl/key_openssl.h" | |
| 7 #include "content/child/webcrypto/openssl/rsa_key_openssl.h" | 5 #include "content/child/webcrypto/openssl/rsa_key_openssl.h" |
| 8 #include "content/child/webcrypto/openssl/util_openssl.h" | 6 #include "content/child/webcrypto/openssl/rsa_sign_openssl.h" |
| 9 #include "content/child/webcrypto/status.h" | 7 #include "content/child/webcrypto/status.h" |
| 10 #include "crypto/openssl_util.h" | |
| 11 #include "crypto/scoped_openssl_types.h" | |
| 12 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" | |
| 13 | 8 |
| 14 namespace content { | 9 namespace content { |
| 15 | 10 |
| 16 namespace webcrypto { | 11 namespace webcrypto { |
| 17 | 12 |
| 18 namespace { | 13 namespace { |
| 19 | 14 |
| 20 // Extracts the OpenSSL key and digest from a WebCrypto key. The returned | |
| 21 // pointers will remain valid as long as |key| is alive. | |
| 22 Status GetPKeyAndDigest(const blink::WebCryptoKey& key, | |
| 23 EVP_PKEY** pkey, | |
| 24 const EVP_MD** digest) { | |
| 25 *pkey = AsymKeyOpenSsl::Cast(key)->key(); | |
| 26 | |
| 27 *digest = GetDigest(key.algorithm().rsaHashedParams()->hash().id()); | |
| 28 if (!*digest) | |
| 29 return Status::ErrorUnsupported(); | |
| 30 | |
| 31 return Status::Success(); | |
| 32 } | |
| 33 | |
| 34 class RsaSsaImplementation : public RsaHashedAlgorithm { | 15 class RsaSsaImplementation : public RsaHashedAlgorithm { |
| 35 public: | 16 public: |
| 36 RsaSsaImplementation() | 17 RsaSsaImplementation() |
| 37 : RsaHashedAlgorithm(blink::WebCryptoKeyUsageVerify, | 18 : RsaHashedAlgorithm(blink::WebCryptoKeyUsageVerify, |
| 38 blink::WebCryptoKeyUsageSign) {} | 19 blink::WebCryptoKeyUsageSign) {} |
| 39 | 20 |
| 40 virtual const char* GetJwkAlgorithm( | 21 virtual const char* GetJwkAlgorithm( |
| 41 const blink::WebCryptoAlgorithmId hash) const override { | 22 const blink::WebCryptoAlgorithmId hash) const override { |
| 42 switch (hash) { | 23 switch (hash) { |
| 43 case blink::WebCryptoAlgorithmIdSha1: | 24 case blink::WebCryptoAlgorithmIdSha1: |
| 44 return "RS1"; | 25 return "RS1"; |
| 45 case blink::WebCryptoAlgorithmIdSha256: | 26 case blink::WebCryptoAlgorithmIdSha256: |
| 46 return "RS256"; | 27 return "RS256"; |
| 47 case blink::WebCryptoAlgorithmIdSha384: | 28 case blink::WebCryptoAlgorithmIdSha384: |
| 48 return "RS384"; | 29 return "RS384"; |
| 49 case blink::WebCryptoAlgorithmIdSha512: | 30 case blink::WebCryptoAlgorithmIdSha512: |
| 50 return "RS512"; | 31 return "RS512"; |
| 51 default: | 32 default: |
| 52 return NULL; | 33 return NULL; |
| 53 } | 34 } |
| 54 } | 35 } |
| 55 | 36 |
| 56 virtual Status Sign(const blink::WebCryptoAlgorithm& algorithm, | 37 virtual Status Sign(const blink::WebCryptoAlgorithm& algorithm, |
| 57 const blink::WebCryptoKey& key, | 38 const blink::WebCryptoKey& key, |
| 58 const CryptoData& data, | 39 const CryptoData& data, |
| 59 std::vector<uint8_t>* buffer) const override { | 40 std::vector<uint8_t>* buffer) const override { |
| 60 if (key.type() != blink::WebCryptoKeyTypePrivate) | 41 return RsaSign(key, data, buffer); |
| 61 return Status::ErrorUnexpectedKeyType(); | |
| 62 | |
| 63 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | |
| 64 crypto::ScopedEVP_MD_CTX ctx(EVP_MD_CTX_create()); | |
| 65 | |
| 66 EVP_PKEY* private_key = NULL; | |
| 67 const EVP_MD* digest = NULL; | |
| 68 Status status = GetPKeyAndDigest(key, &private_key, &digest); | |
| 69 if (status.IsError()) | |
| 70 return status; | |
| 71 | |
| 72 // NOTE: A call to EVP_DigestSignFinal() with a NULL second parameter | |
| 73 // returns a maximum allocation size, while the call without a NULL returns | |
| 74 // the real one, which may be smaller. | |
| 75 size_t sig_len = 0; | |
| 76 if (!ctx.get() || | |
| 77 !EVP_DigestSignInit(ctx.get(), NULL, digest, NULL, private_key) || | |
| 78 !EVP_DigestSignUpdate(ctx.get(), data.bytes(), data.byte_length()) || | |
| 79 !EVP_DigestSignFinal(ctx.get(), NULL, &sig_len)) { | |
| 80 return Status::OperationError(); | |
| 81 } | |
| 82 | |
| 83 buffer->resize(sig_len); | |
| 84 if (!EVP_DigestSignFinal(ctx.get(), &buffer->front(), &sig_len)) | |
| 85 return Status::OperationError(); | |
| 86 | |
| 87 buffer->resize(sig_len); | |
| 88 return Status::Success(); | |
| 89 } | 42 } |
| 90 | 43 |
| 91 virtual Status Verify(const blink::WebCryptoAlgorithm& algorithm, | 44 virtual Status Verify(const blink::WebCryptoAlgorithm& algorithm, |
| 92 const blink::WebCryptoKey& key, | 45 const blink::WebCryptoKey& key, |
| 93 const CryptoData& signature, | 46 const CryptoData& signature, |
| 94 const CryptoData& data, | 47 const CryptoData& data, |
| 95 bool* signature_match) const override { | 48 bool* signature_match) const override { |
| 96 if (key.type() != blink::WebCryptoKeyTypePublic) | 49 return RsaVerify(key, signature, data, signature_match); |
| 97 return Status::ErrorUnexpectedKeyType(); | |
| 98 | |
| 99 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | |
| 100 crypto::ScopedEVP_MD_CTX ctx(EVP_MD_CTX_create()); | |
| 101 | |
| 102 EVP_PKEY* public_key = NULL; | |
| 103 const EVP_MD* digest = NULL; | |
| 104 Status status = GetPKeyAndDigest(key, &public_key, &digest); | |
| 105 if (status.IsError()) | |
| 106 return status; | |
| 107 | |
| 108 if (!EVP_DigestVerifyInit(ctx.get(), NULL, digest, NULL, public_key)) | |
| 109 return Status::OperationError(); | |
| 110 | |
| 111 if (!EVP_DigestVerifyUpdate(ctx.get(), data.bytes(), data.byte_length())) { | |
| 112 return Status::OperationError(); | |
| 113 } | |
| 114 | |
| 115 // Note that the return value can be: | |
| 116 // 1 --> Success | |
| 117 // 0 --> Verification failed | |
| 118 // <0 --> Operation error | |
| 119 int rv = EVP_DigestVerifyFinal( | |
| 120 ctx.get(), signature.bytes(), signature.byte_length()); | |
| 121 *signature_match = rv == 1; | |
| 122 return rv >= 0 ? Status::Success() : Status::OperationError(); | |
| 123 } | 50 } |
| 124 }; | 51 }; |
| 125 | 52 |
| 126 } // namespace | 53 } // namespace |
| 127 | 54 |
| 128 AlgorithmImplementation* CreatePlatformRsaSsaImplementation() { | 55 AlgorithmImplementation* CreatePlatformRsaSsaImplementation() { |
| 129 return new RsaSsaImplementation; | 56 return new RsaSsaImplementation; |
| 130 } | 57 } |
| 131 | 58 |
| 132 } // namespace webcrypto | 59 } // namespace webcrypto |
| 133 | 60 |
| 134 } // namespace content | 61 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 662533002:
[webcrypto] Refactor RSA-SSA signing. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master