Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(241)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/ct_log_verifier_openssl.cc

Issue 992733002: Remove //net (except for Android test stuff) and sdch (Closed) Base URL: git@github.com:domokit/mojo.git@master
Patch Set: Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/ct_log_verifier_nss.cc ('k') | net/cert/ct_log_verifier_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/ct_log_verifier.h"
6
7 #include <openssl/evp.h>
8 #include <openssl/x509.h>
9
10 #include "base/logging.h"
11 #include "crypto/openssl_util.h"
12 #include "crypto/scoped_openssl_types.h"
13 #include "crypto/sha2.h"
14 #include "net/cert/signed_tree_head.h"
15
16 namespace net {
17
18 namespace {
19
20 const EVP_MD* GetEvpAlg(ct::DigitallySigned::HashAlgorithm alg) {
21 switch (alg) {
22 case ct::DigitallySigned::HASH_ALGO_MD5:
23 return EVP_md5();
24 case ct::DigitallySigned::HASH_ALGO_SHA1:
25 return EVP_sha1();
26 case ct::DigitallySigned::HASH_ALGO_SHA224:
27 return EVP_sha224();
28 case ct::DigitallySigned::HASH_ALGO_SHA256:
29 return EVP_sha256();
30 case ct::DigitallySigned::HASH_ALGO_SHA384:
31 return EVP_sha384();
32 case ct::DigitallySigned::HASH_ALGO_SHA512:
33 return EVP_sha512();
34 case ct::DigitallySigned::HASH_ALGO_NONE:
35 default:
36 NOTREACHED();
37 return NULL;
38 }
39 }
40
41 } // namespace
42
43 CTLogVerifier::~CTLogVerifier() {
44 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
45
46 if (public_key_)
47 EVP_PKEY_free(public_key_);
48 }
49
50 CTLogVerifier::CTLogVerifier()
51 : hash_algorithm_(ct::DigitallySigned::HASH_ALGO_NONE),
52 signature_algorithm_(ct::DigitallySigned::SIG_ALGO_ANONYMOUS),
53 public_key_(NULL) {}
54
55 bool CTLogVerifier::Init(const base::StringPiece& public_key,
56 const base::StringPiece& description) {
57 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
58
59 const uint8_t* ptr = reinterpret_cast<const uint8_t*>(public_key.data());
60 const uint8_t* end = ptr + public_key.size();
61 public_key_ = d2i_PUBKEY(nullptr, &ptr, public_key.size());
62 if (!public_key_ || ptr != end)
63 return false;
64
65 key_id_ = crypto::SHA256HashString(public_key);
66 description_ = description.as_string();
67
68 // Right now, only RSASSA-PKCS1v15 with SHA-256 and ECDSA with SHA-256 are
69 // supported.
70 switch (EVP_PKEY_type(public_key_->type)) {
71 case EVP_PKEY_RSA:
72 hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
73 signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_RSA;
74 break;
75 case EVP_PKEY_EC:
76 hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
77 signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_ECDSA;
78 break;
79 default:
80 DVLOG(1) << "Unsupported key type: " << EVP_PKEY_type(public_key_->type);
81 return false;
82 }
83
84 // Extra sanity check: Require RSA keys of at least 2048 bits.
85 // EVP_PKEY_size returns the size in bytes. 256 = 2048-bit RSA key.
86 if (signature_algorithm_ == ct::DigitallySigned::SIG_ALGO_RSA &&
87 EVP_PKEY_size(public_key_) < 256) {
88 DVLOG(1) << "Too small a public key.";
89 return false;
90 }
91
92 return true;
93 }
94
95 bool CTLogVerifier::VerifySignature(const base::StringPiece& data_to_sign,
96 const base::StringPiece& signature) {
97 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
98
99 const EVP_MD* hash_alg = GetEvpAlg(hash_algorithm_);
100 if (hash_alg == NULL)
101 return false;
102
103 EVP_MD_CTX ctx;
104 EVP_MD_CTX_init(&ctx);
105
106 bool ok = (
107 1 == EVP_DigestVerifyInit(&ctx, NULL, hash_alg, NULL, public_key_) &&
108 1 == EVP_DigestVerifyUpdate(
109 &ctx, data_to_sign.data(), data_to_sign.size()) &&
110 1 == EVP_DigestVerifyFinal(
111 &ctx,
112 reinterpret_cast<const uint8_t*>(signature.data()),
113 signature.size()));
114
115 EVP_MD_CTX_cleanup(&ctx);
116 return ok;
117 }
118
119 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/ct_log_verifier_nss.cc ('k') | net/cert/ct_log_verifier_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698