| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "net/quic/crypto/channel_id.h" | |
| 6 | |
| 7 #include <openssl/bn.h> | |
| 8 #include <openssl/ec.h> | |
| 9 #include <openssl/ecdsa.h> | |
| 10 #include <openssl/obj_mac.h> | |
| 11 #include <openssl/sha.h> | |
| 12 | |
| 13 #include "crypto/openssl_util.h" | |
| 14 #include "crypto/scoped_openssl_types.h" | |
| 15 | |
| 16 using base::StringPiece; | |
| 17 | |
| 18 namespace net { | |
| 19 | |
| 20 // static | |
| 21 bool ChannelIDVerifier::Verify(StringPiece key, | |
| 22 StringPiece signed_data, | |
| 23 StringPiece signature) { | |
| 24 return VerifyRaw(key, signed_data, signature, true); | |
| 25 } | |
| 26 | |
| 27 // static | |
| 28 bool ChannelIDVerifier::VerifyRaw(StringPiece key, | |
| 29 StringPiece signed_data, | |
| 30 StringPiece signature, | |
| 31 bool is_channel_id_signature) { | |
| 32 if (key.size() != 32 * 2 || | |
| 33 signature.size() != 32 * 2) { | |
| 34 return false; | |
| 35 } | |
| 36 | |
| 37 crypto::ScopedOpenSSL<EC_GROUP, EC_GROUP_free>::Type p256( | |
| 38 EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); | |
| 39 if (p256.get() == nullptr) { | |
| 40 return false; | |
| 41 } | |
| 42 | |
| 43 crypto::ScopedBIGNUM x(BN_new()), y(BN_new()), r(BN_new()), s(BN_new()); | |
| 44 | |
| 45 ECDSA_SIG sig; | |
| 46 sig.r = r.get(); | |
| 47 sig.s = s.get(); | |
| 48 | |
| 49 const uint8* key_bytes = reinterpret_cast<const uint8*>(key.data()); | |
| 50 const uint8* signature_bytes = | |
| 51 reinterpret_cast<const uint8*>(signature.data()); | |
| 52 | |
| 53 if (BN_bin2bn(key_bytes + 0, 32, x.get()) == nullptr || | |
| 54 BN_bin2bn(key_bytes + 32, 32, y.get()) == nullptr || | |
| 55 BN_bin2bn(signature_bytes + 0, 32, sig.r) == nullptr || | |
| 56 BN_bin2bn(signature_bytes + 32, 32, sig.s) == nullptr) { | |
| 57 return false; | |
| 58 } | |
| 59 | |
| 60 crypto::ScopedOpenSSL<EC_POINT, EC_POINT_free>::Type point( | |
| 61 EC_POINT_new(p256.get())); | |
| 62 if (point.get() == nullptr || | |
| 63 !EC_POINT_set_affine_coordinates_GFp(p256.get(), point.get(), x.get(), | |
| 64 y.get(), nullptr)) { | |
| 65 return false; | |
| 66 } | |
| 67 | |
| 68 crypto::ScopedEC_KEY ecdsa_key(EC_KEY_new()); | |
| 69 if (ecdsa_key.get() == nullptr || | |
| 70 !EC_KEY_set_group(ecdsa_key.get(), p256.get()) || | |
| 71 !EC_KEY_set_public_key(ecdsa_key.get(), point.get())) { | |
| 72 return false; | |
| 73 } | |
| 74 | |
| 75 SHA256_CTX sha256; | |
| 76 SHA256_Init(&sha256); | |
| 77 if (is_channel_id_signature) { | |
| 78 SHA256_Update(&sha256, kContextStr, strlen(kContextStr) + 1); | |
| 79 SHA256_Update(&sha256, kClientToServerStr, strlen(kClientToServerStr) + 1); | |
| 80 } | |
| 81 SHA256_Update(&sha256, signed_data.data(), signed_data.size()); | |
| 82 | |
| 83 unsigned char digest[SHA256_DIGEST_LENGTH]; | |
| 84 SHA256_Final(digest, &sha256); | |
| 85 | |
| 86 return ECDSA_do_verify(digest, sizeof(digest), &sig, ecdsa_key.get()) == 1; | |
| 87 } | |
| 88 | |
| 89 } // namespace net | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 992733002:
Remove //net (except for Android test stuff) and sdch (Closed)
Base URL: git@github.com:domokit/mojo.git@master