// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "crypto/signature_verifier.h" #include #include #include #include "base/logging.h" #include "base/memory/scoped_ptr.h" #include "base/stl_util.h" #include "crypto/openssl_util.h" namespace crypto { namespace { const EVP_MD* ToOpenSSLDigest(SignatureVerifier::HashAlgorithm hash_alg) { switch (hash_alg) { case SignatureVerifier::SHA1: return EVP_sha1(); case SignatureVerifier::SHA256: return EVP_sha256(); } return EVP_md_null(); } } // namespace struct SignatureVerifier::VerifyContext { ScopedOpenSSL ctx; }; SignatureVerifier::SignatureVerifier() : verify_context_(NULL) { } SignatureVerifier::~SignatureVerifier() { Reset(); } bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm, int signature_algorithm_len, const uint8* signature, int signature_len, const uint8* public_key_info, int public_key_info_len) { OpenSSLErrStackTracer err_tracer(FROM_HERE); ScopedOpenSSL algorithm( d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len)); if (!algorithm.get()) return false; int nid = OBJ_obj2nid(algorithm.get()->algorithm); const EVP_MD* digest; if (nid == NID_ecdsa_with_SHA1) { digest = EVP_sha1(); } else if (nid == NID_ecdsa_with_SHA256) { digest = EVP_sha256(); } else { // This works for PKCS #1 v1.5 RSA signatures, but not for ECDSA // signatures. digest = EVP_get_digestbyobj(algorithm.get()->algorithm); } if (!digest) return false; return CommonInit(digest, signature, signature_len, public_key_info, public_key_info_len, NULL); } bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg, HashAlgorithm mask_hash_alg, int salt_len, const uint8* signature, int signature_len, const uint8* public_key_info, int public_key_info_len) { OpenSSLErrStackTracer err_tracer(FROM_HERE); const EVP_MD* digest = ToOpenSSLDigest(hash_alg); DCHECK(digest); EVP_PKEY_CTX* pkey_ctx; if (!CommonInit(digest, signature, signature_len, public_key_info, public_key_info_len, &pkey_ctx)) { return false; } int rv = EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING); if (rv != 1) return false; rv = EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, ToOpenSSLDigest(mask_hash_alg)); if (rv != 1) return false; rv = EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len); return rv == 1; } void SignatureVerifier::VerifyUpdate(const uint8* data_part, int data_part_len) { DCHECK(verify_context_); OpenSSLErrStackTracer err_tracer(FROM_HERE); int rv = EVP_DigestVerifyUpdate(verify_context_->ctx.get(), data_part, data_part_len); DCHECK_EQ(rv, 1); } bool SignatureVerifier::VerifyFinal() { DCHECK(verify_context_); OpenSSLErrStackTracer err_tracer(FROM_HERE); int rv = EVP_DigestVerifyFinal(verify_context_->ctx.get(), vector_as_array(&signature_), signature_.size()); // rv is -1 if a DER-encoded ECDSA signature cannot be decoded correctly. DCHECK_GE(rv, -1); Reset(); return rv == 1; } bool SignatureVerifier::CommonInit(const EVP_MD* digest, const uint8* signature, int signature_len, const uint8* public_key_info, int public_key_info_len, EVP_PKEY_CTX** pkey_ctx) { if (verify_context_) return false; verify_context_ = new VerifyContext; signature_.assign(signature, signature + signature_len); // BIO_new_mem_buf is not const aware, but it does not modify the buffer. char* data = reinterpret_cast(const_cast(public_key_info)); ScopedOpenSSL bio(BIO_new_mem_buf(data, public_key_info_len)); if (!bio.get()) return false; ScopedOpenSSL public_key( d2i_PUBKEY_bio(bio.get(), NULL)); if (!public_key.get()) return false; verify_context_->ctx.reset(EVP_MD_CTX_create()); int rv = EVP_DigestVerifyInit(verify_context_->ctx.get(), pkey_ctx, digest, NULL, public_key.get()); return rv == 1; } void SignatureVerifier::Reset() { delete verify_context_; verify_context_ = NULL; signature_.clear(); } } // namespace crypto