crypto/signature_verifier_openssl.cc - chromium/src - Git at Google

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "crypto/signature_verifier.h"

 #include <openssl/evp.h>
 #include <openssl/x509.h>

 #include <vector>

 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/stl_util.h"
 #include "crypto/openssl_util.h"

 namespace crypto {

 namespace {

 const EVP_MD* ToOpenSSLDigest(SignatureVerifier::HashAlgorithm hash_alg) {
   switch (hash_alg) {
     case SignatureVerifier::SHA1:
       return EVP_sha1();
     case SignatureVerifier::SHA256:
       return EVP_sha256();
   }
   return EVP_md_null();
 }

 }  // namespace

 struct SignatureVerifier::VerifyContext {
   ScopedOpenSSL<EVP_MD_CTX, EVP_MD_CTX_destroy> ctx;
 };

 SignatureVerifier::SignatureVerifier()
     : verify_context_(NULL) {
 }

 SignatureVerifier::~SignatureVerifier() {
   Reset();
 }

 bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm,
                                    int signature_algorithm_len,
                                    const uint8* signature,
                                    int signature_len,
                                    const uint8* public_key_info,
                                    int public_key_info_len) {
   OpenSSLErrStackTracer err_tracer(FROM_HERE);
   ScopedOpenSSL<X509_ALGOR, X509_ALGOR_free> algorithm(
       d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len));
   if (!algorithm.get())
     return false;
   int nid = OBJ_obj2nid(algorithm.get()->algorithm);
   const EVP_MD* digest;
   if (nid == NID_ecdsa_with_SHA1) {
     digest = EVP_sha1();
   } else if (nid == NID_ecdsa_with_SHA256) {
     digest = EVP_sha256();
   } else {
     // This works for PKCS #1 v1.5 RSA signatures, but not for ECDSA
     // signatures.
     digest = EVP_get_digestbyobj(algorithm.get()->algorithm);
   }
   if (!digest)
     return false;

   return CommonInit(digest, signature, signature_len, public_key_info,
                     public_key_info_len, NULL);
 }

 bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg,
                                          HashAlgorithm mask_hash_alg,
                                          int salt_len,
                                          const uint8* signature,
                                          int signature_len,
                                          const uint8* public_key_info,
                                          int public_key_info_len) {
   OpenSSLErrStackTracer err_tracer(FROM_HERE);
   const EVP_MD* digest = ToOpenSSLDigest(hash_alg);
   DCHECK(digest);

   EVP_PKEY_CTX* pkey_ctx;
   if (!CommonInit(digest, signature, signature_len, public_key_info,
                   public_key_info_len, &pkey_ctx)) {
     return false;
   }

   int rv = EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING);
   if (rv != 1)
     return false;
   rv = EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx,
                                     ToOpenSSLDigest(mask_hash_alg));
   if (rv != 1)
     return false;
   rv = EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len);
   return rv == 1;
 }

 void SignatureVerifier::VerifyUpdate(const uint8* data_part,
                                      int data_part_len) {
   DCHECK(verify_context_);
   OpenSSLErrStackTracer err_tracer(FROM_HERE);
   int rv = EVP_DigestVerifyUpdate(verify_context_->ctx.get(),
                                   data_part, data_part_len);
   DCHECK_EQ(rv, 1);
 }

 bool SignatureVerifier::VerifyFinal() {
   DCHECK(verify_context_);
   OpenSSLErrStackTracer err_tracer(FROM_HERE);
   int rv = EVP_DigestVerifyFinal(verify_context_->ctx.get(),
                                  vector_as_array(&signature_),
                                  signature_.size());
   // rv is -1 if a DER-encoded ECDSA signature cannot be decoded correctly.
   DCHECK_GE(rv, -1);
   Reset();
   return rv == 1;
 }

 bool SignatureVerifier::CommonInit(const EVP_MD* digest,
                                    const uint8* signature,
                                    int signature_len,
                                    const uint8* public_key_info,
                                    int public_key_info_len,
                                    EVP_PKEY_CTX** pkey_ctx) {
   if (verify_context_)
     return false;

   verify_context_ = new VerifyContext;

   signature_.assign(signature, signature + signature_len);

   // BIO_new_mem_buf is not const aware, but it does not modify the buffer.
   char* data = reinterpret_cast<char*>(const_cast<uint8*>(public_key_info));
   ScopedOpenSSL<BIO, BIO_free_all> bio(BIO_new_mem_buf(data,
                                                        public_key_info_len));
   if (!bio.get())
     return false;

   ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> public_key(
       d2i_PUBKEY_bio(bio.get(), NULL));
   if (!public_key.get())
     return false;

   verify_context_->ctx.reset(EVP_MD_CTX_create());
   int rv = EVP_DigestVerifyInit(verify_context_->ctx.get(), pkey_ctx,
                                 digest, NULL, public_key.get());
   return rv == 1;
 }

 void SignatureVerifier::Reset() {
   delete verify_context_;
   verify_context_ = NULL;
   signature_.clear();
 }

 }  // namespace crypto
	// Copyright (c) 2011 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "crypto/signature_verifier.h"

	#include <openssl/evp.h>
	#include <openssl/x509.h>

	#include <vector>

	#include "base/logging.h"
	#include "base/memory/scoped_ptr.h"
	#include "base/stl_util.h"
	#include "crypto/openssl_util.h"

	namespace crypto {

	namespace {

	const EVP_MD* ToOpenSSLDigest(SignatureVerifier::HashAlgorithm hash_alg) {
	switch (hash_alg) {
	case SignatureVerifier::SHA1:
	return EVP_sha1();
	case SignatureVerifier::SHA256:
	return EVP_sha256();
	}
	return EVP_md_null();
	}

	} // namespace

	struct SignatureVerifier::VerifyContext {
	ScopedOpenSSL<EVP_MD_CTX, EVP_MD_CTX_destroy> ctx;
	};

	SignatureVerifier::SignatureVerifier()
	: verify_context_(NULL) {
	}

	SignatureVerifier::~SignatureVerifier() {
	Reset();
	}

	bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm,
	int signature_algorithm_len,
	const uint8* signature,
	int signature_len,
	const uint8* public_key_info,
	int public_key_info_len) {
	OpenSSLErrStackTracer err_tracer(FROM_HERE);
	ScopedOpenSSL<X509_ALGOR, X509_ALGOR_free> algorithm(
	d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len));
	if (!algorithm.get())
	return false;
	int nid = OBJ_obj2nid(algorithm.get()->algorithm);
	const EVP_MD* digest;
	if (nid == NID_ecdsa_with_SHA1) {
	digest = EVP_sha1();
	} else if (nid == NID_ecdsa_with_SHA256) {
	digest = EVP_sha256();
	} else {
	// This works for PKCS #1 v1.5 RSA signatures, but not for ECDSA
	// signatures.
	digest = EVP_get_digestbyobj(algorithm.get()->algorithm);
	}
	if (!digest)
	return false;

	return CommonInit(digest, signature, signature_len, public_key_info,
	public_key_info_len, NULL);
	}

	bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg,
	HashAlgorithm mask_hash_alg,
	int salt_len,
	const uint8* signature,
	int signature_len,
	const uint8* public_key_info,
	int public_key_info_len) {
	OpenSSLErrStackTracer err_tracer(FROM_HERE);
	const EVP_MD* digest = ToOpenSSLDigest(hash_alg);
	DCHECK(digest);

	EVP_PKEY_CTX* pkey_ctx;
	if (!CommonInit(digest, signature, signature_len, public_key_info,
	public_key_info_len, &pkey_ctx)) {
	return false;
	}

	int rv = EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING);
	if (rv != 1)
	return false;
	rv = EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx,
	ToOpenSSLDigest(mask_hash_alg));
	if (rv != 1)
	return false;
	rv = EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len);
	return rv == 1;
	}

	void SignatureVerifier::VerifyUpdate(const uint8* data_part,
	int data_part_len) {
	DCHECK(verify_context_);
	OpenSSLErrStackTracer err_tracer(FROM_HERE);
	int rv = EVP_DigestVerifyUpdate(verify_context_->ctx.get(),
	data_part, data_part_len);
	DCHECK_EQ(rv, 1);
	}

	bool SignatureVerifier::VerifyFinal() {
	DCHECK(verify_context_);
	OpenSSLErrStackTracer err_tracer(FROM_HERE);
	int rv = EVP_DigestVerifyFinal(verify_context_->ctx.get(),
	vector_as_array(&signature_),
	signature_.size());
	// rv is -1 if a DER-encoded ECDSA signature cannot be decoded correctly.
	DCHECK_GE(rv, -1);
	Reset();
	return rv == 1;
	}

	bool SignatureVerifier::CommonInit(const EVP_MD* digest,
	const uint8* signature,
	int signature_len,
	const uint8* public_key_info,
	int public_key_info_len,
	EVP_PKEY_CTX** pkey_ctx) {
	if (verify_context_)
	return false;

	verify_context_ = new VerifyContext;

	signature_.assign(signature, signature + signature_len);

	// BIO_new_mem_buf is not const aware, but it does not modify the buffer.
	char* data = reinterpret_cast<char>(const_cast<uint8>(public_key_info));
	ScopedOpenSSL<BIO, BIO_free_all> bio(BIO_new_mem_buf(data,
	public_key_info_len));
	if (!bio.get())
	return false;

	ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> public_key(
	d2i_PUBKEY_bio(bio.get(), NULL));
	if (!public_key.get())
	return false;

	verify_context_->ctx.reset(EVP_MD_CTX_create());
	int rv = EVP_DigestVerifyInit(verify_context_->ctx.get(), pkey_ctx,
	digest, NULL, public_key.get());
	return rv == 1;
	}

	void SignatureVerifier::Reset() {
	delete verify_context_;
	verify_context_ = NULL;
	signature_.clear();
	}

	} // namespace crypto