Home | History | Annotate | Download | only in crypto 
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "crypto/signature_verifier.h"
      6 
      7 #include <openssl/evp.h>
      8 #include <openssl/x509.h>
      9 
     10 #include <vector>
     11 
     12 #include "base/logging.h"
     13 #include "base/memory/scoped_ptr.h"
     14 #include "base/stl_util-inl.h"
     15 #include "crypto/openssl_util.h"
     16 
     17 namespace crypto {
     18 
     19 struct SignatureVerifier::VerifyContext {
     20   ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> public_key;
     21   ScopedOpenSSL<EVP_MD_CTX, EVP_MD_CTX_destroy> ctx;
     22 };
     23 
     24 SignatureVerifier::SignatureVerifier()
     25     : verify_context_(NULL) {
     26 }
     27 
     28 SignatureVerifier::~SignatureVerifier() {
     29   Reset();
     30 }
     31 
     32 bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm,
     33                                    int signature_algorithm_len,
     34                                    const uint8* signature,
     35                                    int signature_len,
     36                                    const uint8* public_key_info,
     37                                    int public_key_info_len) {
     38   DCHECK(!verify_context_);
     39   verify_context_ = new VerifyContext;
     40   OpenSSLErrStackTracer err_tracer(FROM_HERE);
     41 
     42   ScopedOpenSSL<X509_ALGOR, X509_ALGOR_free> algorithm(
     43       d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len));
     44   if (!algorithm.get())
     45     return false;
     46 
     47   const EVP_MD* digest = EVP_get_digestbyobj(algorithm.get()->algorithm);
     48   DCHECK(digest);
     49 
     50   signature_.assign(signature, signature + signature_len);
     51 
     52   // BIO_new_mem_buf is not const aware, but it does not modify the buffer.
     53   char* data = reinterpret_cast<char*>(const_cast<uint8*>(public_key_info));
     54   ScopedOpenSSL<BIO, BIO_free_all> bio(BIO_new_mem_buf(data,
     55                                                        public_key_info_len));
     56   if (!bio.get())
     57     return false;
     58 
     59   verify_context_->public_key.reset(d2i_PUBKEY_bio(bio.get(), NULL));
     60   if (!verify_context_->public_key.get())
     61     return false;
     62 
     63   verify_context_->ctx.reset(EVP_MD_CTX_create());
     64   int rv = EVP_VerifyInit_ex(verify_context_->ctx.get(), digest, NULL);
     65   return rv == 1;
     66 }
     67 
     68 void SignatureVerifier::VerifyUpdate(const uint8* data_part,
     69                                      int data_part_len) {
     70   DCHECK(verify_context_);
     71   OpenSSLErrStackTracer err_tracer(FROM_HERE);
     72   int rv = EVP_VerifyUpdate(verify_context_->ctx.get(),
     73                             data_part, data_part_len);
     74   DCHECK_EQ(rv, 1);
     75 }
     76 
     77 bool SignatureVerifier::VerifyFinal() {
     78   DCHECK(verify_context_);
     79   OpenSSLErrStackTracer err_tracer(FROM_HERE);
     80   int rv = EVP_VerifyFinal(verify_context_->ctx.get(),
     81                            vector_as_array(&signature_), signature_.size(),
     82                            verify_context_->public_key.get());
     83   DCHECK_GE(rv, 0);
     84   Reset();
     85   return rv == 1;
     86 }
     87 
     88 void SignatureVerifier::Reset() {
     89   delete verify_context_;
     90   verify_context_ = NULL;
     91   signature_.clear();
     92 }
     93 
     94 }  // namespace crypto
     95