Home | History | Annotate | Download | only in crypto 
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "crypto/signature_verifier.h"
      6 
      7 #include <openssl/evp.h>
      8 #include <openssl/x509.h>
      9 #include <stdint.h>
     10 
     11 #include <vector>
     12 
     13 #include "base/logging.h"
     14 #include "base/memory/scoped_ptr.h"
     15 #include "crypto/openssl_util.h"
     16 #include "crypto/scoped_openssl_types.h"
     17 
     18 namespace crypto {
     19 
     20 namespace {
     21 
     22 const EVP_MD* ToOpenSSLDigest(SignatureVerifier::HashAlgorithm hash_alg) {
     23   switch (hash_alg) {
     24     case SignatureVerifier::SHA1:
     25       return EVP_sha1();
     26     case SignatureVerifier::SHA256:
     27       return EVP_sha256();
     28   }
     29   return NULL;
     30 }
     31 
     32 }  // namespace
     33 
     34 struct SignatureVerifier::VerifyContext {
     35   ScopedEVP_MD_CTX ctx;
     36 };
     37 
     38 SignatureVerifier::SignatureVerifier()
     39     : verify_context_(NULL) {
     40 }
     41 
     42 SignatureVerifier::~SignatureVerifier() {
     43   Reset();
     44 }
     45 
     46 bool SignatureVerifier::VerifyInit(const uint8_t* signature_algorithm,
     47                                    int signature_algorithm_len,
     48                                    const uint8_t* signature,
     49                                    int signature_len,
     50                                    const uint8_t* public_key_info,
     51                                    int public_key_info_len) {
     52   OpenSSLErrStackTracer err_tracer(FROM_HERE);
     53   ScopedOpenSSL<X509_ALGOR, X509_ALGOR_free> algorithm(
     54       d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len));
     55   if (!algorithm.get())
     56     return false;
     57   int nid = OBJ_obj2nid(algorithm.get()->algorithm);
     58   const EVP_MD* digest;
     59   if (nid == NID_ecdsa_with_SHA1) {
     60     digest = EVP_sha1();
     61   } else if (nid == NID_ecdsa_with_SHA256) {
     62     digest = EVP_sha256();
     63   } else {
     64     // This works for PKCS #1 v1.5 RSA signatures, but not for ECDSA
     65     // signatures.
     66     digest = EVP_get_digestbyobj(algorithm.get()->algorithm);
     67   }
     68   if (!digest)
     69     return false;
     70 
     71   return CommonInit(digest, signature, signature_len, public_key_info,
     72                     public_key_info_len, NULL);
     73 }
     74 
     75 bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg,
     76                                          HashAlgorithm mask_hash_alg,
     77                                          int salt_len,
     78                                          const uint8_t* signature,
     79                                          int signature_len,
     80                                          const uint8_t* public_key_info,
     81                                          int public_key_info_len) {
     82   OpenSSLErrStackTracer err_tracer(FROM_HERE);
     83   const EVP_MD* const digest = ToOpenSSLDigest(hash_alg);
     84   DCHECK(digest);
     85   if (!digest) {
     86     return false;
     87   }
     88 
     89   EVP_PKEY_CTX* pkey_ctx;
     90   if (!CommonInit(digest, signature, signature_len, public_key_info,
     91                   public_key_info_len, &pkey_ctx)) {
     92     return false;
     93   }
     94 
     95   int rv = EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING);
     96   if (rv != 1)
     97     return false;
     98   const EVP_MD* const mgf_digest = ToOpenSSLDigest(mask_hash_alg);
     99   DCHECK(mgf_digest);
    100   if (!mgf_digest) {
    101     return false;
    102   }
    103   rv = EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, mgf_digest);
    104   if (rv != 1)
    105     return false;
    106   rv = EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len);
    107   return rv == 1;
    108 }
    109 
    110 void SignatureVerifier::VerifyUpdate(const uint8_t* data_part,
    111                                      int data_part_len) {
    112   DCHECK(verify_context_);
    113   OpenSSLErrStackTracer err_tracer(FROM_HERE);
    114   int rv = EVP_DigestVerifyUpdate(verify_context_->ctx.get(),
    115                                   data_part, data_part_len);
    116   DCHECK_EQ(rv, 1);
    117 }
    118 
    119 bool SignatureVerifier::VerifyFinal() {
    120   DCHECK(verify_context_);
    121   OpenSSLErrStackTracer err_tracer(FROM_HERE);
    122   int rv = EVP_DigestVerifyFinal(verify_context_->ctx.get(), signature_.data(),
    123                                  signature_.size());
    124   DCHECK_EQ(static_cast<int>(!!rv), rv);
    125   Reset();
    126   return rv == 1;
    127 }
    128 
    129 bool SignatureVerifier::CommonInit(const EVP_MD* digest,
    130                                    const uint8_t* signature,
    131                                    int signature_len,
    132                                    const uint8_t* public_key_info,
    133                                    int public_key_info_len,
    134                                    EVP_PKEY_CTX** pkey_ctx) {
    135   if (verify_context_)
    136     return false;
    137 
    138   verify_context_ = new VerifyContext;
    139 
    140   signature_.assign(signature, signature + signature_len);
    141 
    142   const uint8_t* ptr = public_key_info;
    143   ScopedEVP_PKEY public_key(d2i_PUBKEY(nullptr, &ptr, public_key_info_len));
    144   if (!public_key.get() || ptr != public_key_info + public_key_info_len)
    145     return false;
    146 
    147   verify_context_->ctx.reset(EVP_MD_CTX_create());
    148   int rv = EVP_DigestVerifyInit(verify_context_->ctx.get(), pkey_ctx,
    149                                 digest, nullptr, public_key.get());
    150   return rv == 1;
    151 }
    152 
    153 void SignatureVerifier::Reset() {
    154   delete verify_context_;
    155   verify_context_ = NULL;
    156   signature_.clear();
    157 }
    158 
    159 }  // namespace crypto
    160