1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package org.conscrypt; 17 18 import java.io.ByteArrayOutputStream; 19 import java.security.InvalidKeyException; 20 import java.security.InvalidParameterException; 21 import java.security.PrivateKey; 22 import java.security.PublicKey; 23 import java.security.SignatureException; 24 import java.security.SignatureSpi; 25 26 /** 27 * Implements the JDK Signature interface needed for RAW ECDSA signature 28 * generation and verification using BoringSSL. 29 * 30 * @hide 31 */ 32 @Internal 33 public class OpenSSLSignatureRawECDSA extends SignatureSpi { 34 /** 35 * The current OpenSSL key we're operating on. 36 */ 37 private OpenSSLKey key; 38 39 /** 40 * Buffer to hold value to be signed or verified. 41 */ 42 private ByteArrayOutputStream buffer = new ByteArrayOutputStream(); 43 44 @Override 45 protected void engineUpdate(byte input) { 46 buffer.write(input); 47 } 48 49 @Override 50 protected void engineUpdate(byte[] input, int offset, int len) { 51 buffer.write(input, offset, len); 52 } 53 54 @Override 55 @SuppressWarnings("deprecation") 56 protected Object engineGetParameter(String param) throws InvalidParameterException { 57 return null; 58 } 59 60 private static OpenSSLKey verifyKey(OpenSSLKey key) throws InvalidKeyException { 61 int pkeyType = NativeCrypto.EVP_PKEY_type(key.getNativeRef()); 62 if (pkeyType != NativeConstants.EVP_PKEY_EC) { 63 throw new InvalidKeyException("Non-EC key used to initialize EC signature."); 64 } 65 return key; 66 } 67 68 @Override 69 protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException { 70 key = verifyKey(OpenSSLKey.fromPrivateKey(privateKey)); 71 } 72 73 @Override 74 protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException { 75 key = verifyKey(OpenSSLKey.fromPublicKey(publicKey)); 76 } 77 78 @Override 79 @SuppressWarnings("deprecation") 80 protected void engineSetParameter(String param, Object value) throws InvalidParameterException { 81 } 82 83 @Override 84 protected byte[] engineSign() throws SignatureException { 85 if (key == null) { 86 // This can't actually happen, but you never know... 87 throw new SignatureException("No key provided"); 88 } 89 90 int output_size = NativeCrypto.ECDSA_size(key.getNativeRef()); 91 byte[] outputBuffer = new byte[output_size]; 92 try { 93 int bytes_written = 94 NativeCrypto.ECDSA_sign(buffer.toByteArray(), outputBuffer, key.getNativeRef()); 95 if (bytes_written < 0) { 96 throw new SignatureException("Could not compute signature."); 97 } 98 // There's no guarantee that the signature will be ECDSA_size bytes long, 99 // that's just the maximum possible length of a signature. Only return the bytes 100 // that were actually produced. 101 if (bytes_written != output_size) { 102 byte[] newBuffer = new byte[bytes_written]; 103 System.arraycopy(outputBuffer, 0, newBuffer, 0, bytes_written); 104 outputBuffer = newBuffer; 105 } 106 return outputBuffer; 107 } catch (Exception ex) { 108 throw new SignatureException(ex); 109 } finally { 110 buffer.reset(); 111 } 112 } 113 114 @Override 115 protected boolean engineVerify(byte[] sigBytes) throws SignatureException { 116 if (key == null) { 117 // This can't actually happen, but you never know... 118 throw new SignatureException("No key provided"); 119 } 120 121 try { 122 int result = 123 NativeCrypto.ECDSA_verify(buffer.toByteArray(), sigBytes, key.getNativeRef()); 124 if (result == -1) { 125 throw new SignatureException("Could not verify signature."); 126 } 127 return result == 1; 128 } catch (Exception ex) { 129 throw new SignatureException(ex); 130 } finally { 131 buffer.reset(); 132 } 133 } 134 } 135