crypto/signature_verifier_openssl.cc

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "crypto/signature_verifier.h"
   6
   7 #include <openssl/evp.h>
   8 #include <openssl/x509.h>
   9
  10 #include <vector>
  11
  12 #include "base/logging.h"
  13 #include "base/memory/scoped_ptr.h"
  14 #include "base/stl_util.h"
  15 #include "crypto/openssl_util.h"
  16 #include "crypto/scoped_openssl_types.h"
  17
  18 namespace crypto {
  19
  20 namespace {
  21
  22 const EVP_MD* ToOpenSSLDigest(SignatureVerifier::HashAlgorithm hash_alg) {
  23   switch (hash_alg) {
  24     case SignatureVerifier::SHA1:
  25       return EVP_sha1();
  26     case SignatureVerifier::SHA256:
  27       return EVP_sha256();
  28   }
  29   return NULL;
  30 }
  31
  32 }  // namespace
  33
  34 struct SignatureVerifier::VerifyContext {
  35   ScopedEVP_MD_CTX ctx;
  36 };
  37
  38 SignatureVerifier::SignatureVerifier()
  39     : verify_context_(NULL) {
  40 }
  41
  42 SignatureVerifier::~SignatureVerifier() {
  43   Reset();
  44 }
  45
  46 bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm,
  47                                    int signature_algorithm_len,
  48                                    const uint8* signature,
  49                                    int signature_len,
  50                                    const uint8* public_key_info,
  51                                    int public_key_info_len) {
  52   OpenSSLErrStackTracer err_tracer(FROM_HERE);
  53   ScopedOpenSSL<X509_ALGOR, X509_ALGOR_free>::Type algorithm(
  54       d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len));
  55   if (!algorithm.get())
  56     return false;
  57   int nid = OBJ_obj2nid(algorithm.get()->algorithm);
  58   const EVP_MD* digest;
  59   if (nid == NID_ecdsa_with_SHA1) {
  60     digest = EVP_sha1();
  61   } else if (nid == NID_ecdsa_with_SHA256) {
  62     digest = EVP_sha256();
  63   } else {
  64     // This works for PKCS #1 v1.5 RSA signatures, but not for ECDSA
  65     // signatures.
  66     digest = EVP_get_digestbyobj(algorithm.get()->algorithm);
  67   }
  68   if (!digest)
  69     return false;
  70
  71   return CommonInit(digest, signature, signature_len, public_key_info,
  72                     public_key_info_len, NULL);
  73 }
  74
  75 bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg,
  76                                          HashAlgorithm mask_hash_alg,
  77                                          int salt_len,
  78                                          const uint8* signature,
  79                                          int signature_len,
  80                                          const uint8* public_key_info,
  81                                          int public_key_info_len) {
  82   OpenSSLErrStackTracer err_tracer(FROM_HERE);
  83   const EVP_MD* const digest = ToOpenSSLDigest(hash_alg);
  84   DCHECK(digest);
  85   if (!digest) {
  86     return false;
  87   }
  88
  89   EVP_PKEY_CTX* pkey_ctx;
  90   if (!CommonInit(digest, signature, signature_len, public_key_info,
  91                   public_key_info_len, &pkey_ctx)) {
  92     return false;
  93   }
  94
  95   int rv = EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING);
  96   if (rv != 1)
  97     return false;
  98   const EVP_MD* const mgf_digest = ToOpenSSLDigest(mask_hash_alg);
  99   DCHECK(mgf_digest);
 100   if (!mgf_digest) {
 101     return false;
 102   }
 103   rv = EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, mgf_digest);
 104   if (rv != 1)
 105     return false;
 106   rv = EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len);
 107   return rv == 1;
 108 }
 109
 110 void SignatureVerifier::VerifyUpdate(const uint8* data_part,
 111                                      int data_part_len) {
 112   DCHECK(verify_context_);
 113   OpenSSLErrStackTracer err_tracer(FROM_HERE);
 114   int rv = EVP_DigestVerifyUpdate(verify_context_->ctx.get(),
 115                                   data_part, data_part_len);
 116   DCHECK_EQ(rv, 1);
 117 }
 118
 119 bool SignatureVerifier::VerifyFinal() {
 120   DCHECK(verify_context_);
 121   OpenSSLErrStackTracer err_tracer(FROM_HERE);
 122   int rv = EVP_DigestVerifyFinal(verify_context_->ctx.get(),
 123                                  vector_as_array(&signature_),
 124                                  signature_.size());
 125   DCHECK_EQ(static_cast<int>(!!rv), rv);
 126   Reset();
 127   return rv == 1;
 128 }
 129
 130 bool SignatureVerifier::CommonInit(const EVP_MD* digest,
 131                                    const uint8* signature,
 132                                    int signature_len,
 133                                    const uint8* public_key_info,
 134                                    int public_key_info_len,
 135                                    EVP_PKEY_CTX** pkey_ctx) {
 136   if (verify_context_)
 137     return false;
 138
 139   verify_context_ = new VerifyContext;
 140
 141   signature_.assign(signature, signature + signature_len);
 142
 143   const uint8_t* ptr = public_key_info;
 144   ScopedEVP_PKEY public_key(d2i_PUBKEY(nullptr, &ptr, public_key_info_len));
 145   if (!public_key.get() || ptr != public_key_info + public_key_info_len)
 146     return false;
 147
 148   verify_context_->ctx.reset(EVP_MD_CTX_create());
 149   int rv = EVP_DigestVerifyInit(verify_context_->ctx.get(), pkey_ctx,
 150                                 digest, nullptr, public_key.get());
 151   return rv == 1;
 152 }
 153
 154 void SignatureVerifier::Reset() {
 155   delete verify_context_;
 156   verify_context_ = NULL;
 157   signature_.clear();
 158 }
 159
 160 }  // namespace crypto