// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "crypto/signature_verifier.h"
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <vector>
#include "base/logging.h"
#include "base/memory/scoped_ptr.h"
#include "base/stl_util.h"
#include "crypto/openssl_util.h"
#include "crypto/scoped_openssl_types.h"
namespace crypto {
namespace {
const EVP_MD* ToOpenSSLDigest(SignatureVerifier::HashAlgorithm hash_alg) {
switch (hash_alg) {
case SignatureVerifier::SHA1:
return EVP_sha1();
case SignatureVerifier::SHA256:
return EVP_sha256();
}
return NULL;
}
} // namespace
struct SignatureVerifier::VerifyContext {
ScopedEVP_MD_CTX ctx;
};
SignatureVerifier::SignatureVerifier()
: verify_context_(NULL) {
}
SignatureVerifier::~SignatureVerifier() {
Reset();
}
bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm,
int signature_algorithm_len,
const uint8* signature,
int signature_len,
const uint8* public_key_info,
int public_key_info_len) {
OpenSSLErrStackTracer err_tracer(FROM_HERE);
ScopedOpenSSL<X509_ALGOR, X509_ALGOR_free>::Type algorithm(
d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len));
if (!algorithm.get())
return false;
int nid = OBJ_obj2nid(algorithm.get()->algorithm);
const EVP_MD* digest;
if (nid == NID_ecdsa_with_SHA1) {
digest = EVP_sha1();
} else if (nid == NID_ecdsa_with_SHA256) {
digest = EVP_sha256();
} else {
// This works for PKCS #1 v1.5 RSA signatures, but not for ECDSA
// signatures.
digest = EVP_get_digestbyobj(algorithm.get()->algorithm);
}
if (!digest)
return false;
return CommonInit(digest, signature, signature_len, public_key_info,
public_key_info_len, NULL);
}
bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg,
HashAlgorithm mask_hash_alg,
int salt_len,
const uint8* signature,
int signature_len,
const uint8* public_key_info,
int public_key_info_len) {
OpenSSLErrStackTracer err_tracer(FROM_HERE);
const EVP_MD* const digest = ToOpenSSLDigest(hash_alg);
DCHECK(digest);
if (!digest) {
return false;
}
EVP_PKEY_CTX* pkey_ctx;
if (!CommonInit(digest, signature, signature_len, public_key_info,
public_key_info_len, &pkey_ctx)) {
return false;
}
int rv = EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING);
if (rv != 1)
return false;
const EVP_MD* const mgf_digest = ToOpenSSLDigest(mask_hash_alg);
DCHECK(mgf_digest);
if (!mgf_digest) {
return false;
}
rv = EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, mgf_digest);
if (rv != 1)
return false;
rv = EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len);
return rv == 1;
}
void SignatureVerifier::VerifyUpdate(const uint8* data_part,
int data_part_len) {
DCHECK(verify_context_);
OpenSSLErrStackTracer err_tracer(FROM_HERE);
int rv = EVP_DigestVerifyUpdate(verify_context_->ctx.get(),
data_part, data_part_len);
DCHECK_EQ(rv, 1);
}
bool SignatureVerifier::VerifyFinal() {
DCHECK(verify_context_);
OpenSSLErrStackTracer err_tracer(FROM_HERE);
int rv = EVP_DigestVerifyFinal(verify_context_->ctx.get(),
vector_as_array(&signature_),
signature_.size());
// rv is -1 if a DER-encoded ECDSA signature cannot be decoded correctly.
DCHECK_GE(rv, -1);
Reset();
return rv == 1;
}
bool SignatureVerifier::CommonInit(const EVP_MD* digest,
const uint8* signature,
int signature_len,
const uint8* public_key_info,
int public_key_info_len,
EVP_PKEY_CTX** pkey_ctx) {
if (verify_context_)
return false;
verify_context_ = new VerifyContext;
signature_.assign(signature, signature + signature_len);
// BIO_new_mem_buf is not const aware, but it does not modify the buffer.
char* data = reinterpret_cast<char*>(const_cast<uint8*>(public_key_info));
ScopedBIO bio(BIO_new_mem_buf(data, public_key_info_len));
if (!bio.get())
return false;
ScopedEVP_PKEY public_key(d2i_PUBKEY_bio(bio.get(), NULL));
if (!public_key.get())
return false;
verify_context_->ctx.reset(EVP_MD_CTX_create());
int rv = EVP_DigestVerifyInit(verify_context_->ctx.get(), pkey_ctx,
digest, NULL, public_key.get());
return rv == 1;
}
void SignatureVerifier::Reset() {
delete verify_context_;
verify_context_ = NULL;
signature_.clear();
}
} // namespace crypto