crypto/signature_verifier.cc

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "crypto/signature_verifier.h"
   6
   7 #include <stdint.h>
   8
   9 #include <memory>
  10 #include <vector>
  11
  12 #include "base/logging.h"
  13 #include "crypto/openssl_util.h"
  14 #include "third_party/boringssl/src/include/openssl/bytestring.h"
  15 #include "third_party/boringssl/src/include/openssl/digest.h"
  16 #include "third_party/boringssl/src/include/openssl/evp.h"
  17 #include "third_party/boringssl/src/include/openssl/rsa.h"
  18
  19 namespace crypto {
  20
  21 struct SignatureVerifier::VerifyContext {
  22   bssl::ScopedEVP_MD_CTX ctx;
  23 };
  24
  25 SignatureVerifier::SignatureVerifier() = default;
  26
  27 SignatureVerifier::~SignatureVerifier() = default;
  28
  29 bool SignatureVerifier::VerifyInit(SignatureAlgorithm signature_algorithm,
  30                                    const uint8_t* signature,
  31                                    size_t signature_len,
  32                                    const uint8_t* public_key_info,
  33                                    size_t public_key_info_len) {
  34   OpenSSLErrStackTracer err_tracer(FROM_HERE);
  35
  36   int pkey_type = EVP_PKEY_NONE;
  37   const EVP_MD* digest = nullptr;
  38   switch (signature_algorithm) {
  39     case RSA_PKCS1_SHA1:
  40       pkey_type = EVP_PKEY_RSA;
  41       digest = EVP_sha1();
  42       break;
  43     case RSA_PKCS1_SHA256:
  44     case RSA_PSS_SHA256:
  45       pkey_type = EVP_PKEY_RSA;
  46       digest = EVP_sha256();
  47       break;
  48     case ECDSA_SHA256:
  49       pkey_type = EVP_PKEY_EC;
  50       digest = EVP_sha256();
  51       break;
  52   }
  53   DCHECK_NE(EVP_PKEY_NONE, pkey_type);
  54   DCHECK(digest);
  55
  56   if (verify_context_)
  57     return false;
  58
  59   verify_context_.reset(new VerifyContext);
  60   signature_.assign(signature, signature + signature_len);
  61
  62   CBS cbs;
  63   CBS_init(&cbs, public_key_info, public_key_info_len);
  64   bssl::UniquePtr<EVP_PKEY> public_key(EVP_parse_public_key(&cbs));
  65   if (!public_key || CBS_len(&cbs) != 0 ||
  66       EVP_PKEY_id(public_key.get()) != pkey_type) {
  67     return false;
  68   }
  69
  70   EVP_PKEY_CTX* pkey_ctx;
  71   if (!EVP_DigestVerifyInit(verify_context_->ctx.get(), &pkey_ctx, digest,
  72                             nullptr, public_key.get())) {
  73     return false;
  74   }
  75
  76   if (signature_algorithm == RSA_PSS_SHA256) {
  77     if (!EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) ||
  78         !EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, digest) ||
  79         !EVP_PKEY_CTX_set_rsa_pss_saltlen(
  80             pkey_ctx, -1 /* match digest and salt length */)) {
  81       return false;
  82     }
  83   }
  84
  85   return true;
  86 }
  87
  88 void SignatureVerifier::VerifyUpdate(const uint8_t* data_part,
  89                                      size_t data_part_len) {
  90   DCHECK(verify_context_);
  91   OpenSSLErrStackTracer err_tracer(FROM_HERE);
  92   int rv = EVP_DigestVerifyUpdate(verify_context_->ctx.get(), data_part,
  93                                   data_part_len);
  94   DCHECK_EQ(rv, 1);
  95 }
  96
  97 bool SignatureVerifier::VerifyFinal() {
  98   DCHECK(verify_context_);
  99   OpenSSLErrStackTracer err_tracer(FROM_HERE);
 100   int rv = EVP_DigestVerifyFinal(verify_context_->ctx.get(), signature_.data(),
 101                                  signature_.size());
 102   DCHECK_EQ(static_cast<int>(!!rv), rv);
 103   Reset();
 104   return rv == 1;
 105 }
 106
 107 void SignatureVerifier::Reset() {
 108   verify_context_.reset();
 109   signature_.clear();
 110 }
 111
 112 }  // namespace crypto