blob: fd29bdfbd0e759f9e81a17456a339ff1acd60e87 [file] [log] [blame]
Andrew Top0d1858f2019-05-15 22:01:47 -07001// Copyright (c) 2011 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "crypto/signature_verifier.h"
6
7#include "base/logging.h"
8#include "crypto/openssl_util.h"
9#include "third_party/boringssl/src/include/openssl/bytestring.h"
10#include "third_party/boringssl/src/include/openssl/digest.h"
11#include "third_party/boringssl/src/include/openssl/evp.h"
12#include "third_party/boringssl/src/include/openssl/rsa.h"
13
14namespace crypto {
15
16struct SignatureVerifier::VerifyContext {
17 bssl::ScopedEVP_MD_CTX ctx;
18};
19
20SignatureVerifier::SignatureVerifier() = default;
21
22SignatureVerifier::~SignatureVerifier() = default;
23
24bool SignatureVerifier::VerifyInit(SignatureAlgorithm signature_algorithm,
25 base::span<const uint8_t> signature,
26 base::span<const uint8_t> public_key_info) {
27 OpenSSLErrStackTracer err_tracer(FROM_HERE);
28
29 int pkey_type = EVP_PKEY_NONE;
30 const EVP_MD* digest = nullptr;
31 switch (signature_algorithm) {
32 case RSA_PKCS1_SHA1:
33 pkey_type = EVP_PKEY_RSA;
34 digest = EVP_sha1();
35 break;
36 case RSA_PKCS1_SHA256:
37 case RSA_PSS_SHA256:
38 pkey_type = EVP_PKEY_RSA;
39 digest = EVP_sha256();
40 break;
41 case ECDSA_SHA256:
42 pkey_type = EVP_PKEY_EC;
43 digest = EVP_sha256();
44 break;
45 }
46 DCHECK_NE(EVP_PKEY_NONE, pkey_type);
47 DCHECK(digest);
48
49 if (verify_context_)
50 return false;
51
52 verify_context_.reset(new VerifyContext);
53 signature_.assign(signature.data(), signature.data() + signature.size());
54
55 CBS cbs;
56 CBS_init(&cbs, public_key_info.data(), public_key_info.size());
57 bssl::UniquePtr<EVP_PKEY> public_key(EVP_parse_public_key(&cbs));
58 if (!public_key || CBS_len(&cbs) != 0 ||
59 EVP_PKEY_id(public_key.get()) != pkey_type) {
60 return false;
61 }
62
63 EVP_PKEY_CTX* pkey_ctx;
64 if (!EVP_DigestVerifyInit(verify_context_->ctx.get(), &pkey_ctx, digest,
65 nullptr, public_key.get())) {
66 return false;
67 }
68
69 if (signature_algorithm == RSA_PSS_SHA256) {
70 if (!EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) ||
71 !EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, digest) ||
72 !EVP_PKEY_CTX_set_rsa_pss_saltlen(
73 pkey_ctx, -1 /* match digest and salt length */)) {
74 return false;
75 }
76 }
77
78 return true;
79}
80
81void SignatureVerifier::VerifyUpdate(base::span<const uint8_t> data_part) {
82 DCHECK(verify_context_);
83 OpenSSLErrStackTracer err_tracer(FROM_HERE);
84 int rv = EVP_DigestVerifyUpdate(verify_context_->ctx.get(), data_part.data(),
85 data_part.size());
86 DCHECK_EQ(rv, 1);
87}
88
89bool SignatureVerifier::VerifyFinal() {
90 DCHECK(verify_context_);
91 OpenSSLErrStackTracer err_tracer(FROM_HERE);
92 int rv = EVP_DigestVerifyFinal(verify_context_->ctx.get(), signature_.data(),
93 signature_.size());
94 DCHECK_EQ(static_cast<int>(!!rv), rv);
95 Reset();
96 return rv == 1;
97}
98
99void SignatureVerifier::Reset() {
100 verify_context_.reset();
101 signature_.clear();
102}
103
104} // namespace crypto