Andrew Top | 0d1858f | 2019-05-15 22:01:47 -0700 | [diff] [blame] | 1 | // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "crypto/signature_verifier.h" |
| 6 | |
| 7 | #include "base/logging.h" |
| 8 | #include "crypto/openssl_util.h" |
| 9 | #include "third_party/boringssl/src/include/openssl/bytestring.h" |
| 10 | #include "third_party/boringssl/src/include/openssl/digest.h" |
| 11 | #include "third_party/boringssl/src/include/openssl/evp.h" |
| 12 | #include "third_party/boringssl/src/include/openssl/rsa.h" |
| 13 | |
| 14 | namespace crypto { |
| 15 | |
| 16 | struct SignatureVerifier::VerifyContext { |
| 17 | bssl::ScopedEVP_MD_CTX ctx; |
| 18 | }; |
| 19 | |
| 20 | SignatureVerifier::SignatureVerifier() = default; |
| 21 | |
| 22 | SignatureVerifier::~SignatureVerifier() = default; |
| 23 | |
| 24 | bool SignatureVerifier::VerifyInit(SignatureAlgorithm signature_algorithm, |
| 25 | base::span<const uint8_t> signature, |
| 26 | base::span<const uint8_t> public_key_info) { |
| 27 | OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 28 | |
| 29 | int pkey_type = EVP_PKEY_NONE; |
| 30 | const EVP_MD* digest = nullptr; |
| 31 | switch (signature_algorithm) { |
| 32 | case RSA_PKCS1_SHA1: |
| 33 | pkey_type = EVP_PKEY_RSA; |
| 34 | digest = EVP_sha1(); |
| 35 | break; |
| 36 | case RSA_PKCS1_SHA256: |
| 37 | case RSA_PSS_SHA256: |
| 38 | pkey_type = EVP_PKEY_RSA; |
| 39 | digest = EVP_sha256(); |
| 40 | break; |
| 41 | case ECDSA_SHA256: |
| 42 | pkey_type = EVP_PKEY_EC; |
| 43 | digest = EVP_sha256(); |
| 44 | break; |
| 45 | } |
| 46 | DCHECK_NE(EVP_PKEY_NONE, pkey_type); |
| 47 | DCHECK(digest); |
| 48 | |
| 49 | if (verify_context_) |
| 50 | return false; |
| 51 | |
| 52 | verify_context_.reset(new VerifyContext); |
| 53 | signature_.assign(signature.data(), signature.data() + signature.size()); |
| 54 | |
| 55 | CBS cbs; |
| 56 | CBS_init(&cbs, public_key_info.data(), public_key_info.size()); |
| 57 | bssl::UniquePtr<EVP_PKEY> public_key(EVP_parse_public_key(&cbs)); |
| 58 | if (!public_key || CBS_len(&cbs) != 0 || |
| 59 | EVP_PKEY_id(public_key.get()) != pkey_type) { |
| 60 | return false; |
| 61 | } |
| 62 | |
| 63 | EVP_PKEY_CTX* pkey_ctx; |
| 64 | if (!EVP_DigestVerifyInit(verify_context_->ctx.get(), &pkey_ctx, digest, |
| 65 | nullptr, public_key.get())) { |
| 66 | return false; |
| 67 | } |
| 68 | |
| 69 | if (signature_algorithm == RSA_PSS_SHA256) { |
| 70 | if (!EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) || |
| 71 | !EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, digest) || |
| 72 | !EVP_PKEY_CTX_set_rsa_pss_saltlen( |
| 73 | pkey_ctx, -1 /* match digest and salt length */)) { |
| 74 | return false; |
| 75 | } |
| 76 | } |
| 77 | |
| 78 | return true; |
| 79 | } |
| 80 | |
| 81 | void SignatureVerifier::VerifyUpdate(base::span<const uint8_t> data_part) { |
| 82 | DCHECK(verify_context_); |
| 83 | OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 84 | int rv = EVP_DigestVerifyUpdate(verify_context_->ctx.get(), data_part.data(), |
| 85 | data_part.size()); |
| 86 | DCHECK_EQ(rv, 1); |
| 87 | } |
| 88 | |
| 89 | bool SignatureVerifier::VerifyFinal() { |
| 90 | DCHECK(verify_context_); |
| 91 | OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 92 | int rv = EVP_DigestVerifyFinal(verify_context_->ctx.get(), signature_.data(), |
| 93 | signature_.size()); |
| 94 | DCHECK_EQ(static_cast<int>(!!rv), rv); |
| 95 | Reset(); |
| 96 | return rv == 1; |
| 97 | } |
| 98 | |
| 99 | void SignatureVerifier::Reset() { |
| 100 | verify_context_.reset(); |
| 101 | signature_.clear(); |
| 102 | } |
| 103 | |
| 104 | } // namespace crypto |