1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/quic/crypto/channel_id.h"
7 #include <openssl/bn.h>
8 #include <openssl/ec.h>
9 #include <openssl/ecdsa.h>
10 #include <openssl/obj_mac.h>
11 #include <openssl/sha.h>
13 #include "crypto/openssl_util.h"
14 #include "crypto/scoped_openssl_types.h"
16 using base::StringPiece
;
21 bool ChannelIDVerifier::Verify(StringPiece key
,
22 StringPiece signed_data
,
23 StringPiece signature
) {
24 return VerifyRaw(key
, signed_data
, signature
, true);
28 bool ChannelIDVerifier::VerifyRaw(StringPiece key
,
29 StringPiece signed_data
,
30 StringPiece signature
,
31 bool is_channel_id_signature
) {
32 if (key
.size() != 32 * 2 ||
33 signature
.size() != 32 * 2) {
37 crypto::ScopedOpenSSL
<EC_GROUP
, EC_GROUP_free
>::Type
p256(
38 EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1
));
39 if (p256
.get() == NULL
) {
43 crypto::ScopedBIGNUM
x(BN_new()), y(BN_new()), r(BN_new()), s(BN_new());
49 const uint8
* key_bytes
= reinterpret_cast<const uint8
*>(key
.data());
50 const uint8
* signature_bytes
=
51 reinterpret_cast<const uint8
*>(signature
.data());
53 if (BN_bin2bn(key_bytes
+ 0, 32, x
.get()) == NULL
||
54 BN_bin2bn(key_bytes
+ 32, 32, y
.get()) == NULL
||
55 BN_bin2bn(signature_bytes
+ 0, 32, sig
.r
) == NULL
||
56 BN_bin2bn(signature_bytes
+ 32, 32, sig
.s
) == NULL
) {
60 crypto::ScopedOpenSSL
<EC_POINT
, EC_POINT_free
>::Type
point(
61 EC_POINT_new(p256
.get()));
62 if (point
.get() == NULL
||
63 !EC_POINT_set_affine_coordinates_GFp(p256
.get(), point
.get(), x
.get(),
68 crypto::ScopedEC_KEY
ecdsa_key(EC_KEY_new());
69 if (ecdsa_key
.get() == NULL
||
70 !EC_KEY_set_group(ecdsa_key
.get(), p256
.get()) ||
71 !EC_KEY_set_public_key(ecdsa_key
.get(), point
.get())) {
77 if (is_channel_id_signature
) {
78 SHA256_Update(&sha256
, kContextStr
, strlen(kContextStr
) + 1);
79 SHA256_Update(&sha256
, kClientToServerStr
, strlen(kClientToServerStr
) + 1);
81 SHA256_Update(&sha256
, signed_data
.data(), signed_data
.size());
83 unsigned char digest
[SHA256_DIGEST_LENGTH
];
84 SHA256_Final(digest
, &sha256
);
86 return ECDSA_do_verify(digest
, sizeof(digest
), &sig
, ecdsa_key
.get()) == 1;