crypto/signature_verifier_openssl.cc

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "crypto/signature_verifier.h"
   6
   7 #include <openssl/evp.h>
   8 #include <openssl/x509.h>
   9
  10 #include <vector>
  11
  12 #include "base/logging.h"
  13 #include "base/memory/scoped_ptr.h"
  14 #include "base/stl_util.h"
  15 #include "crypto/openssl_util.h"
  16
  17 namespace crypto {
  18
  19 struct SignatureVerifier::VerifyContext {
  20   ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> public_key;
  21   ScopedOpenSSL<EVP_MD_CTX, EVP_MD_CTX_destroy> ctx;
  22 };
  23
  24 SignatureVerifier::SignatureVerifier()
  25     : verify_context_(NULL) {
  26 }
  27
  28 SignatureVerifier::~SignatureVerifier() {
  29   Reset();
  30 }
  31
  32 bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm,
  33                                    int signature_algorithm_len,
  34                                    const uint8* signature,
  35                                    int signature_len,
  36                                    const uint8* public_key_info,
  37                                    int public_key_info_len) {
  38   DCHECK(!verify_context_);
  39   verify_context_ = new VerifyContext;
  40   OpenSSLErrStackTracer err_tracer(FROM_HERE);
  41
  42   ScopedOpenSSL<X509_ALGOR, X509_ALGOR_free> algorithm(
  43       d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len));
  44   if (!algorithm.get())
  45     return false;
  46
  47   const EVP_MD* digest = EVP_get_digestbyobj(algorithm.get()->algorithm);
  48   DCHECK(digest);
  49
  50   signature_.assign(signature, signature + signature_len);
  51
  52   // BIO_new_mem_buf is not const aware, but it does not modify the buffer.
  53   char* data = reinterpret_cast<char*>(const_cast<uint8*>(public_key_info));
  54   ScopedOpenSSL<BIO, BIO_free_all> bio(BIO_new_mem_buf(data,
  55                                                        public_key_info_len));
  56   if (!bio.get())
  57     return false;
  58
  59   verify_context_->public_key.reset(d2i_PUBKEY_bio(bio.get(), NULL));
  60   if (!verify_context_->public_key.get())
  61     return false;
  62
  63   verify_context_->ctx.reset(EVP_MD_CTX_create());
  64   int rv = EVP_VerifyInit_ex(verify_context_->ctx.get(), digest, NULL);
  65   return rv == 1;
  66 }
  67
  68 void SignatureVerifier::VerifyUpdate(const uint8* data_part,
  69                                      int data_part_len) {
  70   DCHECK(verify_context_);
  71   OpenSSLErrStackTracer err_tracer(FROM_HERE);
  72   int rv = EVP_VerifyUpdate(verify_context_->ctx.get(),
  73                             data_part, data_part_len);
  74   DCHECK_EQ(rv, 1);
  75 }
  76
  77 bool SignatureVerifier::VerifyFinal() {
  78   DCHECK(verify_context_);
  79   OpenSSLErrStackTracer err_tracer(FROM_HERE);
  80   int rv = EVP_VerifyFinal(verify_context_->ctx.get(),
  81                            vector_as_array(&signature_), signature_.size(),
  82                            verify_context_->public_key.get());
  83   DCHECK_GE(rv, 0);
  84   Reset();
  85   return rv == 1;
  86 }
  87
  88 void SignatureVerifier::Reset() {
  89   delete verify_context_;
  90   verify_context_ = NULL;
  91   signature_.clear();
  92 }
  93
  94 }  // namespace crypto