net/quic/crypto/channel_id_openssl.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/quic/crypto/channel_id.h"
   6
   7 #include <openssl/bn.h>
   8 #include <openssl/ec.h>
   9 #include <openssl/ecdsa.h>
  10 #include <openssl/obj_mac.h>
  11 #include <openssl/sha.h>
  12
  13 #include "crypto/openssl_util.h"
  14
  15 using base::StringPiece;
  16
  17 namespace net {
  18
  19 // static
  20 bool ChannelIDVerifier::Verify(StringPiece key,
  21                                StringPiece signed_data,
  22                                StringPiece signature) {
  23   return VerifyRaw(key, signed_data, signature, true);
  24 }
  25
  26 // static
  27 bool ChannelIDVerifier::VerifyRaw(StringPiece key,
  28                                   StringPiece signed_data,
  29                                   StringPiece signature,
  30                                   bool is_channel_id_signature) {
  31   if (key.size() != 32 * 2 ||
  32       signature.size() != 32 * 2) {
  33     return false;
  34   }
  35
  36   crypto::ScopedOpenSSL<EC_GROUP, EC_GROUP_free> p256(
  37       EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
  38   if (p256.get() == NULL) {
  39     return false;
  40   }
  41
  42   crypto::ScopedOpenSSL<BIGNUM, BN_free> x(BN_new()), y(BN_new()),
  43                                          r(BN_new()), s(BN_new());
  44
  45   ECDSA_SIG sig;
  46   sig.r = r.get();
  47   sig.s = s.get();
  48
  49   const uint8* key_bytes = reinterpret_cast<const uint8*>(key.data());
  50   const uint8* signature_bytes =
  51       reinterpret_cast<const uint8*>(signature.data());
  52
  53   if (BN_bin2bn(key_bytes       +  0, 32, x.get()) == NULL ||
  54       BN_bin2bn(key_bytes       + 32, 32, y.get()) == NULL ||
  55       BN_bin2bn(signature_bytes +  0, 32, sig.r) == NULL ||
  56       BN_bin2bn(signature_bytes + 32, 32, sig.s) == NULL) {
  57     return false;
  58   }
  59
  60   crypto::ScopedOpenSSL<EC_POINT, EC_POINT_free> point(
  61       EC_POINT_new(p256.get()));
  62   if (point.get() == NULL ||
  63       !EC_POINT_set_affine_coordinates_GFp(p256.get(), point.get(), x.get(),
  64                                            y.get(), NULL)) {
  65     return false;
  66   }
  67
  68   crypto::ScopedOpenSSL<EC_KEY, EC_KEY_free> ecdsa_key(EC_KEY_new());
  69   if (ecdsa_key.get() == NULL ||
  70       !EC_KEY_set_group(ecdsa_key.get(), p256.get()) ||
  71       !EC_KEY_set_public_key(ecdsa_key.get(), point.get())) {
  72     return false;
  73   }
  74
  75   SHA256_CTX sha256;
  76   SHA256_Init(&sha256);
  77   if (is_channel_id_signature) {
  78     SHA256_Update(&sha256, kContextStr, strlen(kContextStr) + 1);
  79     SHA256_Update(&sha256, kClientToServerStr, strlen(kClientToServerStr) + 1);
  80   }
  81   SHA256_Update(&sha256, signed_data.data(), signed_data.size());
  82
  83   unsigned char digest[SHA256_DIGEST_LENGTH];
  84   SHA256_Final(digest, &sha256);
  85
  86   return ECDSA_do_verify(digest, sizeof(digest), &sig, ecdsa_key.get()) == 1;
  87 }
  88
  89 }  // namespace net