Make AccessibilityManager and MagnificationManager always honor prefs
[chromium-blink-merge.git] / crypto / signature_verifier_nss.cc
blob662e8f29d8c88c7a3cb28089a5e8b4f6b92f3ce5
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "crypto/signature_verifier.h"
7 #include <cryptohi.h>
8 #include <keyhi.h>
9 #include <stdlib.h>
11 #include "base/logging.h"
12 #include "crypto/nss_util.h"
14 namespace crypto {
16 SignatureVerifier::SignatureVerifier() : vfy_context_(NULL) {
17 EnsureNSSInit();
20 SignatureVerifier::~SignatureVerifier() {
21 Reset();
24 bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm,
25 int signature_algorithm_len,
26 const uint8* signature,
27 int signature_len,
28 const uint8* public_key_info,
29 int public_key_info_len) {
30 signature_.assign(signature, signature + signature_len);
32 CERTSubjectPublicKeyInfo* spki = NULL;
33 SECItem spki_der;
34 spki_der.type = siBuffer;
35 spki_der.data = const_cast<uint8*>(public_key_info);
36 spki_der.len = public_key_info_len;
37 spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&spki_der);
38 if (!spki)
39 return false;
40 SECKEYPublicKey* public_key = SECKEY_ExtractPublicKey(spki);
41 SECKEY_DestroySubjectPublicKeyInfo(spki); // Done with spki.
42 if (!public_key)
43 return false;
45 PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
46 if (!arena) {
47 SECKEY_DestroyPublicKey(public_key);
48 return false;
51 SECItem sig_alg_der;
52 sig_alg_der.type = siBuffer;
53 sig_alg_der.data = const_cast<uint8*>(signature_algorithm);
54 sig_alg_der.len = signature_algorithm_len;
55 SECAlgorithmID sig_alg_id;
56 SECStatus rv;
57 rv = SEC_QuickDERDecodeItem(arena, &sig_alg_id,
58 SEC_ASN1_GET(SECOID_AlgorithmIDTemplate),
59 &sig_alg_der);
60 if (rv != SECSuccess) {
61 SECKEY_DestroyPublicKey(public_key);
62 PORT_FreeArena(arena, PR_TRUE);
63 return false;
66 SECItem sig;
67 sig.type = siBuffer;
68 sig.data = const_cast<uint8*>(signature);
69 sig.len = signature_len;
70 SECOidTag hash_alg_tag;
71 vfy_context_ = VFY_CreateContextWithAlgorithmID(public_key, &sig,
72 &sig_alg_id, &hash_alg_tag,
73 NULL);
74 SECKEY_DestroyPublicKey(public_key); // Done with public_key.
75 PORT_FreeArena(arena, PR_TRUE); // Done with sig_alg_id.
76 if (!vfy_context_) {
77 // A corrupted RSA signature could be detected without the data, so
78 // VFY_CreateContextWithAlgorithmID may fail with SEC_ERROR_BAD_SIGNATURE
79 // (-8182).
80 return false;
83 rv = VFY_Begin(vfy_context_);
84 if (rv != SECSuccess) {
85 NOTREACHED();
86 return false;
88 return true;
91 void SignatureVerifier::VerifyUpdate(const uint8* data_part,
92 int data_part_len) {
93 SECStatus rv = VFY_Update(vfy_context_, data_part, data_part_len);
94 DCHECK_EQ(SECSuccess, rv);
97 bool SignatureVerifier::VerifyFinal() {
98 SECStatus rv = VFY_End(vfy_context_);
99 Reset();
101 // If signature verification fails, the error code is
102 // SEC_ERROR_BAD_SIGNATURE (-8182).
103 return (rv == SECSuccess);
106 void SignatureVerifier::Reset() {
107 if (vfy_context_) {
108 VFY_DestroyContext(vfy_context_, PR_TRUE);
109 vfy_context_ = NULL;
111 signature_.clear();
114 } // namespace crypto