1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "content/child/webcrypto/crypto_data.h"
6 #include "content/child/webcrypto/openssl/key_openssl.h"
7 #include "content/child/webcrypto/openssl/rsa_key_openssl.h"
8 #include "content/child/webcrypto/openssl/util_openssl.h"
9 #include "content/child/webcrypto/status.h"
10 #include "crypto/openssl_util.h"
11 #include "crypto/scoped_openssl_types.h"
12 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
20 // Extracts the OpenSSL key and digest from a WebCrypto key. The returned
21 // pointers will remain valid as long as |key| is alive.
22 Status
GetPKeyAndDigest(const blink::WebCryptoKey
& key
,
24 const EVP_MD
** digest
) {
25 *pkey
= AsymKeyOpenSsl::Cast(key
)->key();
27 *digest
= GetDigest(key
.algorithm().rsaHashedParams()->hash().id());
29 return Status::ErrorUnsupported();
31 return Status::Success();
34 class RsaSsaImplementation
: public RsaHashedAlgorithm
{
36 RsaSsaImplementation()
37 : RsaHashedAlgorithm(blink::WebCryptoKeyUsageVerify
,
38 blink::WebCryptoKeyUsageSign
) {}
40 virtual const char* GetJwkAlgorithm(
41 const blink::WebCryptoAlgorithmId hash
) const OVERRIDE
{
43 case blink::WebCryptoAlgorithmIdSha1
:
45 case blink::WebCryptoAlgorithmIdSha256
:
47 case blink::WebCryptoAlgorithmIdSha384
:
49 case blink::WebCryptoAlgorithmIdSha512
:
56 virtual Status
Sign(const blink::WebCryptoAlgorithm
& algorithm
,
57 const blink::WebCryptoKey
& key
,
58 const CryptoData
& data
,
59 std::vector
<uint8_t>* buffer
) const OVERRIDE
{
60 if (key
.type() != blink::WebCryptoKeyTypePrivate
)
61 return Status::ErrorUnexpectedKeyType();
63 crypto::OpenSSLErrStackTracer
err_tracer(FROM_HERE
);
64 crypto::ScopedEVP_MD_CTX
ctx(EVP_MD_CTX_create());
66 EVP_PKEY
* private_key
= NULL
;
67 const EVP_MD
* digest
= NULL
;
68 Status status
= GetPKeyAndDigest(key
, &private_key
, &digest
);
72 // NOTE: A call to EVP_DigestSignFinal() with a NULL second parameter
73 // returns a maximum allocation size, while the call without a NULL returns
74 // the real one, which may be smaller.
77 !EVP_DigestSignInit(ctx
.get(), NULL
, digest
, NULL
, private_key
) ||
78 !EVP_DigestSignUpdate(ctx
.get(), data
.bytes(), data
.byte_length()) ||
79 !EVP_DigestSignFinal(ctx
.get(), NULL
, &sig_len
)) {
80 return Status::OperationError();
83 buffer
->resize(sig_len
);
84 if (!EVP_DigestSignFinal(ctx
.get(), &buffer
->front(), &sig_len
))
85 return Status::OperationError();
87 buffer
->resize(sig_len
);
88 return Status::Success();
91 virtual Status
Verify(const blink::WebCryptoAlgorithm
& algorithm
,
92 const blink::WebCryptoKey
& key
,
93 const CryptoData
& signature
,
94 const CryptoData
& data
,
95 bool* signature_match
) const OVERRIDE
{
96 if (key
.type() != blink::WebCryptoKeyTypePublic
)
97 return Status::ErrorUnexpectedKeyType();
99 crypto::OpenSSLErrStackTracer
err_tracer(FROM_HERE
);
100 crypto::ScopedEVP_MD_CTX
ctx(EVP_MD_CTX_create());
102 EVP_PKEY
* public_key
= NULL
;
103 const EVP_MD
* digest
= NULL
;
104 Status status
= GetPKeyAndDigest(key
, &public_key
, &digest
);
105 if (status
.IsError())
108 if (!EVP_DigestVerifyInit(ctx
.get(), NULL
, digest
, NULL
, public_key
))
109 return Status::OperationError();
111 if (!EVP_DigestVerifyUpdate(ctx
.get(), data
.bytes(), data
.byte_length())) {
112 return Status::OperationError();
115 // Note that the return value can be:
117 // 0 --> Verification failed
118 // <0 --> Operation error
119 int rv
= EVP_DigestVerifyFinal(
120 ctx
.get(), signature
.bytes(), signature
.byte_length());
121 *signature_match
= rv
== 1;
122 return rv
>= 0 ? Status::Success() : Status::OperationError();
128 AlgorithmImplementation
* CreatePlatformRsaSsaImplementation() {
129 return new RsaSsaImplementation
;
132 } // namespace webcrypto
134 } // namespace content
