1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "crypto/signature_verifier.h"
6
7 #include <openssl/evp.h>
8 #include <openssl/x509.h>
9
10 #include <vector>
11
12 #include "base/logging.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/stl_util-inl.h"
15 #include "crypto/openssl_util.h"
16
17 namespace crypto {
18
19 struct SignatureVerifier::VerifyContext {
20 ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> public_key;
21 ScopedOpenSSL<EVP_MD_CTX, EVP_MD_CTX_destroy> ctx;
22 };
23
SignatureVerifier()24 SignatureVerifier::SignatureVerifier()
25 : verify_context_(NULL) {
26 }
27
~SignatureVerifier()28 SignatureVerifier::~SignatureVerifier() {
29 Reset();
30 }
31
VerifyInit(const uint8 * signature_algorithm,int signature_algorithm_len,const uint8 * signature,int signature_len,const uint8 * public_key_info,int public_key_info_len)32 bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm,
33 int signature_algorithm_len,
34 const uint8* signature,
35 int signature_len,
36 const uint8* public_key_info,
37 int public_key_info_len) {
38 DCHECK(!verify_context_);
39 verify_context_ = new VerifyContext;
40 OpenSSLErrStackTracer err_tracer(FROM_HERE);
41
42 ScopedOpenSSL<X509_ALGOR, X509_ALGOR_free> algorithm(
43 d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len));
44 if (!algorithm.get())
45 return false;
46
47 const EVP_MD* digest = EVP_get_digestbyobj(algorithm.get()->algorithm);
48 DCHECK(digest);
49
50 signature_.assign(signature, signature + signature_len);
51
52 // BIO_new_mem_buf is not const aware, but it does not modify the buffer.
53 char* data = reinterpret_cast<char*>(const_cast<uint8*>(public_key_info));
54 ScopedOpenSSL<BIO, BIO_free_all> bio(BIO_new_mem_buf(data,
55 public_key_info_len));
56 if (!bio.get())
57 return false;
58
59 verify_context_->public_key.reset(d2i_PUBKEY_bio(bio.get(), NULL));
60 if (!verify_context_->public_key.get())
61 return false;
62
63 verify_context_->ctx.reset(EVP_MD_CTX_create());
64 int rv = EVP_VerifyInit_ex(verify_context_->ctx.get(), digest, NULL);
65 return rv == 1;
66 }
67
VerifyUpdate(const uint8 * data_part,int data_part_len)68 void SignatureVerifier::VerifyUpdate(const uint8* data_part,
69 int data_part_len) {
70 DCHECK(verify_context_);
71 OpenSSLErrStackTracer err_tracer(FROM_HERE);
72 int rv = EVP_VerifyUpdate(verify_context_->ctx.get(),
73 data_part, data_part_len);
74 DCHECK_EQ(rv, 1);
75 }
76
VerifyFinal()77 bool SignatureVerifier::VerifyFinal() {
78 DCHECK(verify_context_);
79 OpenSSLErrStackTracer err_tracer(FROM_HERE);
80 int rv = EVP_VerifyFinal(verify_context_->ctx.get(),
81 vector_as_array(&signature_), signature_.size(),
82 verify_context_->public_key.get());
83 DCHECK_GE(rv, 0);
84 Reset();
85 return rv == 1;
86 }
87
Reset()88 void SignatureVerifier::Reset() {
89 delete verify_context_;
90 verify_context_ = NULL;
91 signature_.clear();
92 }
93
94 } // namespace crypto
95