1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "crypto/ec_signature_creator_impl.h"
6
7 #include <openssl/bn.h>
8 #include <openssl/ec.h>
9 #include <openssl/ecdsa.h>
10 #include <openssl/evp.h>
11 #include <openssl/sha.h>
12
13 #include "base/logging.h"
14 #include "crypto/ec_private_key.h"
15 #include "crypto/openssl_util.h"
16
17 namespace crypto {
18
ECSignatureCreatorImpl(ECPrivateKey * key)19 ECSignatureCreatorImpl::ECSignatureCreatorImpl(ECPrivateKey* key)
20 : key_(key), signature_len_(0) {
21 EnsureOpenSSLInit();
22 }
23
~ECSignatureCreatorImpl()24 ECSignatureCreatorImpl::~ECSignatureCreatorImpl() {}
25
Sign(const uint8 * data,int data_len,std::vector<uint8> * signature)26 bool ECSignatureCreatorImpl::Sign(const uint8* data,
27 int data_len,
28 std::vector<uint8>* signature) {
29 OpenSSLErrStackTracer err_tracer(FROM_HERE);
30 ScopedOpenSSL<EVP_MD_CTX, EVP_MD_CTX_destroy> ctx(EVP_MD_CTX_create());
31 size_t sig_len = 0;
32 if (!ctx.get() ||
33 !EVP_DigestSignInit(ctx.get(), NULL, EVP_sha256(), NULL, key_->key()) ||
34 !EVP_DigestSignUpdate(ctx.get(), data, data_len) ||
35 !EVP_DigestSignFinal(ctx.get(), NULL, &sig_len)) {
36 return false;
37 }
38
39 signature->resize(sig_len);
40 if (!EVP_DigestSignFinal(ctx.get(), &signature->front(), &sig_len))
41 return false;
42
43 // NOTE: A call to EVP_DigestSignFinal() with a NULL second parameter returns
44 // a maximum allocation size, while the call without a NULL returns the real
45 // one, which may be smaller.
46 signature->resize(sig_len);
47 return true;
48 }
49
DecodeSignature(const std::vector<uint8> & der_sig,std::vector<uint8> * out_raw_sig)50 bool ECSignatureCreatorImpl::DecodeSignature(const std::vector<uint8>& der_sig,
51 std::vector<uint8>* out_raw_sig) {
52 OpenSSLErrStackTracer err_tracer(FROM_HERE);
53 // Create ECDSA_SIG object from DER-encoded data.
54 const unsigned char* der_data = &der_sig.front();
55 ScopedOpenSSL<ECDSA_SIG, ECDSA_SIG_free> ecdsa_sig(
56 d2i_ECDSA_SIG(NULL, &der_data, static_cast<long>(der_sig.size())));
57 if (!ecdsa_sig.get())
58 return false;
59
60 // The result is made of two 32-byte vectors.
61 const size_t kMaxBytesPerBN = 32;
62 std::vector<uint8> result;
63 result.resize(2 * kMaxBytesPerBN);
64 memset(&result[0], 0, result.size());
65
66 BIGNUM* r = ecdsa_sig.get()->r;
67 BIGNUM* s = ecdsa_sig.get()->s;
68 int r_bytes = BN_num_bytes(r);
69 int s_bytes = BN_num_bytes(s);
70 // NOTE: Can't really check for equality here since sometimes the value
71 // returned by BN_num_bytes() will be slightly smaller than kMaxBytesPerBN.
72 if (r_bytes > static_cast<int>(kMaxBytesPerBN) ||
73 s_bytes > static_cast<int>(kMaxBytesPerBN)) {
74 DLOG(ERROR) << "Invalid key sizes r(" << r_bytes << ") s(" << s_bytes
75 << ")";
76 return false;
77 }
78 BN_bn2bin(ecdsa_sig.get()->r, &result[kMaxBytesPerBN - r_bytes]);
79 BN_bn2bin(ecdsa_sig.get()->s, &result[2 * kMaxBytesPerBN - s_bytes]);
80 out_raw_sig->swap(result);
81 return true;
82 }
83
84 } // namespace crypto
85