1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "crypto/signature_verifier.h"
6
7 #include <openssl/evp.h>
8 #include <openssl/x509.h>
9 #include <stdint.h>
10
11 #include <vector>
12
13 #include "base/logging.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "crypto/openssl_util.h"
16 #include "crypto/scoped_openssl_types.h"
17
18 namespace crypto {
19
20 namespace {
21
ToOpenSSLDigest(SignatureVerifier::HashAlgorithm hash_alg)22 const EVP_MD* ToOpenSSLDigest(SignatureVerifier::HashAlgorithm hash_alg) {
23 switch (hash_alg) {
24 case SignatureVerifier::SHA1:
25 return EVP_sha1();
26 case SignatureVerifier::SHA256:
27 return EVP_sha256();
28 }
29 return NULL;
30 }
31
32 } // namespace
33
34 struct SignatureVerifier::VerifyContext {
35 ScopedEVP_MD_CTX ctx;
36 };
37
SignatureVerifier()38 SignatureVerifier::SignatureVerifier()
39 : verify_context_(NULL) {
40 }
41
~SignatureVerifier()42 SignatureVerifier::~SignatureVerifier() {
43 Reset();
44 }
45
VerifyInit(const uint8_t * signature_algorithm,int signature_algorithm_len,const uint8_t * signature,int signature_len,const uint8_t * public_key_info,int public_key_info_len)46 bool SignatureVerifier::VerifyInit(const uint8_t* signature_algorithm,
47 int signature_algorithm_len,
48 const uint8_t* signature,
49 int signature_len,
50 const uint8_t* public_key_info,
51 int public_key_info_len) {
52 OpenSSLErrStackTracer err_tracer(FROM_HERE);
53 ScopedOpenSSL<X509_ALGOR, X509_ALGOR_free> algorithm(
54 d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len));
55 if (!algorithm.get())
56 return false;
57 int nid = OBJ_obj2nid(algorithm.get()->algorithm);
58 const EVP_MD* digest;
59 if (nid == NID_ecdsa_with_SHA1) {
60 digest = EVP_sha1();
61 } else if (nid == NID_ecdsa_with_SHA256) {
62 digest = EVP_sha256();
63 } else {
64 // This works for PKCS #1 v1.5 RSA signatures, but not for ECDSA
65 // signatures.
66 digest = EVP_get_digestbyobj(algorithm.get()->algorithm);
67 }
68 if (!digest)
69 return false;
70
71 return CommonInit(digest, signature, signature_len, public_key_info,
72 public_key_info_len, NULL);
73 }
74
VerifyInitRSAPSS(HashAlgorithm hash_alg,HashAlgorithm mask_hash_alg,int salt_len,const uint8_t * signature,int signature_len,const uint8_t * public_key_info,int public_key_info_len)75 bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg,
76 HashAlgorithm mask_hash_alg,
77 int salt_len,
78 const uint8_t* signature,
79 int signature_len,
80 const uint8_t* public_key_info,
81 int public_key_info_len) {
82 OpenSSLErrStackTracer err_tracer(FROM_HERE);
83 const EVP_MD* const digest = ToOpenSSLDigest(hash_alg);
84 DCHECK(digest);
85 if (!digest) {
86 return false;
87 }
88
89 EVP_PKEY_CTX* pkey_ctx;
90 if (!CommonInit(digest, signature, signature_len, public_key_info,
91 public_key_info_len, &pkey_ctx)) {
92 return false;
93 }
94
95 int rv = EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING);
96 if (rv != 1)
97 return false;
98 const EVP_MD* const mgf_digest = ToOpenSSLDigest(mask_hash_alg);
99 DCHECK(mgf_digest);
100 if (!mgf_digest) {
101 return false;
102 }
103 rv = EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, mgf_digest);
104 if (rv != 1)
105 return false;
106 rv = EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len);
107 return rv == 1;
108 }
109
VerifyUpdate(const uint8_t * data_part,int data_part_len)110 void SignatureVerifier::VerifyUpdate(const uint8_t* data_part,
111 int data_part_len) {
112 DCHECK(verify_context_);
113 OpenSSLErrStackTracer err_tracer(FROM_HERE);
114 int rv = EVP_DigestVerifyUpdate(verify_context_->ctx.get(),
115 data_part, data_part_len);
116 DCHECK_EQ(rv, 1);
117 }
118
VerifyFinal()119 bool SignatureVerifier::VerifyFinal() {
120 DCHECK(verify_context_);
121 OpenSSLErrStackTracer err_tracer(FROM_HERE);
122 int rv = EVP_DigestVerifyFinal(verify_context_->ctx.get(), signature_.data(),
123 signature_.size());
124 DCHECK_EQ(static_cast<int>(!!rv), rv);
125 Reset();
126 return rv == 1;
127 }
128
CommonInit(const EVP_MD * digest,const uint8_t * signature,int signature_len,const uint8_t * public_key_info,int public_key_info_len,EVP_PKEY_CTX ** pkey_ctx)129 bool SignatureVerifier::CommonInit(const EVP_MD* digest,
130 const uint8_t* signature,
131 int signature_len,
132 const uint8_t* public_key_info,
133 int public_key_info_len,
134 EVP_PKEY_CTX** pkey_ctx) {
135 if (verify_context_)
136 return false;
137
138 verify_context_ = new VerifyContext;
139
140 signature_.assign(signature, signature + signature_len);
141
142 const uint8_t* ptr = public_key_info;
143 ScopedEVP_PKEY public_key(d2i_PUBKEY(nullptr, &ptr, public_key_info_len));
144 if (!public_key.get() || ptr != public_key_info + public_key_info_len)
145 return false;
146
147 verify_context_->ctx.reset(EVP_MD_CTX_create());
148 int rv = EVP_DigestVerifyInit(verify_context_->ctx.get(), pkey_ctx,
149 digest, nullptr, public_key.get());
150 return rv == 1;
151 }
152
Reset()153 void SignatureVerifier::Reset() {
154 delete verify_context_;
155 verify_context_ = NULL;
156 signature_.clear();
157 }
158
159 } // namespace crypto
160