Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(774)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: crypto/signature_verifier_win.cc

Issue 11092006: crypto: remove unused Mac SignatureVerifier. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ... Created 8 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « crypto/signature_verifier_mac.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "crypto/signature_verifier.h"
6
7 #include "base/logging.h"
8 #include "crypto/capi_util.h"
9
10 #pragma comment(lib, "crypt32.lib")
11
12 namespace crypto {
13
14 SignatureVerifier::SignatureVerifier() : hash_object_(0), public_key_(0) {
15 if (!CryptAcquireContext(provider_.receive(), NULL, NULL,
16 PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
17 provider_.reset();
18 }
19
20 SignatureVerifier::~SignatureVerifier() {
21 }
22
23 bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm,
24 int signature_algorithm_len,
25 const uint8* signature,
26 int signature_len,
27 const uint8* public_key_info,
28 int public_key_info_len) {
29 signature_.reserve(signature_len);
30 // CryptoAPI uses big integers in the little-endian byte order, so we need
31 // to first swap the order of signature bytes.
32 for (int i = signature_len - 1; i >= 0; --i)
33 signature_.push_back(signature[i]);
34
35 CRYPT_DECODE_PARA decode_para;
36 decode_para.cbSize = sizeof(decode_para);
37 decode_para.pfnAlloc = crypto::CryptAlloc;
38 decode_para.pfnFree = crypto::CryptFree;
39 CERT_PUBLIC_KEY_INFO* cert_public_key_info = NULL;
40 DWORD struct_len = 0;
41 BOOL ok;
42 ok = CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
43 X509_PUBLIC_KEY_INFO,
44 public_key_info,
45 public_key_info_len,
46 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG,
47 &decode_para,
48 &cert_public_key_info,
49 &struct_len);
50 if (!ok)
51 return false;
52
53 ok = CryptImportPublicKeyInfo(provider_,
54 X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
55 cert_public_key_info, public_key_.receive());
56 crypto::CryptFree(cert_public_key_info);
57 if (!ok)
58 return false;
59
60 CRYPT_ALGORITHM_IDENTIFIER* signature_algorithm_id;
61 struct_len = 0;
62 ok = CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
63 X509_ALGORITHM_IDENTIFIER,
64 signature_algorithm,
65 signature_algorithm_len,
66 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG,
67 &decode_para,
68 &signature_algorithm_id,
69 &struct_len);
70 DCHECK(ok || GetLastError() == ERROR_FILE_NOT_FOUND);
71 ALG_ID hash_alg_id;
72 if (ok) {
73 hash_alg_id = CALG_MD4; // Initialize to a weak hash algorithm that we
74 // don't support.
75 if (!strcmp(signature_algorithm_id->pszObjId, szOID_RSA_SHA1RSA))
76 hash_alg_id = CALG_SHA1;
77 else if (!strcmp(signature_algorithm_id->pszObjId, szOID_RSA_MD5RSA))
78 hash_alg_id = CALG_MD5;
79 crypto::CryptFree(signature_algorithm_id);
80 DCHECK_NE(static_cast<ALG_ID>(CALG_MD4), hash_alg_id);
81 if (hash_alg_id == CALG_MD4)
82 return false; // Unsupported hash algorithm.
83 } else if (GetLastError() == ERROR_FILE_NOT_FOUND) {
84 // TODO(wtc): X509_ALGORITHM_IDENTIFIER isn't supported on XP SP2. We
85 // may be able to encapsulate signature_algorithm in a dummy SignedContent
86 // and decode it with X509_CERT into a CERT_SIGNED_CONTENT_INFO. For now,
87 // just hardcode the hash algorithm to be SHA-1.
88 hash_alg_id = CALG_SHA1;
89 } else {
90 return false;
91 }
92
93 ok = CryptCreateHash(provider_, hash_alg_id, 0, 0, hash_object_.receive());
94 if (!ok)
95 return false;
96 return true;
97 }
98
99 void SignatureVerifier::VerifyUpdate(const uint8* data_part,
100 int data_part_len) {
101 BOOL ok = CryptHashData(hash_object_, data_part, data_part_len, 0);
102 DCHECK(ok) << "CryptHashData failed: " << GetLastError();
103 }
104
105 bool SignatureVerifier::VerifyFinal() {
106 BOOL ok = CryptVerifySignature(hash_object_, &signature_[0],
107 signature_.size(), public_key_, NULL, 0);
108 Reset();
109 if (!ok)
110 return false;
111 return true;
112 }
113
114 void SignatureVerifier::Reset() {
115 hash_object_.reset();
116 public_key_.reset();
117 signature_.clear();
118 }
119
120 } // namespace crypto
121
OLDNEW
« no previous file with comments | « crypto/signature_verifier_mac.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698