OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "crypto/signature_verifier.h" | 5 #include "crypto/signature_verifier.h" |
6 | 6 |
7 #include <openssl/evp.h> | 7 #include <openssl/evp.h> |
8 #include <openssl/x509.h> | 8 #include <openssl/x509.h> |
9 | 9 |
10 #include <vector> | 10 #include <vector> |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
46 int signature_algorithm_len, | 46 int signature_algorithm_len, |
47 const uint8* signature, | 47 const uint8* signature, |
48 int signature_len, | 48 int signature_len, |
49 const uint8* public_key_info, | 49 const uint8* public_key_info, |
50 int public_key_info_len) { | 50 int public_key_info_len) { |
51 OpenSSLErrStackTracer err_tracer(FROM_HERE); | 51 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
52 ScopedOpenSSL<X509_ALGOR, X509_ALGOR_free> algorithm( | 52 ScopedOpenSSL<X509_ALGOR, X509_ALGOR_free> algorithm( |
53 d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len)); | 53 d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len)); |
54 if (!algorithm.get()) | 54 if (!algorithm.get()) |
55 return false; | 55 return false; |
56 const EVP_MD* digest = EVP_get_digestbyobj(algorithm.get()->algorithm); | 56 int nid = OBJ_obj2nid(algorithm.get()->algorithm); |
| 57 const EVP_MD* digest; |
| 58 if (nid == NID_ecdsa_with_SHA1) { |
| 59 digest = EVP_sha1(); |
| 60 } else if (nid == NID_ecdsa_with_SHA256) { |
| 61 digest = EVP_sha256(); |
| 62 } else { |
| 63 // This works for PKCS #1 v1.5 RSA signatures, but not for ECDSA |
| 64 // signatures. |
| 65 digest = EVP_get_digestbyobj(algorithm.get()->algorithm); |
| 66 } |
57 if (!digest) | 67 if (!digest) |
58 return false; | 68 return false; |
59 | 69 |
60 return CommonInit(digest, signature, signature_len, public_key_info, | 70 return CommonInit(digest, signature, signature_len, public_key_info, |
61 public_key_info_len, NULL); | 71 public_key_info_len, NULL); |
62 } | 72 } |
63 | 73 |
64 bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg, | 74 bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg, |
65 HashAlgorithm mask_hash_alg, | 75 HashAlgorithm mask_hash_alg, |
66 int salt_len, | 76 int salt_len, |
(...skipping 30 matching lines...) Expand all Loading... |
97 data_part, data_part_len); | 107 data_part, data_part_len); |
98 DCHECK_EQ(rv, 1); | 108 DCHECK_EQ(rv, 1); |
99 } | 109 } |
100 | 110 |
101 bool SignatureVerifier::VerifyFinal() { | 111 bool SignatureVerifier::VerifyFinal() { |
102 DCHECK(verify_context_); | 112 DCHECK(verify_context_); |
103 OpenSSLErrStackTracer err_tracer(FROM_HERE); | 113 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
104 int rv = EVP_DigestVerifyFinal(verify_context_->ctx.get(), | 114 int rv = EVP_DigestVerifyFinal(verify_context_->ctx.get(), |
105 vector_as_array(&signature_), | 115 vector_as_array(&signature_), |
106 signature_.size()); | 116 signature_.size()); |
107 DCHECK_GE(rv, 0); | 117 // rv is -1 if a DER-encoded ECDSA signature cannot be decoded correctly. |
| 118 DCHECK_GE(rv, -1); |
108 Reset(); | 119 Reset(); |
109 return rv == 1; | 120 return rv == 1; |
110 } | 121 } |
111 | 122 |
112 bool SignatureVerifier::CommonInit(const EVP_MD* digest, | 123 bool SignatureVerifier::CommonInit(const EVP_MD* digest, |
113 const uint8* signature, | 124 const uint8* signature, |
114 int signature_len, | 125 int signature_len, |
115 const uint8* public_key_info, | 126 const uint8* public_key_info, |
116 int public_key_info_len, | 127 int public_key_info_len, |
117 EVP_PKEY_CTX** pkey_ctx) { | 128 EVP_PKEY_CTX** pkey_ctx) { |
(...skipping 22 matching lines...) Expand all Loading... |
140 return rv == 1; | 151 return rv == 1; |
141 } | 152 } |
142 | 153 |
143 void SignatureVerifier::Reset() { | 154 void SignatureVerifier::Reset() { |
144 delete verify_context_; | 155 delete verify_context_; |
145 verify_context_ = NULL; | 156 verify_context_ = NULL; |
146 signature_.clear(); | 157 signature_.clear(); |
147 } | 158 } |
148 | 159 |
149 } // namespace crypto | 160 } // namespace crypto |
OLD | NEW |