crypto: Implement ECSignatureCreatorImpl for OpenSSL

BUG=306176 TEST=crypto_unittests --gtest_filter=ECSignatureCreatorTest.* R=rsleevi@chromium.org,agl@chromium.org,wtc@chromium.org Review URL: https://codereview.chromium.org/43663005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@231048 0039d316-1c4b-4281-b951-d872f2087c98
author: digit@chromium.org <digit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-10-25 17:26:08 +0000
committer: digit@chromium.org <digit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-10-25 17:26:08 +0000
commit: 012c28741886f2b4b07368d64f11a8c3ad812cfe (patch)
tree: 837256d1d5fe2bce60ecd572b08a033824790760 /crypto
parent: 1082ee719180462934b5b9fb098edb14a0705027 (diff)
download: chromium_src-012c28741886f2b4b07368d64f11a8c3ad812cfe.zip
chromium_src-012c28741886f2b4b07368d64f11a8c3ad812cfe.tar.gz
chromium_src-012c28741886f2b4b07368d64f11a8c3ad812cfe.tar.bz2
2 files changed, 61 insertions, 17 deletions
diff --git a/crypto/ec_signature_creator_openssl.cc b/crypto/ec_signature_creator_openssl.cc
index 8854f5e..7f0a873 100644
--- a/crypto/ec_signature_creator_openssl.cc
+++ b/crypto/ec_signature_creator_openssl.cc
@@ -4,13 +4,21 @@
 
 #include "crypto/ec_signature_creator_impl.h"
 
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+#include <openssl/ecdsa.h>
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+
 #include "base/logging.h"
+#include "crypto/ec_private_key.h"
+#include "crypto/openssl_util.h"
 
 namespace crypto {
 
 ECSignatureCreatorImpl::ECSignatureCreatorImpl(ECPrivateKey* key)
-    : key_(key) {
-  NOTIMPLEMENTED();
+    : key_(key), signature_len_(0) {
+  EnsureOpenSSLInit();
 }
 
 ECSignatureCreatorImpl::~ECSignatureCreatorImpl() {}
@@ -18,14 +26,59 @@ ECSignatureCreatorImpl::~ECSignatureCreatorImpl() {}
 bool ECSignatureCreatorImpl::Sign(const uint8* data,
                                   int data_len,
                                   std::vector<uint8>* signature) {
-  NOTIMPLEMENTED();
-  return false;
+  OpenSSLErrStackTracer err_tracer(FROM_HERE);
+  ScopedOpenSSL<EVP_MD_CTX, EVP_MD_CTX_destroy> ctx(EVP_MD_CTX_create());
+  size_t sig_len = 0;
+  if (!ctx.get() ||
+      !EVP_DigestSignInit(ctx.get(), NULL, EVP_sha256(), NULL, key_->key()) ||
+      !EVP_DigestSignUpdate(ctx.get(), data, data_len) ||
+      !EVP_DigestSignFinal(ctx.get(), NULL, &sig_len)) {
+    return false;
+  }
+
+  signature->resize(sig_len);
+  if (!EVP_DigestSignFinal(ctx.get(), &signature->front(), &sig_len))
+    return false;
+
+  // NOTE: A call to EVP_DigestSignFinal() with a NULL second parameter returns
+  // a maximum allocation size, while the call without a NULL returns the real
+  // one, which may be smaller.
+  signature->resize(sig_len);
+  return true;
 }
 
 bool ECSignatureCreatorImpl::DecodeSignature(const std::vector<uint8>& der_sig,
                                              std::vector<uint8>* out_raw_sig) {
-  NOTIMPLEMENTED();
-  return false;
+  OpenSSLErrStackTracer err_tracer(FROM_HERE);
+  // Create ECDSA_SIG object from DER-encoded data.
+  const unsigned char* der_data = &der_sig.front();
+  ScopedOpenSSL<ECDSA_SIG, ECDSA_SIG_free> ecdsa_sig(
+      d2i_ECDSA_SIG(NULL, &der_data, static_cast<long>(der_sig.size())));
+  if (!ecdsa_sig.get())
+    return false;
+
+  // The result is made of two 32-byte vectors.
+  const size_t kMaxBytesPerBN = 32;
+  std::vector<uint8> result;
+  result.resize(2 * kMaxBytesPerBN);
+  memset(&result[0], 0, result.size());
+
+  BIGNUM* r = ecdsa_sig.get()->r;
+  BIGNUM* s = ecdsa_sig.get()->s;
+  int r_bytes = BN_num_bytes(r);
+  int s_bytes = BN_num_bytes(s);
+  // NOTE: Can't really check for equality here since sometimes the value
+  // returned by BN_num_bytes() will be slightly smaller than kMaxBytesPerBN.
+  if (r_bytes > static_cast<int>(kMaxBytesPerBN) ||
+      s_bytes > static_cast<int>(kMaxBytesPerBN)) {
+    DLOG(ERROR) << "Invalid key sizes r(" << r_bytes << ") s(" << s_bytes
+                << ")";
+    return false;
+  }
+  BN_bn2bin(ecdsa_sig.get()->r, &result[kMaxBytesPerBN - r_bytes]);
+  BN_bn2bin(ecdsa_sig.get()->s, &result[2 * kMaxBytesPerBN - s_bytes]);
+  out_raw_sig->swap(result);
+  return true;
 }
 
 }  // namespace crypto
diff --git a/crypto/ec_signature_creator_unittest.cc b/crypto/ec_signature_creator_unittest.cc
index bc0cb4a..2a40cfe 100644
--- a/crypto/ec_signature_creator_unittest.cc
+++ b/crypto/ec_signature_creator_unittest.cc
@@ -12,17 +12,9 @@
 #include "crypto/signature_verifier.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
-#if defined(USE_OPENSSL)
-// Once ECSignatureCreator is implemented for OpenSSL, remove this #if block.
-// TODO(rch): When that happens, also add some exported keys from each to
+// TODO(rch): Add some exported keys from each to
 // test interop between NSS and OpenSSL.
-TEST(ECSignatureCreatorTest, OpenSSLStub) {
-  scoped_ptr<crypto::ECSignatureCreator> signer(
-      crypto::ECSignatureCreator::Create(NULL));
-  ASSERT_TRUE(signer.get());
-  EXPECT_FALSE(signer->Sign(NULL, 0, NULL));
-}
-#else
+
 TEST(ECSignatureCreatorTest, BasicTest) {
   // Do a verify round trip.
   scoped_ptr<crypto::ECPrivateKey> key_original(
@@ -81,4 +73,3 @@ TEST(ECSignatureCreatorTest, BasicTest) {
                         data.size());
   ASSERT_TRUE(verifier.VerifyFinal());
 }
-#endif  // !defined(USE_OPENSSL)
author	digit@chromium.org <digit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-10-25 17:26:08 +0000
committer	digit@chromium.org <digit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-10-25 17:26:08 +0000
commit	012c28741886f2b4b07368d64f11a8c3ad812cfe (patch)
tree	837256d1d5fe2bce60ecd572b08a033824790760 /crypto
parent	1082ee719180462934b5b9fb098edb14a0705027 (diff)
download	chromium_src-012c28741886f2b4b07368d64f11a8c3ad812cfe.zip chromium_src-012c28741886f2b4b07368d64f11a8c3ad812cfe.tar.gz chromium_src-012c28741886f2b4b07368d64f11a8c3ad812cfe.tar.bz2