From be796bb642e82b4702fb84cfb451a09a37890c58 Mon Sep 17 00:00:00 2001 From: "joth@chromium.org" Date: Thu, 18 Nov 2010 15:43:43 +0000 Subject: Implements Signature Creator & Verifier for openssl Also adds a little more infrastructure to assist in openssl error handling. BUG=None TEST=base_unittests RSA* and Sign* Review URL: http://codereview.chromium.org/5105003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@66622 0039d316-1c4b-4281-b951-d872f2087c98 --- base/crypto/signature_verifier_openssl.cc | 66 +++++++++++++++++++++++++++---- 1 file changed, 59 insertions(+), 7 deletions(-) (limited to 'base/crypto/signature_verifier_openssl.cc') diff --git a/base/crypto/signature_verifier_openssl.cc b/base/crypto/signature_verifier_openssl.cc index 49b5e07..b4fff78 100644 --- a/base/crypto/signature_verifier_openssl.cc +++ b/base/crypto/signature_verifier_openssl.cc @@ -4,14 +4,28 @@ #include "base/crypto/signature_verifier.h" +#include +#include + +#include + #include "base/logging.h" +#include "base/openssl_util.h" +#include "base/scoped_ptr.h" namespace base { -SignatureVerifier::SignatureVerifier() { +struct SignatureVerifier::VerifyContext { + ScopedOpenSSL public_key; + ScopedOpenSSL ctx; +}; + +SignatureVerifier::SignatureVerifier() + : verify_context_(NULL) { } SignatureVerifier::~SignatureVerifier() { + Reset(); } bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm, @@ -20,22 +34,60 @@ bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm, int signature_len, const uint8* public_key_info, int public_key_info_len) { - NOTIMPLEMENTED(); - return false; + DCHECK(!verify_context_); + verify_context_ = new VerifyContext; + OpenSSLErrStackTracer err_tracer(FROM_HERE); + + ScopedOpenSSL algorithm( + d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len)); + if (!algorithm.get()) + return false; + + const EVP_MD* digest = EVP_get_digestbyobj(algorithm.get()->algorithm); + DCHECK(digest); + + signature_.assign(signature, signature + signature_len); + + // BIO_new_mem_buf is not const aware, but it does not modify the buffer. + char* data = reinterpret_cast(const_cast(public_key_info)); + ScopedOpenSSL bio(BIO_new_mem_buf(data, + public_key_info_len)); + if (!bio.get()) + return false; + + verify_context_->public_key.reset(d2i_PUBKEY_bio(bio.get(), NULL)); + if (!verify_context_->public_key.get()) + return false; + + verify_context_->ctx.reset(EVP_MD_CTX_create()); + int rv = EVP_VerifyInit_ex(verify_context_->ctx.get(), digest, NULL); + return rv == 1; } void SignatureVerifier::VerifyUpdate(const uint8* data_part, int data_part_len) { - NOTIMPLEMENTED(); + DCHECK(verify_context_); + OpenSSLErrStackTracer err_tracer(FROM_HERE); + int rv = EVP_VerifyUpdate(verify_context_->ctx.get(), + data_part, data_part_len); + DCHECK_EQ(rv, 1); } bool SignatureVerifier::VerifyFinal() { - NOTIMPLEMENTED(); - return false; + DCHECK(verify_context_); + OpenSSLErrStackTracer err_tracer(FROM_HERE); + int rv = EVP_VerifyFinal(verify_context_->ctx.get(), + signature_.data(), signature_.size(), + verify_context_->public_key.get()); + DCHECK_GE(rv, 0); + Reset(); + return rv == 1; } void SignatureVerifier::Reset() { - NOTIMPLEMENTED(); + delete verify_context_; + verify_context_ = NULL; + signature_.clear(); } } // namespace base -- cgit v1.1