1ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// Use of this source code is governed by a BSD-style license that can be 3c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// found in the LICENSE file. 4c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 5ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen#include "crypto/signature_verifier.h" 6c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 7c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include <stdlib.h> 8c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 9c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include "base/logging.h" 10ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen#include "crypto/cssm_init.h" 11c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 12ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsennamespace crypto { 13c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 14c407dc5cd9bdc5668497f21b26b09d988ab439deBen MurdochSignatureVerifier::SignatureVerifier() : sig_handle_(0) { 15c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott EnsureCSSMInit(); 16c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} 17c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 18c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick ScottSignatureVerifier::~SignatureVerifier() { 19c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott Reset(); 20c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} 21c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 22c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottbool SignatureVerifier::VerifyInit(const uint8* signature_algorithm, 23c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott int signature_algorithm_len, 24c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott const uint8* signature, 25c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott int signature_len, 26c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott const uint8* public_key_info, 27c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott int public_key_info_len) { 28c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott signature_.assign(signature, signature + signature_len); 29c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott public_key_info_.assign(public_key_info, 30c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott public_key_info + public_key_info_len); 31c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 32c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott CSSM_ALGORITHMS key_alg = CSSM_ALGID_RSA; // TODO(wtc): hardcoded. 33c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 34c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott memset(&public_key_, 0, sizeof(public_key_)); 35c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott public_key_.KeyData.Data = const_cast<uint8*>(&public_key_info_[0]); 36c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott public_key_.KeyData.Length = public_key_info_.size(); 37c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott public_key_.KeyHeader.HeaderVersion = CSSM_KEYHEADER_VERSION; 38c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott public_key_.KeyHeader.BlobType = CSSM_KEYBLOB_RAW; 39c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott public_key_.KeyHeader.Format = CSSM_KEYBLOB_RAW_FORMAT_X509; 40c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott public_key_.KeyHeader.AlgorithmId = key_alg; 41c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott public_key_.KeyHeader.KeyClass = CSSM_KEYCLASS_PUBLIC_KEY; 42c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott public_key_.KeyHeader.KeyAttr = CSSM_KEYATTR_EXTRACTABLE; 43c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott public_key_.KeyHeader.KeyUsage = CSSM_KEYUSE_VERIFY; 44c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott CSSM_KEY_SIZE key_size; 45c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott CSSM_RETURN crtn; 46c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch crtn = CSSM_QueryKeySizeInBits(GetSharedCSPHandle(), NULL, 47c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch &public_key_, &key_size); 48c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott if (crtn) { 49c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott NOTREACHED() << "CSSM_QueryKeySizeInBits failed: " << crtn; 50c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott return false; 51c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott } 52c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott public_key_.KeyHeader.LogicalKeySizeInBits = key_size.LogicalKeySizeInBits; 53c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 54c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // TODO(wtc): decode signature_algorithm... 55c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott CSSM_ALGORITHMS sig_alg = CSSM_ALGID_SHA1WithRSA; 56c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 57c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch crtn = CSSM_CSP_CreateSignatureContext(GetSharedCSPHandle(), sig_alg, NULL, 58c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott &public_key_, &sig_handle_); 59c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott if (crtn) { 60c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott NOTREACHED(); 61c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott return false; 62c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott } 63c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott crtn = CSSM_VerifyDataInit(sig_handle_); 64c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott if (crtn) { 65c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott NOTREACHED(); 66c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott return false; 67c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott } 68c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott return true; 69c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} 70c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 71c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottvoid SignatureVerifier::VerifyUpdate(const uint8* data_part, 72c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott int data_part_len) { 73c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott CSSM_DATA data; 74c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott data.Data = const_cast<uint8*>(data_part); 75c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott data.Length = data_part_len; 76c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott CSSM_RETURN crtn = CSSM_VerifyDataUpdate(sig_handle_, &data, 1); 77c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott DCHECK(crtn == CSSM_OK); 78c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} 79c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 80c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottbool SignatureVerifier::VerifyFinal() { 81c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott CSSM_DATA sig; 82c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott sig.Data = const_cast<uint8*>(&signature_[0]); 83c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott sig.Length = signature_.size(); 84c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott CSSM_RETURN crtn = CSSM_VerifyDataFinal(sig_handle_, &sig); 85c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott Reset(); 86c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 87c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // crtn is CSSMERR_CSP_VERIFY_FAILED if signature verification fails. 88c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott return (crtn == CSSM_OK); 89c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} 90c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 91c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottvoid SignatureVerifier::Reset() { 92c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott CSSM_RETURN crtn; 93c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott if (sig_handle_) { 94c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott crtn = CSSM_DeleteContext(sig_handle_); 95c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott DCHECK(crtn == CSSM_OK); 96c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott sig_handle_ = 0; 97c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott } 98c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott signature_.clear(); 99c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 100c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Can't call CSSM_FreeKey on public_key_ because we constructed 101c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // public_key_ manually. 102c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} 103c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 104ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen} // namespace crypto 105c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 106