1// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "crypto/signature_verifier.h" 6 7#include <openssl/evp.h> 8#include <openssl/x509.h> 9 10#include <vector> 11 12#include "base/logging.h" 13#include "base/memory/scoped_ptr.h" 14#include "base/stl_util-inl.h" 15#include "crypto/openssl_util.h" 16 17namespace crypto { 18 19struct SignatureVerifier::VerifyContext { 20 ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> public_key; 21 ScopedOpenSSL<EVP_MD_CTX, EVP_MD_CTX_destroy> ctx; 22}; 23 24SignatureVerifier::SignatureVerifier() 25 : verify_context_(NULL) { 26} 27 28SignatureVerifier::~SignatureVerifier() { 29 Reset(); 30} 31 32bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm, 33 int signature_algorithm_len, 34 const uint8* signature, 35 int signature_len, 36 const uint8* public_key_info, 37 int public_key_info_len) { 38 DCHECK(!verify_context_); 39 verify_context_ = new VerifyContext; 40 OpenSSLErrStackTracer err_tracer(FROM_HERE); 41 42 ScopedOpenSSL<X509_ALGOR, X509_ALGOR_free> algorithm( 43 d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len)); 44 if (!algorithm.get()) 45 return false; 46 47 const EVP_MD* digest = EVP_get_digestbyobj(algorithm.get()->algorithm); 48 DCHECK(digest); 49 50 signature_.assign(signature, signature + signature_len); 51 52 // BIO_new_mem_buf is not const aware, but it does not modify the buffer. 53 char* data = reinterpret_cast<char*>(const_cast<uint8*>(public_key_info)); 54 ScopedOpenSSL<BIO, BIO_free_all> bio(BIO_new_mem_buf(data, 55 public_key_info_len)); 56 if (!bio.get()) 57 return false; 58 59 verify_context_->public_key.reset(d2i_PUBKEY_bio(bio.get(), NULL)); 60 if (!verify_context_->public_key.get()) 61 return false; 62 63 verify_context_->ctx.reset(EVP_MD_CTX_create()); 64 int rv = EVP_VerifyInit_ex(verify_context_->ctx.get(), digest, NULL); 65 return rv == 1; 66} 67 68void SignatureVerifier::VerifyUpdate(const uint8* data_part, 69 int data_part_len) { 70 DCHECK(verify_context_); 71 OpenSSLErrStackTracer err_tracer(FROM_HERE); 72 int rv = EVP_VerifyUpdate(verify_context_->ctx.get(), 73 data_part, data_part_len); 74 DCHECK_EQ(rv, 1); 75} 76 77bool SignatureVerifier::VerifyFinal() { 78 DCHECK(verify_context_); 79 OpenSSLErrStackTracer err_tracer(FROM_HERE); 80 int rv = EVP_VerifyFinal(verify_context_->ctx.get(), 81 vector_as_array(&signature_), signature_.size(), 82 verify_context_->public_key.get()); 83 DCHECK_GE(rv, 0); 84 Reset(); 85 return rv == 1; 86} 87 88void SignatureVerifier::Reset() { 89 delete verify_context_; 90 verify_context_ = NULL; 91 signature_.clear(); 92} 93 94} // namespace crypto 95