1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "crypto/ec_signature_creator_impl.h"
6
7#include <openssl/bn.h>
8#include <openssl/ec.h>
9#include <openssl/ecdsa.h>
10#include <openssl/evp.h>
11#include <openssl/sha.h>
12
13#include "base/logging.h"
14#include "crypto/ec_private_key.h"
15#include "crypto/openssl_util.h"
16#include "crypto/scoped_openssl_types.h"
17
18namespace crypto {
19
20namespace {
21
22typedef ScopedOpenSSL<ECDSA_SIG, ECDSA_SIG_free>::Type ScopedECDSA_SIG;
23
24}  // namespace
25
26ECSignatureCreatorImpl::ECSignatureCreatorImpl(ECPrivateKey* key)
27    : key_(key), signature_len_(0) {
28  EnsureOpenSSLInit();
29}
30
31ECSignatureCreatorImpl::~ECSignatureCreatorImpl() {}
32
33bool ECSignatureCreatorImpl::Sign(const uint8* data,
34                                  int data_len,
35                                  std::vector<uint8>* signature) {
36  OpenSSLErrStackTracer err_tracer(FROM_HERE);
37  ScopedEVP_MD_CTX ctx(EVP_MD_CTX_create());
38  size_t sig_len = 0;
39  if (!ctx.get() ||
40      !EVP_DigestSignInit(ctx.get(), NULL, EVP_sha256(), NULL, key_->key()) ||
41      !EVP_DigestSignUpdate(ctx.get(), data, data_len) ||
42      !EVP_DigestSignFinal(ctx.get(), NULL, &sig_len)) {
43    return false;
44  }
45
46  signature->resize(sig_len);
47  if (!EVP_DigestSignFinal(ctx.get(), &signature->front(), &sig_len))
48    return false;
49
50  // NOTE: A call to EVP_DigestSignFinal() with a NULL second parameter returns
51  // a maximum allocation size, while the call without a NULL returns the real
52  // one, which may be smaller.
53  signature->resize(sig_len);
54  return true;
55}
56
57bool ECSignatureCreatorImpl::DecodeSignature(const std::vector<uint8>& der_sig,
58                                             std::vector<uint8>* out_raw_sig) {
59  OpenSSLErrStackTracer err_tracer(FROM_HERE);
60  // Create ECDSA_SIG object from DER-encoded data.
61  const unsigned char* der_data = &der_sig.front();
62  ScopedECDSA_SIG ecdsa_sig(
63      d2i_ECDSA_SIG(NULL, &der_data, static_cast<long>(der_sig.size())));
64  if (!ecdsa_sig.get())
65    return false;
66
67  // The result is made of two 32-byte vectors.
68  const size_t kMaxBytesPerBN = 32;
69  std::vector<uint8> result;
70  result.resize(2 * kMaxBytesPerBN);
71  memset(&result[0], 0, result.size());
72
73  BIGNUM* r = ecdsa_sig.get()->r;
74  BIGNUM* s = ecdsa_sig.get()->s;
75  int r_bytes = BN_num_bytes(r);
76  int s_bytes = BN_num_bytes(s);
77  // NOTE: Can't really check for equality here since sometimes the value
78  // returned by BN_num_bytes() will be slightly smaller than kMaxBytesPerBN.
79  if (r_bytes > static_cast<int>(kMaxBytesPerBN) ||
80      s_bytes > static_cast<int>(kMaxBytesPerBN)) {
81    DLOG(ERROR) << "Invalid key sizes r(" << r_bytes << ") s(" << s_bytes
82                << ")";
83    return false;
84  }
85  BN_bn2bin(ecdsa_sig.get()->r, &result[kMaxBytesPerBN - r_bytes]);
86  BN_bn2bin(ecdsa_sig.get()->s, &result[2 * kMaxBytesPerBN - s_bytes]);
87  out_raw_sig->swap(result);
88  return true;
89}
90
91}  // namespace crypto
92