1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "crypto/ec_signature_creator_impl.h" 6 7#include <openssl/bn.h> 8#include <openssl/ec.h> 9#include <openssl/ecdsa.h> 10#include <openssl/evp.h> 11#include <openssl/sha.h> 12 13#include "base/logging.h" 14#include "crypto/ec_private_key.h" 15#include "crypto/openssl_util.h" 16#include "crypto/scoped_openssl_types.h" 17 18namespace crypto { 19 20namespace { 21 22typedef ScopedOpenSSL<ECDSA_SIG, ECDSA_SIG_free>::Type ScopedECDSA_SIG; 23 24} // namespace 25 26ECSignatureCreatorImpl::ECSignatureCreatorImpl(ECPrivateKey* key) 27 : key_(key), signature_len_(0) { 28 EnsureOpenSSLInit(); 29} 30 31ECSignatureCreatorImpl::~ECSignatureCreatorImpl() {} 32 33bool ECSignatureCreatorImpl::Sign(const uint8* data, 34 int data_len, 35 std::vector<uint8>* signature) { 36 OpenSSLErrStackTracer err_tracer(FROM_HERE); 37 ScopedEVP_MD_CTX ctx(EVP_MD_CTX_create()); 38 size_t sig_len = 0; 39 if (!ctx.get() || 40 !EVP_DigestSignInit(ctx.get(), NULL, EVP_sha256(), NULL, key_->key()) || 41 !EVP_DigestSignUpdate(ctx.get(), data, data_len) || 42 !EVP_DigestSignFinal(ctx.get(), NULL, &sig_len)) { 43 return false; 44 } 45 46 signature->resize(sig_len); 47 if (!EVP_DigestSignFinal(ctx.get(), &signature->front(), &sig_len)) 48 return false; 49 50 // NOTE: A call to EVP_DigestSignFinal() with a NULL second parameter returns 51 // a maximum allocation size, while the call without a NULL returns the real 52 // one, which may be smaller. 53 signature->resize(sig_len); 54 return true; 55} 56 57bool ECSignatureCreatorImpl::DecodeSignature(const std::vector<uint8>& der_sig, 58 std::vector<uint8>* out_raw_sig) { 59 OpenSSLErrStackTracer err_tracer(FROM_HERE); 60 // Create ECDSA_SIG object from DER-encoded data. 61 const unsigned char* der_data = &der_sig.front(); 62 ScopedECDSA_SIG ecdsa_sig( 63 d2i_ECDSA_SIG(NULL, &der_data, static_cast<long>(der_sig.size()))); 64 if (!ecdsa_sig.get()) 65 return false; 66 67 // The result is made of two 32-byte vectors. 68 const size_t kMaxBytesPerBN = 32; 69 std::vector<uint8> result; 70 result.resize(2 * kMaxBytesPerBN); 71 memset(&result[0], 0, result.size()); 72 73 BIGNUM* r = ecdsa_sig.get()->r; 74 BIGNUM* s = ecdsa_sig.get()->s; 75 int r_bytes = BN_num_bytes(r); 76 int s_bytes = BN_num_bytes(s); 77 // NOTE: Can't really check for equality here since sometimes the value 78 // returned by BN_num_bytes() will be slightly smaller than kMaxBytesPerBN. 79 if (r_bytes > static_cast<int>(kMaxBytesPerBN) || 80 s_bytes > static_cast<int>(kMaxBytesPerBN)) { 81 DLOG(ERROR) << "Invalid key sizes r(" << r_bytes << ") s(" << s_bytes 82 << ")"; 83 return false; 84 } 85 BN_bn2bin(ecdsa_sig.get()->r, &result[kMaxBytesPerBN - r_bytes]); 86 BN_bn2bin(ecdsa_sig.get()->s, &result[2 * kMaxBytesPerBN - s_bytes]); 87 out_raw_sig->swap(result); 88 return true; 89} 90 91} // namespace crypto 92