Google Git
Sign in
android / platform / external / chromium_org / 0b0f963dd8b51fbabf01fa148e5d3eff645300e7 / . / content / child / webcrypto / openssl / rsa_sign_openssl.cc
blob: 1410aabb25ba1c9bcbf78c5b678710130f639c98 [file] [log] [blame]
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "base/numerics/safe_math.h"
#include "content/child/webcrypto/crypto_data.h"
#include "content/child/webcrypto/openssl/key_openssl.h"
#include "content/child/webcrypto/openssl/rsa_key_openssl.h"
#include "content/child/webcrypto/openssl/rsa_sign_openssl.h"
#include "content/child/webcrypto/openssl/util_openssl.h"
#include "content/child/webcrypto/status.h"
#include "crypto/openssl_util.h"
#include "crypto/scoped_openssl_types.h"
#include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
namespace content {
namespace webcrypto {
namespace {
// Extracts the OpenSSL key and digest from a WebCrypto key. The returned
// pointers will remain valid as long as |key| is alive.
Status GetPKeyAndDigest(const blink::WebCryptoKey& key,
EVP_PKEY** pkey,
const EVP_MD** digest) {
*pkey = AsymKeyOpenSsl::Cast(key)->key();
*digest = GetDigest(key.algorithm().rsaHashedParams()->hash().id());
if (!*digest)
return Status::ErrorUnsupported();
return Status::Success();
}
// Sets the PSS parameters on |pctx| if the key is for RSA-PSS.
//
// Otherwise returns Success without doing anything.
Status ApplyRsaPssOptions(const blink::WebCryptoKey& key,
const EVP_MD* const mgf_digest,
unsigned int salt_length_bytes,
EVP_PKEY_CTX* pctx) {
// Only apply RSA-PSS options if the key is for RSA-PSS.
if (key.algorithm().id() != blink::WebCryptoAlgorithmIdRsaPss) {
DCHECK_EQ(0u, salt_length_bytes);
DCHECK_EQ(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, key.algorithm().id());
return Status::Success();
}
// BoringSSL takes a signed int for the salt length, and interprets
// negative values in a special manner. Make sure not to silently underflow.
base::CheckedNumeric<int> salt_length_bytes_int(salt_length_bytes);
if (!salt_length_bytes_int.IsValid()) {
// TODO(eroman): Give a better error message.
return Status::OperationError();
}
if (1 != EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) ||
1 != EVP_PKEY_CTX_set_rsa_mgf1_md(pctx, mgf_digest) ||
1 != EVP_PKEY_CTX_set_rsa_pss_saltlen(
pctx, salt_length_bytes_int.ValueOrDie())) {
return Status::OperationError();
}
return Status::Success();
}
} // namespace
Status RsaSign(const blink::WebCryptoKey& key,
unsigned int pss_salt_length_bytes,
const CryptoData& data,
std::vector<uint8_t>* buffer) {
if (key.type() != blink::WebCryptoKeyTypePrivate)
return Status::ErrorUnexpectedKeyType();
crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
crypto::ScopedEVP_MD_CTX ctx(EVP_MD_CTX_create());
EVP_PKEY_CTX* pctx = NULL; // Owned by |ctx|.
EVP_PKEY* private_key = NULL;
const EVP_MD* digest = NULL;
Status status = GetPKeyAndDigest(key, &private_key, &digest);
if (status.IsError())
return status;
// NOTE: A call to EVP_DigestSignFinal() with a NULL second parameter
// returns a maximum allocation size, while the call without a NULL returns
// the real one, which may be smaller.
size_t sig_len = 0;
if (!ctx.get() ||
!EVP_DigestSignInit(ctx.get(), &pctx, digest, NULL, private_key)) {
return Status::OperationError();
}
// Set PSS-specific options (if applicable).
status = ApplyRsaPssOptions(key, digest, pss_salt_length_bytes, pctx);
if (status.IsError())
return status;
if (!EVP_DigestSignUpdate(ctx.get(), data.bytes(), data.byte_length()) ||
!EVP_DigestSignFinal(ctx.get(), NULL, &sig_len)) {
return Status::OperationError();
}
buffer->resize(sig_len);
if (!EVP_DigestSignFinal(ctx.get(), &buffer->front(), &sig_len))
return Status::OperationError();
buffer->resize(sig_len);
return Status::Success();
}
Status RsaVerify(const blink::WebCryptoKey& key,
unsigned int pss_salt_length_bytes,
const CryptoData& signature,
const CryptoData& data,
bool* signature_match) {
if (key.type() != blink::WebCryptoKeyTypePublic)
return Status::ErrorUnexpectedKeyType();
crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
crypto::ScopedEVP_MD_CTX ctx(EVP_MD_CTX_create());
EVP_PKEY_CTX* pctx = NULL; // Owned by |ctx|.
EVP_PKEY* public_key = NULL;
const EVP_MD* digest = NULL;
Status status = GetPKeyAndDigest(key, &public_key, &digest);
if (status.IsError())
return status;
if (!EVP_DigestVerifyInit(ctx.get(), &pctx, digest, NULL, public_key))
return Status::OperationError();
// Set PSS-specific options (if applicable).
status = ApplyRsaPssOptions(key, digest, pss_salt_length_bytes, pctx);
if (status.IsError())
return status;
if (!EVP_DigestVerifyUpdate(ctx.get(), data.bytes(), data.byte_length()))
return Status::OperationError();
// Note that the return value can be:
// 1 --> Success
// 0 --> Verification failed
// <0 --> Operation error
int rv = EVP_DigestVerifyFinal(
ctx.get(), signature.bytes(), signature.byte_length());
*signature_match = rv == 1;
return rv >= 0 ? Status::Success() : Status::OperationError();
}
} // namespace webcrypto
} // namespace content