crypto: Implement ECSignatureCreatorImpl for OpenSSL
BUG=306176 TEST=crypto_unittests --gtest_filter=ECSignatureCreatorTest.* R=rsleevi@chromium.org,agl@chromium.org,wtc@chromium.org Review URL: https://codereview.chromium.org/43663005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@231048 0039d316-1c4b-4281-b951-d872f2087c98
This commit is contained in:
@ -4,13 +4,21 @@
|
||||
|
||||
#include "crypto/ec_signature_creator_impl.h"
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/ec.h>
|
||||
#include <openssl/ecdsa.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/sha.h>
|
||||
|
||||
#include "base/logging.h"
|
||||
#include "crypto/ec_private_key.h"
|
||||
#include "crypto/openssl_util.h"
|
||||
|
||||
namespace crypto {
|
||||
|
||||
ECSignatureCreatorImpl::ECSignatureCreatorImpl(ECPrivateKey* key)
|
||||
: key_(key) {
|
||||
NOTIMPLEMENTED();
|
||||
: key_(key), signature_len_(0) {
|
||||
EnsureOpenSSLInit();
|
||||
}
|
||||
|
||||
ECSignatureCreatorImpl::~ECSignatureCreatorImpl() {}
|
||||
@ -18,14 +26,59 @@ ECSignatureCreatorImpl::~ECSignatureCreatorImpl() {}
|
||||
bool ECSignatureCreatorImpl::Sign(const uint8* data,
|
||||
int data_len,
|
||||
std::vector<uint8>* signature) {
|
||||
NOTIMPLEMENTED();
|
||||
return false;
|
||||
OpenSSLErrStackTracer err_tracer(FROM_HERE);
|
||||
ScopedOpenSSL<EVP_MD_CTX, EVP_MD_CTX_destroy> ctx(EVP_MD_CTX_create());
|
||||
size_t sig_len = 0;
|
||||
if (!ctx.get() ||
|
||||
!EVP_DigestSignInit(ctx.get(), NULL, EVP_sha256(), NULL, key_->key()) ||
|
||||
!EVP_DigestSignUpdate(ctx.get(), data, data_len) ||
|
||||
!EVP_DigestSignFinal(ctx.get(), NULL, &sig_len)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
signature->resize(sig_len);
|
||||
if (!EVP_DigestSignFinal(ctx.get(), &signature->front(), &sig_len))
|
||||
return false;
|
||||
|
||||
// NOTE: A call to EVP_DigestSignFinal() with a NULL second parameter returns
|
||||
// a maximum allocation size, while the call without a NULL returns the real
|
||||
// one, which may be smaller.
|
||||
signature->resize(sig_len);
|
||||
return true;
|
||||
}
|
||||
|
||||
bool ECSignatureCreatorImpl::DecodeSignature(const std::vector<uint8>& der_sig,
|
||||
std::vector<uint8>* out_raw_sig) {
|
||||
NOTIMPLEMENTED();
|
||||
return false;
|
||||
OpenSSLErrStackTracer err_tracer(FROM_HERE);
|
||||
// Create ECDSA_SIG object from DER-encoded data.
|
||||
const unsigned char* der_data = &der_sig.front();
|
||||
ScopedOpenSSL<ECDSA_SIG, ECDSA_SIG_free> ecdsa_sig(
|
||||
d2i_ECDSA_SIG(NULL, &der_data, static_cast<long>(der_sig.size())));
|
||||
if (!ecdsa_sig.get())
|
||||
return false;
|
||||
|
||||
// The result is made of two 32-byte vectors.
|
||||
const size_t kMaxBytesPerBN = 32;
|
||||
std::vector<uint8> result;
|
||||
result.resize(2 * kMaxBytesPerBN);
|
||||
memset(&result[0], 0, result.size());
|
||||
|
||||
BIGNUM* r = ecdsa_sig.get()->r;
|
||||
BIGNUM* s = ecdsa_sig.get()->s;
|
||||
int r_bytes = BN_num_bytes(r);
|
||||
int s_bytes = BN_num_bytes(s);
|
||||
// NOTE: Can't really check for equality here since sometimes the value
|
||||
// returned by BN_num_bytes() will be slightly smaller than kMaxBytesPerBN.
|
||||
if (r_bytes > static_cast<int>(kMaxBytesPerBN) ||
|
||||
s_bytes > static_cast<int>(kMaxBytesPerBN)) {
|
||||
DLOG(ERROR) << "Invalid key sizes r(" << r_bytes << ") s(" << s_bytes
|
||||
<< ")";
|
||||
return false;
|
||||
}
|
||||
BN_bn2bin(ecdsa_sig.get()->r, &result[kMaxBytesPerBN - r_bytes]);
|
||||
BN_bn2bin(ecdsa_sig.get()->s, &result[2 * kMaxBytesPerBN - s_bytes]);
|
||||
out_raw_sig->swap(result);
|
||||
return true;
|
||||
}
|
||||
|
||||
} // namespace crypto
|
||||
|
@ -12,17 +12,9 @@
|
||||
#include "crypto/signature_verifier.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
|
||||
#if defined(USE_OPENSSL)
|
||||
// Once ECSignatureCreator is implemented for OpenSSL, remove this #if block.
|
||||
// TODO(rch): When that happens, also add some exported keys from each to
|
||||
// TODO(rch): Add some exported keys from each to
|
||||
// test interop between NSS and OpenSSL.
|
||||
TEST(ECSignatureCreatorTest, OpenSSLStub) {
|
||||
scoped_ptr<crypto::ECSignatureCreator> signer(
|
||||
crypto::ECSignatureCreator::Create(NULL));
|
||||
ASSERT_TRUE(signer.get());
|
||||
EXPECT_FALSE(signer->Sign(NULL, 0, NULL));
|
||||
}
|
||||
#else
|
||||
|
||||
TEST(ECSignatureCreatorTest, BasicTest) {
|
||||
// Do a verify round trip.
|
||||
scoped_ptr<crypto::ECPrivateKey> key_original(
|
||||
@ -81,4 +73,3 @@ TEST(ECSignatureCreatorTest, BasicTest) {
|
||||
data.size());
|
||||
ASSERT_TRUE(verifier.VerifyFinal());
|
||||
}
|
||||
#endif // !defined(USE_OPENSSL)
|
||||
|
Reference in New Issue
Block a user