1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
// Copyright 2025 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "crypto/sign.h"
#include "base/check.h"
#include "base/check_op.h"
#include "crypto/openssl_util.h"
#include "third_party/boringssl/src/include/openssl/evp.h"
#include "third_party/boringssl/src/include/openssl/rsa.h"
namespace crypto::sign {
namespace {
bool CanUseKeyForSignatureKind(SignatureKind kind,
const crypto::keypair::PrivateKey& key) {
return true;
}
bool CanUseKeyForSignatureKind(SignatureKind kind,
const crypto::keypair::PublicKey& key) {
return true;
}
const EVP_MD* DigestForSignatureKind(SignatureKind kind) {
switch (kind) {
case RSA_PKCS1_SHA1:
return EVP_sha1();
case RSA_PKCS1_SHA256:
return EVP_sha256();
case RSA_PSS_SHA256:
return EVP_sha256();
case ECDSA_SHA256:
return EVP_sha256();
}
}
} // namespace
std::vector<uint8_t> Sign(SignatureKind kind,
const crypto::keypair::PrivateKey& key,
base::span<const uint8_t> data) {
Signer signer(kind, key);
signer.Update(data);
return signer.Finish();
}
bool Verify(SignatureKind kind,
const crypto::keypair::PublicKey& key,
base::span<const uint8_t> data,
base::span<const uint8_t> signature) {
Verifier verifier(kind, key, signature);
verifier.Update(data);
return verifier.Finish();
}
Signer::Signer(SignatureKind kind, crypto::keypair::PrivateKey key)
: key_(key), sign_context_(EVP_MD_CTX_new()) {
CHECK(CanUseKeyForSignatureKind(kind, key));
OpenSSLErrStackTracer err_tracer(FROM_HERE);
const EVP_MD* const md = DigestForSignatureKind(kind);
EVP_PKEY_CTX* pkctx;
CHECK(
EVP_DigestSignInit(sign_context_.get(), &pkctx, md, nullptr, key.key()));
if (kind == RSA_PSS_SHA256) {
CHECK(EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING));
CHECK(EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, md));
// -1 here means "use digest's length"
CHECK(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, -1));
}
}
Signer::~Signer() = default;
void Signer::Update(base::span<const uint8_t> data) {
CHECK(EVP_DigestSignUpdate(sign_context_.get(), data.data(), data.size()));
}
std::vector<uint8_t> Signer::Finish() {
OpenSSLErrStackTracer err_tracer(FROM_HERE);
size_t len = 0;
// Determine the maximum length of the signature.
CHECK(EVP_DigestSignFinal(sign_context_.get(), nullptr, &len));
std::vector<uint8_t> signature(len);
CHECK(EVP_DigestSignFinal(sign_context_.get(), signature.data(), &len));
signature.resize(len);
return signature;
}
Verifier::Verifier(SignatureKind kind,
crypto::keypair::PublicKey key,
base::span<const uint8_t> signature)
: key_(key), verify_context_(EVP_MD_CTX_new()) {
OpenSSLErrStackTracer err_tracer(FROM_HERE);
CHECK(CanUseKeyForSignatureKind(kind, key));
signature_.resize(signature.size());
base::span(signature_).copy_from(signature);
EVP_PKEY_CTX* pkctx;
const EVP_MD* const md = DigestForSignatureKind(kind);
CHECK(EVP_DigestVerifyInit(verify_context_.get(), &pkctx, md, nullptr,
key.key()));
if (kind == RSA_PSS_SHA256) {
CHECK(EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING));
CHECK(EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, md));
// -1 here means "use digest's length"
CHECK(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, -1));
}
}
Verifier::~Verifier() = default;
void Verifier::Update(base::span<const uint8_t> data) {
OpenSSLErrStackTracer err_tracer(FROM_HERE);
CHECK_EQ(
EVP_DigestVerifyUpdate(verify_context_.get(), data.data(), data.size()),
1);
}
bool Verifier::Finish() {
OpenSSLErrStackTracer err_tracer(FROM_HERE);
int rv = EVP_DigestVerifyFinal(verify_context_.get(), signature_.data(),
signature_.size());
return rv == 1;
}
} // namespace crypto::sign
|
