// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/quic/crypto/channel_id.h"
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/ecdsa.h>
#include <openssl/obj_mac.h>
#include <openssl/sha.h>
#include "crypto/openssl_util.h"
using base::StringPiece;
namespace net {
// static
bool ChannelIDVerifier::Verify(StringPiece key,
StringPiece signed_data,
StringPiece signature) {
return VerifyRaw(key, signed_data, signature, true);
}
// static
bool ChannelIDVerifier::VerifyRaw(StringPiece key,
StringPiece signed_data,
StringPiece signature,
bool is_channel_id_signature) {
if (key.size() != 32 * 2 ||
signature.size() != 32 * 2) {
return false;
}
crypto::ScopedOpenSSL<EC_GROUP, EC_GROUP_free> p256(
EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
if (p256.get() == NULL) {
return false;
}
crypto::ScopedOpenSSL<BIGNUM, BN_free> x(BN_new()), y(BN_new()),
r(BN_new()), s(BN_new());
ECDSA_SIG sig;
sig.r = r.get();
sig.s = s.get();
const uint8* key_bytes = reinterpret_cast<const uint8*>(key.data());
const uint8* signature_bytes =
reinterpret_cast<const uint8*>(signature.data());
if (BN_bin2bn(key_bytes + 0, 32, x.get()) == NULL ||
BN_bin2bn(key_bytes + 32, 32, y.get()) == NULL ||
BN_bin2bn(signature_bytes + 0, 32, sig.r) == NULL ||
BN_bin2bn(signature_bytes + 32, 32, sig.s) == NULL) {
return false;
}
crypto::ScopedOpenSSL<EC_POINT, EC_POINT_free> point(
EC_POINT_new(p256.get()));
if (point.get() == NULL ||
!EC_POINT_set_affine_coordinates_GFp(p256.get(), point.get(), x.get(),
y.get(), NULL)) {
return false;
}
crypto::ScopedOpenSSL<EC_KEY, EC_KEY_free> ecdsa_key(EC_KEY_new());
if (ecdsa_key.get() == NULL ||
!EC_KEY_set_group(ecdsa_key.get(), p256.get()) ||
!EC_KEY_set_public_key(ecdsa_key.get(), point.get())) {
return false;
}
SHA256_CTX sha256;
SHA256_Init(&sha256);
if (is_channel_id_signature) {
SHA256_Update(&sha256, kContextStr, strlen(kContextStr) + 1);
SHA256_Update(&sha256, kClientToServerStr, strlen(kClientToServerStr) + 1);
}
SHA256_Update(&sha256, signed_data.data(), signed_data.size());
unsigned char digest[SHA256_DIGEST_LENGTH];
SHA256_Final(digest, &sha256);
return ECDSA_do_verify(digest, sizeof(digest), &sig, ecdsa_key.get()) == 1;
}
} // namespace net