OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "crypto/ec_signature_creator_impl.h" | 5 #include "crypto/ec_signature_creator_impl.h" |
6 | 6 |
7 #include <cryptohi.h> | 7 #include <cryptohi.h> |
8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
9 #include <secerr.h> | 9 #include <secerr.h> |
10 #include <sechash.h> | 10 #include <sechash.h> |
11 #if defined(OS_POSIX) | 11 #if defined(OS_POSIX) |
| 12 #include <stddef.h> |
| 13 #include <stdint.h> |
12 #include <unistd.h> | 14 #include <unistd.h> |
13 #endif | 15 #endif |
14 | 16 |
15 #include "base/logging.h" | 17 #include "base/logging.h" |
16 #include "crypto/ec_private_key.h" | 18 #include "crypto/ec_private_key.h" |
17 #include "crypto/nss_util.h" | 19 #include "crypto/nss_util.h" |
18 #include "crypto/scoped_nss_types.h" | 20 #include "crypto/scoped_nss_types.h" |
19 | 21 |
20 namespace crypto { | 22 namespace crypto { |
21 | 23 |
22 namespace { | 24 namespace { |
23 | 25 |
24 SECStatus SignData(SECItem* result, | 26 SECStatus SignData(SECItem* result, |
25 SECItem* input, | 27 SECItem* input, |
26 SECKEYPrivateKey* key, | 28 SECKEYPrivateKey* key, |
27 HASH_HashType hash_type) { | 29 HASH_HashType hash_type) { |
28 if (key->keyType != ecKey) { | 30 if (key->keyType != ecKey) { |
29 DLOG(FATAL) << "Should be using an EC key."; | 31 DLOG(FATAL) << "Should be using an EC key."; |
30 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 32 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
31 return SECFailure; | 33 return SECFailure; |
32 } | 34 } |
33 | 35 |
34 // Hash the input. | 36 // Hash the input. |
35 std::vector<uint8> hash_data(HASH_ResultLen(hash_type)); | 37 std::vector<uint8_t> hash_data(HASH_ResultLen(hash_type)); |
36 SECStatus rv = HASH_HashBuf( | 38 SECStatus rv = HASH_HashBuf( |
37 hash_type, &hash_data[0], input->data, input->len); | 39 hash_type, &hash_data[0], input->data, input->len); |
38 if (rv != SECSuccess) | 40 if (rv != SECSuccess) |
39 return rv; | 41 return rv; |
40 SECItem hash = {siBuffer, &hash_data[0], | 42 SECItem hash = {siBuffer, &hash_data[0], |
41 static_cast<unsigned int>(hash_data.size())}; | 43 static_cast<unsigned int>(hash_data.size())}; |
42 | 44 |
43 // Compute signature of hash. | 45 // Compute signature of hash. |
44 int signature_len = PK11_SignatureLen(key); | 46 int signature_len = PK11_SignatureLen(key); |
45 std::vector<uint8> signature_data(signature_len); | 47 std::vector<uint8_t> signature_data(signature_len); |
46 SECItem sig = {siBuffer, &signature_data[0], | 48 SECItem sig = {siBuffer, &signature_data[0], |
47 static_cast<unsigned int>(signature_len)}; | 49 static_cast<unsigned int>(signature_len)}; |
48 rv = PK11_Sign(key, &sig, &hash); | 50 rv = PK11_Sign(key, &sig, &hash); |
49 if (rv != SECSuccess) | 51 if (rv != SECSuccess) |
50 return rv; | 52 return rv; |
51 | 53 |
52 // DER encode the signature. | 54 // DER encode the signature. |
53 return DSAU_EncodeDerSigWithLen(result, &sig, sig.len); | 55 return DSAU_EncodeDerSigWithLen(result, &sig, sig.len); |
54 } | 56 } |
55 | 57 |
56 } // namespace | 58 } // namespace |
57 | 59 |
58 ECSignatureCreatorImpl::ECSignatureCreatorImpl(ECPrivateKey* key) | 60 ECSignatureCreatorImpl::ECSignatureCreatorImpl(ECPrivateKey* key) |
59 : key_(key) { | 61 : key_(key) { |
60 EnsureNSSInit(); | 62 EnsureNSSInit(); |
61 } | 63 } |
62 | 64 |
63 ECSignatureCreatorImpl::~ECSignatureCreatorImpl() {} | 65 ECSignatureCreatorImpl::~ECSignatureCreatorImpl() {} |
64 | 66 |
65 bool ECSignatureCreatorImpl::Sign(const uint8* data, | 67 bool ECSignatureCreatorImpl::Sign(const uint8_t* data, |
66 int data_len, | 68 int data_len, |
67 std::vector<uint8>* signature) { | 69 std::vector<uint8_t>* signature) { |
68 // Data to be signed | 70 // Data to be signed |
69 SECItem secret; | 71 SECItem secret; |
70 secret.type = siBuffer; | 72 secret.type = siBuffer; |
71 secret.len = data_len; | 73 secret.len = data_len; |
72 secret.data = const_cast<unsigned char*>(data); | 74 secret.data = const_cast<unsigned char*>(data); |
73 | 75 |
74 // SECItem to receive the output buffer. | 76 // SECItem to receive the output buffer. |
75 SECItem result; | 77 SECItem result; |
76 result.type = siBuffer; | 78 result.type = siBuffer; |
77 result.len = 0; | 79 result.len = 0; |
78 result.data = NULL; | 80 result.data = NULL; |
79 | 81 |
80 // Sign the secret data and save it to |result|. | 82 // Sign the secret data and save it to |result|. |
81 SECStatus rv = | 83 SECStatus rv = |
82 SignData(&result, &secret, key_->key(), HASH_AlgSHA256); | 84 SignData(&result, &secret, key_->key(), HASH_AlgSHA256); |
83 if (rv != SECSuccess) { | 85 if (rv != SECSuccess) { |
84 DLOG(ERROR) << "DerSignData: " << PORT_GetError(); | 86 DLOG(ERROR) << "DerSignData: " << PORT_GetError(); |
85 return false; | 87 return false; |
86 } | 88 } |
87 | 89 |
88 // Copy the signed data into the output vector. | 90 // Copy the signed data into the output vector. |
89 signature->assign(result.data, result.data + result.len); | 91 signature->assign(result.data, result.data + result.len); |
90 SECITEM_FreeItem(&result, PR_FALSE /* only free |result.data| */); | 92 SECITEM_FreeItem(&result, PR_FALSE /* only free |result.data| */); |
91 return true; | 93 return true; |
92 } | 94 } |
93 | 95 |
94 bool ECSignatureCreatorImpl::DecodeSignature( | 96 bool ECSignatureCreatorImpl::DecodeSignature( |
95 const std::vector<uint8>& der_sig, | 97 const std::vector<uint8_t>& der_sig, |
96 std::vector<uint8>* out_raw_sig) { | 98 std::vector<uint8_t>* out_raw_sig) { |
97 SECItem der_sig_item; | 99 SECItem der_sig_item; |
98 der_sig_item.type = siBuffer; | 100 der_sig_item.type = siBuffer; |
99 der_sig_item.len = der_sig.size(); | 101 der_sig_item.len = der_sig.size(); |
100 der_sig_item.data = const_cast<uint8*>(&der_sig[0]); | 102 der_sig_item.data = const_cast<uint8_t*>(&der_sig[0]); |
101 | 103 |
102 size_t signature_len = SECKEY_SignatureLen(key_->public_key()); | 104 size_t signature_len = SECKEY_SignatureLen(key_->public_key()); |
103 if (signature_len == 0) | 105 if (signature_len == 0) |
104 return false; | 106 return false; |
105 | 107 |
106 SECItem* raw_sig = DSAU_DecodeDerSigToLen(&der_sig_item, signature_len); | 108 SECItem* raw_sig = DSAU_DecodeDerSigToLen(&der_sig_item, signature_len); |
107 if (!raw_sig) | 109 if (!raw_sig) |
108 return false; | 110 return false; |
109 out_raw_sig->assign(raw_sig->data, raw_sig->data + raw_sig->len); | 111 out_raw_sig->assign(raw_sig->data, raw_sig->data + raw_sig->len); |
110 SECITEM_FreeItem(raw_sig, PR_TRUE /* free SECItem structure itself. */); | 112 SECITEM_FreeItem(raw_sig, PR_TRUE /* free SECItem structure itself. */); |
111 return true; | 113 return true; |
112 } | 114 } |
113 | 115 |
114 } // namespace crypto | 116 } // namespace crypto |
OLD | NEW |