OLD | NEW |
| (Empty) |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "crypto/ec_signature_creator_impl.h" | |
6 | |
7 #include <cryptohi.h> | |
8 #include <pk11pub.h> | |
9 #include <secerr.h> | |
10 #include <sechash.h> | |
11 #if defined(OS_POSIX) | |
12 #include <stddef.h> | |
13 #include <stdint.h> | |
14 #include <unistd.h> | |
15 #endif | |
16 | |
17 #include "base/logging.h" | |
18 #include "crypto/ec_private_key.h" | |
19 #include "crypto/nss_util.h" | |
20 #include "crypto/scoped_nss_types.h" | |
21 | |
22 namespace crypto { | |
23 | |
24 namespace { | |
25 | |
26 SECStatus SignData(SECItem* result, | |
27 SECItem* input, | |
28 SECKEYPrivateKey* key, | |
29 HASH_HashType hash_type) { | |
30 if (key->keyType != ecKey) { | |
31 DLOG(FATAL) << "Should be using an EC key."; | |
32 PORT_SetError(SEC_ERROR_INVALID_ARGS); | |
33 return SECFailure; | |
34 } | |
35 | |
36 // Hash the input. | |
37 std::vector<uint8_t> hash_data(HASH_ResultLen(hash_type)); | |
38 SECStatus rv = HASH_HashBuf( | |
39 hash_type, &hash_data[0], input->data, input->len); | |
40 if (rv != SECSuccess) | |
41 return rv; | |
42 SECItem hash = {siBuffer, &hash_data[0], | |
43 static_cast<unsigned int>(hash_data.size())}; | |
44 | |
45 // Compute signature of hash. | |
46 int signature_len = PK11_SignatureLen(key); | |
47 std::vector<uint8_t> signature_data(signature_len); | |
48 SECItem sig = {siBuffer, &signature_data[0], | |
49 static_cast<unsigned int>(signature_len)}; | |
50 rv = PK11_Sign(key, &sig, &hash); | |
51 if (rv != SECSuccess) | |
52 return rv; | |
53 | |
54 // DER encode the signature. | |
55 return DSAU_EncodeDerSigWithLen(result, &sig, sig.len); | |
56 } | |
57 | |
58 } // namespace | |
59 | |
60 ECSignatureCreatorImpl::ECSignatureCreatorImpl(ECPrivateKey* key) | |
61 : key_(key) { | |
62 EnsureNSSInit(); | |
63 } | |
64 | |
65 ECSignatureCreatorImpl::~ECSignatureCreatorImpl() {} | |
66 | |
67 bool ECSignatureCreatorImpl::Sign(const uint8_t* data, | |
68 int data_len, | |
69 std::vector<uint8_t>* signature) { | |
70 // Data to be signed | |
71 SECItem secret; | |
72 secret.type = siBuffer; | |
73 secret.len = data_len; | |
74 secret.data = const_cast<unsigned char*>(data); | |
75 | |
76 // SECItem to receive the output buffer. | |
77 SECItem result; | |
78 result.type = siBuffer; | |
79 result.len = 0; | |
80 result.data = NULL; | |
81 | |
82 // Sign the secret data and save it to |result|. | |
83 SECStatus rv = | |
84 SignData(&result, &secret, key_->key(), HASH_AlgSHA256); | |
85 if (rv != SECSuccess) { | |
86 DLOG(ERROR) << "DerSignData: " << PORT_GetError(); | |
87 return false; | |
88 } | |
89 | |
90 // Copy the signed data into the output vector. | |
91 signature->assign(result.data, result.data + result.len); | |
92 SECITEM_FreeItem(&result, PR_FALSE /* only free |result.data| */); | |
93 return true; | |
94 } | |
95 | |
96 bool ECSignatureCreatorImpl::DecodeSignature( | |
97 const std::vector<uint8_t>& der_sig, | |
98 std::vector<uint8_t>* out_raw_sig) { | |
99 SECItem der_sig_item; | |
100 der_sig_item.type = siBuffer; | |
101 der_sig_item.len = der_sig.size(); | |
102 der_sig_item.data = const_cast<uint8_t*>(&der_sig[0]); | |
103 | |
104 size_t signature_len = SECKEY_SignatureLen(key_->public_key()); | |
105 if (signature_len == 0) | |
106 return false; | |
107 | |
108 SECItem* raw_sig = DSAU_DecodeDerSigToLen(&der_sig_item, signature_len); | |
109 if (!raw_sig) | |
110 return false; | |
111 out_raw_sig->assign(raw_sig->data, raw_sig->data + raw_sig->len); | |
112 SECITEM_FreeItem(raw_sig, PR_TRUE /* free SECItem structure itself. */); | |
113 return true; | |
114 } | |
115 | |
116 } // namespace crypto | |
OLD | NEW |