OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "crypto/signature_creator.h" | 5 #include "crypto/signature_creator.h" |
6 | 6 |
7 #include <cryptohi.h> | 7 #include <cryptohi.h> |
8 #include <keyhi.h> | 8 #include <keyhi.h> |
9 #include <stdlib.h> | 9 #include <stdlib.h> |
10 | 10 |
11 #include "base/logging.h" | 11 #include "base/logging.h" |
12 #include "base/memory/scoped_ptr.h" | 12 #include "base/memory/scoped_ptr.h" |
13 #include "crypto/nss_util.h" | 13 #include "crypto/nss_util.h" |
14 #include "crypto/rsa_private_key.h" | 14 #include "crypto/rsa_private_key.h" |
15 | 15 |
16 namespace crypto { | 16 namespace crypto { |
17 | 17 |
| 18 namespace { |
| 19 |
| 20 SECOidTag ToNSSSigOid(SignatureCreator::HashAlgorithm hash_alg) { |
| 21 switch (hash_alg) { |
| 22 case SignatureCreator::SHA1: |
| 23 return SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; |
| 24 case SignatureCreator::SHA256: |
| 25 return SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION; |
| 26 } |
| 27 return SEC_OID_UNKNOWN; |
| 28 } |
| 29 |
| 30 SECOidTag ToNSSHashOid(SignatureCreator::HashAlgorithm hash_alg) { |
| 31 switch (hash_alg) { |
| 32 case SignatureCreator::SHA1: |
| 33 return SEC_OID_SHA1; |
| 34 case SignatureCreator::SHA256: |
| 35 return SEC_OID_SHA256; |
| 36 } |
| 37 return SEC_OID_UNKNOWN; |
| 38 } |
| 39 |
| 40 } // namespace |
| 41 |
18 SignatureCreator::~SignatureCreator() { | 42 SignatureCreator::~SignatureCreator() { |
19 if (sign_context_) { | 43 if (sign_context_) { |
20 SGN_DestroyContext(sign_context_, PR_TRUE); | 44 SGN_DestroyContext(sign_context_, PR_TRUE); |
21 sign_context_ = NULL; | 45 sign_context_ = NULL; |
22 } | 46 } |
23 } | 47 } |
24 | 48 |
25 // static | 49 // static |
26 SignatureCreator* SignatureCreator::Create(RSAPrivateKey* key) { | 50 SignatureCreator* SignatureCreator::Create(RSAPrivateKey* key, |
| 51 HashAlgorithm hash_alg) { |
27 scoped_ptr<SignatureCreator> result(new SignatureCreator); | 52 scoped_ptr<SignatureCreator> result(new SignatureCreator); |
28 result->key_ = key; | 53 result->key_ = key; |
29 | 54 |
30 result->sign_context_ = SGN_NewContext(SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION, | 55 result->sign_context_ = SGN_NewContext(ToNSSSigOid(hash_alg), key->key()); |
31 key->key()); | |
32 if (!result->sign_context_) { | 56 if (!result->sign_context_) { |
33 NOTREACHED(); | 57 NOTREACHED(); |
34 return NULL; | 58 return NULL; |
35 } | 59 } |
36 | 60 |
37 SECStatus rv = SGN_Begin(result->sign_context_); | 61 SECStatus rv = SGN_Begin(result->sign_context_); |
38 if (rv != SECSuccess) { | 62 if (rv != SECSuccess) { |
39 NOTREACHED(); | 63 NOTREACHED(); |
40 return NULL; | 64 return NULL; |
41 } | 65 } |
42 | 66 |
43 return result.release(); | 67 return result.release(); |
44 } | 68 } |
45 | 69 |
46 // static | 70 // static |
47 bool SignatureCreator::Sign(RSAPrivateKey* key, | 71 bool SignatureCreator::Sign(RSAPrivateKey* key, |
| 72 HashAlgorithm hash_alg, |
48 const uint8* data, | 73 const uint8* data, |
49 int data_len, | 74 int data_len, |
50 std::vector<uint8>* signature) { | 75 std::vector<uint8>* signature) { |
51 SECItem data_item; | 76 SECItem data_item; |
52 data_item.type = siBuffer; | 77 data_item.type = siBuffer; |
53 data_item.data = const_cast<unsigned char*>(data); | 78 data_item.data = const_cast<unsigned char*>(data); |
54 data_item.len = data_len; | 79 data_item.len = data_len; |
55 | 80 |
56 SECItem signature_item; | 81 SECItem signature_item; |
57 SECStatus rv = SGN_Digest(key->key(), SEC_OID_SHA1, &signature_item, | 82 SECStatus rv = SGN_Digest(key->key(), ToNSSHashOid(hash_alg), &signature_item, |
58 &data_item); | 83 &data_item); |
59 if (rv != SECSuccess) { | 84 if (rv != SECSuccess) { |
60 NOTREACHED(); | 85 NOTREACHED(); |
61 return false; | 86 return false; |
62 } | 87 } |
63 signature->assign(signature_item.data, | 88 signature->assign(signature_item.data, |
64 signature_item.data + signature_item.len); | 89 signature_item.data + signature_item.len); |
65 SECITEM_FreeItem(&signature_item, PR_FALSE); | 90 SECITEM_FreeItem(&signature_item, PR_FALSE); |
66 return true; | 91 return true; |
67 } | 92 } |
(...skipping 20 matching lines...) Expand all Loading... |
88 return true; | 113 return true; |
89 } | 114 } |
90 | 115 |
91 SignatureCreator::SignatureCreator() | 116 SignatureCreator::SignatureCreator() |
92 : key_(NULL), | 117 : key_(NULL), |
93 sign_context_(NULL) { | 118 sign_context_(NULL) { |
94 EnsureNSSInit(); | 119 EnsureNSSInit(); |
95 } | 120 } |
96 | 121 |
97 } // namespace crypto | 122 } // namespace crypto |
OLD | NEW |