[webcrypto] Implement RSA-PSS using BoringSSL.

content/child/webcrypto/openssl/rsa_pss_openssl.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/webcrypto/openssl/rsa_key_openssl.h"
 #include "content/child/webcrypto/openssl/rsa_sign_openssl.h"
 #include "content/child/webcrypto/status.h"
+#include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
 
 namespace content {
 
 namespace webcrypto {
 
 namespace {
 
-class RsaSsaImplementation : public RsaHashedAlgorithm {
+class RsaPssImplementation : public RsaHashedAlgorithm {
  public:
-  RsaSsaImplementation()
+  RsaPssImplementation()
       : RsaHashedAlgorithm(blink::WebCryptoKeyUsageVerify,
                            blink::WebCryptoKeyUsageSign) {}
 
   virtual const char* GetJwkAlgorithm(
       const blink::WebCryptoAlgorithmId hash) const override {
     switch (hash) {
       case blink::WebCryptoAlgorithmIdSha1:
-        return "RS1";
+        // TODO(eroman): Is this right? Not enumerated in WebCrypto spec.

[Ryan Sleevi, 2014/10/17 21:08:14]

Where do you see that? It is -
https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#rsa-pss

[eroman, 2014/10/17 22:53:38]

Confirmed, thanks! (Removed the comment).

... My confusion was in consulting:
  "A.1. Algorithm mappings"

Which does not enumerate it. And then right below that there was an editor
comment asking whether "RSA-PSS with SHA-1" should be specified.

Reading the spec more carefully I see that A.1. Says it is non-normative, and to
defer to the algorithm-specific sections.
I notice now that the section clearly states it is non-normative.

+        return "PS1";
       case blink::WebCryptoAlgorithmIdSha256:
-        return "RS256";
+        return "PS256";
       case blink::WebCryptoAlgorithmIdSha384:
-        return "RS384";
+        return "PS384";
       case blink::WebCryptoAlgorithmIdSha512:
-        return "RS512";
+        return "PS512";
       default:
         return NULL;
     }
   }
 
   virtual Status Sign(const blink::WebCryptoAlgorithm& algorithm,
                       const blink::WebCryptoKey& key,
                       const CryptoData& data,
                       std::vector<uint8_t>* buffer) const override {
-    return RsaSign(key, data, buffer);
+    return RsaSign(
+        key, algorithm.rsaPssParams()->saltLengthBytes(), data, buffer);
   }
 
   virtual Status Verify(const blink::WebCryptoAlgorithm& algorithm,
                         const blink::WebCryptoKey& key,
                         const CryptoData& signature,
                         const CryptoData& data,
                         bool* signature_match) const override {
-    return RsaVerify(key, signature, data, signature_match);
+    return RsaVerify(key,
+                     algorithm.rsaPssParams()->saltLengthBytes(),
+                     signature,
+                     data,
+                     signature_match);
   }
 };
 
 }  // namespace
 
-AlgorithmImplementation* CreatePlatformRsaSsaImplementation() {
-  return new RsaSsaImplementation;
+AlgorithmImplementation* CreatePlatformRsaPssImplementation() {
+  return new RsaPssImplementation;
 }
 
 }  // namespace webcrypto
 
 }  // namespace content