[webcrypto] Implement RSA-PSS using BoringSSL.

content/child/webcrypto/openssl/rsa_pss_openssl.cc

Index: content/child/webcrypto/openssl/rsa_pss_openssl.cc
diff --git a/content/child/webcrypto/openssl/rsa_ssa_openssl.cc b/content/child/webcrypto/openssl/rsa_pss_openssl.cc
similarity index 67%
copy from content/child/webcrypto/openssl/rsa_ssa_openssl.cc
copy to content/child/webcrypto/openssl/rsa_pss_openssl.cc
index be974cc405e4d5871b4dbf1ea5ffe1e75fb3b908..b32e3f2c144670b0c486353af25e76fd249305eb 100644
--- a/content/child/webcrypto/openssl/rsa_ssa_openssl.cc
+++ b/content/child/webcrypto/openssl/rsa_pss_openssl.cc
@@ -5,6 +5,7 @@
 #include "content/child/webcrypto/openssl/rsa_key_openssl.h"
 #include "content/child/webcrypto/openssl/rsa_sign_openssl.h"
 #include "content/child/webcrypto/status.h"
+#include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
 
 namespace content {
 
@@ -12,9 +13,9 @@ namespace webcrypto {
 
 namespace {
 
-class RsaSsaImplementation : public RsaHashedAlgorithm {
+class RsaPssImplementation : public RsaHashedAlgorithm {
  public:
-  RsaSsaImplementation()
+  RsaPssImplementation()
       : RsaHashedAlgorithm(blink::WebCryptoKeyUsageVerify,
                            blink::WebCryptoKeyUsageSign) {}
 
@@ -22,13 +23,14 @@ class RsaSsaImplementation : public RsaHashedAlgorithm {
       const blink::WebCryptoAlgorithmId hash) const override {
     switch (hash) {
       case blink::WebCryptoAlgorithmIdSha1:
-        return "RS1";
+        // TODO(eroman): Is this right? Not enumerated in WebCrypto spec.

[Ryan Sleevi, 2014/10/17 21:08:14]

Where do you see that? It is -
https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#rsa-pss

[eroman, 2014/10/17 22:53:38]

Confirmed, thanks! (Removed the comment).

... My confusion was in consulting:
  "A.1. Algorithm mappings"

Which does not enumerate it. And then right below that there was an editor
comment asking whether "RSA-PSS with SHA-1" should be specified.

Reading the spec more carefully I see that A.1. Says it is non-normative, and to
defer to the algorithm-specific sections.
I notice now that the section clearly states it is non-normative.

+        return "PS1";
       case blink::WebCryptoAlgorithmIdSha256:
-        return "RS256";
+        return "PS256";
       case blink::WebCryptoAlgorithmIdSha384:
-        return "RS384";
+        return "PS384";
       case blink::WebCryptoAlgorithmIdSha512:
-        return "RS512";
+        return "PS512";
       default:
         return NULL;
     }
@@ -38,7 +40,8 @@ class RsaSsaImplementation : public RsaHashedAlgorithm {
                       const blink::WebCryptoKey& key,
                       const CryptoData& data,
                       std::vector<uint8_t>* buffer) const override {
-    return RsaSign(key, data, buffer);
+    return RsaSign(
+        key, algorithm.rsaPssParams()->saltLengthBytes(), data, buffer);
   }
 
   virtual Status Verify(const blink::WebCryptoAlgorithm& algorithm,
@@ -46,14 +49,18 @@ class RsaSsaImplementation : public RsaHashedAlgorithm {
                         const CryptoData& signature,
                         const CryptoData& data,
                         bool* signature_match) const override {
-    return RsaVerify(key, signature, data, signature_match);
+    return RsaVerify(key,
+                     algorithm.rsaPssParams()->saltLengthBytes(),
+                     signature,
+                     data,
+                     signature_match);
   }
 };
 
 }  // namespace
 
-AlgorithmImplementation* CreatePlatformRsaSsaImplementation() {
-  return new RsaSsaImplementation;
+AlgorithmImplementation* CreatePlatformRsaPssImplementation() {
+  return new RsaPssImplementation;
 }
 
 }  // namespace webcrypto