[webcrypto] Refactor RSA-SSA signing.

content/child/webcrypto/openssl/rsa_sign_openssl.cc

Index: content/child/webcrypto/openssl/rsa_sign_openssl.cc
diff --git a/content/child/webcrypto/openssl/rsa_sign_openssl.cc b/content/child/webcrypto/openssl/rsa_sign_openssl.cc
new file mode 100644
index 0000000000000000000000000000000000000000..c093b65cf75ae007def924fd65cc4171b6fac908
--- /dev/null
+++ b/content/child/webcrypto/openssl/rsa_sign_openssl.cc
@@ -0,0 +1,106 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/child/webcrypto/crypto_data.h"
+#include "content/child/webcrypto/openssl/key_openssl.h"
+#include "content/child/webcrypto/openssl/rsa_key_openssl.h"
+#include "content/child/webcrypto/openssl/rsa_sign_openssl.h"
+#include "content/child/webcrypto/openssl/util_openssl.h"
+#include "content/child/webcrypto/status.h"
+#include "crypto/openssl_util.h"
+#include "crypto/scoped_openssl_types.h"
+#include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
+
+namespace content {
+
+namespace webcrypto {
+
+namespace {
+
+// Extracts the OpenSSL key and digest from a WebCrypto key. The returned
+// pointers will remain valid as long as |key| is alive.
+Status GetPKeyAndDigest(const blink::WebCryptoKey& key,
+                        EVP_PKEY** pkey,
+                        const EVP_MD** digest) {
+  *pkey = AsymKeyOpenSsl::Cast(key)->key();
+
+  *digest = GetDigest(key.algorithm().rsaHashedParams()->hash().id());
+  if (!*digest)
+    return Status::ErrorUnsupported();
+
+  return Status::Success();
+}
+
+}  // namespace
+
+Status RsaSign(const blink::WebCryptoKey& key,
+               const CryptoData& data,
+               std::vector<uint8_t>* buffer) {
+  if (key.type() != blink::WebCryptoKeyTypePrivate)
+    return Status::ErrorUnexpectedKeyType();
+
+  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
+  crypto::ScopedEVP_MD_CTX ctx(EVP_MD_CTX_create());
+
+  EVP_PKEY* private_key = NULL;
+  const EVP_MD* digest = NULL;
+  Status status = GetPKeyAndDigest(key, &private_key, &digest);
+  if (status.IsError())
+    return status;
+
+  // NOTE: A call to EVP_DigestSignFinal() with a NULL second parameter
+  // returns a maximum allocation size, while the call without a NULL returns
+  // the real one, which may be smaller.
+  size_t sig_len = 0;
+  if (!ctx.get() ||
+      !EVP_DigestSignInit(ctx.get(), NULL, digest, NULL, private_key) ||
+      !EVP_DigestSignUpdate(ctx.get(), data.bytes(), data.byte_length()) ||
+      !EVP_DigestSignFinal(ctx.get(), NULL, &sig_len)) {
+    return Status::OperationError();
+  }
+
+  buffer->resize(sig_len);
+  if (!EVP_DigestSignFinal(ctx.get(), &buffer->front(), &sig_len))
+    return Status::OperationError();
+
+  buffer->resize(sig_len);
+  return Status::Success();
+}
+
+Status RsaVerify(const blink::WebCryptoKey& key,
+                 const CryptoData& signature,
+                 const CryptoData& data,
+                 bool* signature_match) {
+  if (key.type() != blink::WebCryptoKeyTypePublic)
+    return Status::ErrorUnexpectedKeyType();
+
+  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
+  crypto::ScopedEVP_MD_CTX ctx(EVP_MD_CTX_create());
+
+  EVP_PKEY* public_key = NULL;
+  const EVP_MD* digest = NULL;
+  Status status = GetPKeyAndDigest(key, &public_key, &digest);
+  if (status.IsError())
+    return status;
+
+  if (!EVP_DigestVerifyInit(ctx.get(), NULL, digest, NULL, public_key))
+    return Status::OperationError();
+
+  if (!EVP_DigestVerifyUpdate(ctx.get(), data.bytes(), data.byte_length())) {

[Ryan Sleevi, 2014/10/17 21:09:55]

style: why braces here, but not on the other two liners?

[eroman, 2014/10/17 22:49:16]

Done -- Removed the brace.

+    return Status::OperationError();
+  }
+
+  // Note that the return value can be:
+  //   1 --> Success
+  //   0 --> Verification failed
+  //  <0 --> Operation error
+  int rv = EVP_DigestVerifyFinal(
+      ctx.get(), signature.bytes(), signature.byte_length());
+  *signature_match = rv == 1;
+  return rv >= 0 ? Status::Success() : Status::OperationError();
+}
+
+}  // namespace webcrypto
+
+}  // namespace content