[webcrypto] Add RSASSA-PKCS1-v1_5 sign and verify for NSS.

content/renderer/webcrypto/webcrypto_impl_nss.cc

Index: content/renderer/webcrypto/webcrypto_impl_nss.cc
diff --git a/content/renderer/webcrypto/webcrypto_impl_nss.cc b/content/renderer/webcrypto/webcrypto_impl_nss.cc
index 105bfbe9f89218d3978e8b6207d02d02b97447c1..ef4766e2c1d28eaeb91f6a8b69327844c153aaad 100644
--- a/content/renderer/webcrypto/webcrypto_impl_nss.cc
+++ b/content/renderer/webcrypto/webcrypto_impl_nss.cc
@@ -80,6 +80,24 @@ HASH_HashType WebCryptoAlgorithmToNSSHashType(
   }
 }
 
+SECOidTag WebCryptoAlgorithmToNssSecOidShaTag(
+    const blink::WebCryptoAlgorithm& algorithm) {
+  switch (algorithm.id()) {
+    case blink::WebCryptoAlgorithmIdSha1:
+      return SEC_OID_SHA1;
+    case blink::WebCryptoAlgorithmIdSha224:
+      return SEC_OID_SHA224;
+    case blink::WebCryptoAlgorithmIdSha256:
+      return SEC_OID_SHA256;
+    case blink::WebCryptoAlgorithmIdSha384:
+      return SEC_OID_SHA384;
+    case blink::WebCryptoAlgorithmIdSha512:
+      return SEC_OID_SHA512;
+    default:
+      return SEC_OID_UNKNOWN;
+  }
+}
+
 CK_MECHANISM_TYPE WebCryptoAlgorithmToHMACMechanism(
     const blink::WebCryptoAlgorithm& algorithm) {
   switch (algorithm.id()) {
@@ -861,6 +879,12 @@ bool WebCryptoImpl::SignInternal(
     const unsigned char* data,
     unsigned data_size,
     blink::WebArrayBuffer* buffer) {
+
+  // Note: It is not an error to sign empty data.
+
+  DCHECK(buffer);
+  DCHECK_NE(0, key.usages() & blink::WebCryptoKeyUsageSign);
+
   blink::WebArrayBuffer result;
 
   switch (algorithm.id()) {
@@ -874,7 +898,6 @@ bool WebCryptoImpl::SignInternal(
 
       DCHECK_EQ(PK11_GetMechanism(sym_key->key()),
                 WebCryptoAlgorithmToHMACMechanism(params->hash()));
-      DCHECK_NE(0, key.usages() & blink::WebCryptoKeyUsageSign);
 
       SECItem param_item = { siBuffer, NULL, 0 };
       SECItem data_item = {
@@ -912,6 +935,48 @@ bool WebCryptoImpl::SignInternal(
 
       break;
     }
+    case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5: {
+      // Only private key signing is supported.
+      if (key.type() != blink::WebCryptoKeyTypePrivate)
+        return false;
+
+      PrivateKeyHandle* const private_key =
+          reinterpret_cast<PrivateKeyHandle*>(key.handle());
+      DCHECK(private_key);
+      DCHECK(private_key->key());
+
+      // Get the inner hash algorithm and convert to an NSS SECOidTag
+      const blink::WebCryptoAlgorithm hash_algorithm =
+          webcrypto::GetInnerHashAlgorithm(algorithm);
+      if (hash_algorithm.isNull())  // TODO(padolph): DCHECK instead?
+        return false;
+      const SECOidTag hash_alg_tag =
+          WebCryptoAlgorithmToNssSecOidShaTag(hash_algorithm);
+      if (hash_alg_tag == SEC_OID_UNKNOWN)
+        return false;
+
+      // Get the NSS signature algorithm SECOidTag corresponding to the key type
+      // and inner hash algorithm SECOidTag.
+      const SECOidTag sign_alg_tag = SEC_GetSignatureAlgorithmOidTag(
+          private_key->key()->keyType,
+          hash_alg_tag);
+      if (sign_alg_tag == SEC_OID_UNKNOWN)
+        return false;
+
+      crypto::ScopedSECItem signature_item(SECITEM_AllocItem(NULL, NULL, 0));
+      if (SEC_SignData(signature_item.get(),
+                       data,
+                       data_size,
+                       private_key->key(),
+                       sign_alg_tag) != SECSuccess) {
+        return false;
+      }
+
+      result = webcrypto::CreateArrayBuffer(signature_item->data,
+                                            signature_item->len);
+
+      break;
+    }
     default:
       return false;
   }
@@ -928,6 +993,11 @@ bool WebCryptoImpl::VerifySignatureInternal(
     const unsigned char* data,
     unsigned data_size,
     bool* signature_match) {
+
+  if (!signature_size)
+    return false;
+  DCHECK(signature);
+
   switch (algorithm.id()) {
     case blink::WebCryptoAlgorithmIdHmac: {
       blink::WebArrayBuffer result;
@@ -945,6 +1015,39 @@ bool WebCryptoImpl::VerifySignatureInternal(
 
       break;
     }
+    case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5: {
+
+      // Only public key signature verification is supported.
+      if (key.type() != blink::WebCryptoKeyTypePublic)
+        return false;
+
+      PublicKeyHandle* const public_key =
+          reinterpret_cast<PublicKeyHandle*>(key.handle());
+      DCHECK(public_key);
+      DCHECK(public_key->key());
+
+      const SECItem signature_item = {
+          siBuffer,
+          const_cast<unsigned char*>(signature),
+          signature_size
+      };
+
+      const SECOidTag hash_alg_tag = WebCryptoAlgorithmToNssSecOidShaTag(

[eroman, 2013/12/19 22:56:38]

Please check for SEC_OID_UNKNOWN and fail.

Passing SEC_OID_UNKNOWN to VFY_VerifyDataDirect has a very particular meaning
and we don't want to do that.

[padolph, 2013/12/20 00:03:39]

Done.

+          webcrypto::GetInnerHashAlgorithm(algorithm));
+
+      *signature_match =
+          VFY_VerifyDataDirect(
+              data,
+              data_size,
+              public_key->key(),
+              &signature_item,
+              SEC_OID_PKCS1_RSA_ENCRYPTION,
+              hash_alg_tag,
+              NULL,
+              NULL) == SECSuccess;
+
+      break;
+    }
     default:
       return false;
   }