Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "crypto/ec_signature_creator_impl.h" |
| 6 | |
| 7 | #include <cryptohi.h> |
| 8 | #include <pk11pub.h> |
| 9 | #include <secerr.h> |
| 10 | #include <sechash.h> |
| 11 | #if defined(OS_POSIX) |
| 12 | #include <unistd.h> |
| 13 | #endif |
| 14 | |
| 15 | #include "base/logging.h" |
| 16 | #include "crypto/ec_private_key.h" |
| 17 | #include "crypto/nss_util.h" |
| 18 | #include "crypto/scoped_nss_types.h" |
| 19 | |
| 20 | namespace crypto { |
| 21 | |
| 22 | namespace { |
| 23 | |
| 24 | SECStatus SignData(SECItem* result, |
| 25 | SECItem* input, |
| 26 | SECKEYPrivateKey* key, |
| 27 | HASH_HashType hash_type, |
| 28 | size_t* out_signature_len) { |
| 29 | if (key->keyType != ecKey) { |
| 30 | DLOG(FATAL) << "Should be using an EC key."; |
| 31 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 32 | return SECFailure; |
| 33 | } |
| 34 | |
| 35 | // Hash the input. |
| 36 | std::vector<uint8> hash_data(HASH_ResultLen(hash_type)); |
| 37 | SECStatus rv = HASH_HashBuf( |
| 38 | hash_type, &hash_data[0], input->data, input->len); |
| 39 | if (rv != SECSuccess) |
| 40 | return rv; |
| 41 | SECItem hash = {siBuffer, &hash_data[0], |
| 42 | static_cast<unsigned int>(hash_data.size())}; |
| 43 | |
| 44 | // Compute signature of hash. |
| 45 | int signature_len = PK11_SignatureLen(key); |
| 46 | std::vector<uint8> signature_data(signature_len); |
| 47 | SECItem sig = {siBuffer, &signature_data[0], |
| 48 | static_cast<unsigned int>(signature_len)}; |
| 49 | rv = PK11_Sign(key, &sig, &hash); |
| 50 | if (rv != SECSuccess) |
| 51 | return rv; |
| 52 | |
| 53 | *out_signature_len = sig.len; |
| 54 | |
| 55 | // DER encode the signature. |
| 56 | return DSAU_EncodeDerSigWithLen(result, &sig, sig.len); |
| 57 | } |
| 58 | |
| 59 | } // namespace |
| 60 | |
| 61 | ECSignatureCreatorImpl::ECSignatureCreatorImpl(ECPrivateKey* key) |
| 62 | : key_(key), |
| 63 | signature_len_(0) { |
| 64 | EnsureNSSInit(); |
| 65 | } |
| 66 | |
| 67 | ECSignatureCreatorImpl::~ECSignatureCreatorImpl() {} |
| 68 | |
| 69 | bool ECSignatureCreatorImpl::Sign(const uint8* data, |
| 70 | int data_len, |
| 71 | std::vector<uint8>* signature) { |
| 72 | // Data to be signed |
| 73 | SECItem secret; |
| 74 | secret.type = siBuffer; |
| 75 | secret.len = data_len; |
| 76 | secret.data = const_cast<unsigned char*>(data); |
| 77 | |
| 78 | // SECItem to receive the output buffer. |
| 79 | SECItem result; |
| 80 | result.type = siBuffer; |
| 81 | result.len = 0; |
| 82 | result.data = NULL; |
| 83 | |
| 84 | // Sign the secret data and save it to |result|. |
| 85 | SECStatus rv = |
| 86 | SignData(&result, &secret, key_->key(), HASH_AlgSHA256, &signature_len_); |
| 87 | if (rv != SECSuccess) { |
| 88 | DLOG(ERROR) << "DerSignData: " << PORT_GetError(); |
| 89 | return false; |
| 90 | } |
| 91 | |
| 92 | // Copy the signed data into the output vector. |
| 93 | signature->assign(result.data, result.data + result.len); |
| 94 | SECITEM_FreeItem(&result, PR_FALSE /* only free |result.data| */); |
| 95 | return true; |
| 96 | } |
| 97 | |
| 98 | bool ECSignatureCreatorImpl::DecodeSignature( |
| 99 | const std::vector<uint8>& der_sig, |
| 100 | std::vector<uint8>* out_raw_sig) { |
| 101 | SECItem der_sig_item; |
| 102 | der_sig_item.type = siBuffer; |
| 103 | der_sig_item.len = der_sig.size(); |
| 104 | der_sig_item.data = const_cast<uint8*>(&der_sig[0]); |
| 105 | |
| 106 | SECItem* raw_sig = DSAU_DecodeDerSigToLen(&der_sig_item, signature_len_); |
| 107 | if (!raw_sig) |
| 108 | return false; |
| 109 | out_raw_sig->assign(raw_sig->data, raw_sig->data + raw_sig->len); |
| 110 | SECITEM_FreeItem(raw_sig, PR_TRUE /* free SECItem structure itself. */); |
| 111 | return true; |
| 112 | } |
| 113 | |
| 114 | } // namespace crypto |