| // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "crypto/ec_signature_creator_impl.h" |
| |
| #include <cryptohi.h> |
| #include <pk11pub.h> |
| #include <secerr.h> |
| #include <sechash.h> |
| #if defined(OS_POSIX) |
| #include <stddef.h> |
| #include <stdint.h> |
| #include <unistd.h> |
| #endif |
| |
| #include "base/logging.h" |
| #include "crypto/ec_private_key.h" |
| #include "crypto/nss_util.h" |
| #include "crypto/scoped_nss_types.h" |
| |
| namespace crypto { |
| |
| namespace { |
| |
| SECStatus SignData(SECItem* result, |
| SECItem* input, |
| SECKEYPrivateKey* key, |
| HASH_HashType hash_type) { |
| if (key->keyType != ecKey) { |
| DLOG(FATAL) << "Should be using an EC key."; |
| PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| return SECFailure; |
| } |
| |
| // Hash the input. |
| std::vector<uint8_t> hash_data(HASH_ResultLen(hash_type)); |
| SECStatus rv = HASH_HashBuf( |
| hash_type, &hash_data[0], input->data, input->len); |
| if (rv != SECSuccess) |
| return rv; |
| SECItem hash = {siBuffer, &hash_data[0], |
| static_cast<unsigned int>(hash_data.size())}; |
| |
| // Compute signature of hash. |
| int signature_len = PK11_SignatureLen(key); |
| std::vector<uint8_t> signature_data(signature_len); |
| SECItem sig = {siBuffer, &signature_data[0], |
| static_cast<unsigned int>(signature_len)}; |
| rv = PK11_Sign(key, &sig, &hash); |
| if (rv != SECSuccess) |
| return rv; |
| |
| // DER encode the signature. |
| return DSAU_EncodeDerSigWithLen(result, &sig, sig.len); |
| } |
| |
| } // namespace |
| |
| ECSignatureCreatorImpl::ECSignatureCreatorImpl(ECPrivateKey* key) |
| : key_(key) { |
| EnsureNSSInit(); |
| } |
| |
| ECSignatureCreatorImpl::~ECSignatureCreatorImpl() {} |
| |
| bool ECSignatureCreatorImpl::Sign(const uint8_t* data, |
| int data_len, |
| std::vector<uint8_t>* signature) { |
| // Data to be signed |
| SECItem secret; |
| secret.type = siBuffer; |
| secret.len = data_len; |
| secret.data = const_cast<unsigned char*>(data); |
| |
| // SECItem to receive the output buffer. |
| SECItem result; |
| result.type = siBuffer; |
| result.len = 0; |
| result.data = NULL; |
| |
| // Sign the secret data and save it to |result|. |
| SECStatus rv = |
| SignData(&result, &secret, key_->key(), HASH_AlgSHA256); |
| if (rv != SECSuccess) { |
| DLOG(ERROR) << "DerSignData: " << PORT_GetError(); |
| return false; |
| } |
| |
| // Copy the signed data into the output vector. |
| signature->assign(result.data, result.data + result.len); |
| SECITEM_FreeItem(&result, PR_FALSE /* only free |result.data| */); |
| return true; |
| } |
| |
| bool ECSignatureCreatorImpl::DecodeSignature( |
| const std::vector<uint8_t>& der_sig, |
| std::vector<uint8_t>* out_raw_sig) { |
| SECItem der_sig_item; |
| der_sig_item.type = siBuffer; |
| der_sig_item.len = der_sig.size(); |
| der_sig_item.data = const_cast<uint8_t*>(&der_sig[0]); |
| |
| size_t signature_len = SECKEY_SignatureLen(key_->public_key()); |
| if (signature_len == 0) |
| return false; |
| |
| SECItem* raw_sig = DSAU_DecodeDerSigToLen(&der_sig_item, signature_len); |
| if (!raw_sig) |
| return false; |
| out_raw_sig->assign(raw_sig->data, raw_sig->data + raw_sig->len); |
| SECITEM_FreeItem(raw_sig, PR_TRUE /* free SECItem structure itself. */); |
| return true; |
| } |
| |
| } // namespace crypto |