1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "crypto/ec_signature_creator_impl.h" 6 7 #include <cryptohi.h> 8 #include <pk11pub.h> 9 #include <secerr.h> 10 #include <sechash.h> 11 #if defined(OS_POSIX) 12 #include <unistd.h> 13 #endif 14 15 #include "base/logging.h" 16 #include "crypto/ec_private_key.h" 17 #include "crypto/nss_util.h" 18 #include "crypto/scoped_nss_types.h" 19 20 namespace crypto { 21 22 namespace { 23 24 SECStatus SignData(SECItem* result, 25 SECItem* input, 26 SECKEYPrivateKey* key, 27 HASH_HashType hash_type, 28 size_t* out_signature_len) { 29 if (key->keyType != ecKey) { 30 DLOG(FATAL) << "Should be using an EC key."; 31 PORT_SetError(SEC_ERROR_INVALID_ARGS); 32 return SECFailure; 33 } 34 35 // Hash the input. 36 std::vector<uint8> hash_data(HASH_ResultLen(hash_type)); 37 SECStatus rv = HASH_HashBuf( 38 hash_type, &hash_data[0], input->data, input->len); 39 if (rv != SECSuccess) 40 return rv; 41 SECItem hash = {siBuffer, &hash_data[0], 42 static_cast<unsigned int>(hash_data.size())}; 43 44 // Compute signature of hash. 45 int signature_len = PK11_SignatureLen(key); 46 std::vector<uint8> signature_data(signature_len); 47 SECItem sig = {siBuffer, &signature_data[0], 48 static_cast<unsigned int>(signature_len)}; 49 rv = PK11_Sign(key, &sig, &hash); 50 if (rv != SECSuccess) 51 return rv; 52 53 *out_signature_len = sig.len; 54 55 // DER encode the signature. 56 return DSAU_EncodeDerSigWithLen(result, &sig, sig.len); 57 } 58 59 } // namespace 60 61 ECSignatureCreatorImpl::ECSignatureCreatorImpl(ECPrivateKey* key) 62 : key_(key), 63 signature_len_(0) { 64 EnsureNSSInit(); 65 } 66 67 ECSignatureCreatorImpl::~ECSignatureCreatorImpl() {} 68 69 bool ECSignatureCreatorImpl::Sign(const uint8* data, 70 int data_len, 71 std::vector<uint8>* signature) { 72 // Data to be signed 73 SECItem secret; 74 secret.type = siBuffer; 75 secret.len = data_len; 76 secret.data = const_cast<unsigned char*>(data); 77 78 // SECItem to receive the output buffer. 79 SECItem result; 80 result.type = siBuffer; 81 result.len = 0; 82 result.data = NULL; 83 84 // Sign the secret data and save it to |result|. 85 SECStatus rv = 86 SignData(&result, &secret, key_->key(), HASH_AlgSHA256, &signature_len_); 87 if (rv != SECSuccess) { 88 DLOG(ERROR) << "DerSignData: " << PORT_GetError(); 89 return false; 90 } 91 92 // Copy the signed data into the output vector. 93 signature->assign(result.data, result.data + result.len); 94 SECITEM_FreeItem(&result, PR_FALSE /* only free |result.data| */); 95 return true; 96 } 97 98 bool ECSignatureCreatorImpl::DecodeSignature( 99 const std::vector<uint8>& der_sig, 100 std::vector<uint8>* out_raw_sig) { 101 SECItem der_sig_item; 102 der_sig_item.type = siBuffer; 103 der_sig_item.len = der_sig.size(); 104 der_sig_item.data = const_cast<uint8*>(&der_sig[0]); 105 106 SECItem* raw_sig = DSAU_DecodeDerSigToLen(&der_sig_item, signature_len_); 107 if (!raw_sig) 108 return false; 109 out_raw_sig->assign(raw_sig->data, raw_sig->data + raw_sig->len); 110 SECITEM_FreeItem(raw_sig, PR_TRUE /* free SECItem structure itself. */); 111 return true; 112 } 113 114 } // namespace crypto 115
