crypto/signature_creator_nss.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "crypto/signature_creator.h"
   6
   7 #include <cryptohi.h>
   8 #include <keyhi.h>
   9 #include <stdlib.h>
  10
  11 #include "base/logging.h"
  12 #include "base/memory/scoped_ptr.h"
  13 #include "crypto/nss_util.h"
  14 #include "crypto/rsa_private_key.h"
  15
  16 namespace crypto {
  17
  18 namespace {
  19
  20 SECOidTag ToNSSSigOid(SignatureCreator::HashAlgorithm hash_alg) {
  21   switch (hash_alg) {
  22     case SignatureCreator::SHA1:
  23       return SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
  24     case SignatureCreator::SHA256:
  25       return SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
  26   }
  27   return SEC_OID_UNKNOWN;
  28 }
  29
  30 SECOidTag ToNSSHashOid(SignatureCreator::HashAlgorithm hash_alg) {
  31   switch (hash_alg) {
  32     case SignatureCreator::SHA1:
  33       return SEC_OID_SHA1;
  34     case SignatureCreator::SHA256:
  35       return SEC_OID_SHA256;
  36   }
  37   return SEC_OID_UNKNOWN;
  38 }
  39
  40 }  // namespace
  41
  42 SignatureCreator::~SignatureCreator() {
  43   if (sign_context_) {
  44     SGN_DestroyContext(sign_context_, PR_TRUE);
  45     sign_context_ = NULL;
  46   }
  47 }
  48
  49 // static
  50 SignatureCreator* SignatureCreator::Create(RSAPrivateKey* key,
  51                                            HashAlgorithm hash_alg) {
  52   scoped_ptr<SignatureCreator> result(new SignatureCreator);
  53   result->sign_context_ = SGN_NewContext(ToNSSSigOid(hash_alg), key->key());
  54   if (!result->sign_context_) {
  55     NOTREACHED();
  56     return NULL;
  57   }
  58
  59   SECStatus rv = SGN_Begin(result->sign_context_);
  60   if (rv != SECSuccess) {
  61     NOTREACHED();
  62     return NULL;
  63   }
  64
  65   return result.release();
  66 }
  67
  68 // static
  69 bool SignatureCreator::Sign(RSAPrivateKey* key,
  70                             HashAlgorithm hash_alg,
  71                             const uint8* data,
  72                             int data_len,
  73                             std::vector<uint8>* signature) {
  74   SECItem data_item;
  75   data_item.type = siBuffer;
  76   data_item.data = const_cast<unsigned char*>(data);
  77   data_item.len = data_len;
  78
  79   SECItem signature_item;
  80   SECStatus rv = SGN_Digest(key->key(), ToNSSHashOid(hash_alg), &signature_item,
  81                             &data_item);
  82   if (rv != SECSuccess) {
  83     NOTREACHED();
  84     return false;
  85   }
  86   signature->assign(signature_item.data,
  87                     signature_item.data + signature_item.len);
  88   SECITEM_FreeItem(&signature_item, PR_FALSE);
  89   return true;
  90 }
  91
  92 bool SignatureCreator::Update(const uint8* data_part, int data_part_len) {
  93   SECStatus rv = SGN_Update(sign_context_, data_part, data_part_len);
  94   if (rv != SECSuccess) {
  95     NOTREACHED();
  96     return false;
  97   }
  98
  99   return true;
 100 }
 101
 102 bool SignatureCreator::Final(std::vector<uint8>* signature) {
 103   SECItem signature_item;
 104   SECStatus rv = SGN_End(sign_context_, &signature_item);
 105   if (rv != SECSuccess) {
 106     return false;
 107   }
 108   signature->assign(signature_item.data,
 109                     signature_item.data + signature_item.len);
 110   SECITEM_FreeItem(&signature_item, PR_FALSE);
 111   return true;
 112 }
 113
 114 SignatureCreator::SignatureCreator() : sign_context_(NULL) {
 115   EnsureNSSInit();
 116 }
 117
 118 }  // namespace crypto