crypto/signature_creator_nss.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "crypto/signature_creator.h"
   6
   7 #include <cryptohi.h>
   8 #include <keyhi.h>
   9 #include <stdlib.h>
  10
  11 #include "base/logging.h"
  12 #include "base/memory/scoped_ptr.h"
  13 #include "crypto/nss_util.h"
  14 #include "crypto/rsa_private_key.h"
  15
  16 namespace crypto {
  17
  18 namespace {
  19
  20 SECOidTag ToNSSSigOid(SignatureCreator::HashAlgorithm hash_alg) {
  21   switch (hash_alg) {
  22     case SignatureCreator::SHA1:
  23       return SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
  24     case SignatureCreator::SHA256:
  25       return SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
  26   }
  27   return SEC_OID_UNKNOWN;
  28 }
  29
  30 SECOidTag ToNSSHashOid(SignatureCreator::HashAlgorithm hash_alg) {
  31   switch (hash_alg) {
  32     case SignatureCreator::SHA1:
  33       return SEC_OID_SHA1;
  34     case SignatureCreator::SHA256:
  35       return SEC_OID_SHA256;
  36   }
  37   return SEC_OID_UNKNOWN;
  38 }
  39
  40 }  // namespace
  41
  42 SignatureCreator::~SignatureCreator() {
  43   if (sign_context_) {
  44     SGN_DestroyContext(sign_context_, PR_TRUE);
  45     sign_context_ = NULL;
  46   }
  47 }
  48
  49 // static
  50 SignatureCreator* SignatureCreator::Create(RSAPrivateKey* key,
  51                                            HashAlgorithm hash_alg) {
  52   scoped_ptr<SignatureCreator> result(new SignatureCreator);
  53   result->key_ = key;
  54
  55   result->sign_context_ = SGN_NewContext(ToNSSSigOid(hash_alg), key->key());
  56   if (!result->sign_context_) {
  57     NOTREACHED();
  58     return NULL;
  59   }
  60
  61   SECStatus rv = SGN_Begin(result->sign_context_);
  62   if (rv != SECSuccess) {
  63     NOTREACHED();
  64     return NULL;
  65   }
  66
  67   return result.release();
  68 }
  69
  70 // static
  71 bool SignatureCreator::Sign(RSAPrivateKey* key,
  72                             HashAlgorithm hash_alg,
  73                             const uint8* data,
  74                             int data_len,
  75                             std::vector<uint8>* signature) {
  76   SECItem data_item;
  77   data_item.type = siBuffer;
  78   data_item.data = const_cast<unsigned char*>(data);
  79   data_item.len = data_len;
  80
  81   SECItem signature_item;
  82   SECStatus rv = SGN_Digest(key->key(), ToNSSHashOid(hash_alg), &signature_item,
  83                             &data_item);
  84   if (rv != SECSuccess) {
  85     NOTREACHED();
  86     return false;
  87   }
  88   signature->assign(signature_item.data,
  89                     signature_item.data + signature_item.len);
  90   SECITEM_FreeItem(&signature_item, PR_FALSE);
  91   return true;
  92 }
  93
  94 bool SignatureCreator::Update(const uint8* data_part, int data_part_len) {
  95   SECStatus rv = SGN_Update(sign_context_, data_part, data_part_len);
  96   if (rv != SECSuccess) {
  97     NOTREACHED();
  98     return false;
  99   }
 100
 101   return true;
 102 }
 103
 104 bool SignatureCreator::Final(std::vector<uint8>* signature) {
 105   SECItem signature_item;
 106   SECStatus rv = SGN_End(sign_context_, &signature_item);
 107   if (rv != SECSuccess) {
 108     return false;
 109   }
 110   signature->assign(signature_item.data,
 111                     signature_item.data + signature_item.len);
 112   SECITEM_FreeItem(&signature_item, PR_FALSE);
 113   return true;
 114 }
 115
 116 SignatureCreator::SignatureCreator()
 117     : key_(NULL),
 118       sign_context_(NULL) {
 119   EnsureNSSInit();
 120 }
 121
 122 }  // namespace crypto