1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "crypto/signature_creator.h"
6
7 #include <cryptohi.h>
8 #include <keyhi.h>
9 #include <stdlib.h>
10
11 #include "base/logging.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "crypto/nss_util.h"
14 #include "crypto/rsa_private_key.h"
15
16 namespace crypto {
17
18 namespace {
19
ToNSSSigOid(SignatureCreator::HashAlgorithm hash_alg)20 SECOidTag ToNSSSigOid(SignatureCreator::HashAlgorithm hash_alg) {
21 switch (hash_alg) {
22 case SignatureCreator::SHA1:
23 return SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
24 case SignatureCreator::SHA256:
25 return SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
26 }
27 return SEC_OID_UNKNOWN;
28 }
29
ToNSSHashOid(SignatureCreator::HashAlgorithm hash_alg)30 SECOidTag ToNSSHashOid(SignatureCreator::HashAlgorithm hash_alg) {
31 switch (hash_alg) {
32 case SignatureCreator::SHA1:
33 return SEC_OID_SHA1;
34 case SignatureCreator::SHA256:
35 return SEC_OID_SHA256;
36 }
37 return SEC_OID_UNKNOWN;
38 }
39
40 } // namespace
41
~SignatureCreator()42 SignatureCreator::~SignatureCreator() {
43 if (sign_context_) {
44 SGN_DestroyContext(sign_context_, PR_TRUE);
45 sign_context_ = NULL;
46 }
47 }
48
49 // static
Create(RSAPrivateKey * key,HashAlgorithm hash_alg)50 SignatureCreator* SignatureCreator::Create(RSAPrivateKey* key,
51 HashAlgorithm hash_alg) {
52 scoped_ptr<SignatureCreator> result(new SignatureCreator);
53 result->key_ = key;
54
55 result->sign_context_ = SGN_NewContext(ToNSSSigOid(hash_alg), key->key());
56 if (!result->sign_context_) {
57 NOTREACHED();
58 return NULL;
59 }
60
61 SECStatus rv = SGN_Begin(result->sign_context_);
62 if (rv != SECSuccess) {
63 NOTREACHED();
64 return NULL;
65 }
66
67 return result.release();
68 }
69
70 // static
Sign(RSAPrivateKey * key,HashAlgorithm hash_alg,const uint8 * data,int data_len,std::vector<uint8> * signature)71 bool SignatureCreator::Sign(RSAPrivateKey* key,
72 HashAlgorithm hash_alg,
73 const uint8* data,
74 int data_len,
75 std::vector<uint8>* signature) {
76 SECItem data_item;
77 data_item.type = siBuffer;
78 data_item.data = const_cast<unsigned char*>(data);
79 data_item.len = data_len;
80
81 SECItem signature_item;
82 SECStatus rv = SGN_Digest(key->key(), ToNSSHashOid(hash_alg), &signature_item,
83 &data_item);
84 if (rv != SECSuccess) {
85 NOTREACHED();
86 return false;
87 }
88 signature->assign(signature_item.data,
89 signature_item.data + signature_item.len);
90 SECITEM_FreeItem(&signature_item, PR_FALSE);
91 return true;
92 }
93
Update(const uint8 * data_part,int data_part_len)94 bool SignatureCreator::Update(const uint8* data_part, int data_part_len) {
95 SECStatus rv = SGN_Update(sign_context_, data_part, data_part_len);
96 if (rv != SECSuccess) {
97 NOTREACHED();
98 return false;
99 }
100
101 return true;
102 }
103
Final(std::vector<uint8> * signature)104 bool SignatureCreator::Final(std::vector<uint8>* signature) {
105 SECItem signature_item;
106 SECStatus rv = SGN_End(sign_context_, &signature_item);
107 if (rv != SECSuccess) {
108 return false;
109 }
110 signature->assign(signature_item.data,
111 signature_item.data + signature_item.len);
112 SECITEM_FreeItem(&signature_item, PR_FALSE);
113 return true;
114 }
115
SignatureCreator()116 SignatureCreator::SignatureCreator()
117 : key_(NULL),
118 sign_context_(NULL) {
119 EnsureNSSInit();
120 }
121
122 } // namespace crypto
123