Don't preload rarely seen large images
[chromium-blink-merge.git] / components / webcrypto / nss / rsa_ssa_nss.cc
blob193bd0402873170f67f42b9e6222788312267255
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include <cryptohi.h>
7 #include "components/webcrypto/crypto_data.h"
8 #include "components/webcrypto/nss/key_nss.h"
9 #include "components/webcrypto/nss/rsa_hashed_algorithm_nss.h"
10 #include "components/webcrypto/nss/util_nss.h"
11 #include "components/webcrypto/status.h"
12 #include "crypto/scoped_nss_types.h"
13 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
15 namespace webcrypto {
17 namespace {
19 class RsaSsaImplementation : public RsaHashedAlgorithm {
20 public:
21 RsaSsaImplementation()
22 : RsaHashedAlgorithm(CKF_SIGN | CKF_VERIFY,
23 blink::WebCryptoKeyUsageVerify,
24 blink::WebCryptoKeyUsageSign) {}
26 const char* GetJwkAlgorithm(
27 const blink::WebCryptoAlgorithmId hash) const override {
28 switch (hash) {
29 case blink::WebCryptoAlgorithmIdSha1:
30 return "RS1";
31 case blink::WebCryptoAlgorithmIdSha256:
32 return "RS256";
33 case blink::WebCryptoAlgorithmIdSha384:
34 return "RS384";
35 case blink::WebCryptoAlgorithmIdSha512:
36 return "RS512";
37 default:
38 return NULL;
42 Status Sign(const blink::WebCryptoAlgorithm& algorithm,
43 const blink::WebCryptoKey& key,
44 const CryptoData& data,
45 std::vector<uint8_t>* buffer) const override {
46 if (key.type() != blink::WebCryptoKeyTypePrivate)
47 return Status::ErrorUnexpectedKeyType();
49 SECKEYPrivateKey* private_key = PrivateKeyNss::Cast(key)->key();
51 const blink::WebCryptoAlgorithm& hash =
52 key.algorithm().rsaHashedParams()->hash();
54 // Pick the NSS signing algorithm by combining RSA-SSA (RSA PKCS1) and the
55 // inner hash of the input Web Crypto algorithm.
56 SECOidTag sign_alg_tag;
57 switch (hash.id()) {
58 case blink::WebCryptoAlgorithmIdSha1:
59 sign_alg_tag = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
60 break;
61 case blink::WebCryptoAlgorithmIdSha256:
62 sign_alg_tag = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
63 break;
64 case blink::WebCryptoAlgorithmIdSha384:
65 sign_alg_tag = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION;
66 break;
67 case blink::WebCryptoAlgorithmIdSha512:
68 sign_alg_tag = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;
69 break;
70 default:
71 return Status::ErrorUnsupported();
74 crypto::ScopedSECItem signature_item(SECITEM_AllocItem(NULL, NULL, 0));
75 if (SEC_SignData(signature_item.get(), data.bytes(), data.byte_length(),
76 private_key, sign_alg_tag) != SECSuccess) {
77 return Status::OperationError();
80 buffer->assign(signature_item->data,
81 signature_item->data + signature_item->len);
82 return Status::Success();
85 Status Verify(const blink::WebCryptoAlgorithm& algorithm,
86 const blink::WebCryptoKey& key,
87 const CryptoData& signature,
88 const CryptoData& data,
89 bool* signature_match) const override {
90 if (key.type() != blink::WebCryptoKeyTypePublic)
91 return Status::ErrorUnexpectedKeyType();
93 SECKEYPublicKey* public_key = PublicKeyNss::Cast(key)->key();
95 const blink::WebCryptoAlgorithm& hash =
96 key.algorithm().rsaHashedParams()->hash();
98 const SECItem signature_item = MakeSECItemForBuffer(signature);
100 SECOidTag hash_alg_tag;
101 switch (hash.id()) {
102 case blink::WebCryptoAlgorithmIdSha1:
103 hash_alg_tag = SEC_OID_SHA1;
104 break;
105 case blink::WebCryptoAlgorithmIdSha256:
106 hash_alg_tag = SEC_OID_SHA256;
107 break;
108 case blink::WebCryptoAlgorithmIdSha384:
109 hash_alg_tag = SEC_OID_SHA384;
110 break;
111 case blink::WebCryptoAlgorithmIdSha512:
112 hash_alg_tag = SEC_OID_SHA512;
113 break;
114 default:
115 return Status::ErrorUnsupported();
118 *signature_match =
119 SECSuccess == VFY_VerifyDataDirect(data.bytes(), data.byte_length(),
120 public_key, &signature_item,
121 SEC_OID_PKCS1_RSA_ENCRYPTION,
122 hash_alg_tag, NULL, NULL);
123 return Status::Success();
127 } // namespace
129 AlgorithmImplementation* CreatePlatformRsaSsaImplementation() {
130 return new RsaSsaImplementation;
133 } // namespace webcrypto