[refactor] More post-NSS WebCrypto cleanups (utility functions).
[chromium-blink-merge.git] / crypto / ec_signature_creator_nss.cc
blob3e3626f449982fba2171767d278fefffccdc88e2
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "crypto/ec_signature_creator_impl.h"
7 #include <cryptohi.h>
8 #include <pk11pub.h>
9 #include <secerr.h>
10 #include <sechash.h>
11 #if defined(OS_POSIX)
12 #include <unistd.h>
13 #endif
15 #include "base/logging.h"
16 #include "crypto/ec_private_key.h"
17 #include "crypto/nss_util.h"
18 #include "crypto/scoped_nss_types.h"
20 namespace crypto {
22 namespace {
24 SECStatus SignData(SECItem* result,
25 SECItem* input,
26 SECKEYPrivateKey* key,
27 HASH_HashType hash_type,
28 size_t* out_signature_len) {
29 if (key->keyType != ecKey) {
30 DLOG(FATAL) << "Should be using an EC key.";
31 PORT_SetError(SEC_ERROR_INVALID_ARGS);
32 return SECFailure;
35 // Hash the input.
36 std::vector<uint8> hash_data(HASH_ResultLen(hash_type));
37 SECStatus rv = HASH_HashBuf(
38 hash_type, &hash_data[0], input->data, input->len);
39 if (rv != SECSuccess)
40 return rv;
41 SECItem hash = {siBuffer, &hash_data[0],
42 static_cast<unsigned int>(hash_data.size())};
44 // Compute signature of hash.
45 int signature_len = PK11_SignatureLen(key);
46 std::vector<uint8> signature_data(signature_len);
47 SECItem sig = {siBuffer, &signature_data[0],
48 static_cast<unsigned int>(signature_len)};
49 rv = PK11_Sign(key, &sig, &hash);
50 if (rv != SECSuccess)
51 return rv;
53 *out_signature_len = sig.len;
55 // DER encode the signature.
56 return DSAU_EncodeDerSigWithLen(result, &sig, sig.len);
59 } // namespace
61 ECSignatureCreatorImpl::ECSignatureCreatorImpl(ECPrivateKey* key)
62 : key_(key),
63 signature_len_(0) {
64 EnsureNSSInit();
67 ECSignatureCreatorImpl::~ECSignatureCreatorImpl() {}
69 bool ECSignatureCreatorImpl::Sign(const uint8* data,
70 int data_len,
71 std::vector<uint8>* signature) {
72 // Data to be signed
73 SECItem secret;
74 secret.type = siBuffer;
75 secret.len = data_len;
76 secret.data = const_cast<unsigned char*>(data);
78 // SECItem to receive the output buffer.
79 SECItem result;
80 result.type = siBuffer;
81 result.len = 0;
82 result.data = NULL;
84 // Sign the secret data and save it to |result|.
85 SECStatus rv =
86 SignData(&result, &secret, key_->key(), HASH_AlgSHA256, &signature_len_);
87 if (rv != SECSuccess) {
88 DLOG(ERROR) << "DerSignData: " << PORT_GetError();
89 return false;
92 // Copy the signed data into the output vector.
93 signature->assign(result.data, result.data + result.len);
94 SECITEM_FreeItem(&result, PR_FALSE /* only free |result.data| */);
95 return true;
98 bool ECSignatureCreatorImpl::DecodeSignature(
99 const std::vector<uint8>& der_sig,
100 std::vector<uint8>* out_raw_sig) {
101 SECItem der_sig_item;
102 der_sig_item.type = siBuffer;
103 der_sig_item.len = der_sig.size();
104 der_sig_item.data = const_cast<uint8*>(&der_sig[0]);
106 SECItem* raw_sig = DSAU_DecodeDerSigToLen(&der_sig_item, signature_len_);
107 if (!raw_sig)
108 return false;
109 out_raw_sig->assign(raw_sig->data, raw_sig->data + raw_sig->len);
110 SECITEM_FreeItem(raw_sig, PR_TRUE /* free SECItem structure itself. */);
111 return true;
114 } // namespace crypto