1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "crypto/signature_creator.h"
6
7 #include <cryptohi.h>
8 #include <keyhi.h>
9 #include <stdint.h>
10 #include <stdlib.h>
11
12 #include "base/logging.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "crypto/nss_util.h"
15 #include "crypto/rsa_private_key.h"
16
17 namespace crypto {
18
19 namespace {
20
ToNSSSigOid(SignatureCreator::HashAlgorithm hash_alg)21 SECOidTag ToNSSSigOid(SignatureCreator::HashAlgorithm hash_alg) {
22 switch (hash_alg) {
23 case SignatureCreator::SHA1:
24 return SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
25 case SignatureCreator::SHA256:
26 return SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
27 }
28 return SEC_OID_UNKNOWN;
29 }
30
ToNSSHashOid(SignatureCreator::HashAlgorithm hash_alg)31 SECOidTag ToNSSHashOid(SignatureCreator::HashAlgorithm hash_alg) {
32 switch (hash_alg) {
33 case SignatureCreator::SHA1:
34 return SEC_OID_SHA1;
35 case SignatureCreator::SHA256:
36 return SEC_OID_SHA256;
37 }
38 return SEC_OID_UNKNOWN;
39 }
40
41 } // namespace
42
~SignatureCreator()43 SignatureCreator::~SignatureCreator() {
44 if (sign_context_) {
45 SGN_DestroyContext(sign_context_, PR_TRUE);
46 sign_context_ = NULL;
47 }
48 }
49
50 // static
Create(RSAPrivateKey * key,HashAlgorithm hash_alg)51 SignatureCreator* SignatureCreator::Create(RSAPrivateKey* key,
52 HashAlgorithm hash_alg) {
53 scoped_ptr<SignatureCreator> result(new SignatureCreator);
54 result->sign_context_ = SGN_NewContext(ToNSSSigOid(hash_alg), key->key());
55 if (!result->sign_context_) {
56 NOTREACHED();
57 return NULL;
58 }
59
60 SECStatus rv = SGN_Begin(result->sign_context_);
61 if (rv != SECSuccess) {
62 NOTREACHED();
63 return NULL;
64 }
65
66 return result.release();
67 }
68
69 // static
Sign(RSAPrivateKey * key,HashAlgorithm hash_alg,const uint8_t * data,int data_len,std::vector<uint8_t> * signature)70 bool SignatureCreator::Sign(RSAPrivateKey* key,
71 HashAlgorithm hash_alg,
72 const uint8_t* data,
73 int data_len,
74 std::vector<uint8_t>* signature) {
75 SECItem data_item;
76 data_item.type = siBuffer;
77 data_item.data = const_cast<unsigned char*>(data);
78 data_item.len = data_len;
79
80 SECItem signature_item;
81 SECStatus rv = SGN_Digest(key->key(), ToNSSHashOid(hash_alg), &signature_item,
82 &data_item);
83 if (rv != SECSuccess) {
84 NOTREACHED();
85 return false;
86 }
87 signature->assign(signature_item.data,
88 signature_item.data + signature_item.len);
89 SECITEM_FreeItem(&signature_item, PR_FALSE);
90 return true;
91 }
92
Update(const uint8_t * data_part,int data_part_len)93 bool SignatureCreator::Update(const uint8_t* data_part, int data_part_len) {
94 SECStatus rv = SGN_Update(sign_context_, data_part, data_part_len);
95 if (rv != SECSuccess) {
96 NOTREACHED();
97 return false;
98 }
99
100 return true;
101 }
102
Final(std::vector<uint8_t> * signature)103 bool SignatureCreator::Final(std::vector<uint8_t>* signature) {
104 SECItem signature_item;
105 SECStatus rv = SGN_End(sign_context_, &signature_item);
106 if (rv != SECSuccess) {
107 return false;
108 }
109 signature->assign(signature_item.data,
110 signature_item.data + signature_item.len);
111 SECITEM_FreeItem(&signature_item, PR_FALSE);
112 return true;
113 }
114
SignatureCreator()115 SignatureCreator::SignatureCreator() : sign_context_(NULL) {
116 EnsureNSSInit();
117 }
118
119 } // namespace crypto
120