crypto/ec_signature_creator_nss.cc - Issue 10910226: crypto: change ECSignatureCreator defaults to match SPDY.

Side by Side Diff: crypto/ec_signature_creator_nss.cc

Issue 10910226: crypto: change ECSignatureCreator defaults to match SPDY. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Address wtc's comments Created 8 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "crypto/ec_signature_creator_impl.h"	5 #include "crypto/ec_signature_creator_impl.h"

6	6

7 #include <cryptohi.h>	7 #include <cryptohi.h>

8 #include <pk11pub.h>	8 #include <pk11pub.h>

9 #include <secerr.h>	9 #include <secerr.h>

10 #include <sechash.h>	10 #include <sechash.h>

(...skipping 32 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
43 // Compute signature of hash.	43 // Compute signature of hash.

44 int signature_len = PK11_SignatureLen(key);	44 int signature_len = PK11_SignatureLen(key);

45 std::vector<uint8> signature_data(signature_len);	45 std::vector<uint8> signature_data(signature_len);

46 SECItem sig = {siBuffer, &signature_data[0],	46 SECItem sig = {siBuffer, &signature_data[0],

47 static_cast<unsigned int>(signature_len)};	47 static_cast<unsigned int>(signature_len)};

48 rv = PK11_Sign(key, &sig, &hash);	48 rv = PK11_Sign(key, &sig, &hash);

49 if (rv != SECSuccess)	49 if (rv != SECSuccess)

50 return rv;	50 return rv;

51	51

52 // DER encode the signature.	52 // DER encode the signature.

53 return DSAU_EncodeDerSigWithLen(result, &sig, sig.len);	53 return DSAU_EncodeDerSigWithLen(result, &sig, sig.len);
	wtc 2012/09/12 22:06:27 To be future-proof, we should store sig.len in a m To be future-proof, we should store sig.len in a member variable for use by DecodeSignature(). This avoids the constant kP256ScalarBytes. agl 2012/09/13 20:17:59 Done. Show quoted text On 2012/09/12 22:06:27, wtc wrote: > > To be future-proof, we should store sig.len in a member > variable for use by DecodeSignature(). This avoids the > constant kP256ScalarBytes. Done.
54 }	54 }

55	55

56 } // namespace	56 } // namespace

57	57

58 ECSignatureCreatorImpl::ECSignatureCreatorImpl(ECPrivateKey* key)	58 ECSignatureCreatorImpl::ECSignatureCreatorImpl(ECPrivateKey* key)

59 : key_(key) {	59 : key_(key) {

60 EnsureNSSInit();	60 EnsureNSSInit();

61 }	61 }

62	62

63 ECSignatureCreatorImpl::~ECSignatureCreatorImpl() {}	63 ECSignatureCreatorImpl::~ECSignatureCreatorImpl() {}

64	64

65 bool ECSignatureCreatorImpl::Sign(const uint8* data,	65 bool ECSignatureCreatorImpl::Sign(const uint8* data,

66 int data_len,	66 int data_len,

67 std::vector<uint8>* signature) {	67 std::vector<uint8>* signature) {

68 // Data to be signed	68 // Data to be signed

69 SECItem secret;	69 SECItem secret;

70 secret.type = siBuffer;	70 secret.type = siBuffer;

71 secret.len = data_len;	71 secret.len = data_len;

72 secret.data = const_cast<unsigned char*>(data);	72 secret.data = const_cast<unsigned char*>(data);

73	73

74 // SECItem to receive the output buffer.	74 // SECItem to receive the output buffer.

75 SECItem result;	75 SECItem result;

76 result.type = siBuffer;	76 result.type = siBuffer;

77 result.len = 0;	77 result.len = 0;

78 result.data = NULL;	78 result.data = NULL;

79	79

80 // Sign the secret data and save it to \|result\|.	80 // Sign the secret data and save it to \|result\|.

81 SECStatus rv =	81 SECStatus rv =

82 SignData(&result, &secret, key_->key(), HASH_AlgSHA1);	82 SignData(&result, &secret, key_->key(), HASH_AlgSHA256);

83 if (rv != SECSuccess) {	83 if (rv != SECSuccess) {

84 DLOG(ERROR) << "DerSignData: " << PORT_GetError();	84 DLOG(ERROR) << "DerSignData: " << PORT_GetError();

85 return false;	85 return false;

86 }	86 }

87	87

88 // Copy the signed data into the output vector.	88 // Copy the signed data into the output vector.

89 signature->assign(result.data, result.data + result.len);	89 signature->assign(result.data, result.data + result.len);

90 SECITEM_FreeItem(&result, PR_FALSE /* only free \|result.data\| */);	90 SECITEM_FreeItem(&result, PR_FALSE /* only free \|result.data\| */);

91 return true;	91 return true;

92 }	92 }

93	93

	94 bool ECSignatureCreatorImpl::DecodeSignature(const std::vector<uint8>& der_sig,

	95 std::string* out_raw_sig) {

	96 SECItem der_sig_item;

	97 der_sig_item.type = siBuffer;

	98 der_sig_item.len = der_sig.size();

	99 der_sig_item.data = const_cast<uint8*>(der_sig.data());

	100

	101 static const int kP256ScalarBytes = 32;

	102 SECItem* raw_sig = DSAU_DecodeDerSigToLen(&der_sig_item, 2*kP256ScalarBytes);

	103 if (!raw_sig)

	104 return false;

	105 out_raw_sig->assign(reinterpret_cast<char*>(raw_sig->data), raw_sig->len);

	106 SECITEM_FreeItem(raw_sig, PR_TRUE /* free SECItem structure itself. */);

	107 return true;

	108 }

	109

94 } // namespace crypto	110 } // namespace crypto

OLD	NEW

« crypto/ec_signature_creator.h ('K') | « crypto/ec_signature_creator_impl.h ('k') | crypto/ec_signature_creator_openssl.cc » ('j') | no next file with comments »