crypto: change ECSignatureCreator defaults to match SPDY.

crypto/ec_signature_creator_unittest.cc

Index: crypto/ec_signature_creator_unittest.cc
diff --git a/crypto/ec_signature_creator_unittest.cc b/crypto/ec_signature_creator_unittest.cc
index 407b2781b2befcf29fec67203461dff576e9a1e9..0f89920689d525002cd6f3ae3ef11b4ed4b184c0 100644
--- a/crypto/ec_signature_creator_unittest.cc
+++ b/crypto/ec_signature_creator_unittest.cc
@@ -7,6 +7,11 @@
 #include <string>
 #include <vector>
 
+#if !defined(USE_OPENSSL)
+#include <cryptohi.h>
+#include <secerr.h>
+#endif

[wtc, 2012/09/12 19:47:45]

The Chromium Coding Style page recommends that these headers
be included last:
http://dev.chromium.org/developers/coding-style#TOC-Platform-defines

[agl, 2012/09/12 21:41:46]

(moot)

+
 #include "base/memory/scoped_ptr.h"
 #include "crypto/ec_private_key.h"
 #include "crypto/signature_verifier.h"
@@ -53,19 +58,32 @@ TEST(ECSignatureCreatorTest, BasicTest) {
   std::vector<uint8> public_key_info;
   ASSERT_TRUE(key_original->ExportPublicKey(&public_key_info));
 
-  // This is the algorithm ID for SHA-1 with EC encryption.
-  const uint8 kECDSAWithSHA1AlgorithmID[] = {
-    0x30, 0x0b,
-      0x06, 0x07,
-        0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01,
+  // This is the algorithm ID for SHA-256 with EC encryption.
+  const uint8 kECDSAWithSHA256AlgorithmID[] = {
+    0x30, 0x0c,
+      0x06, 0x08,
+        0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02,
       0x05, 0x00
   };
+
+  // SignatureVerifier expects the signatures to be DER encoded.

[wtc, 2012/09/12 19:47:45]

It would be bad if ECSignatureCreator and SignatureVerifier
used different formats of ECDSA signatures.

If we can't change the format of ECDSA signatures accepted
by SignatureVerifier, we should change the SPDY code to
call DSAU_DecodeDerSigToLen to decode the DER-encoded signature
generated by ECSignatureCreator.

[agl, 2012/09/12 21:41:46]

I've changed the SPDY code to decode the DER signatures.

+  SECItem der_signature;
+  SECItem sig;
+  sig.type = siBuffer;
+  sig.len = signature.size();
+  sig.data = signature.data();
+  SECStatus rv = DSAU_EncodeDerSigWithLen(&der_signature, &sig, sig.len);
+  ASSERT_EQ(SECSuccess, rv);
+
   crypto::SignatureVerifier verifier;
   ASSERT_TRUE(verifier.VerifyInit(
-      kECDSAWithSHA1AlgorithmID, sizeof(kECDSAWithSHA1AlgorithmID),
-      &signature.front(), signature.size(),
+      kECDSAWithSHA256AlgorithmID, sizeof(kECDSAWithSHA256AlgorithmID),
+      der_signature.data, der_signature.len,
       &public_key_info.front(), public_key_info.size()));
 
+  SECITEM_FreeItem(&der_signature,
+                   PR_FALSE /* don't free der_signature itself */);
+
   verifier.VerifyUpdate(reinterpret_cast<const uint8*>(data.c_str()),
                         data.size());
   ASSERT_TRUE(verifier.VerifyFinal());