crypto: change ECSignatureCreator defaults to match SPDY.

crypto/ec_signature_creator_nss.cc

Index: crypto/ec_signature_creator_nss.cc
diff --git a/crypto/ec_signature_creator_nss.cc b/crypto/ec_signature_creator_nss.cc
index a85b1e94fecf20299494fcffdc95c7894fb375da..3e3626f449982fba2171767d278fefffccdc88e2 100644
--- a/crypto/ec_signature_creator_nss.cc
+++ b/crypto/ec_signature_creator_nss.cc
@@ -24,7 +24,8 @@ namespace {
 SECStatus SignData(SECItem* result,
                    SECItem* input,
                    SECKEYPrivateKey* key,
-                   HASH_HashType hash_type) {
+                   HASH_HashType hash_type,
+                   size_t* out_signature_len) {
   if (key->keyType != ecKey) {
     DLOG(FATAL) << "Should be using an EC key.";
     PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -49,6 +50,8 @@ SECStatus SignData(SECItem* result,
   if (rv != SECSuccess)
     return rv;
 
+  *out_signature_len = sig.len;
+
   // DER encode the signature.
   return DSAU_EncodeDerSigWithLen(result, &sig, sig.len);
 }
@@ -56,7 +59,8 @@ SECStatus SignData(SECItem* result,
 }  // namespace
 
 ECSignatureCreatorImpl::ECSignatureCreatorImpl(ECPrivateKey* key)
-    : key_(key) {
+    : key_(key),
+      signature_len_(0) {
   EnsureNSSInit();
 }
 
@@ -79,7 +83,7 @@ bool ECSignatureCreatorImpl::Sign(const uint8* data,
 
   // Sign the secret data and save it to |result|.
   SECStatus rv =
-      SignData(&result, &secret, key_->key(), HASH_AlgSHA1);
+      SignData(&result, &secret, key_->key(), HASH_AlgSHA256, &signature_len_);
   if (rv != SECSuccess) {
     DLOG(ERROR) << "DerSignData: " << PORT_GetError();
     return false;
@@ -91,4 +95,20 @@ bool ECSignatureCreatorImpl::Sign(const uint8* data,
   return true;
 }
 
+bool ECSignatureCreatorImpl::DecodeSignature(
+    const std::vector<uint8>& der_sig,
+    std::vector<uint8>* out_raw_sig) {
+  SECItem der_sig_item;
+  der_sig_item.type = siBuffer;
+  der_sig_item.len = der_sig.size();
+  der_sig_item.data = const_cast<uint8*>(&der_sig[0]);
+
+  SECItem* raw_sig = DSAU_DecodeDerSigToLen(&der_sig_item, signature_len_);
+  if (!raw_sig)
+    return false;
+  out_raw_sig->assign(raw_sig->data, raw_sig->data + raw_sig->len);
+  SECITEM_FreeItem(raw_sig, PR_TRUE /* free SECItem structure itself. */);
+  return true;
+}
+
 }  // namespace crypto