Index: crypto/ec_signature_creator_nss.cc |
diff --git a/crypto/ec_signature_creator_nss.cc b/crypto/ec_signature_creator_nss.cc |
index a85b1e94fecf20299494fcffdc95c7894fb375da..3e3626f449982fba2171767d278fefffccdc88e2 100644 |
--- a/crypto/ec_signature_creator_nss.cc |
+++ b/crypto/ec_signature_creator_nss.cc |
@@ -24,7 +24,8 @@ namespace { |
SECStatus SignData(SECItem* result, |
SECItem* input, |
SECKEYPrivateKey* key, |
- HASH_HashType hash_type) { |
+ HASH_HashType hash_type, |
+ size_t* out_signature_len) { |
if (key->keyType != ecKey) { |
DLOG(FATAL) << "Should be using an EC key."; |
PORT_SetError(SEC_ERROR_INVALID_ARGS); |
@@ -49,6 +50,8 @@ SECStatus SignData(SECItem* result, |
if (rv != SECSuccess) |
return rv; |
+ *out_signature_len = sig.len; |
+ |
// DER encode the signature. |
return DSAU_EncodeDerSigWithLen(result, &sig, sig.len); |
} |
@@ -56,7 +59,8 @@ SECStatus SignData(SECItem* result, |
} // namespace |
ECSignatureCreatorImpl::ECSignatureCreatorImpl(ECPrivateKey* key) |
- : key_(key) { |
+ : key_(key), |
+ signature_len_(0) { |
EnsureNSSInit(); |
} |
@@ -79,7 +83,7 @@ bool ECSignatureCreatorImpl::Sign(const uint8* data, |
// Sign the secret data and save it to |result|. |
SECStatus rv = |
- SignData(&result, &secret, key_->key(), HASH_AlgSHA1); |
+ SignData(&result, &secret, key_->key(), HASH_AlgSHA256, &signature_len_); |
if (rv != SECSuccess) { |
DLOG(ERROR) << "DerSignData: " << PORT_GetError(); |
return false; |
@@ -91,4 +95,20 @@ bool ECSignatureCreatorImpl::Sign(const uint8* data, |
return true; |
} |
+bool ECSignatureCreatorImpl::DecodeSignature( |
+ const std::vector<uint8>& der_sig, |
+ std::vector<uint8>* out_raw_sig) { |
+ SECItem der_sig_item; |
+ der_sig_item.type = siBuffer; |
+ der_sig_item.len = der_sig.size(); |
+ der_sig_item.data = const_cast<uint8*>(&der_sig[0]); |
+ |
+ SECItem* raw_sig = DSAU_DecodeDerSigToLen(&der_sig_item, signature_len_); |
+ if (!raw_sig) |
+ return false; |
+ out_raw_sig->assign(raw_sig->data, raw_sig->data + raw_sig->len); |
+ SECITEM_FreeItem(raw_sig, PR_TRUE /* free SECItem structure itself. */); |
+ return true; |
+} |
+ |
} // namespace crypto |