diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-09-19 15:11:33 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-09-19 15:11:33 +0000 |
| commit | 7c3090a02e256e1fc42d37123195caa134cb487b (patch) | |
| tree | 73f7463b09c7e980206a3a8f1f0a963f97e4d529 /crypto/ec_signature_creator_nss.cc | |
| parent | 7cd51e7bf5a86cd362c35119a138bc4969579c74 (diff) | |
| download | chromium_src-7c3090a02e256e1fc42d37123195caa134cb487b.zip chromium_src-7c3090a02e256e1fc42d37123195caa134cb487b.tar.gz chromium_src-7c3090a02e256e1fc42d37123195caa134cb487b.tar.bz2 | |
crypto: add DecodeSignature and use SHA-256 with ECDSA.
This changes ECSignatureCreator to use the hash function that SPDY
expects (SHA-256). There are no other users of ECSignatureCreator in
the tree so I'm going to defer making these choices parameters until there's
a benefit to be had.
It also adds DecodeSignature to convert from ASN.1 signatures to the `raw'
form that SPDY needs.
BUG=none
Review URL: https://chromiumcodereview.appspot.com/10910226
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@157551 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'crypto/ec_signature_creator_nss.cc')
| -rw-r--r-- | crypto/ec_signature_creator_nss.cc | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/crypto/ec_signature_creator_nss.cc b/crypto/ec_signature_creator_nss.cc index a85b1e9..3e3626f 100644 --- a/crypto/ec_signature_creator_nss.cc +++ b/crypto/ec_signature_creator_nss.cc @@ -24,7 +24,8 @@ namespace { SECStatus SignData(SECItem* result, SECItem* input, SECKEYPrivateKey* key, - HASH_HashType hash_type) { + HASH_HashType hash_type, + size_t* out_signature_len) { if (key->keyType != ecKey) { DLOG(FATAL) << "Should be using an EC key."; PORT_SetError(SEC_ERROR_INVALID_ARGS); @@ -49,6 +50,8 @@ SECStatus SignData(SECItem* result, if (rv != SECSuccess) return rv; + *out_signature_len = sig.len; + // DER encode the signature. return DSAU_EncodeDerSigWithLen(result, &sig, sig.len); } @@ -56,7 +59,8 @@ SECStatus SignData(SECItem* result, } // namespace ECSignatureCreatorImpl::ECSignatureCreatorImpl(ECPrivateKey* key) - : key_(key) { + : key_(key), + signature_len_(0) { EnsureNSSInit(); } @@ -79,7 +83,7 @@ bool ECSignatureCreatorImpl::Sign(const uint8* data, // Sign the secret data and save it to |result|. SECStatus rv = - SignData(&result, &secret, key_->key(), HASH_AlgSHA1); + SignData(&result, &secret, key_->key(), HASH_AlgSHA256, &signature_len_); if (rv != SECSuccess) { DLOG(ERROR) << "DerSignData: " << PORT_GetError(); return false; @@ -91,4 +95,20 @@ bool ECSignatureCreatorImpl::Sign(const uint8* data, return true; } +bool ECSignatureCreatorImpl::DecodeSignature( + const std::vector<uint8>& der_sig, + std::vector<uint8>* out_raw_sig) { + SECItem der_sig_item; + der_sig_item.type = siBuffer; + der_sig_item.len = der_sig.size(); + der_sig_item.data = const_cast<uint8*>(&der_sig[0]); + + SECItem* raw_sig = DSAU_DecodeDerSigToLen(&der_sig_item, signature_len_); + if (!raw_sig) + return false; + out_raw_sig->assign(raw_sig->data, raw_sig->data + raw_sig->len); + SECITEM_FreeItem(raw_sig, PR_TRUE /* free SECItem structure itself. */); + return true; +} + } // namespace crypto |