1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include <cryptohi.h> 6 7#include "content/child/webcrypto/crypto_data.h" 8#include "content/child/webcrypto/nss/key_nss.h" 9#include "content/child/webcrypto/nss/rsa_key_nss.h" 10#include "content/child/webcrypto/nss/util_nss.h" 11#include "content/child/webcrypto/status.h" 12#include "crypto/scoped_nss_types.h" 13#include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" 14 15namespace content { 16 17namespace webcrypto { 18 19namespace { 20 21class RsaSsaImplementation : public RsaHashedAlgorithm { 22 public: 23 RsaSsaImplementation() 24 : RsaHashedAlgorithm(CKF_SIGN | CKF_VERIFY, 25 blink::WebCryptoKeyUsageVerify, 26 blink::WebCryptoKeyUsageSign) {} 27 28 virtual const char* GetJwkAlgorithm( 29 const blink::WebCryptoAlgorithmId hash) const OVERRIDE { 30 switch (hash) { 31 case blink::WebCryptoAlgorithmIdSha1: 32 return "RS1"; 33 case blink::WebCryptoAlgorithmIdSha256: 34 return "RS256"; 35 case blink::WebCryptoAlgorithmIdSha384: 36 return "RS384"; 37 case blink::WebCryptoAlgorithmIdSha512: 38 return "RS512"; 39 default: 40 return NULL; 41 } 42 } 43 44 virtual Status Sign(const blink::WebCryptoAlgorithm& algorithm, 45 const blink::WebCryptoKey& key, 46 const CryptoData& data, 47 std::vector<uint8_t>* buffer) const OVERRIDE { 48 if (key.type() != blink::WebCryptoKeyTypePrivate) 49 return Status::ErrorUnexpectedKeyType(); 50 51 SECKEYPrivateKey* private_key = PrivateKeyNss::Cast(key)->key(); 52 53 const blink::WebCryptoAlgorithm& hash = 54 key.algorithm().rsaHashedParams()->hash(); 55 56 // Pick the NSS signing algorithm by combining RSA-SSA (RSA PKCS1) and the 57 // inner hash of the input Web Crypto algorithm. 58 SECOidTag sign_alg_tag; 59 switch (hash.id()) { 60 case blink::WebCryptoAlgorithmIdSha1: 61 sign_alg_tag = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; 62 break; 63 case blink::WebCryptoAlgorithmIdSha256: 64 sign_alg_tag = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION; 65 break; 66 case blink::WebCryptoAlgorithmIdSha384: 67 sign_alg_tag = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION; 68 break; 69 case blink::WebCryptoAlgorithmIdSha512: 70 sign_alg_tag = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION; 71 break; 72 default: 73 return Status::ErrorUnsupported(); 74 } 75 76 crypto::ScopedSECItem signature_item(SECITEM_AllocItem(NULL, NULL, 0)); 77 if (SEC_SignData(signature_item.get(), 78 data.bytes(), 79 data.byte_length(), 80 private_key, 81 sign_alg_tag) != SECSuccess) { 82 return Status::OperationError(); 83 } 84 85 buffer->assign(signature_item->data, 86 signature_item->data + signature_item->len); 87 return Status::Success(); 88 } 89 90 virtual Status Verify(const blink::WebCryptoAlgorithm& algorithm, 91 const blink::WebCryptoKey& key, 92 const CryptoData& signature, 93 const CryptoData& data, 94 bool* signature_match) const OVERRIDE { 95 if (key.type() != blink::WebCryptoKeyTypePublic) 96 return Status::ErrorUnexpectedKeyType(); 97 98 SECKEYPublicKey* public_key = PublicKeyNss::Cast(key)->key(); 99 100 const blink::WebCryptoAlgorithm& hash = 101 key.algorithm().rsaHashedParams()->hash(); 102 103 const SECItem signature_item = MakeSECItemForBuffer(signature); 104 105 SECOidTag hash_alg_tag; 106 switch (hash.id()) { 107 case blink::WebCryptoAlgorithmIdSha1: 108 hash_alg_tag = SEC_OID_SHA1; 109 break; 110 case blink::WebCryptoAlgorithmIdSha256: 111 hash_alg_tag = SEC_OID_SHA256; 112 break; 113 case blink::WebCryptoAlgorithmIdSha384: 114 hash_alg_tag = SEC_OID_SHA384; 115 break; 116 case blink::WebCryptoAlgorithmIdSha512: 117 hash_alg_tag = SEC_OID_SHA512; 118 break; 119 default: 120 return Status::ErrorUnsupported(); 121 } 122 123 *signature_match = 124 SECSuccess == VFY_VerifyDataDirect(data.bytes(), 125 data.byte_length(), 126 public_key, 127 &signature_item, 128 SEC_OID_PKCS1_RSA_ENCRYPTION, 129 hash_alg_tag, 130 NULL, 131 NULL); 132 return Status::Success(); 133 } 134}; 135 136} // namespace 137 138AlgorithmImplementation* CreatePlatformRsaSsaImplementation() { 139 return new RsaSsaImplementation; 140} 141 142} // namespace webcrypto 143 144} // namespace content 145