in kmscng/operation/sign_utils.cc [308:349]
absl::Status SignDigest(Object* object, absl::Span<const uint8_t> digest,
absl::Span<uint8_t> signature) {
ASSIGN_OR_RETURN(const EVP_MD* md, DigestForAlgorithm(object->algorithm()));
if (digest.size() != EVP_MD_size(md)) {
return NewInvalidArgumentError(
absl::StrFormat("provided digest has incorrect size (got %d, want %d)",
digest.size(), EVP_MD_size(md)),
NTE_INVALID_PARAMETER, SOURCE_LOCATION);
}
ASSIGN_OR_RETURN(auto expected_sig_length, SignatureLength(object));
if (signature.size() != expected_sig_length) {
return NewInternalError(
absl::StrFormat(
"provided signature buffer has incorrect size (got %d, want %d)",
signature.size(), expected_sig_length),
SOURCE_LOCATION);
}
kms_v1::AsymmetricSignRequest req;
req.set_name(std::string(object->kms_key_name()));
int digest_nid = EVP_MD_type(md);
switch (digest_nid) {
case NID_sha256:
req.mutable_digest()->set_sha256(digest.data(), digest.size());
break;
case NID_sha384:
req.mutable_digest()->set_sha384(digest.data(), digest.size());
break;
default:
return NewInternalError(
absl::StrFormat("unhandled digest type: %d", digest_nid),
SOURCE_LOCATION);
}
ASSIGN_OR_RETURN(kms_v1::AsymmetricSignResponse resp,
object->kms_client()->AsymmetricSign(req));
RETURN_IF_ERROR(CopySignature(object, resp.signature(), signature));
return absl::OkStatus();
}