1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_CERT_INTERNAL_SIGNATURE_ALGORITHM_H_
6 #define NET_CERT_INTERNAL_SIGNATURE_ALGORITHM_H_
10 #include "base/basictypes.h"
11 #include "base/compiler_specific.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "net/base/net_export.h"
21 // The digest algorithm used within a signature.
22 enum class DigestAlgorithm
{
29 // The signature scheme used within a signature. Parameters are specified
31 enum class SignatureAlgorithmId
{
32 RsaPkcs1
, // RSA PKCS#1 v1.5
37 // Base class for describing algorithm parameters.
38 class NET_EXPORT SignatureAlgorithmParameters
{
40 SignatureAlgorithmParameters() {}
41 virtual ~SignatureAlgorithmParameters(){};
44 DISALLOW_COPY_AND_ASSIGN(SignatureAlgorithmParameters
);
47 // Parameters for an RSASSA-PSS signature algorithm.
49 // The trailer is assumed to be 1 and the mask generation algorithm to be MGF1,
50 // as that is all that is implemented, and any other values while parsing the
51 // AlgorithmIdentifier will thus be rejected.
52 class NET_EXPORT RsaPssParameters
: public SignatureAlgorithmParameters
{
54 RsaPssParameters(DigestAlgorithm mgf1_hash
, uint32_t salt_length
);
56 bool Equals(const RsaPssParameters
* other
) const;
58 DigestAlgorithm
mgf1_hash() const { return mgf1_hash_
; }
59 uint32_t salt_length() const { return salt_length_
; }
62 const DigestAlgorithm mgf1_hash_
;
63 const uint32_t salt_length_
;
66 // SignatureAlgorithm describes a signature algorithm and its parameters. This
67 // corresponds to "AlgorithmIdentifier" from RFC 5280.
68 class NET_EXPORT SignatureAlgorithm
{
70 ~SignatureAlgorithm();
72 SignatureAlgorithmId
algorithm() const { return algorithm_
; }
73 DigestAlgorithm
digest() const { return digest_
; }
75 // Creates a SignatureAlgorithm by parsing a DER-encoded "AlgorithmIdentifier"
76 // (RFC 5280). Returns nullptr on failure.
77 static scoped_ptr
<SignatureAlgorithm
> CreateFromDer(
78 const der::Input
& algorithm_identifier
);
80 // Creates a new SignatureAlgorithm with the given type and parameters.
81 static scoped_ptr
<SignatureAlgorithm
> CreateRsaPkcs1(DigestAlgorithm digest
);
82 static scoped_ptr
<SignatureAlgorithm
> CreateEcdsa(DigestAlgorithm digest
);
83 static scoped_ptr
<SignatureAlgorithm
> CreateRsaPss(DigestAlgorithm digest
,
84 DigestAlgorithm mgf1_hash
,
85 uint32_t salt_length
);
87 // Returns true if |*this| is equivalent to |other|. This compares both the
88 // algorithm ID and each parameter for equality.
89 bool Equals(const SignatureAlgorithm
& other
) const WARN_UNUSED_RESULT
;
91 // The following methods retrieve the parameters for the signature algorithm.
93 // The correct parameters should be chosen based on the algorithm ID. For
94 // instance a SignatureAlgorithm with |algorithm() == RsaPss| should retrieve
95 // parameters via ParametersForRsaPss().
97 // The returned pointer is non-owned, and has the same lifetime as |this|.
98 const RsaPssParameters
* ParamsForRsaPss() const;
101 SignatureAlgorithm(SignatureAlgorithmId algorithm
,
102 DigestAlgorithm digest
,
103 scoped_ptr
<SignatureAlgorithmParameters
> params
);
105 const SignatureAlgorithmId algorithm_
;
106 const DigestAlgorithm digest_
;
107 const scoped_ptr
<SignatureAlgorithmParameters
> params_
;
109 DISALLOW_COPY_AND_ASSIGN(SignatureAlgorithm
);
114 #endif // NET_CERT_INTERNAL_SIGNATURE_ALGORITHM_H_