Roll src/third_party/WebKit d9c6159:8139f33 (svn 201974:201975)
[chromium-blink-merge.git] / net / cert / internal / signature_algorithm.h
blob9ecf252d6712032d672b794c9777f34d0c56e9e6
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_CERT_INTERNAL_SIGNATURE_ALGORITHM_H_
6 #define NET_CERT_INTERNAL_SIGNATURE_ALGORITHM_H_
8 #include <stdint.h>
10 #include "base/basictypes.h"
11 #include "base/compiler_specific.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "net/base/net_export.h"
15 namespace net {
17 namespace der {
18 class Input;
19 } // namespace der
21 // The digest algorithm used within a signature.
22 enum class DigestAlgorithm {
23 Sha1,
24 Sha256,
25 Sha384,
26 Sha512,
29 // The signature scheme used within a signature. Parameters are specified
30 // separately.
31 enum class SignatureAlgorithmId {
32 RsaPkcs1, // RSA PKCS#1 v1.5
33 RsaPss, // RSASSA-PSS
34 Ecdsa, // ECDSA
37 // Base class for describing algorithm parameters.
38 class NET_EXPORT SignatureAlgorithmParameters {
39 public:
40 SignatureAlgorithmParameters() {}
41 virtual ~SignatureAlgorithmParameters(){};
43 private:
44 DISALLOW_COPY_AND_ASSIGN(SignatureAlgorithmParameters);
47 // Parameters for an RSASSA-PSS signature algorithm.
49 // The trailer is assumed to be 1 and the mask generation algorithm to be MGF1,
50 // as that is all that is implemented, and any other values while parsing the
51 // AlgorithmIdentifier will thus be rejected.
52 class NET_EXPORT RsaPssParameters : public SignatureAlgorithmParameters {
53 public:
54 RsaPssParameters(DigestAlgorithm mgf1_hash, uint32_t salt_length);
56 bool Equals(const RsaPssParameters* other) const;
58 DigestAlgorithm mgf1_hash() const { return mgf1_hash_; }
59 uint32_t salt_length() const { return salt_length_; }
61 private:
62 const DigestAlgorithm mgf1_hash_;
63 const uint32_t salt_length_;
66 // SignatureAlgorithm describes a signature algorithm and its parameters. This
67 // corresponds to "AlgorithmIdentifier" from RFC 5280.
68 class NET_EXPORT SignatureAlgorithm {
69 public:
70 ~SignatureAlgorithm();
72 SignatureAlgorithmId algorithm() const { return algorithm_; }
73 DigestAlgorithm digest() const { return digest_; }
75 // Creates a SignatureAlgorithm by parsing a DER-encoded "AlgorithmIdentifier"
76 // (RFC 5280). Returns nullptr on failure.
77 static scoped_ptr<SignatureAlgorithm> CreateFromDer(
78 const der::Input& algorithm_identifier);
80 // Creates a new SignatureAlgorithm with the given type and parameters.
81 static scoped_ptr<SignatureAlgorithm> CreateRsaPkcs1(DigestAlgorithm digest);
82 static scoped_ptr<SignatureAlgorithm> CreateEcdsa(DigestAlgorithm digest);
83 static scoped_ptr<SignatureAlgorithm> CreateRsaPss(DigestAlgorithm digest,
84 DigestAlgorithm mgf1_hash,
85 uint32_t salt_length);
87 // Returns true if |*this| is equivalent to |other|. This compares both the
88 // algorithm ID and each parameter for equality.
89 bool Equals(const SignatureAlgorithm& other) const WARN_UNUSED_RESULT;
91 // The following methods retrieve the parameters for the signature algorithm.
93 // The correct parameters should be chosen based on the algorithm ID. For
94 // instance a SignatureAlgorithm with |algorithm() == RsaPss| should retrieve
95 // parameters via ParametersForRsaPss().
97 // The returned pointer is non-owned, and has the same lifetime as |this|.
98 const RsaPssParameters* ParamsForRsaPss() const;
100 private:
101 SignatureAlgorithm(SignatureAlgorithmId algorithm,
102 DigestAlgorithm digest,
103 scoped_ptr<SignatureAlgorithmParameters> params);
105 const SignatureAlgorithmId algorithm_;
106 const DigestAlgorithm digest_;
107 const scoped_ptr<SignatureAlgorithmParameters> params_;
109 DISALLOW_COPY_AND_ASSIGN(SignatureAlgorithm);
112 } // namespace net
114 #endif // NET_CERT_INTERNAL_SIGNATURE_ALGORITHM_H_