Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef CRYPTO_EC_SIGNATURE_CREATOR_H_ |
| 6 | #define CRYPTO_EC_SIGNATURE_CREATOR_H_ |
| 7 | |
| 8 | #include <string> |
| 9 | #include <vector> |
| 10 | |
| 11 | #include "base/basictypes.h" |
| 12 | #include "crypto/crypto_export.h" |
| 13 | |
| 14 | namespace crypto { |
| 15 | |
| 16 | class ECPrivateKey; |
| 17 | class ECSignatureCreator; |
| 18 | |
| 19 | class CRYPTO_EXPORT ECSignatureCreatorFactory { |
| 20 | public: |
| 21 | virtual ~ECSignatureCreatorFactory() {} |
| 22 | |
| 23 | virtual ECSignatureCreator* Create(ECPrivateKey* key) = 0; |
| 24 | }; |
| 25 | |
| 26 | // Signs data using a bare private key (as opposed to a full certificate). |
| 27 | // We need this class because SignatureCreator is hardcoded to use |
| 28 | // RSAPrivateKey. |
| 29 | class CRYPTO_EXPORT ECSignatureCreator { |
| 30 | public: |
| 31 | virtual ~ECSignatureCreator() {} |
| 32 | |
| 33 | // Create an instance. The caller must ensure that the provided PrivateKey |
| 34 | // instance outlives the created ECSignatureCreator. |
| 35 | // TODO(rch): This is currently hard coded to use SHA256. Ideally, we should |
| 36 | // pass in the hash algorithm identifier. |
| 37 | static ECSignatureCreator* Create(ECPrivateKey* key); |
| 38 | |
| 39 | // Set a factory to make the Create function return non-standard |
| 40 | // ECSignatureCreator objects. Because the ECDSA algorithm involves |
| 41 | // randomness, this is useful for higher-level tests that want to have |
| 42 | // deterministic mocked output to compare. |
| 43 | static void SetFactoryForTesting(ECSignatureCreatorFactory* factory); |
| 44 | |
| 45 | // Signs |data_len| bytes from |data| and writes the results into |
| 46 | // |signature| as a DER encoded ECDSA-Sig-Value from RFC 3279. |
| 47 | // |
| 48 | // ECDSA-Sig-Value ::= SEQUENCE { |
| 49 | // r INTEGER, |
| 50 | // s INTEGER } |
| 51 | virtual bool Sign(const uint8* data, |
| 52 | int data_len, |
| 53 | std::vector<uint8>* signature) = 0; |
| 54 | |
| 55 | // DecodeSignature converts from a DER encoded ECDSA-Sig-Value (as produced |
| 56 | // by Sign) to a `raw' ECDSA signature which consists of a pair of |
| 57 | // big-endian, zero-padded, 256-bit integers, r and s. On success it returns |
| 58 | // true and puts the raw signature into |out_raw_sig|. |
| 59 | // (Only P-256 signatures are supported.) |
| 60 | virtual bool DecodeSignature(const std::vector<uint8>& signature, |
| 61 | std::vector<uint8>* out_raw_sig) = 0; |
| 62 | }; |
| 63 | |
| 64 | } // namespace crypto |
| 65 | |
| 66 | #endif // CRYPTO_EC_SIGNATURE_CREATOR_H_ |