crypto/ec_signature_creator.h - Issue 10910226: crypto: change ECSignatureCreator defaults to match SPDY.

Side by Side Diff: crypto/ec_signature_creator.h

Issue 10910226: crypto: change ECSignatureCreator defaults to match SPDY. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Address wtc's comments Created 8 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef CRYPTO_EC_SIGNATURE_CREATOR_H_	5 #ifndef CRYPTO_EC_SIGNATURE_CREATOR_H_

6 #define CRYPTO_EC_SIGNATURE_CREATOR_H_	6 #define CRYPTO_EC_SIGNATURE_CREATOR_H_

7	7

	8 #include <string>

8 #include <vector>	9 #include <vector>

9	10

10 #include "base/basictypes.h"	11 #include "base/basictypes.h"

11 #include "crypto/crypto_export.h"	12 #include "crypto/crypto_export.h"

12	13

13 namespace crypto {	14 namespace crypto {

14	15

15 class ECPrivateKey;	16 class ECPrivateKey;

16 class ECSignatureCreator;	17 class ECSignatureCreator;

17	18

18 class CRYPTO_EXPORT ECSignatureCreatorFactory {	19 class CRYPTO_EXPORT ECSignatureCreatorFactory {

19 public:	20 public:

20 virtual ~ECSignatureCreatorFactory() {}	21 virtual ~ECSignatureCreatorFactory() {}

21	22

22 virtual ECSignatureCreator* Create(ECPrivateKey* key) = 0;	23 virtual ECSignatureCreator* Create(ECPrivateKey* key) = 0;

23 };	24 };

24	25

25 // Signs data using a bare private key (as opposed to a full certificate).	26 // Signs data using a bare private key (as opposed to a full certificate).

26 // We need this class because SignatureCreator is hardcoded to use	27 // We need this class because SignatureCreator is hardcoded to use

27 // RSAPrivateKey.	28 // RSAPrivateKey.

28 class CRYPTO_EXPORT ECSignatureCreator {	29 class CRYPTO_EXPORT ECSignatureCreator {

29 public:	30 public:

30 virtual ~ECSignatureCreator() {}	31 virtual ~ECSignatureCreator() {}

31	32

32 // Create an instance. The caller must ensure that the provided PrivateKey	33 // Create an instance. The caller must ensure that the provided PrivateKey

33 // instance outlives the created ECSignatureCreator.	34 // instance outlives the created ECSignatureCreator.

34 // TODO(rch): This is currently hard coded to use SHA1. Ideally, we should	35 // TODO(rch): This is currently hard coded to use SHA256. Ideally, we should

35 // pass in the hash algorithm identifier.	36 // pass in the hash algorithm identifier.

36 static ECSignatureCreator* Create(ECPrivateKey* key);	37 static ECSignatureCreator* Create(ECPrivateKey* key);

37	38

38 // Set a factory to make the Create function return non-standard	39 // Set a factory to make the Create function return non-standard

39 // ECSignatureCreator objects. Because the ECDSA algorithm involves	40 // ECSignatureCreator objects. Because the ECDSA algorithm involves

40 // randomness, this is useful for higher-level tests that want to have	41 // randomness, this is useful for higher-level tests that want to have

41 // deterministic mocked output to compare.	42 // deterministic mocked output to compare.

42 static void SetFactoryForTesting(ECSignatureCreatorFactory* factory);	43 static void SetFactoryForTesting(ECSignatureCreatorFactory* factory);

43	44

44 // Signs \|data_len\| bytes from \|data\| and writes the results into	45 // Signs \|data_len\| bytes from \|data\| and writes the results into

45 // \|signature\| as a DER encoded ECDSA-Sig-Value from RFC 3279.	46 // \|signature\| as a DER encoded ECDSA-Sig-Value from RFC 3279.

46 //	47 //

47 // ECDSA-Sig-Value ::= SEQUENCE {	48 // ECDSA-Sig-Value ::= SEQUENCE {

48 // r INTEGER,	49 // r INTEGER,

49 // s INTEGER }	50 // s INTEGER }

50 virtual bool Sign(const uint8* data,	51 virtual bool Sign(const uint8* data,

51 int data_len,	52 int data_len,

52 std::vector<uint8>* signature) = 0;	53 std::vector<uint8>* signature) = 0;

	54

	55 // DecodeSignature converts from a DER encoded ECDSA-Sig-Value (as produced

	56 // by Sign) to a `raw' ECDSA signature which consists of a pair of

	57 // big-endian, zero-padded, 256-bit integers, r and s. On success it returns
	wtc 2012/09/12 22:06:27 The size of r and s depends on the ECPrivateKey ob The size of r and s depends on the ECPrivateKey object. It is fine to say "256-bit" for now because I think we can only create P-256 ECPrivateKeys. It seems bad to use different types for input and output. Is std::string more convenient for the SPDY code? agl 2012/09/13 20:17:59 I've changed the output to also be a std::vector<u Show quoted text On 2012/09/12 22:06:27, wtc wrote: > > The size of r and s depends on the ECPrivateKey object. > It is fine to say "256-bit" for now because I think we can > only create P-256 ECPrivateKeys. > > It seems bad to use different types for input and output. > Is std::string more convenient for the SPDY code? I've changed the output to also be a std::vector<uint8>
	58 // true and puts the raw signature into \|out_raw_sig\|.

	59 virtual bool DecodeSignature(const std::vector<uint8>& signature,

	60 std::string* out_raw_sig) = 0;

53 };	61 };

54	62

55 } // namespace crypto	63 } // namespace crypto

56	64

57 #endif // CRYPTO_EC_SIGNATURE_CREATOR_H_	65 #endif // CRYPTO_EC_SIGNATURE_CREATOR_H_

OLD	NEW

« no previous file with comments | « no previous file | crypto/ec_signature_creator_impl.h » ('j') | crypto/ec_signature_creator_nss.cc » ('J')