Home | History | Annotate | Download | only in crypto 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CRYPTO_EC_SIGNATURE_CREATOR_H_
      6 #define CRYPTO_EC_SIGNATURE_CREATOR_H_
      7 
      8 #include <string>
      9 #include <vector>
     10 
     11 #include "base/basictypes.h"
     12 #include "crypto/crypto_export.h"
     13 
     14 namespace crypto {
     15 
     16 class ECPrivateKey;
     17 class ECSignatureCreator;
     18 
     19 class CRYPTO_EXPORT ECSignatureCreatorFactory {
     20  public:
     21   virtual ~ECSignatureCreatorFactory() {}
     22 
     23   virtual ECSignatureCreator* Create(ECPrivateKey* key) = 0;
     24 };
     25 
     26 // Signs data using a bare private key (as opposed to a full certificate).
     27 // We need this class because SignatureCreator is hardcoded to use
     28 // RSAPrivateKey.
     29 class CRYPTO_EXPORT ECSignatureCreator {
     30  public:
     31   virtual ~ECSignatureCreator() {}
     32 
     33   // Create an instance. The caller must ensure that the provided PrivateKey
     34   // instance outlives the created ECSignatureCreator.
     35   // TODO(rch):  This is currently hard coded to use SHA256. Ideally, we should
     36   // pass in the hash algorithm identifier.
     37   static ECSignatureCreator* Create(ECPrivateKey* key);
     38 
     39   // Set a factory to make the Create function return non-standard
     40   // ECSignatureCreator objects.  Because the ECDSA algorithm involves
     41   // randomness, this is useful for higher-level tests that want to have
     42   // deterministic mocked output to compare.
     43   static void SetFactoryForTesting(ECSignatureCreatorFactory* factory);
     44 
     45   // Signs |data_len| bytes from |data| and writes the results into
     46   // |signature| as a DER encoded ECDSA-Sig-Value from RFC 3279.
     47   //
     48   //  ECDSA-Sig-Value ::= SEQUENCE {
     49   //    r     INTEGER,
     50   //    s     INTEGER }
     51   virtual bool Sign(const uint8* data,
     52                     int data_len,
     53                     std::vector<uint8>* signature) = 0;
     54 
     55   // DecodeSignature converts from a DER encoded ECDSA-Sig-Value (as produced
     56   // by Sign) to a `raw' ECDSA signature which consists of a pair of
     57   // big-endian, zero-padded, 256-bit integers, r and s. On success it returns
     58   // true and puts the raw signature into |out_raw_sig|.
     59   // (Only P-256 signatures are supported.)
     60   virtual bool DecodeSignature(const std::vector<uint8>& signature,
     61                                std::vector<uint8>* out_raw_sig) = 0;
     62 };
     63 
     64 }  // namespace crypto
     65 
     66 #endif  // CRYPTO_EC_SIGNATURE_CREATOR_H_
     67