1 // Copyright 2012 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CRYPTO_EC_SIGNATURE_CREATOR_H_ 6 #define CRYPTO_EC_SIGNATURE_CREATOR_H_ 7 8 #include <stdint.h> 9 10 #include <memory> 11 #include <string> 12 #include <vector> 13 14 #include "base/containers/span.h" 15 #include "crypto/crypto_export.h" 16 17 namespace crypto { 18 19 class ECPrivateKey; 20 class ECSignatureCreator; 21 22 // Signs data using a bare private key (as opposed to a full certificate). 23 // We need this class because SignatureCreator is hardcoded to use 24 // RSAPrivateKey. 25 class CRYPTO_EXPORT ECSignatureCreator { 26 public: ~ECSignatureCreator()27 virtual ~ECSignatureCreator() {} 28 29 // Create an instance. The caller must ensure that the provided PrivateKey 30 // instance outlives the created ECSignatureCreator. 31 // TODO(rch): This is currently hard coded to use SHA256. Ideally, we should 32 // pass in the hash algorithm identifier. 33 static std::unique_ptr<ECSignatureCreator> Create(ECPrivateKey* key); 34 35 // Signs |data| and writes the results into |signature| as a DER encoded 36 // ECDSA-Sig-Value from RFC 3279. 37 // 38 // ECDSA-Sig-Value ::= SEQUENCE { 39 // r INTEGER, 40 // s INTEGER } 41 virtual bool Sign(base::span<const uint8_t> data, 42 std::vector<uint8_t>* signature) = 0; 43 44 // DecodeSignature converts from a DER encoded ECDSA-Sig-Value (as produced 45 // by Sign) to a `raw' ECDSA signature which consists of a pair of 46 // big-endian, zero-padded, 256-bit integers, r and s. On success it returns 47 // true and puts the raw signature into |out_raw_sig|. 48 // (Only P-256 signatures are supported.) 49 virtual bool DecodeSignature(const std::vector<uint8_t>& signature, 50 std::vector<uint8_t>* out_raw_sig) = 0; 51 }; 52 53 } // namespace crypto 54 55 #endif // CRYPTO_EC_SIGNATURE_CREATOR_H_ 56