Add DER parsing of AlgorithmId for signatures.

net/cert/internal/signature_algorithm.h

+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_CERT_INTERNAL_SIGNATURE_ALGORITHM_H_
+#define NET_CERT_INTERNAL_SIGNATURE_ALGORITHM_H_
+
+#include <stdint.h>
+
+#include "base/basictypes.h"
+#include "base/compiler_specific.h"
+#include "base/memory/scoped_ptr.h"
+#include "net/base/net_export.h"
+
+namespace net {
+
+namespace der {
+class Input;
+}  // namespace der
+
+// The digest algorithm used within a signature.
+enum class DigestAlgorithm {
+  Sha1,
+  Sha256,
+  Sha384,
+  Sha512,
+};
+
+// The signature scheme used within a signature. Parameters are specified
+// separately.
+enum class SignatureAlgorithmId {
+  RsaPkcs1,  // RSA PKCS#1 v1.5
+  RsaPss,    // RSASSA-PSS
+  Ecdsa,     // ECDSA
+};
+
+// Base class for describing algorithm parameters.
+class NET_EXPORT SignatureAlgorithmParameters {
+ public:
+  SignatureAlgorithmParameters() {}
+  virtual ~SignatureAlgorithmParameters(){};
+
+  // Returns true if the two parameters are identical. This must only be called
+  // with instances of the same type (so it is safe for implementations to
+  // cast).

[Ryan Sleevi, 2015/07/16 03:46:37]

Still feels like we're stuck between a footgun ("you must do this" -> no one
will do this) and an RTTI implementation (exposing SignatureAlgorithmId on the
base class)

Is it even necessary to have the virtual Equals method, since anyone who knows
the parameters are identical can cast to the derived class and do the comparison
there (e.g. having RsaPssParameters have a non-virtual Equals)

[eroman, 2015/07/16 05:23:06]

I removed the virtual in favor of a different approach.

+  virtual bool Equals(const SignatureAlgorithmParameters* other) const = 0;
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(SignatureAlgorithmParameters);
+};
+
+// Parameters for an RSASSA-PSS signature algorithm.
+//
+// The trailer is assumed to be 1 and the mask generation algorithm to be MGF1,
+// as that is all that is implemented, and any other values while parsing the
+// AlgorithmIdentifier will thus be rejected.
+class NET_EXPORT RsaPssParameters : public SignatureAlgorithmParameters {
+ public:
+  RsaPssParameters(DigestAlgorithm mgf1_hash, uint32_t salt_length);
+
+  bool Equals(const SignatureAlgorithmParameters* other) const override;
+
+  DigestAlgorithm mgf1_hash() const { return mgf1_hash_; }
+  uint32_t salt_length() const { return salt_length_; }
+
+ private:
+  const DigestAlgorithm mgf1_hash_;
+  const uint32_t salt_length_;
+};
+
+// SignatureAlgorithm describes a signature algorithm and its parameters. This
+// corresponds to "AlgorithmIdentifier" from RFC 5280.
+class NET_EXPORT SignatureAlgorithm {
+ public:
+  ~SignatureAlgorithm();
+
+  SignatureAlgorithmId algorithm() const { return algorithm_; }
+  DigestAlgorithm digest() const { return digest_; }
+
+  // Creates a SignatureAlgorithm by parsing a DER-encoded "AlgorithmIdentifier"
+  // (RFC 5280). Returns nullptr on failure.
+  static scoped_ptr<SignatureAlgorithm> CreateFromDer(
+      const der::Input& algorithm_identifier);
+
+  // Creates a new SignatureAlgorithm with the given type and parameters.
+  static scoped_ptr<SignatureAlgorithm> CreateRsaPkcs1(DigestAlgorithm digest);
+  static scoped_ptr<SignatureAlgorithm> CreateEcdsa(DigestAlgorithm digest);
+  static scoped_ptr<SignatureAlgorithm> CreateRsaPss(DigestAlgorithm digest,
+                                                     DigestAlgorithm mgf1_hash,
+                                                     uint32_t salt_length);
+
+  // Returns true if |*this| is equivalent to |other|. This compares both the
+  // algorithm ID and each parameter for equality.
+  bool Equals(const SignatureAlgorithm& other) const WARN_UNUSED_RESULT;
+
+  // The following methods retrieve the parameters for the signature algorithm.
+  //
+  // The correct parameters should be chosen based on the algorithm ID. For
+  // instance a SignatureAlgorithm with |algorithm() == RsaPss| should retrieve
+  // parameters via ParametersForRsaPss().
+  //
+  // The returned pointer is non-owned, and has the same lifetime as |this|.
+  const RsaPssParameters* ParamsForRsaPss() const;
+
+ private:
+  SignatureAlgorithm(SignatureAlgorithmId algorithm,
+                     DigestAlgorithm digest,
+                     scoped_ptr<SignatureAlgorithmParameters> params);
+
+  const SignatureAlgorithmId algorithm_;
+  const DigestAlgorithm digest_;
+  const scoped_ptr<SignatureAlgorithmParameters> params_;
+
+  DISALLOW_COPY_AND_ASSIGN(SignatureAlgorithm);
+};
+
+}  // namespace net
+
+#endif  // NET_CERT_INTERNAL_SIGNATURE_ALGORITHM_H_