net/cert/internal/signature_policy.h - Issue 1259313002: Add some policy controls for VerifySignedData().

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: net/cert/internal/signature_policy.h

Issue 1259313002: Add some policy controls for VerifySignedData(). (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@add_python

Patch Set: Address more comments Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2015 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef NET_CERT_INTERNAL_SIGNATURE_POLICY_H_

	6 #define NET_CERT_INTERNAL_SIGNATURE_POLICY_H_

	7

	8 #include "base/compiler_specific.h"

	9 #include "net/base/net_export.h"

	10 #include "net/cert/internal/signature_algorithm.h"

	11

	12 namespace net {

	13

	14 class SignatureAlgorithm;

	15

	16 // SignaturePolicy is an interface (and base implementation) for applying

	17 // policies when verifying signed data. It lets callers override which

	18 // algorithms, named curves, and key sizes to allow.

	19 class NET_EXPORT SignaturePolicy {

	20 public:

	21 virtual ~SignaturePolicy() {}

	22

	23 // Implementations should return true if \|algorithm\| is acceptable. For

	24 // instance, implementations could reject any signature algorithms that used

	25 // SHA-1.

	26 //

	27 // The default implementation accepts all signature algorithms.

	28 virtual bool IsAcceptableSignatureAlgorithm(

	29 const SignatureAlgorithm& algorithm) const;

	30

	31 // Implementations should return true if \|curve_nid\| is an allowed

	32 // elliptical curve. \|curve_nid\| is an object ID from BoringSSL (for example

	33 // NID_secp384r1).

	34 //

	35 // The default implementation accepts secp256r1, secp384r1, secp521r1 only.

	36 virtual bool IsAcceptableCurveForEcdsa(int curve_nid) const;

	37

	38 // Implementations should return true if \|modulus_length_bits\| is an allowed

	39 // RSA key size in bits.

	40 //

	41 // The default implementation accepts any modulus length >= 2048 bits.

	42 virtual bool IsAcceptableModulusLengthForRsa(

	43 size_t modulus_length_bits) const;

	44 };

	45

	46 // SimpleSignaturePolicy modifies the base SignaturePolicy by allowing the

	47 // minimum RSA key length to be specified (rather than hard coded to 2048).

	48 //

	49 // TODO(eroman): This is currently just used by a test. If it ends up being

	50 // only useful for the unit-test then move it directly to that test file.

	51 class NET_EXPORT SimpleSignaturePolicy : public SignaturePolicy {

	52 public:

	53 explicit SimpleSignaturePolicy(size_t min_rsa_modulus_length_bits);

	54

	55 bool IsAcceptableModulusLengthForRsa(

	56 size_t modulus_length_bits) const override;

	57

	58 private:

	59 const size_t min_rsa_modulus_length_bits_;

	60 };

	61

	62 } // namespace net

	63

	64 #endif // NET_CERT_INTERNAL_SIGNATURE_POLICY_H_

OLD	NEW

« no previous file with comments | « no previous file | net/cert/internal/signature_policy.cc » ('j') | no next file with comments »