Add some policy controls for VerifySignedData().

net/cert/internal/signature_policy.h

+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_CERT_INTERNAL_SIGNATURE_POLICY_H_
+#define NET_CERT_INTERNAL_SIGNATURE_POLICY_H_
+
+#include "base/compiler_specific.h"
+#include "net/base/net_export.h"
+#include "net/cert/internal/signature_algorithm.h"
+
+namespace net {
+
+class SignatureAlgorithm;
+
+// SignaturePolicy is an interface (and base implementation) for applying
+// policies when verifying signed data. It lets callers override which
+// algorithms, named curves, and key sizes to allow.
+class NET_EXPORT SignaturePolicy {
+ public:
+  virtual ~SignaturePolicy() {}
+
+  // Implementations should return true if |algorithm| is acceptable. For
+  // instance, implementations could reject any signature algorithms that used
+  // SHA-1.
+  //
+  // The default implementation accepts all signature algorithms.
+  virtual bool IsAcceptableSignatureAlgorithm(
+      const SignatureAlgorithm& algorithm) const;
+
+  // Implementations should return true if |curve_nid| is an allowed
+  // elliptical curve. |curve_nid| is an object ID from BoringSSL (for example
+  // NID_secp384r1).

[davidben, 2015/08/03 18:52:48]

This means the interface has a BoringSSL dependency. I'm assuming this is
considered okay. (I certainly don't object. If anything, I think we should
depend on it more and use CBS_get_asn1 to parse DER.)

[eroman, 2015/08/06 21:15:38]

Acknowledged (left the dependency as-is)

+  //
+  // The default implementation accepts secp256r1, secp384r1, secp521r1 only.
+  virtual bool IsAcceptableCurveForEcdsa(int curve_nid) const;
+
+  // Implementations should return true if |modulus_length_bits| is an allowed
+  // RSA key size in bits.
+  //
+  // The default implementation accepts any modulus length >= 2048 bits.
+  virtual bool IsAcceptableModulusLengthForRsa(
+      size_t modulus_length_bits) const;
+};
+
+// SimpleSignaturePolicy modifies the base SignaturePolicy by allowing the
+// minimum RSA key length to be specified (rather than hard coded to 2048).
+class NET_EXPORT SimpleSignaturePolicy : public SignaturePolicy {

[davidben, 2015/08/03 18:52:49]

Do you expect this to be used outside of the test you put it in? Wondering if it
should just be in that one file. (I suppose there's if you want a default
policy. You actually could just instantiate SignaturePolicy as things are now,
though that's kinda odd.)

[eroman, 2015/08/06 21:15:38]

I *think* it will be used outside of the test, since I suspect a typical
behavior will be to verify using either 1024-bit min RSA keys or 2048-bit min
RSA keys, but not entirely sure how that will shake out.

Left it here for now but added myself a TODO(eroman) to follow-up on this once
we have the callers better fleshed out.

+ public:
+  explicit SimpleSignaturePolicy(size_t min_rsa_modulus_length_bits);
+
+  bool IsAcceptableModulusLengthForRsa(
+      size_t modulus_length_bits) const override;
+
+ private:
+  const size_t min_rsa_modulus_length_bits_;
+};
+
+}  // namespace net
+
+#endif  // NET_CERT_INTERNAL_SIGNATURE_POLICY_H_