Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(293)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/signature_policy.h

Issue 2289363004: Add error information to VerifySignedData(). (Closed)
Patch Set: checkpoint Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/cast_certificate/cast_crl.cc ('k') | net/cert/internal/signature_policy.cc » ('j') | net/cert/internal/verify_certificate_chain.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_CERT_INTERNAL_SIGNATURE_POLICY_H_ 5 #ifndef NET_CERT_INTERNAL_SIGNATURE_POLICY_H_
6 #define NET_CERT_INTERNAL_SIGNATURE_POLICY_H_ 6 #define NET_CERT_INTERNAL_SIGNATURE_POLICY_H_
7 7
8 #include <stddef.h> 8 #include <stddef.h>
9 9
10 #include "base/compiler_specific.h" 10 #include "base/compiler_specific.h"
11 #include "net/base/net_export.h" 11 #include "net/base/net_export.h"
12 #include "net/cert/internal/signature_algorithm.h" 12 #include "net/cert/internal/signature_algorithm.h"
13 13
14 namespace net { 14 namespace net {
15 15
16 class CertErrors;
16 class SignatureAlgorithm; 17 class SignatureAlgorithm;
17 18
18 // SignaturePolicy is an interface (and base implementation) for applying 19 // SignaturePolicy is an interface (and base implementation) for applying
19 // policies when verifying signed data. It lets callers override which 20 // policies when verifying signed data. It lets callers override which
20 // algorithms, named curves, and key sizes to allow. 21 // algorithms, named curves, and key sizes to allow.
21 class NET_EXPORT SignaturePolicy { 22 class NET_EXPORT SignaturePolicy {
22 public: 23 public:
23 virtual ~SignaturePolicy() {} 24 virtual ~SignaturePolicy() {}
24 25
25 // Implementations should return true if |algorithm| is acceptable. For 26 // Implementations should return true if |algorithm| is acceptable. For
26 // instance, implementations could reject any signature algorithms that used 27 // instance, implementations could reject any signature algorithms that used
27 // SHA-1. 28 // SHA-1.
28 // 29 //
29 // The default implementation accepts all signature algorithms. 30 // The default implementation accepts all signature algorithms.
30 virtual bool IsAcceptableSignatureAlgorithm( 31 virtual bool IsAcceptableSignatureAlgorithm(
31 const SignatureAlgorithm& algorithm) const; 32 const SignatureAlgorithm& algorithm,
33 CertErrors* errors) const;
32 34
33 // Implementations should return true if |curve_nid| is an allowed 35 // Implementations should return true if |curve_nid| is an allowed
34 // elliptical curve. |curve_nid| is an object ID from BoringSSL (for example 36 // elliptical curve. |curve_nid| is an object ID from BoringSSL (for example
35 // NID_secp384r1). 37 // NID_secp384r1).
36 // 38 //
37 // The default implementation accepts secp256r1, secp384r1, secp521r1 only. 39 // The default implementation accepts secp256r1, secp384r1, secp521r1 only.
38 virtual bool IsAcceptableCurveForEcdsa(int curve_nid) const; 40 virtual bool IsAcceptableCurveForEcdsa(int curve_nid,
41 CertErrors* errors) const;
39 42
40 // Implementations should return true if |modulus_length_bits| is an allowed 43 // Implementations should return true if |modulus_length_bits| is an allowed
41 // RSA key size in bits. 44 // RSA key size in bits.
42 // 45 //
43 // The default implementation accepts any modulus length >= 2048 bits. 46 // The default implementation accepts any modulus length >= 2048 bits.
44 virtual bool IsAcceptableModulusLengthForRsa( 47 virtual bool IsAcceptableModulusLengthForRsa(size_t modulus_length_bits,
45 size_t modulus_length_bits) const; 48 CertErrors* errors) const;
46 }; 49 };
47 50
48 // SimpleSignaturePolicy modifies the base SignaturePolicy by allowing the 51 // SimpleSignaturePolicy modifies the base SignaturePolicy by allowing the
49 // minimum RSA key length to be specified (rather than hard coded to 2048). 52 // minimum RSA key length to be specified (rather than hard coded to 2048).
50 class NET_EXPORT SimpleSignaturePolicy : public SignaturePolicy { 53 class NET_EXPORT SimpleSignaturePolicy : public SignaturePolicy {
51 public: 54 public:
52 explicit SimpleSignaturePolicy(size_t min_rsa_modulus_length_bits); 55 explicit SimpleSignaturePolicy(size_t min_rsa_modulus_length_bits);
53 56
54 bool IsAcceptableModulusLengthForRsa( 57 bool IsAcceptableModulusLengthForRsa(size_t modulus_length_bits,
55 size_t modulus_length_bits) const override; 58 CertErrors* errors) const override;
56 59
57 private: 60 private:
58 const size_t min_rsa_modulus_length_bits_; 61 const size_t min_rsa_modulus_length_bits_;
59 }; 62 };
60 63
61 } // namespace net 64 } // namespace net
62 65
63 #endif // NET_CERT_INTERNAL_SIGNATURE_POLICY_H_ 66 #endif // NET_CERT_INTERNAL_SIGNATURE_POLICY_H_
OLDNEW
« no previous file with comments | « components/cast_certificate/cast_crl.cc ('k') | net/cert/internal/signature_policy.cc » ('j') | net/cert/internal/verify_certificate_chain.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698