Switch SignatureVerifier to taking an algorithm enum.

The existing API and implementation were problematic for several reasons.

- It is very unclear what algorithms were supported.

- Everyone was using it as an enum anyway, but it required copy-and-pasting
  giant strings all over the codebase.

- The API is dangerous. Anyone not using it as an enum (i.e. taking an
  AlgorithmIdentifier from another source) opens themselves up to accepting any
  random algorithm and parameters the underlying implementation knew how to
  parse.

- It relies on EVP_get_digestbyobj extracting the hash for RSA-PKCS1-FOO
  signature OIDs. This is weird and, for EVP_get_digestbyobj, Chromium appears
  to be one of the only two consumers still relying on this. This is a
  remnant of OpenSSL's old EVP_Sign* APIs.

- The old EVP_get_digestbyobj implementation failed to check that ECDSA
  public keys weren't used for an RSA algorithm, etc.

- The old EVP_get_digestbyobj implementation happily accepted OIDs for hashes
  as signature algorithm OIDs.

This removes a use of openssl/x509.h from //crypto.

BUG=499653

Review URL: https://codereview.chromium.org/1679873005

Cr-Commit-Position: refs/heads/master@{#379014}

1 files changed, 11 insertions, 23 deletions

diff --git a/crypto/signature_verifier.h b/crypto/signature_verifier.h
index b26a0df..5b7369f 100644
--- a/crypto/signature_verifier.h
+++ b/crypto/signature_verifier.h
@@ -33,6 +33,13 @@ class CRYPTO_EXPORT SignatureVerifier {
     SHA256,
   };
 
+  // The set of supported signature algorithms. Extend as required.
+  enum SignatureAlgorithm {
+    RSA_PKCS1_SHA1,
+    RSA_PKCS1_SHA256,
+    ECDSA_SHA256,
+  };
+
   SignatureVerifier();
   ~SignatureVerifier();
 
@@ -42,16 +49,7 @@ class CRYPTO_EXPORT SignatureVerifier {
   // by one or more VerifyUpdate calls and a VerifyFinal call.
   // NOTE: for RSA-PSS signatures, use VerifyInitRSAPSS instead.
   //
-  // The signature algorithm is specified as a DER encoded ASN.1
-  // AlgorithmIdentifier structure:
-  //   AlgorithmIdentifier  ::=  SEQUENCE  {
-  //       algorithm               OBJECT IDENTIFIER,
-  //       parameters              ANY DEFINED BY algorithm OPTIONAL  }
-  //
-  // The signature is encoded according to the signature algorithm, but it
-  // must not be further encoded in an ASN.1 BIT STRING.
-  // Note: An RSA signature is actually a big integer.  It must be in
-  // big-endian byte order.
+  // The signature is encoded according to the signature algorithm.
   //
   // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo
   // structure, which contains not only the public key but also its type
@@ -59,8 +57,7 @@ class CRYPTO_EXPORT SignatureVerifier {
   //   SubjectPublicKeyInfo  ::=  SEQUENCE  {
   //       algorithm            AlgorithmIdentifier,
   //       subjectPublicKey     BIT STRING  }
-  bool VerifyInit(const uint8_t* signature_algorithm,
-                  int signature_algorithm_len,
+  bool VerifyInit(SignatureAlgorithm signature_algorithm,
                   const uint8_t* signature,
                   int signature_len,
                   const uint8_t* public_key_info,
@@ -98,19 +95,10 @@ class CRYPTO_EXPORT SignatureVerifier {
   // error occurred.
   bool VerifyFinal();
 
-  // Note: we can provide a one-shot interface if there is interest:
-  //   bool Verify(const uint8_t* data,
-  //               int data_len,
-  //               const uint8_t* signature_algorithm,
-  //               int signature_algorithm_len,
-  //               const uint8_t* signature,
-  //               int signature_len,
-  //               const uint8_t* public_key_info,
-  //               int public_key_info_len);
-
  private:
 #if defined(USE_OPENSSL)
-  bool CommonInit(const EVP_MD* digest,
+  bool CommonInit(int pkey_type,
+                  const EVP_MD* digest,
                   const uint8_t* signature,
                   int signature_len,
                   const uint8_t* public_key_info,