1 files changed, 11 insertions, 23 deletions

diff --git a/crypto/signature_verifier.h b/crypto/signature_verifier.h
index b26a0df..5b7369f 100644
--- a/crypto/signature_verifier.h
+++ b/crypto/signature_verifier.h
@@ -33,6 +33,13 @@ class CRYPTO_EXPORT SignatureVerifier {
     SHA256,
   };
 
+  // The set of supported signature algorithms. Extend as required.
+  enum SignatureAlgorithm {
+    RSA_PKCS1_SHA1,
+    RSA_PKCS1_SHA256,
+    ECDSA_SHA256,
+  };
+
   SignatureVerifier();
   ~SignatureVerifier();
 
@@ -42,16 +49,7 @@ class CRYPTO_EXPORT SignatureVerifier {
   // by one or more VerifyUpdate calls and a VerifyFinal call.
   // NOTE: for RSA-PSS signatures, use VerifyInitRSAPSS instead.
   //
-  // The signature algorithm is specified as a DER encoded ASN.1
-  // AlgorithmIdentifier structure:
-  //   AlgorithmIdentifier  ::=  SEQUENCE  {
-  //       algorithm               OBJECT IDENTIFIER,
-  //       parameters              ANY DEFINED BY algorithm OPTIONAL  }
-  //
-  // The signature is encoded according to the signature algorithm, but it
-  // must not be further encoded in an ASN.1 BIT STRING.
-  // Note: An RSA signature is actually a big integer.  It must be in
-  // big-endian byte order.
+  // The signature is encoded according to the signature algorithm.
   //
   // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo
   // structure, which contains not only the public key but also its type
@@ -59,8 +57,7 @@ class CRYPTO_EXPORT SignatureVerifier {
   //   SubjectPublicKeyInfo  ::=  SEQUENCE  {
   //       algorithm            AlgorithmIdentifier,
   //       subjectPublicKey     BIT STRING  }
-  bool VerifyInit(const uint8_t* signature_algorithm,
-                  int signature_algorithm_len,
+  bool VerifyInit(SignatureAlgorithm signature_algorithm,
                   const uint8_t* signature,
                   int signature_len,
                   const uint8_t* public_key_info,
@@ -98,19 +95,10 @@ class CRYPTO_EXPORT SignatureVerifier {
   // error occurred.
   bool VerifyFinal();
 
-  // Note: we can provide a one-shot interface if there is interest:
-  //   bool Verify(const uint8_t* data,
-  //               int data_len,
-  //               const uint8_t* signature_algorithm,
-  //               int signature_algorithm_len,
-  //               const uint8_t* signature,
-  //               int signature_len,
-  //               const uint8_t* public_key_info,
-  //               int public_key_info_len);
-
  private:
 #if defined(USE_OPENSSL)
-  bool CommonInit(const EVP_MD* digest,
+  bool CommonInit(int pkey_type,
+                  const EVP_MD* digest,
                   const uint8_t* signature,
                   int signature_len,
                   const uint8_t* public_key_info,