Add constructor for ECDSA verifier which takes an EC_KEY.

Key Transparency gets keys in DER format, which can be easily deserialized into an EC_KEY. Extracting the curve and x,y points to make an EcKey struct which will then be converted back to an EC_KEY seemed unnecessary. PiperOrigin-RevId: 215790073 GitOrigin-RevId: 55ec839d1cf516c8ab7ba9461d854b542643bc16
pan3682110 · Oct 9, 2018 · 9b1116f · 9b1116f
1 parent 91b6f87
commit 9b1116f
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 10 deletions.
diff --git a/cc/subtle/ecdsa_verify_boringssl.cc b/cc/subtle/ecdsa_verify_boringssl.cc
@@ -83,15 +83,6 @@ crypto::tink::util::StatusOr<std::string> IeeeToDer(absl::string_view ieee,
 util::StatusOr<std::unique_ptr<EcdsaVerifyBoringSsl>> EcdsaVerifyBoringSsl::New(
     const SubtleUtilBoringSSL::EcKey& ec_key, HashType hash_type,
     EcdsaSignatureEncoding encoding) {
-  // Check hash.
-  auto hash_status = SubtleUtilBoringSSL::ValidateSignatureHash(hash_type);
-  if (!hash_status.ok()) {
-    return hash_status;
-  }
-  auto hash_result = SubtleUtilBoringSSL::EvpHash(hash_type);
-  if (!hash_result.ok()) return hash_result.status();
-  const EVP_MD* hash = hash_result.ValueOrDie();
-
   // Check curve.
   auto group_result(SubtleUtilBoringSSL::GetEcGroup(ec_key.curve));
   if (!group_result.ok()) return group_result.status();
@@ -109,8 +100,23 @@ util::StatusOr<std::unique_ptr<EcdsaVerifyBoringSsl>> EcdsaVerifyBoringSsl::New(
                         absl::StrCat("Invalid public key: ",
                                      SubtleUtilBoringSSL::GetErrors()));
   }
+  return New(std::move(key), hash_type, encoding);
+}
+
+// static
+util::StatusOr<std::unique_ptr<EcdsaVerifyBoringSsl>> EcdsaVerifyBoringSsl::New(
+    bssl::UniquePtr<EC_KEY> ec_key, HashType hash_type,
+    EcdsaSignatureEncoding encoding) {
+  // Check hash.
+  auto hash_status = SubtleUtilBoringSSL::ValidateSignatureHash(hash_type);
+  if (!hash_status.ok()) {
+    return hash_status;
+  }
+  auto hash_result = SubtleUtilBoringSSL::EvpHash(hash_type);
+  if (!hash_result.ok()) return hash_result.status();
+  const EVP_MD* hash = hash_result.ValueOrDie();
   std::unique_ptr<EcdsaVerifyBoringSsl> verify(
-      new EcdsaVerifyBoringSsl(key.release(), hash, encoding));
+      new EcdsaVerifyBoringSsl(ec_key.release(), hash, encoding));
   return std::move(verify);
 }
 

diff --git a/cc/subtle/ecdsa_verify_boringssl.h b/cc/subtle/ecdsa_verify_boringssl.h
@@ -38,6 +38,10 @@ class EcdsaVerifyBoringSsl : public PublicKeyVerify {
   New(const SubtleUtilBoringSSL::EcKey& ec_key, HashType hash_type,
       EcdsaSignatureEncoding encoding);
 
+  static crypto::tink::util::StatusOr<std::unique_ptr<EcdsaVerifyBoringSsl>>
+  New(bssl::UniquePtr<EC_KEY> ec_key, HashType hash_type,
+      EcdsaSignatureEncoding encoding);
+
   // Verifies that 'signature' is a digital signature for 'data'.
   crypto::tink::util::Status Verify(
       absl::string_view signature,