1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CRYPTO_SIGNATURE_VERIFIER_H_
6 #define CRYPTO_SIGNATURE_VERIFIER_H_
7 
8 #include <stdint.h>
9 
10 #include <memory>
11 #include <vector>
12 
13 #include "base/containers/span.h"
14 #include "build/build_config.h"
15 #include "crypto/crypto_export.h"
16 
17 namespace crypto {
18 
19 // The SignatureVerifier class verifies a signature using a bare public key
20 // (as opposed to a certificate).
21 class CRYPTO_EXPORT SignatureVerifier {
22  public:
23   // The set of supported signature algorithms. Extend as required.
24   enum SignatureAlgorithm {
25     RSA_PKCS1_SHA1,
26     RSA_PKCS1_SHA256,
27     ECDSA_SHA256,
28     // This is RSA-PSS with SHA-256 as both signing hash and MGF-1 hash, and the
29     // salt length matching the hash length.
30     RSA_PSS_SHA256,
31   };
32 
33   SignatureVerifier();
34   ~SignatureVerifier();
35 
36   // Streaming interface:
37 
38   // Initiates a signature verification operation.  This should be followed
39   // by one or more VerifyUpdate calls and a VerifyFinal call.
40   //
41   // The signature is encoded according to the signature algorithm.
42   //
43   // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo
44   // structure, which contains not only the public key but also its type
45   // (algorithm):
46   //   SubjectPublicKeyInfo  ::=  SEQUENCE  {
47   //       algorithm            AlgorithmIdentifier,
48   //       subjectPublicKey     BIT STRING  }
49   bool VerifyInit(SignatureAlgorithm signature_algorithm,
50                   base::span<const uint8_t> signature,
51                   base::span<const uint8_t> public_key_info);
52 
53   // Feeds a piece of the data to the signature verifier.
54   void VerifyUpdate(base::span<const uint8_t> data_part);
55 
56   // Concludes a signature verification operation.  Returns true if the
57   // signature is valid.  Returns false if the signature is invalid or an
58   // error occurred.
59   bool VerifyFinal();
60 
61  private:
62   void Reset();
63 
64   std::vector<uint8_t> signature_;
65 
66   struct VerifyContext;
67   std::unique_ptr<VerifyContext> verify_context_;
68 };
69 
70 }  // namespace crypto
71 
72 #endif  // CRYPTO_SIGNATURE_VERIFIER_H_
73