1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CRYPTO_SIGNATURE_VERIFIER_H_
6 #define CRYPTO_SIGNATURE_VERIFIER_H_
7 
8 #include <stdint.h>
9 
10 #include <vector>
11 
12 #include "build/build_config.h"
13 #include "crypto/crypto_export.h"
14 
15 #if defined(USE_OPENSSL)
16 typedef struct env_md_st EVP_MD;
17 typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
18 #else
19 typedef struct HASHContextStr HASHContext;
20 typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
21 typedef struct VFYContextStr VFYContext;
22 #endif
23 
24 namespace crypto {
25 
26 // The SignatureVerifier class verifies a signature using a bare public key
27 // (as opposed to a certificate).
28 class CRYPTO_EXPORT SignatureVerifier {
29  public:
30   // The set of supported hash functions. Extend as required.
31   enum HashAlgorithm {
32     SHA1,
33     SHA256,
34   };
35 
36   SignatureVerifier();
37   ~SignatureVerifier();
38 
39   // Streaming interface:
40 
41   // Initiates a signature verification operation.  This should be followed
42   // by one or more VerifyUpdate calls and a VerifyFinal call.
43   // NOTE: for RSA-PSS signatures, use VerifyInitRSAPSS instead.
44   //
45   // The signature algorithm is specified as a DER encoded ASN.1
46   // AlgorithmIdentifier structure:
47   //   AlgorithmIdentifier  ::=  SEQUENCE  {
48   //       algorithm               OBJECT IDENTIFIER,
49   //       parameters              ANY DEFINED BY algorithm OPTIONAL  }
50   //
51   // The signature is encoded according to the signature algorithm, but it
52   // must not be further encoded in an ASN.1 BIT STRING.
53   // Note: An RSA signature is actually a big integer.  It must be in
54   // big-endian byte order.
55   //
56   // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo
57   // structure, which contains not only the public key but also its type
58   // (algorithm):
59   //   SubjectPublicKeyInfo  ::=  SEQUENCE  {
60   //       algorithm            AlgorithmIdentifier,
61   //       subjectPublicKey     BIT STRING  }
62   bool VerifyInit(const uint8_t* signature_algorithm,
63                   int signature_algorithm_len,
64                   const uint8_t* signature,
65                   int signature_len,
66                   const uint8_t* public_key_info,
67                   int public_key_info_len);
68 
69   // Initiates a RSA-PSS signature verification operation.  This should be
70   // followed by one or more VerifyUpdate calls and a VerifyFinal call.
71   //
72   // The RSA-PSS signature algorithm parameters are specified with the
73   // |hash_alg|, |mask_hash_alg|, and |salt_len| arguments.
74   //
75   // An RSA-PSS signature is a nonnegative integer encoded as a byte string
76   // (of the same length as the RSA modulus) in big-endian byte order. It
77   // must not be further encoded in an ASN.1 BIT STRING.
78   //
79   // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo
80   // structure, which contains not only the public key but also its type
81   // (algorithm):
82   //   SubjectPublicKeyInfo  ::=  SEQUENCE  {
83   //       algorithm            AlgorithmIdentifier,
84   //       subjectPublicKey     BIT STRING  }
85   bool VerifyInitRSAPSS(HashAlgorithm hash_alg,
86                         HashAlgorithm mask_hash_alg,
87                         int salt_len,
88                         const uint8_t* signature,
89                         int signature_len,
90                         const uint8_t* public_key_info,
91                         int public_key_info_len);
92 
93   // Feeds a piece of the data to the signature verifier.
94   void VerifyUpdate(const uint8_t* data_part, int data_part_len);
95 
96   // Concludes a signature verification operation.  Returns true if the
97   // signature is valid.  Returns false if the signature is invalid or an
98   // error occurred.
99   bool VerifyFinal();
100 
101   // Note: we can provide a one-shot interface if there is interest:
102   //   bool Verify(const uint8_t* data,
103   //               int data_len,
104   //               const uint8_t* signature_algorithm,
105   //               int signature_algorithm_len,
106   //               const uint8_t* signature,
107   //               int signature_len,
108   //               const uint8_t* public_key_info,
109   //               int public_key_info_len);
110 
111  private:
112 #if defined(USE_OPENSSL)
113   bool CommonInit(const EVP_MD* digest,
114                   const uint8_t* signature,
115                   int signature_len,
116                   const uint8_t* public_key_info,
117                   int public_key_info_len,
118                   EVP_PKEY_CTX** pkey_ctx);
119 #else
120   static SECKEYPublicKey* DecodePublicKeyInfo(const uint8_t* public_key_info,
121                                               int public_key_info_len);
122 #endif
123 
124   void Reset();
125 
126   std::vector<uint8_t> signature_;
127 
128 #if defined(USE_OPENSSL)
129   struct VerifyContext;
130   VerifyContext* verify_context_;
131 #else
132   // Used for all signature types except RSA-PSS.
133   VFYContext* vfy_context_;
134 
135   // Used for RSA-PSS signatures.
136   HashAlgorithm hash_alg_;
137   HashAlgorithm mask_hash_alg_;
138   unsigned int salt_len_;
139   SECKEYPublicKey* public_key_;
140   HASHContext* hash_context_;
141 #endif
142 };
143 
144 }  // namespace crypto
145 
146 #endif  // CRYPTO_SIGNATURE_VERIFIER_H_
147