1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CRYPTO_SIGNATURE_VERIFIER_H_ 6 #define CRYPTO_SIGNATURE_VERIFIER_H_ 7 8 #include <stdint.h> 9 10 #include <vector> 11 12 #include "build/build_config.h" 13 #include "crypto/crypto_export.h" 14 15 #if defined(USE_OPENSSL) 16 typedef struct env_md_st EVP_MD; 17 typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; 18 #else 19 typedef struct HASHContextStr HASHContext; 20 typedef struct SECKEYPublicKeyStr SECKEYPublicKey; 21 typedef struct VFYContextStr VFYContext; 22 #endif 23 24 namespace crypto { 25 26 // The SignatureVerifier class verifies a signature using a bare public key 27 // (as opposed to a certificate). 28 class CRYPTO_EXPORT SignatureVerifier { 29 public: 30 // The set of supported hash functions. Extend as required. 31 enum HashAlgorithm { 32 SHA1, 33 SHA256, 34 }; 35 36 SignatureVerifier(); 37 ~SignatureVerifier(); 38 39 // Streaming interface: 40 41 // Initiates a signature verification operation. This should be followed 42 // by one or more VerifyUpdate calls and a VerifyFinal call. 43 // NOTE: for RSA-PSS signatures, use VerifyInitRSAPSS instead. 44 // 45 // The signature algorithm is specified as a DER encoded ASN.1 46 // AlgorithmIdentifier structure: 47 // AlgorithmIdentifier ::= SEQUENCE { 48 // algorithm OBJECT IDENTIFIER, 49 // parameters ANY DEFINED BY algorithm OPTIONAL } 50 // 51 // The signature is encoded according to the signature algorithm, but it 52 // must not be further encoded in an ASN.1 BIT STRING. 53 // Note: An RSA signature is actually a big integer. It must be in 54 // big-endian byte order. 55 // 56 // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo 57 // structure, which contains not only the public key but also its type 58 // (algorithm): 59 // SubjectPublicKeyInfo ::= SEQUENCE { 60 // algorithm AlgorithmIdentifier, 61 // subjectPublicKey BIT STRING } 62 bool VerifyInit(const uint8_t* signature_algorithm, 63 int signature_algorithm_len, 64 const uint8_t* signature, 65 int signature_len, 66 const uint8_t* public_key_info, 67 int public_key_info_len); 68 69 // Initiates a RSA-PSS signature verification operation. This should be 70 // followed by one or more VerifyUpdate calls and a VerifyFinal call. 71 // 72 // The RSA-PSS signature algorithm parameters are specified with the 73 // |hash_alg|, |mask_hash_alg|, and |salt_len| arguments. 74 // 75 // An RSA-PSS signature is a nonnegative integer encoded as a byte string 76 // (of the same length as the RSA modulus) in big-endian byte order. It 77 // must not be further encoded in an ASN.1 BIT STRING. 78 // 79 // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo 80 // structure, which contains not only the public key but also its type 81 // (algorithm): 82 // SubjectPublicKeyInfo ::= SEQUENCE { 83 // algorithm AlgorithmIdentifier, 84 // subjectPublicKey BIT STRING } 85 bool VerifyInitRSAPSS(HashAlgorithm hash_alg, 86 HashAlgorithm mask_hash_alg, 87 int salt_len, 88 const uint8_t* signature, 89 int signature_len, 90 const uint8_t* public_key_info, 91 int public_key_info_len); 92 93 // Feeds a piece of the data to the signature verifier. 94 void VerifyUpdate(const uint8_t* data_part, int data_part_len); 95 96 // Concludes a signature verification operation. Returns true if the 97 // signature is valid. Returns false if the signature is invalid or an 98 // error occurred. 99 bool VerifyFinal(); 100 101 // Note: we can provide a one-shot interface if there is interest: 102 // bool Verify(const uint8_t* data, 103 // int data_len, 104 // const uint8_t* signature_algorithm, 105 // int signature_algorithm_len, 106 // const uint8_t* signature, 107 // int signature_len, 108 // const uint8_t* public_key_info, 109 // int public_key_info_len); 110 111 private: 112 #if defined(USE_OPENSSL) 113 bool CommonInit(const EVP_MD* digest, 114 const uint8_t* signature, 115 int signature_len, 116 const uint8_t* public_key_info, 117 int public_key_info_len, 118 EVP_PKEY_CTX** pkey_ctx); 119 #else 120 static SECKEYPublicKey* DecodePublicKeyInfo(const uint8_t* public_key_info, 121 int public_key_info_len); 122 #endif 123 124 void Reset(); 125 126 std::vector<uint8_t> signature_; 127 128 #if defined(USE_OPENSSL) 129 struct VerifyContext; 130 VerifyContext* verify_context_; 131 #else 132 // Used for all signature types except RSA-PSS. 133 VFYContext* vfy_context_; 134 135 // Used for RSA-PSS signatures. 136 HashAlgorithm hash_alg_; 137 HashAlgorithm mask_hash_alg_; 138 unsigned int salt_len_; 139 SECKEYPublicKey* public_key_; 140 HASHContext* hash_context_; 141 #endif 142 }; 143 144 } // namespace crypto 145 146 #endif // CRYPTO_SIGNATURE_VERIFIER_H_ 147