1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CRYPTO_SIGNATURE_VERIFIER_H_ 6 #define CRYPTO_SIGNATURE_VERIFIER_H_ 7 8 #include <stdint.h> 9 10 #include <memory> 11 #include <vector> 12 13 #include "build/build_config.h" 14 #include "crypto/crypto_export.h" 15 16 typedef struct env_md_st EVP_MD; 17 typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; 18 19 namespace crypto { 20 21 // The SignatureVerifier class verifies a signature using a bare public key 22 // (as opposed to a certificate). 23 class CRYPTO_EXPORT SignatureVerifier { 24 public: 25 // The set of supported hash functions. Extend as required. 26 enum HashAlgorithm { 27 SHA1, 28 SHA256, 29 }; 30 31 // The set of supported signature algorithms. Extend as required. 32 enum SignatureAlgorithm { 33 RSA_PKCS1_SHA1, 34 RSA_PKCS1_SHA256, 35 ECDSA_SHA256, 36 }; 37 38 SignatureVerifier(); 39 ~SignatureVerifier(); 40 41 // Streaming interface: 42 43 // Initiates a signature verification operation. This should be followed 44 // by one or more VerifyUpdate calls and a VerifyFinal call. 45 // NOTE: for RSA-PSS signatures, use VerifyInitRSAPSS instead. 46 // 47 // The signature is encoded according to the signature algorithm. 48 // 49 // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo 50 // structure, which contains not only the public key but also its type 51 // (algorithm): 52 // SubjectPublicKeyInfo ::= SEQUENCE { 53 // algorithm AlgorithmIdentifier, 54 // subjectPublicKey BIT STRING } 55 bool VerifyInit(SignatureAlgorithm signature_algorithm, 56 const uint8_t* signature, 57 int signature_len, 58 const uint8_t* public_key_info, 59 int public_key_info_len); 60 61 // Initiates a RSA-PSS signature verification operation. This should be 62 // followed by one or more VerifyUpdate calls and a VerifyFinal call. 63 // 64 // The RSA-PSS signature algorithm parameters are specified with the 65 // |hash_alg|, |mask_hash_alg|, and |salt_len| arguments. 66 // 67 // An RSA-PSS signature is a nonnegative integer encoded as a byte string 68 // (of the same length as the RSA modulus) in big-endian byte order. It 69 // must not be further encoded in an ASN.1 BIT STRING. 70 // 71 // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo 72 // structure, which contains not only the public key but also its type 73 // (algorithm): 74 // SubjectPublicKeyInfo ::= SEQUENCE { 75 // algorithm AlgorithmIdentifier, 76 // subjectPublicKey BIT STRING } 77 bool VerifyInitRSAPSS(HashAlgorithm hash_alg, 78 HashAlgorithm mask_hash_alg, 79 int salt_len, 80 const uint8_t* signature, 81 int signature_len, 82 const uint8_t* public_key_info, 83 int public_key_info_len); 84 85 // Feeds a piece of the data to the signature verifier. 86 void VerifyUpdate(const uint8_t* data_part, int data_part_len); 87 88 // Concludes a signature verification operation. Returns true if the 89 // signature is valid. Returns false if the signature is invalid or an 90 // error occurred. 91 bool VerifyFinal(); 92 93 private: 94 bool CommonInit(int pkey_type, 95 const EVP_MD* digest, 96 const uint8_t* signature, 97 int signature_len, 98 const uint8_t* public_key_info, 99 int public_key_info_len, 100 EVP_PKEY_CTX** pkey_ctx); 101 102 void Reset(); 103 104 std::vector<uint8_t> signature_; 105 106 struct VerifyContext; 107 std::unique_ptr<VerifyContext> verify_context_; 108 }; 109 110 } // namespace crypto 111 112 #endif // CRYPTO_SIGNATURE_VERIFIER_H_ 113