crypto/signature_verifier.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CRYPTO_SIGNATURE_VERIFIER_H_
   6 #define CRYPTO_SIGNATURE_VERIFIER_H_
   7 #pragma once
   8
   9 #include "build/build_config.h"
  10
  11 #include <vector>
  12
  13 #include "base/basictypes.h"
  14 #include "crypto/crypto_export.h"
  15
  16 #if !defined(USE_OPENSSL)
  17 typedef struct VFYContextStr VFYContext;
  18 #endif
  19
  20 namespace crypto {
  21
  22 // The SignatureVerifier class verifies a signature using a bare public key
  23 // (as opposed to a certificate).
  24 class CRYPTO_EXPORT SignatureVerifier {
  25  public:
  26   SignatureVerifier();
  27   ~SignatureVerifier();
  28
  29   // Streaming interface:
  30
  31   // Initiates a signature verification operation.  This should be followed
  32   // by one or more VerifyUpdate calls and a VerifyFinal call.
  33   //
  34   // The signature algorithm is specified as a DER encoded ASN.1
  35   // AlgorithmIdentifier structure:
  36   //   AlgorithmIdentifier  ::=  SEQUENCE  {
  37   //       algorithm               OBJECT IDENTIFIER,
  38   //       parameters              ANY DEFINED BY algorithm OPTIONAL  }
  39   //
  40   // The signature is encoded according to the signature algorithm, but it
  41   // must not be further encoded in an ASN.1 BIT STRING.
  42   // Note: An RSA signatures is actually a big integer.  It must be in the
  43   // big-endian byte order.
  44   //
  45   // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo
  46   // structure, which contains not only the public key but also its type
  47   // (algorithm):
  48   //   SubjectPublicKeyInfo  ::=  SEQUENCE  {
  49   //       algorithm            AlgorithmIdentifier,
  50   //       subjectPublicKey     BIT STRING  }
  51   bool VerifyInit(const uint8* signature_algorithm,
  52                   int signature_algorithm_len,
  53                   const uint8* signature,
  54                   int signature_len,
  55                   const uint8* public_key_info,
  56                   int public_key_info_len);
  57
  58   // Feeds a piece of the data to the signature verifier.
  59   void VerifyUpdate(const uint8* data_part, int data_part_len);
  60
  61   // Concludes a signature verification operation.  Returns true if the
  62   // signature is valid.  Returns false if the signature is invalid or an
  63   // error occurred.
  64   bool VerifyFinal();
  65
  66   // Note: we can provide a one-shot interface if there is interest:
  67   //   bool Verify(const uint8* data,
  68   //               int data_len,
  69   //               const uint8* signature_algorithm,
  70   //               int signature_algorithm_len,
  71   //               const uint8* signature,
  72   //               int signature_len,
  73   //               const uint8* public_key_info,
  74   //               int public_key_info_len);
  75
  76  private:
  77   void Reset();
  78
  79   std::vector<uint8> signature_;
  80
  81 #if defined(USE_OPENSSL)
  82   struct VerifyContext;
  83   VerifyContext* verify_context_;
  84 #else
  85   VFYContext* vfy_context_;
  86 #endif
  87 };
  88
  89 }  // namespace crypto
  90
  91 #endif  // CRYPTO_SIGNATURE_VERIFIER_H_