base/crypto/signature_verifier.h

   1 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef BASE_CRYPTO_SIGNATURE_VERIFIER_H_
   6 #define BASE_CRYPTO_SIGNATURE_VERIFIER_H_
   7
   8 #include "build/build_config.h"
   9
  10 #if defined(USE_NSS)
  11 #include <cryptoht.h>
  12 #elif defined(OS_MACOSX)
  13 #include <Security/cssm.h>
  14 #elif defined(OS_WIN)
  15 #include <windows.h>
  16 #include <wincrypt.h>
  17 #endif
  18
  19 #include <vector>
  20
  21 #include "base/basictypes.h"
  22
  23 namespace base {
  24
  25 // The SignatureVerifier class verifies a signature using a bare public key
  26 // (as opposed to a certificate).
  27 class SignatureVerifier {
  28  public:
  29   SignatureVerifier();
  30   ~SignatureVerifier();
  31
  32   // Streaming interface:
  33
  34   // Initiates a signature verification operation.  This should be followed
  35   // by one or more VerifyUpdate calls and a VerifyFinal call.
  36   //
  37   // The signature algorithm is specified as a DER encoded ASN.1
  38   // AlgorithmIdentifier structure:
  39   //   AlgorithmIdentifier  ::=  SEQUENCE  {
  40   //       algorithm               OBJECT IDENTIFIER,
  41   //       parameters              ANY DEFINED BY algorithm OPTIONAL  }
  42   //
  43   // The signature is encoded according to the signature algorithm, but it
  44   // must not be further encoded in an ASN.1 BIT STRING.
  45   // Note: An RSA signatures is actually a big integer.  It must be in the
  46   // big-endian byte order.
  47   //
  48   // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo
  49   // structure, which contains not only the public key but also its type
  50   // (algorithm):
  51   //   SubjectPublicKeyInfo  ::=  SEQUENCE  {
  52   //       algorithm            AlgorithmIdentifier,
  53   //       subjectPublicKey     BIT STRING  }
  54   bool VerifyInit(const uint8* signature_algorithm,
  55                   int signature_algorithm_len,
  56                   const uint8* signature,
  57                   int signature_len,
  58                   const uint8* public_key_info,
  59                   int public_key_info_len);
  60
  61   // Feeds a piece of the data to the signature verifier.
  62   void VerifyUpdate(const uint8* data_part, int data_part_len);
  63
  64   // Concludes a signature verification operation.  Returns true if the
  65   // signature is valid.  Returns false if the signature is invalid or an
  66   // error occurred.
  67   bool VerifyFinal();
  68
  69   // Note: we can provide a one-shot interface if there is interest:
  70   //   bool Verify(const uint8* data,
  71   //               int data_len,
  72   //               const uint8* signature_algorithm,
  73   //               int signature_algorithm_len,
  74   //               const uint8* signature,
  75   //               int signature_len,
  76   //               const uint8* public_key_info,
  77   //               int public_key_info_len);
  78
  79  private:
  80   void Reset();
  81
  82   std::vector<uint8> signature_;
  83
  84 #if defined(USE_NSS)
  85   VFYContext* vfy_context_;
  86 #elif defined(OS_MACOSX)
  87   std::vector<uint8> public_key_info_;
  88
  89   CSSM_CSP_HANDLE csp_handle_;
  90
  91   CSSM_CC_HANDLE sig_handle_;
  92
  93   CSSM_KEY public_key_;
  94 #elif defined(OS_WIN)
  95   HCRYPTPROV provider_;
  96
  97   HCRYPTHASH hash_object_;
  98
  99   HCRYPTKEY public_key_;
 100 #endif
 101 };
 102
 103 }  // namespace base
 104
 105 #endif  // BASE_CRYPTO_SIGNATURE_VERIFIER_H_