crypto/signature_verifier.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CRYPTO_SIGNATURE_VERIFIER_H_
   6 #define CRYPTO_SIGNATURE_VERIFIER_H_
   7
   8 #include "build/build_config.h"
   9
  10 #include <vector>
  11
  12 #include "base/basictypes.h"
  13 #include "crypto/crypto_export.h"
  14
  15 #if defined(USE_OPENSSL)
  16 typedef struct env_md_st EVP_MD;
  17 typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
  18 #else
  19 typedef struct HASHContextStr HASHContext;
  20 typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
  21 typedef struct VFYContextStr VFYContext;
  22 #endif
  23
  24 namespace crypto {
  25
  26 // The SignatureVerifier class verifies a signature using a bare public key
  27 // (as opposed to a certificate).
  28 class CRYPTO_EXPORT SignatureVerifier {
  29  public:
  30   // The set of supported hash functions. Extend as required.
  31   enum HashAlgorithm {
  32     SHA1,
  33     SHA256,
  34   };
  35
  36   SignatureVerifier();
  37   ~SignatureVerifier();
  38
  39   // Streaming interface:
  40
  41   // Initiates a signature verification operation.  This should be followed
  42   // by one or more VerifyUpdate calls and a VerifyFinal call.
  43   // NOTE: for RSA-PSS signatures, use VerifyInitRSAPSS instead.
  44   //
  45   // The signature algorithm is specified as a DER encoded ASN.1
  46   // AlgorithmIdentifier structure:
  47   //   AlgorithmIdentifier  ::=  SEQUENCE  {
  48   //       algorithm               OBJECT IDENTIFIER,
  49   //       parameters              ANY DEFINED BY algorithm OPTIONAL  }
  50   //
  51   // The signature is encoded according to the signature algorithm, but it
  52   // must not be further encoded in an ASN.1 BIT STRING.
  53   // Note: An RSA signature is actually a big integer.  It must be in
  54   // big-endian byte order.
  55   //
  56   // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo
  57   // structure, which contains not only the public key but also its type
  58   // (algorithm):
  59   //   SubjectPublicKeyInfo  ::=  SEQUENCE  {
  60   //       algorithm            AlgorithmIdentifier,
  61   //       subjectPublicKey     BIT STRING  }
  62   bool VerifyInit(const uint8* signature_algorithm,
  63                   int signature_algorithm_len,
  64                   const uint8* signature,
  65                   int signature_len,
  66                   const uint8* public_key_info,
  67                   int public_key_info_len);
  68
  69   // Initiates a RSA-PSS signature verification operation.  This should be
  70   // followed by one or more VerifyUpdate calls and a VerifyFinal call.
  71   //
  72   // The RSA-PSS signature algorithm parameters are specified with the
  73   // |hash_alg|, |mask_hash_alg|, and |salt_len| arguments.
  74   //
  75   // An RSA-PSS signature is a nonnegative integer encoded as a byte string
  76   // (of the same length as the RSA modulus) in big-endian byte order. It
  77   // must not be further encoded in an ASN.1 BIT STRING.
  78   //
  79   // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo
  80   // structure, which contains not only the public key but also its type
  81   // (algorithm):
  82   //   SubjectPublicKeyInfo  ::=  SEQUENCE  {
  83   //       algorithm            AlgorithmIdentifier,
  84   //       subjectPublicKey     BIT STRING  }
  85   bool VerifyInitRSAPSS(HashAlgorithm hash_alg,
  86                         HashAlgorithm mask_hash_alg,
  87                         int salt_len,
  88                         const uint8* signature,
  89                         int signature_len,
  90                         const uint8* public_key_info,
  91                         int public_key_info_len);
  92
  93   // Feeds a piece of the data to the signature verifier.
  94   void VerifyUpdate(const uint8* data_part, int data_part_len);
  95
  96   // Concludes a signature verification operation.  Returns true if the
  97   // signature is valid.  Returns false if the signature is invalid or an
  98   // error occurred.
  99   bool VerifyFinal();
 100
 101   // Note: we can provide a one-shot interface if there is interest:
 102   //   bool Verify(const uint8* data,
 103   //               int data_len,
 104   //               const uint8* signature_algorithm,
 105   //               int signature_algorithm_len,
 106   //               const uint8* signature,
 107   //               int signature_len,
 108   //               const uint8* public_key_info,
 109   //               int public_key_info_len);
 110
 111  private:
 112 #if defined(USE_OPENSSL)
 113   bool CommonInit(const EVP_MD* digest,
 114                   const uint8* signature,
 115                   int signature_len,
 116                   const uint8* public_key_info,
 117                   int public_key_info_len,
 118                   EVP_PKEY_CTX** pkey_ctx);
 119 #else
 120   static SECKEYPublicKey* DecodePublicKeyInfo(const uint8* public_key_info,
 121                                               int public_key_info_len);
 122 #endif
 123
 124   void Reset();
 125
 126   std::vector<uint8> signature_;
 127
 128 #if defined(USE_OPENSSL)
 129   struct VerifyContext;
 130   VerifyContext* verify_context_;
 131 #else
 132   // Used for all signature types except RSA-PSS.
 133   VFYContext* vfy_context_;
 134
 135   // Used for RSA-PSS signatures.
 136   HashAlgorithm hash_alg_;
 137   HashAlgorithm mask_hash_alg_;
 138   unsigned int salt_len_;
 139   SECKEYPublicKey* public_key_;
 140   HASHContext* hash_context_;
 141 #endif
 142 };
 143
 144 }  // namespace crypto
 145
 146 #endif  // CRYPTO_SIGNATURE_VERIFIER_H_