crypto/signature_verifier.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CRYPTO_SIGNATURE_VERIFIER_H_
   6 #define CRYPTO_SIGNATURE_VERIFIER_H_
   7
   8 #include "build/build_config.h"
   9
  10 #include <vector>
  11
  12 #include "base/basictypes.h"
  13 #include "crypto/crypto_export.h"
  14
  15 #if !defined(USE_OPENSSL)
  16 typedef struct VFYContextStr VFYContext;
  17 #endif
  18
  19 namespace crypto {
  20
  21 // The SignatureVerifier class verifies a signature using a bare public key
  22 // (as opposed to a certificate).
  23 class CRYPTO_EXPORT SignatureVerifier {
  24  public:
  25   SignatureVerifier();
  26   ~SignatureVerifier();
  27
  28   // Streaming interface:
  29
  30   // Initiates a signature verification operation.  This should be followed
  31   // by one or more VerifyUpdate calls and a VerifyFinal call.
  32   //
  33   // The signature algorithm is specified as a DER encoded ASN.1
  34   // AlgorithmIdentifier structure:
  35   //   AlgorithmIdentifier  ::=  SEQUENCE  {
  36   //       algorithm               OBJECT IDENTIFIER,
  37   //       parameters              ANY DEFINED BY algorithm OPTIONAL  }
  38   //
  39   // The signature is encoded according to the signature algorithm, but it
  40   // must not be further encoded in an ASN.1 BIT STRING.
  41   // Note: An RSA signatures is actually a big integer.  It must be in the
  42   // big-endian byte order.
  43   //
  44   // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo
  45   // structure, which contains not only the public key but also its type
  46   // (algorithm):
  47   //   SubjectPublicKeyInfo  ::=  SEQUENCE  {
  48   //       algorithm            AlgorithmIdentifier,
  49   //       subjectPublicKey     BIT STRING  }
  50   bool VerifyInit(const uint8* signature_algorithm,
  51                   int signature_algorithm_len,
  52                   const uint8* signature,
  53                   int signature_len,
  54                   const uint8* public_key_info,
  55                   int public_key_info_len);
  56
  57   // Feeds a piece of the data to the signature verifier.
  58   void VerifyUpdate(const uint8* data_part, int data_part_len);
  59
  60   // Concludes a signature verification operation.  Returns true if the
  61   // signature is valid.  Returns false if the signature is invalid or an
  62   // error occurred.
  63   bool VerifyFinal();
  64
  65   // Note: we can provide a one-shot interface if there is interest:
  66   //   bool Verify(const uint8* data,
  67   //               int data_len,
  68   //               const uint8* signature_algorithm,
  69   //               int signature_algorithm_len,
  70   //               const uint8* signature,
  71   //               int signature_len,
  72   //               const uint8* public_key_info,
  73   //               int public_key_info_len);
  74
  75  private:
  76   void Reset();
  77
  78   std::vector<uint8> signature_;
  79
  80 #if defined(USE_OPENSSL)
  81   struct VerifyContext;
  82   VerifyContext* verify_context_;
  83 #else
  84   VFYContext* vfy_context_;
  85 #endif
  86 };
  87
  88 }  // namespace crypto
  89
  90 #endif  // CRYPTO_SIGNATURE_VERIFIER_H_