crypto/signature_verifier.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CRYPTO_SIGNATURE_VERIFIER_H_
   6 #define CRYPTO_SIGNATURE_VERIFIER_H_
   7
   8 #include <vector>
   9
  10 #include "build/build_config.h"
  11 #include "base/basictypes.h"
  12 #include "crypto/crypto_export.h"
  13
  14 #if defined(USE_OPENSSL)
  15 typedef struct env_md_st EVP_MD;
  16 typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
  17 #else
  18 typedef struct HASHContextStr HASHContext;
  19 typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
  20 typedef struct VFYContextStr VFYContext;
  21 #endif
  22
  23 namespace crypto {
  24
  25 // The SignatureVerifier class verifies a signature using a bare public key
  26 // (as opposed to a certificate).
  27 class CRYPTO_EXPORT SignatureVerifier {
  28  public:
  29   // The set of supported hash functions. Extend as required.
  30   enum HashAlgorithm {
  31     SHA1,
  32     SHA256,
  33   };
  34
  35   SignatureVerifier();
  36   ~SignatureVerifier();
  37
  38   // Streaming interface:
  39
  40   // Initiates a signature verification operation.  This should be followed
  41   // by one or more VerifyUpdate calls and a VerifyFinal call.
  42   // NOTE: for RSA-PSS signatures, use VerifyInitRSAPSS instead.
  43   //
  44   // The signature algorithm is specified as a DER encoded ASN.1
  45   // AlgorithmIdentifier structure:
  46   //   AlgorithmIdentifier  ::=  SEQUENCE  {
  47   //       algorithm               OBJECT IDENTIFIER,
  48   //       parameters              ANY DEFINED BY algorithm OPTIONAL  }
  49   //
  50   // The signature is encoded according to the signature algorithm, but it
  51   // must not be further encoded in an ASN.1 BIT STRING.
  52   // Note: An RSA signature is actually a big integer.  It must be in
  53   // big-endian byte order.
  54   //
  55   // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo
  56   // structure, which contains not only the public key but also its type
  57   // (algorithm):
  58   //   SubjectPublicKeyInfo  ::=  SEQUENCE  {
  59   //       algorithm            AlgorithmIdentifier,
  60   //       subjectPublicKey     BIT STRING  }
  61   bool VerifyInit(const uint8* signature_algorithm,
  62                   int signature_algorithm_len,
  63                   const uint8* signature,
  64                   int signature_len,
  65                   const uint8* public_key_info,
  66                   int public_key_info_len);
  67
  68   // Initiates a RSA-PSS signature verification operation.  This should be
  69   // followed by one or more VerifyUpdate calls and a VerifyFinal call.
  70   //
  71   // The RSA-PSS signature algorithm parameters are specified with the
  72   // |hash_alg|, |mask_hash_alg|, and |salt_len| arguments.
  73   //
  74   // An RSA-PSS signature is a nonnegative integer encoded as a byte string
  75   // (of the same length as the RSA modulus) in big-endian byte order. It
  76   // must not be further encoded in an ASN.1 BIT STRING.
  77   //
  78   // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo
  79   // structure, which contains not only the public key but also its type
  80   // (algorithm):
  81   //   SubjectPublicKeyInfo  ::=  SEQUENCE  {
  82   //       algorithm            AlgorithmIdentifier,
  83   //       subjectPublicKey     BIT STRING  }
  84   bool VerifyInitRSAPSS(HashAlgorithm hash_alg,
  85                         HashAlgorithm mask_hash_alg,
  86                         int salt_len,
  87                         const uint8* signature,
  88                         int signature_len,
  89                         const uint8* public_key_info,
  90                         int public_key_info_len);
  91
  92   // Feeds a piece of the data to the signature verifier.
  93   void VerifyUpdate(const uint8* data_part, int data_part_len);
  94
  95   // Concludes a signature verification operation.  Returns true if the
  96   // signature is valid.  Returns false if the signature is invalid or an
  97   // error occurred.
  98   bool VerifyFinal();
  99
 100   // Note: we can provide a one-shot interface if there is interest:
 101   //   bool Verify(const uint8* data,
 102   //               int data_len,
 103   //               const uint8* signature_algorithm,
 104   //               int signature_algorithm_len,
 105   //               const uint8* signature,
 106   //               int signature_len,
 107   //               const uint8* public_key_info,
 108   //               int public_key_info_len);
 109
 110  private:
 111 #if defined(USE_OPENSSL)
 112   bool CommonInit(const EVP_MD* digest,
 113                   const uint8* signature,
 114                   int signature_len,
 115                   const uint8* public_key_info,
 116                   int public_key_info_len,
 117                   EVP_PKEY_CTX** pkey_ctx);
 118 #else
 119   static SECKEYPublicKey* DecodePublicKeyInfo(const uint8* public_key_info,
 120                                               int public_key_info_len);
 121 #endif
 122
 123   void Reset();
 124
 125   std::vector<uint8> signature_;
 126
 127 #if defined(USE_OPENSSL)
 128   struct VerifyContext;
 129   VerifyContext* verify_context_;
 130 #else
 131   // Used for all signature types except RSA-PSS.
 132   VFYContext* vfy_context_;
 133
 134   // Used for RSA-PSS signatures.
 135   HashAlgorithm hash_alg_;
 136   HashAlgorithm mask_hash_alg_;
 137   unsigned int salt_len_;
 138   SECKEYPublicKey* public_key_;
 139   HASHContext* hash_context_;
 140 #endif
 141 };
 142
 143 }  // namespace crypto
 144
 145 #endif  // CRYPTO_SIGNATURE_VERIFIER_H_