Home | History | Annotate | Download | only in crypto 
      1 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef BASE_CRYPTO_SIGNATURE_VERIFIER_H_
      6 #define BASE_CRYPTO_SIGNATURE_VERIFIER_H_
      7 
      8 #include "build/build_config.h"
      9 
     10 #if defined(USE_NSS)
     11 #include <cryptoht.h>
     12 #elif defined(OS_MACOSX)
     13 #include <Security/cssm.h>
     14 #elif defined(OS_WIN)
     15 #include <windows.h>
     16 #include <wincrypt.h>
     17 #endif
     18 
     19 #include <vector>
     20 
     21 #include "base/basictypes.h"
     22 
     23 namespace base {
     24 
     25 // The SignatureVerifier class verifies a signature using a bare public key
     26 // (as opposed to a certificate).
     27 class SignatureVerifier {
     28  public:
     29   SignatureVerifier();
     30   ~SignatureVerifier();
     31 
     32   // Streaming interface:
     33 
     34   // Initiates a signature verification operation.  This should be followed
     35   // by one or more VerifyUpdate calls and a VerifyFinal call.
     36   //
     37   // The signature algorithm is specified as a DER encoded ASN.1
     38   // AlgorithmIdentifier structure:
     39   //   AlgorithmIdentifier  ::=  SEQUENCE  {
     40   //       algorithm               OBJECT IDENTIFIER,
     41   //       parameters              ANY DEFINED BY algorithm OPTIONAL  }
     42   //
     43   // The signature is encoded according to the signature algorithm, but it
     44   // must not be further encoded in an ASN.1 BIT STRING.
     45   // Note: An RSA signatures is actually a big integer.  It must be in the
     46   // big-endian byte order.
     47   //
     48   // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo
     49   // structure, which contains not only the public key but also its type
     50   // (algorithm):
     51   //   SubjectPublicKeyInfo  ::=  SEQUENCE  {
     52   //       algorithm            AlgorithmIdentifier,
     53   //       subjectPublicKey     BIT STRING  }
     54   bool VerifyInit(const uint8* signature_algorithm,
     55                   int signature_algorithm_len,
     56                   const uint8* signature,
     57                   int signature_len,
     58                   const uint8* public_key_info,
     59                   int public_key_info_len);
     60 
     61   // Feeds a piece of the data to the signature verifier.
     62   void VerifyUpdate(const uint8* data_part, int data_part_len);
     63 
     64   // Concludes a signature verification operation.  Returns true if the
     65   // signature is valid.  Returns false if the signature is invalid or an
     66   // error occurred.
     67   bool VerifyFinal();
     68 
     69   // Note: we can provide a one-shot interface if there is interest:
     70   //   bool Verify(const uint8* data,
     71   //               int data_len,
     72   //               const uint8* signature_algorithm,
     73   //               int signature_algorithm_len,
     74   //               const uint8* signature,
     75   //               int signature_len,
     76   //               const uint8* public_key_info,
     77   //               int public_key_info_len);
     78 
     79  private:
     80   void Reset();
     81 
     82   std::vector<uint8> signature_;
     83 
     84 #if defined(USE_NSS)
     85   VFYContext* vfy_context_;
     86 #elif defined(OS_MACOSX)
     87   std::vector<uint8> public_key_info_;
     88 
     89   CSSM_CSP_HANDLE csp_handle_;
     90 
     91   CSSM_CC_HANDLE sig_handle_;
     92 
     93   CSSM_KEY public_key_;
     94 #elif defined(OS_WIN)
     95   HCRYPTPROV provider_;
     96 
     97   HCRYPTHASH hash_object_;
     98 
     99   HCRYPTKEY public_key_;
    100 #endif
    101 };
    102 
    103 }  // namespace base
    104 
    105 #endif  // BASE_CRYPTO_SIGNATURE_VERIFIER_H_
    106