1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CRYPTO_SIGNATURE_VERIFIER_H_ 6 #define CRYPTO_SIGNATURE_VERIFIER_H_ 7 #pragma once 8 9 #include "build/build_config.h" 10 11 #if defined(USE_NSS) 12 #include <cryptoht.h> 13 #elif defined(OS_MACOSX) 14 #include <Security/cssm.h> 15 #endif 16 17 #include <vector> 18 19 #include "base/basictypes.h" 20 21 #if defined(OS_WIN) 22 #include "crypto/scoped_capi_types.h" 23 #endif 24 25 namespace crypto { 26 27 // The SignatureVerifier class verifies a signature using a bare public key 28 // (as opposed to a certificate). 29 class SignatureVerifier { 30 public: 31 SignatureVerifier(); 32 ~SignatureVerifier(); 33 34 // Streaming interface: 35 36 // Initiates a signature verification operation. This should be followed 37 // by one or more VerifyUpdate calls and a VerifyFinal call. 38 // 39 // The signature algorithm is specified as a DER encoded ASN.1 40 // AlgorithmIdentifier structure: 41 // AlgorithmIdentifier ::= SEQUENCE { 42 // algorithm OBJECT IDENTIFIER, 43 // parameters ANY DEFINED BY algorithm OPTIONAL } 44 // 45 // The signature is encoded according to the signature algorithm, but it 46 // must not be further encoded in an ASN.1 BIT STRING. 47 // Note: An RSA signatures is actually a big integer. It must be in the 48 // big-endian byte order. 49 // 50 // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo 51 // structure, which contains not only the public key but also its type 52 // (algorithm): 53 // SubjectPublicKeyInfo ::= SEQUENCE { 54 // algorithm AlgorithmIdentifier, 55 // subjectPublicKey BIT STRING } 56 bool VerifyInit(const uint8* signature_algorithm, 57 int signature_algorithm_len, 58 const uint8* signature, 59 int signature_len, 60 const uint8* public_key_info, 61 int public_key_info_len); 62 63 // Feeds a piece of the data to the signature verifier. 64 void VerifyUpdate(const uint8* data_part, int data_part_len); 65 66 // Concludes a signature verification operation. Returns true if the 67 // signature is valid. Returns false if the signature is invalid or an 68 // error occurred. 69 bool VerifyFinal(); 70 71 // Note: we can provide a one-shot interface if there is interest: 72 // bool Verify(const uint8* data, 73 // int data_len, 74 // const uint8* signature_algorithm, 75 // int signature_algorithm_len, 76 // const uint8* signature, 77 // int signature_len, 78 // const uint8* public_key_info, 79 // int public_key_info_len); 80 81 private: 82 void Reset(); 83 84 std::vector<uint8> signature_; 85 86 #if defined(USE_OPENSSL) 87 struct VerifyContext; 88 VerifyContext* verify_context_; 89 #elif defined(USE_NSS) 90 VFYContext* vfy_context_; 91 #elif defined(OS_MACOSX) 92 std::vector<uint8> public_key_info_; 93 94 CSSM_CC_HANDLE sig_handle_; 95 96 CSSM_KEY public_key_; 97 #elif defined(OS_WIN) 98 ScopedHCRYPTPROV provider_; 99 100 ScopedHCRYPTHASH hash_object_; 101 102 ScopedHCRYPTKEY public_key_; 103 #endif 104 }; 105 106 } // namespace crypto 107 108 #endif // CRYPTO_SIGNATURE_VERIFIER_H_ 109
