• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef BASE_CRYPTO_SIGNATURE_VERIFIER_H_
6 #define BASE_CRYPTO_SIGNATURE_VERIFIER_H_
7 
8 #include "build/build_config.h"
9 
10 #if defined(USE_NSS)
11 #include <cryptoht.h>
12 #elif defined(OS_MACOSX)
13 #include <Security/cssm.h>
14 #elif defined(OS_WIN)
15 #include <windows.h>
16 #include <wincrypt.h>
17 #endif
18 
19 #include <vector>
20 
21 #include "base/basictypes.h"
22 
23 namespace base {
24 
25 // The SignatureVerifier class verifies a signature using a bare public key
26 // (as opposed to a certificate).
27 class SignatureVerifier {
28  public:
29   SignatureVerifier();
30   ~SignatureVerifier();
31 
32   // Streaming interface:
33 
34   // Initiates a signature verification operation.  This should be followed
35   // by one or more VerifyUpdate calls and a VerifyFinal call.
36   //
37   // The signature algorithm is specified as a DER encoded ASN.1
38   // AlgorithmIdentifier structure:
39   //   AlgorithmIdentifier  ::=  SEQUENCE  {
40   //       algorithm               OBJECT IDENTIFIER,
41   //       parameters              ANY DEFINED BY algorithm OPTIONAL  }
42   //
43   // The signature is encoded according to the signature algorithm, but it
44   // must not be further encoded in an ASN.1 BIT STRING.
45   // Note: An RSA signatures is actually a big integer.  It must be in the
46   // big-endian byte order.
47   //
48   // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo
49   // structure, which contains not only the public key but also its type
50   // (algorithm):
51   //   SubjectPublicKeyInfo  ::=  SEQUENCE  {
52   //       algorithm            AlgorithmIdentifier,
53   //       subjectPublicKey     BIT STRING  }
54   bool VerifyInit(const uint8* signature_algorithm,
55                   int signature_algorithm_len,
56                   const uint8* signature,
57                   int signature_len,
58                   const uint8* public_key_info,
59                   int public_key_info_len);
60 
61   // Feeds a piece of the data to the signature verifier.
62   void VerifyUpdate(const uint8* data_part, int data_part_len);
63 
64   // Concludes a signature verification operation.  Returns true if the
65   // signature is valid.  Returns false if the signature is invalid or an
66   // error occurred.
67   bool VerifyFinal();
68 
69   // Note: we can provide a one-shot interface if there is interest:
70   //   bool Verify(const uint8* data,
71   //               int data_len,
72   //               const uint8* signature_algorithm,
73   //               int signature_algorithm_len,
74   //               const uint8* signature,
75   //               int signature_len,
76   //               const uint8* public_key_info,
77   //               int public_key_info_len);
78 
79  private:
80   void Reset();
81 
82   std::vector<uint8> signature_;
83 
84 #if defined(USE_NSS)
85   VFYContext* vfy_context_;
86 #elif defined(OS_MACOSX)
87   std::vector<uint8> public_key_info_;
88 
89   CSSM_CSP_HANDLE csp_handle_;
90 
91   CSSM_CC_HANDLE sig_handle_;
92 
93   CSSM_KEY public_key_;
94 #elif defined(OS_WIN)
95   HCRYPTPROV provider_;
96 
97   HCRYPTHASH hash_object_;
98 
99   HCRYPTKEY public_key_;
100 #endif
101 };
102 
103 }  // namespace base
104 
105 #endif  // BASE_CRYPTO_SIGNATURE_VERIFIER_H_
106