• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CRYPTO_SIGNATURE_VERIFIER_H_
6 #define CRYPTO_SIGNATURE_VERIFIER_H_
7 #pragma once
8 
9 #include "build/build_config.h"
10 
11 #if defined(USE_NSS)
12 #include <cryptoht.h>
13 #elif defined(OS_MACOSX)
14 #include <Security/cssm.h>
15 #endif
16 
17 #include <vector>
18 
19 #include "base/basictypes.h"
20 
21 #if defined(OS_WIN)
22 #include "crypto/scoped_capi_types.h"
23 #endif
24 
25 namespace crypto {
26 
27 // The SignatureVerifier class verifies a signature using a bare public key
28 // (as opposed to a certificate).
29 class SignatureVerifier {
30  public:
31   SignatureVerifier();
32   ~SignatureVerifier();
33 
34   // Streaming interface:
35 
36   // Initiates a signature verification operation.  This should be followed
37   // by one or more VerifyUpdate calls and a VerifyFinal call.
38   //
39   // The signature algorithm is specified as a DER encoded ASN.1
40   // AlgorithmIdentifier structure:
41   //   AlgorithmIdentifier  ::=  SEQUENCE  {
42   //       algorithm               OBJECT IDENTIFIER,
43   //       parameters              ANY DEFINED BY algorithm OPTIONAL  }
44   //
45   // The signature is encoded according to the signature algorithm, but it
46   // must not be further encoded in an ASN.1 BIT STRING.
47   // Note: An RSA signatures is actually a big integer.  It must be in the
48   // big-endian byte order.
49   //
50   // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo
51   // structure, which contains not only the public key but also its type
52   // (algorithm):
53   //   SubjectPublicKeyInfo  ::=  SEQUENCE  {
54   //       algorithm            AlgorithmIdentifier,
55   //       subjectPublicKey     BIT STRING  }
56   bool VerifyInit(const uint8* signature_algorithm,
57                   int signature_algorithm_len,
58                   const uint8* signature,
59                   int signature_len,
60                   const uint8* public_key_info,
61                   int public_key_info_len);
62 
63   // Feeds a piece of the data to the signature verifier.
64   void VerifyUpdate(const uint8* data_part, int data_part_len);
65 
66   // Concludes a signature verification operation.  Returns true if the
67   // signature is valid.  Returns false if the signature is invalid or an
68   // error occurred.
69   bool VerifyFinal();
70 
71   // Note: we can provide a one-shot interface if there is interest:
72   //   bool Verify(const uint8* data,
73   //               int data_len,
74   //               const uint8* signature_algorithm,
75   //               int signature_algorithm_len,
76   //               const uint8* signature,
77   //               int signature_len,
78   //               const uint8* public_key_info,
79   //               int public_key_info_len);
80 
81  private:
82   void Reset();
83 
84   std::vector<uint8> signature_;
85 
86 #if defined(USE_OPENSSL)
87   struct VerifyContext;
88   VerifyContext* verify_context_;
89 #elif defined(USE_NSS)
90   VFYContext* vfy_context_;
91 #elif defined(OS_MACOSX)
92   std::vector<uint8> public_key_info_;
93 
94   CSSM_CC_HANDLE sig_handle_;
95 
96   CSSM_KEY public_key_;
97 #elif defined(OS_WIN)
98   ScopedHCRYPTPROV provider_;
99 
100   ScopedHCRYPTHASH hash_object_;
101 
102   ScopedHCRYPTKEY public_key_;
103 #endif
104 };
105 
106 }  // namespace crypto
107 
108 #endif  // CRYPTO_SIGNATURE_VERIFIER_H_
109