base/crypto/signature_verifier.h

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef BASE_CRYPTO_SIGNATURE_VERIFIER_H_
   6 #define BASE_CRYPTO_SIGNATURE_VERIFIER_H_
   7 #pragma once
   8
   9 #include "build/build_config.h"
  10
  11 #if defined(USE_NSS)
  12 #include <cryptoht.h>
  13 #elif defined(OS_MACOSX)
  14 #include <Security/cssm.h>
  15 #endif
  16
  17 #include <vector>
  18
  19 #include "base/base_api.h"
  20 #include "base/basictypes.h"
  21
  22 #if defined(OS_WIN)
  23 #include "base/crypto/scoped_capi_types.h"
  24 #endif
  25
  26 namespace base {
  27
  28 // The SignatureVerifier class verifies a signature using a bare public key
  29 // (as opposed to a certificate).
  30 class BASE_API SignatureVerifier {
  31  public:
  32   SignatureVerifier();
  33   ~SignatureVerifier();
  34
  35   // Streaming interface:
  36
  37   // Initiates a signature verification operation.  This should be followed
  38   // by one or more VerifyUpdate calls and a VerifyFinal call.
  39   //
  40   // The signature algorithm is specified as a DER encoded ASN.1
  41   // AlgorithmIdentifier structure:
  42   //   AlgorithmIdentifier  ::=  SEQUENCE  {
  43   //       algorithm               OBJECT IDENTIFIER,
  44   //       parameters              ANY DEFINED BY algorithm OPTIONAL  }
  45   //
  46   // The signature is encoded according to the signature algorithm, but it
  47   // must not be further encoded in an ASN.1 BIT STRING.
  48   // Note: An RSA signatures is actually a big integer.  It must be in the
  49   // big-endian byte order.
  50   //
  51   // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo
  52   // structure, which contains not only the public key but also its type
  53   // (algorithm):
  54   //   SubjectPublicKeyInfo  ::=  SEQUENCE  {
  55   //       algorithm            AlgorithmIdentifier,
  56   //       subjectPublicKey     BIT STRING  }
  57   bool VerifyInit(const uint8* signature_algorithm,
  58                   int signature_algorithm_len,
  59                   const uint8* signature,
  60                   int signature_len,
  61                   const uint8* public_key_info,
  62                   int public_key_info_len);
  63
  64   // Feeds a piece of the data to the signature verifier.
  65   void VerifyUpdate(const uint8* data_part, int data_part_len);
  66
  67   // Concludes a signature verification operation.  Returns true if the
  68   // signature is valid.  Returns false if the signature is invalid or an
  69   // error occurred.
  70   bool VerifyFinal();
  71
  72   // Note: we can provide a one-shot interface if there is interest:
  73   //   bool Verify(const uint8* data,
  74   //               int data_len,
  75   //               const uint8* signature_algorithm,
  76   //               int signature_algorithm_len,
  77   //               const uint8* signature,
  78   //               int signature_len,
  79   //               const uint8* public_key_info,
  80   //               int public_key_info_len);
  81
  82  private:
  83   void Reset();
  84
  85   std::vector<uint8> signature_;
  86
  87 #if defined(USE_OPENSSL)
  88   struct VerifyContext;
  89   VerifyContext* verify_context_;
  90 #elif defined(USE_NSS)
  91   VFYContext* vfy_context_;
  92 #elif defined(OS_MACOSX)
  93   std::vector<uint8> public_key_info_;
  94
  95   CSSM_CC_HANDLE sig_handle_;
  96
  97   CSSM_KEY public_key_;
  98 #elif defined(OS_WIN)
  99   ScopedHCRYPTPROV provider_;
 100
 101   ScopedHCRYPTHASH hash_object_;
 102
 103   ScopedHCRYPTKEY public_key_;
 104 #endif
 105 };
 106
 107 }  // namespace base
 108
 109 #endif  // BASE_CRYPTO_SIGNATURE_VERIFIER_H_