| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CRYPTO_SIGNATURE_VERIFIER_H_ | 5 #ifndef CRYPTO_SIGNATURE_VERIFIER_H_ |
| 6 #define CRYPTO_SIGNATURE_VERIFIER_H_ | 6 #define CRYPTO_SIGNATURE_VERIFIER_H_ |
| 7 | 7 |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 15 matching lines...) Expand all Loading... |
| 26 // The SignatureVerifier class verifies a signature using a bare public key | 26 // The SignatureVerifier class verifies a signature using a bare public key |
| 27 // (as opposed to a certificate). | 27 // (as opposed to a certificate). |
| 28 class CRYPTO_EXPORT SignatureVerifier { | 28 class CRYPTO_EXPORT SignatureVerifier { |
| 29 public: | 29 public: |
| 30 // The set of supported hash functions. Extend as required. | 30 // The set of supported hash functions. Extend as required. |
| 31 enum HashAlgorithm { | 31 enum HashAlgorithm { |
| 32 SHA1, | 32 SHA1, |
| 33 SHA256, | 33 SHA256, |
| 34 }; | 34 }; |
| 35 | 35 |
| 36 // The set of supported signature algorithms. Extend as required. |
| 37 enum SignatureAlgorithm { |
| 38 RSA_PKCS1_SHA1, |
| 39 RSA_PKCS1_SHA256, |
| 40 ECDSA_SHA256, |
| 41 }; |
| 42 |
| 36 SignatureVerifier(); | 43 SignatureVerifier(); |
| 37 ~SignatureVerifier(); | 44 ~SignatureVerifier(); |
| 38 | 45 |
| 39 // Streaming interface: | 46 // Streaming interface: |
| 40 | 47 |
| 41 // Initiates a signature verification operation. This should be followed | 48 // Initiates a signature verification operation. This should be followed |
| 42 // by one or more VerifyUpdate calls and a VerifyFinal call. | 49 // by one or more VerifyUpdate calls and a VerifyFinal call. |
| 43 // NOTE: for RSA-PSS signatures, use VerifyInitRSAPSS instead. | 50 // NOTE: for RSA-PSS signatures, use VerifyInitRSAPSS instead. |
| 44 // | 51 // |
| 45 // The signature algorithm is specified as a DER encoded ASN.1 | 52 // The signature is encoded according to the signature algorithm. |
| 46 // AlgorithmIdentifier structure: | |
| 47 // AlgorithmIdentifier ::= SEQUENCE { | |
| 48 // algorithm OBJECT IDENTIFIER, | |
| 49 // parameters ANY DEFINED BY algorithm OPTIONAL } | |
| 50 // | |
| 51 // The signature is encoded according to the signature algorithm, but it | |
| 52 // must not be further encoded in an ASN.1 BIT STRING. | |
| 53 // Note: An RSA signature is actually a big integer. It must be in | |
| 54 // big-endian byte order. | |
| 55 // | 53 // |
| 56 // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo | 54 // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo |
| 57 // structure, which contains not only the public key but also its type | 55 // structure, which contains not only the public key but also its type |
| 58 // (algorithm): | 56 // (algorithm): |
| 59 // SubjectPublicKeyInfo ::= SEQUENCE { | 57 // SubjectPublicKeyInfo ::= SEQUENCE { |
| 60 // algorithm AlgorithmIdentifier, | 58 // algorithm AlgorithmIdentifier, |
| 61 // subjectPublicKey BIT STRING } | 59 // subjectPublicKey BIT STRING } |
| 62 bool VerifyInit(const uint8_t* signature_algorithm, | 60 bool VerifyInit(SignatureAlgorithm signature_algorithm, |
| 63 int signature_algorithm_len, | |
| 64 const uint8_t* signature, | 61 const uint8_t* signature, |
| 65 int signature_len, | 62 int signature_len, |
| 66 const uint8_t* public_key_info, | 63 const uint8_t* public_key_info, |
| 67 int public_key_info_len); | 64 int public_key_info_len); |
| 68 | 65 |
| 69 // Initiates a RSA-PSS signature verification operation. This should be | 66 // Initiates a RSA-PSS signature verification operation. This should be |
| 70 // followed by one or more VerifyUpdate calls and a VerifyFinal call. | 67 // followed by one or more VerifyUpdate calls and a VerifyFinal call. |
| 71 // | 68 // |
| 72 // The RSA-PSS signature algorithm parameters are specified with the | 69 // The RSA-PSS signature algorithm parameters are specified with the |
| 73 // |hash_alg|, |mask_hash_alg|, and |salt_len| arguments. | 70 // |hash_alg|, |mask_hash_alg|, and |salt_len| arguments. |
| (...skipping 17 matching lines...) Expand all Loading... |
| 91 int public_key_info_len); | 88 int public_key_info_len); |
| 92 | 89 |
| 93 // Feeds a piece of the data to the signature verifier. | 90 // Feeds a piece of the data to the signature verifier. |
| 94 void VerifyUpdate(const uint8_t* data_part, int data_part_len); | 91 void VerifyUpdate(const uint8_t* data_part, int data_part_len); |
| 95 | 92 |
| 96 // Concludes a signature verification operation. Returns true if the | 93 // Concludes a signature verification operation. Returns true if the |
| 97 // signature is valid. Returns false if the signature is invalid or an | 94 // signature is valid. Returns false if the signature is invalid or an |
| 98 // error occurred. | 95 // error occurred. |
| 99 bool VerifyFinal(); | 96 bool VerifyFinal(); |
| 100 | 97 |
| 101 // Note: we can provide a one-shot interface if there is interest: | |
| 102 // bool Verify(const uint8_t* data, | |
| 103 // int data_len, | |
| 104 // const uint8_t* signature_algorithm, | |
| 105 // int signature_algorithm_len, | |
| 106 // const uint8_t* signature, | |
| 107 // int signature_len, | |
| 108 // const uint8_t* public_key_info, | |
| 109 // int public_key_info_len); | |
| 110 | |
| 111 private: | 98 private: |
| 112 #if defined(USE_OPENSSL) | 99 #if defined(USE_OPENSSL) |
| 113 bool CommonInit(const EVP_MD* digest, | 100 bool CommonInit(int pkey_type, |
| 101 const EVP_MD* digest, |
| 114 const uint8_t* signature, | 102 const uint8_t* signature, |
| 115 int signature_len, | 103 int signature_len, |
| 116 const uint8_t* public_key_info, | 104 const uint8_t* public_key_info, |
| 117 int public_key_info_len, | 105 int public_key_info_len, |
| 118 EVP_PKEY_CTX** pkey_ctx); | 106 EVP_PKEY_CTX** pkey_ctx); |
| 119 #else | 107 #else |
| 120 static SECKEYPublicKey* DecodePublicKeyInfo(const uint8_t* public_key_info, | 108 static SECKEYPublicKey* DecodePublicKeyInfo(const uint8_t* public_key_info, |
| 121 int public_key_info_len); | 109 int public_key_info_len); |
| 122 #endif | 110 #endif |
| 123 | 111 |
| (...skipping 13 matching lines...) Expand all Loading... |
| 137 HashAlgorithm mask_hash_alg_; | 125 HashAlgorithm mask_hash_alg_; |
| 138 unsigned int salt_len_; | 126 unsigned int salt_len_; |
| 139 SECKEYPublicKey* public_key_; | 127 SECKEYPublicKey* public_key_; |
| 140 HASHContext* hash_context_; | 128 HASHContext* hash_context_; |
| 141 #endif | 129 #endif |
| 142 }; | 130 }; |
| 143 | 131 |
| 144 } // namespace crypto | 132 } // namespace crypto |
| 145 | 133 |
| 146 #endif // CRYPTO_SIGNATURE_VERIFIER_H_ | 134 #endif // CRYPTO_SIGNATURE_VERIFIER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1679873005:
Switch SignatureVerifier to taking an algorithm enum. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master