Add SignatureVerifier::VerifyInitRSAPSS for verifying RSA-PSS signatures.

crypto/signature_verifier.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CRYPTO_SIGNATURE_VERIFIER_H_
 #define CRYPTO_SIGNATURE_VERIFIER_H_
 
 #include "build/build_config.h"
 
 #include <vector>
 
 #include "base/basictypes.h"
 #include "crypto/crypto_export.h"
 
-#if !defined(USE_OPENSSL)
+#if defined(USE_OPENSSL)
+typedef struct env_md_st EVP_MD;
+typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
+#else
+typedef struct HASHContextStr HASHContext;
+typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
 typedef struct VFYContextStr VFYContext;
 #endif
 
 namespace crypto {
 
 // The SignatureVerifier class verifies a signature using a bare public key
 // (as opposed to a certificate).
 class CRYPTO_EXPORT SignatureVerifier {
  public:
+  // The set of supported hash functions. Extend as required.
+  enum HashAlgorithm {
+    SHA1,
+    SHA256,
+  };
+
   SignatureVerifier();
   ~SignatureVerifier();
 
   // Streaming interface:
 
   // Initiates a signature verification operation.  This should be followed
   // by one or more VerifyUpdate calls and a VerifyFinal call.
+  // NOTE: for RSA-PSS signatures, use VerifyInitRSAPSS instead.
   //
   // The signature algorithm is specified as a DER encoded ASN.1
   // AlgorithmIdentifier structure:
   //   AlgorithmIdentifier  ::=  SEQUENCE  {
   //       algorithm               OBJECT IDENTIFIER,
   //       parameters              ANY DEFINED BY algorithm OPTIONAL  }
   //
   // The signature is encoded according to the signature algorithm, but it
   // must not be further encoded in an ASN.1 BIT STRING.
   // Note: An RSA signatures is actually a big integer.  It must be in the
   // big-endian byte order.
   //
   // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo
   // structure, which contains not only the public key but also its type
   // (algorithm):
   //   SubjectPublicKeyInfo  ::=  SEQUENCE  {
   //       algorithm            AlgorithmIdentifier,
   //       subjectPublicKey     BIT STRING  }
   bool VerifyInit(const uint8* signature_algorithm,
                   int signature_algorithm_len,
                   const uint8* signature,
                   int signature_len,
                   const uint8* public_key_info,
                   int public_key_info_len);
 
+  // Initiates a RSA-PSS signature verification operation.  This should be
+  // followed by one or more VerifyUpdate calls and a VerifyFinal call.
+  //
+  // The RSA-PSS signature algorithm parameters are specified with the
+  // |hash_alg|, |mask_hash_alg|, and |salt_len| arguments.
+  //
+  // An RSA-PSS signature is encoded as a big integer in the big-endian byte

[agl, 2013/06/26 15:21:10]

s/the //

[wtc, 2013/06/27 02:23:51]

Done.

+  // order. It must not be further encoded in an ASN.1 BIT STRING.
+  //
+  // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo
+  // structure, which contains not only the public key but also its type
+  // (algorithm):
+  //   SubjectPublicKeyInfo  ::=  SEQUENCE  {
+  //       algorithm            AlgorithmIdentifier,
+  //       subjectPublicKey     BIT STRING  }
+  bool VerifyInitRSAPSS(HashAlgorithm hash_alg,
+                        HashAlgorithm mask_hash_alg,
+                        int salt_len,
+                        const uint8* signature,
+                        int signature_len,

[agl, 2013/06/26 15:21:10]

nit: size_t for lengths?

[wtc, 2013/06/27 02:23:51]

I will do this in a separate cleanup CL because it will require OWNERS
review of changes outside src/crypto.

+                        const uint8* public_key_info,
+                        int public_key_info_len);
+
   // Feeds a piece of the data to the signature verifier.
   void VerifyUpdate(const uint8* data_part, int data_part_len);
 
   // Concludes a signature verification operation.  Returns true if the
   // signature is valid.  Returns false if the signature is invalid or an
   // error occurred.
   bool VerifyFinal();
 
   // Note: we can provide a one-shot interface if there is interest:
   //   bool Verify(const uint8* data,
   //               int data_len,
   //               const uint8* signature_algorithm,
   //               int signature_algorithm_len,
   //               const uint8* signature,
   //               int signature_len,
   //               const uint8* public_key_info,
   //               int public_key_info_len);
 
  private:
+#if defined(USE_OPENSSL)
+  bool CommonInit(const EVP_MD* digest,
+                  const uint8* signature,
+                  int signature_len,
+                  const uint8* public_key_info,
+                  int public_key_info_len,
+                  EVP_PKEY_CTX** pkey_ctx);
+#else
+  static SECKEYPublicKey* DecodePublicKeyInfo(const uint8* public_key_info,
+                                              int public_key_info_len);
+#endif
+
   void Reset();
 
   std::vector<uint8> signature_;
 
 #if defined(USE_OPENSSL)
   struct VerifyContext;
   VerifyContext* verify_context_;
 #else
+  // Used for all signature types except RSA-PSS.
   VFYContext* vfy_context_;
+
+  // Used for RSA-PSS signatures.
+  HashAlgorithm hash_alg_;
+  HashAlgorithm mask_hash_alg_;
+  unsigned int salt_len_;
+  SECKEYPublicKey* public_key_;
+  HASHContext* hash_context_;
 #endif
 };
 
 }  // namespace crypto
 
 #endif  // CRYPTO_SIGNATURE_VERIFIER_H_