| Index: crypto/signature_verifier.h
|
| ===================================================================
|
| --- crypto/signature_verifier.h (revision 208575)
|
| +++ crypto/signature_verifier.h (working copy)
|
| @@ -12,7 +12,12 @@
|
| #include "base/basictypes.h"
|
| #include "crypto/crypto_export.h"
|
|
|
| -#if !defined(USE_OPENSSL)
|
| +#if defined(USE_OPENSSL)
|
| +typedef struct env_md_st EVP_MD;
|
| +typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
|
| +#else
|
| +typedef struct HASHContextStr HASHContext;
|
| +typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
|
| typedef struct VFYContextStr VFYContext;
|
| #endif
|
|
|
| @@ -22,6 +27,12 @@
|
| // (as opposed to a certificate).
|
| class CRYPTO_EXPORT SignatureVerifier {
|
| public:
|
| + // The set of supported hash functions. Extend as required.
|
| + enum HashAlgorithm {
|
| + SHA1,
|
| + SHA256,
|
| + };
|
| +
|
| SignatureVerifier();
|
| ~SignatureVerifier();
|
|
|
| @@ -29,6 +40,7 @@
|
|
|
| // Initiates a signature verification operation. This should be followed
|
| // by one or more VerifyUpdate calls and a VerifyFinal call.
|
| + // NOTE: for RSA-PSS signatures, use VerifyInitRSAPSS instead.
|
| //
|
| // The signature algorithm is specified as a DER encoded ASN.1
|
| // AlgorithmIdentifier structure:
|
| @@ -38,7 +50,7 @@
|
| //
|
| // The signature is encoded according to the signature algorithm, but it
|
| // must not be further encoded in an ASN.1 BIT STRING.
|
| - // Note: An RSA signatures is actually a big integer. It must be in the
|
| + // Note: An RSA signature is actually a big integer. It must be in
|
| // big-endian byte order.
|
| //
|
| // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo
|
| @@ -54,6 +66,30 @@
|
| const uint8* public_key_info,
|
| int public_key_info_len);
|
|
|
| + // Initiates a RSA-PSS signature verification operation. This should be
|
| + // followed by one or more VerifyUpdate calls and a VerifyFinal call.
|
| + //
|
| + // The RSA-PSS signature algorithm parameters are specified with the
|
| + // |hash_alg|, |mask_hash_alg|, and |salt_len| arguments.
|
| + //
|
| + // An RSA-PSS signature is a nonnegative integer encoded as a byte string
|
| + // (of the same length as the RSA modulus) in big-endian byte order. It
|
| + // must not be further encoded in an ASN.1 BIT STRING.
|
| + //
|
| + // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo
|
| + // structure, which contains not only the public key but also its type
|
| + // (algorithm):
|
| + // SubjectPublicKeyInfo ::= SEQUENCE {
|
| + // algorithm AlgorithmIdentifier,
|
| + // subjectPublicKey BIT STRING }
|
| + bool VerifyInitRSAPSS(HashAlgorithm hash_alg,
|
| + HashAlgorithm mask_hash_alg,
|
| + int salt_len,
|
| + const uint8* signature,
|
| + int signature_len,
|
| + const uint8* public_key_info,
|
| + int public_key_info_len);
|
| +
|
| // Feeds a piece of the data to the signature verifier.
|
| void VerifyUpdate(const uint8* data_part, int data_part_len);
|
|
|
| @@ -73,6 +109,18 @@
|
| // int public_key_info_len);
|
|
|
| private:
|
| +#if defined(USE_OPENSSL)
|
| + bool CommonInit(const EVP_MD* digest,
|
| + const uint8* signature,
|
| + int signature_len,
|
| + const uint8* public_key_info,
|
| + int public_key_info_len,
|
| + EVP_PKEY_CTX** pkey_ctx);
|
| +#else
|
| + static SECKEYPublicKey* DecodePublicKeyInfo(const uint8* public_key_info,
|
| + int public_key_info_len);
|
| +#endif
|
| +
|
| void Reset();
|
|
|
| std::vector<uint8> signature_;
|
| @@ -81,7 +129,15 @@
|
| struct VerifyContext;
|
| VerifyContext* verify_context_;
|
| #else
|
| + // Used for all signature types except RSA-PSS.
|
| VFYContext* vfy_context_;
|
| +
|
| + // Used for RSA-PSS signatures.
|
| + HashAlgorithm hash_alg_;
|
| + HashAlgorithm mask_hash_alg_;
|
| + unsigned int salt_len_;
|
| + SECKEYPublicKey* public_key_;
|
| + HASHContext* hash_context_;
|
| #endif
|
| };
|
|
|
|
|
Chromium Code Reviews
Issue 17776003:
Add SignatureVerifier::VerifyInitRSAPSS for verifying RSA-PSS signatures. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/