| Index: crypto/signature_verifier.h
|
| diff --git a/crypto/signature_verifier.h b/crypto/signature_verifier.h
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..fbf87d4cc64d84d21c58816d1ac5731f1d84efe7
|
| --- /dev/null
|
| +++ b/crypto/signature_verifier.h
|
| @@ -0,0 +1,145 @@
|
| +// Copyright (c) 2012 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#ifndef CRYPTO_SIGNATURE_VERIFIER_H_
|
| +#define CRYPTO_SIGNATURE_VERIFIER_H_
|
| +
|
| +#include <vector>
|
| +
|
| +#include "build/build_config.h"
|
| +#include "base/basictypes.h"
|
| +#include "crypto/crypto_export.h"
|
| +
|
| +#if defined(USE_OPENSSL)
|
| +typedef struct env_md_st EVP_MD;
|
| +typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
|
| +#else
|
| +typedef struct HASHContextStr HASHContext;
|
| +typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
|
| +typedef struct VFYContextStr VFYContext;
|
| +#endif
|
| +
|
| +namespace crypto {
|
| +
|
| +// The SignatureVerifier class verifies a signature using a bare public key
|
| +// (as opposed to a certificate).
|
| +class CRYPTO_EXPORT SignatureVerifier {
|
| + public:
|
| + // The set of supported hash functions. Extend as required.
|
| + enum HashAlgorithm {
|
| + SHA1,
|
| + SHA256,
|
| + };
|
| +
|
| + SignatureVerifier();
|
| + ~SignatureVerifier();
|
| +
|
| + // Streaming interface:
|
| +
|
| + // Initiates a signature verification operation. This should be followed
|
| + // by one or more VerifyUpdate calls and a VerifyFinal call.
|
| + // NOTE: for RSA-PSS signatures, use VerifyInitRSAPSS instead.
|
| + //
|
| + // The signature algorithm is specified as a DER encoded ASN.1
|
| + // AlgorithmIdentifier structure:
|
| + // AlgorithmIdentifier ::= SEQUENCE {
|
| + // algorithm OBJECT IDENTIFIER,
|
| + // parameters ANY DEFINED BY algorithm OPTIONAL }
|
| + //
|
| + // The signature is encoded according to the signature algorithm, but it
|
| + // must not be further encoded in an ASN.1 BIT STRING.
|
| + // Note: An RSA signature is actually a big integer. It must be in
|
| + // big-endian byte order.
|
| + //
|
| + // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo
|
| + // structure, which contains not only the public key but also its type
|
| + // (algorithm):
|
| + // SubjectPublicKeyInfo ::= SEQUENCE {
|
| + // algorithm AlgorithmIdentifier,
|
| + // subjectPublicKey BIT STRING }
|
| + bool VerifyInit(const uint8* signature_algorithm,
|
| + int signature_algorithm_len,
|
| + const uint8* signature,
|
| + int signature_len,
|
| + const uint8* public_key_info,
|
| + int public_key_info_len);
|
| +
|
| + // Initiates a RSA-PSS signature verification operation. This should be
|
| + // followed by one or more VerifyUpdate calls and a VerifyFinal call.
|
| + //
|
| + // The RSA-PSS signature algorithm parameters are specified with the
|
| + // |hash_alg|, |mask_hash_alg|, and |salt_len| arguments.
|
| + //
|
| + // An RSA-PSS signature is a nonnegative integer encoded as a byte string
|
| + // (of the same length as the RSA modulus) in big-endian byte order. It
|
| + // must not be further encoded in an ASN.1 BIT STRING.
|
| + //
|
| + // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo
|
| + // structure, which contains not only the public key but also its type
|
| + // (algorithm):
|
| + // SubjectPublicKeyInfo ::= SEQUENCE {
|
| + // algorithm AlgorithmIdentifier,
|
| + // subjectPublicKey BIT STRING }
|
| + bool VerifyInitRSAPSS(HashAlgorithm hash_alg,
|
| + HashAlgorithm mask_hash_alg,
|
| + int salt_len,
|
| + const uint8* signature,
|
| + int signature_len,
|
| + const uint8* public_key_info,
|
| + int public_key_info_len);
|
| +
|
| + // Feeds a piece of the data to the signature verifier.
|
| + void VerifyUpdate(const uint8* data_part, int data_part_len);
|
| +
|
| + // Concludes a signature verification operation. Returns true if the
|
| + // signature is valid. Returns false if the signature is invalid or an
|
| + // error occurred.
|
| + bool VerifyFinal();
|
| +
|
| + // Note: we can provide a one-shot interface if there is interest:
|
| + // bool Verify(const uint8* data,
|
| + // int data_len,
|
| + // const uint8* signature_algorithm,
|
| + // int signature_algorithm_len,
|
| + // const uint8* signature,
|
| + // int signature_len,
|
| + // const uint8* public_key_info,
|
| + // int public_key_info_len);
|
| +
|
| + private:
|
| +#if defined(USE_OPENSSL)
|
| + bool CommonInit(const EVP_MD* digest,
|
| + const uint8* signature,
|
| + int signature_len,
|
| + const uint8* public_key_info,
|
| + int public_key_info_len,
|
| + EVP_PKEY_CTX** pkey_ctx);
|
| +#else
|
| + static SECKEYPublicKey* DecodePublicKeyInfo(const uint8* public_key_info,
|
| + int public_key_info_len);
|
| +#endif
|
| +
|
| + void Reset();
|
| +
|
| + std::vector<uint8> signature_;
|
| +
|
| +#if defined(USE_OPENSSL)
|
| + struct VerifyContext;
|
| + VerifyContext* verify_context_;
|
| +#else
|
| + // Used for all signature types except RSA-PSS.
|
| + VFYContext* vfy_context_;
|
| +
|
| + // Used for RSA-PSS signatures.
|
| + HashAlgorithm hash_alg_;
|
| + HashAlgorithm mask_hash_alg_;
|
| + unsigned int salt_len_;
|
| + SECKEYPublicKey* public_key_;
|
| + HASHContext* hash_context_;
|
| +#endif
|
| +};
|
| +
|
| +} // namespace crypto
|
| +
|
| +#endif // CRYPTO_SIGNATURE_VERIFIER_H_
|
|
|
Chromium Code Reviews
