1 // Copyright 2023 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //    https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #ifndef ANONYMOUS_TOKENS_CPP_CRYPTO_RSA_SSA_PSS_VERIFIER_H_
16 #define ANONYMOUS_TOKENS_CPP_CRYPTO_RSA_SSA_PSS_VERIFIER_H_
17 
18 #include <stdint.h>
19 
20 #include <memory>
21 #include <optional>
22 
23 #include "absl/status/status.h"
24 #include "absl/status/statusor.h"
25 #include "absl/strings/string_view.h"
26 #include "anonymous_tokens/cpp/crypto/crypto_utils.h"
27 #include "anonymous_tokens/cpp/crypto/verifier.h"
28 #include "anonymous_tokens/proto/anonymous_tokens.pb.h"
29 
30 namespace anonymous_tokens {
31 
32 // RsaSsaPssVerifier is able to verify an unblinded token (signature) against an
33 // inputted message using a public key and other input parameters.
34 class RsaSsaPssVerifier : public Verifier {
35  public:
36   // Passing of public_metadata is optional. If it is set to any value including
37   // an empty string, RsaSsaPssVerifier will assume that partially blind RSA
38   // signature protocol is being executed.
39   //
40   // If public metadata is passed and the boolean "use_rsa_public_exponent" is
41   // set to false, the public exponent in the public_key is not used in any
42   // computations in the protocol.
43   //
44   // Setting "use_rsa_public_exponent" to true is deprecated. All new users
45   // should set it to false.
46   static absl::StatusOr<std::unique_ptr<RsaSsaPssVerifier>> New(
47       int salt_length, const EVP_MD* sig_hash, const EVP_MD* mgf1_hash,
48       const RSAPublicKey& public_key, bool use_rsa_public_exponent,
49       std::optional<absl::string_view> public_metadata = std::nullopt);
50 
51   // Verifies the signature.
52   //
53   // Returns OkStatus() on successful verification. Otherwise returns an error.
54   absl::Status Verify(absl::string_view unblind_token,
55                       absl::string_view message) override;
56 
57  private:
58   // Use `New` to construct
59   RsaSsaPssVerifier(int salt_length,
60                     std::optional<absl::string_view> public_metadata,
61                     const EVP_MD* sig_hash, const EVP_MD* mgf1_hash,
62                     bssl::UniquePtr<RSA> rsa_public_key);
63 
64   const int salt_length_;
65   std::optional<std::string> public_metadata_;
66   const EVP_MD* const sig_hash_;   // Owned by BoringSSL.
67   const EVP_MD* const mgf1_hash_;  // Owned by BoringSSL.
68 
69   // If public metadata is passed to RsaSsaPssVerifier::New, rsa_public_key_
70   // will be initialized using RSA_new_public_key_large_e method.
71   const bssl::UniquePtr<RSA> rsa_public_key_;
72 };
73 
74 }  // namespace anonymous_tokens
75 
76 #endif  // ANONYMOUS_TOKENS_CPP_CRYPTO_RSA_SSA_PSS_VERIFIER_H_
77