1*6777b538SAndroid Build Coastguard Worker // Copyright 2012 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker #ifndef CRYPTO_SIGNATURE_VERIFIER_H_ 6*6777b538SAndroid Build Coastguard Worker #define CRYPTO_SIGNATURE_VERIFIER_H_ 7*6777b538SAndroid Build Coastguard Worker 8*6777b538SAndroid Build Coastguard Worker #include <stdint.h> 9*6777b538SAndroid Build Coastguard Worker 10*6777b538SAndroid Build Coastguard Worker #include <memory> 11*6777b538SAndroid Build Coastguard Worker #include <vector> 12*6777b538SAndroid Build Coastguard Worker 13*6777b538SAndroid Build Coastguard Worker #include "base/containers/span.h" 14*6777b538SAndroid Build Coastguard Worker #include "build/build_config.h" 15*6777b538SAndroid Build Coastguard Worker #include "crypto/crypto_export.h" 16*6777b538SAndroid Build Coastguard Worker 17*6777b538SAndroid Build Coastguard Worker namespace crypto { 18*6777b538SAndroid Build Coastguard Worker 19*6777b538SAndroid Build Coastguard Worker // The SignatureVerifier class verifies a signature using a bare public key 20*6777b538SAndroid Build Coastguard Worker // (as opposed to a certificate). 21*6777b538SAndroid Build Coastguard Worker class CRYPTO_EXPORT SignatureVerifier { 22*6777b538SAndroid Build Coastguard Worker public: 23*6777b538SAndroid Build Coastguard Worker // The set of supported signature algorithms. Extend as required. 24*6777b538SAndroid Build Coastguard Worker enum SignatureAlgorithm { 25*6777b538SAndroid Build Coastguard Worker RSA_PKCS1_SHA1, 26*6777b538SAndroid Build Coastguard Worker RSA_PKCS1_SHA256, 27*6777b538SAndroid Build Coastguard Worker ECDSA_SHA256, 28*6777b538SAndroid Build Coastguard Worker // This is RSA-PSS with SHA-256 as both signing hash and MGF-1 hash, and the 29*6777b538SAndroid Build Coastguard Worker // salt length matching the hash length. 30*6777b538SAndroid Build Coastguard Worker RSA_PSS_SHA256, 31*6777b538SAndroid Build Coastguard Worker }; 32*6777b538SAndroid Build Coastguard Worker 33*6777b538SAndroid Build Coastguard Worker SignatureVerifier(); 34*6777b538SAndroid Build Coastguard Worker ~SignatureVerifier(); 35*6777b538SAndroid Build Coastguard Worker 36*6777b538SAndroid Build Coastguard Worker // Streaming interface: 37*6777b538SAndroid Build Coastguard Worker 38*6777b538SAndroid Build Coastguard Worker // Initiates a signature verification operation. This should be followed 39*6777b538SAndroid Build Coastguard Worker // by one or more VerifyUpdate calls and a VerifyFinal call. 40*6777b538SAndroid Build Coastguard Worker // 41*6777b538SAndroid Build Coastguard Worker // The signature is encoded according to the signature algorithm. 42*6777b538SAndroid Build Coastguard Worker // 43*6777b538SAndroid Build Coastguard Worker // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo 44*6777b538SAndroid Build Coastguard Worker // structure, which contains not only the public key but also its type 45*6777b538SAndroid Build Coastguard Worker // (algorithm): 46*6777b538SAndroid Build Coastguard Worker // SubjectPublicKeyInfo ::= SEQUENCE { 47*6777b538SAndroid Build Coastguard Worker // algorithm AlgorithmIdentifier, 48*6777b538SAndroid Build Coastguard Worker // subjectPublicKey BIT STRING } 49*6777b538SAndroid Build Coastguard Worker bool VerifyInit(SignatureAlgorithm signature_algorithm, 50*6777b538SAndroid Build Coastguard Worker base::span<const uint8_t> signature, 51*6777b538SAndroid Build Coastguard Worker base::span<const uint8_t> public_key_info); 52*6777b538SAndroid Build Coastguard Worker 53*6777b538SAndroid Build Coastguard Worker // Feeds a piece of the data to the signature verifier. 54*6777b538SAndroid Build Coastguard Worker void VerifyUpdate(base::span<const uint8_t> data_part); 55*6777b538SAndroid Build Coastguard Worker 56*6777b538SAndroid Build Coastguard Worker // Concludes a signature verification operation. Returns true if the 57*6777b538SAndroid Build Coastguard Worker // signature is valid. Returns false if the signature is invalid or an 58*6777b538SAndroid Build Coastguard Worker // error occurred. 59*6777b538SAndroid Build Coastguard Worker bool VerifyFinal(); 60*6777b538SAndroid Build Coastguard Worker 61*6777b538SAndroid Build Coastguard Worker private: 62*6777b538SAndroid Build Coastguard Worker void Reset(); 63*6777b538SAndroid Build Coastguard Worker 64*6777b538SAndroid Build Coastguard Worker std::vector<uint8_t> signature_; 65*6777b538SAndroid Build Coastguard Worker 66*6777b538SAndroid Build Coastguard Worker struct VerifyContext; 67*6777b538SAndroid Build Coastguard Worker std::unique_ptr<VerifyContext> verify_context_; 68*6777b538SAndroid Build Coastguard Worker }; 69*6777b538SAndroid Build Coastguard Worker 70*6777b538SAndroid Build Coastguard Worker } // namespace crypto 71*6777b538SAndroid Build Coastguard Worker 72*6777b538SAndroid Build Coastguard Worker #endif // CRYPTO_SIGNATURE_VERIFIER_H_ 73