1*635a8641SAndroid Build Coastguard Worker // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2*635a8641SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*635a8641SAndroid Build Coastguard Worker // found in the LICENSE file. 4*635a8641SAndroid Build Coastguard Worker 5*635a8641SAndroid Build Coastguard Worker #ifndef CRYPTO_SIGNATURE_VERIFIER_H_ 6*635a8641SAndroid Build Coastguard Worker #define CRYPTO_SIGNATURE_VERIFIER_H_ 7*635a8641SAndroid Build Coastguard Worker 8*635a8641SAndroid Build Coastguard Worker #include <stdint.h> 9*635a8641SAndroid Build Coastguard Worker 10*635a8641SAndroid Build Coastguard Worker #include <memory> 11*635a8641SAndroid Build Coastguard Worker #include <vector> 12*635a8641SAndroid Build Coastguard Worker 13*635a8641SAndroid Build Coastguard Worker #include "base/containers/span.h" 14*635a8641SAndroid Build Coastguard Worker #include "build/build_config.h" 15*635a8641SAndroid Build Coastguard Worker #include "crypto/crypto_export.h" 16*635a8641SAndroid Build Coastguard Worker 17*635a8641SAndroid Build Coastguard Worker namespace crypto { 18*635a8641SAndroid Build Coastguard Worker 19*635a8641SAndroid Build Coastguard Worker // The SignatureVerifier class verifies a signature using a bare public key 20*635a8641SAndroid Build Coastguard Worker // (as opposed to a certificate). 21*635a8641SAndroid Build Coastguard Worker class CRYPTO_EXPORT SignatureVerifier { 22*635a8641SAndroid Build Coastguard Worker public: 23*635a8641SAndroid Build Coastguard Worker // The set of supported signature algorithms. Extend as required. 24*635a8641SAndroid Build Coastguard Worker enum SignatureAlgorithm { 25*635a8641SAndroid Build Coastguard Worker RSA_PKCS1_SHA1, 26*635a8641SAndroid Build Coastguard Worker RSA_PKCS1_SHA256, 27*635a8641SAndroid Build Coastguard Worker ECDSA_SHA256, 28*635a8641SAndroid Build Coastguard Worker // This is RSA-PSS with SHA-256 as both signing hash and MGF-1 hash, and the 29*635a8641SAndroid Build Coastguard Worker // salt length matching the hash length. 30*635a8641SAndroid Build Coastguard Worker RSA_PSS_SHA256, 31*635a8641SAndroid Build Coastguard Worker }; 32*635a8641SAndroid Build Coastguard Worker 33*635a8641SAndroid Build Coastguard Worker SignatureVerifier(); 34*635a8641SAndroid Build Coastguard Worker ~SignatureVerifier(); 35*635a8641SAndroid Build Coastguard Worker 36*635a8641SAndroid Build Coastguard Worker // Streaming interface: 37*635a8641SAndroid Build Coastguard Worker 38*635a8641SAndroid Build Coastguard Worker // Initiates a signature verification operation. This should be followed 39*635a8641SAndroid Build Coastguard Worker // by one or more VerifyUpdate calls and a VerifyFinal call. 40*635a8641SAndroid Build Coastguard Worker // 41*635a8641SAndroid Build Coastguard Worker // The signature is encoded according to the signature algorithm. 42*635a8641SAndroid Build Coastguard Worker // 43*635a8641SAndroid Build Coastguard Worker // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo 44*635a8641SAndroid Build Coastguard Worker // structure, which contains not only the public key but also its type 45*635a8641SAndroid Build Coastguard Worker // (algorithm): 46*635a8641SAndroid Build Coastguard Worker // SubjectPublicKeyInfo ::= SEQUENCE { 47*635a8641SAndroid Build Coastguard Worker // algorithm AlgorithmIdentifier, 48*635a8641SAndroid Build Coastguard Worker // subjectPublicKey BIT STRING } 49*635a8641SAndroid Build Coastguard Worker bool VerifyInit(SignatureAlgorithm signature_algorithm, 50*635a8641SAndroid Build Coastguard Worker base::span<const uint8_t> signature, 51*635a8641SAndroid Build Coastguard Worker base::span<const uint8_t> public_key_info); 52*635a8641SAndroid Build Coastguard Worker 53*635a8641SAndroid Build Coastguard Worker // Feeds a piece of the data to the signature verifier. 54*635a8641SAndroid Build Coastguard Worker void VerifyUpdate(base::span<const uint8_t> data_part); 55*635a8641SAndroid Build Coastguard Worker 56*635a8641SAndroid Build Coastguard Worker // Concludes a signature verification operation. Returns true if the 57*635a8641SAndroid Build Coastguard Worker // signature is valid. Returns false if the signature is invalid or an 58*635a8641SAndroid Build Coastguard Worker // error occurred. 59*635a8641SAndroid Build Coastguard Worker bool VerifyFinal(); 60*635a8641SAndroid Build Coastguard Worker 61*635a8641SAndroid Build Coastguard Worker private: 62*635a8641SAndroid Build Coastguard Worker void Reset(); 63*635a8641SAndroid Build Coastguard Worker 64*635a8641SAndroid Build Coastguard Worker std::vector<uint8_t> signature_; 65*635a8641SAndroid Build Coastguard Worker 66*635a8641SAndroid Build Coastguard Worker struct VerifyContext; 67*635a8641SAndroid Build Coastguard Worker std::unique_ptr<VerifyContext> verify_context_; 68*635a8641SAndroid Build Coastguard Worker }; 69*635a8641SAndroid Build Coastguard Worker 70*635a8641SAndroid Build Coastguard Worker } // namespace crypto 71*635a8641SAndroid Build Coastguard Worker 72*635a8641SAndroid Build Coastguard Worker #endif // CRYPTO_SIGNATURE_VERIFIER_H_ 73