diff options
Diffstat (limited to 'crypto/signature_verifier.h')
-rw-r--r-- | crypto/signature_verifier.h | 60 |
1 files changed, 58 insertions, 2 deletions
diff --git a/crypto/signature_verifier.h b/crypto/signature_verifier.h index 505ed0c..93591d2 100644 --- a/crypto/signature_verifier.h +++ b/crypto/signature_verifier.h @@ -12,7 +12,12 @@ #include "base/basictypes.h" #include "crypto/crypto_export.h" -#if !defined(USE_OPENSSL) +#if defined(USE_OPENSSL) +typedef struct env_md_st EVP_MD; +typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; +#else +typedef struct HASHContextStr HASHContext; +typedef struct SECKEYPublicKeyStr SECKEYPublicKey; typedef struct VFYContextStr VFYContext; #endif @@ -22,6 +27,12 @@ namespace crypto { // (as opposed to a certificate). class CRYPTO_EXPORT SignatureVerifier { public: + // The set of supported hash functions. Extend as required. + enum HashAlgorithm { + SHA1, + SHA256, + }; + SignatureVerifier(); ~SignatureVerifier(); @@ -29,6 +40,7 @@ class CRYPTO_EXPORT SignatureVerifier { // Initiates a signature verification operation. This should be followed // by one or more VerifyUpdate calls and a VerifyFinal call. + // NOTE: for RSA-PSS signatures, use VerifyInitRSAPSS instead. // // The signature algorithm is specified as a DER encoded ASN.1 // AlgorithmIdentifier structure: @@ -38,7 +50,7 @@ class CRYPTO_EXPORT SignatureVerifier { // // The signature is encoded according to the signature algorithm, but it // must not be further encoded in an ASN.1 BIT STRING. - // Note: An RSA signatures is actually a big integer. It must be in the + // Note: An RSA signature is actually a big integer. It must be in // big-endian byte order. // // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo @@ -54,6 +66,30 @@ class CRYPTO_EXPORT SignatureVerifier { const uint8* public_key_info, int public_key_info_len); + // Initiates a RSA-PSS signature verification operation. This should be + // followed by one or more VerifyUpdate calls and a VerifyFinal call. + // + // The RSA-PSS signature algorithm parameters are specified with the + // |hash_alg|, |mask_hash_alg|, and |salt_len| arguments. + // + // An RSA-PSS signature is a nonnegative integer encoded as a byte string + // (of the same length as the RSA modulus) in big-endian byte order. It + // must not be further encoded in an ASN.1 BIT STRING. + // + // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo + // structure, which contains not only the public key but also its type + // (algorithm): + // SubjectPublicKeyInfo ::= SEQUENCE { + // algorithm AlgorithmIdentifier, + // subjectPublicKey BIT STRING } + bool VerifyInitRSAPSS(HashAlgorithm hash_alg, + HashAlgorithm mask_hash_alg, + int salt_len, + const uint8* signature, + int signature_len, + const uint8* public_key_info, + int public_key_info_len); + // Feeds a piece of the data to the signature verifier. void VerifyUpdate(const uint8* data_part, int data_part_len); @@ -73,6 +109,18 @@ class CRYPTO_EXPORT SignatureVerifier { // int public_key_info_len); private: +#if defined(USE_OPENSSL) + bool CommonInit(const EVP_MD* digest, + const uint8* signature, + int signature_len, + const uint8* public_key_info, + int public_key_info_len, + EVP_PKEY_CTX** pkey_ctx); +#else + static SECKEYPublicKey* DecodePublicKeyInfo(const uint8* public_key_info, + int public_key_info_len); +#endif + void Reset(); std::vector<uint8> signature_; @@ -81,7 +129,15 @@ class CRYPTO_EXPORT SignatureVerifier { struct VerifyContext; VerifyContext* verify_context_; #else + // Used for all signature types except RSA-PSS. VFYContext* vfy_context_; + + // Used for RSA-PSS signatures. + HashAlgorithm hash_alg_; + HashAlgorithm mask_hash_alg_; + unsigned int salt_len_; + SECKEYPublicKey* public_key_; + HASHContext* hash_context_; #endif }; |