diff options
Diffstat (limited to 'crypto/signature_verifier.h')
-rw-r--r-- | crypto/signature_verifier.h | 34 |
1 files changed, 11 insertions, 23 deletions
diff --git a/crypto/signature_verifier.h b/crypto/signature_verifier.h index b26a0df..5b7369f 100644 --- a/crypto/signature_verifier.h +++ b/crypto/signature_verifier.h @@ -33,6 +33,13 @@ class CRYPTO_EXPORT SignatureVerifier { SHA256, }; + // The set of supported signature algorithms. Extend as required. + enum SignatureAlgorithm { + RSA_PKCS1_SHA1, + RSA_PKCS1_SHA256, + ECDSA_SHA256, + }; + SignatureVerifier(); ~SignatureVerifier(); @@ -42,16 +49,7 @@ class CRYPTO_EXPORT SignatureVerifier { // by one or more VerifyUpdate calls and a VerifyFinal call. // NOTE: for RSA-PSS signatures, use VerifyInitRSAPSS instead. // - // The signature algorithm is specified as a DER encoded ASN.1 - // AlgorithmIdentifier structure: - // AlgorithmIdentifier ::= SEQUENCE { - // algorithm OBJECT IDENTIFIER, - // parameters ANY DEFINED BY algorithm OPTIONAL } - // - // The signature is encoded according to the signature algorithm, but it - // must not be further encoded in an ASN.1 BIT STRING. - // Note: An RSA signature is actually a big integer. It must be in - // big-endian byte order. + // The signature is encoded according to the signature algorithm. // // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo // structure, which contains not only the public key but also its type @@ -59,8 +57,7 @@ class CRYPTO_EXPORT SignatureVerifier { // SubjectPublicKeyInfo ::= SEQUENCE { // algorithm AlgorithmIdentifier, // subjectPublicKey BIT STRING } - bool VerifyInit(const uint8_t* signature_algorithm, - int signature_algorithm_len, + bool VerifyInit(SignatureAlgorithm signature_algorithm, const uint8_t* signature, int signature_len, const uint8_t* public_key_info, @@ -98,19 +95,10 @@ class CRYPTO_EXPORT SignatureVerifier { // error occurred. bool VerifyFinal(); - // Note: we can provide a one-shot interface if there is interest: - // bool Verify(const uint8_t* data, - // int data_len, - // const uint8_t* signature_algorithm, - // int signature_algorithm_len, - // const uint8_t* signature, - // int signature_len, - // const uint8_t* public_key_info, - // int public_key_info_len); - private: #if defined(USE_OPENSSL) - bool CommonInit(const EVP_MD* digest, + bool CommonInit(int pkey_type, + const EVP_MD* digest, const uint8_t* signature, int signature_len, const uint8_t* public_key_info, |