1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CRYPTO_SIGNATURE_VERIFIER_H_
6 #define CRYPTO_SIGNATURE_VERIFIER_H_
13 #include "base/containers/span.h"
14 #include "build/build_config.h"
15 #include "crypto/crypto_export.h"
19 // The SignatureVerifier class verifies a signature using a bare public key
20 // (as opposed to a certificate).
21 class CRYPTO_EXPORT SignatureVerifier {
23 // The set of supported signature algorithms. Extend as required.
24 enum SignatureAlgorithm {
28 // This is RSA-PSS with SHA-256 as both signing hash and MGF-1 hash, and the
29 // salt length matching the hash length.
36 // Streaming interface:
38 // Initiates a signature verification operation. This should be followed
39 // by one or more VerifyUpdate calls and a VerifyFinal call.
41 // The signature is encoded according to the signature algorithm.
43 // The public key is specified as a DER encoded ASN.1 SubjectPublicKeyInfo
44 // structure, which contains not only the public key but also its type
46 // SubjectPublicKeyInfo ::= SEQUENCE {
47 // algorithm AlgorithmIdentifier,
48 // subjectPublicKey BIT STRING }
49 bool VerifyInit(SignatureAlgorithm signature_algorithm,
50 base::span<const uint8_t> signature,
51 base::span<const uint8_t> public_key_info);
53 // Feeds a piece of the data to the signature verifier.
54 void VerifyUpdate(base::span<const uint8_t> data_part);
56 // Concludes a signature verification operation. Returns true if the
57 // signature is valid. Returns false if the signature is invalid or an
64 std::vector<uint8_t> signature_;
67 std::unique_ptr<VerifyContext> verify_context_;
72 #endif // CRYPTO_SIGNATURE_VERIFIER_H_