1 // Copyright 2015 The Chromium Authors
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #ifndef BSSL_PKI_VERIFY_SIGNED_DATA_H_
16 #define BSSL_PKI_VERIFY_SIGNED_DATA_H_
17 
18 #include <openssl/base.h>
19 #include <openssl/evp.h>
20 #include <openssl/pki/signature_verify_cache.h>
21 
22 #include "signature_algorithm.h"
23 
24 BSSL_NAMESPACE_BEGIN
25 
26 namespace der {
27 class BitString;
28 class Input;
29 }  // namespace der
30 
31 // Verifies that |signature_value| is a valid signature of |signed_data| using
32 // the algorithm |algorithm| and the public key |public_key|.
33 //
34 //   |algorithm| - The parsed AlgorithmIdentifier
35 //   |signed_data| - The blob of data to verify
36 //   |signature_value| - The BIT STRING for the signature's value
37 //   |public_key| - The parsed (non-null) public key.
38 //
39 // Returns true if verification was successful.
40 [[nodiscard]] OPENSSL_EXPORT bool VerifySignedData(
41     SignatureAlgorithm algorithm, der::Input signed_data,
42     const der::BitString &signature_value, EVP_PKEY *public_key,
43     SignatureVerifyCache *cache);
44 
45 // Same as above overload, only the public key is inputted as an SPKI and will
46 // be parsed internally.
47 [[nodiscard]] OPENSSL_EXPORT bool VerifySignedData(
48     SignatureAlgorithm algorithm, der::Input signed_data,
49     const der::BitString &signature_value, der::Input public_key_spki,
50     SignatureVerifyCache *cache);
51 
52 [[nodiscard]] OPENSSL_EXPORT bool ParsePublicKey(
53     der::Input public_key_spki, bssl::UniquePtr<EVP_PKEY> *public_key);
54 
55 BSSL_NAMESPACE_END
56 
57 #endif  // BSSL_PKI_VERIFY_SIGNED_DATA_H_
58