Botan 3.8.1
Crypto and TLS for C&
Botan::PK_Signer Class Referencefinal

#include <pubkey.h>

Public Member Functions

AlgorithmIdentifier algorithm_identifier () const
 
std::string hash_function () const
 
PK_Signeroperator= (const PK_Signer &)=delete
 
PK_Signeroperator= (PK_Signer &&) noexcept
 
 PK_Signer (const PK_Signer &)=delete
 
 PK_Signer (const Private_Key &key, RandomNumberGenerator &rng, std::string_view padding, Signature_Format format=Signature_Format::Standard, std::string_view provider="")
 
 PK_Signer (PK_Signer &&) noexcept
 
void set_output_format (Signature_Format format)
 
std::vector< uint8_t > sign_message (const uint8_t in[], size_t length, RandomNumberGenerator &rng)
 
std::vector< uint8_t > sign_message (std::span< const uint8_t > in, RandomNumberGenerator &rng)
 
std::vector< uint8_t > signature (RandomNumberGenerator &rng)
 
size_t signature_length () const
 
void update (const uint8_t in[], size_t length)
 
void update (std::span< const uint8_t > in)
 
void update (std::string_view in)
 
void update (uint8_t in)
 
 ~PK_Signer ()
 

Detailed Description

Public Key Signer. Use the sign_message() functions for small messages. Use multiple calls update() to process large messages and generate the signature by finally calling signature().

Definition at line 155 of file pubkey.h.

Constructor & Destructor Documentation

◆ PK_Signer() [1/3]

Botan::PK_Signer::PK_Signer ( const Private_Key & key,
RandomNumberGenerator & rng,
std::string_view padding,
Signature_Format format = Signature_Format::Standard,
std::string_view provider = "" )

Construct a PK Signer.

Parameters
keythe key to use inside this signer
rngthe random generator to use
paddingthe padding/hash to use, eg "SHA-512" or "PSS(SHA-256)"
formatthe signature format to use
providerthe provider to use

Definition at line 253 of file pubkey.cpp.

257 :
258 m_sig_format(format), m_sig_element_size(key._signature_element_size_for_DER_encoding()) {
259 if(m_sig_format == Signature_Format::DerSequence) {
260 BOTAN_ARG_CHECK(m_sig_element_size.has_value(), "This key does not support DER signatures");
261 }
262
263 m_op = key.create_signature_op(rng, emsa, provider);
264 if(!m_op) {
265 throw Invalid_Argument(fmt("Key type {} does not support signature generation", key.algo_name()));
266 }
267}
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:31
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53

References Botan::Asymmetric_Key::algo_name(), BOTAN_ARG_CHECK, Botan::Private_Key::create_signature_op(), Botan::DerSequence, and Botan::fmt().

Referenced by operator=(), operator=(), PK_Signer(), PK_Signer(), and update().

◆ ~PK_Signer()

Botan::PK_Signer::~PK_Signer ( )
default

◆ PK_Signer() [2/3]

Botan::PK_Signer::PK_Signer ( const PK_Signer & )
delete

References PK_Signer().

◆ PK_Signer() [3/3]

Botan::PK_Signer::PK_Signer ( PK_Signer && )
defaultnoexcept

References PK_Signer().

Member Function Documentation

◆ algorithm_identifier()

AlgorithmIdentifier Botan::PK_Signer::algorithm_identifier ( ) const

Return an AlgorithmIdentifier appropriate for identifying the signature method being generated by this PK_Signer. Throws an exception if this is not available for the current signature scheme.

Definition at line 269 of file pubkey.cpp.

269 {
270 return m_op->algorithm_identifier();
271}

◆ hash_function()

std::string Botan::PK_Signer::hash_function ( ) const

Return the hash function which is being used to create signatures. This should never return an empty string however it may return a string which does not map directly to a hash function, in particular if "Raw" (unhashed) encoding is being used.

Definition at line 273 of file pubkey.cpp.

273 {
274 return m_op->hash_function();
275}

◆ operator=() [1/2]

PK_Signer & Botan::PK_Signer::operator= ( const PK_Signer & )
delete

References PK_Signer().

◆ operator=() [2/2]

PK_Signer & Botan::PK_Signer::operator= ( PK_Signer && )
defaultnoexcept

References PK_Signer().

◆ set_output_format()

void Botan::PK_Signer::set_output_format ( Signature_Format format)
inline

Set the output format of the signature.

Parameters
formatthe signature format to use

Definition at line 238 of file pubkey.h.

238{ m_sig_format = format; }

◆ sign_message() [1/2]

std::vector< uint8_t > Botan::PK_Signer::sign_message ( const uint8_t in[],
size_t length,
RandomNumberGenerator & rng )
inline

Sign a message all in one go

Parameters
inthe message to sign as a byte array
lengththe length of the above byte array
rngthe rng to use
Returns
signature

Definition at line 186 of file pubkey.h.

186 {
187 this->update(in, length);
188 return this->signature(rng);
189 }
void update(uint8_t in)
Definition pubkey.h:205
std::vector< uint8_t > signature(RandomNumberGenerator &rng)
Definition pubkey.cpp:355

References sign_message(), signature(), and update().

Referenced by Botan::X509_Object::make_signed(), sign_message(), sign_message(), Botan::KeyPair::signature_consistency_check(), and Botan::TLS::Callbacks::tls_sign_message().

◆ sign_message() [2/2]

std::vector< uint8_t > Botan::PK_Signer::sign_message ( std::span< const uint8_t > in,
RandomNumberGenerator & rng )
inline

Sign a message.

Parameters
inthe message to sign
rngthe rng to use
Returns
signature

Definition at line 197 of file pubkey.h.

197 {
198 return sign_message(in.data(), in.size(), rng);
199 }
std::vector< uint8_t > sign_message(const uint8_t in[], size_t length, RandomNumberGenerator &rng)
Definition pubkey.h:186

References sign_message().

◆ signature()

std::vector< uint8_t > Botan::PK_Signer::signature ( RandomNumberGenerator & rng)

Get the signature of the so far processed message (provided by the calls to update()).

Parameters
rngthe rng to use
Returns
signature of the total message

Definition at line 355 of file pubkey.cpp.

355 {
356 std::vector<uint8_t> sig = m_op->sign(rng);
357
358 if(m_sig_format == Signature_Format::Standard) {
359 return sig;
360 } else if(m_sig_format == Signature_Format::DerSequence) {
361 BOTAN_ASSERT_NOMSG(m_sig_element_size.has_value());
362 return der_encode_signature(sig, 2, m_sig_element_size.value());
363 } else {
364 throw Internal_Error("PK_Signer: Invalid signature format enum");
365 }
366}
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:61

References BOTAN_ASSERT_NOMSG, Botan::DerSequence, and Botan::Standard.

Referenced by sign_message().

◆ signature_length()

size_t Botan::PK_Signer::signature_length ( ) const

Return an upper bound on the length of the signatures this PK_Signer will produce

Definition at line 311 of file pubkey.cpp.

311 {
312 if(m_sig_format == Signature_Format::Standard) {
313 return m_op->signature_length();
314 } else if(m_sig_format == Signature_Format::DerSequence) {
315 size_t sig_len = m_op->signature_length();
316
317 size_t der_overhead = [sig_len]() {
318 /*
319 This was computed by DER encoding of some maximal value signatures
320 (since DER is variable length)
321
322 The first two cases covers all EC schemes since groups are at most 521
323 bits.
324
325 The other cases are only for finite field DSA which practically is only
326 used up to 3072 bit groups but the calculation is correct up to a
327 262096 (!) bit group so allow it. There are some intermediate sizes but
328 this function is allowed to (and indeed must) return an over-estimate
329 rather than an exact value since the actual length will change based on
330 the computed signature.
331 */
332
333 if(sig_len <= 120) {
334 // EC signatures <= 480 bits
335 return 8;
336 } else if(sig_len <= 248) {
337 // EC signatures > 480 bits (or very small DSA groups...)
338 return 9;
339 } else {
340 // Everything else. This is an over-estimate for groups under
341 // 2040 bits but exact otherwise
342
343 // This requires 15 bytes DER overhead and should never happen
344 BOTAN_ASSERT_NOMSG(sig_len < 65524);
345 return 14;
346 }
347 }();
348
349 return sig_len + der_overhead;
350 } else {
351 throw Internal_Error("PK_Signer: Invalid signature format enum");
352 }
353}

References BOTAN_ASSERT_NOMSG, Botan::DerSequence, and Botan::Standard.

◆ update() [1/4]

void Botan::PK_Signer::update ( const uint8_t in[],
size_t length )

Add a message part.

Parameters
inthe message part to add as a byte array
lengththe length of the above byte array

Definition at line 286 of file pubkey.cpp.

286 {
287 m_op->update({in, length});
288}

◆ update() [2/4]

void Botan::PK_Signer::update ( std::span< const uint8_t > in)
inline

Add a message part.

Parameters
inthe message part to add

Definition at line 218 of file pubkey.h.

218{ update(in.data(), in.size()); }

References update().

Referenced by update().

◆ update() [3/4]

void Botan::PK_Signer::update ( std::string_view in)

Add a message part.

Parameters
inthe message part to add

Definition at line 282 of file pubkey.cpp.

282 {
283 this->update(cast_char_ptr_to_uint8(in.data()), in.size());
284}
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition mem_ops.h:276

References Botan::cast_char_ptr_to_uint8(), PK_Signer(), and update().

◆ update() [4/4]

void Botan::PK_Signer::update ( uint8_t in)
inline

Add a message part (single byte).

Parameters
inthe byte to add

Definition at line 205 of file pubkey.h.

205{ update(&in, 1); }

References update().

Referenced by sign_message(), update(), and update().


The documentation for this class was generated from the following files: