Botan 3.6.1
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::PK_Verifier Class Referencefinal

#include <pubkey.h>

Public Member Functions

bool check_signature (const uint8_t sig[], size_t length)
 
bool check_signature (std::span< const uint8_t > sig)
 
std::string hash_function () const
 
PK_Verifieroperator= (const PK_Verifier &)=delete
 
PK_Verifieroperator= (PK_Verifier &&) noexcept
 
 PK_Verifier (const PK_Verifier &)=delete
 
 PK_Verifier (const Public_Key &pub_key, const AlgorithmIdentifier &signature_algorithm, std::string_view provider="")
 
 PK_Verifier (const Public_Key &pub_key, std::string_view padding, Signature_Format format=Signature_Format::Standard, std::string_view provider="")
 
 PK_Verifier (PK_Verifier &&) noexcept
 
void set_input_format (Signature_Format format)
 
void update (const uint8_t msg_part[], size_t length)
 
void update (std::span< const uint8_t > in)
 
void update (std::string_view in)
 
void update (uint8_t in)
 
bool verify_message (const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)
 
bool verify_message (std::span< const uint8_t > msg, std::span< const uint8_t > sig)
 
 ~PK_Verifier ()
 

Detailed Description

Public Key Verifier. Use the verify_message() functions for small messages. Use multiple calls update() to process large messages and verify the signature by finally calling check_signature().

Definition at line 272 of file pubkey.h.

Constructor & Destructor Documentation

◆ PK_Verifier() [1/4]

Botan::PK_Verifier::PK_Verifier ( const Public_Key & pub_key,
std::string_view padding,
Signature_Format format = Signature_Format::Standard,
std::string_view provider = "" )

Construct a PK Verifier.

Parameters
pub_keythe public key to verify against
paddingthe padding/hash to use (eg "EMSA_PKCS1(SHA-256)")
formatthe signature format to use
providerthe provider to use

Definition at line 328 of file pubkey.cpp.

331 {
332 m_op = key.create_verification_op(emsa, provider);
333 if(!m_op) {
334 throw Invalid_Argument(fmt("Key type {} does not support signature verification", key.algo_name()));
335 }
336 m_sig_format = format;
337 m_parts = key.message_parts();
338 m_part_size = key.message_part_size();
339 check_der_format_supported(format, m_parts);
340}
Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53

References Botan::Asymmetric_Key::algo_name(), Botan::Public_Key::create_verification_op(), Botan::fmt(), Botan::Public_Key::message_part_size(), and Botan::Public_Key::message_parts().

◆ PK_Verifier() [2/4]

Botan::PK_Verifier::PK_Verifier ( const Public_Key & pub_key,
const AlgorithmIdentifier & signature_algorithm,
std::string_view provider = "" )

Construct a PK Verifier (X.509 specific)

This constructor will attempt to decode signature_format relative to the public key provided. If they seem to be inconsistent or otherwise unsupported, a Decoding_Error is thrown.

Parameters
pub_keythe public key to verify against
signature_algorithmthe supposed signature algorithm
providerthe provider to use

Definition at line 342 of file pubkey.cpp.

344 {
345 m_op = key.create_x509_verification_op(signature_algorithm, provider);
346
347 if(!m_op) {
348 throw Invalid_Argument(fmt("Key type {} does not support X.509 signature verification", key.algo_name()));
349 }
350
351 m_sig_format = key.default_x509_signature_format();
352 m_parts = key.message_parts();
353 m_part_size = key.message_part_size();
354 check_der_format_supported(m_sig_format, m_parts);
355}

References Botan::Asymmetric_Key::algo_name(), Botan::Public_Key::create_x509_verification_op(), Botan::Public_Key::default_x509_signature_format(), Botan::fmt(), Botan::Public_Key::message_part_size(), and Botan::Public_Key::message_parts().

◆ ~PK_Verifier()

Botan::PK_Verifier::~PK_Verifier ( )
default

◆ PK_Verifier() [3/4]

Botan::PK_Verifier::PK_Verifier ( const PK_Verifier & )
delete

◆ PK_Verifier() [4/4]

Botan::PK_Verifier::PK_Verifier ( PK_Verifier && )
defaultnoexcept

Member Function Documentation

◆ check_signature() [1/2]

bool Botan::PK_Verifier::check_signature ( const uint8_t sig[],
size_t length )

Check the signature of the buffered message, i.e. the one build by successive calls to update.

Parameters
sigthe signature to be verified as a byte array
lengththe length of the above byte array
Returns
true if the signature is valid, false otherwise

Definition at line 416 of file pubkey.cpp.

416 {
417 try {
418 if(m_sig_format == Signature_Format::Standard) {
419 return m_op->is_valid_signature({sig, length});
420 } else if(m_sig_format == Signature_Format::DerSequence) {
421 bool decoding_success = false;
422 std::vector<uint8_t> real_sig;
423
424 try {
425 real_sig = decode_der_signature(sig, length, m_parts, m_part_size);
426 decoding_success = true;
427 } catch(Decoding_Error&) {}
428
429 bool accept = m_op->is_valid_signature(real_sig);
430
431 return accept && decoding_success;
432 } else {
433 throw Internal_Error("PK_Verifier: Invalid signature format enum");
434 }
435 } catch(Invalid_Argument&) {
436 return false;
437 } catch(Decoding_Error&) {
438 return false;
439 } catch(Encoding_Error&) {
440 return false;
441 }
442}

References Botan::DerSequence, and Botan::Standard.

Referenced by Botan::Roughtime::Response::validate(), and verify_message().

◆ check_signature() [2/2]

bool Botan::PK_Verifier::check_signature ( std::span< const uint8_t > sig)
inline

Check the signature of the buffered message, i.e. the one build by successive calls to update.

Parameters
sigthe signature to be verified
Returns
true if the signature is valid, false otherwise

Definition at line 372 of file pubkey.h.

372{ return check_signature(sig.data(), sig.size()); }
Botan::PK_Verifier::check_signature
bool check_signature(const uint8_t sig[], size_t length)
Definition pubkey.cpp:416

References check_signature().

Referenced by check_signature().

◆ hash_function()

std::string Botan::PK_Verifier::hash_function ( ) const

Return the hash function which is being used to verify signatures. This should never return an empty string however it may return a string which does not map directly to a hash function, in particular if "Raw" (unhashed) encoding is being used.

Definition at line 362 of file pubkey.cpp.

362 {
363 return m_op->hash_function();
364}

References hash_function().

Referenced by hash_function(), and Botan::X509_Object::verify_signature().

◆ operator=() [1/2]

PK_Verifier & Botan::PK_Verifier::operator= ( const PK_Verifier & )
delete

◆ operator=() [2/2]

PK_Verifier & Botan::PK_Verifier::operator= ( PK_Verifier && )
defaultnoexcept

◆ set_input_format()

void Botan::PK_Verifier::set_input_format ( Signature_Format format)

Set the format of the signatures fed to this verifier.

Parameters
formatthe signature format to use

Definition at line 366 of file pubkey.cpp.

366 {
367 check_der_format_supported(format, m_parts);
368 m_sig_format = format;
369}

◆ update() [1/4]

void Botan::PK_Verifier::update ( const uint8_t msg_part[],
size_t length )

Add a message part of the message corresponding to the signature to be verified.

Parameters
msg_partthe new message part as a byte array
lengththe length of the above byte array

Definition at line 380 of file pubkey.cpp.

380 {
381 m_op->update({in, length});
382}

◆ update() [2/4]

void Botan::PK_Verifier::update ( std::span< const uint8_t > in)
inline

Add a message part of the message corresponding to the signature to be verified.

Parameters
inthe new message part

Definition at line 349 of file pubkey.h.

349{ update(in.data(), in.size()); }
update
int(* update)(CTX *, const void *, CC_LONG len)
Definition commoncrypto_hash.cpp:28

References update().

Referenced by update().

◆ update() [3/4]

void Botan::PK_Verifier::update ( std::string_view in)

Add a message part of the message corresponding to the signature to be verified.

Definition at line 376 of file pubkey.cpp.

376 {
377 this->update(cast_char_ptr_to_uint8(in.data()), in.size());
378}
Botan::cast_char_ptr_to_uint8
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition mem_ops.h:273

References Botan::cast_char_ptr_to_uint8(), and update.

◆ update() [4/4]

void Botan::PK_Verifier::update ( uint8_t in)
inline

Add a message part (single byte) of the message corresponding to the signature to be verified.

Parameters
inthe byte to add

Definition at line 334 of file pubkey.h.

334{ update(&in, 1); }

References update().

Referenced by update(), and Botan::Roughtime::Response::validate().

◆ verify_message() [1/2]

bool Botan::PK_Verifier::verify_message ( const uint8_t msg[],
size_t msg_length,
const uint8_t sig[],
size_t sig_length )

Verify a signature.

Parameters
msgthe message that the signature belongs to, as a byte array
msg_lengththe length of the above byte array msg
sigthe signature as a byte array
sig_lengththe length of the above byte array sig
Returns
true if the signature is valid

Definition at line 371 of file pubkey.cpp.

371 {
372 update(msg, msg_length);
373 return check_signature(sig, sig_length);
374}

References check_signature(), and update.

Referenced by Botan::KeyPair::signature_consistency_check(), Botan::TLS::Callbacks::tls_verify_message(), Botan::OCSP::Response::verify_signature(), and Botan::X509_Object::verify_signature().

◆ verify_message() [2/2]

bool Botan::PK_Verifier::verify_message ( std::span< const uint8_t > msg,
std::span< const uint8_t > sig )
inline

Verify a signature.

Parameters
msgthe message that the signature belongs to
sigthe signature
Returns
true if the signature is valid

Definition at line 325 of file pubkey.h.

325 {
326 return verify_message(msg.data(), msg.size(), sig.data(), sig.size());
327 }
Botan::PK_Verifier::verify_message
bool verify_message(const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)
Definition pubkey.cpp:371
The documentation for this class was generated from the following files:
Generated by doxygen 1.12.0