#include <pubkey.h>

Public Member Functions
bool	check_signature (const uint8_t sig[], size_t length)

bool	check_signature (std::span< const uint8_t > sig)

std::string	hash_function () const

PK_Verifier &	operator= (const PK_Verifier &)=delete

PK_Verifier &	operator= (PK_Verifier &&) noexcept=delete

	PK_Verifier (const PK_Verifier &)=delete

	PK_Verifier (const Public_Key &pub_key, const AlgorithmIdentifier &signature_algorithm, std::string_view provider="")

	PK_Verifier (const Public_Key &pub_key, std::string_view padding, Signature_Format format=Signature_Format::Standard, std::string_view provider="")

	PK_Verifier (PK_Verifier &&) noexcept=delete

void	set_input_format (Signature_Format format)

void	update (const uint8_t msg_part[], size_t length)

void	update (std::span< const uint8_t > in)

void	update (std::string_view in)

void	update (uint8_t in)

bool	verify_message (const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)

bool	verify_message (std::span< const uint8_t > msg, std::span< const uint8_t > sig)

	~PK_Verifier ()

Detailed Description

Public Key Verifier. Use the verify_message() functions for small messages. Use multiple calls update() to process large messages and verify the signature by finally calling check_signature().

Definition at line 295 of file pubkey.h.

Constructor & Destructor Documentation

◆ PK_Verifier() [1/4]

Botan::PK_Verifier::PK_Verifier	(	const Public_Key &	pub_key,
		std::string_view	padding,
		Signature_Format	format = `Signature_Format::Standard`,
		std::string_view	provider = `""`
	)

Construct a PK Verifier.

Parameters

pub_key	the public key to verify against
padding	the padding/hash to use (eg "EMSA_PKCS1(SHA-256)")
format	the signature format to use
provider	the provider to use

Definition at line 339 of file pubkey.cpp.

   {
   m_op = key.create_verification_op(emsa, provider);
   if(!m_op)
      {
      throw Invalid_Argument(fmt("Key type {} does not support signature verification", key.algo_name()));
      }
   m_sig_format = format;
   m_parts = key.message_parts();
   m_part_size = key.message_part_size();
   check_der_format_supported(format, m_parts);
   }

References Botan::Asymmetric_Key::algo_name(), Botan::Public_Key::create_verification_op(), Botan::fmt(), Botan::Public_Key::message_part_size(), and Botan::Public_Key::message_parts().

◆ PK_Verifier() [2/4]

Botan::PK_Verifier::PK_Verifier	(	const Public_Key &	pub_key,
		const AlgorithmIdentifier &	signature_algorithm,
		std::string_view	provider = `""`
	)

Construct a PK Verifier (X.509 specific)

This constructor will attempt to decode signature_format relative to the public key provided. If they seem to be inconsistent or otherwise unsupported, a Decoding_Error is thrown.

Parameters

pub_key	the public key to verify against
signature_algorithm	the supposed signature algorithm
provider	the provider to use

Definition at line 355 of file pubkey.cpp.

   {
   m_op = key.create_x509_verification_op(signature_algorithm, provider);
 
   if(!m_op)
      {
      throw Invalid_Argument(fmt("Key type {} does not support X.509 signature verification", key.algo_name()));
      }
 
   m_sig_format = key.default_x509_signature_format();
   m_parts = key.message_parts();
   m_part_size = key.message_part_size();
   check_der_format_supported(m_sig_format, m_parts);
   }

References Botan::Asymmetric_Key::algo_name(), Botan::Public_Key::create_x509_verification_op(), Botan::Public_Key::default_x509_signature_format(), Botan::fmt(), Botan::Public_Key::message_part_size(), and Botan::Public_Key::message_parts().

◆ ~PK_Verifier()

Botan::PK_Verifier::~PK_Verifier ( )

default

◆ PK_Verifier() [3/4]

Botan::PK_Verifier::PK_Verifier ( const PK_Verifier & )

delete

◆ PK_Verifier() [4/4]

Botan::PK_Verifier::PK_Verifier ( PK_Verifier && )

deletenoexcept

Member Function Documentation

◆ check_signature() [1/2]

bool Botan::PK_Verifier::check_signature	(	const uint8_t	sig[],
		size_t	length
	)

Check the signature of the buffered message, i.e. the one build by successive calls to update.

Parameters

sig	the signature to be verified as a byte array
length	the length of the above byte array

Returns: true if the signature is valid, false otherwise

Definition at line 434 of file pubkey.cpp.

   {
   try {
      if(m_sig_format == Signature_Format::Standard)
         {
         return m_op->is_valid_signature(sig, length);
         }
      else if(m_sig_format == Signature_Format::DerSequence)
         {
         bool decoding_success = false;
         std::vector<uint8_t> real_sig;
 
         try
            {
            real_sig = decode_der_signature(sig, length, m_parts, m_part_size);
            decoding_success = true;
            }
         catch(Decoding_Error&) {}
 
         bool accept = m_op->is_valid_signature(real_sig.data(), real_sig.size());
 
         return accept && decoding_success;
         }
      else
         throw Internal_Error("PK_Verifier: Invalid signature format enum");
      }
   catch(Invalid_Argument&) { return false; }
   catch(Decoding_Error&) { return false; }
   catch(Encoding_Error&) { return false; }
   }

References Botan::DerSequence, and Botan::Standard.

Referenced by Botan::Roughtime::Response::validate(), and verify_message().

◆ check_signature() [2/2]

bool Botan::PK_Verifier::check_signature ( std::span< const uint8_t > sig )

inline

Check the signature of the buffered message, i.e. the one build by successive calls to update.

Parameters

sig	the signature to be verified

Returns: true if the signature is valid, false otherwise

Definition at line 404 of file pubkey.h.

         {
         return check_signature(sig.data(), sig.size());
         }

◆ hash_function()

std::string Botan::PK_Verifier::hash_function ( ) const

Return the hash function which is being used to verify signatures. This should never return an empty string however it may return a string which does not map directly to a hash function, in particular if "Raw" (unhashed) encoding is being used.

Definition at line 374 of file pubkey.cpp.

   {
   return m_op->hash_function();
   }

Referenced by Botan::X509_Object::verify_signature().

◆ operator=() [1/2]

PK_Verifier & Botan::PK_Verifier::operator= ( const PK_Verifier & )

delete

◆ operator=() [2/2]

PK_Verifier & Botan::PK_Verifier::operator= ( PK_Verifier && )

deletenoexcept

◆ set_input_format()

void Botan::PK_Verifier::set_input_format ( Signature_Format format )

Set the format of the signatures fed to this verifier.

Parameters

format the signature format to use

Definition at line 379 of file pubkey.cpp.

   {
   check_der_format_supported(format, m_parts);
   m_sig_format = format;
   }

◆ update() [1/4]

void Botan::PK_Verifier::update	(	const uint8_t	msg_part[],
		size_t	length
	)

Add a message part of the message corresponding to the signature to be verified.

Parameters

msg_part	the new message part as a byte array
length	the length of the above byte array

Definition at line 392 of file pubkey.cpp.

   {
   m_op->update(in, length);
   }

◆ update() [2/4]

void Botan::PK_Verifier::update ( std::span< const uint8_t > in )

inline

Add a message part of the message corresponding to the signature to be verified.

Parameters

in	the new message part

Definition at line 375 of file pubkey.h.

         {
         update(in.data(), in.size());
         }

References update.

◆ update() [3/4]

void Botan::PK_Verifier::update ( std::string_view in )

inline

Add a message part of the message corresponding to the signature to be verified.

Definition at line 384 of file pubkey.h.

         {
         update(cast_char_ptr_to_uint8(in.data()), in.size());
         }

References Botan::cast_char_ptr_to_uint8(), and update.

◆ update() [4/4]

void Botan::PK_Verifier::update ( uint8_t in )

inline

Add a message part (single byte) of the message corresponding to the signature to be verified.

Parameters

in	the byte to add

Definition at line 360 of file pubkey.h.

360{ update(&in, 1); }

References update().

Referenced by update(), and Botan::Roughtime::Response::validate().

◆ verify_message() [1/2]

bool Botan::PK_Verifier::verify_message	(	const uint8_t	msg[],
		size_t	msg_length,
		const uint8_t	sig[],
		size_t	sig_length
	)

Verify a signature.

Parameters

msg	the message that the signature belongs to, as a byte array
msg_length	the length of the above byte array msg
sig	the signature as a byte array
sig_length	the length of the above byte array sig

Returns: true if the signature is valid

Definition at line 385 of file pubkey.cpp.

   {
   update(msg, msg_length);
   return check_signature(sig, sig_length);
   }

References check_signature(), and update.

Referenced by Botan::KeyPair::signature_consistency_check(), Botan::TLS::Callbacks::tls_verify_message(), Botan::X509_Object::verify_signature(), and Botan::OCSP::Response::verify_signature().

◆ verify_message() [2/2]

bool Botan::PK_Verifier::verify_message	(	std::span< const uint8_t >	msg,
		std::span< const uint8_t >	sig
	)

inline

Verify a signature.

Parameters

msg	the message that the signature belongs to
sig	the signature

Returns: true if the signature is valid

Definition at line 348 of file pubkey.h.

         {
         return verify_message(msg.data(), msg.size(),
                               sig.data(), sig.size());
         }

The documentation for this class was generated from the following files:

src/lib/pubkey/pubkey.h
src/lib/pubkey/pubkey.cpp

Public Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ PK_Verifier() [1/4]

◆ PK_Verifier() [2/4]

◆ ~PK_Verifier()

◆ PK_Verifier() [3/4]

◆ PK_Verifier() [4/4]

Member Function Documentation

◆ check_signature() [1/2]

◆ check_signature() [2/2]

◆ hash_function()

◆ operator=() [1/2]

◆ operator=() [2/2]

◆ set_input_format()

◆ update() [1/4]

◆ update() [2/4]

◆ update() [3/4]

◆ update() [4/4]

◆ verify_message() [1/2]

◆ verify_message() [2/2]