Botan 3.3.0
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::PK_Verifier Class Referencefinal

#include <pubkey.h>

Public Member Functions

bool check_signature (const uint8_t sig[], size_t length)
 
bool check_signature (std::span< const uint8_t > sig)
 
std::string hash_function () const
 
PK_Verifieroperator= (const PK_Verifier &)=delete
 
PK_Verifieroperator= (PK_Verifier &&) noexcept
 
 PK_Verifier (const PK_Verifier &)=delete
 
 PK_Verifier (const Public_Key &pub_key, const AlgorithmIdentifier &signature_algorithm, std::string_view provider="")
 
 PK_Verifier (const Public_Key &pub_key, std::string_view padding, Signature_Format format=Signature_Format::Standard, std::string_view provider="")
 
 PK_Verifier (PK_Verifier &&) noexcept
 
void set_input_format (Signature_Format format)
 
void update (const uint8_t msg_part[], size_t length)
 
void update (std::span< const uint8_t > in)
 
void update (std::string_view in)
 
void update (uint8_t in)
 
bool verify_message (const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)
 
bool verify_message (std::span< const uint8_t > msg, std::span< const uint8_t > sig)
 
 ~PK_Verifier ()
 

Detailed Description

Public Key Verifier. Use the verify_message() functions for small messages. Use multiple calls update() to process large messages and verify the signature by finally calling check_signature().

Definition at line 272 of file pubkey.h.

Constructor & Destructor Documentation

◆ PK_Verifier() [1/4]

Botan::PK_Verifier::PK_Verifier ( const Public_Key & pub_key,
std::string_view padding,
Signature_Format format = Signature_Format::Standard,
std::string_view provider = "" )

Construct a PK Verifier.

Parameters
pub_keythe public key to verify against
paddingthe padding/hash to use (eg "EMSA_PKCS1(SHA-256)")
formatthe signature format to use
providerthe provider to use

Definition at line 325 of file pubkey.cpp.

328 {
329 m_op = key.create_verification_op(emsa, provider);
330 if(!m_op) {
331 throw Invalid_Argument(fmt("Key type {} does not support signature verification", key.algo_name()));
332 }
333 m_sig_format = format;
334 m_parts = key.message_parts();
335 m_part_size = key.message_part_size();
336 check_der_format_supported(format, m_parts);
337}
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53

References Botan::Asymmetric_Key::algo_name(), Botan::Public_Key::create_verification_op(), Botan::fmt(), Botan::Public_Key::message_part_size(), and Botan::Public_Key::message_parts().

◆ PK_Verifier() [2/4]

Botan::PK_Verifier::PK_Verifier ( const Public_Key & pub_key,
const AlgorithmIdentifier & signature_algorithm,
std::string_view provider = "" )

Construct a PK Verifier (X.509 specific)

This constructor will attempt to decode signature_format relative to the public key provided. If they seem to be inconsistent or otherwise unsupported, a Decoding_Error is thrown.

Parameters
pub_keythe public key to verify against
signature_algorithmthe supposed signature algorithm
providerthe provider to use

Definition at line 339 of file pubkey.cpp.

341 {
342 m_op = key.create_x509_verification_op(signature_algorithm, provider);
343
344 if(!m_op) {
345 throw Invalid_Argument(fmt("Key type {} does not support X.509 signature verification", key.algo_name()));
346 }
347
348 m_sig_format = key.default_x509_signature_format();
349 m_parts = key.message_parts();
350 m_part_size = key.message_part_size();
351 check_der_format_supported(m_sig_format, m_parts);
352}

References Botan::Asymmetric_Key::algo_name(), Botan::Public_Key::create_x509_verification_op(), Botan::Public_Key::default_x509_signature_format(), Botan::fmt(), Botan::Public_Key::message_part_size(), and Botan::Public_Key::message_parts().

◆ ~PK_Verifier()

Botan::PK_Verifier::~PK_Verifier ( )
default

◆ PK_Verifier() [3/4]

Botan::PK_Verifier::PK_Verifier ( const PK_Verifier & )
delete

◆ PK_Verifier() [4/4]

Botan::PK_Verifier::PK_Verifier ( PK_Verifier && )
defaultnoexcept

Member Function Documentation

◆ check_signature() [1/2]

bool Botan::PK_Verifier::check_signature ( const uint8_t sig[],
size_t length )

Check the signature of the buffered message, i.e. the one build by successive calls to update.

Parameters
sigthe signature to be verified as a byte array
lengththe length of the above byte array
Returns
true if the signature is valid, false otherwise

Definition at line 413 of file pubkey.cpp.

413 {
414 try {
415 if(m_sig_format == Signature_Format::Standard) {
416 return m_op->is_valid_signature(sig, length);
417 } else if(m_sig_format == Signature_Format::DerSequence) {
418 bool decoding_success = false;
419 std::vector<uint8_t> real_sig;
420
421 try {
422 real_sig = decode_der_signature(sig, length, m_parts, m_part_size);
423 decoding_success = true;
424 } catch(Decoding_Error&) {}
425
426 bool accept = m_op->is_valid_signature(real_sig.data(), real_sig.size());
427
428 return accept && decoding_success;
429 } else {
430 throw Internal_Error("PK_Verifier: Invalid signature format enum");
431 }
432 } catch(Invalid_Argument&) {
433 return false;
434 } catch(Decoding_Error&) {
435 return false;
436 } catch(Encoding_Error&) {
437 return false;
438 }
439}

References Botan::DerSequence, and Botan::Standard.

Referenced by Botan::Roughtime::Response::validate(), and verify_message().

◆ check_signature() [2/2]

bool Botan::PK_Verifier::check_signature ( std::span< const uint8_t > sig)
inline

Check the signature of the buffered message, i.e. the one build by successive calls to update.

Parameters
sigthe signature to be verified
Returns
true if the signature is valid, false otherwise

Definition at line 372 of file pubkey.h.

372{ return check_signature(sig.data(), sig.size()); }
bool check_signature(const uint8_t sig[], size_t length)
Definition pubkey.cpp:413

References check_signature().

Referenced by check_signature().

◆ hash_function()

std::string Botan::PK_Verifier::hash_function ( ) const

Return the hash function which is being used to verify signatures. This should never return an empty string however it may return a string which does not map directly to a hash function, in particular if "Raw" (unhashed) encoding is being used.

Definition at line 359 of file pubkey.cpp.

359 {
360 return m_op->hash_function();
361}

References hash_function().

Referenced by hash_function(), and Botan::X509_Object::verify_signature().

◆ operator=() [1/2]

PK_Verifier & Botan::PK_Verifier::operator= ( const PK_Verifier & )
delete

◆ operator=() [2/2]

PK_Verifier & Botan::PK_Verifier::operator= ( PK_Verifier && )
defaultnoexcept

◆ set_input_format()

void Botan::PK_Verifier::set_input_format ( Signature_Format format)

Set the format of the signatures fed to this verifier.

Parameters
formatthe signature format to use

Definition at line 363 of file pubkey.cpp.

363 {
364 check_der_format_supported(format, m_parts);
365 m_sig_format = format;
366}

◆ update() [1/4]

void Botan::PK_Verifier::update ( const uint8_t msg_part[],
size_t length )

Add a message part of the message corresponding to the signature to be verified.

Parameters
msg_partthe new message part as a byte array
lengththe length of the above byte array

Definition at line 377 of file pubkey.cpp.

377 {
378 m_op->update(in, length);
379}

◆ update() [2/4]

void Botan::PK_Verifier::update ( std::span< const uint8_t > in)
inline

Add a message part of the message corresponding to the signature to be verified.

Parameters
inthe new message part

Definition at line 349 of file pubkey.h.

349{ update(in.data(), in.size()); }
int(* update)(CTX *, const void *, CC_LONG len)

References update().

Referenced by update().

◆ update() [3/4]

void Botan::PK_Verifier::update ( std::string_view in)

Add a message part of the message corresponding to the signature to be verified.

Definition at line 373 of file pubkey.cpp.

373 {
374 this->update(cast_char_ptr_to_uint8(in.data()), in.size());
375}
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition mem_ops.h:272

References Botan::cast_char_ptr_to_uint8(), and update.

◆ update() [4/4]

void Botan::PK_Verifier::update ( uint8_t in)
inline

Add a message part (single byte) of the message corresponding to the signature to be verified.

Parameters
inthe byte to add

Definition at line 334 of file pubkey.h.

334{ update(&in, 1); }

References update().

Referenced by update(), and Botan::Roughtime::Response::validate().

◆ verify_message() [1/2]

bool Botan::PK_Verifier::verify_message ( const uint8_t msg[],
size_t msg_length,
const uint8_t sig[],
size_t sig_length )

Verify a signature.

Parameters
msgthe message that the signature belongs to, as a byte array
msg_lengththe length of the above byte array msg
sigthe signature as a byte array
sig_lengththe length of the above byte array sig
Returns
true if the signature is valid

Definition at line 368 of file pubkey.cpp.

368 {
369 update(msg, msg_length);
370 return check_signature(sig, sig_length);
371}

References check_signature(), and update.

Referenced by Botan::KeyPair::signature_consistency_check(), Botan::TLS::Callbacks::tls_verify_message(), Botan::X509_Object::verify_signature(), and Botan::OCSP::Response::verify_signature().

◆ verify_message() [2/2]

bool Botan::PK_Verifier::verify_message ( std::span< const uint8_t > msg,
std::span< const uint8_t > sig )
inline

Verify a signature.

Parameters
msgthe message that the signature belongs to
sigthe signature
Returns
true if the signature is valid

Definition at line 325 of file pubkey.h.

325 {
326 return verify_message(msg.data(), msg.size(), sig.data(), sig.size());
327 }
bool verify_message(const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)
Definition pubkey.cpp:368

The documentation for this class was generated from the following files: