Botan 3.8.1
Crypto and TLS for C&
Botan::PK_Verifier Class Referencefinal

#include <pubkey.h>

Public Member Functions

bool check_signature (const uint8_t sig[], size_t length)
 
bool check_signature (std::span< const uint8_t > sig)
 
std::string hash_function () const
 
PK_Verifieroperator= (const PK_Verifier &)=delete
 
PK_Verifieroperator= (PK_Verifier &&) noexcept
 
 PK_Verifier (const PK_Verifier &)=delete
 
 PK_Verifier (const Public_Key &pub_key, const AlgorithmIdentifier &signature_algorithm, std::string_view provider="")
 
 PK_Verifier (const Public_Key &pub_key, std::string_view padding, Signature_Format format=Signature_Format::Standard, std::string_view provider="")
 
 PK_Verifier (PK_Verifier &&) noexcept
 
void set_input_format (Signature_Format format)
 
void update (const uint8_t msg_part[], size_t length)
 
void update (std::span< const uint8_t > in)
 
void update (std::string_view in)
 
void update (uint8_t in)
 
bool verify_message (const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)
 
bool verify_message (std::span< const uint8_t > msg, std::span< const uint8_t > sig)
 
 ~PK_Verifier ()
 

Detailed Description

Public Key Verifier. Use the verify_message() functions for small messages. Use multiple calls update() to process large messages and verify the signature by finally calling check_signature().

Definition at line 272 of file pubkey.h.

Constructor & Destructor Documentation

◆ PK_Verifier() [1/4]

Botan::PK_Verifier::PK_Verifier ( const Public_Key & pub_key,
std::string_view padding,
Signature_Format format = Signature_Format::Standard,
std::string_view provider = "" )

Construct a PK Verifier.

Parameters
pub_keythe public key to verify against
paddingthe padding/hash to use (eg "SHA-512" or "PSS(SHA-256)")
formatthe signature format to use
providerthe provider to use

Definition at line 368 of file pubkey.cpp.

371 {
372 m_op = key.create_verification_op(emsa, provider);
373 if(!m_op) {
374 throw Invalid_Argument(fmt("Key type {} does not support signature verification", key.algo_name()));
375 }
376
377 m_sig_format = format;
378 m_sig_element_size = key._signature_element_size_for_DER_encoding();
379
380 if(m_sig_format == Signature_Format::DerSequence) {
381 BOTAN_ARG_CHECK(m_sig_element_size.has_value(), "This key does not support DER signatures");
382 }
383}
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:31
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53

References Botan::Asymmetric_Key::_signature_element_size_for_DER_encoding(), Botan::Asymmetric_Key::algo_name(), BOTAN_ARG_CHECK, Botan::Public_Key::create_verification_op(), Botan::DerSequence, and Botan::fmt().

Referenced by hash_function(), operator=(), operator=(), PK_Verifier(), and PK_Verifier().

◆ PK_Verifier() [2/4]

Botan::PK_Verifier::PK_Verifier ( const Public_Key & pub_key,
const AlgorithmIdentifier & signature_algorithm,
std::string_view provider = "" )

Construct a PK Verifier (X.509 specific)

This constructor will attempt to decode signature_format relative to the public key provided. If they seem to be inconsistent or otherwise unsupported, a Decoding_Error is thrown.

Parameters
pub_keythe public key to verify against
signature_algorithmthe supposed signature algorithm
providerthe provider to use

Definition at line 385 of file pubkey.cpp.

387 {
388 m_op = key.create_x509_verification_op(signature_algorithm, provider);
389 if(!m_op) {
390 throw Invalid_Argument(fmt("Key type {} does not support X.509 signature verification", key.algo_name()));
391 }
392
393 m_sig_format = key._default_x509_signature_format();
394 m_sig_element_size = key._signature_element_size_for_DER_encoding();
395}

References Botan::Asymmetric_Key::_default_x509_signature_format(), Botan::Asymmetric_Key::_signature_element_size_for_DER_encoding(), Botan::Asymmetric_Key::algo_name(), Botan::Public_Key::create_x509_verification_op(), and Botan::fmt().

◆ ~PK_Verifier()

Botan::PK_Verifier::~PK_Verifier ( )
default

◆ PK_Verifier() [3/4]

Botan::PK_Verifier::PK_Verifier ( const PK_Verifier & )
delete

References PK_Verifier().

◆ PK_Verifier() [4/4]

Botan::PK_Verifier::PK_Verifier ( PK_Verifier && )
defaultnoexcept

References PK_Verifier().

Member Function Documentation

◆ check_signature() [1/2]

bool Botan::PK_Verifier::check_signature ( const uint8_t sig[],
size_t length )

Check the signature of the buffered message, i.e. the one build by successive calls to update.

Parameters
sigthe signature to be verified as a byte array
lengththe length of the above byte array
Returns
true if the signature is valid, false otherwise

Definition at line 458 of file pubkey.cpp.

458 {
459 try {
460 if(m_sig_format == Signature_Format::Standard) {
461 return m_op->is_valid_signature({sig, length});
462 } else if(m_sig_format == Signature_Format::DerSequence) {
463 bool decoding_success = false;
464 std::vector<uint8_t> real_sig;
465
466 BOTAN_ASSERT_NOMSG(m_sig_element_size.has_value());
467
468 try {
469 real_sig = decode_der_signature(sig, length, 2, m_sig_element_size.value());
470 decoding_success = true;
471 } catch(Decoding_Error&) {}
472
473 bool accept = m_op->is_valid_signature(real_sig);
474
475 return accept && decoding_success;
476 } else {
477 throw Internal_Error("PK_Verifier: Invalid signature format enum");
478 }
479 } catch(Invalid_Argument&) {
480 return false;
481 } catch(Decoding_Error&) {
482 return false;
483 } catch(Encoding_Error&) {
484 return false;
485 }
486}
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:61

References BOTAN_ASSERT_NOMSG, Botan::DerSequence, and Botan::Standard.

Referenced by Botan::Roughtime::Response::validate(), and verify_message().

◆ check_signature() [2/2]

bool Botan::PK_Verifier::check_signature ( std::span< const uint8_t > sig)
inline

Check the signature of the buffered message, i.e. the one build by successive calls to update.

Parameters
sigthe signature to be verified
Returns
true if the signature is valid, false otherwise

Definition at line 372 of file pubkey.h.

372{ return check_signature(sig.data(), sig.size()); }
bool check_signature(const uint8_t sig[], size_t length)
Definition pubkey.cpp:458

References check_signature().

Referenced by check_signature().

◆ hash_function()

std::string Botan::PK_Verifier::hash_function ( ) const

Return the hash function which is being used to verify signatures. This should never return an empty string however it may return a string which does not map directly to a hash function, in particular if "Raw" (unhashed) encoding is being used.

Definition at line 402 of file pubkey.cpp.

402 {
403 return m_op->hash_function();
404}

References hash_function(), and PK_Verifier().

Referenced by hash_function(), and Botan::X509_Object::verify_signature().

◆ operator=() [1/2]

PK_Verifier & Botan::PK_Verifier::operator= ( const PK_Verifier & )
delete

References PK_Verifier().

◆ operator=() [2/2]

PK_Verifier & Botan::PK_Verifier::operator= ( PK_Verifier && )
defaultnoexcept

References PK_Verifier(), and verify_message().

◆ set_input_format()

void Botan::PK_Verifier::set_input_format ( Signature_Format format)

Set the format of the signatures fed to this verifier.

Parameters
formatthe signature format to use

Definition at line 406 of file pubkey.cpp.

406 {
407 if(format == Signature_Format::DerSequence) {
408 BOTAN_ARG_CHECK(m_sig_element_size.has_value(), "This key does not support DER signatures");
409 }
410 m_sig_format = format;
411}

References BOTAN_ARG_CHECK, and Botan::DerSequence.

◆ update() [1/4]

void Botan::PK_Verifier::update ( const uint8_t msg_part[],
size_t length )

Add a message part of the message corresponding to the signature to be verified.

Parameters
msg_partthe new message part as a byte array
lengththe length of the above byte array

Definition at line 422 of file pubkey.cpp.

422 {
423 m_op->update({in, length});
424}

◆ update() [2/4]

void Botan::PK_Verifier::update ( std::span< const uint8_t > in)
inline

Add a message part of the message corresponding to the signature to be verified.

Parameters
inthe new message part

Definition at line 349 of file pubkey.h.

349{ update(in.data(), in.size()); }
void update(uint8_t in)
Definition pubkey.h:334

References update().

Referenced by update().

◆ update() [3/4]

void Botan::PK_Verifier::update ( std::string_view in)

Add a message part of the message corresponding to the signature to be verified.

Definition at line 418 of file pubkey.cpp.

418 {
419 this->update(cast_char_ptr_to_uint8(in.data()), in.size());
420}
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition mem_ops.h:276

References Botan::cast_char_ptr_to_uint8(), and update().

◆ update() [4/4]

void Botan::PK_Verifier::update ( uint8_t in)
inline

Add a message part (single byte) of the message corresponding to the signature to be verified.

Parameters
inthe byte to add

Definition at line 334 of file pubkey.h.

334{ update(&in, 1); }

References update().

Referenced by update(), update(), Botan::Roughtime::Response::validate(), and verify_message().

◆ verify_message() [1/2]

bool Botan::PK_Verifier::verify_message ( const uint8_t msg[],
size_t msg_length,
const uint8_t sig[],
size_t sig_length )

Verify a signature.

Parameters
msgthe message that the signature belongs to, as a byte array
msg_lengththe length of the above byte array msg
sigthe signature as a byte array
sig_lengththe length of the above byte array sig
Returns
true if the signature is valid

Definition at line 413 of file pubkey.cpp.

413 {
414 update(msg, msg_length);
415 return check_signature(sig, sig_length);
416}

References check_signature(), and update().

Referenced by operator=(), Botan::KeyPair::signature_consistency_check(), Botan::TLS::Callbacks::tls_verify_message(), verify_message(), Botan::OCSP::Response::verify_signature(), and Botan::X509_Object::verify_signature().

◆ verify_message() [2/2]

bool Botan::PK_Verifier::verify_message ( std::span< const uint8_t > msg,
std::span< const uint8_t > sig )
inline

Verify a signature.

Parameters
msgthe message that the signature belongs to
sigthe signature
Returns
true if the signature is valid

Definition at line 325 of file pubkey.h.

325 {
326 return verify_message(msg.data(), msg.size(), sig.data(), sig.size());
327 }
bool verify_message(const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)
Definition pubkey.cpp:413

References verify_message().


The documentation for this class was generated from the following files: