Botan 3.0.0
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::PK_Verifier Class Referencefinal

#include <pubkey.h>

Public Member Functions

bool check_signature (const uint8_t sig[], size_t length)
 
bool check_signature (std::span< const uint8_t > sig)
 
std::string hash_function () const
 
PK_Verifieroperator= (const PK_Verifier &)=delete
 
PK_Verifieroperator= (PK_Verifier &&) noexcept=delete
 
 PK_Verifier (const PK_Verifier &)=delete
 
 PK_Verifier (const Public_Key &pub_key, const AlgorithmIdentifier &signature_algorithm, std::string_view provider="")
 
 PK_Verifier (const Public_Key &pub_key, std::string_view padding, Signature_Format format=Signature_Format::Standard, std::string_view provider="")
 
 PK_Verifier (PK_Verifier &&) noexcept=delete
 
void set_input_format (Signature_Format format)
 
void update (const uint8_t msg_part[], size_t length)
 
void update (std::span< const uint8_t > in)
 
void update (std::string_view in)
 
void update (uint8_t in)
 
bool verify_message (const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)
 
bool verify_message (std::span< const uint8_t > msg, std::span< const uint8_t > sig)
 
 ~PK_Verifier ()
 

Detailed Description

Public Key Verifier. Use the verify_message() functions for small messages. Use multiple calls update() to process large messages and verify the signature by finally calling check_signature().

Definition at line 295 of file pubkey.h.

Constructor & Destructor Documentation

◆ PK_Verifier() [1/4]

Botan::PK_Verifier::PK_Verifier ( const Public_Key pub_key,
std::string_view  padding,
Signature_Format  format = Signature_Format::Standard,
std::string_view  provider = "" 
)

Construct a PK Verifier.

Parameters
pub_keythe public key to verify against
paddingthe padding/hash to use (eg "EMSA_PKCS1(SHA-256)")
formatthe signature format to use
providerthe provider to use

Definition at line 339 of file pubkey.cpp.

343 {
344 m_op = key.create_verification_op(emsa, provider);
345 if(!m_op)
346 {
347 throw Invalid_Argument(fmt("Key type {} does not support signature verification", key.algo_name()));
348 }
349 m_sig_format = format;
350 m_parts = key.message_parts();
351 m_part_size = key.message_part_size();
352 check_der_format_supported(format, m_parts);
353 }
std::string fmt(std::string_view format, const T &... args)
Definition: fmt.h:60

References Botan::Asymmetric_Key::algo_name(), Botan::Public_Key::create_verification_op(), Botan::fmt(), Botan::Public_Key::message_part_size(), and Botan::Public_Key::message_parts().

◆ PK_Verifier() [2/4]

Botan::PK_Verifier::PK_Verifier ( const Public_Key pub_key,
const AlgorithmIdentifier signature_algorithm,
std::string_view  provider = "" 
)

Construct a PK Verifier (X.509 specific)

This constructor will attempt to decode signature_format relative to the public key provided. If they seem to be inconsistent or otherwise unsupported, a Decoding_Error is thrown.

Parameters
pub_keythe public key to verify against
signature_algorithmthe supposed signature algorithm
providerthe provider to use

Definition at line 355 of file pubkey.cpp.

358 {
359 m_op = key.create_x509_verification_op(signature_algorithm, provider);
360
361 if(!m_op)
362 {
363 throw Invalid_Argument(fmt("Key type {} does not support X.509 signature verification", key.algo_name()));
364 }
365
366 m_sig_format = key.default_x509_signature_format();
367 m_parts = key.message_parts();
368 m_part_size = key.message_part_size();
369 check_der_format_supported(m_sig_format, m_parts);
370 }

References Botan::Asymmetric_Key::algo_name(), Botan::Public_Key::create_x509_verification_op(), Botan::Public_Key::default_x509_signature_format(), Botan::fmt(), Botan::Public_Key::message_part_size(), and Botan::Public_Key::message_parts().

◆ ~PK_Verifier()

Botan::PK_Verifier::~PK_Verifier ( )
default

◆ PK_Verifier() [3/4]

Botan::PK_Verifier::PK_Verifier ( const PK_Verifier )
delete

◆ PK_Verifier() [4/4]

Botan::PK_Verifier::PK_Verifier ( PK_Verifier &&  )
deletenoexcept

Member Function Documentation

◆ check_signature() [1/2]

bool Botan::PK_Verifier::check_signature ( const uint8_t  sig[],
size_t  length 
)

Check the signature of the buffered message, i.e. the one build by successive calls to update.

Parameters
sigthe signature to be verified as a byte array
lengththe length of the above byte array
Returns
true if the signature is valid, false otherwise

Definition at line 434 of file pubkey.cpp.

435 {
436 try {
437 if(m_sig_format == Signature_Format::Standard)
438 {
439 return m_op->is_valid_signature(sig, length);
440 }
441 else if(m_sig_format == Signature_Format::DerSequence)
442 {
443 bool decoding_success = false;
444 std::vector<uint8_t> real_sig;
445
446 try
447 {
448 real_sig = decode_der_signature(sig, length, m_parts, m_part_size);
449 decoding_success = true;
450 }
451 catch(Decoding_Error&) {}
452
453 bool accept = m_op->is_valid_signature(real_sig.data(), real_sig.size());
454
455 return accept && decoding_success;
456 }
457 else
458 throw Internal_Error("PK_Verifier: Invalid signature format enum");
459 }
460 catch(Invalid_Argument&) { return false; }
461 catch(Decoding_Error&) { return false; }
462 catch(Encoding_Error&) { return false; }
463 }

References Botan::DerSequence, and Botan::Standard.

Referenced by Botan::Roughtime::Response::validate(), and verify_message().

◆ check_signature() [2/2]

bool Botan::PK_Verifier::check_signature ( std::span< const uint8_t >  sig)
inline

Check the signature of the buffered message, i.e. the one build by successive calls to update.

Parameters
sigthe signature to be verified
Returns
true if the signature is valid, false otherwise

Definition at line 404 of file pubkey.h.

405 {
406 return check_signature(sig.data(), sig.size());
407 }
bool check_signature(const uint8_t sig[], size_t length)
Definition: pubkey.cpp:434

◆ hash_function()

std::string Botan::PK_Verifier::hash_function ( ) const

Return the hash function which is being used to verify signatures. This should never return an empty string however it may return a string which does not map directly to a hash function, in particular if "Raw" (unhashed) encoding is being used.

Definition at line 374 of file pubkey.cpp.

375 {
376 return m_op->hash_function();
377 }

Referenced by Botan::X509_Object::verify_signature().

◆ operator=() [1/2]

PK_Verifier & Botan::PK_Verifier::operator= ( const PK_Verifier )
delete

◆ operator=() [2/2]

PK_Verifier & Botan::PK_Verifier::operator= ( PK_Verifier &&  )
deletenoexcept

◆ set_input_format()

void Botan::PK_Verifier::set_input_format ( Signature_Format  format)

Set the format of the signatures fed to this verifier.

Parameters
formatthe signature format to use

Definition at line 379 of file pubkey.cpp.

380 {
381 check_der_format_supported(format, m_parts);
382 m_sig_format = format;
383 }

◆ update() [1/4]

void Botan::PK_Verifier::update ( const uint8_t  msg_part[],
size_t  length 
)

Add a message part of the message corresponding to the signature to be verified.

Parameters
msg_partthe new message part as a byte array
lengththe length of the above byte array

Definition at line 392 of file pubkey.cpp.

393 {
394 m_op->update(in, length);
395 }

◆ update() [2/4]

void Botan::PK_Verifier::update ( std::span< const uint8_t >  in)
inline

Add a message part of the message corresponding to the signature to be verified.

Parameters
inthe new message part

Definition at line 375 of file pubkey.h.

376 {
377 update(in.data(), in.size());
378 }
int(* update)(CTX *, const void *, CC_LONG len)

References update.

◆ update() [3/4]

void Botan::PK_Verifier::update ( std::string_view  in)
inline

Add a message part of the message corresponding to the signature to be verified.

Definition at line 384 of file pubkey.h.

385 {
386 update(cast_char_ptr_to_uint8(in.data()), in.size());
387 }
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:183

References Botan::cast_char_ptr_to_uint8(), and update.

◆ update() [4/4]

void Botan::PK_Verifier::update ( uint8_t  in)
inline

Add a message part (single byte) of the message corresponding to the signature to be verified.

Parameters
inthe byte to add

Definition at line 360 of file pubkey.h.

360{ update(&in, 1); }

References update().

Referenced by update(), and Botan::Roughtime::Response::validate().

◆ verify_message() [1/2]

bool Botan::PK_Verifier::verify_message ( const uint8_t  msg[],
size_t  msg_length,
const uint8_t  sig[],
size_t  sig_length 
)

Verify a signature.

Parameters
msgthe message that the signature belongs to, as a byte array
msg_lengththe length of the above byte array msg
sigthe signature as a byte array
sig_lengththe length of the above byte array sig
Returns
true if the signature is valid

Definition at line 385 of file pubkey.cpp.

387 {
388 update(msg, msg_length);
389 return check_signature(sig, sig_length);
390 }

References check_signature(), and update.

Referenced by Botan::KeyPair::signature_consistency_check(), Botan::TLS::Callbacks::tls_verify_message(), Botan::X509_Object::verify_signature(), and Botan::OCSP::Response::verify_signature().

◆ verify_message() [2/2]

bool Botan::PK_Verifier::verify_message ( std::span< const uint8_t >  msg,
std::span< const uint8_t >  sig 
)
inline

Verify a signature.

Parameters
msgthe message that the signature belongs to
sigthe signature
Returns
true if the signature is valid

Definition at line 348 of file pubkey.h.

350 {
351 return verify_message(msg.data(), msg.size(),
352 sig.data(), sig.size());
353 }
bool verify_message(const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)
Definition: pubkey.cpp:385

The documentation for this class was generated from the following files: