#include <pubkey.h>

Public Member Functions
bool	check_signature (const uint8_t sig[], size_t length)
bool	check_signature (std::span< const uint8_t > sig)
std::string	hash_function () const
PK_Verifier &	operator= (const PK_Verifier &)=delete
PK_Verifier &	operator= (PK_Verifier &&) noexcept
	PK_Verifier (const PK_Verifier &)=delete
	PK_Verifier (const Public_Key &pub_key, const AlgorithmIdentifier &signature_algorithm, std::string_view provider="")
	PK_Verifier (const Public_Key &pub_key, std::string_view padding, Signature_Format format=Signature_Format::Standard, std::string_view provider="")
	PK_Verifier (PK_Verifier &&) noexcept
void	set_input_format (Signature_Format format)
void	update (const uint8_t msg_part[], size_t length)
void	update (std::span< const uint8_t > in)
void	update (std::string_view in)
void	update (uint8_t in)
bool	verify_message (const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)
bool	verify_message (std::span< const uint8_t > msg, std::span< const uint8_t > sig)
	~PK_Verifier ()

Detailed Description

Public Key Verifier. Use the verify_message() functions for small messages. Use multiple calls update() to process large messages and verify the signature by finally calling check_signature().

Definition at line 271 of file pubkey.h.

Constructor & Destructor Documentation

◆ PK_Verifier() [1/4]

Botan::PK_Verifier::PK_Verifier	(	const Public_Key &	pub_key,
		std::string_view	padding,
		Signature_Format	format = Signature_Format::Standard,
		std::string_view	provider = "" )

Construct a PK Verifier.

Parameters

pub_key	the public key to verify against
padding	the padding/hash to use (eg "SHA-512" or "PSS(SHA-256)")
format	the signature format to use
provider	the provider to use

Definition at line 366 of file pubkey.cpp.

                                                  {
   m_op = key.create_verification_op(padding, provider);
   if(!m_op) {
      throw Invalid_Argument(fmt("Key type {} does not support signature verification", key.algo_name()));
   }
 
   m_sig_format = format;
   m_sig_element_size = key._signature_element_size_for_DER_encoding();
 
   if(m_sig_format == Signature_Format::DerSequence) {
      BOTAN_ARG_CHECK(m_sig_element_size.has_value(), "This key does not support DER signatures");
   }
}

References Botan::Asymmetric_Key::_signature_element_size_for_DER_encoding(), Botan::Asymmetric_Key::algo_name(), BOTAN_ARG_CHECK, Botan::Public_Key::create_verification_op(), Botan::DerSequence, and Botan::fmt().

Referenced by hash_function(), operator=(), operator=(), PK_Verifier(), and PK_Verifier().

◆ PK_Verifier() [2/4]

Botan::PK_Verifier::PK_Verifier	(	const Public_Key &	pub_key,
		const AlgorithmIdentifier &	signature_algorithm,
		std::string_view	provider = "" )

Construct a PK Verifier (X.509 specific)

This constructor will attempt to decode signature_format relative to the public key provided. If they seem to be inconsistent or otherwise unsupported, a Decoding_Error is thrown.

Parameters

pub_key	the public key to verify against
signature_algorithm	the supposed signature algorithm
provider	the provider to use

Definition at line 383 of file pubkey.cpp.

                                                  {
   m_op = key.create_x509_verification_op(signature_algorithm, provider);
   if(!m_op) {
      throw Invalid_Argument(fmt("Key type {} does not support X.509 signature verification", key.algo_name()));
   }
 
   m_sig_format = key._default_x509_signature_format();
   m_sig_element_size = key._signature_element_size_for_DER_encoding();
}

References Botan::Asymmetric_Key::_default_x509_signature_format(), Botan::Asymmetric_Key::_signature_element_size_for_DER_encoding(), Botan::Asymmetric_Key::algo_name(), Botan::Public_Key::create_x509_verification_op(), and Botan::fmt().

◆ ~PK_Verifier()

Botan::PK_Verifier::~PK_Verifier ( )

default

◆ PK_Verifier() [3/4]

Botan::PK_Verifier::PK_Verifier ( const PK_Verifier & )

delete

References PK_Verifier().

◆ PK_Verifier() [4/4]

Botan::PK_Verifier::PK_Verifier ( PK_Verifier && )

defaultnoexcept

References PK_Verifier().

Member Function Documentation

◆ check_signature() [1/2]

bool Botan::PK_Verifier::check_signature	(	const uint8_t	sig[],
		size_t	length )

Check the signature of the buffered message, i.e. the one build by successive calls to update.

Parameters

sig	the signature to be verified as a byte array
length	the length of the above byte array

Returns: true if the signature is valid, false otherwise

Definition at line 456 of file pubkey.cpp.

                                                                    {
   try {
      if(m_sig_format == Signature_Format::Standard) {
         return m_op->is_valid_signature({sig, length});
      } else if(m_sig_format == Signature_Format::DerSequence) {
         bool decoding_success = false;
         std::vector<uint8_t> real_sig;
 
         BOTAN_ASSERT_NOMSG(m_sig_element_size.has_value());
 
         try {
            real_sig = decode_der_signature(sig, length, 2, m_sig_element_size.value());
            decoding_success = true;
         } catch(Decoding_Error&) {}
 
         const bool accept = m_op->is_valid_signature(real_sig);
 
         return accept && decoding_success;
      } else {
         throw Internal_Error("PK_Verifier: Invalid signature format enum");
      }
   } catch(Invalid_Argument&) {
      return false;
   } catch(Decoding_Error&) {
      return false;
   } catch(Encoding_Error&) {
      return false;
   }
}

References BOTAN_ASSERT_NOMSG, Botan::DerSequence, and Botan::Standard.

Referenced by Botan::Roughtime::Response::validate(), and verify_message().

◆ check_signature() [2/2]

bool Botan::PK_Verifier::check_signature ( std::span< const uint8_t > sig )

inline

Check the signature of the buffered message, i.e. the one build by successive calls to update.

Parameters

sig	the signature to be verified

Returns: true if the signature is valid, false otherwise

Definition at line 371 of file pubkey.h.

371{ return check_signature(sig.data(), sig.size()); }

Botan::PK_Verifier::check_signature

bool check_signature(const uint8_t sig[], size_t length)

Definition pubkey.cpp:456

References check_signature().

Referenced by check_signature().

◆ hash_function()

std::string Botan::PK_Verifier::hash_function ( ) const

Return the hash function which is being used to verify signatures. This should never return an empty string however it may return a string which does not map directly to a hash function, in particular if "Raw" (unhashed) encoding is being used.

Definition at line 400 of file pubkey.cpp.

                                           {
   return m_op->hash_function();
}

References hash_function(), and PK_Verifier().

Referenced by hash_function(), and Botan::X509_Object::verify_signature().

◆ operator=() [1/2]

PK_Verifier & Botan::PK_Verifier::operator= ( const PK_Verifier & )

delete

References PK_Verifier().

◆ operator=() [2/2]

PK_Verifier & Botan::PK_Verifier::operator= ( PK_Verifier && )

defaultnoexcept

References PK_Verifier(), and verify_message().

◆ set_input_format()

void Botan::PK_Verifier::set_input_format ( Signature_Format format )

Set the format of the signatures fed to this verifier.

Parameters

format the signature format to use

Definition at line 404 of file pubkey.cpp.

                                                          {
   if(format == Signature_Format::DerSequence) {
      BOTAN_ARG_CHECK(m_sig_element_size.has_value(), "This key does not support DER signatures");
   }
   m_sig_format = format;
}

References BOTAN_ARG_CHECK, and Botan::DerSequence.

◆ update() [1/4]

void Botan::PK_Verifier::update	(	const uint8_t	msg_part[],
		size_t	length )

Add a message part of the message corresponding to the signature to be verified.

Parameters

msg_part	the new message part as a byte array
length	the length of the above byte array

Definition at line 420 of file pubkey.cpp.

                                                          {
   m_op->update({in, length});
}

◆ update() [2/4]

void Botan::PK_Verifier::update ( std::span< const uint8_t > in )

inline

Add a message part of the message corresponding to the signature to be verified.

Parameters

in	the new message part

Definition at line 348 of file pubkey.h.

348{ update(in.data(), in.size()); }

Botan::PK_Verifier::update

void update(uint8_t in)

Definition pubkey.h:333

References update().

Referenced by update().

◆ update() [3/4]

void Botan::PK_Verifier::update ( std::string_view in )

Add a message part of the message corresponding to the signature to be verified.

Definition at line 416 of file pubkey.cpp.

                                          {
   this->update(as_span_of_bytes(in));
}

References Botan::as_span_of_bytes(), and update().

◆ update() [4/4]

void Botan::PK_Verifier::update ( uint8_t in )

inline

Add a message part (single byte) of the message corresponding to the signature to be verified.

Parameters

in	the byte to add

Definition at line 333 of file pubkey.h.

333{ update(&in, 1); }

References update().

Referenced by update(), update(), Botan::Roughtime::Response::validate(), and verify_message().

◆ verify_message() [1/2]

bool Botan::PK_Verifier::verify_message	(	const uint8_t	msg[],
		size_t	msg_length,
		const uint8_t	sig[],
		size_t	sig_length )

Verify a signature.

Parameters

msg	the message that the signature belongs to, as a byte array
msg_length	the length of the above byte array msg
sig	the signature as a byte array
sig_length	the length of the above byte array sig

Returns: true if the signature is valid

Definition at line 411 of file pubkey.cpp.

                                                                                                               {
   update(msg, msg_length);
   return check_signature(sig, sig_length);
}

References check_signature(), and update().

Referenced by operator=(), Botan::KeyPair::signature_consistency_check(), Botan::TLS::Callbacks::tls_verify_message(), verify_message(), Botan::OCSP::Response::verify_signature(), and Botan::X509_Object::verify_signature().

◆ verify_message() [2/2]

bool Botan::PK_Verifier::verify_message	(	std::span< const uint8_t >	msg,
		std::span< const uint8_t >	sig )

inline

Verify a signature.

Parameters

msg	the message that the signature belongs to
sig	the signature

Returns: true if the signature is valid

Definition at line 324 of file pubkey.h.

                                                                                  {
         return verify_message(msg.data(), msg.size(), sig.data(), sig.size());
      }

References verify_message().

The documentation for this class was generated from the following files:

src/lib/pubkey/pubkey.h
src/lib/pubkey/pubkey.cpp

Public Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ PK_Verifier() [1/4]

◆ PK_Verifier() [2/4]

◆ ~PK_Verifier()

◆ PK_Verifier() [3/4]

◆ PK_Verifier() [4/4]

Member Function Documentation

◆ check_signature() [1/2]

◆ check_signature() [2/2]

◆ hash_function()

◆ operator=() [1/2]

◆ operator=() [2/2]

◆ set_input_format()

◆ update() [1/4]

◆ update() [2/4]

◆ update() [3/4]

◆ update() [4/4]

◆ verify_message() [1/2]

◆ verify_message() [2/2]