botan: Add helper function for signature verification
This commit is contained in:
Tobias Brunner
parent
8d8e7a9c8b
commit
5cd24d26e2
|
|
@ -69,9 +69,7 @@ static bool verify_signature(private_botan_ec_public_key_t *this,
|
|||
const char* hash_and_padding, int signature_format, size_t keylen,
|
||||
chunk_t data, chunk_t signature)
|
||||
{
|
||||
botan_pk_op_verify_t verify_op;
|
||||
chunk_t sig = signature;
|
||||
bool valid = FALSE;
|
||||
|
||||
if (signature_format == SIG_FORMAT_DER_SEQUENCE)
|
||||
{
|
||||
|
|
@ -104,22 +102,7 @@ static bool verify_signature(private_botan_ec_public_key_t *this,
|
|||
memcpy(sig.ptr + (keylen - r.len), r.ptr, r.len);
|
||||
memcpy(sig.ptr + keylen + (keylen - s.len), s.ptr, s.len);
|
||||
}
|
||||
|
||||
if (botan_pk_op_verify_create(&verify_op, this->key, hash_and_padding, 0))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (botan_pk_op_verify_update(verify_op, data.ptr, data.len))
|
||||
{
|
||||
botan_pk_op_verify_destroy(verify_op);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
valid = !(botan_pk_op_verify_finish(verify_op, sig.ptr, sig.len));
|
||||
|
||||
botan_pk_op_verify_destroy(verify_op);
|
||||
return valid;
|
||||
return botan_verify_signature(this->key, hash_and_padding, data, sig);
|
||||
}
|
||||
|
||||
METHOD(public_key_t, get_type, key_type_t,
|
||||
|
|
|
|||
|
|
@ -68,33 +68,6 @@ struct private_botan_rsa_public_key_t {
|
|||
*/
|
||||
bool botan_emsa_pss_identifier(rsa_pss_params_t *params, char *id, size_t len);
|
||||
|
||||
/**
|
||||
* Verify RSA signature
|
||||
*/
|
||||
static bool verify_rsa_signature(private_botan_rsa_public_key_t *this,
|
||||
const char* hash_and_padding, chunk_t data,
|
||||
chunk_t signature)
|
||||
{
|
||||
botan_pk_op_verify_t verify_op;
|
||||
bool valid = FALSE;
|
||||
|
||||
if (botan_pk_op_verify_create(&verify_op, this->key, hash_and_padding, 0))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (botan_pk_op_verify_update(verify_op, data.ptr, data.len))
|
||||
{
|
||||
botan_pk_op_verify_destroy(verify_op);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
valid = !botan_pk_op_verify_finish(verify_op, signature.ptr, signature.len);
|
||||
|
||||
botan_pk_op_verify_destroy(verify_op);
|
||||
return valid;
|
||||
}
|
||||
|
||||
/**
|
||||
* Verification of an EMSA PSS signature described in PKCS#1
|
||||
*/
|
||||
|
|
@ -109,7 +82,7 @@ static bool verify_emsa_pss_signature(private_botan_rsa_public_key_t *this,
|
|||
{
|
||||
return FALSE;
|
||||
}
|
||||
return verify_rsa_signature(this, hash_and_padding, data, signature);
|
||||
return botan_verify_signature(this->key, hash_and_padding, data, signature);
|
||||
}
|
||||
|
||||
METHOD(public_key_t, get_type, key_type_t,
|
||||
|
|
@ -125,23 +98,23 @@ METHOD(public_key_t, verify, bool,
|
|||
switch (scheme)
|
||||
{
|
||||
case SIGN_RSA_EMSA_PKCS1_NULL:
|
||||
return verify_rsa_signature(this, "EMSA_PKCS1(Raw)", data,
|
||||
signature);
|
||||
return botan_verify_signature(this->key, "EMSA_PKCS1(Raw)", data,
|
||||
signature);
|
||||
case SIGN_RSA_EMSA_PKCS1_SHA1:
|
||||
return verify_rsa_signature(this, "EMSA_PKCS1(SHA-1)", data,
|
||||
signature);
|
||||
return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-1)", data,
|
||||
signature);
|
||||
case SIGN_RSA_EMSA_PKCS1_SHA2_224:
|
||||
return verify_rsa_signature(this, "EMSA_PKCS1(SHA-224)",
|
||||
data, signature);
|
||||
return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-224)",
|
||||
data, signature);
|
||||
case SIGN_RSA_EMSA_PKCS1_SHA2_256:
|
||||
return verify_rsa_signature(this, "EMSA_PKCS1(SHA-256)",
|
||||
data, signature);
|
||||
return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-256)",
|
||||
data, signature);
|
||||
case SIGN_RSA_EMSA_PKCS1_SHA2_384:
|
||||
return verify_rsa_signature(this, "EMSA_PKCS1(SHA-384)",
|
||||
data, signature);
|
||||
return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-384)",
|
||||
data, signature);
|
||||
case SIGN_RSA_EMSA_PKCS1_SHA2_512:
|
||||
return verify_rsa_signature(this, "EMSA_PKCS1(SHA-512)",
|
||||
data, signature);
|
||||
return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-512)",
|
||||
data, signature);
|
||||
case SIGN_RSA_EMSA_PSS:
|
||||
return verify_emsa_pss_signature(this, params, data, signature);
|
||||
default:
|
||||
|
|
|
|||
|
|
@ -249,6 +249,32 @@ bool botan_get_signature(botan_privkey_t key, const char *scheme,
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header
|
||||
*/
|
||||
bool botan_verify_signature(botan_pubkey_t key, const char *scheme,
|
||||
chunk_t data, chunk_t signature)
|
||||
{
|
||||
botan_pk_op_verify_t verify_op;
|
||||
bool valid = FALSE;
|
||||
|
||||
if (botan_pk_op_verify_create(&verify_op, key, scheme, 0))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (botan_pk_op_verify_update(verify_op, data.ptr, data.len))
|
||||
{
|
||||
botan_pk_op_verify_destroy(verify_op);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
valid = !botan_pk_op_verify_finish(verify_op, signature.ptr, signature.len);
|
||||
|
||||
botan_pk_op_verify_destroy(verify_op);
|
||||
return valid;
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -100,6 +100,18 @@ bool botan_get_fingerprint(botan_pubkey_t pubkey, void *cache,
|
|||
bool botan_get_signature(botan_privkey_t key, const char *scheme,
|
||||
chunk_t data, chunk_t *signature);
|
||||
|
||||
/**
|
||||
* Verify the given signature using the provided data and key with the specified
|
||||
* signature scheme (hash/padding).
|
||||
*
|
||||
* @param key private key object
|
||||
* @param scheme hash/padding algorithm
|
||||
* @param data signed data
|
||||
* @param signature signature to verify
|
||||
*/
|
||||
bool botan_verify_signature(botan_pubkey_t key, const char* scheme,
|
||||
chunk_t data, chunk_t signature);
|
||||
|
||||
/**
|
||||
* Do the Diffie-Hellman key derivation using the given private key and public
|
||||
* value.
|
||||
|
|
|
|||
Loading…
Reference in New Issue