const char* hash_and_padding, int signature_format, size_t keylen,
chunk_t data, chunk_t signature)
{
- botan_pk_op_verify_t verify_op;
chunk_t sig = signature;
- bool valid = FALSE;
if (signature_format == SIG_FORMAT_DER_SEQUENCE)
{
memcpy(sig.ptr + (keylen - r.len), r.ptr, r.len);
memcpy(sig.ptr + keylen + (keylen - s.len), s.ptr, s.len);
}
-
- if (botan_pk_op_verify_create(&verify_op, this->key, hash_and_padding, 0))
- {
- return FALSE;
- }
-
- if (botan_pk_op_verify_update(verify_op, data.ptr, data.len))
- {
- botan_pk_op_verify_destroy(verify_op);
- return FALSE;
- }
-
- valid = !(botan_pk_op_verify_finish(verify_op, sig.ptr, sig.len));
-
- botan_pk_op_verify_destroy(verify_op);
- return valid;
+ return botan_verify_signature(this->key, hash_and_padding, data, sig);
}
METHOD(public_key_t, get_type, key_type_t,
*/
bool botan_emsa_pss_identifier(rsa_pss_params_t *params, char *id, size_t len);
-/**
- * Verify RSA signature
- */
-static bool verify_rsa_signature(private_botan_rsa_public_key_t *this,
- const char* hash_and_padding, chunk_t data,
- chunk_t signature)
-{
- botan_pk_op_verify_t verify_op;
- bool valid = FALSE;
-
- if (botan_pk_op_verify_create(&verify_op, this->key, hash_and_padding, 0))
- {
- return FALSE;
- }
-
- if (botan_pk_op_verify_update(verify_op, data.ptr, data.len))
- {
- botan_pk_op_verify_destroy(verify_op);
- return FALSE;
- }
-
- valid = !botan_pk_op_verify_finish(verify_op, signature.ptr, signature.len);
-
- botan_pk_op_verify_destroy(verify_op);
- return valid;
-}
-
/**
* Verification of an EMSA PSS signature described in PKCS#1
*/
{
return FALSE;
}
- return verify_rsa_signature(this, hash_and_padding, data, signature);
+ return botan_verify_signature(this->key, hash_and_padding, data, signature);
}
METHOD(public_key_t, get_type, key_type_t,
switch (scheme)
{
case SIGN_RSA_EMSA_PKCS1_NULL:
- return verify_rsa_signature(this, "EMSA_PKCS1(Raw)", data,
- signature);
+ return botan_verify_signature(this->key, "EMSA_PKCS1(Raw)", data,
+ signature);
case SIGN_RSA_EMSA_PKCS1_SHA1:
- return verify_rsa_signature(this, "EMSA_PKCS1(SHA-1)", data,
- signature);
+ return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-1)", data,
+ signature);
case SIGN_RSA_EMSA_PKCS1_SHA2_224:
- return verify_rsa_signature(this, "EMSA_PKCS1(SHA-224)",
- data, signature);
+ return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-224)",
+ data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA2_256:
- return verify_rsa_signature(this, "EMSA_PKCS1(SHA-256)",
- data, signature);
+ return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-256)",
+ data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA2_384:
- return verify_rsa_signature(this, "EMSA_PKCS1(SHA-384)",
- data, signature);
+ return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-384)",
+ data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA2_512:
- return verify_rsa_signature(this, "EMSA_PKCS1(SHA-512)",
- data, signature);
+ return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-512)",
+ data, signature);
case SIGN_RSA_EMSA_PSS:
return verify_emsa_pss_signature(this, params, data, signature);
default:
return TRUE;
}
+/*
+ * Described in header
+ */
+bool botan_verify_signature(botan_pubkey_t key, const char *scheme,
+ chunk_t data, chunk_t signature)
+{
+ botan_pk_op_verify_t verify_op;
+ bool valid = FALSE;
+
+ if (botan_pk_op_verify_create(&verify_op, key, scheme, 0))
+ {
+ return FALSE;
+ }
+
+ if (botan_pk_op_verify_update(verify_op, data.ptr, data.len))
+ {
+ botan_pk_op_verify_destroy(verify_op);
+ return FALSE;
+ }
+
+ valid = !botan_pk_op_verify_finish(verify_op, signature.ptr, signature.len);
+
+ botan_pk_op_verify_destroy(verify_op);
+ return valid;
+}
+
/*
* Described in header
*/
bool botan_get_signature(botan_privkey_t key, const char *scheme,
chunk_t data, chunk_t *signature);
+/**
+ * Verify the given signature using the provided data and key with the specified
+ * signature scheme (hash/padding).
+ *
+ * @param key private key object
+ * @param scheme hash/padding algorithm
+ * @param data signed data
+ * @param signature signature to verify
+ */
+bool botan_verify_signature(botan_pubkey_t key, const char* scheme,
+ chunk_t data, chunk_t signature);
+
/**
* Do the Diffie-Hellman key derivation using the given private key and public
* value.
projects / thirdparty / strongswan.git / commitdiff
