botan: Add helper function for signature verification
authorTobias Brunner <tobias@strongswan.org>
Mon, 22 Oct 2018 15:12:26 +0000 (17:12 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 26 Oct 2018 09:06:45 +0000 (11:06 +0200)
src/libstrongswan/plugins/botan/botan_ec_public_key.c
src/libstrongswan/plugins/botan/botan_rsa_public_key.c
src/libstrongswan/plugins/botan/botan_util.c
src/libstrongswan/plugins/botan/botan_util.h

index 4c85dbc..095ae3f 100644 (file)
@@ -69,9 +69,7 @@ static bool verify_signature(private_botan_ec_public_key_t *this,
        const char* hash_and_padding, int signature_format, size_t keylen,
        chunk_t data, chunk_t signature)
 {
-       botan_pk_op_verify_t verify_op;
        chunk_t sig = signature;
-       bool valid = FALSE;
 
        if (signature_format == SIG_FORMAT_DER_SEQUENCE)
        {
@@ -104,22 +102,7 @@ static bool verify_signature(private_botan_ec_public_key_t *this,
                memcpy(sig.ptr + (keylen - r.len), r.ptr, r.len);
                memcpy(sig.ptr + keylen + (keylen - s.len), s.ptr, s.len);
        }
-
-       if (botan_pk_op_verify_create(&verify_op, this->key, hash_and_padding, 0))
-       {
-               return FALSE;
-       }
-
-       if (botan_pk_op_verify_update(verify_op, data.ptr, data.len))
-       {
-               botan_pk_op_verify_destroy(verify_op);
-               return FALSE;
-       }
-
-       valid = !(botan_pk_op_verify_finish(verify_op, sig.ptr, sig.len));
-
-       botan_pk_op_verify_destroy(verify_op);
-       return valid;
+       return botan_verify_signature(this->key, hash_and_padding, data, sig);
 }
 
 METHOD(public_key_t, get_type, key_type_t,
index c6e2e88..d043f4c 100644 (file)
@@ -69,33 +69,6 @@ struct private_botan_rsa_public_key_t {
 bool botan_emsa_pss_identifier(rsa_pss_params_t *params, char *id, size_t len);
 
 /**
- * Verify RSA signature
- */
-static bool verify_rsa_signature(private_botan_rsa_public_key_t *this,
-                                                                const char* hash_and_padding, chunk_t data,
-                                                                chunk_t signature)
-{
-       botan_pk_op_verify_t verify_op;
-       bool valid = FALSE;
-
-       if (botan_pk_op_verify_create(&verify_op, this->key, hash_and_padding, 0))
-       {
-               return FALSE;
-       }
-
-       if (botan_pk_op_verify_update(verify_op, data.ptr, data.len))
-       {
-               botan_pk_op_verify_destroy(verify_op);
-               return FALSE;
-       }
-
-       valid = !botan_pk_op_verify_finish(verify_op, signature.ptr, signature.len);
-
-       botan_pk_op_verify_destroy(verify_op);
-       return valid;
-}
-
-/**
  * Verification of an EMSA PSS signature described in PKCS#1
  */
 static bool verify_emsa_pss_signature(private_botan_rsa_public_key_t *this,
@@ -109,7 +82,7 @@ static bool verify_emsa_pss_signature(private_botan_rsa_public_key_t *this,
        {
                return FALSE;
        }
-       return verify_rsa_signature(this, hash_and_padding, data, signature);
+       return botan_verify_signature(this->key, hash_and_padding, data, signature);
 }
 
 METHOD(public_key_t, get_type, key_type_t,
@@ -125,23 +98,23 @@ METHOD(public_key_t, verify, bool,
        switch (scheme)
        {
                case SIGN_RSA_EMSA_PKCS1_NULL:
-                       return verify_rsa_signature(this, "EMSA_PKCS1(Raw)", data,
-                                                                               signature);
+                       return botan_verify_signature(this->key, "EMSA_PKCS1(Raw)", data,
+                                                                                 signature);
                case SIGN_RSA_EMSA_PKCS1_SHA1:
-                       return verify_rsa_signature(this, "EMSA_PKCS1(SHA-1)", data,
-                                                                               signature);
+                       return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-1)", data,
+                                                                                 signature);
                case SIGN_RSA_EMSA_PKCS1_SHA2_224:
-                       return verify_rsa_signature(this, "EMSA_PKCS1(SHA-224)",
-                                                                               data, signature);
+                       return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-224)",
+                                                                                 data, signature);
                case SIGN_RSA_EMSA_PKCS1_SHA2_256:
-                       return verify_rsa_signature(this, "EMSA_PKCS1(SHA-256)",
-                                                                               data, signature);
+                       return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-256)",
+                                                                                 data, signature);
                case SIGN_RSA_EMSA_PKCS1_SHA2_384:
-                       return verify_rsa_signature(this, "EMSA_PKCS1(SHA-384)",
-                                                                               data, signature);
+                       return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-384)",
+                                                                                 data, signature);
                case SIGN_RSA_EMSA_PKCS1_SHA2_512:
-                       return verify_rsa_signature(this, "EMSA_PKCS1(SHA-512)",
-                                                                               data, signature);
+                       return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-512)",
+                                                                                 data, signature);
                case SIGN_RSA_EMSA_PSS:
                        return verify_emsa_pss_signature(this, params, data, signature);
                default:
index 5e18405..e5859e5 100644 (file)
@@ -252,6 +252,32 @@ bool botan_get_signature(botan_privkey_t key, const char *scheme,
 /*
  * Described in header
  */
+bool botan_verify_signature(botan_pubkey_t key, const char *scheme,
+                                                       chunk_t data, chunk_t signature)
+{
+       botan_pk_op_verify_t verify_op;
+       bool valid = FALSE;
+
+       if (botan_pk_op_verify_create(&verify_op, key, scheme, 0))
+       {
+               return FALSE;
+       }
+
+       if (botan_pk_op_verify_update(verify_op, data.ptr, data.len))
+       {
+               botan_pk_op_verify_destroy(verify_op);
+               return FALSE;
+       }
+
+       valid = !botan_pk_op_verify_finish(verify_op, signature.ptr, signature.len);
+
+       botan_pk_op_verify_destroy(verify_op);
+       return valid;
+}
+
+/*
+ * Described in header
+ */
 bool botan_dh_key_derivation(botan_privkey_t key, chunk_t pub, chunk_t *secret)
 {
        botan_pk_op_ka_t ka;
index 0883035..7fb74ec 100644 (file)
@@ -101,6 +101,18 @@ bool botan_get_signature(botan_privkey_t key, const char *scheme,
                                                 chunk_t data, chunk_t *signature);
 
 /**
+ * Verify the given signature using the provided data and key with the specified
+ * signature scheme (hash/padding).
+ *
+ * @param key          private key object
+ * @param scheme       hash/padding algorithm
+ * @param data         signed data
+ * @param signature    signature to verify
+ */
+bool botan_verify_signature(botan_pubkey_t key, const char* scheme,
+                                                       chunk_t data, chunk_t signature);
+
+/**
  * Do the Diffie-Hellman key derivation using the given private key and public
  * value.
  *