botan: Add helper function for signature verification

src/libstrongswan/plugins/botan/botan_ec_public_key.c

@@ -69,9 +69,7 @@ static bool verify_signature(private_botan_ec_public_key_t *this,
 	const char* hash_and_padding, int signature_format, size_t keylen,
 	chunk_t data, chunk_t signature)
 {
-	botan_pk_op_verify_t verify_op;
 	chunk_t sig = signature;
-	bool valid = FALSE;
 
 	if (signature_format == SIG_FORMAT_DER_SEQUENCE)
 	{
@@ -104,22 +102,7 @@ static bool verify_signature(private_botan_ec_public_key_t *this,
 		memcpy(sig.ptr + (keylen - r.len), r.ptr, r.len);
 		memcpy(sig.ptr + keylen + (keylen - s.len), s.ptr, s.len);
 	}
-
+	return botan_verify_signature(this->key, hash_and_padding, data, sig);
-	if (botan_pk_op_verify_create(&verify_op, this->key, hash_and_padding, 0))
-	{
-		return FALSE;
-	}
-
-	if (botan_pk_op_verify_update(verify_op, data.ptr, data.len))
-	{
-		botan_pk_op_verify_destroy(verify_op);
-		return FALSE;
-	}
-
-	valid = !(botan_pk_op_verify_finish(verify_op, sig.ptr, sig.len));
-
-	botan_pk_op_verify_destroy(verify_op);
-	return valid;
 }
 
 METHOD(public_key_t, get_type, key_type_t,

src/libstrongswan/plugins/botan/botan_rsa_public_key.c

@@ -68,33 +68,6 @@ struct private_botan_rsa_public_key_t {
  */
 bool botan_emsa_pss_identifier(rsa_pss_params_t *params, char *id, size_t len);
 
-/**
- * Verify RSA signature
- */
-static bool verify_rsa_signature(private_botan_rsa_public_key_t *this,
-								 const char* hash_and_padding, chunk_t data,
-								 chunk_t signature)
-{
-	botan_pk_op_verify_t verify_op;
-	bool valid = FALSE;
-
-	if (botan_pk_op_verify_create(&verify_op, this->key, hash_and_padding, 0))
-	{
-		return FALSE;
-	}
-
-	if (botan_pk_op_verify_update(verify_op, data.ptr, data.len))
-	{
-		botan_pk_op_verify_destroy(verify_op);
-		return FALSE;
-	}
-
-	valid =	!botan_pk_op_verify_finish(verify_op, signature.ptr, signature.len);
-
-	botan_pk_op_verify_destroy(verify_op);
-	return valid;
-}
-
 /**
  * Verification of an EMSA PSS signature described in PKCS#1
  */
@@ -109,7 +82,7 @@ static bool verify_emsa_pss_signature(private_botan_rsa_public_key_t *this,
 	{
 		return FALSE;
 	}
-	return verify_rsa_signature(this, hash_and_padding, data, signature);
+	return botan_verify_signature(this->key, hash_and_padding, data, signature);
 }
 
 METHOD(public_key_t, get_type, key_type_t,
@@ -125,23 +98,23 @@ METHOD(public_key_t, verify, bool,
 	switch (scheme)
 	{
 		case SIGN_RSA_EMSA_PKCS1_NULL:
-			return verify_rsa_signature(this, "EMSA_PKCS1(Raw)", data,
+			return botan_verify_signature(this->key, "EMSA_PKCS1(Raw)", data,
-										signature);
+										  signature);
 		case SIGN_RSA_EMSA_PKCS1_SHA1:
-			return verify_rsa_signature(this, "EMSA_PKCS1(SHA-1)", data,
+			return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-1)", data,
-										signature);
+										  signature);
 		case SIGN_RSA_EMSA_PKCS1_SHA2_224:
-			return verify_rsa_signature(this, "EMSA_PKCS1(SHA-224)",
+			return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-224)",
-										data, signature);
+										  data, signature);
 		case SIGN_RSA_EMSA_PKCS1_SHA2_256:
-			return verify_rsa_signature(this, "EMSA_PKCS1(SHA-256)",
+			return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-256)",
-										data, signature);
+										  data, signature);
 		case SIGN_RSA_EMSA_PKCS1_SHA2_384:
-			return verify_rsa_signature(this, "EMSA_PKCS1(SHA-384)",
+			return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-384)",
-										data, signature);
+										  data, signature);
 		case SIGN_RSA_EMSA_PKCS1_SHA2_512:
-			return verify_rsa_signature(this, "EMSA_PKCS1(SHA-512)",
+			return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-512)",
-										data, signature);
+										  data, signature);
 		case SIGN_RSA_EMSA_PSS:
 			return verify_emsa_pss_signature(this, params, data, signature);
 		default:

src/libstrongswan/plugins/botan/botan_util.c

@@ -249,6 +249,32 @@ bool botan_get_signature(botan_privkey_t key, const char *scheme,
 	return TRUE;
 }
 
+/*
+ * Described in header
+ */
+bool botan_verify_signature(botan_pubkey_t key, const char *scheme,
+							chunk_t data, chunk_t signature)
+{
+	botan_pk_op_verify_t verify_op;
+	bool valid = FALSE;
+
+	if (botan_pk_op_verify_create(&verify_op, key, scheme, 0))
+	{
+		return FALSE;
+	}
+
+	if (botan_pk_op_verify_update(verify_op, data.ptr, data.len))
+	{
+		botan_pk_op_verify_destroy(verify_op);
+		return FALSE;
+	}
+
+	valid =	!botan_pk_op_verify_finish(verify_op, signature.ptr, signature.len);
+
+	botan_pk_op_verify_destroy(verify_op);
+	return valid;
+}
+
 /*
  * Described in header
  */

src/libstrongswan/plugins/botan/botan_util.h

@@ -100,6 +100,18 @@ bool botan_get_fingerprint(botan_pubkey_t pubkey, void *cache,
 bool botan_get_signature(botan_privkey_t key, const char *scheme,
 						 chunk_t data, chunk_t *signature);
 
+/**
+ * Verify the given signature using the provided data and key with the specified
+ * signature scheme (hash/padding).
+ *
+ * @param key		private key object
+ * @param scheme	hash/padding algorithm
+ * @param data		signed data
+ * @param signature	signature to verify
+ */
+bool botan_verify_signature(botan_pubkey_t key, const char* scheme,
+							chunk_t data, chunk_t signature);
+
 /**
  * Do the Diffie-Hellman key derivation using the given private key and public
  * value.