doc/c%2B%2Butilities/verification_8h_source.html

#ifndef CPP_UTILITIES_MISC_VERIFICATION_H

#define CPP_UTILITIES_MISC_VERIFICATION_H


#include "../conversion/stringconversion.h"


#include <openssl/ec.h>

#include <openssl/err.h>

#include <openssl/evp.h>

#include <openssl/pem.h>


#include <algorithm>

#include <array>

#include <cctype>

#include <string>

#include <string_view>


namespace CppUtilities {


namespace Detail {


inline std::string getOpenSslError()

{

    const auto errCode = ERR_get_error();

    if (errCode == 0) {

        return "unknown OpenSSL error";

    }

    auto buffer = std::array<char, 256>();

    ERR_error_string_n(errCode, buffer.data(), buffer.size());

    return std::string(buffer.data());

}


inline std::string extractPemBody(std::string_view pem, std::string_view header)

{

    auto body = std::string();

    auto begin = pem.find(header);

    if (begin == std::string_view::npos) {

        return body;

    }

    begin += header.size();


    auto end = pem.find("-----END", begin);

    if (end == std::string_view::npos) {

        return body;

    }


    body = std::string(pem.data() + begin, end - begin);

    body.erase(std::remove_if(body.begin(), body.end(), ::isspace), body.end());

    return body;

}


inline std::string parsePemSignature(std::string_view pemSignature, std::pair<std::unique_ptr<std::uint8_t[]>, std::uint32_t> &decodedSignature)

{

    const auto pemSignatureBody = extractPemBody(pemSignature, "-----BEGIN SIGNATURE-----");

    if (pemSignatureBody.empty()) {

        return "invalid or missing PEM signature block";

    }

    try {

        decodedSignature = decodeBase64(pemSignatureBody.data(), static_cast<std::uint32_t>(pemSignatureBody.size()));

        return std::string();

    } catch (const ConversionException &e) {

        return "unable to decode PEM signature block";

    }

}


} // namespace Detail


using MainVerifyFunctionType = std::string (*)(std::string_view, std::string_view, std::string_view);


inline std::string verifySignature(std::string_view publicKeyPem, std::string_view signaturePem, std::string_view data)

{

    auto error = std::string();

    auto derSignature = std::pair<std::unique_ptr<std::uint8_t[]>, std::uint32_t>();

    if (error = Detail::parsePemSignature(signaturePem, derSignature); !error.empty()) {

        return error;

    }


    BIO *const keyBio = BIO_new_mem_buf(publicKeyPem.data(), static_cast<int>(publicKeyPem.size()));

    if (!keyBio) {

        return error = "BIO_new_mem_buf failed: " + Detail::getOpenSslError();

    }


    EVP_PKEY *const publicKey = PEM_read_bio_PUBKEY(keyBio, nullptr, nullptr, nullptr);

    BIO_free(keyBio);

    if (!publicKey) {

        return error = "PEM_read_bio_PUBKEY failed: " + Detail::getOpenSslError();

    }


    EVP_MD_CTX *const mdCtx = EVP_MD_CTX_new();

    if (!mdCtx) {

        EVP_PKEY_free(publicKey);

        return error = "EVP_MD_CTX_new failed: " + Detail::getOpenSslError();

    }


    if (EVP_DigestVerifyInit(mdCtx, nullptr, EVP_sha256(), nullptr, publicKey) != 1) {

        error = "EVP_DigestVerifyInit failed: " + Detail::getOpenSslError();

    } else if (EVP_DigestVerifyUpdate(mdCtx, data.data(), data.size()) != 1) {

        error = "EVP_DigestVerifyUpdate failed: " + Detail::getOpenSslError();

    } else {

        switch (EVP_DigestVerifyFinal(mdCtx, derSignature.first.get(), derSignature.second)) {

        case 0:

            error = "incorrect signature";

            break;

        case 1:

            break; // signature is correct

        default:

            error = "EVP_DigestVerifyFinal failed: " + Detail::getOpenSslError();

            break;

        }

    }


    EVP_MD_CTX_free(mdCtx);

    EVP_PKEY_free(publicKey);

    return error;

}


template <class Keys, class VerifyFunction = MainVerifyFunctionType>


inline std::string verifySignature(Keys &&publicKeysPem, std::string_view signaturePem, std::string_view data,

    VerifyFunction &&verifyFunction = static_cast<MainVerifyFunctionType>(&verifySignature))

{

    auto error = std::string("no keys provided");

    for (const auto publicKeyPem : publicKeysPem) {

        if ((error = verifyFunction(publicKeyPem, signaturePem, data)).empty()) {

            return error;

        }

    }

    return error;

}


} // namespace CppUtilities


#endif // CPP_UTILITIES_MISC_VERIFICATION_H

CppUtilities::ConversionException
The ConversionException class is thrown by the various conversion functions of this library when a co...
Definition conversionexception.h:11

CppUtilities::Detail
Definition verification.h:19

CppUtilities::Detail::extractPemBody
std::string extractPemBody(std::string_view pem, std::string_view header)
Extracts the base64-encoded body from a PEM block.
Definition verification.h:35

CppUtilities::Detail::parsePemSignature
std::string parsePemSignature(std::string_view pemSignature, std::pair< std::unique_ptr< std::uint8_t[]>, std::uint32_t > &decodedSignature)
Converts PEM-encoded signature into DER-encoded signature.
Definition verification.h:56

CppUtilities::Detail::getOpenSslError
std::string getOpenSslError()
Returns the current OpenSSL error.
Definition verification.h:22

CppUtilities
Contains all utilities provides by the c++utilities library.
Definition argumentparser.h:18

CppUtilities::MainVerifyFunctionType
std::string(*)(std::string_view, std::string_view, std::string_view) MainVerifyFunctionType
The signature of the main verifySignature() function.
Definition verification.h:73

CppUtilities::verifySignature
std::string verifySignature(std::string_view publicKeyPem, std::string_view signaturePem, std::string_view data)
Verifies data with the specified public key publicKeyPem and signature signaturePem.
Definition verification.h:107

CppUtilities::decodeBase64
CPP_UTILITIES_EXPORT std::pair< std::unique_ptr< std::uint8_t[]>, std::uint32_t > decodeBase64(const char *encodedStr, const std::uint32_t strSize)
Decodes the specified Base64 encoded string.
Definition stringconversion.cpp:424

stringconversion.h