Trait SignatureVerificationAlgorithm

trait SignatureVerificationAlgorithm: Send + Sync + fmt::Debug

An abstract signature verification algorithm.

One of these is needed per supported pair of public key type (identified with public_key_alg_id()) and signatureAlgorithm (identified with signature_alg_id()). Note that both of these AlgorithmIdentifiers include the parameters encoding, so separate SignatureVerificationAlgorithms are needed for each possible public key or signature parameters.

Debug implementations should list the public key algorithm identifier and signature algorithm identifier in human friendly form (i.e. not encoded bytes), along with the name of the implementing library (to distinguish different implementations of the same algorithms).

Required Methods

fn verify_signature(self: &Self, public_key: &[u8], message: &[u8], signature: &[u8]) -> Result<(), InvalidSignature>

Verify a signature.

public_key is the subjectPublicKey value from a SubjectPublicKeyInfo encoding and is untrusted. The key's subjectPublicKeyInfo matches the AlgorithmIdentifier returned by public_key_alg_id().

message is the data over which the signature was allegedly computed. It is not hashed; implementations of this trait function must do hashing if that is required by the algorithm they implement.

signature is the signature allegedly over message.

Return Ok(()) only if signature is a valid signature on message.

Return Err(InvalidSignature) if the signature is invalid, including if the public_key encoding is invalid. There is no need or opportunity to produce errors that are more specific than this.

fn public_key_alg_id(self: &Self) -> AlgorithmIdentifier

Return the AlgorithmIdentifier that must equal a public key's subjectPublicKeyInfo value for this SignatureVerificationAlgorithm to be used for signature verification.

fn signature_alg_id(self: &Self) -> AlgorithmIdentifier

Return the AlgorithmIdentifier that must equal the signatureAlgorithm value on the data to be verified for this SignatureVerificationAlgorithm to be used for signature verification.

Provided Methods

fn fips(self: &Self) -> bool

Return true if this is backed by a FIPS-approved implementation.