DOKK / manpages / debian 12 / libkcapi-dev / kcapi_akcipher_verify.3.en
KCAPI_AKCIPHER_VERIF(3) Programming Interface KCAPI_AKCIPHER_VERIF(3)

kcapi_akcipher_verify - signature verification

ssize_t kcapi_akcipher_verify(struct kcapi_handle * handle, const uint8_t * in, size_t inlen, uint8_t * out, size_t outlen, int access);

handle

[in] cipher handle

in

[in] message data buffer

inlen

[in] length of in buffer

out

[out] signature data buffer

outlen

[in] length of out buffer

access

[in] kernel access type (KCAPI_ACCESS_HEURISTIC - use internal heuristic for fastest kernel access; KCAPI_ACCESS_VMSPLICE - use vmsplice access; KCAPI_ACCESS_SENDMSG - sendmsg access)

It is perfectly legal to use the same buffer as the message and signature pointers. That would mean that after the signature generation operation, the message is overwritten with the signature.

The memory should be aligned at the page boundary using posix_memalign(sysconf(_SC_PAGESIZE)), If it is not aligned at the page boundary, the vmsplice call may not send all data to the kernel.

If the output size is insufficiently large, -EINVAL is returned. The output buffer must be at least as large as the modululs of the uses key.

To catch signature verification errors, the return value of this call should be checked. If this function returns -EBADMSG, the verification of the signature failed.

return number of bytes returned by the signature ver operation upon success; a negative errno-style error code if an error occurred

Stephan Mueller <smueller@chronox.de>

Author.

February 2022 libkcapi Manual 1.4.0