BOOL PubVerify(RSAKEY PublicKey, const UCHAR *msg, UINT32 msglen, UCHAR *sigbuf, UINT32 siglen, INT32 type)
{
assert(PublicKey != NULL);
RSA* pPubKey = (RSA*)PublicKey;
//RSA_verify 这里如果使用此函数,可输入msglen不可超过36
INT32 nRet = RSA_verify_ASN1_OCTET_STRING(type, msg, msglen, sigbuf, siglen, pPubKey);
if(nRet != 1)
{
return FALSE;
}
return TRUE;
}
/*
* Verify the signature on an assertion; return SIGRESULT_TRUE is
* success, SIGRESULT_FALSE otherwise.
*/
int
keynote_sigverify_assertion(struct assertion *as)
{
int hashtype, enc, intenc, alg = KEYNOTE_ALGORITHM_NONE, hashlen = 0;
unsigned char *sig, *decoded = NULL, *ptr;
unsigned char res2[20];
SHA_CTX shscontext;
MD5_CTX md5context;
int len = 0;
DSA *dsa;
RSA *rsa;
if (as->as_signature == NULL ||
as->as_startofsignature == NULL ||
as->as_allbutsignature == NULL ||
as->as_allbutsignature - as->as_startofsignature <= 0)
return SIGRESULT_FALSE;
alg = keynote_get_sig_algorithm(as->as_signature, &hashtype, &enc,
&intenc);
if (alg == KEYNOTE_ALGORITHM_NONE)
return SIGRESULT_FALSE;
/* Check for matching algorithms */
if ((alg != as->as_signeralgorithm) &&
!((alg == KEYNOTE_ALGORITHM_RSA) &&
(as->as_signeralgorithm == KEYNOTE_ALGORITHM_X509)) &&
!((alg == KEYNOTE_ALGORITHM_X509) &&
(as->as_signeralgorithm == KEYNOTE_ALGORITHM_RSA)))
return SIGRESULT_FALSE;
sig = strchr(as->as_signature, ':'); /* Move forward to the Encoding. We
* are guaranteed to have a ':'
* character, since this is a valid
* signature */
sig++;
switch (hashtype)
{
case KEYNOTE_HASH_SHA1:
hashlen = 20;
memset(res2, 0, hashlen);
SHA1_Init(&shscontext);
SHA1_Update(&shscontext, as->as_startofsignature,
as->as_allbutsignature - as->as_startofsignature);
SHA1_Update(&shscontext, as->as_signature,
(char *) sig - as->as_signature);
SHA1_Final(res2, &shscontext);
break;
case KEYNOTE_HASH_MD5:
hashlen = 16;
memset(res2, 0, hashlen);
MD5_Init(&md5context);
MD5_Update(&md5context, as->as_startofsignature,
as->as_allbutsignature - as->as_startofsignature);
MD5_Update(&md5context, as->as_signature,
(char *) sig - as->as_signature);
MD5_Final(res2, &md5context);
break;
case KEYNOTE_HASH_NONE:
break;
}
/* Remove ASCII encoding */
switch (enc)
{
case ENCODING_NONE:
ptr = NULL;
break;
case ENCODING_HEX:
len = strlen(sig) / 2;
if (kn_decode_hex(sig, (char **) &decoded) != 0)
return -1;
ptr = decoded;
break;
case ENCODING_BASE64:
len = strlen(sig);
if (len % 4) /* Base64 encoding must be a multiple of 4 */
{
keynote_errno = ERROR_SYNTAX;
return -1;
}
len = 3 * (len / 4);
decoded = calloc(len, sizeof(unsigned char));
ptr = decoded;
if (decoded == NULL) {
keynote_errno = ERROR_MEMORY;
return -1;
}
len = kn_decode_base64(sig, decoded, len);
if ((len == -1) || (len == 0) || (len == 1))
return -1;
break;
case ENCODING_NATIVE:
if ((decoded = strdup(sig)) == NULL) {
keynote_errno = ERROR_MEMORY;
return -1;
}
len = strlen(sig);
ptr = decoded;
break;
default:
keynote_errno = ERROR_SYNTAX;
return -1;
}
/* DSA */
if ((alg == KEYNOTE_ALGORITHM_DSA) && (intenc == INTERNAL_ENC_ASN1))
{
dsa = (DSA *) as->as_authorizer;
if (DSA_verify(0, res2, hashlen, decoded, len, dsa) == 1) {
free(ptr);
return SIGRESULT_TRUE;
}
}
else /* RSA */
if ((alg == KEYNOTE_ALGORITHM_RSA) && (intenc == INTERNAL_ENC_PKCS1))
{
rsa = (RSA *) as->as_authorizer;
if (RSA_verify_ASN1_OCTET_STRING(RSA_PKCS1_PADDING, res2, hashlen,
decoded, len, rsa) == 1) {
free(ptr);
return SIGRESULT_TRUE;
}
}
else
if ((alg == KEYNOTE_ALGORITHM_X509) && (intenc == INTERNAL_ENC_ASN1))
{
/* RSA-specific */
rsa = (RSA *) as->as_authorizer;
if (RSA_verify(NID_shaWithRSAEncryption, res2, hashlen, decoded,
len, rsa) == 1) {
free(ptr);
return SIGRESULT_TRUE;
}
}
/* Handle more algorithms here */
free(ptr);
return SIGRESULT_FALSE;
}
