static int xmlSecMSCngSignatureVerify(xmlSecTransformPtr transform, const xmlSecByte* data, xmlSecSize dataSize, xmlSecTransformCtxPtr transformCtx) { xmlSecMSCngSignatureCtxPtr ctx; BCRYPT_KEY_HANDLE pubkey; NTSTATUS status; int ret; xmlSecAssert2(xmlSecMSCngSignatureCheckId(transform), -1); xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngSignatureSize), -1); xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1); xmlSecAssert2(data != NULL, -1); xmlSecAssert2(dataSize > 0, -1); xmlSecAssert2(transformCtx != NULL, -1); ctx = xmlSecMSCngSignatureGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); pubkey = xmlSecMSCngKeyDataGetKey(ctx->data, xmlSecKeyDataTypePublic); if(pubkey == 0) { xmlSecInternalError("xmlSecMSCngKeyDataGetKey", xmlSecTransformGetName(transform)); return(-1); } status = BCryptVerifySignature( pubkey, NULL, ctx->pbHash, ctx->cbHash, (PBYTE)data, dataSize, 0); if(status != STATUS_SUCCESS) { if(status == STATUS_INVALID_SIGNATURE) { xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, xmlSecTransformGetName(transform), "BCryptVerifySignature: the signature was not verified"); transform->status = xmlSecTransformStatusFail; return(-1); } else { xmlSecMSCngNtError("BCryptVerifySignature", xmlSecTransformGetName(transform), status); return(-1); } } transform->status = xmlSecTransformStatusOk; return(0); }
int _libssh2_wincng_key_sha1_verify(_libssh2_wincng_key_ctx *ctx, const unsigned char *sig, unsigned long sig_len, const unsigned char *m, unsigned long m_len, unsigned long flags) { BCRYPT_PKCS1_PADDING_INFO paddingInfoPKCS1; void *pPaddingInfo; unsigned char *data, *hash; unsigned long datalen, hashlen; int ret; datalen = m_len; data = malloc(datalen); if (!data) { return -1; } hashlen = SHA_DIGEST_LENGTH; hash = malloc(hashlen); if (!hash) { free(data); return -1; } memcpy(data, m, datalen); ret = _libssh2_wincng_hash(data, datalen, _libssh2_wincng.hAlgHashSHA1, hash, hashlen); free(data); if (ret) { free(hash); return -1; } datalen = sig_len; data = malloc(datalen); if (!data) { free(hash); return -1; } if (flags & BCRYPT_PAD_PKCS1) { paddingInfoPKCS1.pszAlgId = BCRYPT_SHA1_ALGORITHM; pPaddingInfo = &paddingInfoPKCS1; } else pPaddingInfo = NULL; memcpy(data, sig, datalen); ret = BCryptVerifySignature(ctx->hKey, pPaddingInfo, hash, hashlen, data, datalen, flags); free(hash); free(data); return BCRYPT_SUCCESS(ret) ? 0 : -1; }