BOOL PubVerify(RSAKEY PublicKey, const UCHAR *msg, UINT32 msglen, UCHAR *sigbuf, UINT32 siglen, INT32 type) { assert(PublicKey != NULL); RSA* pPubKey = (RSA*)PublicKey; //RSA_verify 这里如果使用此函数,可输入msglen不可超过36 INT32 nRet = RSA_verify_ASN1_OCTET_STRING(type, msg, msglen, sigbuf, siglen, pPubKey); if(nRet != 1) { return FALSE; } return TRUE; }
/* * Verify the signature on an assertion; return SIGRESULT_TRUE is * success, SIGRESULT_FALSE otherwise. */ int keynote_sigverify_assertion(struct assertion *as) { int hashtype, enc, intenc, alg = KEYNOTE_ALGORITHM_NONE, hashlen = 0; unsigned char *sig, *decoded = NULL, *ptr; unsigned char res2[20]; SHA_CTX shscontext; MD5_CTX md5context; int len = 0; DSA *dsa; RSA *rsa; if (as->as_signature == NULL || as->as_startofsignature == NULL || as->as_allbutsignature == NULL || as->as_allbutsignature - as->as_startofsignature <= 0) return SIGRESULT_FALSE; alg = keynote_get_sig_algorithm(as->as_signature, &hashtype, &enc, &intenc); if (alg == KEYNOTE_ALGORITHM_NONE) return SIGRESULT_FALSE; /* Check for matching algorithms */ if ((alg != as->as_signeralgorithm) && !((alg == KEYNOTE_ALGORITHM_RSA) && (as->as_signeralgorithm == KEYNOTE_ALGORITHM_X509)) && !((alg == KEYNOTE_ALGORITHM_X509) && (as->as_signeralgorithm == KEYNOTE_ALGORITHM_RSA))) return SIGRESULT_FALSE; sig = strchr(as->as_signature, ':'); /* Move forward to the Encoding. We * are guaranteed to have a ':' * character, since this is a valid * signature */ sig++; switch (hashtype) { case KEYNOTE_HASH_SHA1: hashlen = 20; memset(res2, 0, hashlen); SHA1_Init(&shscontext); SHA1_Update(&shscontext, as->as_startofsignature, as->as_allbutsignature - as->as_startofsignature); SHA1_Update(&shscontext, as->as_signature, (char *) sig - as->as_signature); SHA1_Final(res2, &shscontext); break; case KEYNOTE_HASH_MD5: hashlen = 16; memset(res2, 0, hashlen); MD5_Init(&md5context); MD5_Update(&md5context, as->as_startofsignature, as->as_allbutsignature - as->as_startofsignature); MD5_Update(&md5context, as->as_signature, (char *) sig - as->as_signature); MD5_Final(res2, &md5context); break; case KEYNOTE_HASH_NONE: break; } /* Remove ASCII encoding */ switch (enc) { case ENCODING_NONE: ptr = NULL; break; case ENCODING_HEX: len = strlen(sig) / 2; if (kn_decode_hex(sig, (char **) &decoded) != 0) return -1; ptr = decoded; break; case ENCODING_BASE64: len = strlen(sig); if (len % 4) /* Base64 encoding must be a multiple of 4 */ { keynote_errno = ERROR_SYNTAX; return -1; } len = 3 * (len / 4); decoded = calloc(len, sizeof(unsigned char)); ptr = decoded; if (decoded == NULL) { keynote_errno = ERROR_MEMORY; return -1; } len = kn_decode_base64(sig, decoded, len); if ((len == -1) || (len == 0) || (len == 1)) return -1; break; case ENCODING_NATIVE: if ((decoded = strdup(sig)) == NULL) { keynote_errno = ERROR_MEMORY; return -1; } len = strlen(sig); ptr = decoded; break; default: keynote_errno = ERROR_SYNTAX; return -1; } /* DSA */ if ((alg == KEYNOTE_ALGORITHM_DSA) && (intenc == INTERNAL_ENC_ASN1)) { dsa = (DSA *) as->as_authorizer; if (DSA_verify(0, res2, hashlen, decoded, len, dsa) == 1) { free(ptr); return SIGRESULT_TRUE; } } else /* RSA */ if ((alg == KEYNOTE_ALGORITHM_RSA) && (intenc == INTERNAL_ENC_PKCS1)) { rsa = (RSA *) as->as_authorizer; if (RSA_verify_ASN1_OCTET_STRING(RSA_PKCS1_PADDING, res2, hashlen, decoded, len, rsa) == 1) { free(ptr); return SIGRESULT_TRUE; } } else if ((alg == KEYNOTE_ALGORITHM_X509) && (intenc == INTERNAL_ENC_ASN1)) { /* RSA-specific */ rsa = (RSA *) as->as_authorizer; if (RSA_verify(NID_shaWithRSAEncryption, res2, hashlen, decoded, len, rsa) == 1) { free(ptr); return SIGRESULT_TRUE; } } /* Handle more algorithms here */ free(ptr); return SIGRESULT_FALSE; }