Certificate_Status_Code Response::verify_signature(const X509_Certificate& issuer) const { if (m_responses.empty()) return m_dummy_response_status; try { std::unique_ptr<Public_Key> pub_key(issuer.subject_public_key()); const std::vector<std::string> sig_info = split_on(OIDS::lookup(m_sig_algo.get_oid()), '/'); if(sig_info.size() != 2 || sig_info[0] != pub_key->algo_name()) return Certificate_Status_Code::OCSP_RESPONSE_INVALID; std::string padding = sig_info[1]; Signature_Format format = (pub_key->message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; PK_Verifier verifier(*pub_key, padding, format); if(verifier.verify_message(ASN1::put_in_sequence(m_tbs_bits), m_signature)) return Certificate_Status_Code::OCSP_SIGNATURE_OK; else return Certificate_Status_Code::OCSP_SIGNATURE_ERROR; } catch(Exception&) { return Certificate_Status_Code::OCSP_SIGNATURE_ERROR; } }
/* * Verify a Certificate Verify message */ bool Certificate_Verify::verify(const X509_Certificate& cert, const Handshake_State& state, const Policy& policy) const { std::unique_ptr<Public_Key> key(cert.subject_public_key()); policy.check_peer_key_acceptable(*key); std::pair<std::string, Signature_Format> format = state.parse_sig_format(*key.get(), m_hash_algo, m_sig_algo, true, policy); PK_Verifier verifier(*key, format.first, format.second); return verifier.verify_message(state.hash().get_contents(), m_signature); }
/* * Verify a Certificate Verify message */ bool Certificate_Verify::verify(const X509_Certificate& cert, const Handshake_State& state, const Policy& policy) const { std::unique_ptr<Public_Key> key(cert.subject_public_key()); policy.check_peer_key_acceptable(*key); std::pair<std::string, Signature_Format> format = state.parse_sig_format(*key.get(), m_scheme, true, policy); const bool signature_valid = state.callbacks().tls_verify_message(*key, format.first, format.second, state.hash().get_contents(), m_signature); #if defined(BOTAN_UNSAFE_FUZZER_MODE) return true; #else return signature_valid; #endif }
/** * Verify a Certificate Verify message */ bool Certificate_Verify::verify(const X509_Certificate& cert, HandshakeHash& hash) { // FIXME: duplicate of Server_Key_Exchange::verify std::auto_ptr<Public_Key> key(cert.subject_public_key()); std::string padding = ""; Signature_Format format = IEEE_1363; if(key->algo_name() == "RSA") padding = "EMSA3(TLS.Digest.0)"; else if(key->algo_name() == "DSA") { padding == "EMSA1(SHA-1)"; format = DER_SEQUENCE; } else throw Invalid_Argument(key->algo_name() + " is invalid/unknown for TLS signatures"); PK_Verifier verifier(*key, padding, format); return verifier.verify_message(hash.final(), signature); }