bool EAC_Signed_Object::check_signature(Public_Key& pub_key, const MemoryRegion<byte>& sig) const { try { std::vector<std::string> sig_info = split_on(OIDS::lookup(sig_algo.oid), '/'); if(sig_info.size() != 2 || sig_info[0] != pub_key.algo_name()) { return false; } std::string padding = sig_info[1]; Signature_Format format = (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; SecureVector<byte> to_sign = tbs_data(); PK_Verifier verifier(pub_key, padding, format); return verifier.verify_message(to_sign, sig); } catch(...) { return false; } }
/* * Check the signature on an object */ bool X509_Object::check_signature(const Public_Key& pub_key) const { try { std::vector<std::string> sig_info = split_on(OIDS::lookup(m_sig_algo.oid), '/'); if(sig_info.size() != 2 || sig_info[0] != pub_key.algo_name()) return false; std::string padding = sig_info[1]; Signature_Format format = (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; PK_Verifier verifier(pub_key, padding, format); return verifier.verify_message(tbs_data(), signature()); } catch(std::exception&) { return false; } }
bool EAC1_1_CVC::operator==(EAC1_1_CVC const& rhs) const { return (tbs_data() == rhs.tbs_data() && get_concat_sig() == rhs.get_concat_sig()); }
Certificate_Status_Code X509_Object::verify_signature(const Public_Key& pub_key) const { const std::vector<std::string> sig_info = split_on(OIDS::lookup(m_sig_algo.get_oid()), '/'); if(sig_info.size() < 1 || sig_info.size() > 2 || sig_info[0] != pub_key.algo_name()) return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS; std::string padding; if(sig_info.size() == 2) padding = sig_info[1]; else if(sig_info[0] == "Ed25519") padding = "Pure"; else return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS; const Signature_Format format = (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; if(padding == "EMSA4") { // "MUST contain RSASSA-PSS-params" if(signature_algorithm().parameters.empty()) { return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS; } Pss_params pss_parameter = decode_pss_params(signature_algorithm().parameters); // hash_algo must be SHA1, SHA2-224, SHA2-256, SHA2-384 or SHA2-512 const std::string hash_algo = OIDS::lookup(pss_parameter.hash_algo.oid); if(hash_algo != "SHA-160" && hash_algo != "SHA-224" && hash_algo != "SHA-256" && hash_algo != "SHA-384" && hash_algo != "SHA-512") { return Certificate_Status_Code::UNTRUSTED_HASH; } const std::string mgf_algo = OIDS::lookup(pss_parameter.mask_gen_algo.oid); if(mgf_algo != "MGF1") { return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS; } // For MGF1, it is strongly RECOMMENDED that the underlying hash function be the same as the one identified by hashAlgorithm // Must be SHA1, SHA2-224, SHA2-256, SHA2-384 or SHA2-512 if(pss_parameter.mask_gen_hash.oid != pss_parameter.hash_algo.oid) { return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS; } if(pss_parameter.trailer_field != 1) { return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS; } // salt_len is actually not used for verification. Length is inferred from the signature padding += "(" + hash_algo + "," + mgf_algo + "," + std::to_string(pss_parameter.salt_len) + ")"; } try { PK_Verifier verifier(pub_key, padding, format); const bool valid = verifier.verify_message(tbs_data(), signature()); if(valid) return Certificate_Status_Code::VERIFIED; else return Certificate_Status_Code::SIGNATURE_ERROR; } catch(Algorithm_Not_Found&) { return Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN; } catch(...) { // This shouldn't happen, fallback to generic signature error return Certificate_Status_Code::SIGNATURE_ERROR; } }