MCPcopy
hub / github.com/tjfoc/gmsm / verifyHandshakeSignature

Function verifyHandshakeSignature

gmtls/auth.go:89–144  ·  view source on GitHub ↗

verifyHandshakeSignature verifies a signature against pre-hashed handshake contents.

(sigType uint8, pubkey crypto.PublicKey, hashFunc crypto.Hash, digest, sig []byte)

Source from the content-addressed store, hash-verified

87// verifyHandshakeSignature verifies a signature against pre-hashed handshake
88// contents.
89func verifyHandshakeSignature(sigType uint8, pubkey crypto.PublicKey, hashFunc crypto.Hash, digest, sig []byte) error {
90 switch sigType {
91 case signatureECDSA:
92 pubKey, ok := pubkey.(*ecdsa.PublicKey)
93 if !ok {
94 return errors.New("tls: ECDSA signing requires a ECDSA public key")
95 }
96 ecdsaSig := new(ecdsaSignature)
97 if _, err := asn1.Unmarshal(sig, ecdsaSig); err != nil {
98 return err
99 }
100 if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 {
101 return errors.New("tls: ECDSA signature contained zero or negative values")
102 }
103 if pubKey.Curve == sm2.P256Sm2() {
104 sm2Public := sm2.PublicKey{
105 Curve: pubKey.Curve,
106 X: pubKey.X,
107 Y: pubKey.Y,
108 }
109 if !sm2Public.Verify(digest, sig) {
110 return errors.New("tls: SM2 verification failure")
111 }
112 } else if !ecdsa.Verify(pubKey, digest, ecdsaSig.R, ecdsaSig.S) {
113 return errors.New("tls: ECDSA verification failure")
114 }
115 case signaturePKCS1v15:
116 pubKey, ok := pubkey.(*rsa.PublicKey)
117 if !ok {
118 return errors.New("tls: RSA signing requires a RSA public key")
119 }
120 if err := rsa.VerifyPKCS1v15(pubKey, hashFunc, digest, sig); err != nil {
121 return err
122 }
123 case signatureRSAPSS:
124 pubKey, ok := pubkey.(*rsa.PublicKey)
125 if !ok {
126 return errors.New("tls: RSA signing requires a RSA public key")
127 }
128 signOpts := &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash}
129 if err := rsa.VerifyPSS(pubKey, hashFunc, digest, sig, signOpts); err != nil {
130 return err
131 }
132 case signatureSM2:
133 pubKey, ok := pubkey.(*sm2.PublicKey)
134 if !ok {
135 return errors.New("tls: SM2 signing requires a SM2 public key")
136 }
137 if ok := pubKey.Verify(digest, sig); !ok {
138 return errors.New("verify sm2 signature error")
139 }
140 default:
141 return errors.New("tls: unknown signature algorithm")
142 }
143 return nil
144}

Callers 5

doFullHandshakeMethod · 0.85
doFullHandshakeMethod · 0.85
doFullHandshakeMethod · 0.85

Calls 5

VerifyMethod · 0.95
P256Sm2Function · 0.92
NewMethod · 0.80
SignMethod · 0.80
VerifyMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…