MCPcopy
hub / github.com/tjfoc/gmsm / checkSignature

Function checkSignature

x509/x509.go:972–1048  ·  view source on GitHub ↗

CheckSignature verifies that signature is a valid signature over signed from a crypto.PublicKey.

(algo SignatureAlgorithm, signed, signature []byte, publicKey crypto.PublicKey)

Source from the content-addressed store, hash-verified

970// CheckSignature verifies that signature is a valid signature over signed from
971// a crypto.PublicKey.
972func checkSignature(algo SignatureAlgorithm, signed, signature []byte, publicKey crypto.PublicKey) (err error) {
973 var hashType Hash
974 switch algo {
975 case SHA1WithRSA, DSAWithSHA1, ECDSAWithSHA1, SM2WithSHA1:
976 hashType = SHA1
977 case SHA256WithRSA, SHA256WithRSAPSS, DSAWithSHA256, ECDSAWithSHA256, SM2WithSHA256:
978 hashType = SHA256
979 case SHA384WithRSA, SHA384WithRSAPSS, ECDSAWithSHA384:
980 hashType = SHA384
981 case SHA512WithRSA, SHA512WithRSAPSS, ECDSAWithSHA512:
982 hashType = SHA512
983 case MD2WithRSA, MD5WithRSA:
984 return InsecureAlgorithmError(algo)
985 case SM2WithSM3: // SM3WithRSA reserve
986 hashType = SM3
987 default:
988 return ErrUnsupportedAlgorithm
989 }
990
991 if !hashType.Available() {
992 return ErrUnsupportedAlgorithm
993 }
994 fnHash := func() []byte {
995 h := hashType.New()
996 h.Write(signed)
997 return h.Sum(nil)
998 }
999 switch pub := publicKey.(type) {
1000 case *rsa.PublicKey:
1001 if algo.isRSAPSS() {
1002 return rsa.VerifyPSS(pub, crypto.Hash(hashType), fnHash(), signature, &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash})
1003 } else {
1004 return rsa.VerifyPKCS1v15(pub, crypto.Hash(hashType), fnHash(), signature)
1005 }
1006 case *dsa.PublicKey:
1007 dsaSig := new(dsaSignature)
1008 if rest, err := asn1.Unmarshal(signature, dsaSig); err != nil {
1009 return err
1010 } else if len(rest) != 0 {
1011 return errors.New("x509: trailing data after DSA signature")
1012 }
1013 if dsaSig.R.Sign() <= 0 || dsaSig.S.Sign() <= 0 {
1014 return errors.New("x509: DSA signature contained zero or negative values")
1015 }
1016 if !dsa.Verify(pub, fnHash(), dsaSig.R, dsaSig.S) {
1017 return errors.New("x509: DSA verification failure")
1018 }
1019 return
1020 case *ecdsa.PublicKey:
1021 ecdsaSig := new(ecdsaSignature)
1022 if rest, err := asn1.Unmarshal(signature, ecdsaSig); err != nil {
1023 return err
1024 } else if len(rest) != 0 {
1025 return errors.New("x509: trailing data after ECDSA signature")
1026 }
1027 if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 {
1028 return errors.New("x509: ECDSA signature contained zero or negative values")
1029 }

Callers 2

CheckSignatureMethod · 0.85
CheckSignatureMethod · 0.85

Calls 10

AvailableMethod · 0.95
NewMethod · 0.95
P256Sm2Function · 0.92
Sm2VerifyFunction · 0.92
InsecureAlgorithmErrorTypeAlias · 0.85
isRSAPSSMethod · 0.80
SignMethod · 0.80
WriteMethod · 0.45
SumMethod · 0.45
VerifyMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…