start_timing(&timing);
for (round = 0; round < rounds; round++)
{
- if (!public->verify(public, scheme, data, sigs[round]))
+ if (!public->verify(public, scheme, NULL, data, sigs[round]))
{
printf("signature verification failed\n");
exit(1);
}
METHOD(public_key_t, verify, bool,
- private_tkm_public_key_t *this, signature_scheme_t scheme,
+ private_tkm_public_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t signature)
{
return TRUE;
id, auth, TRUE);
while (enumerator->enumerate(enumerator, &public, ¤t_auth))
{
- if (public->verify(public, scheme, hash, sig))
+ if (public->verify(public, scheme, NULL, hash, sig))
{
DBG1(DBG_IKE, "authentication of '%Y' with %N successful",
id, signature_scheme_names, scheme);
key_type, id, auth, online);
while (enumerator->enumerate(enumerator, &public, ¤t_auth))
{
- if (public->verify(public, scheme, octets, auth_data))
+ if (public->verify(public, scheme, NULL, octets, auth_data))
{
DBG1(DBG_IKE, "authentication of '%Y' with %N successful", id,
auth_method == AUTH_DS ? signature_scheme_names : auth_method_names,
return FALSE;
}
- if (!aik_pubkey->verify(aik_pubkey, scheme, digest, signature))
+ if (!aik_pubkey->verify(aik_pubkey, scheme, NULL, digest, signature))
{
DBG1(DBG_PTS, "signature verification failed for TPM Quote Info");
DESTROY_IF(aik_pubkey);
/*
- * Copyright (C) 2015 Tobias Brunner
- * Copyright (C) 2007 Martin Willi
+ * Copyright (C) 2015-2017 Tobias Brunner
* Copyright (C) 2014-2016 Andreas Steffen
+ * Copyright (C) 2007 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
/*
- * Copyright (C) 2015 Tobias Brunner
- * Copyright (C) 2007 Martin Willi
+ * Copyright (C) 2015-2017 Tobias Brunner
* Copyright (C) 2014-2017 Andreas Steffen
+ * Copyright (C) 2007 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
/**
* Verifies a signature against a chunk of data.
*
- * @param scheme signature scheme to use for verification, may be default
+ * @param scheme signature scheme to use for verification
+ * @param params optional parameters required by the specified scheme
* @param data data to check signature against
* @param signature signature to check
* @return TRUE if signature matches
*/
- bool (*verify)(public_key_t *this, signature_scheme_t scheme,
+ bool (*verify)(public_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t signature);
/**
}
METHOD(public_key_t, verify, bool,
- private_bliss_public_key_t *this, signature_scheme_t scheme,
+ private_bliss_public_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t signature)
{
switch (scheme)
{
ck_assert(privkey->sign(privkey, signature_scheme, msg,
&signature));
- ck_assert(pubkey->verify(pubkey, signature_scheme, msg,
+ ck_assert(pubkey->verify(pubkey, signature_scheme, NULL, msg,
signature));
free(signature.ptr);
}
ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA2_512, msg, &signature));
/* verify with invalid signature scheme */
- ck_assert(!pubkey->verify(pubkey, SIGN_UNKNOWN, msg, signature));
+ ck_assert(!pubkey->verify(pubkey, SIGN_UNKNOWN, NULL, msg, signature));
/* corrupt signature */
signature.ptr[signature.len - 1] ^= 0x80;
- ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA2_512, msg, signature));
+ ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA2_512, NULL, msg, signature));
free(signature.ptr);
privkey->destroy(privkey);
METHOD(public_key_t, verify, bool,
private_curve25519_public_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t signature)
+ void *params, chunk_t data, chunk_t signature)
{
hasher_t *hasher;
uint8_t d = 0, k[HASH_SIZE_SHA512], r[32], *sig;
METHOD(public_key_t, verify, bool,
private_gcrypt_rsa_public_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t signature)
+ void *params, chunk_t data, chunk_t signature)
{
switch (scheme)
{
}
METHOD(public_key_t, verify, bool,
- private_gmp_rsa_public_key_t *this, signature_scheme_t scheme,
+ private_gmp_rsa_public_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t signature)
{
switch (scheme)
tbs = openssl_i2chunk(X509_CRL_INFO, this->crl->crl);
#endif
X509_CRL_get0_signature(this->crl, &sig, NULL);
- valid = key->verify(key, this->scheme, tbs, openssl_asn1_str2chunk(sig));
+ valid = key->verify(key, this->scheme, NULL, tbs,
+ openssl_asn1_str2chunk(sig));
free(tbs.ptr);
key->destroy(key);
if (valid && scheme)
METHOD(public_key_t, verify, bool,
private_openssl_ec_public_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t signature)
+ void *params, chunk_t data, chunk_t signature)
{
switch (scheme)
{
key = cert->get_public_key(cert);
if (key)
{
- if (key->verify(key, signature_scheme_from_oid(hash_oid),
+ if (key->verify(key, signature_scheme_from_oid(hash_oid), NULL,
attrs, sig))
{
found = auth->clone(auth);
METHOD(public_key_t, verify, bool,
private_openssl_rsa_public_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t signature)
+ void *params, chunk_t data, chunk_t signature)
{
switch (scheme)
{
tbs = openssl_i2chunk(X509_CINF, this->x509->cert_info);
#endif
X509_get0_signature(&sig, NULL, this->x509);
- valid = key->verify(key, this->scheme, tbs, openssl_asn1_str2chunk(sig));
+ valid = key->verify(key, this->scheme, NULL, tbs,
+ openssl_asn1_str2chunk(sig));
free(tbs.ptr);
key->destroy(key);
if (valid && scheme)
}
METHOD(public_key_t, verify, bool,
- private_pkcs11_public_key_t *this, signature_scheme_t scheme,
+ private_pkcs11_public_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t sig)
{
CK_MECHANISM_PTR mechanism;
if (key)
{
chunk = info->attributes->get_encoding(info->attributes);
- if (key->verify(key, scheme, chunk, info->encrypted_digest))
+ if (key->verify(key, scheme, NULL, chunk,
+ info->encrypted_digest))
{
this->auth = auth->clone(auth);
key->destroy(key);
{
return FALSE;
}
- valid = key->verify(key, scheme, this->certificateInfo, this->signature);
+ valid = key->verify(key, scheme, NULL, this->certificateInfo,
+ this->signature);
key->destroy(key);
if (valid && schemep)
{
{
return FALSE;
}
- valid = key->verify(key, scheme, this->tbsCertificate, this->signature);
+ valid = key->verify(key, scheme, NULL, this->tbsCertificate,
+ this->signature);
key->destroy(key);
if (valid && schemep)
{
{
return FALSE;
}
- valid = key->verify(key, scheme, this->tbsCertList, this->signature);
+ valid = key->verify(key, scheme, NULL, this->tbsCertList, this->signature);
key->destroy(key);
if (valid && schemep)
{
{
return FALSE;
}
- valid = key->verify(key, scheme, this->tbsResponseData, this->signature);
+ valid = key->verify(key, scheme, NULL, this->tbsResponseData,
+ this->signature);
key->destroy(key);
if (valid && schemep)
{
{
return FALSE;
}
- valid = key->verify(key, scheme, this->certificationRequestInfo,
+ valid = key->verify(key, scheme, NULL, this->certificationRequestInfo,
this->signature);
if (valid && schemep)
{
}
fail_unless(privkey->sign(privkey, schemes[i].scheme, data, &sig),
"sign %N", signature_scheme_names, schemes[i].scheme);
- fail_unless(pubkey->verify(pubkey, schemes[i].scheme, data, sig),
+ fail_unless(pubkey->verify(pubkey, schemes[i].scheme, NULL, data, sig),
"verify %N", signature_scheme_names, schemes[i].scheme);
free(sig.ptr);
}
for (i = 0; i < countof(invalid_sigs); i++)
{
fail_if(
- pubkey->verify(pubkey, schemes[s].scheme, data, invalid_sigs[i]),
+ pubkey->verify(pubkey, schemes[s].scheme, NULL, data,
+ invalid_sigs[i]),
"bad %N sig accepted %B",
signature_scheme_names, schemes[s].scheme,
&invalid_sigs[i]);
ck_assert(chunk_equals(sig, sig_tests[_i].sig));
/* verify */
- ck_assert(pubkey->verify(pubkey, SIGN_ED25519, sig_tests[_i].msg,
- sig_tests[_i].sig));
+ ck_assert(pubkey->verify(pubkey, SIGN_ED25519, NULL, sig_tests[_i].msg,
+ sig_tests[_i].sig));
/* cleanup */
key->destroy(key);
ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, msg, NULL));
/* verify with wrong signature scheme */
- ck_assert(!pubkey->verify(pubkey, SIGN_ED448, msg, sig));
+ ck_assert(!pubkey->verify(pubkey, SIGN_ED448, NULL, msg, sig));
/* verify with correct signature scheme */
- ck_assert(pubkey->verify(pubkey, SIGN_ED25519, msg, sig));
+ ck_assert(pubkey->verify(pubkey, SIGN_ED25519, NULL, msg, sig));
/* cleanup */
key->destroy(key);
ck_assert(key->sign(key, SIGN_ED25519, msg, &sig));
pubkey = key->get_public_key(key);
ck_assert(pubkey != NULL);
- ck_assert(pubkey->verify(pubkey, SIGN_ED25519, msg, sig));
+ ck_assert(pubkey->verify(pubkey, SIGN_ED25519, NULL, msg, sig));
key->destroy(key);
pubkey->destroy(pubkey);
chunk_free(&sig);
BUILD_BLOB_ASN1_DER, sig_tests[0].pubkey, BUILD_END);
ck_assert(pubkey != NULL);
- ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, chunk_empty, chunk_empty));
+ ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, NULL, chunk_empty,
+ chunk_empty));
/* malformed signature */
sig = chunk_create(sig1, 64);
memcpy(sig1, sig_tests[0].sig.ptr, 64);
sig1[63] |= 0xe0;
- ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, sig_tests[0].msg, sig));
+ ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, NULL, sig_tests[0].msg,
+ sig));
/* wrong signature */
memcpy(sig1, sig_tests[0].sig.ptr, 64);
sig1[0] = 0xe4;
- ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, sig_tests[0].msg, sig));
+ ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, NULL, sig_tests[0].msg,
+ sig));
/* detect all-zeroes public key */
pubkey->destroy(pubkey);
pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
BUILD_BLOB_ASN1_DER, zero_pk, BUILD_END);
ck_assert(pubkey != NULL);
- ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, sig_tests[0].msg, sig));
+ ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, NULL, sig_tests[0].msg,
+ sig));
pubkey->destroy(pubkey);
}
END_TEST
}
fail_unless(privkey->sign(privkey, schemes[i], data, &sig),
"sign %N", signature_scheme_names, schemes[i]);
- fail_unless(pubkey->verify(pubkey, schemes[i], data, sig),
+ fail_unless(pubkey->verify(pubkey, schemes[i], NULL, data, sig),
"verify %N", signature_scheme_names, schemes[i]);
free(sig.ptr);
}
for (i = 0; i < countof(invalid_sigs); i++)
{
fail_if(
- pubkey->verify(pubkey, schemes[s], data, invalid_sigs[i]),
+ pubkey->verify(pubkey, schemes[s], NULL, data, invalid_sigs[i]),
"bad %N sig accepted %B", signature_scheme_names, schemes[s],
&invalid_sigs[i]);
}
tls_signature_algorithm_names, alg);
return FALSE;
}
- if (!key->verify(key, scheme, data, sig))
+ if (!key->verify(key, scheme, NULL, data, sig))
{
return FALSE;
}
{
return FALSE;
}
- done = key->verify(key, SIGN_RSA_EMSA_PKCS1_NULL, hash, sig);
+ done = key->verify(key, SIGN_RSA_EMSA_PKCS1_NULL, NULL, hash,
+ sig);
free(hash.ptr);
if (!done)
{
DBG2(DBG_TLS, "verified signature data with MD5+SHA1/RSA");
break;
case KEY_ECDSA:
- if (!key->verify(key, SIGN_ECDSA_WITH_SHA1_DER, data, sig))
+ if (!key->verify(key, SIGN_ECDSA_WITH_SHA1_DER, NULL, data,
+ sig))
{
return FALSE;
}
projects / thirdparty / strongswan.git / commitdiff
