KHealthCertificate

verify.cpp
1/*
2 * SPDX-FileCopyrightText: 2021 Volker Krause <vkrause@kde.org>
3 * SPDX-License-Identifier: LGPL-2.0-or-later
4 */
5
6#include "verify_p.h"
7#include "logging.h"
8
9#include "openssl/bignum_p.h"
10
11#include <openssl/err.h>
12
13bool Verify::verifyECDSA(
14 const openssl::evp_pkey_ptr &pkey, const EVP_MD *digest,
15 const char *data, std::size_t dataSize,
16 const char *signature, std::size_t signatureSize)
17{
18 if (!pkey) {
19 qCWarning(Log) << "no key provided";
20 return false;
21 }
22
23 const openssl::ec_key_ptr ecKey(EVP_PKEY_get1_EC_KEY(pkey.get()));
24
25 // compute hash of the signed data
26 uint8_t digestData[EVP_MAX_MD_SIZE];
27 uint32_t digestSize = 0;
28 EVP_Digest(reinterpret_cast<const uint8_t*>(data), dataSize, digestData, &digestSize, digest, nullptr);
29 if (digestSize * 2 != signatureSize || EVP_PKEY_bits(pkey.get()) != 4 * (int)signatureSize) {
30 qCWarning(Log) << "digest size mismatch!?" << digestSize << signatureSize;
31 return false;
32 }
33
34 // unpack the signature field
35 auto r = Bignum::fromByteArray(signature, signatureSize / 2);
36 auto s = Bignum::fromByteArray(signature + signatureSize / 2, signatureSize / 2);
37
38 // verify
39 const openssl::ecdsa_sig_ptr sig(ECDSA_SIG_new());
40 ECDSA_SIG_set0(sig.get(), r.release(), s.release());
41 const auto verifyResult = ECDSA_do_verify(digestData, digestSize, sig.get(), ecKey.get());
42 switch (verifyResult) {
43 case -1: // technical issue
44 qCWarning(Log) << "Failed to verify signature:" << ERR_error_string(ERR_get_error(), nullptr);
45 return false;
46 case 0: // invalid signature
47 return false;
48 case 1: // valid signature;
49 return true;
50 }
51
52 Q_UNREACHABLE();
53 return false;
54}
This file is part of the KDE documentation.
Documentation copyright © 1996-2024 The KDE developers.
Generated on Sat Dec 21 2024 17:01:52 by doxygen 1.12.0 written by Dimitri van Heesch, © 1997-2006

KDE's Doxygen guidelines are available online.