-/*
- * Verify the signature on the certificate with the provided public key.
- * This function checks the public key type with regards to the expected
- * type. Returned value is either 0 on success, or a non-zero error code.
- */
-static int
-verify_signature(br_x509_minimal_context *ctx, const br_x509_pkey *pk)
-{
- int kt;
-
- kt = ctx->cert_signer_key_type;
- if ((pk->key_type & 0x0F) != kt) {
- return BR_ERR_X509_WRONG_KEY_TYPE;
- }
- switch (kt) {
- unsigned char tmp[64];
-
- case BR_KEYTYPE_RSA:
- if (ctx->irsa == 0) {
- return BR_ERR_X509_UNSUPPORTED;
- }
- if (!ctx->irsa(ctx->cert_sig, ctx->cert_sig_len,
- &t0_datablock[ctx->cert_sig_hash_oid],
- ctx->cert_sig_hash_len, &pk->key.rsa, tmp))
- {
- return BR_ERR_X509_BAD_SIGNATURE;
- }
- if (memcmp(ctx->tbs_hash, tmp, ctx->cert_sig_hash_len) != 0) {
- return BR_ERR_X509_BAD_SIGNATURE;
- }
- return 0;
-
- case BR_KEYTYPE_EC:
- if (ctx->iecdsa == 0) {
- return BR_ERR_X509_UNSUPPORTED;
- }
- if (!ctx->iecdsa(ctx->iec, ctx->tbs_hash,
- ctx->cert_sig_hash_len, &pk->key.ec,
- ctx->cert_sig, ctx->cert_sig_len))
- {
- return BR_ERR_X509_BAD_SIGNATURE;
- }
- return 0;
-
- default:
- return BR_ERR_X509_UNSUPPORTED;
- }
-}
-