in source/darwin/securityframework_ecc.c [69:95]
static int s_verify_signature(
const struct aws_ecc_key_pair *key_pair,
const struct aws_byte_cursor *message,
const struct aws_byte_cursor *signature) {
struct commoncrypto_ecc_key_pair *cc_key = key_pair->impl;
if (!cc_key->pub_key_ref) {
return aws_raise_error(AWS_ERROR_CAL_MISSING_REQUIRED_KEY_COMPONENT);
}
CFDataRef hash_ref = CFDataCreateWithBytesNoCopy(NULL, message->ptr, message->len, kCFAllocatorNull);
CFDataRef signature_ref = CFDataCreateWithBytesNoCopy(NULL, signature->ptr, signature->len, kCFAllocatorNull);
AWS_FATAL_ASSERT(hash_ref && "No allocations should have happened here, this function shouldn't be able to fail.");
AWS_FATAL_ASSERT(
signature_ref && "No allocations should have happened here, this function shouldn't be able to fail.");
CFErrorRef error = NULL;
bool verified = SecKeyVerifySignature(
cc_key->pub_key_ref, kSecKeyAlgorithmECDSASignatureDigestX962, hash_ref, signature_ref, &error);
CFRelease(signature_ref);
CFRelease(hash_ref);
return verified ? AWS_OP_SUCCESS : aws_raise_error(AWS_ERROR_CAL_SIGNATURE_VALIDATION_FAILED);
}