in components/crypto/source/iot_crypto.c [184:241]
static BaseType_t prvVerifySignature( char * pcSignerCertificate,
size_t xSignerCertificateLength,
BaseType_t xHashAlgorithm,
uint8_t * pucHash,
size_t xHashLength,
uint8_t * pucSignature,
size_t xSignatureLength )
{
BaseType_t xResult = pdTRUE;
mbedtls_x509_crt xCertCtx;
mbedtls_md_type_t xMbedHashAlg = MBEDTLS_MD_SHA256;
memset( &xCertCtx, 0, sizeof( mbedtls_x509_crt ) );
/*
* Map the hash algorithm
*/
if( cryptoHASH_ALGORITHM_SHA1 == xHashAlgorithm )
{
xMbedHashAlg = MBEDTLS_MD_SHA1;
}
/*
* Decode and create a certificate context
*/
mbedtls_x509_crt_init( &xCertCtx );
if( 0 != mbedtls_x509_crt_parse(
&xCertCtx, ( const unsigned char * ) pcSignerCertificate, xSignerCertificateLength ) )
{
xResult = pdFALSE;
}
/*
* Verify the signature using the public key from the decoded certificate
*/
if( pdTRUE == xResult )
{
if( 0 != mbedtls_pk_verify(
&xCertCtx.pk,
xMbedHashAlg,
pucHash,
xHashLength,
pucSignature,
xSignatureLength ) )
{
xResult = pdFALSE;
}
}
/*
* Clean-up
*/
mbedtls_x509_crt_free( &xCertCtx );
return xResult;
}