in ports/mbedTLS/azure_iot_jws_mbedtls.c [637:698]
static AzureIoTResult_t prvVerifySHAMatch( prvJWSValidationContext_t * pxManifestContext,
const uint8_t * pucManifest,
uint32_t ulManifestLength )
{
AzureIoTJSONReader_t xJSONReader;
AzureIoTResult_t ulVerificationResult;
az_result xCoreResult;
ulVerificationResult = prvJWS_SHA256Calculate( pucManifest,
ulManifestLength,
pxManifestContext->ucManifestSHACalculation );
if( ulVerificationResult != eAzureIoTSuccess )
{
AZLogError( ( "[JWS] SHA256 Calculation failed" ) );
return ulVerificationResult;
}
AzureIoTJSONReader_Init( &xJSONReader, pxManifestContext->ucJWSPayload, pxManifestContext->outJWSPayloadLength );
if( prvFindManifestSHA( &xJSONReader, &pxManifestContext->sha256Span ) != eAzureIoTSuccess )
{
AZLogError( ( "Error finding manifest signature SHA" ) );
return eAzureIoTErrorFailed;
}
xCoreResult = az_base64_decode( az_span_create( pxManifestContext->ucParsedManifestSha, azureiotjwsSHA256_SIZE ),
pxManifestContext->sha256Span,
&pxManifestContext->outParsedManifestShaSize );
if( az_result_failed( xCoreResult ) )
{
AZLogError( ( "[JWS] az_base64_decode failed: result 0x%08x", ( uint16_t ) xCoreResult ) );
if( xCoreResult == AZ_ERROR_NOT_ENOUGH_SPACE )
{
AZLogError( ( "[JWS] Decode buffer was too small: %i bytes", azureiotjwsSHA256_SIZE ) );
}
return eAzureIoTErrorFailed;
}
if( pxManifestContext->outParsedManifestShaSize != azureiotjwsSHA256_SIZE )
{
AZLogError( ( "[JWS] Base64 decoded SHA256 is not the correct length | expected: %i | actual: %i", azureiotjwsSHA256_SIZE, ( int16_t ) pxManifestContext->outParsedManifestShaSize ) );
return eAzureIoTErrorFailed;
}
int32_t lComparisonResult = memcmp( pxManifestContext->ucManifestSHACalculation, pxManifestContext->ucParsedManifestSha, azureiotjwsSHA256_SIZE );
if( lComparisonResult != 0 )
{
AZLogError( ( "[JWS] Calculated manifest SHA does not match SHA in payload" ) );
return eAzureIoTErrorFailed;
}
else
{
AZLogInfo( ( "[JWS] Calculated manifest SHA matches parsed SHA" ) );
}
return eAzureIoTSuccess;
}