in TPM Parser/Tpm2Lib/CryptoAsym.cs [403:464]
private bool VerifySignature(byte[] data, bool dataIsDigest, ISignatureUnion signature, TpmAlgId sigHash)
{
var rsaParams = PublicParms.parameters as RsaParms;
if (rsaParams != null)
{
var sig = signature as SignatureRsa;
TpmAlgId sigScheme = sig.GetUnionSelector();
TpmAlgId keyScheme = rsaParams.scheme.GetUnionSelector();
if (keyScheme != TpmAlgId.Null && keyScheme != sigScheme)
{
Globs.Throw<ArgumentException>("Key scheme and signature scheme do not match");
return false;
}
if (sigHash == TpmAlgId.Null)
{
sigHash = (rsaParams.scheme as SchemeHash).hashAlg;
}
if (sigHash != sig.hash)
{
Globs.Throw<ArgumentException>("Key scheme hash and signature scheme hash do not match");
return false;
}
byte[] digest = dataIsDigest ? data : CryptoLib.HashData(sigHash, data);
if (sigScheme == TpmAlgId.Rsassa)
{
return CryptographicEngine.VerifySignatureWithHashInput(Key, CryptographicBuffer.CreateFromByteArray(digest), CryptographicBuffer.CreateFromByteArray(sig.sig));
}
if (sigScheme == TpmAlgId.Rsapss)
{
Globs.Throw<ArgumentException>("VerifySignature(): PSS scheme is not supported");
return false;
}
Globs.Throw<ArgumentException>("VerifySignature(): Unrecognized scheme");
return false;
}
var eccParms = PublicParms.parameters as EccParms;
if (eccParms != null)
{
if (eccParms.scheme.GetUnionSelector() != TpmAlgId.Ecdsa)
{
Globs.Throw<ArgumentException>("Unsupported ECC sig scheme");
return false;
}
if (sigHash == TpmAlgId.Null)
{
sigHash = (eccParms.scheme as SigSchemeEcdsa).hashAlg;
}
byte[] digest = dataIsDigest ? data : CryptoLib.HashData(sigHash, data);
var sig = signature as SignatureEcdsa;
byte[] sigBlob = Globs.Concatenate(sig.signatureR, sig.signatureS);
return CryptographicEngine.VerifySignatureWithHashInput(Key, CryptographicBuffer.CreateFromByteArray(digest), CryptographicBuffer.CreateFromByteArray(sigBlob));
}
// Should never be here
Globs.Throw("VerifySignature: Unrecognized asymmetric algorithm");
return false;
} // VerifySignature()