diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2024-01-19 10:35:58 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2024-01-19 10:35:58 +0700 |
| commit | 8e43e0440c06bf8cacabc6879439c9a75475bcb5 (patch) | |
| tree | 498e5763229d53a9c6eac0f9558ba03ca08ad250 | |
| parent | Lazy creation of SigAlgName (diff) | |
| download | BouncyCastle.NET-ed25519-8e43e0440c06bf8cacabc6879439c9a75475bcb5.tar.xz | |
Align sig alg checks in X509Certificate, X509Crl
| -rw-r--r-- | crypto/src/x509/X509Certificate.cs | 21 | ||||
| -rw-r--r-- | crypto/src/x509/X509Crl.cs | 3 | ||||
| -rw-r--r-- | crypto/src/x509/X509SignatureUtil.cs | 22 |
3 files changed, 23 insertions, 23 deletions
diff --git a/crypto/src/x509/X509Certificate.cs b/crypto/src/x509/X509Certificate.cs index 316eaad99..572acb2c7 100644 --- a/crypto/src/x509/X509Certificate.cs +++ b/crypto/src/x509/X509Certificate.cs @@ -717,7 +717,7 @@ namespace Org.BouncyCastle.X509 { var tbsCertificate = c.TbsCertificate; - if (!IsAlgIDEqual(c.SignatureAlgorithm, tbsCertificate.Signature)) + if (!X509SignatureUtilities.AreEquivalentAlgorithms(c.SignatureAlgorithm, tbsCertificate.Signature)) throw new CertificateException("signature algorithm in TBS cert not same as outer cert"); return X509Utilities.VerifySignature(verifier, tbsCertificate, c.Signature); @@ -748,22 +748,5 @@ namespace Org.BouncyCastle.X509 { return PublicKeyFactory.CreateKey(c.SubjectPublicKeyInfo); } - - private static bool IsAlgIDEqual(AlgorithmIdentifier id1, AlgorithmIdentifier id2) - { - if (!id1.Algorithm.Equals(id2.Algorithm)) - return false; - - Asn1Encodable p1 = id1.Parameters; - Asn1Encodable p2 = id2.Parameters; - - if ((p1 == null) == (p2 == null)) - return Objects.Equals(p1, p2); - - // Exactly one of p1, p2 is null at this point - return p1 == null - ? p2.ToAsn1Object() is Asn1Null - : p1.ToAsn1Object() is Asn1Null; - } } -} \ No newline at end of file +} diff --git a/crypto/src/x509/X509Crl.cs b/crypto/src/x509/X509Crl.cs index 9c3e0fd03..fec33f09c 100644 --- a/crypto/src/x509/X509Crl.cs +++ b/crypto/src/x509/X509Crl.cs @@ -181,8 +181,7 @@ namespace Org.BouncyCastle.X509 { var tbsCertList = c.TbsCertList; - // TODO Compare IsAlgIDEqual in X509Certificate.CheckSignature - if (!c.SignatureAlgorithm.Equals(tbsCertList.Signature)) + if (!X509SignatureUtilities.AreEquivalentAlgorithms(c.SignatureAlgorithm, tbsCertList.Signature)) throw new CrlException("Signature algorithm on CertificateList does not match TbsCertList."); return X509Utilities.VerifySignature(verifier, tbsCertList, c.Signature); diff --git a/crypto/src/x509/X509SignatureUtil.cs b/crypto/src/x509/X509SignatureUtil.cs index 307d5a527..635e7d70b 100644 --- a/crypto/src/x509/X509SignatureUtil.cs +++ b/crypto/src/x509/X509SignatureUtil.cs @@ -12,7 +12,25 @@ namespace Org.BouncyCastle.X509 { internal class X509SignatureUtilities { - internal static string GetSignatureName(AlgorithmIdentifier sigAlgID) + internal static bool AreEquivalentAlgorithms(AlgorithmIdentifier id1, AlgorithmIdentifier id2) + { + if (!id1.Algorithm.Equals(id2.Algorithm)) + return false; + + Asn1Encodable p1 = id1.Parameters; + Asn1Encodable p2 = id2.Parameters; + + if (p1 == p2) + return true; + if (p1 == null) + return p2.ToAsn1Object() is Asn1Null; + if (p2 == null) + return p1.ToAsn1Object() is Asn1Null; + + return p1.Equals(p2); + } + + internal static string GetSignatureName(AlgorithmIdentifier sigAlgID) { DerObjectIdentifier sigAlgOid = sigAlgID.Algorithm; Asn1Encodable parameters = sigAlgID.Parameters; @@ -87,5 +105,5 @@ namespace Org.BouncyCastle.X509 return digestAlgOID.GetID(); } } - } + } } |