-
Notifications
You must be signed in to change notification settings - Fork 647
/
verification.go
38 lines (32 loc) · 945 Bytes
/
verification.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
// Copyright (C) 2019-2023, Ava Labs, Inc. All rights reserved.
// See the file LICENSE for licensing terms.
package staking
import (
"crypto/rsa"
"crypto/x509"
"errors"
"fmt"
)
// MaxRSAKeyBitlen is the maximum RSA key size in bits that we are willing to
// parse.
const MaxRSAKeyBitlen = 8192
var (
ErrInvalidPublicKeyType = errors.New("invalid public key type")
ErrInvalidPublicKey = errors.New("invalid public key")
)
func CheckSignature(cert *x509.Certificate, message []byte, signature []byte) error {
if cert.PublicKeyAlgorithm == x509.RSA {
pk, ok := cert.PublicKey.(*rsa.PublicKey)
if !ok {
return fmt.Errorf("%w: %T", ErrInvalidPublicKeyType, cert.PublicKey)
}
if bitlen := pk.N.BitLen(); bitlen > MaxRSAKeyBitlen {
return fmt.Errorf("%w: bitlen=%d > maxBitlen=%d", ErrInvalidPublicKey, bitlen, MaxRSAKeyBitlen)
}
}
return cert.CheckSignature(
cert.SignatureAlgorithm,
message,
signature,
)
}