Align sig alg checks in X509Certificate, X509Crl

peterdettman · peterdettman · commit 8e43e0440c06 · 2024-01-19T10:35:58.000+07:00
diff --git a/crypto/src/x509/X509Certificate.cs b/crypto/src/x509/X509Certificate.cs
@@ -717,7 +717,7 @@ protected virtual bool CheckSignatureValid(IVerifierFactory verifier)
         {
             var tbsCertificate = c.TbsCertificate;
 
-            if (!IsAlgIDEqual(c.SignatureAlgorithm, tbsCertificate.Signature))
+            if (!X509SignatureUtilities.AreEquivalentAlgorithms(c.SignatureAlgorithm, tbsCertificate.Signature))
                 throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
 
             return X509Utilities.VerifySignature(verifier, tbsCertificate, c.Signature);
@@ -748,22 +748,5 @@ private static AsymmetricKeyParameter CreatePublicKey(X509CertificateStructure c
         {
             return PublicKeyFactory.CreateKey(c.SubjectPublicKeyInfo);
         }
-
-        private static bool IsAlgIDEqual(AlgorithmIdentifier id1, AlgorithmIdentifier id2)
-        {
-            if (!id1.Algorithm.Equals(id2.Algorithm))
-                return false;
-
-            Asn1Encodable p1 = id1.Parameters;
-            Asn1Encodable p2 = id2.Parameters;
-
-            if ((p1 == null) == (p2 == null))
-                return Objects.Equals(p1, p2);
-
-            // Exactly one of p1, p2 is null at this point
-            return p1 == null
-                ? p2.ToAsn1Object() is Asn1Null
-                : p1.ToAsn1Object() is Asn1Null;
-        }
     }
-}
+}
diff --git a/crypto/src/x509/X509Crl.cs b/crypto/src/x509/X509Crl.cs
@@ -181,8 +181,7 @@ protected virtual bool CheckSignatureValid(IVerifierFactory verifier)
         {
             var tbsCertList = c.TbsCertList;
 
-            // TODO Compare IsAlgIDEqual in X509Certificate.CheckSignature
-            if (!c.SignatureAlgorithm.Equals(tbsCertList.Signature))
+            if (!X509SignatureUtilities.AreEquivalentAlgorithms(c.SignatureAlgorithm, tbsCertList.Signature))
                 throw new CrlException("Signature algorithm on CertificateList does not match TbsCertList.");
 
 			return X509Utilities.VerifySignature(verifier, tbsCertList, c.Signature);
diff --git a/crypto/src/x509/X509SignatureUtil.cs b/crypto/src/x509/X509SignatureUtil.cs
@@ -12,7 +12,25 @@ namespace Org.BouncyCastle.X509
 {
     internal class X509SignatureUtilities
 	{
-		internal static string GetSignatureName(AlgorithmIdentifier sigAlgID)
+        internal static bool AreEquivalentAlgorithms(AlgorithmIdentifier id1, AlgorithmIdentifier id2)
+        {
+            if (!id1.Algorithm.Equals(id2.Algorithm))
+                return false;
+
+            Asn1Encodable p1 = id1.Parameters;
+            Asn1Encodable p2 = id2.Parameters;
+
+            if (p1 == p2)
+                return true;
+            if (p1 == null)
+                return p2.ToAsn1Object() is Asn1Null;
+            if (p2 == null)
+                return p1.ToAsn1Object() is Asn1Null;
+
+            return p1.Equals(p2);
+        }
+
+        internal static string GetSignatureName(AlgorithmIdentifier sigAlgID)
 		{
 			DerObjectIdentifier sigAlgOid = sigAlgID.Algorithm;
 			Asn1Encodable parameters = sigAlgID.Parameters;
@@ -87,5 +105,5 @@ private static string GetDigestAlgName(DerObjectIdentifier digestAlgOID)
 				return digestAlgOID.GetID();
 			}
 		}
-	}
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -181,8 +181,7 @@ protected virtual bool CheckSignatureValid(IVerifierFactory verifier)`
`181`	`181`	`{`
`182`	`182`	`var tbsCertList = c.TbsCertList;`
`183`	`183`
`184`		`- // TODO Compare IsAlgIDEqual in X509Certificate.CheckSignature`
`185`		`- if (!c.SignatureAlgorithm.Equals(tbsCertList.Signature))`
	`184`	`+ if (!X509SignatureUtilities.AreEquivalentAlgorithms(c.SignatureAlgorithm, tbsCertList.Signature))`
`186`	`185`	`throw new CrlException("Signature algorithm on CertificateList does not match TbsCertList.");`
`187`	`186`
`188`	`187`	`return X509Utilities.VerifySignature(verifier, tbsCertList, c.Signature);`
Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,25 @@ namespace Org.BouncyCastle.X509`
`12`	`12`	`{`
`13`	`13`	`internal class X509SignatureUtilities`
`14`	`14`	`{`
`15`		`- internal static string GetSignatureName(AlgorithmIdentifier sigAlgID)`
	`15`	`+ internal static bool AreEquivalentAlgorithms(AlgorithmIdentifier id1, AlgorithmIdentifier id2)`
	`16`	`+ {`
	`17`	`+ if (!id1.Algorithm.Equals(id2.Algorithm))`
	`18`	`+ return false;`
	`19`	`+`
	`20`	`+ Asn1Encodable p1 = id1.Parameters;`
	`21`	`+ Asn1Encodable p2 = id2.Parameters;`
	`22`	`+`
	`23`	`+ if (p1 == p2)`
	`24`	`+ return true;`
	`25`	`+ if (p1 == null)`
	`26`	`+ return p2.ToAsn1Object() is Asn1Null;`
	`27`	`+ if (p2 == null)`
	`28`	`+ return p1.ToAsn1Object() is Asn1Null;`
	`29`	`+`
	`30`	`+ return p1.Equals(p2);`
	`31`	`+ }`
	`32`	`+`
	`33`	`+ internal static string GetSignatureName(AlgorithmIdentifier sigAlgID)`
`16`	`34`	`{`
`17`	`35`	`DerObjectIdentifier sigAlgOid = sigAlgID.Algorithm;`
`18`	`36`	`Asn1Encodable parameters = sigAlgID.Parameters;`
`@@ -87,5 +105,5 @@ private static string GetDigestAlgName(DerObjectIdentifier digestAlgOID)`
`87`	`105`	`return digestAlgOID.GetID();`
`88`	`106`	`}`
`89`	`107`	`}`
`90`		`- }`
	`108`	`+ }`
`91`	`109`	`}`