Pretty sure wp_check_password() is not meant to be used the way you’re using it.
From the looks of the documentation, and as far as I can tell by looking at the source, this function is only meant to compare the plaintext password you provide against the hash you provide–not to check whether a particular user’s stored password matches the passed creds. (The user id param is misleading–it has to do with converting a user’s existing password form one kind of hash to another when necessary, I believe. But I’m not 100% sure).
In any case, you don’t need to do any of this checking manually. The wp_signon() function will itself will check the creds, and if they’re correct it’ll log the user in and pass back a valid user object. If the creds aren’t right, it’ll pass back an error object.