Cryptography Reference
In-Depth Information
Listing 5-24:
“x509.c” parse_signature_value
static int parse_signature_value( signed_x509_certificate *target,
struct asn1struct *source )
{
parse_huge( &target->signature_value, source );
contract( &target->signature_value );
return 0;
}
Signature Verifi cation
You'r e not
quite
done yet. Remember that you also have to be able to verify this
signature; just ensuring that it's there isn't enough. You must also check that
it is a proper digital signature of the hash of the
tbsCertificate
bytes. So,
after parsing the entire certifi cate, you must hash it and store the hash for later
inspection. Extend
parse_x509_certificate
to do so as shown in Listing 5-25.
Listing 5-25:
“x509.c” parse_x509_certifi cate with stored hash
typedef struct
{
x509_certificate tbsCertificate;
unsigned int *hash; // hash code of tbsCertificate
int hash_len;
signatureAlgorithmIdentifier algorithm;
huge signature_value;
}
signed_x509_certificate;
int parse_x509_certificate( const unsigned char *buffer,
const unsigned int certificate_length,
signed_x509_certificate *parsed_certificate )
{
struct asn1struct certificate;
struct asn1struct *tbsCertificate;
struct asn1struct *algorithmIdentifier;
struct asn1struct *signatureValue;
digest_ctx digest;
…
switch ( parsed_certificate->algorithm )
{
case md5WithRSAEncryption:
new_md5_digest( &digest );
break;
case shaWithRSAEncryption:
new_sha1_digest( &digest );
break;
default:
(Continued)
Search WWH ::
Custom Search