Cryptography Reference
In-Depth Information
unsigned int *hash; // hash code of tbsCertificate
int hash_len;
signatureAlgorithmIdentifier algorithm;
huge rsa_signature_value;
dsa_signature dsa_signature_value;
}
signed_x509_certificate;
Notice that no attempt was made to have the DSA and RSA public keys or
signatures share the same memory space. An RSA public key is two distinct
numbers e and n , whereas a DSA public key is a single number y . DSA also
defi nes parameters whereas RSA does not. Conversely, a DSA signature is two
distinct numbers r and s , whereas an RSA signature is a single number. There's
just no commonality there. If you want to be a stickler for space optimization,
you could force the declarations of these structures to include a single signature
and public key element, but the code that interpreted them would be such a
mess it would hardly be worth it. Here, one or the other is left empty, and it is
up to the invoker to check the algorithm value to determine which to ignore.
Of course, you need to modify the parse_algorithm_identifier routine to
recognize DSA; there's no MD5 with DSA, so there's only one new algorithm
to identify in Listing 5-30.
Listing 5-30: “x509.c” parse_algorithm_identifi er with DSA support
static const unsigned char OID_sha1WithRSA[] =
{ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05 };
static const unsigned char OID_sha1WithDSA[] =
{ 0x2A, 0x86, 0x48, 0xCE, 0x38, 0x04, 0x03 };
static int parse_algorithm_identifier( signatureAlgorithmIdentifier *target,
struct asn1struct *source )
{
}
else if ( !memcmp( oid->data, OID_sha1WithDSA, oid->length ) )
{
*target = shaWithDSA;
}
else
{
The top-level parse_x509_certificate function must likewise invoke a dif-
ferent routine to parse the signature value depending on the signature algorithm
as shown in Listing 5-31.
Listing 5-31: “x509.c” parse_x509_certifi cate with DSA support
int parse_x509_certificate( const unsigned char *buffer,
const unsigned int certificate_length,
(Continued)
Search WWH ::




Custom Search