Cryptography Reference
In-Depth Information
switch ( certificate->algorithm )
{
…
case shaWithDSA:
printf( “\n\tr:” );
print_huge( &certificate->dsa_signature_value.r );
printf( “\ts:” );
print_huge( &certificate->dsa_signature_value.s );
break;
}
Finally, extend the test main routine in Listing 5-36 to attempt a self-signature
validation if the signature algorithm is DSA.
Listing 5-36:
“x509.c” main routine
int main( int argc, char *argv[ ] )
{
…
switch ( certificate.algorithm )
{
...
case shaWithDSA:
if ( validate_certificate_dsa( &certificate ) )
{
printf( “Certificate is a valid self-signed certificate.\n” );
}
else
{
printf( “Certificate is corrupt or not self-signed.\n” );
}
DSA certifi cate validation is actually simpler than RSA certifi cate validation
because the signature value is not an encrypted ASN.1 DER-encoded structure
like RSA's; the DSA signature algorithm doesn't allow this. It also doesn't allow
the algorithm OID to be embedded in the signature value the way RSA does,
though. The validation is shown in Listing 5-37.
Listing 5-37:
“x509.c” validate_certifi cate_dsa
static int validate_certificate_dsa( signed_x509_certificate *certificate )
{
return dsa_verify(
&certificate->tbsCertificate.subjectPublicKeyInfo.dsa_parameters,
&certificate->tbsCertificate.subjectPublicKeyInfo.dsa_public_key,
certificate->hash,
certificate->hash_len * 4,
&certificate->dsa_signature_value );
}
Search WWH ::
Custom Search