Advanced SSL Topics - Implementing SSL/TLS Using Cryptography and PKI

Cryptography Reference

In-Depth Information

switch ( server_public_key->algorithm )

{

case rsa:

server_public_key->rsa_public_key.modulus =

( huge * ) malloc( sizeof( huge ) );

server_public_key->rsa_public_key.exponent =

( huge * ) malloc( sizeof( huge ) );

set_huge( server_public_key->rsa_public_key.modulus, 0 );

set_huge( server_public_key->rsa_public_key.exponent, 0 );

copy_huge( server_public_key->rsa_public_key.modulus,

certificate.tbsCertificate.subjectPublicKeyInfo.rsa_public_key.modulus

);

copy_huge( server_public_key->rsa_public_key.exponent,

certificate.tbsCertificate.subjectPublicKeyInfo.rsa_public_key.exponent

);

break;

case dsa:

set_huge( &server_public_key->dsa_parameters.g, 0 );

set_huge( &server_public_key->dsa_parameters.p, 0 );

set_huge( &server_public_key->dsa_parameters.q, 0 );

set_huge( &server_public_key->dsa_public_key, 0 );

copy_huge( &server_public_key->dsa_parameters.g,

&certificate.tbsCertificate.subjectPublicKeyInfo.dsa_parameters.g );

copy_huge( &server_public_key->dsa_parameters.p,

&certificate.tbsCertificate.subjectPublicKeyInfo.dsa_parameters.p );

copy_huge( &server_public_key->dsa_parameters.q,

&certificate.tbsCertificate.subjectPublicKeyInfo.dsa_parameters.q );

copy_huge( &server_public_key->dsa_public_key,

&certificate.tbsCertificate.subjectPublicKeyInfo.dsa_public_key );

break;

default:

// Diffie-Hellman certificates not supported in this implementation

break;

}

This just copies the relevant parts of the certifi cate's subjectPublicKeyInfo

values into the one in TLSParameters .

Modify verify_signature itself to verify a DSA signature when appropriate.

Recall from Chapter 4 that a DSA signature by its nature is computed over a

single hash value; you can't safely play games with concatenated hash values

using DSA like TLS does with RSA. The dsa_verify function of Listing 4-33 just

returns a true or false; you don't “decrypt” anything. Also, a DSA signature is

not just a single number; it is two numbers, r and s . To keep them straight, TLS

mandates that they be provided in ASN.1 DER-encoded form.

Modify verify_signature as shown in Listing 8-26 to verify DSA signatures

if the certifi cate contains a DSA public key.

Listing 8-26: “tls.c” verify_signature

static int verify_signature( unsigned char *message,

int message_len,

Implementing SSL/TLS Using Cryptography and PKI

Search WWH ::

Custom Search

Home