Cryptography Reference
In-Depth Information
unsigned char *signature,
int signature_len,
TLSParameters *parameters )
{
// This is needed for RSA or DSA
digest_ctx sha1_digest;
new_sha1_digest( &sha1_digest );
update_digest( &sha1_digest, parameters->client_random, RANDOM_LENGTH );
update_digest( &sha1_digest, parameters->server_random, RANDOM_LENGTH );
update_digest( &sha1_digest, message, message_len );
finalize_digest( &sha1_digest );
if ( parameters->server_public_key.algorithm == rsa )
{
unsigned char *decrypted_signature;
int decrypted_signature_length;
digest_ctx md5_digest;
decrypted_signature_length = rsa_decrypt( signature, signature_len,
&decrypted_signature,
&parameters->server_public_key.rsa_public_key );
// If the signature algorithm is RSA, this will be the md5 hash, followed by
// the sha-1 hash of: client random, server random, params).
// If DSA, this will just be the sha-1 hash
new_md5_digest( &md5_digest );
update_digest( &md5_digest, parameters->client_random, RANDOM_LENGTH );
update_digest( &md5_digest, parameters->server_random, RANDOM_LENGTH );
update_digest( &md5_digest, message, message_len );
finalize_digest( &md5_digest );
if ( memcmp( md5_digest.hash, decrypted_signature, MD5_BYTE_SIZE ) ||
memcmp( sha1_digest.hash, decrypted_signature + MD5_BYTE_SIZE,
SHA1_BYTE_SIZE ) )
{
return 0;
}
free( decrypted_signature );
}
else if ( parameters->server_public_key.algorithm == dsa )
{
struct asn1struct decoded_signature;
dsa_signature received_signature;
asn1parse( signature, signature_len, &decoded_signature );
set_huge( &received_signature.r, 0 );
set_huge( &received_signature.s, 0 );
load_huge( &received_signature.r, decoded_signature.children->data,
decoded_signature.children->length );
Previous Page
Next Page
Implementing SSL/TLS Using Cryptography and PKI
Search WWH ::




Custom Search
Home