Cryptography Reference
In-Depth Information
copy_huge( &server_public_key->ecdsa_curve.n,
&certificate.tbsCertificate.subjectPublicKeyInfo.ecdsa_curve.n );
copy_huge( &server_public_key->ecdsa_public_key.x,
&certificate.tbsCertificate.subjectPublicKeyInfo.ecdsa_public_key.x );
copy_huge( &server_public_key->ecdsa_public_key.y,
&certificate.tbsCertificate.subjectPublicKeyInfo.ecdsa_public_key.y );
break;
…
What about the ECDSA signature itself? Actually, there's no special handling
there; an ECDSA signature is two numbers,
r
and
s
, just like a DSA signature.
There's no need for a special handler. Modify
parse_x509_certificate
to
recognize this case as shown in Listing 9-37.
Listing 9-37:
“x509.c” parse_x509_certifi cate with ECDSA signatures
int parse_x509_certificate( const unsigned char *buffer,
const unsigned int certificate_length,
signed_x509_certificate *parsed_certificate )
{
…
switch ( parsed_certificate->algorithm )
{
case md5WithRSAEncryption:
case shaWithRSAEncryption:
if ( parse_rsa_signature_value( parsed_certificate, signatureValue ) )
{
return 42;
}
break;
case shaWithDSA:
case sha256WithECDSA:
if ( parse_dsa_signature_value( parsed_certificate, signatureValue ) )
{
return 42;
}
break;
…
switch ( parsed_certificate->algorithm )
{
…
case sha256WithECDSA:
new_sha256_digest( &digest );
break;
Remember that there's no particular reason that a certifi cate containing
an ECDSA public key must be signed using ECDSA. In fact, it's likely that a
Search WWH ::
Custom Search