Cryptography Reference
In-Depth Information
Although they are both for different algorithms — one for ECDSA, and the
other for ECDH — the key itself is the same in both cases; a curve followed
by a point on that curve. Both functions only accept named curves, although
an option is defi ned in the specifi cation to accept explicit curves. Of course,
the public key parsing routine in the certifi cate code is looking for an OID.
TLS has a simpler means of naming curves — each one is assigned a unique
two-byte identifi er. At present, only 25 are defi ned, but expect more to be
defi ned over time.
The curve itself, whether presented by name or explicitly, is followed by the
point that identifi es the public key. This is encoded in the exact same ANSI X9.62
format that the certifi cate is coded in — one byte compressed/uncompressed
marker, with the remaining bytes split in half between
x
and
y
.
Finally, the whole parameter list — the curve specifi cation and the public
key point — are signed using the certifi cate's private key, and the signature
follows the server key exchange parameters. This whole thing is passed into
verify_signature
. In the case of ECDSA, just like DSA, the signature is two
values
r
and
s
, encoded in ASN.1 DER format. Because an ECDSA signature
looks just like a DSA signature, you can reuse a lot of the code from Listing 8-26
to verify an ECDSA signature, as shown in Listing 9-41.
Listing 9-41:
“tls.c” verify_signature with ECDSA support
int verify_signature( unsigned char *message,
int message_len,
unsigned char *signature,
int signature_len,
TLSParameters *parameters )
{
…
else if ( ( parameters->server_public_key.algorithm == dsa ) ||
( parameters->server_public_key.algorithm == ecdsa ) )
{
int verified;
…
asn1free( &decoded_signature );
if ( parameters->server_public_key.algorithm == dsa )
{
verified = dsa_verify( ¶meters->server_public_key.dsa_parameters,
¶meters->server_public_key.dsa_public_key,
( unsigned char * ) sha_digest.hash,
SHA1_BYTE_SIZE,
&received_signature );
}
else
{
digest_ctx sha256_digest;
(Continued)
Search WWH ::
Custom Search