bool EncryptedCertificate::attemptVerification(const RsaPublicKey& key){
QByteArray srdash = key.perform(sign);
if(srdash.size() != 128 || srdash.at(0) != 0x6A || (unsigned char)srdash[127] != 0xBC) return false;
QByteArray crdash = srdash.mid(1, 106);
QByteArray hdash = srdash.mid(107, 20);
QByteArray cdash = crdash.append(cndash.toQByteArray()); // implicitly shared, but we do not need crdash anymore
if(!checkSha1(cdash, hdash)) return false;
decryptedCertificate = QSharedPointer<DecryptedCertificate>(new DecryptedCertificate(DataPointer(cdash)));
return true;
}
bool EncryptedCertificate::checkSignature(const RawData& signedData, const RawData& signature) const{
if(!isVerified()) return false;
QByteArray srdash = decryptedCertificate->rsaPublicKey.perform(signature);
QByteArray hdash = srdash.mid(107, 20);
if(!checkSha1(signedData, hdash)) return false;
const unsigned char der[] = { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b,
0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };
for(int j = 0; j < 15; ++j)
if((unsigned char)srdash.at(92 + j) != der[j]) return false;
for(int j = 1; j < 91; ++j)
if((unsigned char)srdash.at(j) != 0xff) return false;
//not checking the first two, l207 p.251 says 0x00, 0x01,
//but the files actually contain 0x01, 0xff
return true;
}
int main(int argc, char **argv) {
checkMD5();
printf("-----\n");
checkSha1();
return 0;
}
