/* verifies if the certificate is properly signed. * returns 0 on failure and 1 on success. * * 'tbs' is the signed data * 'signature' is the signature! */ int _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs, const gnutls_datum_t * signature, gnutls_x509_privkey_t issuer) { int ret; ret = verify_sig (tbs, NULL, signature, issuer->pk_algorithm, issuer->params, issuer->params_size); if (ret < 0) { gnutls_assert (); } return ret; }
int main() { EVP_PKEY * priv_key = 0; EVP_PKEY * pub_key = 0; char * data = "Hello World"; int data_len = strlen(data); unsigned char * sig = 0; int sig_len = 0; gen_keys( "priv.pem", "pub.pem" ); priv_key = load_private_key( "priv.pem" ); pub_key = load_public_key2( "pub.pem" ); if (!priv_key || !pub_key) { printf("failed to load keys\n"); return 1; } sig = sign_it( priv_key, EVP_sha1(), data, data_len, &sig_len ); if (!sig) { printf("Failed to generate signature\n"); return 1; } if ( verify_sig( pub_key, EVP_sha1(), data, data_len, sig, sig_len ) ) printf("Signature matches!!\n"); else printf("*** SIG FAILED ***\n"); free(sig); EVP_PKEY_free (priv_key); EVP_PKEY_free (pub_key); return 0; }
/* verifies if the certificate is properly signed. * returns 0 on failure and 1 on success. * * 'tbs' is the signed data * 'signature' is the signature! */ int _gnutls_x509_verify_signature (const gnutls_datum_t * tbs, const gnutls_datum_t * hash, const gnutls_datum_t * signature, gnutls_x509_crt_t issuer) { bigint_t issuer_params[MAX_PUBLIC_PARAMS_SIZE]; int ret, issuer_params_size, i; /* Read the MPI parameters from the issuer's certificate. */ issuer_params_size = MAX_PUBLIC_PARAMS_SIZE; ret = _gnutls_x509_crt_get_mpis (issuer, issuer_params, &issuer_params_size); if (ret < 0) { gnutls_assert (); return ret; } ret = verify_sig (tbs, hash, signature, gnutls_x509_crt_get_pk_algorithm (issuer, NULL), issuer_params, issuer_params_size); if (ret < 0) { gnutls_assert (); } /* release all allocated MPIs */ for (i = 0; i < issuer_params_size; i++) { _gnutls_mpi_release (&issuer_params[i]); } return ret; }