/* verifies if the certificate is properly signed.
* returns 0 on failure and 1 on success.
*
* 'tbs' is the signed data
* 'signature' is the signature!
*/
int
_gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs,
const gnutls_datum_t * signature,
gnutls_x509_privkey_t issuer)
{
int ret;
ret = verify_sig (tbs, NULL, signature, issuer->pk_algorithm,
issuer->params, issuer->params_size);
if (ret < 0)
{
gnutls_assert ();
}
return ret;
}
int main()
{
EVP_PKEY * priv_key = 0;
EVP_PKEY * pub_key = 0;
char * data = "Hello World";
int data_len = strlen(data);
unsigned char * sig = 0;
int sig_len = 0;
gen_keys( "priv.pem", "pub.pem" );
priv_key = load_private_key( "priv.pem" );
pub_key = load_public_key2( "pub.pem" );
if (!priv_key || !pub_key)
{
printf("failed to load keys\n");
return 1;
}
sig = sign_it( priv_key, EVP_sha1(), data, data_len, &sig_len );
if (!sig)
{
printf("Failed to generate signature\n");
return 1;
}
if ( verify_sig( pub_key, EVP_sha1(), data, data_len, sig, sig_len ) )
printf("Signature matches!!\n");
else
printf("*** SIG FAILED ***\n");
free(sig);
EVP_PKEY_free (priv_key);
EVP_PKEY_free (pub_key);
return 0;
}
/* verifies if the certificate is properly signed.
* returns 0 on failure and 1 on success.
*
* 'tbs' is the signed data
* 'signature' is the signature!
*/
int
_gnutls_x509_verify_signature (const gnutls_datum_t * tbs,
const gnutls_datum_t * hash,
const gnutls_datum_t * signature,
gnutls_x509_crt_t issuer)
{
bigint_t issuer_params[MAX_PUBLIC_PARAMS_SIZE];
int ret, issuer_params_size, i;
/* Read the MPI parameters from the issuer's certificate.
*/
issuer_params_size = MAX_PUBLIC_PARAMS_SIZE;
ret =
_gnutls_x509_crt_get_mpis (issuer, issuer_params, &issuer_params_size);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
ret =
verify_sig (tbs, hash, signature,
gnutls_x509_crt_get_pk_algorithm (issuer, NULL),
issuer_params, issuer_params_size);
if (ret < 0)
{
gnutls_assert ();
}
/* release all allocated MPIs
*/
for (i = 0; i < issuer_params_size; i++)
{
_gnutls_mpi_release (&issuer_params[i]);
}
return ret;
}
