Commit c1e14503 authored by Niels Möller's avatar Niels Möller

(spki_verify): Take a struct spki_hash_value as

argument.

Rev: src/spki/certificate.h:1.23
Rev: src/spki/verify.c:1.2
parent 5cbaf813
...@@ -34,8 +34,9 @@ ...@@ -34,8 +34,9 @@
#include <time.h> #include <time.h>
/* Real declaration in parse.h */ /* Real declarations in parse.h */
struct spki_iterator; struct spki_iterator;
struct spki_hash_value;
/* Real declaration in tag.c */ /* Real declaration in tag.c */
struct spki_tag; struct spki_tag;
...@@ -274,8 +275,7 @@ spki_5_tuple_reduce(struct spki_acl_db *db, ...@@ -274,8 +275,7 @@ spki_5_tuple_reduce(struct spki_acl_db *db,
/* Signature verification */ /* Signature verification */
int int
spki_verify(void *ctx, spki_verify(void *ctx,
enum spki_type digest_type, const struct spki_hash_value *hash,
const uint8_t *digest,
struct spki_principal *principal, struct spki_principal *principal,
struct spki_iterator *signature); struct spki_iterator *signature);
......
...@@ -89,8 +89,7 @@ spki_verify_dsa(const uint8_t *digest, ...@@ -89,8 +89,7 @@ spki_verify_dsa(const uint8_t *digest,
int int
spki_verify(void *ctx UNUSED, spki_verify(void *ctx UNUSED,
enum spki_type digest_type, const struct spki_hash_value *hash,
const uint8_t *digest,
struct spki_principal *principal, struct spki_principal *principal,
struct spki_iterator *signature) struct spki_iterator *signature)
{ {
...@@ -112,17 +111,19 @@ spki_verify(void *ctx UNUSED, ...@@ -112,17 +111,19 @@ spki_verify(void *ctx UNUSED,
switch (spki_parse_type(&key)) switch (spki_parse_type(&key))
{ {
case SPKI_TYPE_RSA_PKCS1_MD5: case SPKI_TYPE_RSA_PKCS1_MD5:
return (digest_type == SPKI_TYPE_MD5 return (hash->type == SPKI_TYPE_MD5
&& hash->length == MD5_DIGEST_SIZE
&& signature_type == SPKI_TYPE_RSA_PKCS1_MD5 && signature_type == SPKI_TYPE_RSA_PKCS1_MD5
&& spki_verify_rsa(rsa_md5_verify_digest, && spki_verify_rsa(rsa_md5_verify_digest,
digest, hash->digest,
&key, signature)); &key, signature));
case SPKI_TYPE_RSA_PKCS1_SHA1: case SPKI_TYPE_RSA_PKCS1_SHA1:
return (digest_type == SPKI_TYPE_SHA1 return (hash->type == SPKI_TYPE_SHA1
&& hash->length == SHA1_DIGEST_SIZE
&& signature_type == SPKI_TYPE_RSA_PKCS1_SHA1 && signature_type == SPKI_TYPE_RSA_PKCS1_SHA1
&& spki_verify_rsa(rsa_sha1_verify_digest, && spki_verify_rsa(rsa_sha1_verify_digest,
digest, hash->digest,
&key, signature)); &key, signature));
#if 0 #if 0
case SPKI_TYPE_RSA_PKCS1: case SPKI_TYPE_RSA_PKCS1:
...@@ -143,8 +144,9 @@ spki_verify(void *ctx UNUSED, ...@@ -143,8 +144,9 @@ spki_verify(void *ctx UNUSED,
#endif #endif
case SPKI_TYPE_DSA_SHA1: case SPKI_TYPE_DSA_SHA1:
return (digest_type == SPKI_TYPE_SHA1 return (hash->type == SPKI_TYPE_SHA1
&& spki_verify_dsa(digest, &key, signature)); && hash->length == SHA1_DIGEST_SIZE
&& spki_verify_dsa(hash->digest, &key, signature));
default: default:
return 0; return 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment