MultiPrime

Note: If the algorithm object was not set to AI_MD5WithRSAEncryption, AI_MD2WithRSAEncryption, AI_SHA1WithRSAEncryption, or their BER counterparts, you cannot use B_VerifyInit.

Step 4: Update

Use B_VerifyUpdate to digest the data that was signed. Its prototype is in Chapter 4 of the Reference Manual. Unless there is an extraordinarily large amount of data (for example, a megabyte), B_VerifyUpdate is quick and a NULL_PTR for the surrender context should be no problem. Assuming that you have the same input data and you know its length, your call is the following:

if ((status = B_VerifyUpdate (digitalVerifier, inputData, inputDataLen, (A_SURRENDER_CTX *)NULL_PTR)) != 0)

break;

Step 5: Final

B_VerifyUpdate digested the data. Decrypt the signature and compare the result to the digest with B_VerifyFinal. The Reference Manual Chapter 2 entry on AI_SHA1WithRSAEncryption states that “You may pass (B_ALGORITHM_OBJ)NULL_PTR for all randomAlgorithm arguments.” This function does not return immediately, so use a surrender context:

/* generalFlag is for the surrender function. */ generalFlag = 0;

if ((status = B_VerifyFinal (digitalVerifier, signature, signatureLen, (B_ALGORITHM_OBJ)NULL_PTR, &generalSurrenderContext)) != 0)

break;

The return value will be 0 if the signature verifies, nonzero if it does not. Of course, a nonzero return value may indicate some other error, so check any error return against the Crypto-C Error Types, in Appendix A of the Reference Manual.

2 3 8

R S A B S A F E C r y p t o - C D e v e l o p e r ’s G u i d e

Page 260
Image 260
RSA Security 5.2.2 manual Update