void rsatest()
{
const EVP_MD *sha256 = EVP_get_digestbyname("sha256");
if(!sha256){
fprintf(stderr,"SHA256 not available\n");
return;
}
printf("Now try signing with X.509 certificates and EVP\n");
char ptext[16];
memset(ptext,0,sizeof(ptext));
strcpy(ptext,"Simson");
unsigned char sig[1024];
uint32_t siglen = sizeof(sig);
BIO *bp = BIO_new_file("signing_key.pem","r");
EVP_MD_CTX md;
EVP_PKEY *pkey = PEM_read_bio_PrivateKey(bp,0,0,0);
EVP_SignInit(&md,sha256);
EVP_SignUpdate(&md,ptext,sizeof(ptext));
EVP_SignFinal(&md,sig,&siglen,pkey);
/* let's try to verify it */
bp = BIO_new_file("signing_cert.pem","r");
X509 *x = 0;
PEM_read_bio_X509(bp,&x,0,0);
EVP_PKEY *pubkey = X509_get_pubkey(x);
printf("pubkey=%p\n",pubkey);
EVP_VerifyInit(&md,sha256);
EVP_VerifyUpdate(&md,ptext,sizeof(ptext));
int r = EVP_VerifyFinal(&md,sig,siglen,pubkey);
printf("r=%d\n",r);
printf("do it again...\n");
EVP_VerifyInit(&md,sha256);
EVP_VerifyUpdate(&md,ptext,sizeof(ptext));
r = EVP_VerifyFinal(&md,sig,siglen,pubkey);
printf("r=%d\n",r);
printf("make a tiny change...\n");
ptext[0]='f';
EVP_VerifyInit(&md,sha256);
EVP_VerifyUpdate(&md,ptext,sizeof(ptext));
r = EVP_VerifyFinal(&md,sig,siglen,pubkey);
printf("r=%d\n",r);
}
/**
@fn int soap_smd_update(struct soap *soap, struct soap_smd_data *data, const char *buf, size_t len)
@brief Updates (signed) digest computation with message part.
@param soap context
@param[in,out] data smdevp engine context
@param[in] buf contains message part
@param[in] len of message part
@return SOAP_OK or SOAP_SSL_ERROR
*/
int
soap_smd_update(struct soap *soap, struct soap_smd_data *data, const char *buf, size_t len)
{ int ok = 1;
if (!data->ctx)
return soap_set_receiver_error(soap, "soap_smd_update() failed", "No context", SOAP_SSL_ERROR);
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- SMD Update alg=%x n=%lu (%p) --\n", data->alg, (unsigned long)len, data->ctx));
switch (data->alg & SOAP_SMD_ALGO)
{ case SOAP_SMD_HMAC:
HMAC_Update((HMAC_CTX*)data->ctx, (const unsigned char*)buf, len);
break;
case SOAP_SMD_DGST:
EVP_DigestUpdate((EVP_MD_CTX*)data->ctx, (const void*)buf, (unsigned int)len);
break;
case SOAP_SMD_SIGN:
ok = EVP_SignUpdate((EVP_MD_CTX*)data->ctx, (const void*)buf, (unsigned int)len);
break;
case SOAP_SMD_VRFY:
ok = EVP_VerifyUpdate((EVP_MD_CTX*)data->ctx, (const void*)buf, (unsigned int)len);
break;
}
DBGMSG(TEST, buf, len);
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--"));
/* check and return */
return soap_smd_check(soap, data, ok, "soap_smd_update() failed");
}
/** Low-level signature verification.
* \param key_count Number of keys in the \a keys array
* and number fo signatures in the \a sigs array.
* \param keys Array of keys. The keys must include public key data.
* \param sigs Array of signatures, as returned from gale_crypto_sign_raw().
* \param data Data to verify against signatures.
* \return Nonzero iff the all signatures are valid. */
int gale_crypto_verify_raw(int key_count,
const struct gale_group *keys,
const struct gale_data *sigs,
struct gale_data data)
{
int i,is_valid = 1;
EVP_MD_CTX *context = EVP_MD_CTX_new();
RSA *rsa;
EVP_VerifyInit(context,EVP_md5());
EVP_VerifyUpdate(context,data.p,data.l);
for (i = 0; is_valid && i < key_count; ++i) {
EVP_PKEY *key = EVP_PKEY_new();
EVP_PKEY_assign_RSA(key,RSA_new());
rsa = EVP_PKEY_get0_RSA(key);
crypto_i_rsa(keys[i],rsa);
if (!crypto_i_public_valid(rsa)) {
gale_alert(GALE_WARNING,G_("invalid public key"),0);
is_valid = 0;
goto cleanup;
}
if (!EVP_VerifyFinal(context,sigs[i].p,sigs[i].l,key)) {
crypto_i_error();
is_valid = 0;
goto cleanup;
}
cleanup:
EVP_PKEY_free(key);
}
return is_valid;
}
int oauth_verify_rsa_sha1 (const char *m, const char *c, const char *s) {
EVP_MD_CTX md_ctx;
EVP_PKEY *pkey;
BIO *in;
X509 *cert = NULL;
unsigned char *b64d;
int slen, err;
in = BIO_new_mem_buf((unsigned char*)c, strlen(c));
cert = PEM_read_bio_X509(in, NULL, 0, NULL);
if (cert) {
pkey = (EVP_PKEY *) X509_get_pubkey(cert);
X509_free(cert);
} else {
pkey = PEM_read_bio_PUBKEY(in, NULL, 0, NULL);
}
BIO_free(in);
if (pkey == NULL) {
//fprintf(stderr, "could not read cert/pubkey.\n");
return -2;
}
b64d= (unsigned char*) xmalloc(sizeof(char)*strlen(s));
slen = oauth_decode_base64(b64d, s);
EVP_VerifyInit(&md_ctx, EVP_sha1());
EVP_VerifyUpdate(&md_ctx, m, strlen(m));
err = EVP_VerifyFinal(&md_ctx, b64d, slen, pkey);
EVP_MD_CTX_cleanup(&md_ctx);
EVP_PKEY_free(pkey);
free(b64d);
return (err);
}
static int verify_fverify(lua_State *L)
{
/* parameter 1 is the 'crypto.verify' table */
const char *type_name = luaL_checkstring(L, 2);
const EVP_MD *type = EVP_get_digestbyname(type_name);
if (type == NULL) {
luaL_argerror(L, 1, "invalid digest type");
return 0;
} else {
EVP_MD_CTX c;
size_t input_len = 0;
const unsigned char *input = (unsigned char *) luaL_checklstring(L, 3, &input_len);
size_t sig_len = 0;
const unsigned char *sig = (unsigned char *) luaL_checklstring(L, 4, &sig_len);
EVP_PKEY **pkey = (EVP_PKEY **)luaL_checkudata(L, 5, LUACRYPTO_PKEYNAME);
int ret;
EVP_MD_CTX_init(&c);
EVP_VerifyInit_ex(&c, type, NULL);
EVP_VerifyUpdate(&c, input, input_len);
ret = EVP_VerifyFinal(&c, sig, sig_len, *pkey);
EVP_MD_CTX_cleanup(&c);
if (ret == -1)
return crypto_error(L);
lua_pushboolean(L, ret);
return 1;
}
}
bool Verificador::verificarFirma(ParDeClaves& parDeClaves,const std::string& firma,std::istream& mensaje){
RSA* rsa = parDeClaves;
EVP_PKEY* pk = EVP_PKEY_new();
EVP_MD_CTX ctx;
EVP_PKEY_set1_RSA(pk,parDeClaves);
EVP_MD_CTX_init(&ctx);
M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_PKCS1/*EVP_MD_CTX_FLAG_PAD_X931*/);
EVP_VerifyInit_ex(&ctx, EVP_get_digestbynid(NID_sha1), NULL);
while(!mensaje.eof()){
unsigned char buffer[tamanio_de_buffer_default];
mensaje.read((char*)buffer,tamanio_de_buffer_default);
EVP_VerifyUpdate(&ctx, buffer, mensaje.gcount());
mensaje.peek();
}
int ok = EVP_VerifyFinal(&ctx, (unsigned char*)firma.c_str(), firma.size(), pk);
EVP_MD_CTX_cleanup(&ctx);
// El free esta en el constructor de ParDeClaves no puede
// liberarse aca
//FIPS_rsa_free(pk.pkey.rsa);
EVP_PKEY_free(pk);
return ok==1;
}
/**
@fn int soap_smd_update(struct soap *soap, struct soap_smd_data *data, const char *buf, size_t len)
@brief Updates (signed) digest computation with message part.
@param soap context
@param[in,out] data smdevp engine context
@param[in] buf contains message part
@param[in] len of message part
@return SOAP_OK or SOAP_SSL_ERROR
*/
int
soap_smd_update(struct soap *soap, struct soap_smd_data *data, const char *buf, size_t len)
{ int err = 1;
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- SMD Update alg=%d n=%lu (%p) --\n", data->alg, (unsigned long)len, data->ctx));
switch (data->alg & (SOAP_SMD_PASSTHRU-1))
{ case SOAP_SMD_DGST_MD5:
case SOAP_SMD_DGST_SHA1:
EVP_DigestUpdate((EVP_MD_CTX*)data->ctx, (const void*)buf, (unsigned int)len);
break;
case SOAP_SMD_HMAC_SHA1:
HMAC_Update((HMAC_CTX*)data->ctx, (const unsigned char*)buf, len);
break;
case SOAP_SMD_SIGN_DSA_SHA1:
case SOAP_SMD_SIGN_RSA_SHA1:
err = EVP_SignUpdate((EVP_MD_CTX*)data->ctx, (const void*)buf, (unsigned int)len);
break;
case SOAP_SMD_VRFY_DSA_SHA1:
case SOAP_SMD_VRFY_RSA_SHA1:
err = EVP_VerifyUpdate((EVP_MD_CTX*)data->ctx, (const void*)buf, (unsigned int)len);
break;
}
DBGMSG(TEST, buf, len);
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--"));
/* check and return */
return soap_smd_check(soap, data, err, "soap_smd_update() failed");
}
int COsslKey::VerifyBin( sqbind::CSqBinary *pData, sqbind::CSqBinary *sig )
{_STT();
if ( !pData || !sig || !getPublicKeyPtr() )
return 0;
EVP_MD_CTX md_ctx;
if ( !EVP_VerifyInit( &md_ctx, EVP_sha1() ) )
{ oexERROR( 0, oexT( "EVP_VerifyInit() failed" ) );
return 0;
} // end if
if ( !EVP_VerifyUpdate( &md_ctx, pData->Ptr(), pData->getUsed() ) )
{ oexERROR( 0, oexT( "EVP_VerifyUpdate() failed" ) );
return 0;
} // end if
int err = EVP_VerifyFinal( &md_ctx, (unsigned char*)sig->Ptr(), sig->getUsed(), getPublicKeyPtr() );
if ( err != 1 )
{ oexERROR( err, oexT( "EVP_VerifyFinal() failed" ) );
return 0;
} // end if
return 1;
}
void openssl_evp_comsign()
{
RSA *rsa;
EVP_PKEY *evpKey;
EVP_MD_CTX mdctx;
unsigned int i, len;
char ins[MAX1_LEN] = "openssl signature";
unsigned char outs[MAX1_LEN];
OpenSSL_add_all_algorithms();
rsa = RSA_generate_key(MAX1_LEN, RSA_F4, NULL, NULL);
evpKey = EVP_PKEY_new();
EVP_PKEY_set1_RSA(evpKey, rsa);
EVP_MD_CTX_init(&mdctx);
EVP_SignInit_ex(&mdctx, EVP_md5(), NULL);
EVP_SignUpdate(&mdctx, ins, strlen(ins));
EVP_SignFinal(&mdctx, outs, &len, evpKey);
printf("\nEVP_COMSignature(%s) = ", ins);
for (i = 0; i < len; i++)
printf("0x%02x ", outs[i]);
printf("\n");
EVP_MD_CTX_cleanup(&mdctx);
EVP_MD_CTX_init(&mdctx);
EVP_VerifyInit_ex(&mdctx, EVP_md5(), NULL);
EVP_VerifyUpdate(&mdctx, ins, strlen(ins));
if (EVP_VerifyFinal(&mdctx, outs, len, evpKey) == 1)
printf("EVP_COMVerify OK!\n");
EVP_MD_CTX_cleanup(&mdctx);
EVP_PKEY_free(evpKey);
RSA_free(rsa);
}
int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
char *data, EVP_PKEY *pkey)
{
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
const EVP_MD *type;
unsigned char *p, *buf_in = NULL;
int ret = -1, i, inl;
if (ctx == NULL) {
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
i = OBJ_obj2nid(a->algorithm);
type = EVP_get_digestbyname(OBJ_nid2sn(i));
if (type == NULL) {
ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
goto err;
}
if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
goto err;
}
inl = i2d(data, NULL);
if (inl <= 0) {
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_INTERNAL_ERROR);
goto err;
}
buf_in = OPENSSL_malloc((unsigned int)inl);
if (buf_in == NULL) {
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
p = buf_in;
i2d(data, &p);
ret = EVP_VerifyInit_ex(ctx, type, NULL)
&& EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl);
OPENSSL_clear_free(buf_in, (unsigned int)inl);
if (!ret) {
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
goto err;
}
ret = -1;
if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data,
(unsigned int)signature->length, pkey) <= 0) {
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
ret = 0;
goto err;
}
ret = 1;
err:
EVP_MD_CTX_free(ctx);
return ret;
}
int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
char *data, EVP_PKEY *pkey)
{
EVP_MD_CTX ctx;
const EVP_MD *type;
unsigned char *p, *buf_in = NULL;
int ret = -1, i, inl;
EVP_MD_CTX_init(&ctx);
i = OBJ_obj2nid(a->algorithm);
type = EVP_get_digestbyname(OBJ_nid2sn(i));
if (type == NULL) {
ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
goto err;
}
if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
goto err;
}
inl = i2d(data, NULL);
buf_in = OPENSSL_malloc((unsigned int)inl);
if (buf_in == NULL) {
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
p = buf_in;
i2d(data, &p);
ret = EVP_VerifyInit_ex(&ctx, type, NULL)
&& EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl);
OPENSSL_cleanse(buf_in, (unsigned int)inl);
OPENSSL_free(buf_in);
if (!ret) {
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
goto err;
}
ret = -1;
if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data,
(unsigned int)signature->length, pkey) <= 0) {
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
ret = 0;
goto err;
}
/*
* we don't need to zero the 'ctx' because we just checked public
* information
*/
/* memset(&ctx,0,sizeof(ctx)); */
ret = 1;
err:
EVP_MD_CTX_cleanup(&ctx);
return (ret);
}
static int verify_update(lua_State *L)
{
EVP_MD_CTX *c = (EVP_MD_CTX*)luaL_checkudata(L, 1, LUACRYPTO_VERIFYNAME);
size_t input_len = 0;
const unsigned char *input = (unsigned char *) luaL_checklstring(L, 2, &input_len);
EVP_VerifyUpdate(c, input, input_len);
return 0;
}
static LUA_FUNCTION(openssl_verifyUpdate)
{
size_t l;
int ret;
EVP_MD_CTX *ctx = CHECK_OBJECT(1, EVP_MD_CTX, "openssl.evp_digest_ctx");
const char* data = luaL_checklstring(L, 2, &l);
ret = EVP_VerifyUpdate(ctx, data, l);
return openssl_pushresult(L, ret);
}
static bool verifyRSASignature(const unsigned char *originalMessage,
unsigned int messageLength,
const unsigned char *signature,
unsigned int sigLength)
{
if(nullptr == originalMessage) {
return errorMessage(_("Message is empty"));
}
if(nullptr == signature) {
return errorMessage(_("Signature is empty"));
}
const char *settingsPath = CPLGetConfigOption("NGS_SETTINGS_PATH", nullptr);
std::string keyFilePath = File::formFileName(settingsPath, KEY_FILE, "");
FILE *file = VSIFOpen( keyFilePath.c_str(), "r" );
if( file == nullptr ) {
return errorMessage(_("Failed open file %s"), keyFilePath.c_str());
}
EVP_PKEY *evp_pubkey = PEM_read_PUBKEY(file, nullptr, nullptr, nullptr);
VSIFClose( file );
if (!evp_pubkey) {
return errorMessage(_("Failed PEM_read_PUBKEY"));
}
EVP_MD_CTX *ctx = EVP_MD_CTX_create();
if (!ctx) {
EVP_PKEY_free(evp_pubkey);
return errorMessage(_("Failed PEM_read_PUBKEY"));
}
if(!EVP_VerifyInit(ctx, EVP_sha256())) {
EVP_MD_CTX_destroy(ctx);
EVP_PKEY_free(evp_pubkey);
return errorMessage(_("Failed EVP_VerifyInit"));
}
if(!EVP_VerifyUpdate(ctx, originalMessage, messageLength)) {
EVP_MD_CTX_destroy(ctx);
EVP_PKEY_free(evp_pubkey);
return errorMessage(_("Failed EVP_VerifyUpdate"));
}
int result = EVP_VerifyFinal(ctx, signature, sigLength, evp_pubkey);
EVP_MD_CTX_destroy(ctx);
EVP_PKEY_free(evp_pubkey);
outMessage(result == 1 ? COD_SUCCESS : COD_UNEXPECTED_ERROR,
"Signature is %s", result == 1 ? "valid" : "invalid");
return result == 1;
}
EXPORT_C int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,
void *asn, EVP_PKEY *pkey)
{
EVP_MD_CTX ctx;
const EVP_MD *type;
unsigned char *buf_in=NULL;
int ret= -1,i,inl;
EVP_MD_CTX_init(&ctx);
i=OBJ_obj2nid(a->algorithm);
type=EVP_get_digestbyname(OBJ_nid2sn(i));
if (type == NULL)
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
goto err;
}
if (!EVP_VerifyInit_ex(&ctx,type, NULL))
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
ret=0;
goto err;
}
inl = ASN1_item_i2d(asn, &buf_in, it);
if (buf_in == NULL)
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE);
goto err;
}
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
OPENSSL_cleanse(buf_in,(unsigned int)inl);
OPENSSL_free(buf_in);
if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
(unsigned int)signature->length,pkey) <= 0)
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
ret=0;
goto err;
}
/* we don't need to zero the 'ctx' because we just checked
* public information */
/* memset(&ctx,0,sizeof(ctx)); */
ret=1;
err:
EVP_MD_CTX_cleanup(&ctx);
return(ret);
}
int verifyData( char *clearText, int clearlen,unsigned char *sig, int sigLen)
{
int verify;
EVP_MD_CTX* ctx = 0;
ctx = EVP_MD_CTX_create();
EVP_VerifyInit_ex( ctx, EVP_sha256(), 0 );
EVP_VerifyUpdate( ctx, clearText, clearlen );
verify=EVP_VerifyFinal( ctx, sig, sigLen, pKey );
EVP_MD_CTX_destroy( ctx );
return verify;
}
int
dsa_update(struct iked_dsa *dsa, const void *buf, size_t len)
{
int ret = 1;
if (dsa->dsa_hmac)
ret = HMAC_Update(dsa->dsa_ctx, buf, len);
else if (dsa->dsa_sign)
ret = EVP_SignUpdate(dsa->dsa_ctx, buf, len);
else
ret = EVP_VerifyUpdate(dsa->dsa_ctx, buf, len);
return (ret ? 0 : -1);
}
/*
* public static native void EVP_VerifyUpdate(int, byte[], int, int)
*/
static void NativeCrypto_EVP_VerifyUpdate(JNIEnv* env, jclass clazz, EVP_MD_CTX* ctx, jbyteArray buffer, jint offset, jint length) {
// LOGI("NativeCrypto_EVP_VerifyUpdate %x, %x, %d, %d", ctx, buffer, offset, length);
if (ctx == NULL || buffer == NULL) {
throwNullPointerException(env);
return;
}
jbyte* bufferBytes = env->GetByteArrayElements(buffer, NULL);
EVP_VerifyUpdate(ctx, (unsigned char*) (bufferBytes + offset), length);
env->ReleaseByteArrayElements(buffer, bufferBytes, JNI_ABORT);
throwExceptionIfNecessary(env);
}
int verify_sig( EVP_PKEY * pkey, const EVP_MD * htype, char * data, int data_len, unsigned char * sig, int sig_len )
{
EVP_MD_CTX md_ctx;
EVP_VerifyInit (&md_ctx, htype);
EVP_VerifyUpdate (&md_ctx, data, data_len);
if ( EVP_VerifyFinal (&md_ctx, sig, sig_len, pkey) != 1)
{
ERR_print_errors_fp (stderr);
return 0;
}
return 1;
}
/*
* RSA: generate keys and sign, verify input plaintext.
*/
static int FIPS_rsa_test(int bad)
{
RSA *key;
unsigned char input_ptext[] = "etaonrishdlc";
unsigned char buf[256];
unsigned int slen;
BIGNUM *bn;
EVP_MD_CTX mctx;
EVP_PKEY pk;
int r = 0;
ERR_clear_error();
EVP_MD_CTX_init(&mctx);
key = RSA_new();
bn = BN_new();
if (!key || !bn)
return 0;
BN_set_word(bn, 65537);
if (!RSA_generate_key_ex(key, 1024, bn, NULL))
return 0;
BN_free(bn);
if (bad)
BN_add_word(key->n, 1);
pk.type = EVP_PKEY_RSA;
pk.pkey.rsa = key;
if (!EVP_SignInit_ex(&mctx, EVP_sha1(), NULL))
goto end;
if (!EVP_SignUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
goto end;
if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
goto end;
if (!EVP_VerifyInit_ex(&mctx, EVP_sha1(), NULL))
goto end;
if (!EVP_VerifyUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
goto end;
r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
end:
EVP_MD_CTX_cleanup(&mctx);
if (key)
RSA_free(key);
if (r != 1)
return 0;
return 1;
}
bool verifySignature(int message, unsigned char* signature, char* certfile) {
int err;
unsigned int sig_len;
//unsigned char sig_buf[4096];
static char data[100];
EVP_MD_CTX md_ctx;
EVP_PKEY* pkey;
FILE * fp;
X509 * x509;
memset(&data, '\0', sizeof(data));
sprintf(data, "%d", message);
ERR_load_crypto_strings();
fp = fopen(certfile, "r");
if (fp == NULL) {
printf("certfile not found\n");
exit(1);
}
x509 = PEM_read_X509(fp, NULL, NULL, NULL);
fclose(fp);
if (x509 == NULL) {
printf("Error in certificate file x509\n");
ERR_print_errors_fp (stderr);
exit(1);
}
/* Get public key - eay */
pkey = X509_get_pubkey(x509);
if (pkey == NULL) {
printf("Error in claiming the public key\n");
ERR_print_errors_fp (stderr);
exit(1);
}
sig_len = 128;
/* Verify the signature */
EVP_VerifyInit(&md_ctx, EVP_sha1());
EVP_VerifyUpdate(&md_ctx, data, strlen((char*) data));
err = EVP_VerifyFinal(&md_ctx, signature, sig_len, pkey);
EVP_PKEY_free(pkey);
if (err != 1) {
ERR_print_errors_fp (stderr);
return 0;
}
return 1;
}
/*
* DSA: generate keys and sign, verify input plaintext.
*/
static int FIPS_dsa_test(int bad)
{
DSA *dsa = NULL;
EVP_PKEY pk;
unsigned char dgst[] = "etaonrishdlc";
unsigned char buf[60];
unsigned int slen;
int r = 0;
EVP_MD_CTX mctx;
ERR_clear_error();
EVP_MD_CTX_init(&mctx);
dsa = DSA_new();
if (!dsa)
goto end;
if (!DSA_generate_parameters_ex(dsa, 1024, NULL, 0, NULL, NULL, NULL))
goto end;
if (!DSA_generate_key(dsa))
goto end;
if (bad)
BN_add_word(dsa->pub_key, 1);
pk.type = EVP_PKEY_DSA;
pk.pkey.dsa = dsa;
if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
goto end;
if (!EVP_SignUpdate(&mctx, dgst, sizeof(dgst) - 1))
goto end;
if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
goto end;
if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
goto end;
if (!EVP_VerifyUpdate(&mctx, dgst, sizeof(dgst) - 1))
goto end;
r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
end:
EVP_MD_CTX_cleanup(&mctx);
if (dsa)
DSA_free(dsa);
if (r != 1)
return 0;
return 1;
}
static bool EVP_verify(RSA *rsa, const char *sign, size_t sigl, const char *data, size_t l) {
EVP_MD_CTX ctx;
EVP_PKEY *pkey;
bool ret = false;
pkey = EVP_PKEY_new();
if (!pkey) return ret;
if (!EVP_PKEY_set1_RSA(pkey, rsa)) goto _fail;
EVP_VerifyInit(&ctx, EVP_sha256());
if (!EVP_VerifyUpdate(&ctx, data, l)) goto _fail;
if (EVP_VerifyFinal(&ctx, sign, sigl, pkey) == 1) ret = true;
_fail: EVP_PKEY_free(pkey);
return ret;
}
FLASH2_RESULT Flash2AppSMVerifyHashWrite(SM_MEDIA_HANDLE h, void* buffer, FLASH2_UINT32 buffer_len)
{
int err;
if (h == NULL)
{
return FLASH2_FAILURE;
}
err = EVP_VerifyUpdate(&h->md_ctx, buffer, buffer_len);
if (err != 1)
{
return FLASH2_FAILURE;
}
return FLASH2_SUCCESS;
}
/*
* call-seq:
* pkey.verify(digest, signature, data) -> String
*
* To verify the +String+ +signature+, +digest+, an instance of
* OpenSSL::Digest, must be provided to re-compute the message digest of the
* original +data+, also a +String+. The return value is +true+ if the
* signature is valid, +false+ otherwise. A PKeyError is raised should errors
* occur.
* Any previous state of the +Digest+ instance is irrelevant to the validation
* outcome, the digest instance is reset to its initial state during the
* operation.
*
* == Example
* data = 'Sign me!'
* digest = OpenSSL::Digest::SHA256.new
* pkey = OpenSSL::PKey::RSA.new(2048)
* signature = pkey.sign(digest, data)
* pub_key = pkey.public_key
* puts pub_key.verify(digest, signature, data) # => true
*/
static VALUE
ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
{
EVP_PKEY *pkey;
EVP_MD_CTX ctx;
GetPKey(self, pkey);
EVP_VerifyInit(&ctx, GetDigestPtr(digest));
StringValue(sig);
StringValue(data);
EVP_VerifyUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data));
switch (EVP_VerifyFinal(&ctx, (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey)) {
case 0:
return Qfalse;
case 1:
return Qtrue;
default:
ossl_raise(ePKeyError, NULL);
}
return Qnil; /* dummy */
}
bool
crypto_rsa_verify_signature(struct string *databuffer, struct string *signature, const char *pubkey)
{
int err;
bool retval;
EVP_MD_CTX md_ctx;
EVP_PKEY *pkey;
/* load public key into openssl structure */
pkey = crypto_load_key(pubkey, false);
if (pkey == NULL) {
log_err("crypto_verify_signature: key loading failed\n");
return false;
}
/* Verify the signature */
if (EVP_VerifyInit(&md_ctx, EVP_sha512()) != 1) {
log_err("crypto_verify_signature: libcrypto verify init failed\n");
EVP_PKEY_free(pkey);
return false;
}
EVP_VerifyUpdate(&md_ctx, string_get(databuffer), string_length(databuffer));
err = EVP_VerifyFinal(&md_ctx, (unsigned char*)string_get(signature), string_length(signature), pkey);
EVP_PKEY_free(pkey);
if (err != 1) {
log_err("crypto_verify_signature: signature verify failed, received bogus data from backend.\n");
ERR_print_errors_fp(stderr);
retval = false;
goto bailout_ctx_cleanup;
}
retval = true;
bailout_ctx_cleanup:
EVP_MD_CTX_cleanup(&md_ctx);
//log_info("Signature Verified Ok.\n");
return retval;
}
int RSASHA256Stream:: overflow(int c)
{
char *ibegin = out_buf_;
char *iend = pptr();
// mark the buffer as free
setp(out_buf_, out_buf_ + BUFF_SIZE - 1);
if (!std::char_traits<char>::eq_int_type(c, std::char_traits<char>::eof()))
{
//TODO writing one byte after the buffer?
*iend++ = std::char_traits<char>::to_char_type(c);
}
// if there is nothing to send, just return
if ((iend - ibegin) == 0)
{
return std::char_traits<char>::not_eof(c);
}
if (!_verify)
// hashing
{
if (!EVP_SignUpdate(&_ctx, reinterpret_cast<unsigned char*>(out_buf_), iend - ibegin))
{
IBRCOMMON_LOGGER(critical) << "failed to feed data into the signature function" << IBRCOMMON_LOGGER_ENDL;
ERR_print_errors_fp(stderr);
}
}
else
{
if (!EVP_VerifyUpdate(&_ctx, reinterpret_cast<unsigned char*>(out_buf_), iend - ibegin))
{
IBRCOMMON_LOGGER(critical) << "failed to feed data into the verfication function" << IBRCOMMON_LOGGER_ENDL;
ERR_print_errors_fp(stderr);
}
}
return std::char_traits<char>::not_eof(c);
}
void openssl_evp_rsasign()
{
int inlen;
RSA *rkey;
BIGNUM *bne;
EVP_PKEY *pkey;
char data[COMM_LEN];
EVP_MD_CTX mdctx;
unsigned char outs[LINE_LEN];
unsigned int i, outlen = 0;
strcpy(data, "openssl rsasign");
inlen = strlen(data);
bne = BN_new();
BN_set_word(bne, RSA_3);
rkey = RSA_new();
RSA_generate_key_ex(rkey, MAX1_LEN, bne, NULL);
pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pkey, rkey);
EVP_MD_CTX_init(&mdctx);
EVP_SignInit_ex(&mdctx, EVP_md5(), NULL);
EVP_SignUpdate(&mdctx, data, inlen);
EVP_SignFinal(&mdctx, outs, &outlen, pkey);
printf("\nEVP_RSASignature(%s) = ", data);
for (i = 0; i < outlen; i++)
printf("0x%02x ", outs[i]);
printf("\n");
EVP_MD_CTX_cleanup(&mdctx);
EVP_MD_CTX_init(&mdctx);
EVP_VerifyInit_ex(&mdctx, EVP_md5(), NULL);
EVP_VerifyUpdate(&mdctx, data, inlen);
if (EVP_VerifyFinal(&mdctx, outs, outlen, pkey) == 1)
printf("EVP_RSAVerify OK!\n");
EVP_MD_CTX_cleanup(&mdctx);
RSA_free(rkey);
BN_free(bne);
}
int uwsgi_subscription_sign_check(struct uwsgi_subscribe_slot *slot, struct uwsgi_subscribe_req *usr) {
if (EVP_VerifyInit_ex(slot->sign_ctx, uwsgi.subscriptions_sign_check_md, NULL) == 0) {
ERR_print_errors_fp(stderr);
return 0;
}
if (EVP_VerifyUpdate(slot->sign_ctx, usr->base, usr->base_len) == 0) {
ERR_print_errors_fp(stderr);
return 0;
}
if (EVP_VerifyFinal(slot->sign_ctx, (unsigned char *) usr->sign, usr->sign_len, slot->sign_public_key) != 1) {
#ifdef UWSGI_DEBUG
ERR_print_errors_fp(stderr);
#endif
return 0;
}
return 1;
}
extern int
crypto_verify_sign(void * key, char *buffer, unsigned int buf_size,
char *signature, unsigned int sig_size)
{
EVP_MD_CTX *ectx;
int rc;
ectx = EVP_MD_CTX_new();
EVP_VerifyInit(ectx, EVP_sha1());
EVP_VerifyUpdate(ectx, buffer, buf_size);
rc = EVP_VerifyFinal(ectx, (unsigned char *) signature,
sig_size, (EVP_PKEY *) key);
if (rc <= 0)
rc = SLURM_ERROR;
else
rc = SLURM_SUCCESS;
EVP_MD_CTX_free(ectx);
return rc;
}
