int verify_u2f_user(Key *key, u_char *dgst, size_t dgstlen, u_char *sig, size_t siglen) { int ret; EC_KEY *ec; unsigned char *pk; // TODO: validate that the given key is in the key files. // We are privileged in this function so it should be easy. // TODO: replace a lot of stuff here with constants pk = malloc(sizeof(unsigned char) * (u2f_pubkey_len+26)); memcpy(pk, pubkeyprefix, 26); memcpy(pk+26, key->u2f_pubkey, u2f_pubkey_len); if ((ec = d2i_EC_PUBKEY(NULL, &pk, u2f_pubkey_len+26)) == NULL) fatal("d2i_EC_PUBKEY() failed"); debug("pubkey loaded, yay"); if ((ret = ECDSA_verify(0, dgst, dgstlen, sig, siglen, ec)) == -1) fatal("ECDSA_verify failed"); debug("ret = %d", ret); if (ret == 1) debug("sig verified!"); EC_KEY_free(ec); return ret == 1; }
bool PolicyManager::verifySha256WithEcdsaSignature (const Blob& signature, const SignedBlob& signedBlob, const Blob& publicKeyDer) { // Set signedPortionDigest to the digest of the signed portion of the signedBlob. uint8_t signedPortionDigest[SHA256_DIGEST_LENGTH]; ndn_digestSha256 (signedBlob.signedBuf(), signedBlob.signedSize(), signedPortionDigest); // Verify the signedPortionDigest. // Use a temporary pointer since d2i updates it. const uint8_t *derPointer = publicKeyDer.buf(); EC_KEY *ecPublicKey = d2i_EC_PUBKEY(NULL, &derPointer, publicKeyDer.size()); if (!ecPublicKey) throw UnrecognizedKeyFormatException ("Error decoding public key in d2i_EC_PUBKEY"); int success = ECDSA_verify (NID_sha256, signedPortionDigest, sizeof(signedPortionDigest), (uint8_t *)signature.buf(),signature.size(), ecPublicKey); // Free the public key before checking for success. EC_KEY_free(ecPublicKey); // ECDSA_verify returns 1 for a valid signature. return (success == 1); }
ndn_Error ndn_EcPublicKey_decode (struct ndn_EcPublicKey *self, const uint8_t *publicKeyDer, size_t publicKeyDerLength) { if (self->publicKey) // Free a previous value. EC_KEY_free(self->publicKey); self->publicKey = d2i_EC_PUBKEY(NULL, &publicKeyDer, publicKeyDerLength); if (!self->publicKey) return NDN_ERROR_Error_decoding_key; return NDN_ERROR_success; }