/**
* Verify the RSA signature on the SignedBlob using the given public key.
* TODO: Move this general verification code to a more central location.
* @param signature The Sha256WithRsaSignature.
* @param signedBlob the SignedBlob with the signed portion to verify.
* @param publicKeyDer The DER-encoded public key used to verify the signature.
* @return true if the signature verifies, false if not.
*/
static bool
verifySha256WithRsaSignature
(const Sha256WithRsaSignature* signature, const SignedBlob& signedBlob,
const Blob& publicKeyDer)
{
// Set signedPortionDigest to the digest of the signed portion of the wire encoding.
uint8_t signedPortionDigest[SHA256_DIGEST_LENGTH];
// wireEncode returns the cached encoding if available.
ndn_digestSha256
(signedBlob.signedBuf(), signedBlob.signedSize(), signedPortionDigest);
// Verify the signedPortionDigest.
// Use a temporary pointer since d2i updates it.
const uint8_t *derPointer = publicKeyDer.buf();
RSA *rsaPublicKey = d2i_RSA_PUBKEY(NULL, &derPointer, publicKeyDer.size());
if (!rsaPublicKey)
throw UnrecognizedKeyFormatException("Error decoding public key in d2i_RSAPublicKey");
int success = RSA_verify
(NID_sha256, signedPortionDigest, sizeof(signedPortionDigest), (uint8_t *)signature->getSignature().buf(),
signature->getSignature().size(), rsaPublicKey);
// Free the public key before checking for success.
RSA_free(rsaPublicKey);
// RSA_verify returns 1 for a valid signature.
return (success == 1);
}
SEXP R_rsa_encrypt(SEXP data, SEXP keydata) {
static unsigned char* buf[8192];
RSA *rsa = RSA_new();
const unsigned char *ptr = RAW(keydata);
bail(!!d2i_RSA_PUBKEY(&rsa, &ptr, LENGTH(keydata)));
int len = RSA_public_encrypt(LENGTH(data), RAW(data), (unsigned char*) buf, rsa, RSA_PKCS1_PADDING);
bail(len > 0);
SEXP res = allocVector(RAWSXP, len);
memcpy(RAW(res), buf, len);
return res;
}
SEXP R_rsa_pubkey_decompose(SEXP bin){
RSA *rsa = RSA_new();
const unsigned char *ptr = RAW(bin);
bail(!!d2i_RSA_PUBKEY(&rsa, &ptr, LENGTH(bin)));
SEXP res = PROTECT(allocVector(VECSXP, 2));
const BIGNUM *e, *n;
MY_RSA_get0_key(rsa, &n, &e, NULL);
SET_VECTOR_ELT(res, 0, bignum_to_r(e));
SET_VECTOR_ELT(res, 1, bignum_to_r(n));
UNPROTECT(1);
return res;
}
ptr_lib::shared_ptr<PublicKey>
PublicKey::fromDer(const Blob& keyDer)
{
// Use a temporary pointer since d2i updates it.
const uint8_t *derPointer = keyDer.buf();
RSA *publicKey = d2i_RSA_PUBKEY(NULL, &derPointer, keyDer.size());
if (!publicKey)
throw UnrecognizedKeyFormatException("Error decoding public key DER");
RSA_free(publicKey);
return ptr_lib::shared_ptr<PublicKey>(new PublicKey(OID(vector<int>(RSA_OID, RSA_OID + sizeof(RSA_OID))), keyDer));
}
ndn_Error
ndn_RsaPublicKey_decode
(struct ndn_RsaPublicKey *self, const uint8_t *publicKeyDer,
size_t publicKeyDerLength)
{
if (self->publicKey)
// Free a previous value.
RSA_free(self->publicKey);
self->publicKey = d2i_RSA_PUBKEY(NULL, &publicKeyDer, publicKeyDerLength);
if (!self->publicKey)
return NDN_ERROR_Error_decoding_key;
return NDN_ERROR_success;
}
SEXP PKI_load_public_RSA(SEXP what) {
EVP_PKEY *key;
RSA *rsa = 0;
const unsigned char *ptr;
if (TYPEOF(what) != RAWSXP)
Rf_error("key must be a raw vector");
ptr = (const unsigned char *) RAW(what);
rsa = d2i_RSA_PUBKEY(&rsa, &ptr, LENGTH(what));
if (!rsa)
Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
key = EVP_PKEY_new();
EVP_PKEY_assign_RSA(key, rsa);
return wrap_EVP_PKEY(key, PKI_KT_PUBLIC);
}
void pki_evp::veryOldFromData(unsigned char *p, int size )
{
unsigned char *sik, *pdec, *pdec1, *sik1;
int outl, decsize;
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char ckey[EVP_MAX_KEY_LENGTH];
memset(iv, 0, EVP_MAX_IV_LENGTH);
RSA *rsakey;
EVP_CIPHER_CTX ctx;
const EVP_CIPHER *cipher = EVP_des_ede3_cbc();
sik = (unsigned char *)OPENSSL_malloc(size);
check_oom(sik);
pki_openssl_error();
pdec = (unsigned char *)OPENSSL_malloc(size);
if (pdec == NULL ) {
OPENSSL_free(sik);
check_oom(pdec);
}
pdec1=pdec;
sik1=sik;
memcpy(iv, p, 8); /* recover the iv */
/* generate the key */
EVP_BytesToKey(cipher, EVP_sha1(), iv, (unsigned char *)oldpasswd,
strlen(oldpasswd), 1, ckey,NULL);
/* we use sha1 as message digest,
* because an md5 version of the password is
* stored in the database...
*/
EVP_CIPHER_CTX_init (&ctx);
EVP_DecryptInit( &ctx, cipher, ckey, iv);
EVP_DecryptUpdate( &ctx, pdec , &outl, p + 8, size -8 );
decsize = outl;
EVP_DecryptFinal( &ctx, pdec + decsize , &outl );
decsize += outl;
pki_openssl_error();
memcpy(sik, pdec, decsize);
if (key->type == EVP_PKEY_RSA) {
rsakey=d2i_RSAPrivateKey(NULL,(const unsigned char **)&pdec, decsize);
if (pki_ign_openssl_error()) {
rsakey = d2i_RSA_PUBKEY(NULL, (const unsigned char **)&sik, decsize);
}
pki_openssl_error();
if (rsakey) EVP_PKEY_assign_RSA(key, rsakey);
}
OPENSSL_free(sik1);
OPENSSL_free(pdec1);
EVP_CIPHER_CTX_cleanup(&ctx);
pki_openssl_error();
encryptKey();
}
int
put_key_der(int is_public_only, PyObject *py_key_der,
PyObject **py_private_key_ccn, PyObject **py_public_key_ccn,
PyObject **py_public_key_digest, int *public_key_digest_len)
{
RSA *key_rsa = NULL;
const unsigned char *key_der;
Py_ssize_t der_len;
int r;
unsigned long err;
r = PyBytes_AsStringAndSize(py_key_der, (char **) &key_der, &der_len);
JUMP_IF_NEG(r, error);
if (is_public_only)
key_rsa = d2i_RSA_PUBKEY(NULL, &key_der, der_len);
else
key_rsa = d2i_RSAPrivateKey(NULL, &key_der, der_len);
//above changes the key_der, so we set it to NULL for safety to not use it
key_der = NULL;
JUMP_IF_NULL(key_rsa, openssl_error);
r = ccn_keypair_from_rsa(is_public_only, key_rsa, py_private_key_ccn,
py_public_key_ccn);
JUMP_IF_NEG(r, error);
r = create_public_key_digest(key_rsa, py_public_key_digest,
public_key_digest_len);
JUMP_IF_NEG(r, error);
RSA_free(key_rsa);
return 0;
openssl_error:
err = ERR_get_error();
{
char buf[256];
ERR_error_string_n(err, buf, sizeof(buf));
PyErr_Format(g_PyExc_CCNKeyError, "Unable to read Private Key: %s",
buf);
}
error:
RSA_free(key_rsa);
return -1;
}
static LUA_FUNCTION(openssl_rsa_read)
{
size_t l;
const char* data = luaL_checklstring(L, 1, &l);
const unsigned char* in = (const unsigned char*)data;
RSA *rsa = d2i_RSAPrivateKey(NULL, &in, l);
if (rsa == NULL)
{
in = (const unsigned char*)data;
rsa = d2i_RSA_PUBKEY(NULL, &in, l);
}
if (rsa)
PUSH_OBJECT(rsa, "openssl.rsa");
else
lua_pushnil(L);
return 1;
}
int main( void ){
// int i2d_RSAPublicKey(RSA *a, unsigned char **pp);
// int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
const char* keyStr =
"-----BEGIN PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAws5ZlcsFQv8oh+f5YDE/\n"
"Dqro+tyQxcRpw8Ykjo/Vxq/x7rFgCZch7IUWfImTXEiYbePVApgcCFS/yMBJpaG9\n"
"mWYbYDmpQEMrYEAdo7dB0A6NS/DFvdlTmhUxe2YBqeP7U+s5pZ1nekhVD1vCkJro\n"
"P8Z8pwOZ4kDo1pWDcguL8j0c0a5JeO24sBtBxak3lDOlTdIrc6ulJ/cNrhzIhbmu\n"
"QUTwImsmOH/SYHHKhMctPAU26CRai8NmhIucNx+0LYhikaJXgfdyHD/a7RdSqMHy\n"
"QWqRjvEyk7DJOEojSEF8OlES24qoyMTNRUIndrQc2u96oQToQh9sjg6S0g8TlWc0\n"
"BwIDAQAB\n"
"-----END PUBLIC KEY-----"
;
EVP_PKEY* evpKey = readPublicKey( keyStr );
RSA* rsaKey = EVP_PKEY_get1_RSA( evpKey );
unsigned char keyBinaryBuffer[ 10240 ] = { 0 };
unsigned char* keyBinaryBufferPointer = keyBinaryBuffer;
int keyLength = i2d_RSA_PUBKEY( rsaKey, (unsigned char**)&keyBinaryBufferPointer );
std::cout << "DER Format (" << keyLength << "):" << std::hex << std::setfill( '0' ) << std::endl;
for( int i = 0; i < keyLength; ++i ){
if( i && (i % 10 == 0) ){
std::cout << std::endl;
}
std::cout << "0x" << std::setw( 2 ) << (int)keyBinaryBuffer[ i ] << ", ";
}
std::cout << std::endl;
const unsigned char keyBinary[] = {
0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03,
0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82,
0x01, 0x01, 0x00, 0xc2, 0xce, 0x59, 0x95, 0xcb, 0x05, 0x42,
0xff, 0x28, 0x87, 0xe7, 0xf9, 0x60, 0x31, 0x3f, 0x0e, 0xaa,
0xe8, 0xfa, 0xdc, 0x90, 0xc5, 0xc4, 0x69, 0xc3, 0xc6, 0x24,
0x8e, 0x8f, 0xd5, 0xc6, 0xaf, 0xf1, 0xee, 0xb1, 0x60, 0x09,
0x97, 0x21, 0xec, 0x85, 0x16, 0x7c, 0x89, 0x93, 0x5c, 0x48,
0x98, 0x6d, 0xe3, 0xd5, 0x02, 0x98, 0x1c, 0x08, 0x54, 0xbf,
0xc8, 0xc0, 0x49, 0xa5, 0xa1, 0xbd, 0x99, 0x66, 0x1b, 0x60,
0x39, 0xa9, 0x40, 0x43, 0x2b, 0x60, 0x40, 0x1d, 0xa3, 0xb7,
0x41, 0xd0, 0x0e, 0x8d, 0x4b, 0xf0, 0xc5, 0xbd, 0xd9, 0x53,
0x9a, 0x15, 0x31, 0x7b, 0x66, 0x01, 0xa9, 0xe3, 0xfb, 0x53,
0xeb, 0x39, 0xa5, 0x9d, 0x67, 0x7a, 0x48, 0x55, 0x0f, 0x5b,
0xc2, 0x90, 0x9a, 0xe8, 0x3f, 0xc6, 0x7c, 0xa7, 0x03, 0x99,
0xe2, 0x40, 0xe8, 0xd6, 0x95, 0x83, 0x72, 0x0b, 0x8b, 0xf2,
0x3d, 0x1c, 0xd1, 0xae, 0x49, 0x78, 0xed, 0xb8, 0xb0, 0x1b,
0x41, 0xc5, 0xa9, 0x37, 0x94, 0x33, 0xa5, 0x4d, 0xd2, 0x2b,
0x73, 0xab, 0xa5, 0x27, 0xf7, 0x0d, 0xae, 0x1c, 0xc8, 0x85,
0xb9, 0xae, 0x41, 0x44, 0xf0, 0x22, 0x6b, 0x26, 0x38, 0x7f,
0xd2, 0x60, 0x71, 0xca, 0x84, 0xc7, 0x2d, 0x3c, 0x05, 0x36,
0xe8, 0x24, 0x5a, 0x8b, 0xc3, 0x66, 0x84, 0x8b, 0x9c, 0x37,
0x1f, 0xb4, 0x2d, 0x88, 0x62, 0x91, 0xa2, 0x57, 0x81, 0xf7,
0x72, 0x1c, 0x3f, 0xda, 0xed, 0x17, 0x52, 0xa8, 0xc1, 0xf2,
0x41, 0x6a, 0x91, 0x8e, 0xf1, 0x32, 0x93, 0xb0, 0xc9, 0x38,
0x4a, 0x23, 0x48, 0x41, 0x7c, 0x3a, 0x51, 0x12, 0xdb, 0x8a,
0xa8, 0xc8, 0xc4, 0xcd, 0x45, 0x42, 0x27, 0x76, 0xb4, 0x1c,
0xda, 0xef, 0x7a, 0xa1, 0x04, 0xe8, 0x42, 0x1f, 0x6c, 0x8e,
0x0e, 0x92, 0xd2, 0x0f, 0x13, 0x95, 0x67, 0x34, 0x07, 0x02,
0x03, 0x01, 0x00, 0x01
};
const unsigned char* keyBinaryPointer = keyBinary;
RSA* reloadedKey = nullptr;
d2i_RSA_PUBKEY( &reloadedKey, &keyBinaryPointer, (long)sizeof( keyBinary ) );
EVP_PKEY* reloadedEVPKey = EVP_PKEY_new();
EVP_PKEY_assign_RSA( reloadedEVPKey, reloadedKey );
char keyStrBuffer[ 10240 ] = { 0 };
writePublicKey( reloadedEVPKey, keyStrBuffer, 10240 );
std::cout << "PEM Format:" << std::endl;
std::cout << keyStrBuffer << std::endl;
}
static int
dir_server_verify_signature (http_t *h, dir_server_t *server, const ssr_t **reason)
{
RSA *pkey;
SHA512_CTX sh;
char *der;
size_t der_size;
unsigned char hash[SHA512_DIGEST_LENGTH];
unsigned char *signature;
size_t sig_size;
const unsigned char *p;
int rc;
char time_str[128];
int time_str_len;
der_size = b64urldecsize_ssr(&server->public_key);
if (!der_size) {
DEBUG("b64urldecsize_ssr(&server->public_key);");
*reason = http_400;
return (-1);
}
der = http_malloc(h, der_size);
if (!der) {
WARN("http_malloc(): %zu", der_size);
return (-1);
}
rc = b64urldec_ssr(&server->public_key, der);
if (rc == -1) {
DEBUG("b64urldec_ssr(&server->public_key, der);");
*reason = http_400;
return (-1);
}
p = (unsigned char *)der;
pkey = d2i_RSA_PUBKEY(NULL, &p, der_size);
if (pkey == NULL) {
WARN("d2i_RSA_PUBKEY(): %.*s", (int)server->public_key.size,
server->public_key.data);
*reason = http_403;
return (-1);
}
snprintf(time_str, sizeof(time_str), "%"PRIu64, server->time);
time_str_len = strlen(time_str);
SHA512_Init(&sh);
SHA512_Update(&sh, server->public_key.data, server->public_key.size);
SHA512_Update(&sh, server->address.data, server->address.size);
SHA512_Update(&sh, time_str, time_str_len);
SHA512_Final(hash, &sh);
sig_size = b64urldecsize_ssr(&server->signature);
signature = http_malloc(h, sig_size);
b64urldec_ssr(&server->signature, signature);
if (RSA_verify(NID_sha512, hash, SHA512_DIGEST_LENGTH,
signature, sig_size, pkey) != 1) {
WARN("RSA_verify(): "
"PublicKey='%.*s', "
"Address='%.*s', "
"Signature='%.*s', "
"Time='%"PRIu64"'",
(int)server->public_key.size, server->public_key.data,
(int)server->address.size, server->address.data,
(int)server->signature.size, server->signature.data,
server->time);
RSA_free(pkey);
return (-1);
}
RSA_free(pkey);
return (0);
}