void
ValidatorRegex::onCertificateValidated(const shared_ptr<const Data>& signCertificate,
const shared_ptr<const Data>& data,
const OnDataValidated& onValidated,
const OnDataValidationFailed& onValidationFailed)
{
shared_ptr<IdentityCertificate> certificate =
make_shared<IdentityCertificate>(*signCertificate);
if (!certificate->isTooLate() && !certificate->isTooEarly())
{
m_certificateCache->insertCertificate(certificate);
if (verifySignature(*data, certificate->getPublicKeyInfo()))
return onValidated(data);
else
return onValidationFailed(data,
"Cannot verify signature: " +
data->getName().toUri());
}
else
{
return onValidationFailed(data,
"Signing certificate " +
signCertificate->getName().toUri() +
" is no longer valid.");
}
}
bool Certificate::verifySignature(RSA *key)
{
bool res = false;
if (!key)
return false;
if (verified)
return true;
EVP_PKEY *pkey = EVP_PKEY_new();
if (!pkey) {
HAGGLE_ERR("Could not allocate EVP_PKEY\n");
writeErrors("");
return false;
}
EVP_PKEY_set1_RSA(pkey, key);
res = verifySignature(pkey);
EVP_PKEY_free(pkey);
return res;
}
JNIEXPORT jstring JNICALL Java_com_yujunkang_fangxinbao_utility_JniEncrypt_getEncryptString(
JNIEnv *env, jobject thiz, jobjectArray params) {
int packageVerify = verifyPackageName(env, thiz);
if (packageVerify != 0) {
//exit(0);
//__android_log_write(ANDROID_LOG_DEBUG,"validate_packagename","error");
} else {
//__android_log_write(ANDROID_LOG_DEBUG,"validate_packagename","succ");
}
int signatureVerify = verifySignature(env, thiz);
if (signatureVerify != 0) {
//exit(0);
//__android_log_write(ANDROID_LOG_DEBUG,"validate_signature","error");
} else {
//__android_log_write(ANDROID_LOG_DEBUG,"validate_signature","succ");
}
int len = 0;
char* joined = malloc(buffsize);
strcpy(joined, "");
int size = (*env)->GetArrayLength(env, params);
int i = 0;
for (i = 0; i < size; i++) {
jstring jparam = (jstring)(*env)->GetObjectArrayElement(env, params, i);
char* param = (char*) (*env)->GetStringUTFChars(env, jparam, NULL);
//__android_log_write(ANDROID_LOG_DEBUG, "tag", param);
strcat(joined, param);
len = len + strlen(param);
}
strcat(joined, "~1@)7q^48c96*");
len = len + 13;
joined[len] = '\0';
char* md5 = MDString(joined);
char* result = malloc(9);
result[0] = md5[4];
result[1] = md5[1];
result[2] = md5[16];
result[3] = md5[9];
result[4] = md5[19];
result[5] = md5[30];
result[6] = md5[28];
result[7] = md5[22];
result[8] = '\0';
jstring sid = (*env)->NewStringUTF(env, result);
free(joined);
free(result);
return sid;
}
/// @brief Verify the data against the SHA256 signature.
static bool
verifySignature(const Data& data, const DigestSha256& sig)
{
return verifySignature(data.wireEncode().value(),
data.wireEncode().value_size() -
data.getSignature().getValue().size(),
sig);
}
/// @brief Verify the data using the publicKey against the SHA256-RSA signature.
static bool
verifySignature(const Data& data,
const Signature& sig,
const v1::PublicKey& publicKey)
{
return verifySignature(data.wireEncode().value(),
data.wireEncode().value_size() - data.getSignature().getValue().size(),
sig, publicKey);
}
bool Wagnis::isSignatureValid(const QString &content, const QString &signature)
{
qDebug() << "Wagnis::isSignatureValid";
RSA* publicRSA = createPublicRSA(PUBLIC_KEY);
QByteArray signatureigBase64 = signature.toLatin1();
QByteArray rawData = QByteArray::fromBase64(signatureigBase64);
bool authentic;
bool result = verifySignature(publicRSA, reinterpret_cast<unsigned char*>(rawData.data()), rawData.length(), content.toStdString().c_str(), content.toStdString().length(), &authentic);
return authentic & result;
}
inline void readEnum(
std::streambuf & istrm, Handler & result,
const ReaderFunc & read, const UInt8 beginsig, const UInt8 endsig)
{
verifySignature(istrm, beginsig);
bool done = false;
while (!done)
{
try
{
result.handle(read(istrm));
}
catch (const BadSignatureException& e)
{
// read threw because we've read all the objects
verifySignature(istrm, endsig);
done = true;
}
}
}
/** @brief Verify the interest against the SHA256 signature.
*
* (Note the signature covers the first n-2 name components).
*/
static bool
verifySignature(const Interest& interest, const DigestSha256& sig)
{
if (interest.getName().size() < 2)
return false;
const Name& name = interest.getName();
return verifySignature(name.wireEncode().value(),
name.wireEncode().value_size() - name[-1].size(),
sig);
}
static rpmRC
rpmVerifySignature(rpmKeyring keyring, struct rpmsinfo_s *sinfo,
DIGEST_CTX ctx, char ** result)
{
rpmRC res = RPMRC_FAIL;
if (sinfo->type == RPMSIG_DIGEST_TYPE)
res = verifyDigest(sinfo, ctx, result);
else if (sinfo->type == RPMSIG_SIGNATURE_TYPE)
res = verifySignature(keyring, sinfo, ctx, result);
return res;
}
/** @brief Verify the interest using the publicKey against the SHA256-RSA signature.
*
* (Note the signature covers the first n-2 name components).
*/
static bool
verifySignature(const Interest& interest,
const Signature& sig,
const v1::PublicKey& publicKey)
{
if (interest.getName().size() < 2)
return false;
const Name& name = interest.getName();
return verifySignature(name.wireEncode().value(),
name.wireEncode().value_size() - name[-1].size(),
sig, publicKey);
}
rpmRC
rpmVerifySignature(rpmKeyring keyring, rpmtd sigtd, pgpDigParams sig,
DIGEST_CTX ctx, char ** result)
{
rpmRC res = RPMRC_NOTFOUND;
char *msg = NULL;
int hdrsig = 0;
if (sigtd->data == NULL || sigtd->count <= 0 || ctx == NULL)
goto exit;
switch (sigtd->tag) {
case RPMSIGTAG_MD5:
res = verifyMD5Digest(sigtd, ctx, &msg);
break;
case RPMSIGTAG_SHA1:
res = verifySHA1Digest(sigtd, ctx, &msg);
break;
case RPMSIGTAG_RSA:
case RPMSIGTAG_DSA:
hdrsig = 1;
/* fallthrough */
case RPMSIGTAG_PGP5: /* XXX legacy */
case RPMSIGTAG_PGP:
case RPMSIGTAG_GPG:
if (sig != NULL)
res = verifySignature(keyring, sig, ctx, hdrsig, &msg);
break;
default:
break;
}
exit:
if (res == RPMRC_NOTFOUND) {
rasprintf(&msg,
_("Verify signature: BAD PARAMETERS (%d %p %d %p %p)\n"),
sigtd->tag, sigtd->data, sigtd->count, ctx, sig);
res = RPMRC_FAIL;
}
if (result) {
*result = msg;
} else {
free(msg);
}
return res;
}
Texture* TextureReader::read()
{
verifySignature(reader);
initialisePNGReader(reader);
const unsigned char* data = readImageData();
const unsigned int width = png_get_image_width(_png, _pngInfo);
const unsigned int height = png_get_image_height(_png, _pngInfo);
_data = (GLubyte*)data;
Texture* texture = new Texture(_data, width, height, 0);
texture->setData(data);
delete[] data;
png_destroy_read_struct(&_png, &_pngInfo, NULL);
return texture;
}
//License interface implementation
bool ODRLLicense::authorize(char* p_Permission, UserContext* p_Principal, char* p_Resource, OctetString* p_KeyBlob)
{
XMLDocument* pLicenseDoc = NULL;
bool isValidLicense = true;
try
{
// Create and Parse the XMLDocument
pLicenseDoc = new XMLDocument();
if (pLicenseDoc == NULL)
{
gLogger->logError("ODRLLicense::authorize : Unable to alloc mem for XMLDocument.");
throw EXCEPTION(Exception::UNEXPECTED_CONDITION);
}
//parse the XML license
bool goodDocument = pLicenseDoc->decode(getBytes(), "o-ex:rights");
if (!goodDocument)
{
gLogger->logError("ODRLLicense::authorize : Error parsing License XML.");
throw EXCEPTION(Exception::UNEXPECTED_CONDITION);
}
//verify the signature
if (!verifySignature(pLicenseDoc, p_Principal)) throw EXCEPTION(Exception::UNEXPECTED_CONDITION);
//verify the permissions
if (!verifyPermissions(pLicenseDoc, p_Permission)) throw EXCEPTION(Exception::UNEXPECTED_CONDITION);
//extract the key from the license, if one is there
if (!extractEncryptedKey(pLicenseDoc, p_Principal, p_KeyBlob)) throw EXCEPTION(Exception::UNEXPECTED_CONDITION);
}
catch (Exception&)
{
//TODO: eventually will rethrow
isValidLicense = false;
}
if (pLicenseDoc) delete pLicenseDoc;
return isValidLicense;
}
int FLDigiDoc::verifySignatureData(const QByteArray &data, QByteArray &signResult,
const QString &certfile)
{
X509 *pCert = 0;
int err = ReadCertificate(&pCert, certfile.latin1());
if (!err && pCert) {
int sigLen = SIGNATURE_LEN;
byte buf[sigLen * sizeof(char)];
byte buf1[sigLen * sizeof(char) * 2];
err = verifySignature((const char *)data, data.size() * sizeof(char),
DIGEST_SHA1, buf, sigLen, pCert);
signResult = encodeBase64(buf, SIGNATURE_LEN);
}
if (pCert) {
X509_free(pCert);
pCert = 0;
}
return err;
}
bool verifySignatures(struct mesgPackage mesg) {
char certfile[50];
bool verify;
for (int i = 1; i <= num_hosts; i++) {
if (mesg.pid[i] == 1) {
printf("verifying message for pid = %d\n", i);
strcpy(certfile, "./keys/");
strcat(certfile, hostnames[i]);
strcat(certfile, ".crt");
printf("certfile is %s\n", certfile);
verify = verifySignature(mesg.message, mesg.signatures[i], certfile);
if (!verify) {
printf("Verification Failed for pid=%d\n", i);
return verify;
}else{
printf("Signature Verified OK! for pid=%d\n", i);
}
}
}
return verify;
}
NvPairingManager::PairState
NvPairingManager::pair(QString appVersion, QString pin)
{
int serverMajorVersion = NvHTTP::parseQuad(appVersion).at(0);
qInfo() << "Pairing with server generation:" << serverMajorVersion;
QCryptographicHash::Algorithm hashAlgo;
int hashLength;
if (serverMajorVersion >= 7)
{
// Gen 7+ uses SHA-256 hashing
hashAlgo = QCryptographicHash::Sha256;
hashLength = 32;
}
else
{
// Prior to Gen 7 uses SHA-1 hashing
hashAlgo = QCryptographicHash::Sha1;
hashLength = 20;
}
QByteArray salt = generateRandomBytes(16);
QByteArray saltedPin = saltPin(salt, pin);
AES_KEY encKey, decKey;
AES_set_decrypt_key(reinterpret_cast<const unsigned char*>(QCryptographicHash::hash(saltedPin, hashAlgo).data()), 128, &decKey);
AES_set_encrypt_key(reinterpret_cast<const unsigned char*>(QCryptographicHash::hash(saltedPin, hashAlgo).data()), 128, &encKey);
QString getCert = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp,
"pair",
"devicename=roth&updateState=1&phrase=getservercert&salt=" +
salt.toHex() + "&clientcert=" + IdentityManager::get()->getCertificate().toHex(),
false);
NvHTTP::verifyResponseStatus(getCert);
if (NvHTTP::getXmlString(getCert, "paired") != "1")
{
qCritical() << "Failed pairing at stage #1";
return PairState::FAILED;
}
QByteArray serverCert = NvHTTP::getXmlStringFromHex(getCert, "plaincert");
if (serverCert == nullptr)
{
qCritical() << "Server likely already pairing";
m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true);
return PairState::ALREADY_IN_PROGRESS;
}
QByteArray randomChallenge = generateRandomBytes(16);
QByteArray encryptedChallenge = encrypt(randomChallenge, &encKey);
QString challengeXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp,
"pair",
"devicename=roth&updateState=1&clientchallenge=" +
encryptedChallenge.toHex(),
true);
NvHTTP::verifyResponseStatus(challengeXml);
if (NvHTTP::getXmlString(challengeXml, "paired") != "1")
{
qCritical() << "Failed pairing at stage #2";
m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true);
return PairState::FAILED;
}
QByteArray challengeResponseData = decrypt(m_Http.getXmlStringFromHex(challengeXml, "challengeresponse"), &decKey);
QByteArray clientSecretData = generateRandomBytes(16);
QByteArray challengeResponse;
QByteArray serverResponse(challengeResponseData.data(), hashLength);
#if (OPENSSL_VERSION_NUMBER < 0x10002000L)
ASN1_BIT_STRING *asnSignature = m_Cert->signature;
#elif (OPENSSL_VERSION_NUMBER < 0x10100000L)
ASN1_BIT_STRING *asnSignature;
X509_get0_signature(&asnSignature, NULL, m_Cert);
#else
const ASN1_BIT_STRING *asnSignature;
X509_get0_signature(&asnSignature, NULL, m_Cert);
#endif
challengeResponse.append(challengeResponseData.data() + hashLength, 16);
challengeResponse.append(reinterpret_cast<char*>(asnSignature->data), asnSignature->length);
challengeResponse.append(clientSecretData);
QByteArray encryptedChallengeResponseHash = encrypt(QCryptographicHash::hash(challengeResponse, hashAlgo), &encKey);
QString respXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp,
"pair",
"devicename=roth&updateState=1&serverchallengeresp=" +
encryptedChallengeResponseHash.toHex(),
true);
NvHTTP::verifyResponseStatus(respXml);
if (NvHTTP::getXmlString(respXml, "paired") != "1")
{
qCritical() << "Failed pairing at stage #3";
m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true);
return PairState::FAILED;
}
QByteArray pairingSecret = NvHTTP::getXmlStringFromHex(respXml, "pairingsecret");
QByteArray serverSecret = QByteArray(pairingSecret.data(), 16);
QByteArray serverSignature = QByteArray(&pairingSecret.data()[16], 256);
if (!verifySignature(serverSecret,
serverSignature,
serverCert))
{
qCritical() << "MITM detected";
m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true);
return PairState::FAILED;
}
QByteArray expectedResponseData;
expectedResponseData.append(randomChallenge);
expectedResponseData.append(getSignatureFromPemCert(serverCert));
expectedResponseData.append(serverSecret);
if (QCryptographicHash::hash(expectedResponseData, hashAlgo) != serverResponse)
{
qCritical() << "Incorrect PIN";
m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true);
return PairState::PIN_WRONG;
}
QByteArray clientPairingSecret;
clientPairingSecret.append(clientSecretData);
clientPairingSecret.append(signMessage(clientSecretData));
QString secretRespXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp,
"pair",
"devicename=roth&updateState=1&clientpairingsecret=" +
clientPairingSecret.toHex(),
true);
NvHTTP::verifyResponseStatus(secretRespXml);
if (NvHTTP::getXmlString(secretRespXml, "paired") != "1")
{
qCritical() << "Failed pairing at stage #4";
m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true);
return PairState::FAILED;
}
QString pairChallengeXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttps,
"pair",
"devicename=roth&updateState=1&phrase=pairchallenge",
true);
NvHTTP::verifyResponseStatus(pairChallengeXml);
if (NvHTTP::getXmlString(pairChallengeXml, "paired") != "1")
{
qCritical() << "Failed pairing at stage #5";
m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true);
return PairState::FAILED;
}
return PairState::PAIRED;
}
int main( int argc, char *argv[]) {
PKCS7 *p7;
PKCS7_SIGNER_INFO *si;
X509_STORE_CTX cert_ctx;
X509_STORE *cert_store=NULL;
BIO *data = NULL, *p7bio=NULL;
BIO *signature = NULL;
int cmd=-1;
char *infile=NULL;
/* char *outfile=NULL; */
char *certfile=NULL;
char *keyfile=NULL;
char *key=NULL;
int nodetach=0;
char *datafile = NULL;
char *outfile = NULL;
char *signaturefile = NULL;
char buf[1024*4];
char **pp = NULL;
int badops=0, outdata=0, err=0, version=0, i;
/* default certificates dir */
/* char *certsdir="/usr/local/OpenCA/certs"; */
/* default certificates file */
/* char *certsfile="/usr/local/OpenCA/cacert.pem"; */
char *certsdir = NULL;
char *certsfile = NULL;
STACK_OF(PKCS7_SIGNER_INFO) *sk;
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
#ifndef NO_MD5
EVP_add_digest(EVP_md5());
#endif
#ifndef NO_SHA1
EVP_add_digest(EVP_sha1());
#endif
if( argc <= 1 ) {
printVersion( bio_err, INFO );
printf("ERROR: needed command and arguments missing\n\n");
badops=1;
goto badops;
}
if( ( cmd = getCommand( argc, argv ) ) == -1 ) {
printVersion( bio_err, INFO );
printf("ERROR: unknown command %s\n\n", argv[1] );
badops=1;
goto badops;
}
if( argc >= 1 ) {
argc--;
argv++;
if( argc <= 1 )
{
printVersion( bio_err, INFO );
printf("ERROR: needed at least one argument!\n\n" );
badops=1;
goto badops;
}
}
while (argc > 1) {
argc--;
argv++;
if (strcmp(*argv,"-verbose") == 0)
{
verbose=1;
}
else if (strcmp(*argv,"-print_data") == 0)
{
outdata=1;
}
else if (strcmp(*argv,"-no_chain") == 0)
{
chainVerify=0;
}
else if (strcmp(*argv,"-data") == 0)
{
if (--argc < 1) goto bad;
datafile= *( ++argv );
}
else if (strcmp(*argv,"-d") == 0)
{
/* Present for compatibility reasons ... */
if (--argc < 1) goto bad;
datafile= *( ++argv );
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *( ++argv );
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *( ++argv );
}
else if (strcmp(*argv,"-cd") == 0)
{
if (--argc < 1) goto bad;
certsdir = *(++argv);
}
else if (strcmp(*argv,"-cf") == 0)
{
if (--argc < 1) goto bad;
certsfile = *( ++argv );
}
else if (strcmp(*argv,"-cert") == 0)
{
if (--argc < 1) goto bad;
certfile = *( ++argv );
}
else if (strcmp(*argv,"-keyfile") == 0)
{
if (--argc < 1) goto bad;
keyfile = *( ++argv );
}
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
key = *( ++argv );
}
else if (strcmp(*argv,"-nd") == 0)
{
nodetach=1;
}
else if (strcmp(*argv,"-h") == 0)
{
badops=1;
break;
}
else
{
if( argc == 2 ) {
datafile = *argv;
argc--;
continue;
}
bad:
printVersion( bio_err, INFO );
BIO_printf(bio_err,"ERROR: unknown option %s\n\n",*argv);
badops=1;
break;
}
}
badops:
if (badops) {
for (pp=usage; (*pp != NULL); pp++)
BIO_printf(bio_err,*pp);
exit(1);
}
if( cmd == 1 ) {
generateSignature( verbose, infile, outfile, certfile, keyfile, key, nodetach );
} else if ( cmd == 2 )
{
verifySignature( verbose, infile, outfile, outdata,
chainVerify, datafile, certsdir, certsfile);
}
else if ( cmd == 3 )
{
sign2nd( verbose, infile, outfile, datafile, outdata );
}
exit(0);
}
void
ValidatorRegex::checkPolicy(const Data& data,
int nSteps,
const OnDataValidated& onValidated,
const OnDataValidationFailed& onValidationFailed,
vector<shared_ptr<ValidationRequest> >& nextSteps)
{
if (m_stepLimit == nSteps)
return onValidationFailed(data.shared_from_this(),
"Maximum steps of validation reached: " +
data.getName().toUri());
for (RuleList::iterator it = m_mustFailVerify.begin();
it != m_mustFailVerify.end();
it++)
if ((*it)->satisfy(data))
return onValidationFailed(data.shared_from_this(),
"Comply with mustFail policy: " +
data.getName().toUri());
for (RuleList::iterator it = m_verifyPolicies.begin();
it != m_verifyPolicies.end();
it++)
{
if ((*it)->satisfy(data))
{
try
{
SignatureSha256WithRsa sig(data.getSignature());
Name keyLocatorName = sig.getKeyLocator().getName();
shared_ptr<const Certificate> trustedCert;
if (m_trustAnchors.end() == m_trustAnchors.find(keyLocatorName))
trustedCert = m_certificateCache->getCertificate(keyLocatorName);
else
trustedCert = m_trustAnchors[keyLocatorName];
if (static_cast<bool>(trustedCert))
{
if (verifySignature(data, sig, trustedCert->getPublicKeyInfo()))
return onValidated(data.shared_from_this());
else
return onValidationFailed(data.shared_from_this(),
"Cannot verify signature: " +
data.getName().toUri());
}
else
{
// KeyLocator is not a trust anchor
OnDataValidated onKeyValidated =
bind(&ValidatorRegex::onCertificateValidated, this, _1,
data.shared_from_this(), onValidated, onValidationFailed);
OnDataValidationFailed onKeyValidationFailed =
bind(&ValidatorRegex::onCertificateValidationFailed, this, _1, _2,
data.shared_from_this(), onValidationFailed);
Interest interest(sig.getKeyLocator().getName());
shared_ptr<ValidationRequest> nextStep =
make_shared<ValidationRequest>(interest,
onKeyValidated,
onKeyValidationFailed,
3,
nSteps + 1);
nextSteps.push_back(nextStep);
return;
}
}
catch (SignatureSha256WithRsa::Error& e)
{
return onValidationFailed(data.shared_from_this(),
"Not SignatureSha256WithRsa signature: " +
data.getName().toUri());
}
catch (KeyLocator::Error& e)
{
return onValidationFailed(data.shared_from_this(),
"Key Locator is not a name: " +
data.getName().toUri());
}
}
}
return onValidationFailed(data.shared_from_this(),
"No policy found for data: " + data.getName().toUri());
}
int gs_pair(PSERVER_DATA server, char* pin) {
int ret = GS_OK;
char* result = NULL;
char url[4096];
uuid_t uuid;
char uuid_str[37];
if (server->paired) {
gs_error = "Already paired";
return GS_WRONG_STATE;
}
if (server->currentGame != 0) {
gs_error = "The computer is currently in a game. You must close the game before pairing";
return GS_WRONG_STATE;
}
unsigned char salt_data[16];
char salt_hex[33];
RAND_bytes(salt_data, 16);
bytes_to_hex(salt_data, salt_hex, 16);
uuid_generate_random(uuid);
uuid_unparse(uuid, uuid_str);
sprintf(url, "http://%s:47989/pair?uniqueid=%s&uuid=%s&devicename=roth&updateState=1&phrase=getservercert&salt=%s&clientcert=%s", server->address, unique_id, uuid_str, salt_hex, cert_hex);
PHTTP_DATA data = http_create_data();
if (data == NULL)
return GS_OUT_OF_MEMORY;
else if ((ret = http_request(url, data)) != GS_OK)
goto cleanup;
if ((ret = xml_search(data->memory, data->size, "paired", &result)) != GS_OK)
goto cleanup;
if (strcmp(result, "1") != 0) {
gs_error = "Pairing failed";
ret = GS_FAILED;
goto cleanup;
}
free(result);
result = NULL;
if ((ret = xml_search(data->memory, data->size, "plaincert", &result)) != GS_OK)
goto cleanup;
if (strlen(result)/2 > 8191) {
gs_error = "Server certificate too big";
ret = GS_FAILED;
goto cleanup;
}
char plaincert[8192];
for (int count = 0; count < strlen(result); count += 2) {
sscanf(&result[count], "%2hhx", &plaincert[count / 2]);
}
plaincert[strlen(result)/2] = '\0';
printf("%d / %d\n", strlen(result)/2, strlen(plaincert));
unsigned char salt_pin[20];
unsigned char aes_key_hash[32];
AES_KEY enc_key, dec_key;
memcpy(salt_pin, salt_data, 16);
memcpy(salt_pin+16, pin, 4);
int hash_length = server->serverMajorVersion >= 7 ? 32 : 20;
if (server->serverMajorVersion >= 7)
SHA256(salt_pin, 20, aes_key_hash);
else
SHA1(salt_pin, 20, aes_key_hash);
AES_set_encrypt_key((unsigned char *)aes_key_hash, 128, &enc_key);
AES_set_decrypt_key((unsigned char *)aes_key_hash, 128, &dec_key);
unsigned char challenge_data[16];
unsigned char challenge_enc[16];
char challenge_hex[33];
RAND_bytes(challenge_data, 16);
AES_encrypt(challenge_data, challenge_enc, &enc_key);
bytes_to_hex(challenge_enc, challenge_hex, 16);
uuid_generate_random(uuid);
uuid_unparse(uuid, uuid_str);
sprintf(url, "http://%s:47989/pair?uniqueid=%s&uuid=%s&devicename=roth&updateState=1&clientchallenge=%s", server->address, unique_id, uuid_str, challenge_hex);
if ((ret = http_request(url, data)) != GS_OK)
goto cleanup;
free(result);
result = NULL;
if ((ret = xml_search(data->memory, data->size, "paired", &result)) != GS_OK)
goto cleanup;
if (strcmp(result, "1") != 0) {
gs_error = "Pairing failed";
ret = GS_FAILED;
goto cleanup;
}
free(result);
result = NULL;
if (xml_search(data->memory, data->size, "challengeresponse", &result) != GS_OK) {
ret = GS_INVALID;
goto cleanup;
}
char challenge_response_data_enc[48];
char challenge_response_data[48];
for (int count = 0; count < strlen(result); count += 2) {
sscanf(&result[count], "%2hhx", &challenge_response_data_enc[count / 2]);
}
for (int i = 0; i < 48; i += 16) {
AES_decrypt(&challenge_response_data_enc[i], &challenge_response_data[i], &dec_key);
}
char client_secret_data[16];
RAND_bytes(client_secret_data, 16);
char challenge_response[16 + 256 + 16];
char challenge_response_hash[32];
char challenge_response_hash_enc[32];
char challenge_response_hex[65];
memcpy(challenge_response, challenge_response_data + hash_length, 16);
memcpy(challenge_response + 16, cert->signature->data, 256);
memcpy(challenge_response + 16 + 256, client_secret_data, 16);
if (server->serverMajorVersion >= 7)
SHA256(challenge_response, 16 + 256 + 16, challenge_response_hash);
else
SHA1(challenge_response, 16 + 256 + 16, challenge_response_hash);
for (int i = 0; i < 32; i += 16) {
AES_encrypt(&challenge_response_hash[i], &challenge_response_hash_enc[i], &enc_key);
}
bytes_to_hex(challenge_response_hash_enc, challenge_response_hex, 32);
uuid_generate_random(uuid);
uuid_unparse(uuid, uuid_str);
sprintf(url, "http://%s:47989/pair?uniqueid=%s&uuid=%s&devicename=roth&updateState=1&serverchallengeresp=%s", server->address, unique_id, uuid_str, challenge_response_hex);
if ((ret = http_request(url, data)) != GS_OK)
goto cleanup;
free(result);
result = NULL;
if ((ret = xml_search(data->memory, data->size, "paired", &result)) != GS_OK)
goto cleanup;
if (strcmp(result, "1") != 0) {
gs_error = "Pairing failed";
ret = GS_FAILED;
goto cleanup;
}
free(result);
result = NULL;
if (xml_search(data->memory, data->size, "pairingsecret", &result) != GS_OK) {
ret = GS_INVALID;
goto cleanup;
}
char pairing_secret[16 + 256];
for (int count = 0; count < strlen(result); count += 2) {
sscanf(&result[count], "%2hhx", &pairing_secret[count / 2]);
}
if (!verifySignature(pairing_secret, 16, pairing_secret+16, 256, plaincert)) {
gs_error = "MITM attack detected";
ret = GS_FAILED;
goto cleanup;
}
unsigned char *signature = NULL;
size_t s_len;
if (sign_it(client_secret_data, 16, &signature, &s_len, privateKey) != GS_OK) {
gs_error = "Failed to sign data";
ret = GS_FAILED;
goto cleanup;
}
char client_pairing_secret[16 + 256];
char client_pairing_secret_hex[(16 + 256) * 2 + 1];
memcpy(client_pairing_secret, client_secret_data, 16);
memcpy(client_pairing_secret + 16, signature, 256);
bytes_to_hex(client_pairing_secret, client_pairing_secret_hex, 16 + 256);
uuid_generate_random(uuid);
uuid_unparse(uuid, uuid_str);
sprintf(url, "http://%s:47989/pair?uniqueid=%s&uuid=%s&devicename=roth&updateState=1&clientpairingsecret=%s", server->address, unique_id, uuid_str, client_pairing_secret_hex);
if ((ret = http_request(url, data)) != GS_OK)
goto cleanup;
free(result);
result = NULL;
if ((ret = xml_search(data->memory, data->size, "paired", &result)) != GS_OK)
goto cleanup;
if (strcmp(result, "1") != 0) {
gs_error = "Pairing failed";
ret = GS_FAILED;
goto cleanup;
}
uuid_generate_random(uuid);
uuid_unparse(uuid, uuid_str);
sprintf(url, "https://%s:47984/pair?uniqueid=%s&uuid=%s&devicename=roth&updateState=1&phrase=pairchallenge", server->address, unique_id, uuid_str);
if ((ret = http_request(url, data)) != GS_OK)
goto cleanup;
free(result);
result = NULL;
if ((ret = xml_search(data->memory, data->size, "paired", &result)) != GS_OK)
goto cleanup;
if (strcmp(result, "1") != 0) {
gs_error = "Pairing failed";
ret = GS_FAILED;
goto cleanup;
}
server->paired = true;
cleanup:
if (ret != GS_OK)
gs_unpair(server);
if (result != NULL)
free(result);
http_free_data(data);
return ret;
}
int main(){
// printf("Testing RSA functions with EVP_DigestSign and EVP_DigestVerify\n");
char response[1000];
OpenSSL_add_all_algorithms();
/* Sign and Verify HMAC keys */
EVP_PKEY *skey = NULL, *vkey = NULL;
int rc = make_keys(&skey, &vkey);
assert(rc == 0);
if(rc != 0)
exit(1);
assert(skey != NULL);
if(skey == NULL)
exit(1);
assert(vkey != NULL);
if(vkey == NULL)
exit(1);
DH *privkey=createPubkey();
//char *dh_param_pub=BN_bn2dec(privkey->pub_key);
const byte *msg = BN_bn2dec(privkey->pub_key);//msg contains dh_param_pub
printf("DH public key Generated:%s \n",msg);
byte* sig = NULL;
size_t slen = 0;
sock=establishConnection();
int i=0;
//int count = split(data1, "$", tokens);
sendMsg(sock,msg);
if( recv(sock, response , 6000 , 0) < 0)
{
puts("recv failed");
}
printf("Recieved Successfully:length of data=%d \n",(int)strlen(response));
printf("DH public key Recieved:%s \n",response);
//printf("Sent Successfully: length of data=%d\n",sumSend);
char *pubkey=response;
struct sec s=performDH(pubkey,privkey);
printf("Shared key is:%s\n ",s.value);
puts("The DH Key is");
BIO_dump_fp(stdout, s.value, s.length);
//free(msg);
verifySignature(sock,msg);
if(sig)
OPENSSL_free(sig);
if(skey)
EVP_PKEY_free(skey);
if(vkey)
EVP_PKEY_free(vkey);
return 0;
}
bool RippleAddress::verifySignature(uint256 const& hash, const std::string& strSig) const
{
Blob vchSig(strSig.begin(), strSig.end());
return(verifySignature(hash, vchSig));
}
/// @brief Verify the blob against the SHA256 signature.
static bool
verifySignature(const Buffer& blob, const DigestSha256& sig)
{
return verifySignature (blob.buf(), blob.size(), sig);
}
/// @brief Verify the blob using the publicKey against the signature.
static bool
verifySignature(const Buffer& blob, const Signature& sig, const v1::PublicKey& publicKey)
{
return verifySignature(blob.buf(), blob.size(), sig, publicKey);
}
