コード例 #1
1
//Hardcoding this test code for PSS-SHA1
void RsaPssVerification(unsigned int uKeySize, const unsigned char* pMsg, const unsigned char* pSign,
                       unsigned int E, const unsigned char* pN, const unsigned char* pD)
{
    RSA* pRsaKey = NULL;
    const unsigned char* pDigest = NULL;
    size_t uDigestLen = 20;
    unsigned char EM[512];
    unsigned char signature[512];
    unsigned int uLen = 0;
    int status = 0;

    // Generate an RSA key pair
    pRsaKey = GetRsaKey(E, pN, pD);
    if (pRsaKey) {
        //Use the already hashed input message and compute the PSS padded data with max salt size
        pDigest = pMsg;
        printbin("HASH", pDigest, 20);
        status = RSA_padding_add_PKCS1_PSS(pRsaKey, EM, pDigest, EVP_sha1(), -2);
        printbin("EM", EM, uKeySize);
        if (status == 1)  {
            //Now do Rsa Signature (RSA private encrypt)
            status = RSA_private_encrypt(uKeySize, EM, signature, pRsaKey, RSA_NO_PADDING);
            printbin("Sign", signature, uKeySize);
            if (status != -1) {
                //Now its time to verify the signature using RSA public decryption
                //We could directly use signature, but we are here to verify the signature generated by HW KM1
                uLen = hex2bin(signature, pSign);
                //assert(uLen == uKeySize)
                printbin("Sign", signature, uLen);
                status = RSA_public_decrypt(uKeySize, signature, EM, pRsaKey, RSA_NO_PADDING);
                printbin("EM", EM, uKeySize);
                if (status != -1) {
                    //Verify the data against the message with expecting max salt length from ssignature
                    status = RSA_verify_PKCS1_PSS(pRsaKey, pDigest, EVP_sha1(), EM, -2);
                    if (status == 1) {
                        printf("GREAT: Signature verification successful\n");
                    } else {
                        printf("RSA_verify_PKCS1_PSS failed with error %s\n", ERR_error_string(ERR_get_error(), NULL));
                    }
                } else {
                    printf("RSA_public_decrypt failed with error %s\n", ERR_error_string(ERR_get_error(), NULL));
                }
            } else {
                printf("RSA_private_encrypt failed with error %s\n", ERR_error_string(ERR_get_error(), NULL));
            }
        } else {
            printf("RSA_padding_add_PKCS1_PSS failed with error %s\n", ERR_error_string(ERR_get_error(), NULL));
        }
    }

    if (pRsaKey) {
        RSA_free(pRsaKey);
    }
}
コード例 #2
0
ファイル: ssh-rsa.c プロジェクト: msftguy/openssh-sc
static int
openssh_RSA_verify(int type, u_char *hash, u_int hashlen,
    u_char *sigbuf, u_int siglen, RSA *rsa)
{
	u_int ret, rsasize, oidlen = 0, hlen = 0;
	int len, oidmatch, hashmatch;
	const u_char *oid = NULL;
	u_char *decrypted = NULL;

	ret = 0;
	switch (type) {
	case NID_sha1:
		oid = id_sha1;
		oidlen = sizeof(id_sha1);
		hlen = 20;
		break;
	case NID_md5:
		oid = id_md5;
		oidlen = sizeof(id_md5);
		hlen = 16;
		break;
	default:
		goto done;
	}
	if (hashlen != hlen) {
		error("bad hashlen");
		goto done;
	}
	rsasize = RSA_size(rsa);
	if (siglen == 0 || siglen > rsasize) {
		error("bad siglen");
		goto done;
	}
	decrypted = xmalloc(rsasize);
	if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa,
	    RSA_PKCS1_PADDING)) < 0) {
		error("RSA_public_decrypt failed: %s",
		    ERR_error_string(ERR_get_error(), NULL));
		goto done;
	}
	if (len < 0 || (u_int)len != hlen + oidlen) {
		error("bad decrypted len: %d != %d + %d", len, hlen, oidlen);
		goto done;
	}
	oidmatch = timingsafe_bcmp(decrypted, oid, oidlen) == 0;
	hashmatch = timingsafe_bcmp(decrypted + oidlen, hash, hlen) == 0;
	if (!oidmatch) {
		error("oid mismatch");
		goto done;
	}
	if (!hashmatch) {
		error("hash mismatch");
		goto done;
	}
	ret = 1;
done:
	if (decrypted)
		xfree(decrypted);
	return ret;
}
コード例 #3
0
QString AuthorizationManager::DecryptSSLString(QString encstring, QString pubkey){
  //Convert from the base64 string back into byte array
  QByteArray enc;
    enc.append(encstring);
  enc = QByteArray::fromBase64(enc);
  QByteArray pkey;
    pkey.append(pubkey);
  pkey = QByteArray::fromBase64(pkey);
  //Now start the SSL routine
  /*qDebug() << "Decrypt String:" << "Length:" << enc.length() << enc;
  qDebug() << " - Base64:" << encstring << "Length:" << encstring.length();
  qDebug() << " - pubkey (base64):" << pubkey << "Length:" << pubkey.length();
  qDebug() << " - pubkey:" << pkey << "Length:" << pkey.length();*/
  unsigned char decode[4098] = {};
  RSA *rsa= NULL;
  BIO *keybio = NULL;
  //qDebug() << " - Generate keybio";
  keybio = BIO_new_mem_buf(pkey.data(), -1);
  if(keybio==NULL){ return ""; }
  //qDebug() << " - Read pubkey";
  rsa = PEM_read_bio_RSA_PUBKEY(keybio, &rsa,NULL, NULL);
  if(rsa==NULL){ qDebug() << " - Invalid RSA key!!"; return ""; }
  //qDebug() << " - Decrypt string";
  int len = RSA_public_decrypt(enc.length(), (unsigned char*)(enc.data()), decode, rsa, RSA_PKCS1_PADDING);
  if(len<0){ return ""; }
  else{ return QString( QByteArray( (char*)(decode), len) ); }
}
コード例 #4
0
ファイル: ffi-license.c プロジェクト: joshuaecook/simengine
// RSA decrypting of a block of data in ctext into ptext
// This code assumes the RSA public key is embedded in PEM format in 
// the executable via simlib as 'simatra'
int decode(int clen, unsigned char *ctext, int *plen, unsigned char *ptext){
  RSA *rsa_pub;
  BIO *mem;
  char *keydata;
  int keylen;
  int tmp_clen;
  unsigned char tmp_ctext[KEYLEN];

  // Check for valid sizes and existence of buffers
  if(clen < 0 || clen > B64LEN || NULL == ctext || NULL == ptext){
    return 1;
  }

  // Read in the RSA public key
  if(get_contents_from_archive("", "simatra", &keylen, &keydata)){
    return 2;
  }
  mem = BIO_new_mem_buf(keydata, keylen);
  rsa_pub = PEM_read_bio_RSA_PUBKEY(mem, NULL, NULL, NULL);
  BIO_free(mem);
  if(NULL == rsa_pub){
    return 3;
  }

  // Convert the base64 encoded license to the raw encrypted cipher text form
  base64decode(clen, ctext, &tmp_clen, tmp_ctext);

  // Decrypt the cipher text into plain text
  *plen = RSA_public_decrypt(tmp_clen, tmp_ctext, ptext, rsa_pub, RSA_PKCS1_PADDING);
  if(*plen < 1)
    return 4;

  return 0;
}
コード例 #5
0
ファイル: rsa_cipher.cpp プロジェクト: BobLC/liblogicalaccess
		void RSACipher::decipher(const std::vector<unsigned char>& src, std::vector<unsigned char>& dest, const AsymmetricKey& key, KeyCompound key_compound)
		{
			const RSAKey& rsakey = static_cast<const RSAKey&>(key);

			int len = 0;
			size_t sumlen = 0;
			size_t blen = RSA_size(rsakey.d_rsa.get());

			size_t c = (src.size() / blen) + 1;

			dest.resize(RSA_size(rsakey.d_rsa.get()) * c);

			for (size_t offset = 0; offset < src.size(); offset += blen)
			{
				if (blen + offset > src.size())
				{
					blen = src.size() - offset;
				}

				if (key_compound == KC_PUBLIC)
				{
					len = RSA_public_decrypt(static_cast<int>(blen), &src[offset], &dest[sumlen], rsakey.d_rsa.get(), RSA_PKCS1_PADDING);
				}
				else
				{
					len = RSA_private_decrypt(static_cast<int>(blen), &src[offset], &dest[sumlen], rsakey.d_rsa.get(), RSA_PKCS1_PADDING);
				}

				EXCEPTION_ASSERT_WITH_LOG(len >= 0, OpenSSLException, "RSA public decrypt failed");

				sumlen += len;
			}

			dest.resize(sumlen);
		}
コード例 #6
0
ファイル: DofusRSA.cpp プロジェクト: intermet/GladiaBot
std::vector<byte> DofusRSA::DofusPKeyDecrypt(std::vector<byte> signature)
{
  char * DPKey =(char *) malloc(DofusPublicKey.size());
  strcpy(DPKey, DofusPublicKey.c_str());
  
  BIO *bp_dofus = BIO_new_mem_buf(DPKey, DofusPublicKey.size());
  RSA *my_rsa = PEM_read_bio_RSA_PUBKEY(bp_dofus, NULL, NULL, NULL);

  byte *inputSignature, *outputSignature;
  inputSignature = (byte*) malloc(5000);
  outputSignature = (byte*) malloc(5000);
  inputSignature = reinterpret_cast<byte*> (&signature[0]);
  
  int buflen = RSA_public_decrypt(signature.size(), inputSignature, outputSignature, my_rsa, RSA_PKCS1_PADDING);

  if (buflen == -1)
  {
    char *buferr = new char[120];
    for (int i = 0; i < 120; i++)
        buferr[i] = 0;
    buferr = ERR_error_string(ERR_get_error(), buferr);
    qDebug() << buferr;
    return signature;
  }
  
  std::vector<byte> outputSignatureVector(outputSignature, outputSignature+buflen);
  return outputSignatureVector;
}
コード例 #7
0
ファイル: acs_rsa.c プロジェクト: whlzdy/rastyle
/*
 * rsa public decrypt
*/
char* rsa_decrypt_public(unsigned char *enc,int enc_len,char* private_key_str,int p_len,int *dec_len)
{
    RSA* rsa;
    int rsa_len;
    char *p_de;
    #if 1
   // private_key = rsa_key_seliaze(private_key_str);
    BIO* p_bio = BIO_new_mem_buf(private_key_str, -1);
    rsa = PEM_read_bio_RSAPublicKey(p_bio, NULL, 0, NULL); //
    if ( rsa == NULL ) {
        printf("RSA is NULL\n");
        return NULL;
    }
    #else
    FILE* file=fopen("/tmp/r.key","r");
    rsa=PEM_read_RSA_PUBKEY(file,NULL,NULL,NULL);
    #endif
    rsa_len=RSA_size(rsa);
    p_de=(unsigned char *)calloc(rsa_len+1,1);

    printf("rsa length = %d\n",rsa_len);
    int rc=0;
    rc = RSA_public_decrypt(rsa_len,(unsigned char *)enc,(unsigned char*)p_de,rsa,RSA_PKCS1_PADDING); //RSA_public_decrypt RSA_private_decrypt
    if ( rc<=0 ) {
        int e=ERR_get_error();
        printf("error code is:%s\n",ERR_error_string(e,NULL));
        return NULL;
    }

    RSA_free(rsa);
    printf("plain = %s\n",p_de);
    *dec_len = rc;
    return p_de;
 }
コード例 #8
0
ファイル: rsa_pmeth.c プロジェクト: 2014lh/node-v0.x-archive
static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
                                  unsigned char *rout, size_t *routlen,
                                  const unsigned char *sig, size_t siglen)
{
    int ret;
    RSA_PKEY_CTX *rctx = ctx->data;

    if (rctx->md) {
        if (rctx->pad_mode == RSA_X931_PADDING) {
            if (!setup_tbuf(rctx, ctx))
                return -1;
            ret = RSA_public_decrypt(siglen, sig,
                                     rctx->tbuf, ctx->pkey->pkey.rsa,
                                     RSA_X931_PADDING);
            if (ret < 1)
                return 0;
            ret--;
            if (rctx->tbuf[ret] != RSA_X931_hash_id(EVP_MD_type(rctx->md))) {
                RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
                       RSA_R_ALGORITHM_MISMATCH);
                return 0;
            }
            if (ret != EVP_MD_size(rctx->md)) {
                RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
                       RSA_R_INVALID_DIGEST_LENGTH);
                return 0;
            }
            if (rout)
                memcpy(rout, rctx->tbuf, ret);
        } else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
            size_t sltmp;
            ret = int_rsa_verify(EVP_MD_type(rctx->md),
                                 NULL, 0, rout, &sltmp,
                                 sig, siglen, ctx->pkey->pkey.rsa);
            if (ret <= 0)
                return 0;
            ret = sltmp;
        } else
            return -1;
    } else
        ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
                                 rctx->pad_mode);
    if (ret < 0)
        return ret;
    *routlen = ret;
    return 1;
}
コード例 #9
0
static int
pkey_rsa_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
                const unsigned char *tbs, size_t tbslen)
{
    RSA_PKEY_CTX *rctx = ctx->data;
    RSA *rsa = ctx->pkey->pkey.rsa;
    size_t rslen;

    if (rctx->md) {
        if (rctx->pad_mode == RSA_PKCS1_PADDING)
            return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
                              sig, siglen, rsa);
        if (rctx->pad_mode == RSA_X931_PADDING) {
            if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig,
                                       siglen) <= 0)
                return 0;
        } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
            int ret;

            if (!setup_tbuf(rctx, ctx))
                return -1;
            ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
                                     rsa, RSA_NO_PADDING);
            if (ret <= 0)
                return 0;
            ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, rctx->md,
                                            rctx->mgf1md, rctx->tbuf, rctx->saltlen);
            if (ret <= 0)
                return 0;
            return 1;
        } else
            return -1;
    } else {
        if (!setup_tbuf(rctx, ctx))
            return -1;
        rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa,
                                   rctx->pad_mode);
        if (rslen == 0)
            return 0;
    }

    if (rslen != tbslen || memcmp(tbs, rctx->tbuf, rslen))
        return 0;

    return 1;
}
コード例 #10
0
static int openssl_verify_data(const keymaster_device_t* dev,
        const void* params,
        const uint8_t* keyBlob, const size_t keyBlobLength,
        const uint8_t* signedData, const size_t signedDataLength,
        const uint8_t* signature, const size_t signatureLength) {

    if (signedData == NULL || signature == NULL) {
        ALOGW("data or signature buffers == NULL");
        return -1;
    }

    Unique_EVP_PKEY pkey(unwrap_key(keyBlob, keyBlobLength));
    if (pkey.get() == NULL) {
        return -1;
    }

    if (EVP_PKEY_type(pkey->type) != EVP_PKEY_RSA) {
        ALOGW("Cannot handle non-RSA keys yet");
        return -1;
    }

    keymaster_rsa_sign_params_t* sign_params = (keymaster_rsa_sign_params_t*) params;
    if (sign_params->digest_type != DIGEST_NONE) {
        ALOGW("Cannot handle digest type %d", sign_params->digest_type);
        return -1;
    } else if (sign_params->padding_type != PADDING_NONE) {
        ALOGW("Cannot handle padding type %d", sign_params->padding_type);
        return -1;
    } else if (signatureLength != signedDataLength) {
        ALOGW("signed data length must be signature length");
        return -1;
    }

    Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey.get()));
    if (rsa.get() == NULL) {
        logOpenSSLError("openssl_verify_data");
        return -1;
    }

    UniquePtr<uint8_t> dataPtr(reinterpret_cast<uint8_t*>(malloc(signedDataLength)));
    if (dataPtr.get() == NULL) {
        logOpenSSLError("openssl_verify_data");
        return -1;
    }

    unsigned char* tmp = reinterpret_cast<unsigned char*>(dataPtr.get());
    if (!RSA_public_decrypt(signatureLength, signature, tmp, rsa.get(), RSA_NO_PADDING)) {
        logOpenSSLError("openssl_verify_data");
        return -1;
    }

    int result = 0;
    for (size_t i = 0; i < signedDataLength; i++) {
        result |= tmp[i] ^ signedData[i];
    }

    return result == 0 ? 0 : -1;
}
コード例 #11
0
ファイル: glue.cpp プロジェクト: equinox1993/Smarter-Lock
int Decrypt(int flen, const uint8_t* from, uint8_t* to) {
	if (!rsa)
		return -1;
	
	if (ispub)
		return RSA_public_decrypt(flen, from, to, rsa, RSA_PKCS1_PADDING);
	
	return RSA_private_decrypt(flen, from, to, rsa, RSA_PKCS1_PADDING);
}
コード例 #12
0
	bool HttpAuth::InitPassword(const std::string & strLicense, BIO * pBio)
	{
		if (pBio)
		{
			RSA * pRsa = NULL;
			PEM_read_bio_RSA_PUBKEY(pBio, &pRsa, NULL, NULL);
			if (!pRsa)
			{
				return false;
			}

			std::string strDecodeLic;
			CUtil::Base64DecodeBySSL(strDecodeLic, strLicense);

			unsigned char szBuf[1024] = {0};
			INT32 ret = RSA_public_decrypt((INT32)(strDecodeLic.size()), (const unsigned char *)strDecodeLic.data(), szBuf, pRsa, RSA_PKCS1_PADDING);
			RSA_free(pRsa);
			if (ret <= 0)
			{
				return false;
			}
			
			char  szNamePwdTime[3][256];
			if (sscanf((const char *)szBuf , "%[^:]:%[^:]:%s" , szNamePwdTime[0] , szNamePwdTime[1] , szNamePwdTime[2]) != 3)
			{
				return false;
			}

			time_t now = Timer::GetTime();
			for (CollectionEntrysT::iterator iter = m_vecEntries.begin();iter != m_vecEntries.end();++iter)
			{
				if(iter->nExpireTime < now || CUtil::stricmp(iter->strName.c_str() , szNamePwdTime[0]) == 0)
				{
					iter = m_vecEntries.erase(iter);
				}
				else
				{
					++iter;
				}
			}

			INT64 llExpireTime = CUtil::atoi(szNamePwdTime[2]);
			if (llExpireTime == 0 || llExpireTime > now)
			{
				Entry entry;
				entry.strName = szNamePwdTime[0];
				entry.strPWD = szNamePwdTime[1];
				entry.nExpireTime = llExpireTime;

				m_vecEntries.push_back(entry);

				return true;
			}
		}

		return false;
	}
コード例 #13
0
ファイル: ssh-rsa.c プロジェクト: sambuc/netbsd
static int
openssh_RSA_verify(int hash_alg, u_char *hash, size_t hashlen,
    u_char *sigbuf, size_t siglen, RSA *rsa)
{
	size_t ret, rsasize = 0, oidlen = 0, hlen = 0;
	int len, oidmatch, hashmatch;
	const u_char *oid = NULL;
	u_char *decrypted = NULL;

	ret = SSH_ERR_INTERNAL_ERROR;
	switch (hash_alg) {
	case SSH_DIGEST_SHA1:
		oid = id_sha1;
		oidlen = sizeof(id_sha1);
		hlen = 20;
		break;
	default:
		goto done;
	}
	if (hashlen != hlen) {
		ret = SSH_ERR_INVALID_ARGUMENT;
		goto done;
	}
	rsasize = RSA_size(rsa);
	if (rsasize <= 0 || rsasize > SSHBUF_MAX_BIGNUM ||
	    siglen == 0 || siglen > rsasize) {
		ret = SSH_ERR_INVALID_ARGUMENT;
		goto done;
	}
	if ((decrypted = malloc(rsasize)) == NULL) {
		ret = SSH_ERR_ALLOC_FAIL;
		goto done;
	}
	if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa,
	    RSA_PKCS1_PADDING)) < 0) {
		ret = SSH_ERR_LIBCRYPTO_ERROR;
		goto done;
	}
	if (len < 0 || (size_t)len != hlen + oidlen) {
		ret = SSH_ERR_INVALID_FORMAT;
		goto done;
	}
	oidmatch = timingsafe_bcmp(decrypted, oid, oidlen) == 0;
	hashmatch = timingsafe_bcmp(decrypted + oidlen, hash, hlen) == 0;
	if (!oidmatch || !hashmatch) {
		ret = SSH_ERR_SIGNATURE_INVALID;
		goto done;
	}
	ret = 0;
done:
	if (decrypted) {
		explicit_bzero(decrypted, rsasize);
		free(decrypted);
	}
	return ret;
}
コード例 #14
0
ファイル: checksum.c プロジェクト: senseisimple/emulab-stable
static void
decrypt_checksum(unsigned char *alleged_sum)
{
	unsigned char raw_sum[CSUM_MAX_LEN];

	memcpy(raw_sum, alleged_sum, CSUM_MAX_LEN);
	memset(alleged_sum, '\0', CSUM_MAX_LEN);
	RSA_public_decrypt(sizeof(raw_sum), raw_sum, alleged_sum,
			   signature_key, RSA_PKCS1_PADDING);
}
コード例 #15
0
ファイル: test_rsa.c プロジェクト: dariaphoebe/heimdal
static void
check_rsa(const unsigned char *in, size_t len, RSA *rsa, int padding)
{
    unsigned char *res, *res2;
    int keylen;

    res = malloc(RSA_size(rsa));
    if (res == NULL)
	errx(1, "res: ENOMEM");

    res2 = malloc(RSA_size(rsa));
    if (res2 == NULL)
	errx(1, "res2: ENOMEM");

    /* signing */

    keylen = RSA_private_encrypt(len, in, res, rsa, padding);
    if (keylen <= 0)
	errx(1, "failed to private encrypt: %d %d", (int)len, (int)keylen);

    if (keylen > RSA_size(rsa))
	errx(1, "keylen > RSA_size(rsa)");

    keylen = RSA_public_decrypt(keylen, res, res2, rsa, padding);
    if (keylen <= 0)
	errx(1, "failed to public decrypt: %d", (int)keylen);

    if (keylen != len)
	errx(1, "output buffer not same length: %d", (int)keylen);

    if (memcmp(res2, in, len) != 0)
	errx(1, "string not the same after decryption");

    /* encryption */

    keylen = RSA_public_encrypt(len, in, res, rsa, padding);
    if (keylen <= 0)
	errx(1, "failed to public encrypt: %d", (int)keylen);

    if (keylen > RSA_size(rsa))
	errx(1, "keylen > RSA_size(rsa)");

    keylen = RSA_private_decrypt(keylen, res, res2, rsa, padding);
    if (keylen <= 0)
	errx(1, "failed to private decrypt: %d", (int)keylen);

    if (keylen != len)
	errx(1, "output buffer not same length: %d", (int)keylen);

    if (memcmp(res2, in, len) != 0)
	errx(1, "string not the same after decryption");

    free(res);
    free(res2);
}
コード例 #16
0
ファイル: crypto.c プロジェクト: Bytewerk/uClinux-ipcam
static int decode_header_info(struct header *hdr, RSA *pkey, int *img_len)
{
	struct little_header lhdr;

	/* Decode header information */
	if (fb_seek_end(sizeof(lhdr)) != 0) {
		error("image not cryptographically enabled");
		exit(NO_CRYPT);
	}
	fb_read(&lhdr, sizeof(lhdr));
	if (lhdr.magic != htons(LITTLE_CRYPTO_MAGIC)) {
#ifdef CONFIG_USER_NETFLASH_CRYPTO_OPTIONAL
		notice("WARNING: no crypto header found\n");
		return 0;
#else
		error("size magic incorrect");
		exit(BAD_CRYPT_MAGIC);
#endif
	}
	{
		unsigned short hlen = ntohs(lhdr.hlen);
		unsigned char tmp[hlen];
		unsigned char t2[hlen];
		int len;

		if (fb_seek_end(sizeof(lhdr) + hlen) != 0) {
			error("crypt header length invalid");
			exit(BAD_CRYPT_LEN);
		}
		fb_read(tmp, hlen);
#ifdef CONFIG_USER_NETFLASH_CRYPTO_V2
		fb_meta_add(sizeof(lhdr) + hlen);
		*img_len = fb_len() - fb_meta_len();
#else
		fb_trim(sizeof(lhdr) + hlen);
		*img_len = fb_len();
#endif
		len = RSA_public_decrypt(hlen, tmp, t2,
				pkey, RSA_PKCS1_PADDING);
		if (len == -1) {
			error("decrypt failed");
			exit(BAD_DECRYPT);
		}
		if (len != sizeof(struct header)) {
			error("length mismatch %d %d\n", (int)sizeof(struct header), len);
		}
		memcpy(hdr, t2, sizeof(struct header));
	}
	if (hdr->magic != htonl(CRYPTO_MAGIC)) {
		error("image not cryptographically enabled");
		exit(NO_CRYPT);
	}
	return 1;
}
コード例 #17
0
ファイル: crypt.cpp プロジェクト: AltroCoin/altrocoin
int decrypt_public(R_RSA_PUBLIC_KEY& key, DATA_BLOCK& in, DATA_BLOCK& out) {
    int retval;
    RSA* rp = RSA_new();
    public_to_openssl(key, rp);
    retval = RSA_public_decrypt(in.len, in.data, out.data, rp, RSA_PKCS1_PADDING);
    if (retval < 0) {
        RSA_free(rp);
        return ERR_CRYPTO;
    }
    out.len = RSA_size(rp);
    RSA_free(rp);
    return 0;
}
コード例 #18
0
ファイル: rsa.cpp プロジェクト: Ornito/ODFAEG
        unsigned char* Rsa::ossl_decryptWithPbKey (const unsigned char *encData, int dataSize, int &newSize) {
            unsigned char *data = new unsigned char[RSA_size(keypair)];
            newSize = RSA_public_decrypt(RSA_size(keypair), encData, data, keypair, RSA_PKCS1_PADDING);
            if (newSize == -1) {
                char* err = (char*) malloc(130);

                ERR_load_crypto_strings();
                ERR_error_string(ERR_get_error(), err);
                fprintf(stderr, "Error encrypting message: %s\n", err);
                free(err);
                return nullptr;
            }
            return data;
        }
コード例 #19
0
ファイル: ssh-rsa.c プロジェクト: ajinkya93/OpenBSD
static int
openssh_RSA_verify(int hash_alg, u_char *hash, size_t hashlen,
    u_char *sigbuf, size_t siglen, RSA *rsa)
{
	size_t rsasize = 0, oidlen = 0, hlen = 0;
	int ret, len, oidmatch, hashmatch;
	const u_char *oid = NULL;
	u_char *decrypted = NULL;

	if ((ret = rsa_hash_alg_oid(hash_alg, &oid, &oidlen)) != 0)
		return ret;
	ret = SSH_ERR_INTERNAL_ERROR;
	hlen = ssh_digest_bytes(hash_alg);
	if (hashlen != hlen) {
		ret = SSH_ERR_INVALID_ARGUMENT;
		goto done;
	}
	rsasize = RSA_size(rsa);
	if (rsasize <= 0 || rsasize > SSHBUF_MAX_BIGNUM ||
	    siglen == 0 || siglen > rsasize) {
		ret = SSH_ERR_INVALID_ARGUMENT;
		goto done;
	}
	if ((decrypted = malloc(rsasize)) == NULL) {
		ret = SSH_ERR_ALLOC_FAIL;
		goto done;
	}
	if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa,
	    RSA_PKCS1_PADDING)) < 0) {
		ret = SSH_ERR_LIBCRYPTO_ERROR;
		goto done;
	}
	if (len < 0 || (size_t)len != hlen + oidlen) {
		ret = SSH_ERR_INVALID_FORMAT;
		goto done;
	}
	oidmatch = timingsafe_bcmp(decrypted, oid, oidlen) == 0;
	hashmatch = timingsafe_bcmp(decrypted + oidlen, hash, hlen) == 0;
	if (!oidmatch || !hashmatch) {
		ret = SSH_ERR_SIGNATURE_INVALID;
		goto done;
	}
	ret = 0;
done:
	if (decrypted) {
		explicit_bzero(decrypted, rsasize);
		free(decrypted);
	}
	return ret;
}
コード例 #20
0
ファイル: pke.cpp プロジェクト: FollowMyVote/fc
 bytes public_key::decrypt( const bytes& in )const
 {
    FC_ASSERT( my && my->rsa );
    bytes out( RSA_size(my->rsa) );//, char(0) );
    int rtn = RSA_public_decrypt( in.size(),
                                   (unsigned char*)in.data(),
                                   (unsigned char*)out.data(),
                                   my->rsa, RSA_PKCS1_OAEP_PADDING );
    if( rtn >= 0 ) {
       out.resize(rtn);
       return out;
    }
    FC_THROW_EXCEPTION( exception, "openssl: ${message}", ("message",fc::string(ERR_error_string( ERR_get_error(),NULL))) );
 }
コード例 #21
0
ファイル: rsa_key.cpp プロジェクト: Cyarix/freelan
		size_t rsa_key::public_decrypt(void* out, size_t out_len, const void* buf, size_t buf_len, int padding) const
		{
			assert(out_len >= size() - 11);

			if (out_len < size() - 11)
			{
				throw std::invalid_argument("out_len");
			}

			int result = RSA_public_decrypt(static_cast<int>(buf_len), static_cast<const unsigned char*>(buf), static_cast<unsigned char*>(out), ptr().get(), padding);

			throw_error_if_not(result >= 0);

			return result;
		}
コード例 #22
0
ファイル: pke.cpp プロジェクト: BrownBear2/fc
 bool public_decrypt( const char* key, uint32_t key_size, uint32_t pe, const fc::vector<char>& in, fc::vector<char>& out )
 {
     RSA* pub = get_pub( key,key_size/8,pe);
     out.resize(RSA_size(pub));
     int rtn = RSA_public_decrypt( RSA_size(pub), (unsigned char*)&in.front(), (unsigned char*)&out.front(), pub, RSA_PKCS1_OAEP_PADDING );
     RSA_free(pub);
     if( rtn >= 0 )
     {
         out.resize(rtn);
         return true;
     }
     out.resize(0);
     FC_THROW( fc::generic_exception( ERR_error_string( ERR_get_error(), NULL ) ) );
     return false;;
 }
コード例 #23
0
int main() {
    const unsigned char text[] = "hello world";
    unsigned char crypt_text[1024];
    unsigned char decrypt_text[1024 - 11];
    RSA *public_key = NULL;
    RSA *private_key = NULL;
    public_key = RSA_new();
    private_key = RSA_new();
    FILE *fpub = fopen("public_key", "r");
    FILE *fpriv = fopen("private_key", "r");
    printf("text: %s\n", text);
    RSA *ret = PEM_read_RSA_PUBKEY(fpub, &public_key, NULL, NULL);
    printf("pubkey ret: %d\n", ret);
    ret = PEM_read_RSAPrivateKey(fpriv, &private_key, NULL, NULL);
    printf("prikey ret: %d\n", ret);

    //私钥加密,公钥解密
    int num = RSA_private_encrypt(sizeof(text) - 1, text, crypt_text, 
            private_key, RSA_PKCS1_PADDING);
    printf("num: %d\n", num); 
    for (int i = 0; i < num; i++) {
        printf("\\x%02x", crypt_text[i]);
    }

    printf("\ndecrypt\n");
    int decrypt_len = RSA_public_decrypt(num, crypt_text, decrypt_text,
            public_key, RSA_PKCS1_PADDING);
    if (decrypt_len < 0) printf("error: %lu\n", ERR_get_error());
    printf("decrypt_len: %d\n", decrypt_len);
    printf("decrypt text: %s\n", decrypt_text);

    //公钥加密,私钥解密
    num = RSA_public_encrypt(sizeof(text) - 1, text, crypt_text, 
            public_key, RSA_PKCS1_PADDING);
    printf("num: %d\n", num); 
    for (int i = 0; i < num; i++) {
        printf("\\x%02x", crypt_text[i]);
    }

    printf("\ndecrypt\n");
    decrypt_len = RSA_private_decrypt(RSA_size(private_key), crypt_text,
            decrypt_text, private_key, RSA_PKCS1_PADDING);
    if (decrypt_len < 0) printf("error: %lu\n", ERR_get_error());
    printf("decrypt_len: %d\n", decrypt_len);
    printf("decrypt text: %s\n", decrypt_text);

    return 0;
}
コード例 #24
0
ファイル: rsa_public_key.cpp プロジェクト: Peque/tdesktop
	base::byte_vector decrypt(base::const_byte_span data) const {
		Expects(isValid());

		constexpr auto kDecryptSize = 256;
		auto result = base::byte_vector(kDecryptSize, gsl::byte {});
		auto res = RSA_public_decrypt(kDecryptSize, reinterpret_cast<const unsigned char*>(data.data()), reinterpret_cast<unsigned char*>(result.data()), _rsa, RSA_NO_PADDING);
		if (res < 0 || res > kDecryptSize) {
			ERR_load_crypto_strings();
			LOG(("RSA Error: RSA_public_encrypt failed, key fp: %1, result: %2, error: %3").arg(getFingerPrint()).arg(res).arg(ERR_error_string(ERR_get_error(), 0)));
			return base::byte_vector();
		} else if (auto zeroBytes = kDecryptSize - res) {
			auto resultBytes = gsl::make_span(result);
			base::move_bytes(resultBytes.subspan(zeroBytes - res, res), resultBytes.subspan(0, res));
			base::set_bytes(resultBytes.subspan(0, zeroBytes - res), gsl::byte {});
		}
		return result;
	}
コード例 #25
0
ファイル: openssl_crypto.c プロジェクト: agl/OpenPGP-SDK
/**
   \ingroup Core_Crypto
   \brief Recovers message digest from the signature
   \param out Where to write decrypted data to
   \param in Encrypted data
   \param length Length of encrypted data
   \param rsa RSA public key
   \return size of recovered message digest
*/
int ops_rsa_public_decrypt(unsigned char *out,const unsigned char *in,
			   size_t length,const ops_rsa_public_key_t *rsa)
    {
    RSA *orsa;
    int n;

    orsa=RSA_new();
    orsa->n=rsa->n;
    orsa->e=rsa->e;

    n=RSA_public_decrypt(length,in,out,orsa,RSA_NO_PADDING);

    orsa->n=orsa->e=NULL;
    RSA_free(orsa);

    return n;
    }
コード例 #26
0
ファイル: rsa_saos.c プロジェクト: LucidOne/Rovio
int RSA_verify_ASN1_OCTET_STRING(int dtype,
	const unsigned char *m,
	unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
	RSA *rsa)
	{
	int i,ret=0;
	unsigned char *s;
	const unsigned char *p;
	ASN1_OCTET_STRING *sig=NULL;

	if (siglen != (unsigned int)RSA_size(rsa))
		{
		RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_WRONG_SIGNATURE_LENGTH);
		return(0);
		}

	s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
	if (s == NULL)
		{
		RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
		goto err;
		}
	i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);

	if (i <= 0) goto err;

	p=s;
	sig=d2i_ASN1_OCTET_STRING(NULL,&p,(long)i);
	if (sig == NULL) goto err;

	if (	((unsigned int)sig->length != m_len) ||
		(memcmp(m,sig->data,m_len) != 0))
		{
		RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_BAD_SIGNATURE);
		}
	else
		ret=1;
err:
	if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
	if (s != NULL)
		{
		OPENSSL_cleanse(s,(unsigned int)siglen);
		OPENSSL_free(s);
		}
	return(ret);
	}
コード例 #27
0
QByteArray JulyRSA::getSignature(QByteArray data, QByteArray keyArray)
{
	BIO *bioKey = BIO_new(BIO_s_mem());
	BIO_puts(bioKey,keyArray.data());

	RSA *rsa=NULL;
	rsa=PEM_read_bio_RSAPublicKey(bioKey,&rsa,NULL,NULL);

	if(rsa==NULL)
	{
		BIO *errBIO = BIO_new(BIO_s_mem());
		ERR_print_errors(errBIO);
			char *errData;
			long errSize=BIO_get_mem_data(errBIO, &errData);
		QByteArray errorString(errData,errSize);
		BIO_free(errBIO);
		BIO_free(bioKey);
		RSA_free(rsa);
		return QByteArray();
	}
	int rsaSize=RSA_size(rsa);
	int dataLimit=rsaSize;

	QList<QByteArray> dataList;
	int curDataPos=0;
	while(curDataPos<data.size())
	{
		int endPos=curDataPos+dataLimit-1;
		if(endPos>=data.size())endPos=data.size()-1;
		if(curDataPos<=endPos)
			dataList<<data.mid(curDataPos,endPos-curDataPos+1);
		else break;
		curDataPos=endPos+1;
	}
	QByteArray result;
	for(int n=0;n<dataList.count();n++)
	{
	unsigned char *finalData=(unsigned char *)malloc(rsaSize);
	int outSize=RSA_public_decrypt(dataList.at(n).size(), (unsigned char*)dataList.at(n).constData(), finalData, rsa, RSA_PKCS1_PADDING);
	result.append(QByteArray((char *)finalData,outSize));
	free(finalData);
	}
	BIO_free(bioKey);
	RSA_free(rsa);
	return result;
}
コード例 #28
0
ファイル: Configuration.cpp プロジェクト: rrebane/qt-common
bool ConfigurationPrivate::validate(const QByteArray &data, const QByteArray &signature) const
{
	if(!rsa || data.isEmpty())
		return false;

	QByteArray digest(RSA_size(rsa), 0);
	int size = RSA_public_decrypt(signature.size(), (const unsigned char*)signature.constData(),
		(unsigned char*)digest.data(), rsa, RSA_PKCS1_PADDING);
	digest.resize(std::max(size, 0));

	static const QByteArray SHA1_OID = QByteArray::fromHex("3021300906052b0e03021a05000414");
	static const QByteArray SHA224_OID = QByteArray::fromHex("302d300d06096086480165030402040500041c");
	static const QByteArray SHA256_OID = QByteArray::fromHex("3031300d060960864801650304020105000420");
	static const QByteArray SHA384_OID = QByteArray::fromHex("3041300d060960864801650304020205000430");
	static const QByteArray SHA512_OID = QByteArray::fromHex("3051300d060960864801650304020305000440");
	if(digest.startsWith(SHA1_OID))
	{
		if(!digest.endsWith(QCryptographicHash::hash(data, QCryptographicHash::Sha1)))
			return false;
	}
	else if(digest.startsWith(SHA224_OID))
	{
		if(!digest.endsWith(QCryptographicHash::hash(data, QCryptographicHash::Sha224)))
			return false;
	}
	else if(digest.startsWith(SHA256_OID))
	{
		if(!digest.endsWith(QCryptographicHash::hash(data, QCryptographicHash::Sha256)))
			return false;
	}
	else if(digest.startsWith(SHA384_OID))
	{
		if(!digest.endsWith(QCryptographicHash::hash(data, QCryptographicHash::Sha384)))
			return false;
	}
	else if(digest.startsWith(SHA512_OID))
	{
		if(!digest.endsWith(QCryptographicHash::hash(data, QCryptographicHash::Sha512)))
			return false;
	}
	else
		return false;

	QJsonObject obj = QJsonDocument::fromJson(data).object().value("META-INF").toObject();
	return QDateTime::currentDateTimeUtc() > QDateTime::fromString(obj.value("DATE").toString(), "yyyyMMddHHmmss'Z'");
}
コード例 #29
0
ファイル: rsa_verify.c プロジェクト: alkap007/ali3606
int maincode_verify(unsigned int addr, unsigned int len)
{
	int ret = 0;
	struct sto_device *test_flash_dev;
	unsigned long i = 0;
	RSA *r_vfy;
	int flen;
	
	test_flash_dev = (struct sto_device *)dev_get_by_type(NULL, HLD_DEV_TYPE_STO);
	if (test_flash_dev == NULL)
	{
	    libc_printf("Can't find FLASH device!\n");
	}

	//fetch RSA public key in CI+ chunk
	//sys_get_host_key((UINT8 *)&Public_Key, NULL, CIPLUS_KEY_PUBLIC_KEY);
	sys_get_host_key((UINT8 *)pubkey, NULL, CIPLUS_KEY_PUBLIC_KEY);
	
	//fetch maincode signature in CI+ chunk 
	sys_get_host_key((UINT8 *)&rsa_sig, NULL, CIPLUS_KEY_MAINCODE_SIGNATURE);
	
	//rsapublicfunc(addr_output,&addr_outputlen,rsa_sig,0x100,&Public_Key);
	/********replace rsapublicfunc() with OPENSSL function********/
	r_vfy = RSA_new();
	r_vfy->n = BN_new();
	r_vfy->e = BN_new();
	BN_bin2bn(pubkey+4, 256, r_vfy->n);
	BN_bin2bn(pubkey+4+256+256-3, 3, r_vfy->e);
	flen = RSA_size(r_vfy);
	RSA_public_decrypt(flen, rsa_sig, addr_output, r_vfy, RSA_NO_PADDING);
	/*************************************************************/
	
	create_sha((unsigned char *)addr+SYS_FLASH_BASE_ADDR,len,(unsigned long *)signature);//SHA-256
	
	for(i = 0; i < 32; i += 4)
	{
		if((*(unsigned long *)(addr_output + 0xe0 + i)) != (*(unsigned long *)(signature + i)))
		{
			ret = -1;
			break;
		}
	}
	
	return ret;
}
コード例 #30
0
int
RSA_check_key(const RSA *key)
{
    static const unsigned char inbuf[] = "hello, world!";
    RSA *rsa = rk_UNCONST(key);
    void *buffer;
    int ret;

    /*
     * XXX I have no clue how to implement this w/o a bignum library.
     * Well, when we have a RSA key pair, we can try to encrypt/sign
     * and then decrypt/verify.
     */

    if ((rsa->d == NULL || rsa->n == NULL) &&
	(rsa->p == NULL || rsa->q || rsa->dmp1 == NULL || rsa->dmq1 == NULL || rsa->iqmp == NULL))
	return 0;

    buffer = malloc(RSA_size(rsa));
    if (buffer == NULL)
	return 0;

    ret = RSA_private_encrypt(sizeof(inbuf), inbuf, buffer,
			     rsa, RSA_PKCS1_PADDING);
    if (ret == -1) {
	free(buffer);
	return 0;
    }

    ret = RSA_public_decrypt(ret, buffer, buffer,
			      rsa, RSA_PKCS1_PADDING);
    if (ret == -1) {
	free(buffer);
	return 0;
    }

    if (ret == sizeof(inbuf) && ct_memcmp(buffer, inbuf, sizeof(inbuf)) == 0) {
	free(buffer);
	return 1;
    }
    free(buffer);
    return 0;
}