int SparkProtocol::handshake(void) { memcpy(queue + 40, device_id, 12); int err = blocking_receive(queue, 40); if (0 > err) return err; parse_device_pubkey_from_privkey(queue+52, core_private_key); rsa_context rsa; init_rsa_context_with_public_key(&rsa, server_public_key); const int len = 52+MAX_DEVICE_PUBLIC_KEY_LENGTH; err = rsa_pkcs1_encrypt(&rsa, RSA_PUBLIC, len, queue, queue + len); rsa_free(&rsa); if (err) return err; blocking_send(queue + len, 256); err = blocking_receive(queue, 384); if (0 > err) return err; err = set_key(queue); if (err) return err; queue[0] = 0x00; queue[1] = 0x10; hello(queue + 2, descriptor.was_ota_upgrade_successful()); err = blocking_send(queue, 18); if (0 > err) return err; if (!event_loop()) // read the hello message from the server return -1; return 0; }
int verify_signature(const unsigned char *signature, const unsigned char *pubkey, const unsigned char *expected_hmac) { rsa_context rsa; init_rsa_context_with_public_key(&rsa, pubkey); int ret = rsa_pkcs1_verify(&rsa, RSA_PUBLIC, RSA_RAW, 20, expected_hmac, signature); rsa_free(&rsa); return ret; }
int ciphertext_from_nonce_and_id(const unsigned char *nonce, const unsigned char *id, const unsigned char *pubkey, unsigned char *ciphertext) { unsigned char plaintext[52]; memcpy(plaintext, nonce, 40); memcpy(plaintext + 40, id, 12); rsa_context rsa; init_rsa_context_with_public_key(&rsa, pubkey); int ret = rsa_pkcs1_encrypt(&rsa, RSA_PUBLIC, 52, plaintext, ciphertext); rsa_free(&rsa); return ret; }
int verify_signature(const unsigned char *signature, const unsigned char *pubkey, const unsigned char *expected_hmac) { rsa_context rsa; init_rsa_context_with_public_key(&rsa, pubkey); #ifdef USE_MBEDTLS int ret = mbedtls_rsa_pkcs1_verify(&rsa, mbedtls_default_rng, nullptr, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, 20, expected_hmac, signature); #else int ret = rsa_pkcs1_verify(&rsa, (rsa_mode_t)RSA_PUBLIC, (rsa_hash_id_t)RSA_RAW, 20, expected_hmac, signature); #endif rsa_free(&rsa); return ret; }
int ciphertext_from_nonce_and_id(const unsigned char *nonce, const unsigned char *id, const unsigned char *pubkey, unsigned char *ciphertext) { unsigned char plaintext[52]; memcpy(plaintext, nonce, 40); memcpy(plaintext + 40, id, 12); rsa_context rsa; init_rsa_context_with_public_key(&rsa, pubkey); #ifdef USE_MBEDTLS int ret = mbedtls_rsa_pkcs1_encrypt(&rsa, mbedtls_default_rng, nullptr, MBEDTLS_RSA_PUBLIC, 52, plaintext, ciphertext); #else int ret = rsa_pkcs1_encrypt(&rsa, RSA_PUBLIC, 52, plaintext, ciphertext); #endif rsa_free(&rsa); return ret; }
TEST_FIXTURE(HandshakeFixture, FixturePublicKeyIsValid) { rsa_context rsa; init_rsa_context_with_public_key(&rsa, pubkey); CHECK_EQUAL(0, rsa_check_pubkey(&rsa)); }