void ValidatorRegex::onCertificateValidated(const shared_ptr<const Data>& signCertificate, const shared_ptr<const Data>& data, const OnDataValidated& onValidated, const OnDataValidationFailed& onValidationFailed) { shared_ptr<IdentityCertificate> certificate = make_shared<IdentityCertificate>(*signCertificate); if (!certificate->isTooLate() && !certificate->isTooEarly()) { m_certificateCache->insertCertificate(certificate); if (verifySignature(*data, certificate->getPublicKeyInfo())) return onValidated(data); else return onValidationFailed(data, "Cannot verify signature: " + data->getName().toUri()); } else { return onValidationFailed(data, "Signing certificate " + signCertificate->getName().toUri() + " is no longer valid."); } }
bool Certificate::verifySignature(RSA *key) { bool res = false; if (!key) return false; if (verified) return true; EVP_PKEY *pkey = EVP_PKEY_new(); if (!pkey) { HAGGLE_ERR("Could not allocate EVP_PKEY\n"); writeErrors(""); return false; } EVP_PKEY_set1_RSA(pkey, key); res = verifySignature(pkey); EVP_PKEY_free(pkey); return res; }
JNIEXPORT jstring JNICALL Java_com_yujunkang_fangxinbao_utility_JniEncrypt_getEncryptString( JNIEnv *env, jobject thiz, jobjectArray params) { int packageVerify = verifyPackageName(env, thiz); if (packageVerify != 0) { //exit(0); //__android_log_write(ANDROID_LOG_DEBUG,"validate_packagename","error"); } else { //__android_log_write(ANDROID_LOG_DEBUG,"validate_packagename","succ"); } int signatureVerify = verifySignature(env, thiz); if (signatureVerify != 0) { //exit(0); //__android_log_write(ANDROID_LOG_DEBUG,"validate_signature","error"); } else { //__android_log_write(ANDROID_LOG_DEBUG,"validate_signature","succ"); } int len = 0; char* joined = malloc(buffsize); strcpy(joined, ""); int size = (*env)->GetArrayLength(env, params); int i = 0; for (i = 0; i < size; i++) { jstring jparam = (jstring)(*env)->GetObjectArrayElement(env, params, i); char* param = (char*) (*env)->GetStringUTFChars(env, jparam, NULL); //__android_log_write(ANDROID_LOG_DEBUG, "tag", param); strcat(joined, param); len = len + strlen(param); } strcat(joined, "~1@)7q^48c96*"); len = len + 13; joined[len] = '\0'; char* md5 = MDString(joined); char* result = malloc(9); result[0] = md5[4]; result[1] = md5[1]; result[2] = md5[16]; result[3] = md5[9]; result[4] = md5[19]; result[5] = md5[30]; result[6] = md5[28]; result[7] = md5[22]; result[8] = '\0'; jstring sid = (*env)->NewStringUTF(env, result); free(joined); free(result); return sid; }
/// @brief Verify the data against the SHA256 signature. static bool verifySignature(const Data& data, const DigestSha256& sig) { return verifySignature(data.wireEncode().value(), data.wireEncode().value_size() - data.getSignature().getValue().size(), sig); }
/// @brief Verify the data using the publicKey against the SHA256-RSA signature. static bool verifySignature(const Data& data, const Signature& sig, const v1::PublicKey& publicKey) { return verifySignature(data.wireEncode().value(), data.wireEncode().value_size() - data.getSignature().getValue().size(), sig, publicKey); }
bool Wagnis::isSignatureValid(const QString &content, const QString &signature) { qDebug() << "Wagnis::isSignatureValid"; RSA* publicRSA = createPublicRSA(PUBLIC_KEY); QByteArray signatureigBase64 = signature.toLatin1(); QByteArray rawData = QByteArray::fromBase64(signatureigBase64); bool authentic; bool result = verifySignature(publicRSA, reinterpret_cast<unsigned char*>(rawData.data()), rawData.length(), content.toStdString().c_str(), content.toStdString().length(), &authentic); return authentic & result; }
inline void readEnum( std::streambuf & istrm, Handler & result, const ReaderFunc & read, const UInt8 beginsig, const UInt8 endsig) { verifySignature(istrm, beginsig); bool done = false; while (!done) { try { result.handle(read(istrm)); } catch (const BadSignatureException& e) { // read threw because we've read all the objects verifySignature(istrm, endsig); done = true; } } }
/** @brief Verify the interest against the SHA256 signature. * * (Note the signature covers the first n-2 name components). */ static bool verifySignature(const Interest& interest, const DigestSha256& sig) { if (interest.getName().size() < 2) return false; const Name& name = interest.getName(); return verifySignature(name.wireEncode().value(), name.wireEncode().value_size() - name[-1].size(), sig); }
static rpmRC rpmVerifySignature(rpmKeyring keyring, struct rpmsinfo_s *sinfo, DIGEST_CTX ctx, char ** result) { rpmRC res = RPMRC_FAIL; if (sinfo->type == RPMSIG_DIGEST_TYPE) res = verifyDigest(sinfo, ctx, result); else if (sinfo->type == RPMSIG_SIGNATURE_TYPE) res = verifySignature(keyring, sinfo, ctx, result); return res; }
/** @brief Verify the interest using the publicKey against the SHA256-RSA signature. * * (Note the signature covers the first n-2 name components). */ static bool verifySignature(const Interest& interest, const Signature& sig, const v1::PublicKey& publicKey) { if (interest.getName().size() < 2) return false; const Name& name = interest.getName(); return verifySignature(name.wireEncode().value(), name.wireEncode().value_size() - name[-1].size(), sig, publicKey); }
rpmRC rpmVerifySignature(rpmKeyring keyring, rpmtd sigtd, pgpDigParams sig, DIGEST_CTX ctx, char ** result) { rpmRC res = RPMRC_NOTFOUND; char *msg = NULL; int hdrsig = 0; if (sigtd->data == NULL || sigtd->count <= 0 || ctx == NULL) goto exit; switch (sigtd->tag) { case RPMSIGTAG_MD5: res = verifyMD5Digest(sigtd, ctx, &msg); break; case RPMSIGTAG_SHA1: res = verifySHA1Digest(sigtd, ctx, &msg); break; case RPMSIGTAG_RSA: case RPMSIGTAG_DSA: hdrsig = 1; /* fallthrough */ case RPMSIGTAG_PGP5: /* XXX legacy */ case RPMSIGTAG_PGP: case RPMSIGTAG_GPG: if (sig != NULL) res = verifySignature(keyring, sig, ctx, hdrsig, &msg); break; default: break; } exit: if (res == RPMRC_NOTFOUND) { rasprintf(&msg, _("Verify signature: BAD PARAMETERS (%d %p %d %p %p)\n"), sigtd->tag, sigtd->data, sigtd->count, ctx, sig); res = RPMRC_FAIL; } if (result) { *result = msg; } else { free(msg); } return res; }
Texture* TextureReader::read() { verifySignature(reader); initialisePNGReader(reader); const unsigned char* data = readImageData(); const unsigned int width = png_get_image_width(_png, _pngInfo); const unsigned int height = png_get_image_height(_png, _pngInfo); _data = (GLubyte*)data; Texture* texture = new Texture(_data, width, height, 0); texture->setData(data); delete[] data; png_destroy_read_struct(&_png, &_pngInfo, NULL); return texture; }
//License interface implementation bool ODRLLicense::authorize(char* p_Permission, UserContext* p_Principal, char* p_Resource, OctetString* p_KeyBlob) { XMLDocument* pLicenseDoc = NULL; bool isValidLicense = true; try { // Create and Parse the XMLDocument pLicenseDoc = new XMLDocument(); if (pLicenseDoc == NULL) { gLogger->logError("ODRLLicense::authorize : Unable to alloc mem for XMLDocument."); throw EXCEPTION(Exception::UNEXPECTED_CONDITION); } //parse the XML license bool goodDocument = pLicenseDoc->decode(getBytes(), "o-ex:rights"); if (!goodDocument) { gLogger->logError("ODRLLicense::authorize : Error parsing License XML."); throw EXCEPTION(Exception::UNEXPECTED_CONDITION); } //verify the signature if (!verifySignature(pLicenseDoc, p_Principal)) throw EXCEPTION(Exception::UNEXPECTED_CONDITION); //verify the permissions if (!verifyPermissions(pLicenseDoc, p_Permission)) throw EXCEPTION(Exception::UNEXPECTED_CONDITION); //extract the key from the license, if one is there if (!extractEncryptedKey(pLicenseDoc, p_Principal, p_KeyBlob)) throw EXCEPTION(Exception::UNEXPECTED_CONDITION); } catch (Exception&) { //TODO: eventually will rethrow isValidLicense = false; } if (pLicenseDoc) delete pLicenseDoc; return isValidLicense; }
int FLDigiDoc::verifySignatureData(const QByteArray &data, QByteArray &signResult, const QString &certfile) { X509 *pCert = 0; int err = ReadCertificate(&pCert, certfile.latin1()); if (!err && pCert) { int sigLen = SIGNATURE_LEN; byte buf[sigLen * sizeof(char)]; byte buf1[sigLen * sizeof(char) * 2]; err = verifySignature((const char *)data, data.size() * sizeof(char), DIGEST_SHA1, buf, sigLen, pCert); signResult = encodeBase64(buf, SIGNATURE_LEN); } if (pCert) { X509_free(pCert); pCert = 0; } return err; }
bool verifySignatures(struct mesgPackage mesg) { char certfile[50]; bool verify; for (int i = 1; i <= num_hosts; i++) { if (mesg.pid[i] == 1) { printf("verifying message for pid = %d\n", i); strcpy(certfile, "./keys/"); strcat(certfile, hostnames[i]); strcat(certfile, ".crt"); printf("certfile is %s\n", certfile); verify = verifySignature(mesg.message, mesg.signatures[i], certfile); if (!verify) { printf("Verification Failed for pid=%d\n", i); return verify; }else{ printf("Signature Verified OK! for pid=%d\n", i); } } } return verify; }
NvPairingManager::PairState NvPairingManager::pair(QString appVersion, QString pin) { int serverMajorVersion = NvHTTP::parseQuad(appVersion).at(0); qInfo() << "Pairing with server generation:" << serverMajorVersion; QCryptographicHash::Algorithm hashAlgo; int hashLength; if (serverMajorVersion >= 7) { // Gen 7+ uses SHA-256 hashing hashAlgo = QCryptographicHash::Sha256; hashLength = 32; } else { // Prior to Gen 7 uses SHA-1 hashing hashAlgo = QCryptographicHash::Sha1; hashLength = 20; } QByteArray salt = generateRandomBytes(16); QByteArray saltedPin = saltPin(salt, pin); AES_KEY encKey, decKey; AES_set_decrypt_key(reinterpret_cast<const unsigned char*>(QCryptographicHash::hash(saltedPin, hashAlgo).data()), 128, &decKey); AES_set_encrypt_key(reinterpret_cast<const unsigned char*>(QCryptographicHash::hash(saltedPin, hashAlgo).data()), 128, &encKey); QString getCert = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "pair", "devicename=roth&updateState=1&phrase=getservercert&salt=" + salt.toHex() + "&clientcert=" + IdentityManager::get()->getCertificate().toHex(), false); NvHTTP::verifyResponseStatus(getCert); if (NvHTTP::getXmlString(getCert, "paired") != "1") { qCritical() << "Failed pairing at stage #1"; return PairState::FAILED; } QByteArray serverCert = NvHTTP::getXmlStringFromHex(getCert, "plaincert"); if (serverCert == nullptr) { qCritical() << "Server likely already pairing"; m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true); return PairState::ALREADY_IN_PROGRESS; } QByteArray randomChallenge = generateRandomBytes(16); QByteArray encryptedChallenge = encrypt(randomChallenge, &encKey); QString challengeXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "pair", "devicename=roth&updateState=1&clientchallenge=" + encryptedChallenge.toHex(), true); NvHTTP::verifyResponseStatus(challengeXml); if (NvHTTP::getXmlString(challengeXml, "paired") != "1") { qCritical() << "Failed pairing at stage #2"; m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true); return PairState::FAILED; } QByteArray challengeResponseData = decrypt(m_Http.getXmlStringFromHex(challengeXml, "challengeresponse"), &decKey); QByteArray clientSecretData = generateRandomBytes(16); QByteArray challengeResponse; QByteArray serverResponse(challengeResponseData.data(), hashLength); #if (OPENSSL_VERSION_NUMBER < 0x10002000L) ASN1_BIT_STRING *asnSignature = m_Cert->signature; #elif (OPENSSL_VERSION_NUMBER < 0x10100000L) ASN1_BIT_STRING *asnSignature; X509_get0_signature(&asnSignature, NULL, m_Cert); #else const ASN1_BIT_STRING *asnSignature; X509_get0_signature(&asnSignature, NULL, m_Cert); #endif challengeResponse.append(challengeResponseData.data() + hashLength, 16); challengeResponse.append(reinterpret_cast<char*>(asnSignature->data), asnSignature->length); challengeResponse.append(clientSecretData); QByteArray encryptedChallengeResponseHash = encrypt(QCryptographicHash::hash(challengeResponse, hashAlgo), &encKey); QString respXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "pair", "devicename=roth&updateState=1&serverchallengeresp=" + encryptedChallengeResponseHash.toHex(), true); NvHTTP::verifyResponseStatus(respXml); if (NvHTTP::getXmlString(respXml, "paired") != "1") { qCritical() << "Failed pairing at stage #3"; m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true); return PairState::FAILED; } QByteArray pairingSecret = NvHTTP::getXmlStringFromHex(respXml, "pairingsecret"); QByteArray serverSecret = QByteArray(pairingSecret.data(), 16); QByteArray serverSignature = QByteArray(&pairingSecret.data()[16], 256); if (!verifySignature(serverSecret, serverSignature, serverCert)) { qCritical() << "MITM detected"; m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true); return PairState::FAILED; } QByteArray expectedResponseData; expectedResponseData.append(randomChallenge); expectedResponseData.append(getSignatureFromPemCert(serverCert)); expectedResponseData.append(serverSecret); if (QCryptographicHash::hash(expectedResponseData, hashAlgo) != serverResponse) { qCritical() << "Incorrect PIN"; m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true); return PairState::PIN_WRONG; } QByteArray clientPairingSecret; clientPairingSecret.append(clientSecretData); clientPairingSecret.append(signMessage(clientSecretData)); QString secretRespXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "pair", "devicename=roth&updateState=1&clientpairingsecret=" + clientPairingSecret.toHex(), true); NvHTTP::verifyResponseStatus(secretRespXml); if (NvHTTP::getXmlString(secretRespXml, "paired") != "1") { qCritical() << "Failed pairing at stage #4"; m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true); return PairState::FAILED; } QString pairChallengeXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttps, "pair", "devicename=roth&updateState=1&phrase=pairchallenge", true); NvHTTP::verifyResponseStatus(pairChallengeXml); if (NvHTTP::getXmlString(pairChallengeXml, "paired") != "1") { qCritical() << "Failed pairing at stage #5"; m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true); return PairState::FAILED; } return PairState::PAIRED; }
int main( int argc, char *argv[]) { PKCS7 *p7; PKCS7_SIGNER_INFO *si; X509_STORE_CTX cert_ctx; X509_STORE *cert_store=NULL; BIO *data = NULL, *p7bio=NULL; BIO *signature = NULL; int cmd=-1; char *infile=NULL; /* char *outfile=NULL; */ char *certfile=NULL; char *keyfile=NULL; char *key=NULL; int nodetach=0; char *datafile = NULL; char *outfile = NULL; char *signaturefile = NULL; char buf[1024*4]; char **pp = NULL; int badops=0, outdata=0, err=0, version=0, i; /* default certificates dir */ /* char *certsdir="/usr/local/OpenCA/certs"; */ /* default certificates file */ /* char *certsfile="/usr/local/OpenCA/cacert.pem"; */ char *certsdir = NULL; char *certsfile = NULL; STACK_OF(PKCS7_SIGNER_INFO) *sk; if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); bio_out=BIO_new_fp(stdout,BIO_NOCLOSE); #ifndef NO_MD5 EVP_add_digest(EVP_md5()); #endif #ifndef NO_SHA1 EVP_add_digest(EVP_sha1()); #endif if( argc <= 1 ) { printVersion( bio_err, INFO ); printf("ERROR: needed command and arguments missing\n\n"); badops=1; goto badops; } if( ( cmd = getCommand( argc, argv ) ) == -1 ) { printVersion( bio_err, INFO ); printf("ERROR: unknown command %s\n\n", argv[1] ); badops=1; goto badops; } if( argc >= 1 ) { argc--; argv++; if( argc <= 1 ) { printVersion( bio_err, INFO ); printf("ERROR: needed at least one argument!\n\n" ); badops=1; goto badops; } } while (argc > 1) { argc--; argv++; if (strcmp(*argv,"-verbose") == 0) { verbose=1; } else if (strcmp(*argv,"-print_data") == 0) { outdata=1; } else if (strcmp(*argv,"-no_chain") == 0) { chainVerify=0; } else if (strcmp(*argv,"-data") == 0) { if (--argc < 1) goto bad; datafile= *( ++argv ); } else if (strcmp(*argv,"-d") == 0) { /* Present for compatibility reasons ... */ if (--argc < 1) goto bad; datafile= *( ++argv ); } else if (strcmp(*argv,"-in") == 0) { if (--argc < 1) goto bad; infile= *( ++argv ); } else if (strcmp(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *( ++argv ); } else if (strcmp(*argv,"-cd") == 0) { if (--argc < 1) goto bad; certsdir = *(++argv); } else if (strcmp(*argv,"-cf") == 0) { if (--argc < 1) goto bad; certsfile = *( ++argv ); } else if (strcmp(*argv,"-cert") == 0) { if (--argc < 1) goto bad; certfile = *( ++argv ); } else if (strcmp(*argv,"-keyfile") == 0) { if (--argc < 1) goto bad; keyfile = *( ++argv ); } else if (strcmp(*argv,"-key") == 0) { if (--argc < 1) goto bad; key = *( ++argv ); } else if (strcmp(*argv,"-nd") == 0) { nodetach=1; } else if (strcmp(*argv,"-h") == 0) { badops=1; break; } else { if( argc == 2 ) { datafile = *argv; argc--; continue; } bad: printVersion( bio_err, INFO ); BIO_printf(bio_err,"ERROR: unknown option %s\n\n",*argv); badops=1; break; } } badops: if (badops) { for (pp=usage; (*pp != NULL); pp++) BIO_printf(bio_err,*pp); exit(1); } if( cmd == 1 ) { generateSignature( verbose, infile, outfile, certfile, keyfile, key, nodetach ); } else if ( cmd == 2 ) { verifySignature( verbose, infile, outfile, outdata, chainVerify, datafile, certsdir, certsfile); } else if ( cmd == 3 ) { sign2nd( verbose, infile, outfile, datafile, outdata ); } exit(0); }
void ValidatorRegex::checkPolicy(const Data& data, int nSteps, const OnDataValidated& onValidated, const OnDataValidationFailed& onValidationFailed, vector<shared_ptr<ValidationRequest> >& nextSteps) { if (m_stepLimit == nSteps) return onValidationFailed(data.shared_from_this(), "Maximum steps of validation reached: " + data.getName().toUri()); for (RuleList::iterator it = m_mustFailVerify.begin(); it != m_mustFailVerify.end(); it++) if ((*it)->satisfy(data)) return onValidationFailed(data.shared_from_this(), "Comply with mustFail policy: " + data.getName().toUri()); for (RuleList::iterator it = m_verifyPolicies.begin(); it != m_verifyPolicies.end(); it++) { if ((*it)->satisfy(data)) { try { SignatureSha256WithRsa sig(data.getSignature()); Name keyLocatorName = sig.getKeyLocator().getName(); shared_ptr<const Certificate> trustedCert; if (m_trustAnchors.end() == m_trustAnchors.find(keyLocatorName)) trustedCert = m_certificateCache->getCertificate(keyLocatorName); else trustedCert = m_trustAnchors[keyLocatorName]; if (static_cast<bool>(trustedCert)) { if (verifySignature(data, sig, trustedCert->getPublicKeyInfo())) return onValidated(data.shared_from_this()); else return onValidationFailed(data.shared_from_this(), "Cannot verify signature: " + data.getName().toUri()); } else { // KeyLocator is not a trust anchor OnDataValidated onKeyValidated = bind(&ValidatorRegex::onCertificateValidated, this, _1, data.shared_from_this(), onValidated, onValidationFailed); OnDataValidationFailed onKeyValidationFailed = bind(&ValidatorRegex::onCertificateValidationFailed, this, _1, _2, data.shared_from_this(), onValidationFailed); Interest interest(sig.getKeyLocator().getName()); shared_ptr<ValidationRequest> nextStep = make_shared<ValidationRequest>(interest, onKeyValidated, onKeyValidationFailed, 3, nSteps + 1); nextSteps.push_back(nextStep); return; } } catch (SignatureSha256WithRsa::Error& e) { return onValidationFailed(data.shared_from_this(), "Not SignatureSha256WithRsa signature: " + data.getName().toUri()); } catch (KeyLocator::Error& e) { return onValidationFailed(data.shared_from_this(), "Key Locator is not a name: " + data.getName().toUri()); } } } return onValidationFailed(data.shared_from_this(), "No policy found for data: " + data.getName().toUri()); }
int gs_pair(PSERVER_DATA server, char* pin) { int ret = GS_OK; char* result = NULL; char url[4096]; uuid_t uuid; char uuid_str[37]; if (server->paired) { gs_error = "Already paired"; return GS_WRONG_STATE; } if (server->currentGame != 0) { gs_error = "The computer is currently in a game. You must close the game before pairing"; return GS_WRONG_STATE; } unsigned char salt_data[16]; char salt_hex[33]; RAND_bytes(salt_data, 16); bytes_to_hex(salt_data, salt_hex, 16); uuid_generate_random(uuid); uuid_unparse(uuid, uuid_str); sprintf(url, "http://%s:47989/pair?uniqueid=%s&uuid=%s&devicename=roth&updateState=1&phrase=getservercert&salt=%s&clientcert=%s", server->address, unique_id, uuid_str, salt_hex, cert_hex); PHTTP_DATA data = http_create_data(); if (data == NULL) return GS_OUT_OF_MEMORY; else if ((ret = http_request(url, data)) != GS_OK) goto cleanup; if ((ret = xml_search(data->memory, data->size, "paired", &result)) != GS_OK) goto cleanup; if (strcmp(result, "1") != 0) { gs_error = "Pairing failed"; ret = GS_FAILED; goto cleanup; } free(result); result = NULL; if ((ret = xml_search(data->memory, data->size, "plaincert", &result)) != GS_OK) goto cleanup; if (strlen(result)/2 > 8191) { gs_error = "Server certificate too big"; ret = GS_FAILED; goto cleanup; } char plaincert[8192]; for (int count = 0; count < strlen(result); count += 2) { sscanf(&result[count], "%2hhx", &plaincert[count / 2]); } plaincert[strlen(result)/2] = '\0'; printf("%d / %d\n", strlen(result)/2, strlen(plaincert)); unsigned char salt_pin[20]; unsigned char aes_key_hash[32]; AES_KEY enc_key, dec_key; memcpy(salt_pin, salt_data, 16); memcpy(salt_pin+16, pin, 4); int hash_length = server->serverMajorVersion >= 7 ? 32 : 20; if (server->serverMajorVersion >= 7) SHA256(salt_pin, 20, aes_key_hash); else SHA1(salt_pin, 20, aes_key_hash); AES_set_encrypt_key((unsigned char *)aes_key_hash, 128, &enc_key); AES_set_decrypt_key((unsigned char *)aes_key_hash, 128, &dec_key); unsigned char challenge_data[16]; unsigned char challenge_enc[16]; char challenge_hex[33]; RAND_bytes(challenge_data, 16); AES_encrypt(challenge_data, challenge_enc, &enc_key); bytes_to_hex(challenge_enc, challenge_hex, 16); uuid_generate_random(uuid); uuid_unparse(uuid, uuid_str); sprintf(url, "http://%s:47989/pair?uniqueid=%s&uuid=%s&devicename=roth&updateState=1&clientchallenge=%s", server->address, unique_id, uuid_str, challenge_hex); if ((ret = http_request(url, data)) != GS_OK) goto cleanup; free(result); result = NULL; if ((ret = xml_search(data->memory, data->size, "paired", &result)) != GS_OK) goto cleanup; if (strcmp(result, "1") != 0) { gs_error = "Pairing failed"; ret = GS_FAILED; goto cleanup; } free(result); result = NULL; if (xml_search(data->memory, data->size, "challengeresponse", &result) != GS_OK) { ret = GS_INVALID; goto cleanup; } char challenge_response_data_enc[48]; char challenge_response_data[48]; for (int count = 0; count < strlen(result); count += 2) { sscanf(&result[count], "%2hhx", &challenge_response_data_enc[count / 2]); } for (int i = 0; i < 48; i += 16) { AES_decrypt(&challenge_response_data_enc[i], &challenge_response_data[i], &dec_key); } char client_secret_data[16]; RAND_bytes(client_secret_data, 16); char challenge_response[16 + 256 + 16]; char challenge_response_hash[32]; char challenge_response_hash_enc[32]; char challenge_response_hex[65]; memcpy(challenge_response, challenge_response_data + hash_length, 16); memcpy(challenge_response + 16, cert->signature->data, 256); memcpy(challenge_response + 16 + 256, client_secret_data, 16); if (server->serverMajorVersion >= 7) SHA256(challenge_response, 16 + 256 + 16, challenge_response_hash); else SHA1(challenge_response, 16 + 256 + 16, challenge_response_hash); for (int i = 0; i < 32; i += 16) { AES_encrypt(&challenge_response_hash[i], &challenge_response_hash_enc[i], &enc_key); } bytes_to_hex(challenge_response_hash_enc, challenge_response_hex, 32); uuid_generate_random(uuid); uuid_unparse(uuid, uuid_str); sprintf(url, "http://%s:47989/pair?uniqueid=%s&uuid=%s&devicename=roth&updateState=1&serverchallengeresp=%s", server->address, unique_id, uuid_str, challenge_response_hex); if ((ret = http_request(url, data)) != GS_OK) goto cleanup; free(result); result = NULL; if ((ret = xml_search(data->memory, data->size, "paired", &result)) != GS_OK) goto cleanup; if (strcmp(result, "1") != 0) { gs_error = "Pairing failed"; ret = GS_FAILED; goto cleanup; } free(result); result = NULL; if (xml_search(data->memory, data->size, "pairingsecret", &result) != GS_OK) { ret = GS_INVALID; goto cleanup; } char pairing_secret[16 + 256]; for (int count = 0; count < strlen(result); count += 2) { sscanf(&result[count], "%2hhx", &pairing_secret[count / 2]); } if (!verifySignature(pairing_secret, 16, pairing_secret+16, 256, plaincert)) { gs_error = "MITM attack detected"; ret = GS_FAILED; goto cleanup; } unsigned char *signature = NULL; size_t s_len; if (sign_it(client_secret_data, 16, &signature, &s_len, privateKey) != GS_OK) { gs_error = "Failed to sign data"; ret = GS_FAILED; goto cleanup; } char client_pairing_secret[16 + 256]; char client_pairing_secret_hex[(16 + 256) * 2 + 1]; memcpy(client_pairing_secret, client_secret_data, 16); memcpy(client_pairing_secret + 16, signature, 256); bytes_to_hex(client_pairing_secret, client_pairing_secret_hex, 16 + 256); uuid_generate_random(uuid); uuid_unparse(uuid, uuid_str); sprintf(url, "http://%s:47989/pair?uniqueid=%s&uuid=%s&devicename=roth&updateState=1&clientpairingsecret=%s", server->address, unique_id, uuid_str, client_pairing_secret_hex); if ((ret = http_request(url, data)) != GS_OK) goto cleanup; free(result); result = NULL; if ((ret = xml_search(data->memory, data->size, "paired", &result)) != GS_OK) goto cleanup; if (strcmp(result, "1") != 0) { gs_error = "Pairing failed"; ret = GS_FAILED; goto cleanup; } uuid_generate_random(uuid); uuid_unparse(uuid, uuid_str); sprintf(url, "https://%s:47984/pair?uniqueid=%s&uuid=%s&devicename=roth&updateState=1&phrase=pairchallenge", server->address, unique_id, uuid_str); if ((ret = http_request(url, data)) != GS_OK) goto cleanup; free(result); result = NULL; if ((ret = xml_search(data->memory, data->size, "paired", &result)) != GS_OK) goto cleanup; if (strcmp(result, "1") != 0) { gs_error = "Pairing failed"; ret = GS_FAILED; goto cleanup; } server->paired = true; cleanup: if (ret != GS_OK) gs_unpair(server); if (result != NULL) free(result); http_free_data(data); return ret; }
int main(){ // printf("Testing RSA functions with EVP_DigestSign and EVP_DigestVerify\n"); char response[1000]; OpenSSL_add_all_algorithms(); /* Sign and Verify HMAC keys */ EVP_PKEY *skey = NULL, *vkey = NULL; int rc = make_keys(&skey, &vkey); assert(rc == 0); if(rc != 0) exit(1); assert(skey != NULL); if(skey == NULL) exit(1); assert(vkey != NULL); if(vkey == NULL) exit(1); DH *privkey=createPubkey(); //char *dh_param_pub=BN_bn2dec(privkey->pub_key); const byte *msg = BN_bn2dec(privkey->pub_key);//msg contains dh_param_pub printf("DH public key Generated:%s \n",msg); byte* sig = NULL; size_t slen = 0; sock=establishConnection(); int i=0; //int count = split(data1, "$", tokens); sendMsg(sock,msg); if( recv(sock, response , 6000 , 0) < 0) { puts("recv failed"); } printf("Recieved Successfully:length of data=%d \n",(int)strlen(response)); printf("DH public key Recieved:%s \n",response); //printf("Sent Successfully: length of data=%d\n",sumSend); char *pubkey=response; struct sec s=performDH(pubkey,privkey); printf("Shared key is:%s\n ",s.value); puts("The DH Key is"); BIO_dump_fp(stdout, s.value, s.length); //free(msg); verifySignature(sock,msg); if(sig) OPENSSL_free(sig); if(skey) EVP_PKEY_free(skey); if(vkey) EVP_PKEY_free(vkey); return 0; }
bool RippleAddress::verifySignature(uint256 const& hash, const std::string& strSig) const { Blob vchSig(strSig.begin(), strSig.end()); return(verifySignature(hash, vchSig)); }
/// @brief Verify the blob against the SHA256 signature. static bool verifySignature(const Buffer& blob, const DigestSha256& sig) { return verifySignature (blob.buf(), blob.size(), sig); }
/// @brief Verify the blob using the publicKey against the signature. static bool verifySignature(const Buffer& blob, const Signature& sig, const v1::PublicKey& publicKey) { return verifySignature(blob.buf(), blob.size(), sig, publicKey); }