// for now a copy of how we sign in libraries/networking/src/DataServerAccountInfo - // we sha256 the text, read the private key from disk (for now!), and return the signed // sha256. Note later with multiple keys, we may need the key parameter (or something // similar) so I left it alone for now. Also this will probably change when we move // away from RSA keys anyways. Note that since this returns a QString, we better avoid // the horror of code pages and so on (changing the bytes) by just returning a base64 // encoded string representing the signature (suitable for http, etc...) QString Wallet::signWithKey(const QByteArray& text, const QString& key) { EC_KEY* ecPrivateKey = NULL; auto keyFilePathString = keyFilePath().toStdString(); if ((ecPrivateKey = readPrivateKey(keyFilePath().toStdString().c_str()))) { unsigned char* sig = new unsigned char[ECDSA_size(ecPrivateKey)]; unsigned int signatureBytes = 0; qCInfo(commerce) << "Hashing and signing plaintext" << text << "with key at address" << ecPrivateKey; QByteArray hashedPlaintext = QCryptographicHash::hash(text, QCryptographicHash::Sha256); int retrn = ECDSA_sign(0, reinterpret_cast<const unsigned char*>(hashedPlaintext.constData()), hashedPlaintext.size(), sig, &signatureBytes, ecPrivateKey); EC_KEY_free(ecPrivateKey); QByteArray signature(reinterpret_cast<const char*>(sig), signatureBytes); if (retrn != -1) { return signature.toBase64(); } } return QString(); }
bool Wallet::walletIsAuthenticatedWithPassphrase() { // try to read existing keys if they exist... // FIXME: initialize OpenSSL elsewhere soon initialize(); // this should always be false if we don't have a passphrase // cached yet if (!_passphrase || _passphrase->isEmpty()) { return false; } if (_publicKeys.count() > 0) { // we _must_ be authenticated if the publicKeys are there DependencyManager::get<WalletScriptingInterface>()->setWalletStatus((uint)WalletStatus::WALLET_STATUS_READY); return true; } // otherwise, we have a passphrase but no keys, so we have to check auto publicKey = readPublicKey(keyFilePath().toStdString().c_str()); if (publicKey.size() > 0) { if (auto key = readPrivateKey(keyFilePath().toStdString().c_str())) { EC_KEY_free(key); // be sure to add the public key so we don't do this over and over _publicKeys.push_back(publicKey.toBase64()); DependencyManager::get<WalletScriptingInterface>()->setWalletStatus((uint)WalletStatus::WALLET_STATUS_READY); return true; } } return false; }
bool Wallet::walletIsAuthenticatedWithPassphrase() { // try to read existing keys if they exist... // FIXME: initialize OpenSSL elsewhere soon initialize(); qCDebug(commerce) << "walletIsAuthenticatedWithPassphrase: checking" << (!_passphrase || !_passphrase->isEmpty()); // this should always be false if we don't have a passphrase // cached yet if (!_passphrase || _passphrase->isEmpty()) { if (!getKeyFilePath().isEmpty()) { // If file exists, then it is an old school file that has not been lockered. Must get user's passphrase. qCDebug(commerce) << "walletIsAuthenticatedWithPassphrase: No passphrase, but there is an existing wallet."; return false; } else { qCDebug(commerce) << "walletIsAuthenticatedWithPassphrase: New setup."; setPassphrase("ACCOUNT"); // Going forward, consider this an account-based client. } } if (_publicKeys.count() > 0) { // we _must_ be authenticated if the publicKeys are there DependencyManager::get<WalletScriptingInterface>()->setWalletStatus((uint)WalletStatus::WALLET_STATUS_READY); qCDebug(commerce) << "walletIsAuthenticatedWithPassphrase: wallet was ready"; return true; } // otherwise, we have a passphrase but no keys, so we have to check auto publicKey = readPublicKey(keyFilePath()); if (publicKey.size() > 0) { if (auto key = readPrivateKey(keyFilePath())) { EC_KEY_free(key); // be sure to add the public key so we don't do this over and over _publicKeys.push_back(publicKey.toBase64()); if (*_passphrase != "ACCOUNT") { changePassphrase("ACCOUNT"); // Rewrites with salt and constant, and will be lockered that way. } qCDebug(commerce) << "walletIsAuthenticatedWithPassphrase: wallet now ready"; return true; } } qCDebug(commerce) << "walletIsAuthenticatedWithPassphrase: wallet not ready"; return false; }
/* \brief receives a session key from the client * Protocol: Client generates an AES key which is sent * encrypted by RSA. Use the private key to decrypt the * AES key and use the AES key for the rest of the session */ unsigned char *getSessionKey(int client_sock){ unsigned char client_message[MAX_MSG_SZ]; int read_size; // get encrypted AES key from client if ( (read_size = recv(client_sock, client_message, MAX_MSG_SZ, 0)) < 0){ perror("receive failed"); exit(1); } // decrypt AES key using server private key RSA * privateKey; privateKey = readPrivateKey(server_key); if (privateKey == NULL){ //key file not found exit(1); //fatal } unsigned char *session_key; session_key = (unsigned char *) malloc(KEYLEN*sizeof(char)); int keylen = decryptRSA( client_message, read_size, session_key, privateKey ); printf("Session key:\n"); int i; for (i = 0; i < keylen; i++){ printf("0x%02x ", session_key[i]); if (i%8==7) printf("\n"); } memset(client_message, 0, MAX_MSG_SZ); //zero out buffer return session_key; }