// EGPublicKey::Dump
// Streaming method. Outputs key to specfied stream. Outputs key length followed
// by each factor of the key.
void
EGPublicKey::Dump(std::ostream& os) const
{
// Output KeyLen followed by P, G, and Y
try
{
ByteQueue aQueue;
aQueue.Put(mKey, mKeyLen);
aQueue.Close();
Integer p, q, g, y;
BERSequenceDecoder aDecoder(aQueue);
p.BERDecode(aDecoder);
q.BERDecode(aDecoder);
g.BERDecode(aDecoder);
y.BERDecode(aDecoder);
os << "(Len=" << mKeyLen << " P=" << p << " Q=" << q << " G=" << g
<< " Y=" << y << ')';
}
catch (Exception& anEx)
{
WDBG_AH("EGPublicKey::Dump Caught CryptoLib exception: " << anEx.what());
os << "(EGPublicKey Exception: " << anEx.what() << ')';
}
}
// EGPublicKey::CopyFromPrivateKey
// Copies public key from a private key. Existing key (if any) is replaced. This
// method takes the binary rep of the private key and drops the private portion
// to generate the public key.
void
EGPublicKey::CopyFromPrivateKey(const EGPrivateKey& theKeyR)
{
ClearLocal();
try
{
ByteQueue aPrivQueue;
aPrivQueue.Put(theKeyR.GetKey(), theKeyR.GetKeyLen());
aPrivQueue.Close();
ElGamalVerifier aKey(aPrivQueue);
ByteQueue aPubQueue;
aKey.DEREncode(aPubQueue);
aPubQueue.Close();
AllocKeyBuf(aPubQueue.MaxRetrieveable());
aPubQueue.Get(mKey, mKeyLen);
}
catch (Exception& anEx)
{
WDBG_AH("EGPublicKey::CopyFromPrivateKey Caught CryptoLib exception: " << anEx.what());
#ifndef _WONCRYPT_NOEXCEPTIONS
throw WONCrypt::CryptException(WONCommon::ExCryptoLib, __LINE__, __FILE__, anEx.what());
#else
Invalidate();
#endif
}
}
void initRSA() {
string pubkey = base64_decode(string(serverPublicKey));
ByteQueue tmp;
for (int i = 0; i < pubkey.size(); i++)
tmp.Put((byte)pubkey[i]);
serverPub = new RSA::PublicKey;
serverPub->Load(tmp);
encryptor = new RSAES_OAEP_SHA_Encryptor(*serverPub);
}
// EGPublicKey::AllocateSig
// Allocates the mSigP member if needed. Feeds binary rep of key into the
// ElGamalVerifier class from Crypto++.
void
EGPublicKey::AllocateSig() const
{
WTRACE("EGPublicKey::AllocateSig");
if (! mSigP)
{
WDBG_LL("EGPublicKey::AllocateSig Allocating crypt object.");
ByteQueue aQueue;
aQueue.Put(mKey, mKeyLen);
aQueue.Close();
mSigP = new ElGamalVerifier(aQueue);
}
}
void PutDecodedDatumInto(const TestData &data, const char *name, BufferedTransformation &target)
{
std::string s1 = GetRequiredDatum(data, name), s2;
ByteQueue q;
while (!s1.empty())
{
while (s1[0] == ' ')
{
s1 = s1.substr(1);
if (s1.empty())
goto end; // avoid invalid read if s1 is empty
}
int repeat = 1;
if (s1[0] == 'r')
{
repeat = atoi(s1.c_str()+1);
s1 = s1.substr(s1.find(' ')+1);
}
s2 = ""; // MSVC 6 doesn't have clear();
if (s1[0] == '\"')
{
s2 = s1.substr(1, s1.find('\"', 1)-1);
s1 = s1.substr(s2.length() + 2);
}
else if (s1.substr(0, 2) == "0x")
{
StringSource(s1.substr(2, s1.find(' ')), true, new HexDecoder(new StringSink(s2)));
s1 = s1.substr(STDMIN(s1.find(' '), s1.length()));
}
else
{
StringSource(s1.substr(0, s1.find(' ')), true, new HexDecoder(new StringSink(s2)));
s1 = s1.substr(STDMIN(s1.find(' '), s1.length()));
}
while (repeat--)
{
q.Put((const byte *)s2.data(), s2.size());
RandomizedTransfer(q, target, false);
}
}
end:
RandomizedTransfer(q, target, true);
}
void PutDecodedDatumInto(const TestData &data, const char *name, BufferedTransformation &target)
{
std::string s1 = GetRequiredDatum(data, name), s2;
while (!s1.empty())
{
while (s1[0] == ' ')
s1 = s1.substr(1);
int repeat = 1;
if (s1[0] == 'r')
{
repeat = atoi(s1.c_str()+1);
s1 = s1.substr(s1.find(' ')+1);
}
s2 = ""; // MSVC 6 doesn't have clear();
if (s1[0] == '\"')
{
s2 = s1.substr(1, s1.find('\"', 1)-1);
s1 = s1.substr(s2.length() + 2);
}
else if (s1.substr(0, 2) == "0x")
{
StringSource(s1.substr(2, s1.find(' ')), true, new HexDecoder(new StringSink(s2)));
s1 = s1.substr(STDMIN(s1.find(' '), s1.length()));
}
else
{
StringSource(s1.substr(0, s1.find(' ')), true, new HexDecoder(new StringSink(s2)));
s1 = s1.substr(STDMIN(s1.find(' '), s1.length()));
}
ByteQueue q;
while (repeat--)
{
q.Put((const byte *)s2.data(), s2.size());
if (q.MaxRetrievable() > 4*1024 || repeat == 0)
q.TransferTo(target);
}
}
}
// EGPublicKey::AllocateCrypt
// Allocates the mCryptP member if needed. Manually decodes binary rep into factors
// and feeds appropriate factor to the ElGamalEncryptor class from Crypto++.
void
EGPublicKey::AllocateCrypt() const
{
WTRACE("EGPublicKey::AllocateCrypt");
if (! mCryptP)
{
WDBG_LL("EGPublicKey::AllocateCrypt Allocating crypt object.");
ByteQueue aQueue;
aQueue.Put(mKey, mKeyLen);
aQueue.Close();
// *HACK*
// Manually build the ElGamalEncryptor object. See notes at
// top of this file.
Integer p, q, g, y;
BERSequenceDecoder seq(aQueue);
p.BERDecode(seq);
q.BERDecode(seq);
g.BERDecode(seq);
y.BERDecode(seq);
mCryptP = new ElGamalEncryptor(p, g, y);
}
}
bool ValidateRSA()
{
cout << "\nRSA validation suite running...\n\n";
byte out[100], outPlain[100];
bool pass = true, fail;
{
static const char plain[] = "Everyone gets Friday off.";
byte *signature = (byte *)
"\x05\xfa\x6a\x81\x2f\xc7\xdf\x8b\xf4\xf2\x54\x25\x09\xe0\x3e\x84"
"\x6e\x11\xb9\xc6\x20\xbe\x20\x09\xef\xb4\x40\xef\xbc\xc6\x69\x21"
"\x69\x94\xac\x04\xf3\x41\xb5\x7d\x05\x20\x2d\x42\x8f\xb2\xa2\x7b"
"\x5c\x77\xdf\xd9\xb1\x5b\xfc\x3d\x55\x93\x53\x50\x34\x10\xc1\xe1";
FileSource keys("TestData/rsa512a.dat", true, new HexDecoder);
Weak::RSASSA_PKCS1v15_MD2_Signer rsaPriv(keys);
Weak::RSASSA_PKCS1v15_MD2_Verifier rsaPub(rsaPriv);
size_t signatureLength = rsaPriv.SignMessage(GlobalRNG(), (byte *)plain, strlen(plain), out);
fail = !VerifyBufsEqual(signature, out, 64);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
cout << "signature check against test vector\n";
fail = !rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
cout << "verification check against test vector\n";
out[10]++;
fail = rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
cout << "invalid signature verification\n";
}
{
FileSource keys("TestData/rsa1024.dat", true, new HexDecoder);
RSAES_PKCS1v15_Decryptor rsaPriv(keys);
RSAES_PKCS1v15_Encryptor rsaPub(rsaPriv);
pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass;
}
{
RSAES<OAEP<SHA> >::Decryptor rsaPriv(GlobalRNG(), 512);
RSAES<OAEP<SHA> >::Encryptor rsaPub(rsaPriv);
pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass;
}
{
byte *plain = (byte *)
"\x54\x85\x9b\x34\x2c\x49\xea\x2a";
byte *encrypted = (byte *)
"\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
"\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
"\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
"\x62\x51";
byte *oaepSeed = (byte *)
"\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2"
"\xf0\x6c\xb5\x8f";
ByteQueue bq;
bq.Put(oaepSeed, 20);
FixedRNG rng(bq);
FileSource privFile("TestData/rsa400pv.dat", true, new HexDecoder);
FileSource pubFile("TestData/rsa400pb.dat", true, new HexDecoder);
RSAES_OAEP_SHA_Decryptor rsaPriv;
rsaPriv.AccessKey().BERDecodePrivateKey(privFile, false, 0);
RSAES_OAEP_SHA_Encryptor rsaPub(pubFile);
memset(out, 0, 50);
memset(outPlain, 0, 8);
rsaPub.Encrypt(rng, plain, 8, out);
DecodingResult result = rsaPriv.FixedLengthDecrypt(GlobalRNG(), encrypted, outPlain);
fail = !result.isValidCoding || (result.messageLength!=8) || !VerifyBufsEqual(out, encrypted, 50) || !VerifyBufsEqual(plain, outPlain, 8);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
cout << "PKCS 2.0 encryption and decryption\n";
}
return pass;
}
void CAuthenticationProfileImpl::onBufferReceived(const iviLink::Channel::tChannelId channel, Buffer const& buffer)
{
LOG4CPLUS_TRACE_METHOD(msLogger, __PRETTY_FUNCTION__);
LOG4CPLUS_TRACE(msLogger, "CBuffer write position = "+convertIntegerToString(buffer.getWritePosition())
+ "; CBuffer size = " + convertIntegerToString(buffer.getSize()) +
"; Channel = "+ convertIntegerToString(channel));
assert(this);
UInt8 *incomingData = buffer.getBuffer();
int read_size = buffer.getSize();
LOG4CPLUS_INFO(msLogger, "Procedure ID = " + convertIntegerToString(incomingData[0]));
if(incomingData[0] == SEND_ENCRYPTED_PIN)
{
LOG4CPLUS_INFO(msLogger, "Encrypted PIN received");
string encryptedPIN((char*)(incomingData + 1), read_size - 1);
LOG4CPLUS_INFO(msLogger, "Engrypted PIN length = " + convertIntegerToString(encryptedPIN.length()));
LOG4CPLUS_INFO(msLogger, "Encrypted PIN = " + encryptedPIN);
string decryptedRemotePIN = CRSAEncryptDecrypt::decrypt(encryptedPIN, CRSAEncryptDecrypt::getPrivateKey(mpAppCallbacks->getInternalPath()));
LOG4CPLUS_INFO(msLogger, "Decrypted remote PIN = " + decryptedRemotePIN);
mpAppCallbacks->gotPIN(decryptedRemotePIN[0] - '0',
decryptedRemotePIN[1] - '0',
decryptedRemotePIN[2] - '0',
decryptedRemotePIN[3] - '0');
}
else if(incomingData[0] == SEND_PUBLIC_KEY)
{
LOG4CPLUS_INFO(msLogger, "PublicKey received");
UInt8* keyBytes = new UInt8[read_size - 1];
memcpy(keyBytes, incomingData + 1, read_size - 1);
ByteQueue queue;
queue.Put(keyBytes, read_size - 1);
remoteHostPublicKey.Load(queue);
}
else if(incomingData[0] == SEND_UID)
{
LOG4CPLUS_INFO(msLogger, "Remote UID received");
string uid((char*)(incomingData + 1), read_size - 1);
LOG4CPLUS_INFO(msLogger, "UID = " + uid);
mRemoteUID = iviLink::BaseUid(uid);
if(mpTrustList->isKnownUid(mRemoteUID))
{
LOG4CPLUS_INFO(msLogger, "Remote UID is known");
remoteUIDIsChecked = true;
remoteUIDIsOK = true;
sendYourUIDIsKnow();
validateUIDs();
}
else
{
LOG4CPLUS_INFO(msLogger, "Remote UID is unknown");
remoteUIDIsChecked = true;
remoteUIDIsOK = false;
sendYourUIDIsUnknown();
validateUIDs();
}
}
else if(incomingData[0] == YOUR_UID_IS_OK)
{
localUIDIsChecked = true;
localUIDIsOK = true;
validateUIDs();
}
else if(incomingData[0] == YOUR_UID_IS_NOK)
{
localUIDIsChecked = true;
localUIDIsOK = false;
validateUIDs();
}
else if(incomingData[0] == READY_TO_EXIT)
{
mpAppCallbacks->onReadyToExit();
}
}
bool RSAValidate()
{
cout << "\nRSA validation suite running...\n\n";
byte out[100], outPlain[100];
unsigned int outLen;
bool pass = true, fail;
try
{
{
char *plain = "Everyone gets Friday off.";
byte *signature = (byte *)
"\x05\xfa\x6a\x81\x2f\xc7\xdf\x8b\xf4\xf2\x54\x25\x09\xe0\x3e\x84"
"\x6e\x11\xb9\xc6\x20\xbe\x20\x09\xef\xb4\x40\xef\xbc\xc6\x69\x21"
"\x69\x94\xac\x04\xf3\x41\xb5\x7d\x05\x20\x2d\x42\x8f\xb2\xa2\x7b"
"\x5c\x77\xdf\xd9\xb1\x5b\xfc\x3d\x55\x93\x53\x50\x34\x10\xc1\xe1";
LC_RNG rng(765);
FileSource keys("rsa512a.dat", true, new HexDecoder);
RSASSA_PKCS1v15_MD2_Signer rsaPriv(keys);
RSASSA_PKCS1v15_MD2_Verifier rsaPub(rsaPriv);
rsaPriv.SignMessage(rng, (byte *)plain, strlen(plain), out);
fail = memcmp(signature, out, 64) != 0;
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
cout << "signature check against test vector\n";
fail = !rsaPub.VerifyMessage((byte *)plain, strlen(plain), out);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
cout << "verification check against test vector\n";
out[10]++;
fail = rsaPub.VerifyMessage((byte *)plain, strlen(plain), out);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
cout << "invalid signature verification\n";
}
{
FileSource keys("rsa512.dat", true, new HexDecoder);
RSAES_PKCS1v15_Decryptor rsaPriv(keys);
RSAES_PKCS1v15_Encryptor rsaPub(rsaPriv);
pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass;
}
{
byte *plain = (byte *)
"\x54\x85\x9b\x34\x2c\x49\xea\x2a";
byte *encrypted = (byte *)
"\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
"\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
"\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
"\x62\x51";
byte *oaepSeed = (byte *)
"\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2"
"\xf0\x6c\xb5\x8f";
ByteQueue bq;
bq.Put(oaepSeed, 20);
FixedRNG rng(bq);
FileSource privFile("rsa400pv.dat", true, new HexDecoder);
FileSource pubFile("rsa400pb.dat", true, new HexDecoder);
RSAES_OAEP_SHA_Decryptor rsaPriv(privFile);
RSAES_OAEP_SHA_Encryptor rsaPub(pubFile);
memset(out, 0, 50);
memset(outPlain, 0, 8);
rsaPub.Encrypt(rng, plain, 8, out);
outLen = rsaPriv.Decrypt(encrypted, outPlain);
fail = (outLen!=8) || memcmp(out, encrypted, 50) || memcmp(plain, outPlain, 8);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
cout << "PKCS 2.0 encryption and decryption\n";
}
}
catch (BERDecodeErr)
{
cout << "FAILED Error decoding RSA key\n";
pass = false;
}
return pass;
}
size_t PEM_ReadLine(BufferedTransformation& source, SecByteBlock& line, SecByteBlock& ending)
{
if(!source.AnyRetrievable())
{
line.New(0);
ending.New(0);
return 0;
}
ByteQueue temp;
while(source.AnyRetrievable())
{
byte b;
if(!source.Get(b))
throw Exception(Exception::OTHER_ERROR, "PEM_ReadLine: failed to read byte");
// LF ?
if(b == '\n')
{
ending = LF;
break;
}
// CR ?
if(b == '\r')
{
// CRLF ?
if(source.AnyRetrievable() && source.Peek(b))
{
if(b == '\n')
{
source.Skip(1);
ending = CRLF;
break;
}
}
ending = CR;
break;
}
// Not End-of-Line, accumulate it.
temp.Put(b);
}
if(temp.AnyRetrievable())
{
line.Grow(temp.MaxRetrievable());
temp.Get(line.data(), line.size());
}
else
{
line.New(0);
ending.New(0);
}
// We return a line stripped of CRs and LFs. However, we return the actual number of
// of bytes processed, including the CR and LF. A return of 0 means nothing was read.
// A return of 1 means an empty line was read (CR or LF). A return of 2 could
// mean an empty line was read (CRLF), or could mean 1 character was read. In
// any case, line will hold whatever was parsed.
return line.size() + ending.size();
}
bool
Validator::verifySignature(const uint8_t* buf,
const size_t size,
const Signature& sig,
const v1::PublicKey& key)
{
try {
using namespace CryptoPP;
switch (sig.getType()) {
case tlv::SignatureSha256WithRsa: {
if (key.getKeyType() != KeyType::RSA)
return false;
RSA::PublicKey publicKey;
ByteQueue queue;
queue.Put(reinterpret_cast<const byte*>(key.get().buf()), key.get().size());
publicKey.Load(queue);
RSASS<PKCS1v15, SHA256>::Verifier verifier(publicKey);
return verifier.VerifyMessage(buf, size,
sig.getValue().value(), sig.getValue().value_size());
}
case tlv::SignatureSha256WithEcdsa: {
if (key.getKeyType() != KeyType::EC)
return false;
ECDSA<ECP, SHA256>::PublicKey publicKey;
ByteQueue queue;
queue.Put(reinterpret_cast<const byte*>(key.get().buf()), key.get().size());
publicKey.Load(queue);
ECDSA<ECP, SHA256>::Verifier verifier(publicKey);
uint32_t length = 0;
StringSource src(key.get().buf(), key.get().size(), true);
BERSequenceDecoder subjectPublicKeyInfo(src);
{
BERSequenceDecoder algorithmInfo(subjectPublicKeyInfo);
{
Oid algorithm;
algorithm.decode(algorithmInfo);
Oid curveId;
curveId.decode(algorithmInfo);
if (curveId == SECP256R1)
length = 256;
else if (curveId == SECP384R1)
length = 384;
else
return false;
}
}
switch (length) {
case 256: {
uint8_t buffer[64];
size_t usedSize = DSAConvertSignatureFormat(buffer, sizeof(buffer), DSA_P1363,
sig.getValue().value(),
sig.getValue().value_size(),
DSA_DER);
return verifier.VerifyMessage(buf, size, buffer, usedSize);
}
case 384: {
uint8_t buffer[96];
size_t usedSize = DSAConvertSignatureFormat(buffer, sizeof(buffer), DSA_P1363,
sig.getValue().value(),
sig.getValue().value_size(),
DSA_DER);
return verifier.VerifyMessage(buf, size, buffer, usedSize);
}
default:
return false;
}
}
default:
// Unsupported sig type
return false;
}
}
catch (const CryptoPP::Exception& e) {
return false;
}
}