How to use this function.
int mbedtls_pk_verify(mbedtls_pk_context * ctx, mbedtls_md_type_t md_alg, const unsigned char * hash, size_t hash_len, const unsigned char * sig, size_t sig_len)
So by calling the function like this mbedtls_pk_verify(&public_key_context, MBEDTLS_MD_SHA1, md, sizeof(md), signature, signature_lenght) how should I initialize md and how do I know what it is?
md is the message digest (usually a hash value).
To verify a signature, you have to feed the message through the same hash algorithm that was used when creating the signature. If the signature was created using SHA1, then you have to calculate the SHA1 hash value for the message you want to verify first. Then you pass this value together with its length (20 bytes in this case) to the function.
You can use the mbedtls library itself to calculate the message digest:
// Get the message digest info structure for SHA1
mbetdtls_md_info_t *mdinfo = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
char *md = malloc(mdinfo->size);
// Calculate the message digest for the data
mbedtls_md(mdinfo, data, datalen, md);
// Now verify the signature for the given hash of the data
int st = mbedtls_pk_verify(&public_key_context,
mdinfo->type, md, mdinfo->size,
signature, signature_length);
if (st != 0) {
// Signature invalid!
} else {
// Signature valid
}
free(md);
This should do what you need.
Related
Here's how I calculate a SHA512 hash in C.
#include <openssl/sha.h>
#include <stdio.h>
char *calc_sha512(char *data) {
SHA512_CTX ctx;
char *md = malloc(sizeof(char)*(SHA512_DIGEST_LENGTH+1));
SHA512_Init(&ctx);
SHA512_Update(&ctx, data, strlen(data));
SHA512_Final(md, &ctx);
md[SHA512_DIGEST_LENGTH] = '\0';
return md;
}
int main() {
printf("%s\n", calc_sha512("foo"));
return 1;
}
Now when I try to transform it to 512/t (either 512/224 or 512/256), it doesn't work. I initially thought that for calculating a 512/t hash, you'd simply have to truncate the output to t bits, but upon further reading, it doesn't only truncate the output, it also have different initial constant values. So I'm trying to figure out any function in OpenSSL that supports that? So far I have looked into docs and header files, I can't find such method under either SHA or EVP. Does OpenSSL even support SHA512/t hashing algorithms? Does it provide the functionality out of the box? Any pointers to that would be helpful.
As you noticed, those truncated sha512 hashes use different initalisation vectors, probably to avoid giving away part of the actual sha512 hash if they would just literally truncate those bytes.
Support for sha512_256 has been implemented in the OpenSSL master tree a few months ago and will likely be in OpenSSL 1.1.1.
Check the changelog:
https://www.openssl.org/news/changelog.txt
Or the commit on Github:
https://github.com/openssl/openssl/commit/4bed94f0c11ef63587c6b2edb03c3c438e221604
... so depending on the platform you're on, you could use those new functions in the near future just like you are doing with the sha512 example you provided.
this function should return the SHA512/256 hash (binary form, not printable)
char *calc_sha512_256(char *data, unsigned int data_len) {
char *hash = malloc(SHA256_DIGEST_LENGTH);
if (!EVP_Digest(data, data_len, hash, NULL, EVP_sha512_256(), NULL)) {
free(hash);
hash = NULL;
}
return hash;
}
I am using openssl RSA algorithm to encrypt one file and send it to a server and then send it back with socket elements. But I can't get the original data. To be exactly, sometimes. I attach part of my code here, could you tell my why is it?
This is my code to encrypt and decrypt, I think it is not a problem:
int public_encrypt(unsigned char * data,int data_len, unsigned char *encrypted)
{
FILE *fp=fopen("public.pem","rb");
RSA *rsa;
rsa=PEM_read_RSA_PUBKEY(fp,NULL,NULL,NULL);
//RSA * rsa = createRSA(key,1);
int result = RSA_public_encrypt(data_len,data,encrypted,rsa,padding);
return result;
}
int private_decrypt(unsigned char * enc_data,int data_len, unsigned char *decrypted)
{
FILE *fp=fopen("private.pem","rb");
RSA *rsa;
rsa=PEM_read_RSAPrivateKey(fp,NULL,NULL,NULL);
//RSA * rsa = createRSA(key,0);
int result = RSA_private_decrypt(data_len,enc_data,decrypted,rsa,padding);
return result;
}
When sending something:
int encrypted_length=public_encrypt(buffer,st.st_size,publicKey,encrypted);
int decrypted_length= private_decrypt(encrypted,256,privateKey,decrypted);
The second line just to test if it can deccrypt well, and it works well all the time
When I am getting data from server, the code is:
int decrypted_length = private_decrypt(buffer,256,privateKey,decrypted);
The buffer is what I send. I used md5 to check the content, they are the same thing. After testing, the result in the private_decrypt is -1 in some case. The result is really unstable I can't find the reason. But I can find that if the file have already there, say I run this for second time with same functio, the result is not -1.
I tried to use ERR_get_error() to get the error, its result is 0x407106b, but I can't check this number anywhere.
From OpenSSL documentation
Creating an ECDSA signature of a given SHA-256 hash value using the named curve prime256v1 (aka P-256).
Second step: compute the ECDSA signature of a SHA-256 hash value using ECDSA_do_sign():
sig = ECDSA_do_sign(digest, 32, eckey);
if (sig == NULL) {
/* error */
}
or using ECDSA_sign():
unsigned char *buffer, *pp;
int buf_len;
buf_len = ECDSA_size(eckey);
buffer = OPENSSL_malloc(buf_len);
pp = buffer;
if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0) {
/* error */
}
Third step: verify the created ECDSA signature using ECDSA_do_verify():
ret = ECDSA_do_verify(digest, 32, sig, eckey);
or using ECDSA_verify():
ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey);
and finally evaluate the return value:
if (ret == 1) {
/* signature ok */
} else if (ret == 0) {
/* incorrect signature */
} else {
/* error */
}
EOF
This brings me to an understanding that I need to verify every signature I create with ECDSA_do_sign or ECDSA_sign, do I? Can it happen that a created signature is not valid?
From NIST PUB 186-4 - Digital Signature Standard section 4.7:
Signature verification may be performed by any party (i.e., the signatory, the intended recipient or any other party) using the signatory’s public key. A signatory may wish to verify that the computed signature is correct, perhaps before sending the signed message to the intended recipient. The intended recipient (or any other party) verifies the signature to determine its
authenticity.
(where the signatory is the signature creator)
As described in this question: Openssl C++ get expiry date, there is the possibility to write an ASN1 time into a BIO buffer and then read it back into a custom buffer buf:
BIO *bio;
int write = 0;
bio = BIO_new(BIO_s_mem());
if (bio) {
if (ASN1_TIME_print(bio, tm))
write = BIO_read(bio, buf, len-1);
BIO_free(bio);
}
buf[write]='\0';
return write;
How could this be achieved without using BIO at all? The ASN1_TIME_print function is only present when OPENSSL_NO_BIO is not defined. Is there a way to write the time directly into a given buffer?
You can try the sample code below. It doesn't use BIO, but should give you the same output as the OP's example. If you don't trust the ASN1_TIME string, you'll want to add some error checking for:
notBefore->data is > 10 chars
each char value is between '0' and '9'
values for year, month, day, hour, minute, second
type
You should test for the type (i.e. UTC), if you expect multiple types.
You should also test whether or not the date/time is GMT and add that to the string if you want the output to match exactly as if using BIOs. see:
openssl/crypto/asn1/t_x509.c - ASN1_UTCTIME_print or ASN1_GENERALIZEDTIME_print
ASN1_TIME* notBefore = NULL;
int len = 32;
char buf[len];
struct tm tm_time;
notBefore = X509_get_notBefore(x509_cert);
// Format ASN1_TIME with type UTC into a tm struct
if(notBefore->type == V_ASN1_UTCTIME){
strptime((const char*)notBefore->data, "%y%m%d%H%M%SZ" , &tm_time);
strftime(buf, sizeof(char) * len, "%h %d %H:%M:%S %Y", &tm_time);
}
// Format ASN1_TIME with type "Generalized" into a tm struct
if(notBefore->type == V_ASN1_GENERALIZEDTIME){
// I didn't look this format up, but it shouldn't be too difficult
}
I think this should be possible, at least in terms of writing the time directly into a given buffer -- but you'll still need to use BIOs.
Ideally, BIO_new_mem_buf would suit, given that it creates an in-memory BIO using a given buffer as the source. Unfortunately, that function treats the given buffer as read-only, which is not what we want. However, we can create our own function (let's call it BIO_new_mem_buf2), based on the BIO_new_mem_buf source code:
BIO *BIO_new_mem_buf2(void *buf, int len)
{
BIO *ret;
BUF_MEM *b;
size_t sz;
if (!buf) {
BIOerr(BIO_F_BIO_NEW_MEM_BUF, BIO_R_NULL_PARAMETER);
return NULL;
}
sz = (size_t)len;
if (!(ret = BIO_new(BIO_s_mem())))
return NULL;
b = (BUF_MEM *)ret->ptr;
b->data = buf;
b->length = sz;
b->max = sz;
return ret;
}
This is just like BIO_new_mem_buf, except that a) the len argument must indicate the size of the given buffer, and b) the BIO is not marked "readonly".
With the above, you should now be able to call:
ASN1_TIME_print(bio, tm)
and have the time appear in your given buffer.
Note that I have not tested the above code, so YMMV. Hope this helps!
So far I have gotten my libev code to successfully return a static sting that says "OMP OMP", however when I write a function that returns a "static" string it never seems to work. (Sidenote: the idea is to turn that same function into a dynamic response but just for agile testing purposes I need this to work first). My code for the libev read callback is as the following...
void p2pserver_network_buf_read_callback(struct bufferevent *incoming, void *arg){
//Define function local variables
struct evbuffer *evreturn;
char *req;
//Begin function local logic
req = evbuffer_readline(incoming->input);
if (req == NULL){
return;
}
char *response;
parse_json_command(req, response);
//response = "OMP OMP";
g_print("PARSED");
evreturn = evbuffer_new();
evbuffer_add_printf(evreturn, "%s", response);
bufferevent_write_buffer(incoming,evreturn);
evbuffer_free(evreturn);
free(req);
g_print("%s", response);
}
The parse_json_command function is as the following...
void parse_json_command(char json_command, char *response){
//Define Local Variables
g_print("PARSING");
response = "YOU KNOW";
//Print out the recieved message....
//g_message("%s", json_command);
/**
* TODO: check if the JSON is valid before parsing
* to prevent "Segmentation Defaults"
* and its good sanity checks.
**/
//Parse JSON incomming
/*json_object * jobj = json_tokener_parse(json_command);
enum json_type type;
json_object_object_foreach(jobj, key, val){
g_print("%s\n", key);
if(g_utf8_collate(key, "cmd") >= 0){
//Looks like the user has sent a "cmd" (command), lets analyze the "val" (value) of that command to see what the caller/client needs to be attending to...
//Is the client requesting an "Identity Update" (Pings server: if this is the first time ping, the server and client will exachange keys if the relationship exists the server just accepts the encrypted "ping" packet update)
type = json_object_get_type(val);
if(type == json_type_string){
char* cmd_value;
cmd_value = json_object_get_string(val);
//g_print("VALUE:%d\n", g_utf8_collate(cmd_value, "identupdate"));
if(g_utf8_collate(cmd_value, "identupdate") == 0){
//Call "Identity Update Response"
//char return_response = p2pserver_json_identupdate_response(json_command);
}
}
}
}
*/
return;
}
If you want to see the complete code (only a couple of pages big at the time of this writing) you can go to the source code at the following link: https://github.com/Xenland/P2PCrypt-Server
Thanks for your time and help!
c passes arguments by value, not by reference. You problem is here:
void parse_json_command(char json_command, char *response){
[...]
response = "YOU KNOW";
[...]
}
char *response;
parse_json_command(req, response);
response is a uninitialized pointer to a string. You are assigning a pointer to a static string to the response pointer in the function, but that does not modify response outside of the function, it just changes response within the function. There are different ways to fix this. Probably the easiest one for a quick fix would be to change the function's prototype to return a char * instead of void:
char * parse_json_command(char json_command){
char *response;
[...]
response = "YOU KNOW";
[...]
return response;
}
char *response;
response = parse_json_command(req);
Also, the json_command argument should probably be a char * or const char *, not just a single char, if you want to pass more than a single byte there.