Mercurial > trustbridge
comparison common/listutil.c @ 770:7861950f7637
Make RSA Keysize definiable
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Thu, 10 Jul 2014 19:14:22 +0200 |
| parents | 44257ecdae6d |
| children | 698b6a9bd75e |
comparison
equal
deleted
inserted
replaced
| 769:44257ecdae6d | 770:7861950f7637 |
|---|---|
| 96 int verify_list(const char *data, const size_t size) | 96 int verify_list(const char *data, const size_t size) |
| 97 { | 97 { |
| 98 int ret = -1; | 98 int ret = -1; |
| 99 pk_context pub_key_ctx; | 99 pk_context pub_key_ctx; |
| 100 char *p; | 100 char *p; |
| 101 /* Fixed key size of 3072 implies the sizes*/ | 101 |
| 102 const size_t sig_b64_size = 512; | 102 /* Modulus / 8 are the necessary bytes. */ |
| 103 size_t sig_size = 384; | 103 #ifndef TRUSTBRIDGE_RSA_KEY_SIZE |
| 104 # error "Key size undefined" | |
| 105 #endif | |
| 106 const size_t sig_b64_size = TRUSTBRIDGE_RSA_KEY_SIZE / 8 * 4 / 3; | |
| 107 size_t sig_size = TRUSTBRIDGE_RSA_KEY_SIZE / 8; | |
| 104 | 108 |
| 105 char signature_b64[sig_b64_size + 1]; | 109 char signature_b64[sig_b64_size + 1]; |
| 106 unsigned char signature[sig_size]; | 110 unsigned char signature[sig_size]; |
| 107 /* Hash algroithm is sha256 */ | 111 /* Hash algroithm is sha256 */ |
| 108 unsigned char hash[32]; | 112 unsigned char hash[32]; |
| 121 signature_b64[sig_b64_size] = '\0'; | 125 signature_b64[sig_b64_size] = '\0'; |
| 122 | 126 |
| 123 ret = base64_decode(signature, &sig_size, | 127 ret = base64_decode(signature, &sig_size, |
| 124 (unsigned char *)signature_b64, sig_b64_size); | 128 (unsigned char *)signature_b64, sig_b64_size); |
| 125 | 129 |
| 126 if (ret != 0 || sig_size != 384) { | 130 if (ret != 0 || sig_size != TRUSTBRIDGE_RSA_KEY_SIZE / 8) { |
| 127 /* printf("failed to decode signature\n"); */ | 131 /* printf("failed to decode signature\n"); */ |
| 128 return -1; | 132 return -1; |
| 129 } | 133 } |
| 130 | 134 |
| 131 /* Hash is calculated over the data without the first line. | 135 /* Hash is calculated over the data without the first line. |
| 135 /* Size of the data to hash is the size - signature line | 139 /* Size of the data to hash is the size - signature line |
| 136 * signature line is sig_b64_size - "S:" and - "\r\n" so -4*/ | 140 * signature line is sig_b64_size - "S:" and - "\r\n" so -4*/ |
| 137 sha256((unsigned char *)p, size - sig_b64_size - 4, hash, 0); | 141 sha256((unsigned char *)p, size - sig_b64_size - 4, hash, 0); |
| 138 | 142 |
| 139 pk_init(&pub_key_ctx); | 143 pk_init(&pub_key_ctx); |
| 140 #if 0 | |
| 141 { | |
| 142 int i; | |
| 143 FILE *foo = fopen("/tmp/testdump", "w"); | |
| 144 FILE *foo2 = fopen("/tmp/rawdump", "w"); | |
| 145 for (i=0; i< (int)(size - sig_b64_size - 2); i++) | |
| 146 fprintf (foo, "%c", p[i]); | |
| 147 for (i=0; i< (int)(size); i++) | |
| 148 fprintf (foo2, "%c", data[i]); | |
| 149 fclose(foo); | |
| 150 printf ("Hash: \n"); | |
| 151 for (i=0; i<32; i++) { | |
| 152 printf ("%x", hash[i]); | |
| 153 } | |
| 154 printf("\n"); | |
| 155 } | |
| 156 #endif | |
| 157 | 144 |
| 158 ret = pk_parse_public_key(&pub_key_ctx, public_key_pem, | 145 ret = pk_parse_public_key(&pub_key_ctx, public_key_pem, |
| 159 public_key_pem_size); | 146 public_key_pem_size); |
| 160 if (ret != 0) { | 147 if (ret != 0) { |
| 161 ERRORPRINTF ("pk_parse_public_key failed with -0x%04x\n\n", -ret); | 148 ERRORPRINTF ("pk_parse_public_key failed with -0x%04x\n\n", -ret); |