Menu
▾
▴
Re: [TrouSerS-users] Hash Verification failed generated with TrouSerS and verified using OpenSSl
|
From: JanuGerman <dou...@ya...> - 2007-04-10 07:46:57
|
Hi Hal and every one,
Many thanks for the information. Yes, you are right, it was PUBKEY blob, rather than modulus. I used the method Tspi_GetAttribData to get the modulus and length is 256, which indicates that it is the modulus.
But unfortunately, program is not verified using OpenSSL yet. Now the "rv" value is 35 where as the "iHashLength" is 20. Any clue?
Thank You,
JG
Following is the code, that i am using in the OpenSSL for verification and in TrouSerS:
//get the modulus.
result = Tspi_GetAttribData(hMSigningKey, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &ulPublicKeyLength,
&rgbPublicKey);
//writing to the file
fp=fopen("/root/publickey", "wb");
fwrite(rgbPublicKey, sizeof(BYTE),ulPublicKeyLength,fp);
fclose(fp);
//code for OpenSSl
int hashVerify(unsigned char *pHash,unsigned int *iHashLength)
{
FILE *f=NULL,*f1 = NULL;
unsigned char *pModulus; //= read_file(f, &filelen);
unsigned char *pSignature;
int rv,nid;
unsigned char exp[] = {0x01,0x00,0x01};
unsigned char buf[256];
RSA *rsa = RSA_new();
unsigned int iKeyLength,sig_len;
//nid = NID_sha1;
nid = NID_undef;
if (rsa == NULL) {
goto err;
}
f = fopen("/root/publickey","rb");
pModulus = read_file(f, &iKeyLength);
fclose(f);
f1 = fopen("/root/signature","rb");
pSignature = read_file(f1, &sig_len);
fclose(f1);
/* set the public key value in the OpenSSL object */
rsa->n = BN_bin2bn(pModulus, iKeyLength, rsa->n);
/* set the public exponent */
rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e);
if (rsa->n == NULL || rsa->e == NULL) {
goto err;
}
printf ("Public Key Length %i\n",iKeyLength);
printf ("signature length %i\n",sig_len);
printf ("hash length %i \n",iHashLength);
if (nid == NID_undef) {
rv = RSA_public_decrypt(sig_len, pSignature, buf, rsa, RSA_PKCS1_PADDING);
//ERR_get_errors_fp(stdout);
printf("rv %i\n",rv);
if ((unsigned int)rv != iHashLength) {
printf("Hash Length Not equal Verification Failed\n");
do {
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
} while (0);
goto out;
} else if (memcmp(pHash, buf, iHashLength)) {
printf("Other MemCpy Failed. Verification Failed\n");
do {
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
} while (0);
goto out;
}
} else
if ((rv = RSA_verify(nid, pHash, iHashLength, pSignature, sig_len, rsa)) == 0) {
printf("Verification Failed %i \n ",rv);
do {
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
} while (0);
goto out;
}
err:
// printf("sorry an error occured");
return 0;
out:
return 1;
}
--- Original Message ----
From: Hal Finney <hal...@gm...>
To: JanuGerman <dou...@ya...>
Cc: Trousers <tro...@li...>
Sent: Tuesday, 10 April, 2007 12:21:23 AM
Subject: Re: Hash Verification failed generated with TrouSerS and verified using OpenSSl
Hi Janu - What is the size of /root/publickey, which is returned from
Tspi_Key_GetPubKey? I think this may be a PUBKEY blob rather than just
an RSA modulus. If it is the modulus it will be exactly 256 bytes, if
it is the blob it will be bigger.
If you just want the modulus you should use Tspi_GetAttribData on the
key object, with TSS_TSPATTRIB_RSAKEY_INFO and
TSS_TSPATTRIB_KEYINFO_RSA_MODULUS.
Hal
___________________________________________________________
Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for
your free account today http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html
|