taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add checks to verify incorrect signatures.

Browse Source
This commit is contained in:
Sree Harsha Totakura 2015-01-22 16:23:25 +01:00
parent b119131873
commit acee974c06
2 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/util/rsa.c
View File

@ -670,8 +670,8 @@ decode_public_key (const struct TALER_RSA_PublicKeyBinaryEncoded *publicKey)
/** /**
* Verify signature on the given message. The size of the message should be less than * Verify signature on the given message. The size of the message should be
* TALER_RSA_DATA_ENCODING_LENGTH (256) bytes. * less than TALER_RSA_DATA_ENCODING_LENGTH (256) bytes.
* *
* @param msg the message * @param msg the message
* @param size the size of the message * @param size the size of the message
@ -690,7 +690,7 @@ TALER_RSA_verify (const void *msg, size_t size,
gcry_mpi_t val; gcry_mpi_t val;
gcry_sexp_t psexp; gcry_sexp_t psexp;
size_t erroff; size_t erroff;
int rc; gcry_error_t rc;
GNUNET_assert (size <= TALER_RSA_DATA_ENCODING_LENGTH); GNUNET_assert (size <= TALER_RSA_DATA_ENCODING_LENGTH);
if (size > TALER_RSA_DATA_ENCODING_LENGTH) if (size > TALER_RSA_DATA_ENCODING_LENGTH)

14
src/util/test_rsa.c
View File

@ -38,7 +38,7 @@
int int
main (int argc, char *argv[]) main (int argc, char *argv[])
{ {
#define RND_BLK_SIZE 4096 #define RND_BLK_SIZE 16524
unsigned char rnd_blk[RND_BLK_SIZE]; unsigned char rnd_blk[RND_BLK_SIZE];
struct TALER_RSA_PrivateKey *priv; struct TALER_RSA_PrivateKey *priv;
struct TALER_RSA_PrivateKeyBinaryEncoded *priv_enc; struct TALER_RSA_PrivateKeyBinaryEncoded *priv_enc;
@ -72,6 +72,12 @@ main (int argc, char *argv[])
EXITIF (GNUNET_OK != TALER_RSA_verify (&hash, sizeof (hash), EXITIF (GNUNET_OK != TALER_RSA_verify (&hash, sizeof (hash),
&sig, &sig,
&pubkey)); &pubkey));
/* corrupt our hash and see if the signature is still valid */
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, &hash,
sizeof (struct GNUNET_HashCode));
EXITIF (GNUNET_OK == TALER_RSA_verify (&hash, sizeof (hash),
&sig,
&pubkey));
/* test blind signing */ /* test blind signing */
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, rnd_blk, GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, rnd_blk,
@ -92,6 +98,12 @@ main (int argc, char *argv[])
EXITIF (GNUNET_OK != TALER_RSA_verify (&hash, sizeof (hash), EXITIF (GNUNET_OK != TALER_RSA_verify (&hash, sizeof (hash),
&sig, &sig,
&pubkey)); &pubkey));
/* corrupt our hash and see if the signature is still valid */
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, &hash,
sizeof (struct GNUNET_HashCode));
EXITIF (GNUNET_OK == TALER_RSA_verify (&hash, sizeof (hash),
&sig,
&pubkey));
ret = 0; /* all OK */ ret = 0; /* all OK */
EXITIF_exit: EXITIF_exit: