RSA raw verifier

valvor · Dec 15, 2014 · 1ffe795 · 1ffe795
1 parent ef73353
commit 1ffe795
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 9 deletions.
diff --git a/Reseed.cpp b/Reseed.cpp
@@ -223,7 +223,6 @@ namespace data
 			// TODO: implement all signature types
 			if (signatureType == SIGNING_KEY_TYPE_RSA_SHA512_4096)
 			{
-				i2p::crypto::RSASHA5124096Verifier verifier(it->second);
 				size_t pos = s.tellg ();
 				size_t tbsLen = pos + contentLength;
 				uint8_t * tbs = new uint8_t[tbsLen];
@@ -232,13 +231,9 @@ namespace data
 				uint8_t * signature = new uint8_t[signatureLength];
 				s.read ((char *)signature, signatureLength);
 				// RSA-raw
-				CryptoPP::Integer enSig (a_exp_b_mod_c (CryptoPP::Integer (signature, 512), 
-					CryptoPP::Integer (i2p::crypto::rsae), CryptoPP::Integer (it->second, 512)));
-				uint8_t enSigBuf[512];
-				enSig.Encode (enSigBuf, 512);
-				uint8_t hash[64];
-				CryptoPP::SHA512().CalculateDigest (hash, tbs, tbsLen); // TODO: implement in one pass
-				if (memcmp (enSigBuf + (512-64), hash, 64)) // TODO: use PKCS#1 v1.5 padding
+				i2p::crypto::RSASHA5124096RawVerifier verifier(it->second);
+				verifier.Update (tbs, tbsLen);
+				if (!verifier.Verify (signature))
 					LogPrint (eLogWarning, "SU3 signature verification failed");
 				delete[] signature;
 				delete[] tbs;

diff --git a/Signature.h b/Signature.h
@@ -355,7 +355,61 @@ namespace crypto
 			{
 			}
 	};
-
+
+// Raw verifiers	
+	class RawVerifier
+	{
+		public:
+
+			virtual ~RawVerifier () {};
+			virtual void Update (const uint8_t * buf, size_t len) = 0;
+			virtual bool Verify (const uint8_t * signature) = 0;
+	};		
+
+	template<typename Hash, size_t keyLen>
+	class RSARawVerifier: public RawVerifier
+	{
+		public:
+
+			RSARawVerifier (const uint8_t * signingKey):
+				n (signingKey, keyLen)
+			{
+			}
+
+			void Update (const uint8_t * buf, size_t len)
+			{
+				m_Hash.Update (buf, len);
+			}
+
+			bool Verify (const uint8_t * signature)
+			{
+				// RSA encryption first
+				CryptoPP::Integer enSig (a_exp_b_mod_c (CryptoPP::Integer (signature, keyLen), 
+					CryptoPP::Integer (i2p::crypto::rsae), n)); // s^e mod n 
+				uint8_t enSigBuf[keyLen];
+				enSig.Encode (enSigBuf, keyLen);
+
+				uint8_t digest[Hash::DIGESTSIZE];
+				m_Hash.Final (digest);
+				if (keyLen < Hash::DIGESTSIZE) return false; // can't verify digest longer than key
+				// we assume digest is right aligned, at least for PKCS#1 v1.5 padding 
+				return !memcmp (enSigBuf + (keyLen - Hash::DIGESTSIZE), digest, Hash::DIGESTSIZE); 				
+			}
+
+		private:
+
+			CryptoPP::Integer n; // RSA modulus	
+			Hash m_Hash;
+	};	
+
+	class RSASHA5124096RawVerifier: public RSARawVerifier<CryptoPP::SHA512, RSASHA5124096_KEY_LENGTH> 
+	{
+		public:
+
+			RSASHA5124096RawVerifier (const uint8_t * signingKey): RSARawVerifier (signingKey) 
+			{
+			}
+	};
 }
 }