📄 verify.c
字号:
#include <stdio.h>#include "openssl/rsa.h"#include <openssl/evp.h>#include <openssl/rand.h>#include <openssl/x509.h>#include <openssl/bio.h>#include <openssl/pem.h>#include "ldap.h"#include <lber.h>#define HOSTNAME "139.9.9.139"#define ROOT_ID "cn=root,dc=tjhn,dc=com"#define ROOT_PSW "secret"#define PORT_NUMBER 389/** * 读取公钥 * */static EVP_PKEY *read_publik_key(char * cert_data,int cert_len){ X509 *x; EVP_ENCODE_CTX ectx; EVP_EncodeInit(&ectx); x=X509_new(); d2i_X509(&x,(const unsigned char **)&cert_data,cert_len); EVP_PKEY *pk = X509_PUBKEY_get(X509_get_X509_PUBKEY(x)); // EVP_PKEY *pk = X509_PUBKEY_get(X509_get_X509_PUBKEY(x)); // ERR_print_errors_fp(stderr); X509_free(x); return pk;} //verify the in1 Byte'dataint Verify_rsa(RSA* rsa, unsigned char* data, int in1, unsigned char* signature, int siglen){ EVP_PKEY* pkey = EVP_PKEY_new(); EVP_PKEY_assign_RSA(pkey,rsa); EVP_MD_CTX ctx; //init context EVP_VerifyInit(&ctx, EVP_sha1()); //fill the data EVP_VerifyUpdate(&ctx, data, in1); //verify ,when the EVP_Verify function return 1,sucess int rtn = EVP_VerifyFinal(&ctx, signature, (unsigned int)siglen, pkey); EVP_PKEY_free(pkey); if (rtn ==1) rtn =0; else rtn =-1; return rtn; }/** * * 验证签名 * */int Verify(EVP_PKEY* pkey, unsigned char* data, int in1, unsigned char* signature, int siglen){ EVP_MD_CTX ctx; //init context EVP_VerifyInit(&ctx, EVP_sha1()); //fill the data EVP_VerifyUpdate(&ctx, data, in1); //verify ,when the EVP_Verify function return 1,sucess int rtn = EVP_VerifyFinal(&ctx, signature, (unsigned int)siglen, pkey); printf("Signature is(%s): ", (rtn == 1) ? "valid" : "invalid"); if (rtn!=1) ERR_print_errors_fp(stderr); return rtn; }/** * * * * */int get_LDAP_CERT(char *find,char *cert_data, unsigned long *cert_len){ LDAP*ld; LDAPMessage*result, *e; BerElement*ber; char*a; char**vals; int rc,version; /* Get a handle to an LDAP connection. */ if ((ld = ldap_init( HOSTNAME, PORT_NUMBER )) == NULL ) { perror( "ldap_init" ); return -1; } version = LDAP_VERSION3; ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version); /* Bind anonymously to the LDAP server. */ rc = ldap_bind_s(ld, ROOT_ID, ROOT_PSW, LDAP_AUTH_SIMPLE); if ( rc != LDAP_SUCCESS ) { fprintf(stderr, "ldap_simple_bind_s: %s\n", ldap_err2string(rc)); return -2; } /* Search for the entry. */ if ((rc = ldap_search_ext_s( ld, find, LDAP_SCOPE_BASE, "(objectclass=*)", NULL, 0, NULL, NULL, LDAP_NO_LIMIT, LDAP_NO_LIMIT, &result ) ) != LDAP_SUCCESS ) { fprintf(stderr, "ldap_search_ext_s: %s\n", ldap_err2string(rc)); return -3; } /* Since we are doing a base search, there should be only one matching entry. */ e = ldap_first_entry( ld, result ); if ( e != -1 ) { printf( "\nFound %s:\n\n", find ); /* Iterate through each attribute in the entry. */ for ( a = ldap_first_attribute( ld, e, &ber ); a != NULL; a = ldap_next_attribute( ld, e, ber ) ) { /* For each attribute, print the attribute name and values. */ if (strcmp(a,"userCertificate") <= 0) { ldap_memfree(a); continue; } if ((vals = ldap_get_values( ld, e, a)) != NULL ) { struct berval ** cert= ldap_get_values_len( ld, e, a); //第一个的长度 unsigned long lens = cert[0]->bv_len; bcopy(cert[0]->bv_val, cert_data, lens); *cert_len = lens; ldap_value_free( vals ); } ldap_memfree( a ); break; } if ( ber != -1 ) { ber_free( ber, 0 ); } } ldap_msgfree( result ); ldap_unbind( ld ); return 0; }char * getFind(char *usr_id){ char *str_find = malloc(1024); memset(str_find, 0, 1024); strcpy(str_find, "cn="); strcat(str_find, usr_id); strcat(str_find, ",dc=tjhn, dc=com"); return str_find;}/** * 获取证书 * */EVP_PKEY *get_USR_PK(char *usr_id){ long *cert_len; char *cert_data; cert_data = (char *)malloc(5000); memset(cert_data,0,5000); char * str_find = getFind(usr_id); int rtn = get_LDAP_CERT(str_find, cert_data, cert_len); if (rtn==0) { EVP_PKEY *pk = read_publik_key(cert_data, (int)*cert_len); return pk; } return NULL; }/** * int check_verify(char *data_file,char *sign_file)函数: * */int check_verify(char *usr_id,char *data_file,char *sign_file){ FILE *file; FILE *sigfile; EVP_PKEY* pkey = NULL; char *pbSignature; //signature int dwSigLen,frlens; char *pbBuffer= malloc(102400000); memset(pbBuffer,0,102400000); file=fopen(data_file,"rb"); if ( file == NULL ){ return -1; } frlens=fread(pbBuffer,sizeof(char),102400000,file); fclose(file); // 读出签名信息 sigfile=fopen(sign_file,"rb"); if ( sigfile == NULL ){ return -1; } fread(&dwSigLen, sizeof(unsigned long), 1, sigfile); (pbSignature=(char *)malloc(dwSigLen))==NULL; // 从源文件中读隐码. fread(pbSignature, 1, dwSigLen, sigfile); fclose(sigfile); pkey = get_USR_PK(usr_id); OpenSSL_add_all_algorithms(); ERR_load_ERR_strings(); ERR_load_crypto_strings(); int rtn = Verify(pkey, pbBuffer,frlens, pbSignature, dwSigLen); return rtn;}/** * * * */int public_encrypt(char *usr_id,char *data,int data_len,char *enc_data){ EVP_PKEY *pkey; int key_len=0,enc_key_len=0; char key[512], enc_key[2048]; memset(key, 0, 512); memset(enc_key, 0, 2048); if (strlen(data)>512) { printf("data长度必需小于512字节.\n"); return -2; } OpenSSL_add_all_algorithms(); ERR_load_ERR_strings(); ERR_load_crypto_strings(); //ERR_print_errors_fp(stderr); strcpy(key, data); key_len = strlen(key); pkey = get_USR_PK(usr_id); if (pkey == NULL) { return -5; } enc_key_len = EVP_PKEY_encrypt(enc_key, key, key_len, pkey); if (enc_key_len ==-1) { printf("公钥类型不是RSA.\n"); return -1; //如果公钥类型不是RSA,那么本函数返回-1 } return enc_key_len;}int main(){ char *enc_str; FILE *enc_file; char *usr_id = "stringcn"; int len = public_encrypt(usr_id, "12345678", 8, enc_str); enc_file=fopen("/root/enc_file.txt","wb"); //fwrite(&slen, sizeof(), 1, enc_file); fwrite(enc_str, 1, 128, enc_file); fclose(enc_file); //get_LDAP_CERT_check("bernard","/root/AdbeRdr810_zh_CN.msi", "/root/signfile.txt"); return (0);}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -