signature verification
This commit is contained in:
@@ -1,4 +1,8 @@
|
|||||||
|
use std::io::Read;
|
||||||
|
|
||||||
use crate::messages_structure::HandshakeMessage;
|
use crate::messages_structure::HandshakeMessage;
|
||||||
|
use bytes::Bytes;
|
||||||
|
use p256::EncodedPoint;
|
||||||
use p256::ecdsa::{
|
use p256::ecdsa::{
|
||||||
Signature, SigningKey, VerifyingKey,
|
Signature, SigningKey, VerifyingKey,
|
||||||
signature::{Signer, Verifier},
|
signature::{Signer, Verifier},
|
||||||
@@ -9,6 +13,7 @@ use sha2::{Digest, Sha256};
|
|||||||
///
|
///
|
||||||
/// contains the ecdsa private key, the ecdsa public key and the username
|
/// contains the ecdsa private key, the ecdsa public key and the username
|
||||||
///
|
///
|
||||||
|
///
|
||||||
pub struct CryptographicSignature {
|
pub struct CryptographicSignature {
|
||||||
priv_key: SigningKey,
|
priv_key: SigningKey,
|
||||||
pub pub_key: VerifyingKey,
|
pub pub_key: VerifyingKey,
|
||||||
@@ -42,6 +47,53 @@ pub fn formatPubKey(crypto_pair: CryptographicSignature) -> String {
|
|||||||
hex::encode(pubkey_bytes)
|
hex::encode(pubkey_bytes)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub async fn get_peer_key(username: &String) -> Result<VerifyingKey, reqwest::Error> {
|
||||||
|
let client = reqwest::Client::new();
|
||||||
|
let uri = format!("https://jch.irif.fr:8443/peers/{}/key", username);
|
||||||
|
let res = client.get(uri).send().await?;
|
||||||
|
if res.status().is_success() {
|
||||||
|
println!("Successfully retreived the peers key.");
|
||||||
|
} else {
|
||||||
|
eprintln!(
|
||||||
|
"Failed to get the peers key from the server. Status: {}",
|
||||||
|
res.status()
|
||||||
|
);
|
||||||
|
}
|
||||||
|
let body: Bytes = res.bytes().await?;
|
||||||
|
let slice: &[u8] = body.as_ref();
|
||||||
|
let body_bytes: &[u8; 64] = slice.try_into().expect("size error");
|
||||||
|
let received_key = convert_verifyingkey(body_bytes);
|
||||||
|
Ok(received_key)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn convert_verifyingkey(raw_xy: &[u8; 64]) -> VerifyingKey {
|
||||||
|
let mut sec1 = [0u8; 65];
|
||||||
|
sec1[0] = 0x04;
|
||||||
|
sec1[1..].copy_from_slice(raw_xy);
|
||||||
|
|
||||||
|
let ep = EncodedPoint::from_bytes(&sec1).expect("invalid point bytes");
|
||||||
|
let pk = VerifyingKey::from_encoded_point(&ep).expect("invalid encoded point");
|
||||||
|
VerifyingKey::from(pk)
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn verify_signature(pubkey: VerifyingKey, message: &Vec<u8>) -> bool {
|
||||||
|
let length_bytes: [u8; 2] = message[5..7].try_into().expect("Taille incorrecte");
|
||||||
|
let length = u16::from_be_bytes(length_bytes);
|
||||||
|
println!("message length: {}", length);
|
||||||
|
let msg_to_hash = &message[..length as usize + 7];
|
||||||
|
let signature_bytes = &message[length as usize + 7..length as usize + 7 + 64];
|
||||||
|
println!("conversion start");
|
||||||
|
let sig = match Signature::from_bytes(signature_bytes.try_into().expect("conversion error")) {
|
||||||
|
Ok(s) => s,
|
||||||
|
Err(_) => return false,
|
||||||
|
};
|
||||||
|
println!("conversion done");
|
||||||
|
match pubkey.verify(&msg_to_hash, &sig) {
|
||||||
|
Ok(()) => true,
|
||||||
|
Err(_) => false,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
///
|
///
|
||||||
/// takes a serialized message and adds the signature using the private key
|
/// takes a serialized message and adds the signature using the private key
|
||||||
///
|
///
|
||||||
|
|||||||
@@ -104,7 +104,7 @@ pub fn start_p2p_executor(
|
|||||||
|
|
||||||
let messages_list = HashMap::<i32, EventType>::new();
|
let messages_list = HashMap::<i32, EventType>::new();
|
||||||
|
|
||||||
let username = String::from("Gamixtreize");
|
let username = String::from("az");
|
||||||
|
|
||||||
let crypto_pair = CryptographicSignature::new(username);
|
let crypto_pair = CryptographicSignature::new(username);
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,7 @@
|
|||||||
use crate::{
|
use crate::{
|
||||||
cryptographic_signature::{CryptographicSignature, sign_message},
|
cryptographic_signature::{
|
||||||
|
CryptographicSignature, get_peer_key, sign_message, verify_signature,
|
||||||
|
},
|
||||||
messages_channels::MultipleSenders,
|
messages_channels::MultipleSenders,
|
||||||
messages_structure::HandshakeMessage,
|
messages_structure::HandshakeMessage,
|
||||||
registration,
|
registration,
|
||||||
@@ -69,6 +71,20 @@ pub fn handle_recevied_message(
|
|||||||
None => {
|
None => {
|
||||||
let message_type = recevied_message[4];
|
let message_type = recevied_message[4];
|
||||||
if message_type == 1 {
|
if message_type == 1 {
|
||||||
|
println!("verify the signature");
|
||||||
|
let parsed_received_message = HandshakeMessage::parse(recevied_message.to_vec());
|
||||||
|
let received_name = String::from_utf8(parsed_received_message.name).expect("error");
|
||||||
|
let peer_pubkey = tokio::runtime::Runtime::new()
|
||||||
|
.unwrap()
|
||||||
|
.block_on(get_peer_key(&received_name))
|
||||||
|
.expect("failed to retrieve public key");
|
||||||
|
|
||||||
|
if !verify_signature(peer_pubkey, recevied_message) {
|
||||||
|
println!(
|
||||||
|
"incorrect signature from given peer: {}, ignoring message {}",
|
||||||
|
&received_name, id
|
||||||
|
);
|
||||||
|
} else {
|
||||||
let username_size = crypto_pair.username.len();
|
let username_size = crypto_pair.username.len();
|
||||||
let hello_handshake = HandshakeMessage::helloReply(
|
let hello_handshake = HandshakeMessage::helloReply(
|
||||||
id as u32,
|
id as u32,
|
||||||
@@ -89,6 +105,7 @@ pub fn handle_recevied_message(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
print!("Message not found for ID: {}", id)
|
print!("Message not found for ID: {}", id)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -7,12 +7,12 @@ pub struct UDPMessage {
|
|||||||
}
|
}
|
||||||
|
|
||||||
pub struct HandshakeMessage {
|
pub struct HandshakeMessage {
|
||||||
id: u32,
|
pub id: u32,
|
||||||
msg_type: u8,
|
msg_type: u8,
|
||||||
length: u16,
|
length: u16,
|
||||||
extensions: u32,
|
extensions: u32,
|
||||||
name: Vec<u8>,
|
pub name: Vec<u8>,
|
||||||
signature: Vec<u8>,
|
pub signature: Vec<u8>,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl UDPMessage {
|
impl UDPMessage {
|
||||||
@@ -130,9 +130,9 @@ impl HandshakeMessage {
|
|||||||
let extensions_bytes: [u8; 4] = received_message[7..11]
|
let extensions_bytes: [u8; 4] = received_message[7..11]
|
||||||
.try_into()
|
.try_into()
|
||||||
.expect("Taille incorrecte");
|
.expect("Taille incorrecte");
|
||||||
let name_bytes = &received_message[11..12 + msg_length as usize];
|
let name_bytes = &received_message[11..(11 + msg_length - 4) as usize];
|
||||||
let signature_bytes =
|
let signature_bytes =
|
||||||
&received_message[12 + msg_length as usize..(13 + msg_length + 32) as usize];
|
&received_message[(11 + msg_length - 4) as usize..(11 + msg_length - 4 + 64) as usize];
|
||||||
HandshakeMessage {
|
HandshakeMessage {
|
||||||
id: u32::from_be_bytes(id_bytes),
|
id: u32::from_be_bytes(id_bytes),
|
||||||
msg_type: received_message[4],
|
msg_type: received_message[4],
|
||||||
|
|||||||
@@ -48,7 +48,7 @@ pub async fn get_socket_address(username: String) -> Result<Bytes, reqwest::Erro
|
|||||||
println!("Successfully retreived the addresses.");
|
println!("Successfully retreived the addresses.");
|
||||||
} else {
|
} else {
|
||||||
eprintln!(
|
eprintln!(
|
||||||
"Failed to register with the server. Status: {}",
|
"Failed to get the peers addresses from the server. Status: {}",
|
||||||
res.status()
|
res.status()
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user