diff --git a/src/core/system_parameters/gnss_crypto.cc b/src/core/system_parameters/gnss_crypto.cc index f55b5f609..d3cd11380 100644 --- a/src/core/system_parameters/gnss_crypto.cc +++ b/src/core/system_parameters/gnss_crypto.cc @@ -34,6 +34,9 @@ #include #include #include +#include +#include +#include #define OPENSSL_ENGINE nullptr #else #include @@ -490,7 +493,7 @@ void Gnss_Crypto::readPublicKeyFromPEM(const std::string& pemFilePath) gnutls_pubkey_deinit(pubkey); #endif std::cout << "Public key successfully read from file " << pemFilePath << std::endl; - print_pubkey_hex(d_PublicKey); + //print_pubkey_hex(d_PublicKey); } @@ -545,7 +548,7 @@ bool Gnss_Crypto::verify_signature(const std::vector& message, const st #if USE_OPENSSL_3 EVP_PKEY_CTX* ctx; - print_pubkey_hex(d_PublicKey); + //print_pubkey_hex(d_PublicKey); ctx = EVP_PKEY_CTX_new(d_PublicKey, nullptr); bool do_operation = true; @@ -553,6 +556,42 @@ bool Gnss_Crypto::verify_signature(const std::vector& message, const st { do_operation = false; } + // convert raw signature into DER format, needed for verify_signature + size_t half_size = signature.size() / 2; + std::vector raw_r(signature.begin(), signature.begin() + half_size); + std::vector raw_s(signature.begin() + half_size, signature.end()); + + // Convert raw R and S to BIGNUMs + BIGNUM* r = BN_bin2bn(raw_r.data(), raw_r.size(), nullptr); + BIGNUM* s = BN_bin2bn(raw_s.data(), raw_s.size(), nullptr); + + ECDSA_SIG* sig = ECDSA_SIG_new(); + if (r == nullptr || s == nullptr || sig == nullptr) + { + std::cerr << "Failed to allocate memory for BIGNUMs or ECDSA_SIG" << std::endl; + return false; + } + + if (ECDSA_SIG_set0(sig, r, s) != 1) + { + std::cerr << "Failed to set R and S values in ECDSA_SIG" << std::endl; + ECDSA_SIG_free(sig); // Free the ECDSA_SIG struct as it's no longer needed + return false; + } + + std::vector derSignature; + unsigned char *derSig = nullptr; + int derSigLength = i2d_ECDSA_SIG(sig, &derSig); + + if (derSigLength <= 0) + { + std::cerr << "Failed to convert ECDSA_SIG to DER format" << std::endl; + return false; + } + + derSignature.assign(derSig, derSig + derSigLength); + + if (EVP_PKEY_verify_init(ctx) <= 0) { do_operation = false; @@ -564,9 +603,11 @@ bool Gnss_Crypto::verify_signature(const std::vector& message, const st int verification = 0; if (do_operation) { - verification = EVP_PKEY_verify(ctx, signature.data(), signature.size(), digest.data(), digest.size()); + verification = EVP_PKEY_verify(ctx, derSignature.data(), derSignature.size(), digest.data(), digest.size()); } EVP_PKEY_CTX_free(ctx); + OPENSSL_free(derSig); + ECDSA_SIG_free(sig); if (verification == 1) { success = true; @@ -682,7 +723,7 @@ void Gnss_Crypto::set_public_key(const std::vector& publicKey) << ". Aborting import" << std::endl; return; } - print_pubkey_hex(pkey); + //print_pubkey_hex(pkey); if(!pubkey_copy(pkey, &d_PublicKey)) return @@ -736,7 +777,6 @@ std::vector Gnss_Crypto::get_public_key() return {}; } - #if USE_OPENSSL_FALLBACK bool Gnss_Crypto::pubkey_copy(EVP_PKEY* src, EVP_PKEY** dest) { @@ -809,7 +849,7 @@ void Gnss_Crypto::print_pubkey_hex(EVP_PKEY* pubkey) static_cast(static_cast(mem_ptr->data[i])); } - std::cout << "Public key in hex format: 0x" << ss.str() << std::endl; + //std::cout << "Public key in hex format: 0x" << ss.str() << std::endl; BIO_free(mem_bio); }