gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libeufin] 01/02: implement A006 canonicalization

From: gnunet
Subject: [libeufin] 01/02: implement A006 canonicalization
Date: Mon, 18 Nov 2019 21:31:03 +0100 
This is an automated email from the git hooks/post-receive script.

dold pushed a commit to branch master
in repository libeufin.

commit 00317a0f36225bbae9450b4f66dac2cbfde90c7a
Author: Florian Dold <address@hidden>
AuthorDate: Wed Nov 13 18:31:30 2019 +0100

    implement A006 canonicalization
---
 .../main/kotlin/tech/libeufin/sandbox/CryptoUtil.kt | 17 +++++++++++++++--
 .../tech/libeufin/sandbox/EbicsProtocolBackend.kt   | 21 ++++++++++++++++-----
 2 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/sandbox/src/main/kotlin/tech/libeufin/sandbox/CryptoUtil.kt 
b/sandbox/src/main/kotlin/tech/libeufin/sandbox/CryptoUtil.kt
index f19d302..79ae3db 100644
--- a/sandbox/src/main/kotlin/tech/libeufin/sandbox/CryptoUtil.kt
+++ b/sandbox/src/main/kotlin/tech/libeufin/sandbox/CryptoUtil.kt
@@ -165,6 +165,13 @@ object CryptoUtil {
         return data
     }
 
+    /**
+     * Signing algorithm corresponding to the EBICS A006 signing process.
+     *
+     * Note that while [data] can be arbitrary-length data, in EBICS, the order
+     * data is *always* hashed *before* passing it to the signing algorithm, 
which again
+     * uses a hash internally.
+     */
     fun signEbicsA006(data: ByteArray, privateKey: RSAPrivateCrtKey): 
ByteArray {
         val signature = Signature.getInstance("SHA256withRSA/PSS", 
bouncyCastleProvider)
         signature.setParameter(PSSParameterSpec("SHA-256", "MGF1", 
MGF1ParameterSpec.SHA256, 32, 1))
@@ -181,8 +188,14 @@ object CryptoUtil {
         return signature.verify(sig)
     }
 
-    fun digestEbicsA006(data: ByteArray): ByteArray {
+    fun digestEbicsOrderA006(orderData: ByteArray): ByteArray {
         val digest = MessageDigest.getInstance("SHA-256")
-        return digest.digest(data)
+        for (b in orderData) {
+            when (b) {
+                '\r'.toByte(), '\n'.toByte(), (26).toByte() -> Unit
+                else -> digest.update(b)
+            }
+        }
+        return digest.digest()
     }
 }
diff --git 
a/sandbox/src/main/kotlin/tech/libeufin/sandbox/EbicsProtocolBackend.kt 
b/sandbox/src/main/kotlin/tech/libeufin/sandbox/EbicsProtocolBackend.kt
index f17f1ec..5ec537f 100644
--- a/sandbox/src/main/kotlin/tech/libeufin/sandbox/EbicsProtocolBackend.kt
+++ b/sandbox/src/main/kotlin/tech/libeufin/sandbox/EbicsProtocolBackend.kt
@@ -27,6 +27,7 @@ import io.ktor.request.receiveText
 import io.ktor.response.respond
 import io.ktor.response.respondText
 import org.apache.xml.security.binding.xmldsig.RSAKeyValueType
+import org.apache.xml.security.c14n.Canonicalizer
 import org.jetbrains.exposed.sql.and
 import org.jetbrains.exposed.sql.transactions.transaction
 import org.jetbrains.exposed.sql.upperCase
@@ -109,6 +110,11 @@ private suspend fun 
ApplicationCall.respondEbicsKeyManagement(
 
 
 private suspend fun ApplicationCall.handleEbicsHia(header: 
EbicsUnsecuredRequest.Header, orderData: ByteArray) {
+    val plainOrderData = InflaterInputStream(orderData.inputStream()).use {
+        it.readAllBytes()
+    }
+    println("hia order data: ${plainOrderData.toString(Charsets.UTF_8)}")
+
     val keyObject = 
EbicsOrderUtil.decodeOrderDataXml<HIARequestOrderData>(orderData)
     val encPubXml = keyObject.encryptionPubKeyInfo.pubKeyValue.rsaKeyValue
     val authPubXml = keyObject.authenticationPubKeyInfo.pubKeyValue.rsaKeyValue
@@ -140,6 +146,11 @@ private suspend fun ApplicationCall.handleEbicsHia(header: 
EbicsUnsecuredRequest
 
 
 private suspend fun ApplicationCall.handleEbicsIni(header: 
EbicsUnsecuredRequest.Header, orderData: ByteArray) {
+    val plainOrderData = InflaterInputStream(orderData.inputStream()).use {
+        it.readAllBytes()
+    }
+    println("ini order data: ${plainOrderData.toString(Charsets.UTF_8)}")
+
     val keyObject = 
EbicsOrderUtil.decodeOrderDataXml<SignatureTypes.SignaturePubKeyOrderData>(orderData)
     val sigPubXml = keyObject.signaturePubKeyInfo.pubKeyValue.rsaKeyValue
     val sigPub = CryptoUtil.loadRsaPublicKeyFromComponents(sigPubXml.modulus, 
sigPubXml.exponent)
@@ -661,14 +672,14 @@ suspend fun ApplicationCall.ebicsweb() {
                                     throw EbicsInvalidRequestError()
                                 }
 
+                                val customCanon = unzippedData.filter { it != 
'\r'.toByte() && it != '\n'.toByte() && it != (26).toByte()}.toByteArray()
+
                                 for (sig in sigs) {
                                     if (sig.signatureAlgorithm == "A006") {
-                                        val signedData = 
CryptoUtil.digestEbicsA006(unzippedData)
-                                        val res = 
CryptoUtil.verifyEbicsA006(sig.signatureValue.toByteArray(), signedData, 
clientSigPub)
-                                        println("VEU verification result: 
$res")
-                                        if (!res) {
+                                        val signedData = 
CryptoUtil.digestEbicsOrderA006(unzippedData)
+                                        val res1 = 
CryptoUtil.verifyEbicsA006(sig.signatureValue.toByteArray(), signedData, 
clientSigPub)
+                                        if (res1)
                                             throw EbicsInvalidRequestError()
-                                        }
                                     } else {
                                         throw NotImplementedError()
                                     }

-- 
To stop receiving notification emails like this one, please contact
address@hidden.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]