commit 2406c23ae98e4953fcf2daaaf19eeed47c9ababf
parent 2044092c4a68f3cdad2a7cf33ae8eec09e014302
Author: Christos Margiolis <christos@margiolis.net>
Date: Sun, 17 Apr 2022 01:56:53 +0300
done
Diffstat:
15 files changed, 103 insertions(+), 8 deletions(-)
diff --git a/c_security/ex1/doc/doc.pdf b/c_security/ex1/doc/doc.pdf
Binary files differ.
diff --git a/c_security/ex1/doc/doc.tex b/c_security/ex1/doc/doc.tex
@@ -247,6 +247,41 @@
\section{Δραστηριότητα 6: Μη-αυτόματη επαλήθευση πιστοποιητικού X.509}
-<++>
+Κατεβάζουμε το πιστοποιητικό της ιστοσελίδας margiolis.net:
+\begin{lstlisting}
+ $ openssl s_client -connect margiolis.net:443 -showcerts \
+ </dev/null 2>/dev/null | openssl x509 -outform pem > dat/c0.pem
+\end{lstlisting}
+
+Εξάγουμε το $e$:
+\begin{lstlisting}
+ $ openssl x509 -in dat/c0.pem -text -noout | grep 'Exponent' |
+ awk '{print $3}' | sed 's/(//;s/)//;s/0x//' > dat/cert.in
+\end{lstlisting}
+
+Εξάγουμε το $n$:
+\begin{lstlisting}
+ $ openssl x509 -in dat/c0.pem -noout -modulus |
+ sed 's/Modulus=//' >> dat/cert.in
+\end{lstlisting}
+
+Εξάγουμε την υπογραφή:
+\begin{lstlisting}
+ $ openssl x509 -in dat/c0.pem -text -noout \
+ -certopt ca_default -certopt no_validity \
+ -certopt no_serial -certopt no_subject \
+ -certopt no_extensions -certopt no_signame |
+ sed 1d | tr -d '[:space:]:' | sha256 >> dat/cert.in
+\end{lstlisting}
+
+Τέλος, επαληθεύουμε το πιστοποιητικό (το output είναι πολύ μεγάλο για να
+συμπεριληφθεί ολόκληρο):
+\begin{lstlisting}
+ $ ./verify dat/cert.in
+ e: 010001
+ n: B8CF8F..........1AE7F0DE351B
+ sign: E8230B...........AC59DF719
+ str: 46F35C99.........5034620EF8149AE
+\end{lstlisting}
\end{document}
diff --git a/c_security/ex1/src/dat/c0.pem b/c_security/ex1/src/dat/c0.pem
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGHjCCBQagAwIBAgISA35rGxyV+h1psty8B9uCUa1hMA0GCSqGSIb3DQEBCwUA
+MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
+EwJSMzAeFw0yMjAzMzEyMzAwNTlaFw0yMjA2MjkyMzAwNThaMBgxFjAUBgNVBAMT
+DW1hcmdpb2xpcy5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC4
+z4CQSQjYjeZoHLZiQGG2+9XsbIz9M7fzcwyzsB+acUK6LomlNUB0x8XF8xnY6v9u
+RxtV/ZpAGVrOPKANQAh9ZWAcm7J/q5QOgZwDO0KcdhtRHNMofxP/5Ma7LsgGqOB4
+U6p8qlgWqiAEyNU+jokxQnAZ2i9TUJbdmdrpbnOHSDvL1kfL4qiA97TRc5WFaFjY
+/pk2cqHfzQrWS4y4oWHZaED7r29B4Z85vaSiKJb1VItzgs8HBe269CqvgF3FvM4g
+PDRGgSjTt8ryrLA5AD0IzbWDsAnp77CEQe0aG9TotHk9rpcaG4cnPDOfNZ0pUZya
+nb38gigYXyJFPqea+nCCBDR4/OZzIUxkPoaC9YtY1bTmiRzZ1Sys5+627Nlv5dPV
+XSh3lu0uTxoLfcTD/9FAf5RJIYV0omejIqD8gvMp21VWSbEjZoVR6O1MRyBUD+mm
+llFhBxUzOYC1IlzU1KNJZ6MJpafsniXGe4o4PTXYe4/m+zKQAlyEtjnGaOfp/IQt
+yIikvu0HKEIzGTM/9CPBMVKsZiFP4+hrem/ZMDeLWNjqJhENXYm9nV3wvy7Gm1iG
+b2JVqDe/EMBBw3bWgLVqYwJ914bGk2orlIFuJOEJ6CA1z8cxwSAgnP9qERgUWZ85
+sILawdfybsQ+9phFK5dWFoKyvv9JHVvpCxrn8N41GwIDAQABo4ICRjCCAkIwDgYD
+VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV
+HRMBAf8EAjAAMB0GA1UdDgQWBBQjIAZ7KELShFNCQ9Gvze4DlCnpCDAfBgNVHSME
+GDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYB
+BQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDov
+L3IzLmkubGVuY3Iub3JnLzAYBgNVHREEETAPgg1tYXJnaW9saXMubmV0MEwGA1Ud
+IARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0
+dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBAgYKKwYBBAHWeQIEAgSB8wSB8ADu
+AHUAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAF/4mzauwAABAMA
+RjBEAiB7qaBRklEvvRTHPah13UsvWw0aknxrP2UOFDDpNtKYKwIgJUABh9WV9LWB
+mcoXo+yKTFSlh08ircH0Ilq7yR1ohlgAdQBGpVXrdfqRIDC1oolp9PN9ESxBdL79
+SbiFq/L8cP5tRwAAAX/ibNtiAAAEAwBGMEQCIA9+ka5iwpURx8XAIE5F4D2kfyRk
+fJYgwPvZUfEFevvjAiAnJRahE8yaCegzPEHLaJCXSgO5H1pgQTOGTihfNGD+MTAN
+BgkqhkiG9w0BAQsFAAOCAQEAJfJa4cuKE2rrdUQDFyg5xuRcTT7Y4Q6vJPVNwlBR
+mQMfiwZ9cO5QbUOJ+giTMQWfHh2eHtZYOkYt2cyzVTn1Sv4oHSQOnwtmiXPAlroN
+MVSuu8762dWXQ1hn8S1fBWSF7684gyY315uq+SMdvDV7dl/n3jzMuy9vN0dyvkq6
+c6F3PwKAfEcEGZZop/pgZKRxVo44fR7vuFKPf1RWvMC486Ynrj1efLpehgkFrPK8
+1+AVBgc3KzTfld4gs6ZoW5KKiYLAaHlnexi+eHYAPYXBb1wl8C/AcDvu1mIiiCy9
+G0fMOmI+B2OJ/fvJCBa/qCKt27gyMFJfSLyIbCL/X/b0Rw==
+-----END CERTIFICATE-----
diff --git a/c_security/ex1/src/dat/cert.in b/c_security/ex1/src/dat/cert.in
@@ -0,0 +1,3 @@
+10001
+B8CF80904908D88DE6681CB6624061B6FBD5EC6C8CFD33B7F3730CB3B01F9A7142BA2E89A5354074C7C5C5F319D8EAFF6E471B55FD9A40195ACE3CA00D40087D65601C9BB27FAB940E819C033B429C761B511CD3287F13FFE4C6BB2EC806A8E07853AA7CAA5816AA2004C8D53E8E8931427019DA2F535096DD99DAE96E7387483BCBD647CBE2A880F7B4D17395856858D8FE993672A1DFCD0AD64B8CB8A161D96840FBAF6F41E19F39BDA4A22896F5548B7382CF0705EDBAF42AAF805DC5BCCE203C34468128D3B7CAF2ACB039003D08CDB583B009E9EFB08441ED1A1BD4E8B4793DAE971A1B87273C339F359D29519C9A9DBDFC8228185F22453EA79AFA7082043478FCE673214C643E8682F58B58D5B4E6891CD9D52CACE7EEB6ECD96FE5D3D55D287796ED2E4F1A0B7DC4C3FFD1407F9449218574A267A322A0FC82F329DB555649B123668551E8ED4C4720540FE9A69651610715333980B5225CD4D4A34967A309A5A7EC9E25C67B8A383D35D87B8FE6FB3290025C84B639C668E7E9FC842DC888A4BEED0728423319333FF423C13152AC66214FE3E86B7A6FD930378B58D8EA26110D5D89BD9D5DF0BF2EC69B58866F6255A837BF10C041C376D680B56A63027DD786C6936A2B94816E24E109E82035CFC731C120209CFF6A111814599F39B082DAC1D7F26EC43EF698452B97561682B2BEFF491D5BE90B1AE7F0DE351B
+e823dd2570c1cc10a632402b592d227907f05a2dd8a3f2bb8152d0bac59df719
diff --git a/c_security/ex1/src/decrypt b/c_security/ex1/src/decrypt
Binary files differ.
diff --git a/c_security/ex1/src/decrypt.c b/c_security/ex1/src/decrypt.c
@@ -7,7 +7,7 @@
static const char *
read_line(FILE *fp)
{
- char buf[BUFSIZ];
+ char buf[2048];
if (fgets(buf, sizeof(buf), fp) == NULL)
err(1, "fgets");
diff --git a/c_security/ex1/src/encrypt b/c_security/ex1/src/encrypt
Binary files differ.
diff --git a/c_security/ex1/src/encrypt.c b/c_security/ex1/src/encrypt.c
@@ -8,7 +8,7 @@
static const char *
read_line(FILE *fp)
{
- char buf[BUFSIZ];
+ char buf[2048];
if (fgets(buf, sizeof(buf), fp) == NULL)
err(1, "fgets");
@@ -33,7 +33,7 @@ main(int argc, char *argv[])
BIGNUM *e, *n, *d;
FILE *fp;
int len = 0;
- char buf[BUFSIZ];
+ char buf[2048];
if (argc < 2) {
fprintf(stderr, "usage: %s input\n", *argv);
diff --git a/c_security/ex1/src/priv b/c_security/ex1/src/priv
Binary files differ.
diff --git a/c_security/ex1/src/priv.c b/c_security/ex1/src/priv.c
@@ -10,7 +10,7 @@ static char *argv0;
static const char *
read_line(FILE *fp)
{
- char buf[BUFSIZ];
+ char buf[2048];
if (fgets(buf, sizeof(buf), fp) == NULL)
err(1, "fgets");
diff --git a/c_security/ex1/src/sign b/c_security/ex1/src/sign
Binary files differ.
diff --git a/c_security/ex1/src/sign.c b/c_security/ex1/src/sign.c
@@ -8,7 +8,7 @@
static const char *
read_line(FILE *fp)
{
- char buf[BUFSIZ];
+ char buf[2048];
if (fgets(buf, sizeof(buf), fp) == NULL)
err(1, "fgets");
@@ -32,7 +32,7 @@ main(int argc, char *argv[])
BIGNUM *e, *n, *d, *c, *str, *sign;
FILE *fp;
int len = 0;
- char buf[BUFSIZ];
+ char buf[2048];
if (argc < 2) {
fprintf(stderr, "usage: %s input\n", *argv);
diff --git a/c_security/ex1/src/tests b/c_security/ex1/src/tests
@@ -26,3 +26,25 @@ echo
echo "exercise 5b:"
./verify dat/verify2.in | tail -1 | awk '{print $2}' | ./htoa
echo
+
+echo "exercise 6:"
+# fetch cert key
+openssl s_client -connect margiolis.net:443 -showcerts </dev/null 2>/dev/null |
+openssl x509 -outform pem > dat/c0.pem
+
+# extract e
+openssl x509 -in dat/c0.pem -text -noout | grep 'Exponent' |
+awk '{print $3}' | sed 's/(//;s/)//;s/0x//' > dat/cert.in
+
+# extract n
+openssl x509 -in dat/c0.pem -noout -modulus | sed 's/Modulus=//' >> dat/cert.in
+
+# extract signature
+openssl x509 -in dat/c0.pem -text -noout \
+ -certopt ca_default -certopt no_validity \
+ -certopt no_serial -certopt no_subject \
+ -certopt no_extensions -certopt no_signame |
+sed 1d | tr -d '[:space:]:' | sha256 >> dat/cert.in
+
+# finally..
+./verify dat/cert.in
diff --git a/c_security/ex1/src/verify b/c_security/ex1/src/verify
Binary files differ.
diff --git a/c_security/ex1/src/verify.c b/c_security/ex1/src/verify.c
@@ -7,7 +7,7 @@
static const char *
read_line(FILE *fp)
{
- char buf[BUFSIZ];
+ char buf[2048];
if (fgets(buf, sizeof(buf), fp) == NULL)
err(1, "fgets");
