Thread: dsa signing and verifying

  1. #1
    Registered User
    Join Date
    May 2009
    Posts
    27

    dsa signing and verifying

    Im writing a program that is supposed to sign a file and then verify a file. Basically your supposed to put in three command prompts,one to indicate whether you want to sign or verify,another for the file to be signed or verified and for another file to be written to, meaning if you sign text.txt it will go to text.bin.Its sort of like if it was encrypting text.txt,the encrypted version would be written to encrypt.txt. My main problem is i dont know if im using the write arguments to write data to a file.

    If anyone can help,id appreciate it.

    Code:
    #include<stdio.h>
    #include<string.h>
    #include<openssl/evp.h>
    #include<openssl/dsa.h>
    
    int main (int argc , char ** argv )
    
    {
    EVP_MD_CTX ctx;
    DSA *dsa ;
    char choice;
    unsigned char *sig;
    int len , siglen,size ;
    char *buf;
    unsigned char md[ EVP_MAX_MD_SIZE ];
    FILE *file;
    
    /* Compute the SHA1 digest of str */
    
    EVP_DigestInit (& ctx , EVP_sha1 ());
    EVP_DigestUpdate (& ctx , file , strlen (file ));
    EVP_DigestFinal (& ctx , md , &len );
    
    file=fopen(argv[2],"r");
    fseek(file,0,SEEK_END);
    size=ftell(file);
    buf=(char *)malloc(size);
    fread(buf,1,size,file);
    fclose(file);
    
    
    /* Generate DSA parameters */
    
    dsa = DSA_generate_parameters (1024 , NULL , NULL , NULL , NULL ,NULL , NULL );
    
    /* Generate DSA keys */
    
    DSA_generate_key (dsa );
    
    /* Allocate buffer space for signature */
    
    sig = ( unsigned char *) malloc ( DSA_size (dsa ));
    
    if(choice=="sign")
    { 
    DSA_sign (file , md , len , sig , &siglen , dsa );
    write_data(argv[3],buf,size);
    }
    else if(choice=="verify")
    { 
    if ( DSA_verify (file , md , len , sig , siglen , dsa) == 1)
    printf (" Signature is verified !\n");
    else
    printf (" Signature verification failed ...\ n");
    write_data(argv[3],buf,size);
    }
    /* Destroy the DSA object */
    DSA_free (dsa );
    
    return 0;
    }
    Last edited by kakashi316; 05-03-2012 at 12:42 PM.

  2. #2
    Registered User
    Join Date
    Nov 2010
    Location
    Long Beach, CA
    Posts
    5,909
    You have a lot of problems

    • What was wrong with your other thread that covered the exact same program? Here it is for anybody who wants any background: segmentation fault issue.
    • Your indentation is crap. Fix it. Read this: http://sourceforge.net/apps/mediawik...le=Indentation. Then, pick one of the first 3 styles mentioned here: Indent style - Wikipedia, the free encyclopedia. Adhere to those rules strictly, so your code is uniform and easy to read. Hard to read code means bugs are easy to make and hard to find or fix.
    • Where is your write_data function? You're having trouble writing data, but fail to provide the code that does any writing.
    • Did you even try to compile this? It's full of errors. Turn the warnings all the way up on your compiler, and fix them all. Below is what my compiler generated.
    • You need to make sure argv[2] and argv[3] are valid before using them. Why aren't you using argv[1]? Pearhaps read this: FAQ > Accessing command line parameters/arguments - Cprogramming.com.
    • You can't use strlen on a FILE * (line 21).
    • You need to check the return value of fopen before doing anything with the file. If it returned NULL, print an error and exit.
    • You are calling EVP_DigestUpdate with file, when file hasn't been opened yet.
    • You can't compare strings with == (lines 44 and 49). Also on those lines, choice is a char, not a char array/string, so you can't use strcmp with it. Study up on strings in C


    I'm stopping there, you have a ton of work to do. Post back with your new (properly indented!) code when you've fixed every issue in the above list as well as all the warnings listed below.
    Code:
    $ make sign
    gcc -Wall -g -std=c99  -lssl -lm -lpthread -lcurses -lefence  sign.c   -o sign
    sign.c: In function ‘main’:
    sign.c:21: warning: passing argument 1 of ‘strlen’ from incompatible pointer type
    /usr/include/string.h:397: note: expected ‘const char *’ but argument is of type ‘struct FILE *’
    sign.c:22: warning: pointer targets in passing argument 3 of ‘EVP_DigestFinal’ differ in signedness
    /usr/include/openssl/evp.h:562: note: expected ‘unsigned int *’ but argument is of type ‘int *’
    sign.c:34: warning: passing argument 3 of ‘DSA_generate_parameters’ makes integer from pointer without a cast
    /usr/include/openssl/dsa.h:241: note: expected ‘int’ but argument is of type ‘void *’
    sign.c:44: warning: comparison between pointer and integer
    sign.c:44: warning: comparison with string literal results in unspecified behavior
    sign.c:46: warning: passing argument 1 of ‘DSA_sign’ makes integer from pointer without a cast
    /usr/include/openssl/dsa.h:226: note: expected ‘int’ but argument is of type ‘struct FILE *’
    sign.c:46: warning: pointer targets in passing argument 5 of ‘DSA_sign’ differ in signedness
    /usr/include/openssl/dsa.h:226: note: expected ‘unsigned int *’ but argument is of type ‘int *’
    sign.c:47: warning: implicit declaration of function ‘write_data’
    sign.c:49: warning: comparison between pointer and integer
    sign.c:49: warning: comparison with string literal results in unspecified behavior
    sign.c:51: warning: passing argument 1 of ‘DSA_verify’ makes integer from pointer without a cast
    /usr/include/openssl/dsa.h:228: note: expected ‘int’ but argument is of type ‘struct FILE *’
    sign.c:54:21: warning: unknown escape sequence: '\040'
    sign.c:21: warning: ‘file’ is used uninitialized in this function
    sign.c:44: warning: ‘choice’ is used uninitialized in this function
    /tmp/ccaRBBxP.o: In function `main':
    /home/tyco/sandbox/cprogramming/sign.c:47: undefined reference to `write_data'
    /home/tyco/sandbox/cprogramming/sign.c:55: undefined reference to `write_data'

  3. #3
    Registered User
    Join Date
    Dec 2007
    Posts
    2,675
    You know what? If you don't know what the difference is between a char and a C-string, then you are far from ready to me messing with the OpenSSL library.

  4. #4
    Registered User
    Join Date
    May 2009
    Posts
    27
    Ok,ill admit that my last code was not the best code that I could write and I have made corrections. I still need help trying to pass a file through the sign/verify functions and then write the result to another file. I am very well aware that I am programming inept,but I wouldnt be on this forum if I was a master. So,any help is appreciated.
    Code:
    #include<stdio.h>
    #include<string.h>
    #include<openssl/evp.h>
    #include<openssl/dsa.h>
    
    int main (int argc , char ** argv )
    {
    
    EVP_MD_CTX ctx;
    DSA *dsa ;
    int choice;
    unsigned char *sig;
    int len , siglen,size ;
    char *buf;
    unsigned char md[ EVP_MAX_MD_SIZE ];
    FILE *file;
    FILE *file2;
    
    
    /* Generate DSA parameters */
    
    dsa = DSA_generate_parameters (1024 , NULL , NULL , NULL , NULL ,NULL , NULL );
    
    /* Generate DSA keys */
    
    DSA_generate_key (dsa );
    
    /* Allocate buffer space for signature */
    
    sig = ( unsigned char *) malloc ( DSA_size (dsa ));
    
    
    
    if(choice==1)
    {
       file=fopen(argv[1],"r");
       DSA_sign (NULL , md , len , sig , &siglen , dsa );
       fclose(file);
       file2=fopen(argv[2],"w");
       FILE file;
       fclose(file2);
    }
    else if(choice==2)
    {
       file=fopen(argv[1],"r");
       DSA_verify (NULL, md , len , sig , siglen , dsa);
       fclose(file);
       file2=fopen(argv[2],"w");
       FILE file;
       fclose(file2);
    }
    
    /* Destroy the DSA object */
    
    DSA_free (dsa );
    
    return 0;
    
    }

  5. #5
    Registered User
    Join Date
    Nov 2010
    Location
    Long Beach, CA
    Posts
    5,909
    Like rags_to_riches said, you are not ready to work with the OpenSSL library. You need to work on your C fundamentals. We have a tutorial here (C Tutorial - Learn C - Cprogramming.com), and Google will turn up lots more. Work through a few different tutorials (you could do this in a day), and all the practice exercises. You need a solid understanding of file handling, strings and arrays, especially as for how they relate to strings. While not necessary, it might be very useful to study dynamic memory allocation too.

    That is all the help you will get for now. Once you show you have a solid grasp of these topics, then we can resume discussion of DSA signing and OpenSSL library stuff. But I strongly suspect that once you understand those basic C concepts, you wont really need our help.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Signing off.
    By abachler in forum General Discussions
    Replies: 10
    Last Post: 03-16-2010, 07:32 PM
  2. verifying image compression
    By elninio in forum C++ Programming
    Replies: 2
    Last Post: 06-17-2008, 07:36 PM
  3. Signing an ActiveX cab?
    By Mastadex in forum Windows Programming
    Replies: 0
    Last Post: 05-28-2007, 02:46 PM
  4. Verifying int with while(!(cin >> num))
    By motarded in forum C++ Programming
    Replies: 3
    Last Post: 02-26-2006, 10:37 PM
  5. signing 'if statements' to 'arrays'
    By Machewy in forum C++ Programming
    Replies: 1
    Last Post: 04-05-2003, 05:18 PM