Lab 11 - Two Truths and a Lie = Signature Verification


Expand for the usual lab directions
  • Submit your completed lab online to CourSys (not Canvas, not GitHub).
    • Labs are marked on completion, not correctness, so complete each part to the best of your ability and learn.
    • Lab is due Sunday and may be submitted up to 3 days late. Further extensions possible only in exceptional cases.
  • It is recommended that students attend in-person lab sections for lots of support!
    • You are invited to come to any (or more than one) lab section.
    • There is no need to attend the section you are enrolled in.
    • There is no need to attend any lab sections: there is no attendance taken.
    • You can complete the lab on your own time or own computer if you like.
    • Time suggestions are given here to guide students who are working on the lab during lab times. However, the entire lab must be completed by everyone for marks.
  • While completing these labs, you are encouraged to help your classmates and receive as much help as you like. Assignments, however, are individual work and you must not work with another person on assignments.
    • I recommend coming to the lab and working with someone.
    • Failing that, I recommend getting together with someone in the class outside of lab time to work through the lab together.
    • Failing that, you are welcome to complete the lab exercise without any collaboration.
    • Each student must submit their lab to get marks.
    • Academic honesty expectations for labs are that each student types their own lab solution. It is OK to share ideas and help each others with specific coding issues and design. It is not permitted to submit another student's file for credit.
  • If using CSIL lab PC:
    • [Only CSIL PC] If in Windows, reboot to Linux; while booting, select Ubuntu from boot menu.
    • [Only CSIL PC] Don't setup GitHub tokens in the cmpt201 container because it may be shared with other users.
    • [Only CSIL PC] Delete any possible previous docker container before starting the lab:
      docker rm cmpt201
    • [Only CSIL PC] When done your lab, copy your solution out of the container, then execute the above docker command to delete your docker container to leave it clean for the next user.
  • You do not need to use record.


Goals for this lab

  • Able to write C code to verify a digital signature.
  • Investigate how changes to a document invalidate a digital signature.


Prerequisite Skills for This Lab

  • Read how to verify a message by its signature: OpenSSL Wiki re EVP Signing and Verifying.
    • Focus on the section about Asymmetric Key, specifically about Verifying a message digest.
    • You should really do this reading! It shows sample code (the first one under Verifying is very helpful)! Read the section, not just the code.
  • Good to have some initial familiarity with:
  • C Skills
    • Able to use files, arrays, pointers.
    • Able to compile, run, and debug C programs using CMake.


Task 1: Download & Compile

  1. Clone the Lab 11 starter project
     
  2. Compile and run the program. Use multiple terminals:
    • One for nvim.
    • One for compiling and running the code.
    • Others as desired!
    • Hint: The verifier program expects to find the messageN.txt and signaturen.sig files in the current folder. So you likely want to run it from the root of your lab11 folder: ./build/verifier


Task 2: Two Truths and a Lie

Complete the implementation for lab 11 (lab11.c):

  1. Read how to verify a message by its signature
    • Read OpenSSL Wiki re EVP Signing and Verifying.
    • Focus on the section about Asymmetric Key, specifically about Verifying a message digest.
    • You should really do this! They show sample code (the first one under Verifying is very helpful)! Read the section, not just the code.
       
  2. Make main() correctly load the public key.
    • Call the function PEM_read_PUBKEY().
      • Read up on PEM_read_PUBKEY.
      • Our public key does not have a passphrase so we don't need a cb callback, or the other parameters. So every parameter except the first can be NULL.
    • Hint - File You'll need to pass in a FILE* filestream for the "public_key.pem" file. How do you get one?
    • Make sure you check for errors on all function calls.
       
  3. Implement verify():
    • Read the documentation page on EVP_DigestVerifyFinal
      • You will need to call all three of the following functions listed there to setup and verify the signing:
        EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate(), EVP_DigestVerifyFinal().
    • Outline of steps:
      1. Read all data from the message_path file into the message array.
      2. Read all data from the sign_path file into the signature array.
      3. Allocate a new digest context using EVP_MD_CTX_new()
      4. On the digest, initialize it, update it, and verify it (using EVP_DigestVerify______() functions mentioned above).
      5. Close the digest using EVP_MD_CTX_free()
    • Hints to help you use the functions:
      • Hint - Order Start by calling the functions in the order listed above under steps. See sample code for link related to PEM_read_PUBKEY() above.
      • Hint - Create digest context EVP_MD_CTX_new() returns a digest context of type EVP_MD_CTX (name it mdctx to match the sample code) which the rest of the digest functions need to be passed.
      • Hint - Free digest context When you have finished with the message digest context (mdctx) you need to free it with EVP_MD_CTX_free().

         

  4. Build and run the program.
    • It will print out each of the messages and tell you if the message matches its message digest!

Task 3: Edit the Message and Signature

  1. Try editing each message just a little and see if it still passes verification.
    • Try something small, like changing a character to upper case.
       
  2. Try editing the signature a little (may be easiest in code to just change a value in the array after you have read it in vs editing the binary signature file).
    • Does it detect an error?
       
  3. Try editing the public key a little and see if it still passes verification.

Task 4. [Optional] Challenges

  1. Optional: New messages
    • Create your own public/private key and encode some new messages.
    • Play around with them to make some of them fail validation.
    • You will need to use external tools to create the digital signature for your own messages. You'll also need to use your own public-key and private-key.

Submission

Submit just your lab11.c C code to CourSys by Sunday midnight. The file name must be an exact match to what CourSys is expecting, otherwise it won't accept it. Remember you can submit up to 3 days late with no penalty if needed (but please plan to get it done on time to stay up to date on the course!)

Submissions will be marked for completion. You do not need to complete any optional steps.