Lab 11 - Two Truths and a Lie = Signature Verification

Goals for this lab

  • Able to write C code to verify a digital signature.
  • Investigate how changes to a document invalidate a digital signature.


Prerequisite Skills for This Lab

  • Read how to verify a message by its signature: OpenSSL Wiki re EVP Signing and Verifying.
    • Focus on the section about Asymmetric Key, specifically about Verifying a message digest.
    • You should really do this reading! It shows sample code (the first one under Verifying is very helpful)! Read the section, not just the code.
  • Good to have some initial familiarity with:
  • C Skills
    • Able to use files, arrays, pointers.
    • Able to compile, run, and debug C programs using CMake.


Task 1: Download & Compile

  1. Clone the Lab 11 starter project
    • Once you have the files, you are welcome to copy them elsewhere, such as your course-work repo.
       
  2. Compile and run the program. Use multiple terminals:
    • One for nvim.
    • One for compiling and running the code.
    • Others as desired!
    • Hint: The verifier program expects to find the messageN.txt and signaturen.sig files in the current folder. So you likely want to run it from the root of your lab11 folder: ./build/verifier


Task 2: Two Truths and a Lie

Complete the implementation for lab 11 (lab11.c):

  1. Read how to verify a message by its signature
    • Read OpenSSL Wiki re EVP Signing and Verifying.
    • Focus on the section about Asymmetric Key, specifically about Verifying a message digest.
    • You should really do this! They show sample code (the first one under Verifying is very helpful)! Read the section, not just the code.
       
  2. Make main() correctly load the public key.
    • Call the function PEM_read_PUBKEY().
      • Read up on PEM_read_PUBKEY.
      • Our public key does not have a passphrase so we don't need a cb callback, or the other parameters. So every parameter except the first can be NULL.
    • Hint - File You'll need to pass in a FILE* filestream for the "public_key.pem" file. How do you get one?
    • Make sure you check for errors on all function calls.
       
  3. Implement verify():
    • Read the documentation page on EVP_DigestVerifyFinal
      • You will need to call all three of the following functions listed there to setup and verify the signing:
        EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate(), EVP_DigestVerifyFinal().
    • Outline of steps:
      1. Read all data from the message_path file into the message array.
      2. Read all data from the sign_path file into the signature array.
      3. Allocate a new digest context using EVP_MD_CTX_new()
      4. On the digest, initialize it, update it, and verify it (using EVP_DigestVerify______() functions mentioned above).
      5. Close the digest using EVP_MD_CTX_free()
    • Hints to help you use the functions:
      • Hint - Order Start by calling the functions in the order listed above under steps. See sample code for link related to PEM_read_PUBKEY() above.
      • Hint - Create digest context EVP_MD_CTX_new() returns a digest context of type EVP_MD_CTX (name it mdctx to match the sample code) which the rest of the digest functions need to be passed.
      • Hint - Free digest context When you have finished with the message digest context (mdctx) you need to free it with EVP_MD_CTX_free().

         

  4. Build and run the program.
    • It will print out each of the messages and tell you if the message matches its message digest!

Task 3: Edit the Message and Signature

  1. Try editing each message just a little and see if it still passes verification.
    • Try something small, like changing a character to upper case.
       
  2. Try editing the signature a little (may be easiest in code to just change a value in the array after you have read it in vs editing the binary signature file).
    • Does it detect an error?
       
  3. Try editing the public key a little and see if it still passes verification.

Task 4. Optional Challenges

  1. Optional: New messages
    • Create your own public/private key and encode some new messages.
    • Play around with them to make some of them fail validation.
    • You will need to use external tools to create the digital signature for your own messages. You'll also need to use your own public-key and private-key.

Submission

Submit your lab11.c C code to CourSys; the file name must be an exact match to what CourSys is expecting, otherwise it won't accept it.

Submissions will be marked for completion. It must be valid C code that runs (however we are unlikely to actually compile and run the code). You do not need to complete any optional steps.