Game Development Community

CryptoPP Auth. System Development Help.

by Robert Fritzen · in Technical Issues · 01/24/2011 (3:06 pm) · 21 replies

Hello, I think I've made mentions in a few places that I have created my own authentication system in source. However, I am now faced with an interesting C++ challenge, and I'm wondering if someone here knows how to patch it up.

Basically put, I've created what runs along the lines of an x509 Certificate scheme with no expiration on certificate time, eliminating the need for a 24/7 account/authentication server. I am more than willing to share my system with the community, heck I'll even resource the thing if you can help me solve this issue of mine, I'm using the open_SSL crypto library.

The key step in my system comes into play when a player tries to join a server, their account is pushed through a special function known as RSA_Verify, which verifies a client's account signature to ensure it is from a valid source. However, my issue comes with the title of the thread. Open_SSL requires that the signature be sent in "ASCII" format (0xHH). But, there seems to be one noticeable problem. When someone has a hex pair of 0x20 OR 0x00, the code places it in "Whitespace" format, which is incorrect, especially for 0x00 which absolutely must remain as 0x00. The true ASCII representation is more of a vertical rectangle object looking character. this is my code to convert hex into ASCII. I've already asked the people at cplusplus.com without any luck, so I was hoping someone here could enlighten me on this issue. 

char PGDCrypto::hexToAscii(char first, char second) {
	char hex[5], *stop;
	hex[0] = '0';
	hex[1] = 'x';
	hex[2] = first;
	hex[3] = second;
	hex[4] = 0;
	return strtol(hex, &stop, 16);
}

std::string PGDCrypto::hexToStr(std::string &input) {
   std::ostringstream output;
   int len = input.length();
   for (int i = 0; i < len; i += 2) {
      
	  output << hexToAscii((char)input[i], (char)input[i+1]);
   }
   return output.str();
}

So, my question is pretty simple. How can I get the output of 0x20 to be the correct symbol instead of the whitespace. Just for a reference, I do believe 0x00 also swaps to whitespace which is also incorrect.

Any help would be greatly appreciated, thanks!
NextNext Thread
PrevPrevious Thread
More from Technical Issues
Page«First 1 2 Next»

Torque Owner Robert Fritzen
Phantom Games Development
#21
02/04/2011 (10:02 am)
Alright, last problem to deal with, and then this system will be ready to go.

I need to create the client's signature in PHP, and then use this following code to verify it.

bool xxz568::caVerify(std::string message, std::string signature) {
   InvertibleRSAFunction certAuth;
   certAuth.SetModulus(Integer(CA_PUBLIC_KEY));

   cout << "CA MOD: " << certAuth.GetModulus() << endl;

   RSA::PublicKey publicKey(certAuth);
   std::string holder;

   try {
      RSASSA_PKCS1v15_SHA_Verifier verifier(publicKey);

      HexDecode(signature, holder);

      StringSource(message+holder, true,
          new SignatureVerificationFilter(
              verifier, NULL,
              SignatureVerificationFilter::THROW_EXCEPTION
         ) // SignatureVerificationFilter
      ); // StringSource
   }
   catch(std::exception e) {
      return false;
   }

   return true;
}

I've implemented phpseclib on my web server, and have tested the following code:

$rsa = new Crypt_RSA();

$plaintext = "texty";

$rsa->loadKey(CA_private());
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS);
$ciphertext = $rsa->sign($plaintext);

echo $ciphertext;
echo "<p>";
echo(bin2hex($ciphertext));

echo "<p>";

$rsa->loadKey(CA_public());
echo $rsa->verify($plaintext, $ciphertext);

It signs and verifies, however, when I load the hex result into the C++ side to test the C++ verification, it fails.

I'm wondering how to correctly sign my data in PHP where it is accepted by the C++ verification.
Page«First 1 2 Next»