Fixing verification issue for RSA encryption

README.md

@@ -32,4 +32,4 @@ We currently have the following implementations and languages, authors are liste
 - ipin.js (fakhrisati)
 - pin.java (@wadjaafar)
 - cli (@adonese)
-- ipin.java (@wadjaavar)
+- ipin.java (@wadjaafar)

rsa.go

@@ -15,9 +15,9 @@ import (
 	"crypto/sha256"
 	"crypto/x509"
 	"encoding/base64"
-	"encoding/hex"
 	"encoding/pem"
 	"fmt"
+	"log"
 	"os"
 )
 
@@ -162,43 +162,44 @@ func Sign(privkey string) (string, error) {
 // this is a rather very tricky api, but it is the only way we can ensure a simple way of authenticating our users
 //
 // pubkey is base64 string encoding for the public key!
-func Verify(pubkey string, payload string) (bool, error) {
+// [signature]: is base64 encoded
+// [message]: is the message that we want to sign
+func Verify(pubkey string, signature, message string) (bool, error) {
 
 	data, err := decode(pubkey)
 	if err != nil {
 		return false, err
 	}
+	signatureBase, _ := decode(signature)
 
 	block, _ := pem.Decode(data)
-	if block == nil {
-		panic("failed to parse PEM block containing the private key")
+	if block == nil || block.Type != "PUBLIC KEY" {
+		log.Fatal("failed to decode PEM block containing public key")
 	}
 
 	pub, err := x509.ParsePKIXPublicKey(block.Bytes)
 	if err != nil {
-		panic("failed to parse DER encoded private key: " + err.Error())
+		return false, err
 	}
 
-	message := []byte("message to be signed")
-	signature, _ := hex.DecodeString(payload)
-
 	// Only small messages can be signed directly; thus the hash of a
 	// message, rather than the message itself, is signed. This requires
 	// that the hash function be collision resistant. SHA-256 is the
 	// least-strong hash function that should be used for this at the time
 	// of writing (2016).
-	hashed := sha256.Sum256(message)
+	hashed := sha256.Sum256([]byte(message))
 	rsaPub := pub.(*rsa.PublicKey)
-	hashErr := rsa.VerifyPKCS1v15(rsaPub, crypto.SHA256, hashed[:], signature)
-	if err != nil {
+
+	if err := rsa.VerifyPKCS1v15(rsaPub, crypto.SHA256, hashed[:], signatureBase); err != nil {
 		fmt.Fprintf(os.Stderr, "Error from verification: %s\n", err)
-		return false, hashErr
+		return false, err
 	}
-
 	return true, nil
 }
 
 func decode(data string) ([]byte, error) {
+	res, _ := base64.StdEncoding.DecodeString(data)
+	fmt.Printf("%X", res)
 	return base64.StdEncoding.DecodeString(data)
 }
 

rsa_test.go

@@ -131,39 +131,36 @@ QCS3eL4elcKvcS1lhrZiNpK2yGNYdlqH4jku/lnnhW03mg==
 }
 
 func TestVerify(t *testing.T) {
-	pubKey := `
+	pubKey2 := `
 -----BEGIN PUBLIC KEY-----
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDR0lD1Fyia1GmodfSzKaiwhiZ0
-0OMcHjTy7cxZsENmLxO0i0RQ0o2PHqz+cMX2CEEpUEDIPatv3xuVln53S7NTMFxY
-h3RG12VafI3XtMZTNovcLuNp2CYPLz+/2IVvCktsTp9it3pDqB5MLNTWMSNWyuk3
-qiJkr3VctmXoxdRvFwIDAQAB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9wFa95QL5QEgA+IF3So/MaHAeTPMFD8FxK3KwUtuEWPypTzxhJQ3NtpZGwhLmfWCeSfqwpvGchz38b74/9gE16SL7Ef/WHlOtVFv8P4qYoW5a/cyTWxuxtwNC0oxYyRSc1FzlqiiZ0AVhwAPdXNjfpIhpCr6H9gdWeMcos7BAFSNzWsdEfgOulfI6trMpVem0IXVLaSuPcrWzsQQzEjG+r13tTxLFZM3f1PudgGBu3mF6TGIKiy58MO6AUvax9KFua0TQ/MurcS4visIqjcCZiYuyZ9S10sflU4vc5WWZwuhl/wdIePYlFiQVjprmzH7u0stgpKNp0pUhAruZQHloQIDAQAB
 -----END PUBLIC KEY-----`
-	signature := "388a6e734f7ff2171eb73f4cfc4e08bd30da6381c0083b8c477328842e1a48e00deaf995f2b145c32918c67b11f89e2917dae7b40cd70d89f02975009b291cce6b784acab9b9be54f3e44c5822722fc491d7bd96e15b4e88a43c61124f453cbd76e4aba1d4f95e3ec8c0efcbade7bc6b28fab76cb725a65652d92213c942b08d"
-	want := true
 
-	key := encode(pubKey)
+	signature2 := "NY18F9UxMi/kLPNII390EA3rPiiPq3BcPgoOUYgTqjtGWC4+B50SnKHJMjociHkdJ8HTd739TknPfE59Zhw1KfUFVQM+wZELm9Jg/uq7RW+KY0tKIliIl7To8XN8B1EoMDwLjvF5TUegOYF5UsQG69ypwM960OYx3sWl8FNfpjZS3K8WekVsbJLxjB5N74IeKBPQ044BnSdYojB9wzL4lyCRgErZUCpy/kifwANwiSkoXeynmDEpdLN/KJI6LnKRAQm0kKnSSwEYak8CG7n89u2U6Xgxqox/PimYSYtnC2RLktXUJbtu6LHU9ngYkWrrLczWrMuGNQMrnHgblQtx7g=="
+
+	message := "RAMI"
+	print(signature2)
+	data := encode(pubKey2)
+
 	type args struct {
 		pubkey  string
 		payload string
+		message string
 	}
 	tests := []struct {
-		name    string
-		args    args
-		want    bool
-		wantErr bool
+		name string
+		args args
 	}{
-		{"test-verify", args{pubkey: key, payload: signature}, want, false},
+		// {"test-verify", args{pubkey: key, payload: signature}, want, false},
+		{"test-verify-rammy", args{pubkey: data, payload: signature2, message: message}},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			got, err := Verify(tt.args.pubkey, tt.args.payload)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("Verify() error = %v, wantErr %v", err, tt.wantErr)
+			_, err := Verify(tt.args.pubkey, tt.args.payload, tt.args.message)
+			if err != nil {
+				t.Errorf("Verify() error = %v", err)
 				return
 			}
-			if got != tt.want {
-				t.Errorf("Verify() = %v, want %v", got, tt.want)
-			}
 		})
 	}
 }
@@ -206,3 +203,31 @@ QCS3eL4elcKvcS1lhrZiNpK2yGNYdlqH4jku/lnnhW03mg==
 		})
 	}
 }
+
+func Test_decode(t *testing.T) {
+	type args struct {
+		data string
+	}
+	key := "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9wFa95QL5QEgA+IF3So/MaHAeTPMFD8FxK3KwUtuEWPypTzxhJQ3NtpZGwhLmfWCeSfqwpvGchz38b74/9gE16SL7Ef/WHlOtVFv8P4qYoW5a/cyTWxuxtwNC0oxYyRSc1FzlqiiZ0AVhwAPdXNjfpIhpCr6H9gdWeMcos7BAFSNzWsdEfgOulfI6trMpVem0IXVLaSuPcrWzsQQzEjG+r13tTxLFZM3f1PudgGBu3mF6TGIKiy58MO6AUvax9KFua0TQ/MurcS4visIqjcCZiYuyZ9S10sflU4vc5WWZwuhl/wdIePYlFiQVjprmzH7u0stgpKNp0pUhAruZQHloQIDAQAB"
+	want := []byte("dsds")
+	tests := []struct {
+		name    string
+		args    args
+		want    []byte
+		wantErr bool
+	}{
+		{"rammy-key", args{data: key}, want, false},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := decode(tt.args.data)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("decode() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("decode() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}