public bool VerifyIdent(ClientCredits pTarget,
byte[] pachSignature, byte nInputSize,
uint dwForIP, byte byChaIPKind)
{
if (!IsCryptoAvailable)
{
pTarget.IdentState = IdentStateEnum.IS_NOTAVAILABLE;
return(false);
}
bool bResult;
try
{
RSAPKCS1SignatureDeformatter pubkey =
MpdObjectManager.CreateRSAPKCS1V15SHA1Verifier(pTarget.SecureIdent, pTarget.SecIDKeyLen);
// 4 additional bytes random data send from this client +5 bytes v2
byte[] abyBuffer = new byte[CreditStruct.MAXPUBKEYSIZE + 9];
Array.Copy(publicKey_, abyBuffer, publicKeyLen_);
uint challenge = pTarget.CryptRndChallengeFor;
Array.Copy(BitConverter.GetBytes(challenge), 0,
abyBuffer, publicKeyLen_, 4);
// v2 security improvments (not supported by 29b, not used as default by 29c)
byte nChIpSize = 0;
if (byChaIPKind != 0)
{
nChIpSize = 5;
uint ChallengeIP = 0;
switch (byChaIPKind)
{
case CRYPT_CIP_LOCALCLIENT:
ChallengeIP = dwForIP;
break;
case CRYPT_CIP_REMOTECLIENT:
if (MuleApplication.Instance.ServerConnect.ClientID == 0 ||
MuleApplication.Instance.ServerConnect.IsLowID)
{
ChallengeIP = MuleApplication.Instance.ServerConnect.LocalIP;
}
else
{
ChallengeIP = MuleApplication.Instance.ServerConnect.ClientID;
}
break;
case CRYPT_CIP_NONECLIENT: // maybe not supported in future versions
ChallengeIP = 0;
break;
}
Array.Copy(BitConverter.GetBytes(ChallengeIP), 0,
abyBuffer, publicKeyLen_ + 4, 4);
abyBuffer[publicKeyLen_ + 4 + 4] = byChaIPKind;
}
//v2 end
byte[] hash = new byte[publicKeyLen_ + 4 + nChIpSize];
Array.Copy(abyBuffer, hash, publicKeyLen_ + 4 + nChIpSize);
byte[] sign = new byte[nInputSize];
Array.Copy(pachSignature, sign, nInputSize);
bResult = pubkey.VerifySignature(hash, sign);
}
catch (Exception ex)
{
MpdUtilities.DebugLogError(ex);
bResult = false;
}
if (!bResult)
{
if (pTarget.IdentState == IdentStateEnum.IS_IDNEEDED)
{
pTarget.IdentState = IdentStateEnum.IS_IDFAILED;
}
}
else
{
pTarget.Verified(dwForIP);
}
return(bResult);
}
