public bool VerifyIdent(ClientCredits pTarget, byte[] pachSignature, byte nInputSize, uint dwForIP, byte byChaIPKind) { if (!IsCryptoAvailable) { pTarget.IdentState = IdentStateEnum.IS_NOTAVAILABLE; return(false); } bool bResult; try { RSAPKCS1SignatureDeformatter pubkey = MpdObjectManager.CreateRSAPKCS1V15SHA1Verifier(pTarget.SecureIdent, pTarget.SecIDKeyLen); // 4 additional bytes random data send from this client +5 bytes v2 byte[] abyBuffer = new byte[CreditStruct.MAXPUBKEYSIZE + 9]; Array.Copy(publicKey_, abyBuffer, publicKeyLen_); uint challenge = pTarget.CryptRndChallengeFor; Array.Copy(BitConverter.GetBytes(challenge), 0, abyBuffer, publicKeyLen_, 4); // v2 security improvments (not supported by 29b, not used as default by 29c) byte nChIpSize = 0; if (byChaIPKind != 0) { nChIpSize = 5; uint ChallengeIP = 0; switch (byChaIPKind) { case CRYPT_CIP_LOCALCLIENT: ChallengeIP = dwForIP; break; case CRYPT_CIP_REMOTECLIENT: if (MuleApplication.Instance.ServerConnect.ClientID == 0 || MuleApplication.Instance.ServerConnect.IsLowID) { ChallengeIP = MuleApplication.Instance.ServerConnect.LocalIP; } else { ChallengeIP = MuleApplication.Instance.ServerConnect.ClientID; } break; case CRYPT_CIP_NONECLIENT: // maybe not supported in future versions ChallengeIP = 0; break; } Array.Copy(BitConverter.GetBytes(ChallengeIP), 0, abyBuffer, publicKeyLen_ + 4, 4); abyBuffer[publicKeyLen_ + 4 + 4] = byChaIPKind; } //v2 end byte[] hash = new byte[publicKeyLen_ + 4 + nChIpSize]; Array.Copy(abyBuffer, hash, publicKeyLen_ + 4 + nChIpSize); byte[] sign = new byte[nInputSize]; Array.Copy(pachSignature, sign, nInputSize); bResult = pubkey.VerifySignature(hash, sign); } catch (Exception ex) { MpdUtilities.DebugLogError(ex); bResult = false; } if (!bResult) { if (pTarget.IdentState == IdentStateEnum.IS_IDNEEDED) { pTarget.IdentState = IdentStateEnum.IS_IDFAILED; } } else { pTarget.Verified(dwForIP); } return(bResult); }