Browse Source

fix famtool in openssl 1.1

pull/48/head
Jeff Becker 7 years ago
parent
commit
177caa457c
No known key found for this signature in database
GPG Key ID: F357B3B42F6F9B05
  1. 105
      famtool.cpp

105
famtool.cpp

@ -56,36 +56,27 @@ static std::shared_ptr<Verifier> LoadCertificate (const std::string& filename)
if (family) family[0] = 0; if (family) family[0] = 0;
} }
auto pkey = X509_get_pubkey (cert); auto pkey = X509_get_pubkey (cert);
int keyType = EVP_PKEY_type(pkey->type);
switch (keyType) EC_KEY * ecKey = EVP_PKEY_get1_EC_KEY (pkey);
{ if (ecKey)
case EVP_PKEY_EC: {
auto group = EC_KEY_get0_group (ecKey);
if (group)
{ {
EC_KEY * ecKey = EVP_PKEY_get1_EC_KEY (pkey); int curve = EC_GROUP_get_curve_name (group);
if (ecKey) if (curve == NID_X9_62_prime256v1)
{ {
auto group = EC_KEY_get0_group (ecKey); uint8_t signingKey[64];
if (group) BIGNUM * x = BN_new(), * y = BN_new();
{ EC_POINT_get_affine_coordinates_GFp (group,
int curve = EC_GROUP_get_curve_name (group); EC_KEY_get0_public_key (ecKey), x, y, NULL);
if (curve == NID_X9_62_prime256v1) bn2buf (x, signingKey, 32);
{ bn2buf (y, signingKey + 32, 32);
uint8_t signingKey[64]; BN_free (x); BN_free (y);
BIGNUM * x = BN_new(), * y = BN_new(); verifier = std::make_shared<ECDSAP256Verifier>(signingKey);
EC_POINT_get_affine_coordinates_GFp (group,
EC_KEY_get0_public_key (ecKey), x, y, NULL);
bn2buf (x, signingKey, 32);
bn2buf (y, signingKey + 32, 32);
BN_free (x); BN_free (y);
verifier = std::make_shared<ECDSAP256Verifier>(signingKey);
}
}
EC_KEY_free (ecKey);
} }
} }
EC_KEY_free (ecKey);
default:
break;
} }
EVP_PKEY_free (pkey); EVP_PKEY_free (pkey);
} }
@ -100,39 +91,39 @@ static bool CreateFamilySignature (const std::string& family, const IdentHash& i
SSL_CTX * ctx = SSL_CTX_new (TLSv1_method ()); SSL_CTX * ctx = SSL_CTX_new (TLSv1_method ());
int ret = SSL_CTX_use_PrivateKey_file (ctx, filename.c_str (), SSL_FILETYPE_PEM); int ret = SSL_CTX_use_PrivateKey_file (ctx, filename.c_str (), SSL_FILETYPE_PEM);
if (ret) if (ret)
{ {
SSL * ssl = SSL_new (ctx); SSL * ssl = SSL_new (ctx);
EVP_PKEY * pkey = SSL_get_privatekey (ssl); EVP_PKEY * pkey = SSL_get_privatekey (ssl);
EC_KEY * ecKey = EVP_PKEY_get1_EC_KEY (pkey); EC_KEY * ecKey = EVP_PKEY_get1_EC_KEY (pkey);
if (ecKey) if (ecKey)
{
auto group = EC_KEY_get0_group (ecKey);
if (group)
{
int curve = EC_GROUP_get_curve_name (group);
if (curve == NID_X9_62_prime256v1)
{ {
auto group = EC_KEY_get0_group (ecKey); uint8_t signingPrivateKey[32], buf[50], signature[64];
if (group) bn2buf (EC_KEY_get0_private_key (ecKey), signingPrivateKey, 32);
{ ECDSAP256Signer signer (signingPrivateKey);
int curve = EC_GROUP_get_curve_name (group); size_t len = family.length ();
if (curve == NID_X9_62_prime256v1) memcpy (buf, family.c_str (), len);
{ memcpy (buf + len, (const uint8_t *)ident, 32);
uint8_t signingPrivateKey[32], buf[50], signature[64]; len += 32;
bn2buf (EC_KEY_get0_private_key (ecKey), signingPrivateKey, 32); signer.Sign (buf, len, signature);
ECDSAP256Signer signer (signingPrivateKey); len = Base64EncodingBufferSize (64);
size_t len = family.length (); char * b64 = new char[len+1];
memcpy (buf, family.c_str (), len); len = ByteStreamToBase64 (signature, 64, b64, len);
memcpy (buf + len, (const uint8_t *)ident, 32); b64[len] = 0;
len += 32; sig = b64;
signer.Sign (buf, len, signature); delete[] b64;
len = Base64EncodingBufferSize (64);
char * b64 = new char[len+1];
len = ByteStreamToBase64 (signature, 64, b64, len);
b64[len] = 0;
sig = b64;
delete[] b64;
}
else
return false;
}
} }
SSL_free (ssl); else
} return false;
}
}
SSL_free (ssl);
}
else else
return false; return false;
SSL_CTX_free (ctx); SSL_CTX_free (ctx);

Loading…
Cancel
Save