|
|
|
@ -56,40 +56,31 @@ static std::shared_ptr<Verifier> LoadCertificate (const std::string& filename) |
|
|
|
if (family) family[0] = 0; |
|
|
|
if (family) family[0] = 0; |
|
|
|
} |
|
|
|
} |
|
|
|
auto pkey = X509_get_pubkey (cert); |
|
|
|
auto pkey = X509_get_pubkey (cert); |
|
|
|
int keyType = EVP_PKEY_type(pkey->type); |
|
|
|
|
|
|
|
switch (keyType) |
|
|
|
EC_KEY * ecKey = EVP_PKEY_get1_EC_KEY (pkey); |
|
|
|
{ |
|
|
|
if (ecKey) |
|
|
|
case EVP_PKEY_EC: |
|
|
|
{ |
|
|
|
|
|
|
|
auto group = EC_KEY_get0_group (ecKey); |
|
|
|
|
|
|
|
if (group) |
|
|
|
{ |
|
|
|
{ |
|
|
|
EC_KEY * ecKey = EVP_PKEY_get1_EC_KEY (pkey); |
|
|
|
int curve = EC_GROUP_get_curve_name (group); |
|
|
|
if (ecKey) |
|
|
|
if (curve == NID_X9_62_prime256v1) |
|
|
|
{ |
|
|
|
{ |
|
|
|
auto group = EC_KEY_get0_group (ecKey); |
|
|
|
uint8_t signingKey[64]; |
|
|
|
if (group) |
|
|
|
BIGNUM * x = BN_new(), * y = BN_new(); |
|
|
|
{ |
|
|
|
EC_POINT_get_affine_coordinates_GFp (group, |
|
|
|
int curve = EC_GROUP_get_curve_name (group); |
|
|
|
EC_KEY_get0_public_key (ecKey), x, y, NULL); |
|
|
|
if (curve == NID_X9_62_prime256v1) |
|
|
|
bn2buf (x, signingKey, 32); |
|
|
|
{ |
|
|
|
bn2buf (y, signingKey + 32, 32); |
|
|
|
uint8_t signingKey[64]; |
|
|
|
BN_free (x); BN_free (y); |
|
|
|
BIGNUM * x = BN_new(), * y = BN_new(); |
|
|
|
verifier = std::make_shared<ECDSAP256Verifier>(signingKey); |
|
|
|
EC_POINT_get_affine_coordinates_GFp (group, |
|
|
|
|
|
|
|
EC_KEY_get0_public_key (ecKey), x, y, NULL); |
|
|
|
|
|
|
|
bn2buf (x, signingKey, 32); |
|
|
|
|
|
|
|
bn2buf (y, signingKey + 32, 32); |
|
|
|
|
|
|
|
BN_free (x); BN_free (y); |
|
|
|
|
|
|
|
verifier = std::make_shared<ECDSAP256Verifier>(signingKey); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
EC_KEY_free (ecKey); |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
EC_KEY_free (ecKey); |
|
|
|
default: |
|
|
|
|
|
|
|
break; |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
EVP_PKEY_free (pkey); |
|
|
|
EVP_PKEY_free (pkey); |
|
|
|
} |
|
|
|
} |
|
|
|
SSL_free (ssl); |
|
|
|
SSL_free (ssl); |
|
|
|
} |
|
|
|
} |
|
|
|
SSL_CTX_free (ctx); |
|
|
|
SSL_CTX_free (ctx); |
|
|
|
return verifier; |
|
|
|
return verifier; |
|
|
|
@ -100,44 +91,44 @@ static bool CreateFamilySignature (const std::string& family, const IdentHash& i |
|
|
|
SSL_CTX * ctx = SSL_CTX_new (TLSv1_method ()); |
|
|
|
SSL_CTX * ctx = SSL_CTX_new (TLSv1_method ()); |
|
|
|
int ret = SSL_CTX_use_PrivateKey_file (ctx, filename.c_str (), SSL_FILETYPE_PEM); |
|
|
|
int ret = SSL_CTX_use_PrivateKey_file (ctx, filename.c_str (), SSL_FILETYPE_PEM); |
|
|
|
if (ret) |
|
|
|
if (ret) |
|
|
|
{ |
|
|
|
{ |
|
|
|
SSL * ssl = SSL_new (ctx); |
|
|
|
SSL * ssl = SSL_new (ctx); |
|
|
|
EVP_PKEY * pkey = SSL_get_privatekey (ssl); |
|
|
|
EVP_PKEY * pkey = SSL_get_privatekey (ssl); |
|
|
|
EC_KEY * ecKey = EVP_PKEY_get1_EC_KEY (pkey); |
|
|
|
EC_KEY * ecKey = EVP_PKEY_get1_EC_KEY (pkey); |
|
|
|
if (ecKey) |
|
|
|
if (ecKey) |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
auto group = EC_KEY_get0_group (ecKey); |
|
|
|
|
|
|
|
if (group) |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
int curve = EC_GROUP_get_curve_name (group); |
|
|
|
|
|
|
|
if (curve == NID_X9_62_prime256v1) |
|
|
|
{ |
|
|
|
{ |
|
|
|
auto group = EC_KEY_get0_group (ecKey); |
|
|
|
uint8_t signingPrivateKey[32], buf[50], signature[64]; |
|
|
|
if (group) |
|
|
|
bn2buf (EC_KEY_get0_private_key (ecKey), signingPrivateKey, 32); |
|
|
|
{ |
|
|
|
ECDSAP256Signer signer (signingPrivateKey); |
|
|
|
int curve = EC_GROUP_get_curve_name (group); |
|
|
|
size_t len = family.length (); |
|
|
|
if (curve == NID_X9_62_prime256v1) |
|
|
|
memcpy (buf, family.c_str (), len); |
|
|
|
{ |
|
|
|
memcpy (buf + len, (const uint8_t *)ident, 32); |
|
|
|
uint8_t signingPrivateKey[32], buf[50], signature[64]; |
|
|
|
len += 32; |
|
|
|
bn2buf (EC_KEY_get0_private_key (ecKey), signingPrivateKey, 32); |
|
|
|
signer.Sign (buf, len, signature); |
|
|
|
ECDSAP256Signer signer (signingPrivateKey); |
|
|
|
len = Base64EncodingBufferSize (64); |
|
|
|
size_t len = family.length (); |
|
|
|
char * b64 = new char[len+1]; |
|
|
|
memcpy (buf, family.c_str (), len); |
|
|
|
len = ByteStreamToBase64 (signature, 64, b64, len); |
|
|
|
memcpy (buf + len, (const uint8_t *)ident, 32); |
|
|
|
b64[len] = 0; |
|
|
|
len += 32; |
|
|
|
sig = b64; |
|
|
|
signer.Sign (buf, len, signature); |
|
|
|
delete[] b64; |
|
|
|
len = Base64EncodingBufferSize (64); |
|
|
|
} |
|
|
|
char * b64 = new char[len+1]; |
|
|
|
else |
|
|
|
len = ByteStreamToBase64 (signature, 64, b64, len); |
|
|
|
return false; |
|
|
|
b64[len] = 0; |
|
|
|
} |
|
|
|
sig = b64; |
|
|
|
} |
|
|
|
delete[] b64; |
|
|
|
SSL_free (ssl); |
|
|
|
} |
|
|
|
} |
|
|
|
else |
|
|
|
|
|
|
|
return false; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
SSL_free (ssl); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
else |
|
|
|
else |
|
|
|
return false; |
|
|
|
return false; |
|
|
|
SSL_CTX_free (ctx); |
|
|
|
SSL_CTX_free (ctx); |
|
|
|
return true; |
|
|
|
return true; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
int main(int argc, char * argv[]) |
|
|
|
int main(int argc, char * argv[]) |
|
|
|
{ |
|
|
|
{ |
|
|
|
|
Jeff Becker
7 years ago