Browse Source

use EVP_PKEY for signing

pull/2108/head
orignal 3 months ago
parent
commit
88a5f8b125
  1. 49
      libi2pd/Family.cpp

49
libi2pd/Family.cpp

@ -136,35 +136,30 @@ namespace data @@ -136,35 +136,30 @@ namespace data
if (ret)
{
SSL * ssl = SSL_new (ctx);
EVP_PKEY * pkey = SSL_get_privatekey (ssl);
EC_KEY * ecKey = EVP_PKEY_get1_EC_KEY (pkey);
if (ecKey)
auto pkey = SSL_get_privatekey (ssl);
if (pkey)
{
auto group = EC_KEY_get0_group (ecKey);
if (group)
uint8_t buf[100], signature[128];
size_t len = family.length ();
memcpy (buf, family.c_str (), len);
memcpy (buf + len, (const uint8_t *)ident, 32);
len += 32;
size_t l = 128;
EVP_MD_CTX * mdctx = EVP_MD_CTX_create ();
EVP_DigestSignInit (mdctx, NULL, NULL, NULL, pkey);
if (EVP_DigestSign (mdctx, signature, &l, buf, len))
{
int curve = EC_GROUP_get_curve_name (group);
if (curve == NID_X9_62_prime256v1)
{
uint8_t signingPrivateKey[32], buf[50], signature[64];
i2p::crypto::bn2buf (EC_KEY_get0_private_key (ecKey), signingPrivateKey, 32);
i2p::crypto::ECDSAP256Signer signer (signingPrivateKey);
size_t len = family.length ();
memcpy (buf, family.c_str (), len);
memcpy (buf + len, (const uint8_t *)ident, 32);
len += 32;
signer.Sign (buf, len, signature);
len = Base64EncodingBufferSize (64);
char * b64 = new char[len+1];
len = ByteStreamToBase64 (signature, 64, b64, len);
b64[len] = 0;
sig = b64;
delete[] b64;
}
else
LogPrint (eLogWarning, "Family: elliptic curve ", curve, " is not supported");
}
}
len = Base64EncodingBufferSize (l);
char * b64 = new char[len+1];
len = ByteStreamToBase64 (signature, l, b64, len);
b64[len] = 0;
sig = b64;
delete[] b64;
}
else
LogPrint (eLogError, "Family: signing failed");
EVP_MD_CTX_destroy (mdctx);
}
SSL_free (ssl);
}
else

Loading…
Cancel
Save