// Extract the private and public keys from the PEM file, using the supplied // password to decrypt the file if encrypted. priv_key and pub_key must point to // an array o at least 65 and 131 character respectively. int load_pem_key(char *pemstr, size_t pemstr_len, char *password, char *out_priv_key, char *out_pub_key) { BIO *in = NULL; BN_CTX *ctx = NULL; const EC_GROUP *group; EC_KEY *eckey = NULL; const EC_POINT *pub_key_point = NULL; const BIGNUM *priv_key = NULL, *pub_key = NULL; char *priv_key_hex = NULL; char *pub_key_hex = NULL; in = BIO_new_mem_buf(pemstr, (int)pemstr_len); // Read key from stream, decrypting with password if not NULL if (password != NULL && strcmp("", password) != 0) { // Initialize ciphers ERR_load_crypto_strings (); OpenSSL_add_all_algorithms (); eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, password); if (eckey == NULL) { return -1; // Failed to decrypt or decode private key } } else { if ((eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, NULL)) == NULL) { return -1; // Failed to decode private key } } BIO_free(in); // Deconstruct key into big numbers if ((ctx = BN_CTX_new()) == NULL) { return -2; // Failed to create new big number context } if ((group = EC_KEY_get0_group(eckey)) == NULL) { return -3; // Failed to load group } if ((priv_key = EC_KEY_get0_private_key(eckey)) == NULL) { return -4; // Failed to load private key } if ((pub_key_point = EC_KEY_get0_public_key(eckey)) == NULL) { return -5; // Failed to load public key point } pub_key = EC_POINT_point2bn(group, pub_key_point, EC_KEY_get_conv_form(eckey), NULL, ctx); if (pub_key == NULL) { return -6; // Failed to construct public key from point } priv_key_hex = BN_bn2hex(priv_key); pub_key_hex = BN_bn2hex(pub_key); strncpy_s(out_priv_key, 64 + 1, priv_key_hex, 64 + 1); strncpy_s(out_pub_key, 130 + 1, pub_key_hex, 130 + 1); OPENSSL_free(priv_key_hex); OPENSSL_free(pub_key_hex); return 0; }
/* call-seq: * OpenSSL::PKey::EC.new() * OpenSSL::PKey::EC.new(ec_key) * OpenSSL::PKey::EC.new(ec_group) * OpenSSL::PKey::EC.new("secp112r1") * OpenSSL::PKey::EC.new(pem_string) * OpenSSL::PKey::EC.new(pem_string [, pwd]) * OpenSSL::PKey::EC.new(der_string) * * See the OpenSSL documentation for: * EC_KEY_* */ static VALUE ossl_ec_key_initialize(int argc, VALUE *argv, VALUE self) { EVP_PKEY *pkey; EC_KEY *ec; VALUE arg, pass; GetPKey(self, pkey); if (EVP_PKEY_base_id(pkey) != EVP_PKEY_NONE) ossl_raise(eECError, "EC_KEY already initialized"); rb_scan_args(argc, argv, "02", &arg, &pass); if (NIL_P(arg)) { if (!(ec = EC_KEY_new())) ossl_raise(eECError, NULL); } else if (rb_obj_is_kind_of(arg, cEC)) { EC_KEY *other_ec = NULL; SafeRequire_EC_KEY(arg, other_ec); if (!(ec = EC_KEY_dup(other_ec))) ossl_raise(eECError, NULL); } else if (rb_obj_is_kind_of(arg, cEC_GROUP)) { ec = ec_key_new_from_group(arg); } else { BIO *in; pass = ossl_pem_passwd_value(pass); in = ossl_obj2bio(arg); ec = PEM_read_bio_ECPrivateKey(in, NULL, ossl_pem_passwd_cb, (void *)pass); if (!ec) { OSSL_BIO_reset(in); ec = PEM_read_bio_EC_PUBKEY(in, NULL, ossl_pem_passwd_cb, (void *)pass); } if (!ec) { OSSL_BIO_reset(in); ec = d2i_ECPrivateKey_bio(in, NULL); } if (!ec) { OSSL_BIO_reset(in); ec = d2i_EC_PUBKEY_bio(in, NULL); } BIO_free(in); if (!ec) { ossl_clear_error(); ec = ec_key_new_from_group(arg); } } if (!EVP_PKEY_assign_EC_KEY(pkey, ec)) { EC_KEY_free(ec); ossl_raise(eECError, "EVP_PKEY_assign_EC_KEY"); } rb_iv_set(self, "@group", Qnil); return self; }
int main(int argc, const char **argv) { BIO *in; EC_KEY *eckey; char challenge[BUFSIZE]; const unsigned char *workbuf_p; unsigned char *sig_buf, *sig_buf_p; size_t len; unsigned int buf_len, i; if (argv[1] == NULL || argv[2] == NULL) { fprintf(stderr, "usage: %s [keyfile] [base64challenge]\n", argv[0]); return EXIT_FAILURE; } in = BIO_new(BIO_s_file()); BIO_read_filename(in, argv[1]); eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, NULL); BIO_free(in); if (!EC_KEY_check_key(eckey)) { fprintf(stderr, "Key data for %s is inconsistent.\n", argv[1]); return EXIT_FAILURE; } memset(challenge, '\0', sizeof challenge); len = base64_decode(argv[2], challenge, BUFSIZE); workbuf_p = (unsigned char *) challenge; buf_len = ECDSA_size(eckey); sig_buf = mowgli_alloc(buf_len); sig_buf_p = sig_buf; if (!ECDSA_sign(0, challenge, len, sig_buf_p, &buf_len, eckey)) { fprintf(stderr, "Failed to sign challenge!\n"); return EXIT_FAILURE; } base64_encode(sig_buf, buf_len, challenge, BUFSIZE); printf("%s\n", challenge); mowgli_free(sig_buf); return EXIT_SUCCESS; }
static EC_KEY *tmp_ecdh_callback(SSL *ssl, int is_export, int keylength) { BIO *bio; EC_KEY *ec_tmp = NULL; SSL_CTX *ctx = SSL_get_SSL_CTX(ssl); lua_State *L = SSL_CTX_get_app_data(ctx); int ret = 0; /* get callback function */ openssl_getvalue(L, ctx, "tmp_ecdh_callback"); /* Invoke the callback */ lua_pushboolean(L, is_export); lua_pushnumber(L, keylength); ret = lua_pcall(L, 2, 1, 0); if (ret == 0) { /* Load parameters from returned value */ if (lua_type(L, -1) != LUA_TSTRING) { lua_pop(L, 2); /* Remove values from stack */ return NULL; } bio = BIO_new_mem_buf((void*)lua_tostring(L, -1), lua_rawlen(L, -1)); if (bio) { ec_tmp = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL); BIO_free(bio); } } else { lua_error(L); } lua_pop(L, 2); /* Remove values from stack */ return ec_tmp; }
/* call-seq: * OpenSSL::PKey::EC.new() * OpenSSL::PKey::EC.new(ec_key) * OpenSSL::PKey::EC.new(ec_group) * OpenSSL::PKey::EC.new("secp112r1") * OpenSSL::PKey::EC.new(pem_string) * OpenSSL::PKey::EC.new(pem_string [, pwd]) * OpenSSL::PKey::EC.new(der_string) * * See the OpenSSL documentation for: * EC_KEY_* */ static VALUE ossl_ec_key_initialize(int argc, VALUE *argv, VALUE self) { EVP_PKEY *pkey; EC_KEY *ec = NULL; VALUE arg, pass; VALUE group = Qnil; char *passwd = NULL; GetPKey(self, pkey); if (pkey->pkey.ec) rb_raise(eECError, "EC_KEY already initialized"); rb_scan_args(argc, argv, "02", &arg, &pass); if (NIL_P(arg)) { ec = EC_KEY_new(); } else { if (rb_obj_is_kind_of(arg, cEC)) { EC_KEY *other_ec = NULL; SafeRequire_EC_KEY(arg, other_ec); ec = EC_KEY_dup(other_ec); } else if (rb_obj_is_kind_of(arg, cEC_GROUP)) { ec = EC_KEY_new(); group = arg; } else { BIO *in = ossl_obj2bio(arg); if (!NIL_P(pass)) { passwd = StringValuePtr(pass); } ec = PEM_read_bio_ECPrivateKey(in, NULL, ossl_pem_passwd_cb, passwd); if (!ec) { (void)BIO_reset(in); (void)ERR_get_error(); ec = PEM_read_bio_EC_PUBKEY(in, NULL, ossl_pem_passwd_cb, passwd); } if (!ec) { (void)BIO_reset(in); (void)ERR_get_error(); ec = d2i_ECPrivateKey_bio(in, NULL); } if (!ec) { (void)BIO_reset(in); (void)ERR_get_error(); ec = d2i_EC_PUBKEY_bio(in, NULL); } BIO_free(in); if (ec == NULL) { const char *name = StringValueCStr(arg); int nid = OBJ_sn2nid(name); (void)ERR_get_error(); if (nid == NID_undef) ossl_raise(eECError, "unknown curve name (%s)\n", name); if ((ec = EC_KEY_new_by_curve_name(nid)) == NULL) ossl_raise(eECError, "unable to create curve (%s)\n", name); EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE); EC_KEY_set_conv_form(ec, POINT_CONVERSION_UNCOMPRESSED); } } } if (ec == NULL) ossl_raise(eECError, NULL); if (!EVP_PKEY_assign_EC_KEY(pkey, ec)) { EC_KEY_free(ec); ossl_raise(eECError, "EVP_PKEY_assign_EC_KEY"); } rb_iv_set(self, "@group", Qnil); if (!NIL_P(group)) rb_funcall(self, rb_intern("group="), 1, arg); return self; }
static int openssl_ssl_ctx_set_tmp(lua_State *L) { SSL_CTX* ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx"); static const char* which[] = { "dh", "rsa", "ecdh", NULL }; int nwhich = luaL_checkoption(L, 2, NULL, which); int ret = 0; if (lua_isfunction(L, 3)) { lua_pushvalue(L, 3); ret = 1; switch (nwhich) { case 0: openssl_setvalue(L, ctx, "tmp_dh_callback"); SSL_CTX_set_tmp_dh_callback(ctx, tmp_dh_callback); break; case 1: openssl_setvalue(L, ctx, "tmp_rsa_callback"); SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_callback); break; case 2: { luaL_argcheck(L, lua_isstring(L, 4), 4, "must supply curve name"); openssl_setvalue(L, ctx, "tmp_ecdh_callback"); SSL_CTX_set_tmp_ecdh_callback(ctx, tmp_ecdh_callback); lua_pushvalue(L, 4); openssl_setvalue(L, ctx, "curve"); } break; } } else if (lua_isstring(L, 3)) { BIO* bio = load_bio_object(L, 3); switch (nwhich) { case 0: { DH* dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); if (dh) ret = SSL_CTX_set_tmp_dh(ctx, dh); else luaL_error(L, "generate new tmp dh fail"); } break; case 1: { RSA* rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL); if (rsa) ret = SSL_CTX_set_tmp_rsa(ctx, rsa); else luaL_error(L, "generate new tmp rsa fail"); } break; case 2: { int nid = NID_undef; EC_KEY* ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL); if (ec == NULL) { nid = OBJ_txt2nid(lua_tostring(L, 3)); if (nid != NID_undef) ec = EC_KEY_new_by_curve_name(nid); } if (ec) ret = SSL_CTX_set_tmp_ecdh(ctx, ec); else luaL_error(L, "generate new tmp ec_key fail"); } break; } BIO_free(bio); } else if (lua_isuserdata(L, 3)) { luaL_argerror(L, 3, "userdata arg NYI"); } else luaL_argerror(L, 3, "should be tmp key callback function or pem string or key object"); return openssl_pushresult(L, ret); }
int MAIN(int argc, char **argv) { int ret = 1; EC_KEY *eckey = NULL; const EC_GROUP *group; int i, badops = 0; const EVP_CIPHER *enc = NULL; BIO *in = NULL, *out = NULL; int informat, outformat, text = 0, noout = 0; int pubin = 0, pubout = 0, param_out = 0; char *infile, *outfile, *prog, *engine; char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; int new_form = 0; int asn1_flag = OPENSSL_EC_NAMED_CURVE; int new_asn1_flag = 0; apps_startup(); if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; engine = NULL; infile = NULL; outfile = NULL; informat = FORMAT_PEM; outformat = FORMAT_PEM; prog = argv[0]; argc--; argv++; while (argc >= 1) { if (strcmp(*argv, "-inform") == 0) { if (--argc < 1) goto bad; informat = str2fmt(*(++argv)); } else if (strcmp(*argv, "-outform") == 0) { if (--argc < 1) goto bad; outformat = str2fmt(*(++argv)); } else if (strcmp(*argv, "-in") == 0) { if (--argc < 1) goto bad; infile = *(++argv); } else if (strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; outfile = *(++argv); } else if (strcmp(*argv, "-passin") == 0) { if (--argc < 1) goto bad; passargin = *(++argv); } else if (strcmp(*argv, "-passout") == 0) { if (--argc < 1) goto bad; passargout = *(++argv); } else if (strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; engine = *(++argv); } else if (strcmp(*argv, "-noout") == 0) noout = 1; else if (strcmp(*argv, "-text") == 0) text = 1; else if (strcmp(*argv, "-conv_form") == 0) { if (--argc < 1) goto bad; ++argv; new_form = 1; if (strcmp(*argv, "compressed") == 0) form = POINT_CONVERSION_COMPRESSED; else if (strcmp(*argv, "uncompressed") == 0) form = POINT_CONVERSION_UNCOMPRESSED; else if (strcmp(*argv, "hybrid") == 0) form = POINT_CONVERSION_HYBRID; else goto bad; } else if (strcmp(*argv, "-param_enc") == 0) { if (--argc < 1) goto bad; ++argv; new_asn1_flag = 1; if (strcmp(*argv, "named_curve") == 0) asn1_flag = OPENSSL_EC_NAMED_CURVE; else if (strcmp(*argv, "explicit") == 0) asn1_flag = 0; else goto bad; } else if (strcmp(*argv, "-param_out") == 0) param_out = 1; else if (strcmp(*argv, "-pubin") == 0) pubin = 1; else if (strcmp(*argv, "-pubout") == 0) pubout = 1; else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) { BIO_printf(bio_err, "unknown option %s\n", *argv); badops = 1; break; } argc--; argv++; } if (badops) { bad: BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog); BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, " -inform arg input format - " "DER or PEM\n"); BIO_printf(bio_err, " -outform arg output format - " "DER or PEM\n"); BIO_printf(bio_err, " -in arg input file\n"); BIO_printf(bio_err, " -passin arg input file pass " "phrase source\n"); BIO_printf(bio_err, " -out arg output file\n"); BIO_printf(bio_err, " -passout arg output file pass " "phrase source\n"); BIO_printf(bio_err, " -engine e use engine e, " "possibly a hardware device.\n"); BIO_printf(bio_err, " -des encrypt PEM output, " "instead of 'des' every other \n" " cipher " "supported by OpenSSL can be used\n"); BIO_printf(bio_err, " -text print the key\n"); BIO_printf(bio_err, " -noout don't print key out\n"); BIO_printf(bio_err, " -param_out print the elliptic " "curve parameters\n"); BIO_printf(bio_err, " -conv_form arg specifies the " "point conversion form \n"); BIO_printf(bio_err, " possible values:" " compressed\n"); BIO_printf(bio_err, " " " uncompressed (default)\n"); BIO_printf(bio_err, " " " hybrid\n"); BIO_printf(bio_err, " -param_enc arg specifies the way" " the ec parameters are encoded\n"); BIO_printf(bio_err, " in the asn1 der " "encoding\n"); BIO_printf(bio_err, " possible values:" " named_curve (default)\n"); BIO_printf(bio_err, " " "explicit\n"); goto end; } ERR_load_crypto_strings(); # ifndef OPENSSL_NO_ENGINE setup_engine(bio_err, engine, 0); # endif if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; } in = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; } if (infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { if (BIO_read_filename(in, infile) <= 0) { perror(infile); goto end; } } BIO_printf(bio_err, "read EC key\n"); if (informat == FORMAT_ASN1) { if (pubin) eckey = d2i_EC_PUBKEY_bio(in, NULL); else eckey = d2i_ECPrivateKey_bio(in, NULL); } else if (informat == FORMAT_PEM) { if (pubin) eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL); else eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, passin); } else { BIO_printf(bio_err, "bad input format specified for key\n"); goto end; } if (eckey == NULL) { BIO_printf(bio_err, "unable to load Key\n"); ERR_print_errors(bio_err); goto end; } if (outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); # ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } # endif } else { if (BIO_write_filename(out, outfile) <= 0) { perror(outfile); goto end; } } group = EC_KEY_get0_group(eckey); if (new_form) EC_KEY_set_conv_form(eckey, form); if (new_asn1_flag) EC_KEY_set_asn1_flag(eckey, asn1_flag); if (text) if (!EC_KEY_print(out, eckey, 0)) { perror(outfile); ERR_print_errors(bio_err); goto end; } if (noout) { ret = 0; goto end; } BIO_printf(bio_err, "writing EC key\n"); if (outformat == FORMAT_ASN1) { if (param_out) i = i2d_ECPKParameters_bio(out, group); else if (pubin || pubout) i = i2d_EC_PUBKEY_bio(out, eckey); else i = i2d_ECPrivateKey_bio(out, eckey); } else if (outformat == FORMAT_PEM) { if (param_out) i = PEM_write_bio_ECPKParameters(out, group); else if (pubin || pubout) i = PEM_write_bio_EC_PUBKEY(out, eckey); else i = PEM_write_bio_ECPrivateKey(out, eckey, enc, NULL, 0, NULL, passout); } else { BIO_printf(bio_err, "bad output format specified for " "outfile\n"); goto end; } if (!i) { BIO_printf(bio_err, "unable to write private key\n"); ERR_print_errors(bio_err); } else ret = 0; end: if (in) BIO_free(in); if (out) BIO_free_all(out); if (eckey) EC_KEY_free(eckey); if (passin) OPENSSL_free(passin); if (passout) OPENSSL_free(passout); apps_shutdown(); OPENSSL_EXIT(ret); }
int FuzzerTestOneInput(const uint8_t *buf, size_t len) { SSL *server; BIO *in; BIO *out; #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DSA) BIO *bio_buf; #endif SSL_CTX *ctx; int ret; RSA *privkey; const uint8_t *bufp; EVP_PKEY *pkey; X509 *cert; #ifndef OPENSSL_NO_EC EC_KEY *ecdsakey = NULL; #endif #ifndef OPENSSL_NO_DSA DSA *dsakey = NULL; #endif uint8_t opt; if (len < 2) return 0; /* * TODO: use the ossltest engine (optionally?) to disable crypto checks. */ /* This only fuzzes the initial flow from the client so far. */ ctx = SSL_CTX_new(SSLv23_method()); ret = SSL_CTX_set_min_proto_version(ctx, 0); OPENSSL_assert(ret == 1); ret = SSL_CTX_set_cipher_list(ctx, "ALL:eNULL:@SECLEVEL=0"); OPENSSL_assert(ret == 1); /* RSA */ bufp = kRSAPrivateKeyDER; privkey = d2i_RSAPrivateKey(NULL, &bufp, sizeof(kRSAPrivateKeyDER)); OPENSSL_assert(privkey != NULL); pkey = EVP_PKEY_new(); EVP_PKEY_assign_RSA(pkey, privkey); ret = SSL_CTX_use_PrivateKey(ctx, pkey); OPENSSL_assert(ret == 1); EVP_PKEY_free(pkey); bufp = kCertificateDER; cert = d2i_X509(NULL, &bufp, sizeof(kCertificateDER)); OPENSSL_assert(cert != NULL); ret = SSL_CTX_use_certificate(ctx, cert); OPENSSL_assert(ret == 1); X509_free(cert); #ifndef OPENSSL_NO_EC /* ECDSA */ bio_buf = BIO_new(BIO_s_mem()); OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSAPrivateKeyPEM, sizeof(ECDSAPrivateKeyPEM)) == sizeof(ECDSAPrivateKeyPEM)); ecdsakey = PEM_read_bio_ECPrivateKey(bio_buf, NULL, NULL, NULL); ERR_print_errors_fp(stderr); OPENSSL_assert(ecdsakey != NULL); BIO_free(bio_buf); pkey = EVP_PKEY_new(); EVP_PKEY_assign_EC_KEY(pkey, ecdsakey); ret = SSL_CTX_use_PrivateKey(ctx, pkey); OPENSSL_assert(ret == 1); EVP_PKEY_free(pkey); bio_buf = BIO_new(BIO_s_mem()); OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSACertPEM, sizeof(ECDSACertPEM)) == sizeof(ECDSACertPEM)); cert = PEM_read_bio_X509(bio_buf, NULL, NULL, NULL); OPENSSL_assert(cert != NULL); BIO_free(bio_buf); ret = SSL_CTX_use_certificate(ctx, cert); OPENSSL_assert(ret == 1); X509_free(cert); #endif #ifndef OPENSSL_NO_DSA /* DSA */ bio_buf = BIO_new(BIO_s_mem()); OPENSSL_assert((size_t)BIO_write(bio_buf, DSAPrivateKeyPEM, sizeof(DSAPrivateKeyPEM)) == sizeof(DSAPrivateKeyPEM)); dsakey = PEM_read_bio_DSAPrivateKey(bio_buf, NULL, NULL, NULL); ERR_print_errors_fp(stderr); OPENSSL_assert(dsakey != NULL); BIO_free(bio_buf); pkey = EVP_PKEY_new(); EVP_PKEY_assign_DSA(pkey, dsakey); ret = SSL_CTX_use_PrivateKey(ctx, pkey); OPENSSL_assert(ret == 1); EVP_PKEY_free(pkey); bio_buf = BIO_new(BIO_s_mem()); OPENSSL_assert((size_t)BIO_write(bio_buf, DSACertPEM, sizeof(DSACertPEM)) == sizeof(DSACertPEM)); cert = PEM_read_bio_X509(bio_buf, NULL, NULL, NULL); OPENSSL_assert(cert != NULL); BIO_free(bio_buf); ret = SSL_CTX_use_certificate(ctx, cert); OPENSSL_assert(ret == 1); X509_free(cert); #endif /* TODO: Set up support for SRP and PSK */ server = SSL_new(ctx); in = BIO_new(BIO_s_mem()); out = BIO_new(BIO_s_mem()); SSL_set_bio(server, in, out); SSL_set_accept_state(server); opt = (uint8_t)buf[len-1]; len--; OPENSSL_assert((size_t)BIO_write(in, buf, len) == len); if ((opt & 0x01) != 0) { do { char early_buf[16384]; size_t early_len; ret = SSL_read_early_data(server, early_buf, sizeof(early_buf), &early_len); if (ret != SSL_READ_EARLY_DATA_SUCCESS) break; } while (1); } if (SSL_do_handshake(server) == 1) { /* Keep reading application data until error or EOF. */ uint8_t tmp[1024]; for (;;) { if (SSL_read(server, tmp, sizeof(tmp)) <= 0) { break; } } } SSL_free(server); ERR_clear_error(); SSL_CTX_free(ctx); return 0; }
int signMessageWithPem(char *message, char *pem, char **signature) { unsigned int meslen = strlen(message); unsigned char *messagebytes = calloc(meslen, sizeof(unsigned char)); int derSigLen = 0; int i = 0; memcpy(messagebytes, message, meslen); EC_KEY *key = NULL; BIO *in = NULL; unsigned char *buffer = NULL; char *sha256ofMsg = calloc(SHA256_HEX_STRING, sizeof(char)); unsigned char *outBytesOfsha256ofMsg = calloc(SHA256_STRING, sizeof(unsigned char)); digestOfBytes(messagebytes, &sha256ofMsg, "sha256", meslen); sha256ofMsg[64] = '\0'; createDataWithHexString(sha256ofMsg, &outBytesOfsha256ofMsg); in = BIO_new(BIO_s_mem()); BIO_puts(in, pem); key = PEM_read_bio_ECPrivateKey(in, NULL, NULL, NULL); if(key == NULL) { return ERROR; } while(derSigLen < 70 && i < 10) { i++; ECDSA_SIG *sig = ECDSA_do_sign((const unsigned char*)outBytesOfsha256ofMsg, SHA256_DIGEST_LENGTH, key); int verify = ECDSA_do_verify((const unsigned char*)outBytesOfsha256ofMsg, SHA256_DIGEST_LENGTH, sig, key); if(verify != 1) { return ERROR; } int buflen = ECDSA_size(key); buffer = OPENSSL_malloc(buflen); derSigLen = i2d_ECDSA_SIG(sig, &buffer); } if(i == 10) return ERROR; char *hexData = calloc(derSigLen, sizeof(char)); memcpy(hexData, buffer-derSigLen, derSigLen); char *hexString = calloc(derSigLen*2+1, sizeof(char)); toHexString(hexData, derSigLen, &hexString); hexString[derSigLen * 2] = '\0'; memcpy(*signature, hexString, (derSigLen*2)+ 1); EC_KEY_free(key); BIO_free_all(in); free(messagebytes); free(sha256ofMsg); free(outBytesOfsha256ofMsg); free(hexData); free(hexString); return NOERROR; }
int getPublicKeyFromPem(char *pemstring, char **pubkey) { EC_KEY *eckey = NULL; EC_KEY *key = NULL; EC_POINT *pub_key = NULL; BIO *in = NULL; const EC_GROUP *group = NULL; char *hexPoint = NULL; char xval[65] = ""; char yval[65] = ""; char *oddNumbers = "13579BDF"; BIGNUM start; const BIGNUM *res; BN_CTX *ctx; BN_init(&start); ctx = BN_CTX_new(); res = &start; const char *cPem = pemstring; in = BIO_new(BIO_s_mem()); BIO_puts(in, cPem); key = PEM_read_bio_ECPrivateKey(in, NULL, NULL, NULL); res = EC_KEY_get0_private_key(key); eckey = EC_KEY_new_by_curve_name(NID_secp256k1); group = EC_KEY_get0_group(eckey); pub_key = EC_POINT_new(group); EC_KEY_set_private_key(eckey, res); if (!EC_POINT_mul(group, pub_key, res, NULL, NULL, ctx)) { return ERROR; } EC_KEY_set_public_key(eckey, pub_key); hexPoint = EC_POINT_point2hex(group, pub_key, 4, ctx); char *hexPointxInit = hexPoint + 2; memcpy(xval, hexPointxInit, 64); char *hexPointyInit = hexPoint + 66; memcpy(yval, hexPointyInit, 64); char *lastY = hexPoint + 129; hexPoint[130] = '\0'; char *buildCompPub = calloc(67, sizeof(char)); if (strstr(oddNumbers, lastY) != NULL) { sprintf(buildCompPub, "03%s", xval); buildCompPub[66] = '\0'; memcpy(*pubkey, buildCompPub, 67); } else { sprintf(buildCompPub, "02%s", xval); buildCompPub[66] = '\0'; memcpy(*pubkey, buildCompPub, 67); } free(buildCompPub); BN_CTX_free(ctx); EC_KEY_free(eckey); EC_KEY_free(key); EC_POINT_free(pub_key); BIO_free(in); return NOERROR; };