static int cardfingerprint(void *ctx,char *file,void *out) { int r=NOCARD; int len; EVP_PKEY *key; RSA *rsa=NULL; EC_KEY *ec=NULL; ENGINE *e=(ENGINE *)ctx; unsigned char bfr[2048]; unsigned char *p=bfr; resume_engine(e,engbits); if(!(key=ENGINE_load_public_key(e,file,NULL,NULL)))goto err1; r=CRYPTOFAIL; #if OPENSSL_VERSION_NUMBER >= 0x1010000fL if(EVP_PKEY_get0_RSA(key)) { if(!(rsa=EVP_PKEY_get1_RSA(key)))goto err2; if((len=i2d_RSA_PUBKEY(rsa,NULL))>sizeof(bfr))goto err3; if(i2d_RSA_PUBKEY(rsa,&p)!=len)goto err3; } else if(EVP_PKEY_get0_EC_KEY(key)) { if(!(ec=EVP_PKEY_get1_EC_KEY(key)))goto err2; if((len=i2d_EC_PUBKEY(ec,NULL))>sizeof(bfr))goto err3; if(i2d_EC_PUBKEY(ec,&p)!=len)goto err3; } else goto err2; #else switch(EVP_PKEY_type(key->type)) { case EVP_PKEY_RSA: if(!(rsa=EVP_PKEY_get1_RSA(key)))goto err2; if((len=i2d_RSA_PUBKEY(rsa,NULL))>sizeof(bfr))goto err3; if(i2d_RSA_PUBKEY(rsa,&p)!=len)goto err3; break; case EVP_PKEY_EC: if(!(ec=EVP_PKEY_get1_EC_KEY(key)))goto err2; if((len=i2d_EC_PUBKEY(ec,NULL))>sizeof(bfr))goto err3; if(i2d_EC_PUBKEY(ec,&p)!=len)goto err3; break; default:goto err2; } #endif if(out)sha256(bfr,len,out); r=OK; err3: if(rsa)RSA_free(rsa); if(ec)EC_KEY_free(ec); memclear(bfr,0,sizeof(bfr)); err2: EVP_PKEY_free(key); err1: suspend_engine(e,&engbits); return r; }
PyObject * get_key_der_public(struct ccn_pkey *public_key_ccn) { PyObject *result; RSA *public_key_rsa; unsigned long err; unsigned char *public_key_der = NULL; int der_len; public_key_rsa = EVP_PKEY_get1_RSA((EVP_PKEY *) public_key_ccn); JUMP_IF_NULL(public_key_rsa, openssl_error); //i2d_RSAPublicKey() is also valid, but openssl doesn't //seem to understand it der_len = i2d_RSA_PUBKEY(public_key_rsa, &public_key_der); JUMP_IF_NEG(der_len, openssl_error); result = PyBytes_FromStringAndSize((char *) public_key_der, der_len); RSA_free(public_key_rsa); public_key_rsa = NULL; JUMP_IF_NULL(result, error); return result; openssl_error: err = ERR_get_error(); PyErr_Format(g_PyExc_CCNKeyError, "Unable to write Public Key: %s", ERR_reason_error_string(err)); error: RSA_free(public_key_rsa); return NULL; }
SEXP PKI_extract_key(SEXP sKey, SEXP sPriv) { SEXP res; EVP_PKEY *key; RSA *rsa; int get_priv = asInteger(sPriv), len; if (!inherits(sKey, "public.key") && !inherits(sKey, "private.key")) Rf_error("invalid key object"); if (get_priv == NA_INTEGER) get_priv = inherits(sKey, "private.key"); if (get_priv && !inherits(sKey, "private.key")) return R_NilValue; key = (EVP_PKEY*) R_ExternalPtrAddr(sKey); if (!key) Rf_error("NULL key"); PKI_init(); if (EVP_PKEY_type(key->type) != EVP_PKEY_RSA) Rf_error("Sorry only RSA keys are supported at this point"); rsa = EVP_PKEY_get1_RSA(key); if (get_priv) { unsigned char *ptr; len = i2d_RSAPrivateKey(rsa, 0); if (len < 1) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); res = allocVector(RAWSXP, len); ptr = (unsigned char*) RAW(res); len = i2d_RSAPrivateKey(rsa, &ptr); if (len < 1) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); PROTECT(res); setAttrib(res, R_ClassSymbol, mkString("private.key.DER")); UNPROTECT(1); } else { unsigned char *ptr; len = i2d_RSA_PUBKEY(rsa, 0); if (len < 1) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); res = allocVector(RAWSXP, len); ptr = (unsigned char*) RAW(res); len = i2d_RSA_PUBKEY(rsa, &ptr); if (len < 1) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); PROTECT(res); setAttrib(res, R_ClassSymbol, mkString("public.key.DER")); UNPROTECT(1); } return res; }
ndn_Error ndn_RsaPrivateKey_encodePublicKey (const struct ndn_RsaPrivateKey *self, uint8_t *encoding, size_t *encodingLength) { int result = i2d_RSA_PUBKEY(self->privateKey, encoding ? &encoding : 0); if (result < 0) return NDN_ERROR_Error_encoding_key; *encodingLength = result; return NDN_ERROR_success; }
/* Manuall compose public keys from bignum values */ SEXP R_rsa_pubkey_build(SEXP expdata, SEXP moddata){ RSA *rsa = RSA_new(); MY_RSA_set0_key(rsa, new_bignum_from_r(moddata), new_bignum_from_r(expdata), NULL); unsigned char *buf = NULL; int len = i2d_RSA_PUBKEY(rsa, &buf); bail(len); RSA_free(rsa); SEXP res = allocVector(RAWSXP, len); memcpy(RAW(res), buf, len); OPENSSL_free(buf); return res; }
static int certfingerprint(char *file,void *out) { int r=FILEFAIL; int len; BIO *cert; X509 *x509; EVP_PKEY *key; RSA *rsa=NULL; EC_KEY *ec=NULL; unsigned char bfr[2048]; unsigned char *p=bfr; if(!(cert=BIO_new(BIO_s_file())))goto err1; if(BIO_read_filename(cert,file)<=0)goto err2; r=CRYPTOFAIL; if(!(x509=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL)))goto err2; if(!(key=X509_get_pubkey(x509)))goto err3; #if OPENSSL_VERSION_NUMBER >= 0x1010000fL if(EVP_PKEY_get0_RSA(key)) { if(!(rsa=EVP_PKEY_get1_RSA(key)))goto err4; if((len=i2d_RSA_PUBKEY(rsa,NULL))>sizeof(bfr))goto err5; if(i2d_RSA_PUBKEY(rsa,&p)!=len)goto err5; } else if(EVP_PKEY_get0_EC_KEY(key)) { if(!(ec=EVP_PKEY_get1_EC_KEY(key)))goto err4; if((len=i2d_EC_PUBKEY(ec,NULL))>sizeof(bfr))goto err5; if(i2d_EC_PUBKEY(ec,&p)!=len)goto err5; } else goto err4; #else switch(EVP_PKEY_type(key->type)) { case EVP_PKEY_RSA: if(!(rsa=EVP_PKEY_get1_RSA(key)))goto err4; if((len=i2d_RSA_PUBKEY(rsa,NULL))>sizeof(bfr))goto err5; if(i2d_RSA_PUBKEY(rsa,&p)!=len)goto err5; break; case EVP_PKEY_EC: if(!(ec=EVP_PKEY_get1_EC_KEY(key)))goto err4; if((len=i2d_EC_PUBKEY(ec,NULL))>sizeof(bfr))goto err5; if(i2d_EC_PUBKEY(ec,&p)!=len)goto err5; break; default:goto err4; } #endif if(out)sha256(bfr,len,out); r=OK; err5: if(rsa)RSA_free(rsa); if(ec)EC_KEY_free(ec); err4: EVP_PKEY_free(key); err3: X509_free(x509); err2: BIO_free(cert); err1: return r; }
void FilePrivateKeyStorage::generateKeyPair (const Name& keyName, const KeyParams& params) { if (doesKeyExist(keyName, KEY_CLASS_PUBLIC)) throw SecurityException("Public Key already exists"); if (doesKeyExist(keyName, KEY_CLASS_PRIVATE)) throw SecurityException("Private Key already exists"); Blob publicKeyDer; Blob privateKeyDer; if (params.getKeyType() == KEY_TYPE_RSA) { const RsaKeyParams& rsaParams = static_cast<const RsaKeyParams&>(params); BIGNUM* exponent = 0; RSA* rsa = 0; exponent = BN_new(); if (BN_set_word(exponent, RSA_F4) == 1) { rsa = RSA_new(); if (RSA_generate_key_ex(rsa, rsaParams.getKeySize(), exponent, NULL) == 1) { // Encode the public key. int length = i2d_RSA_PUBKEY(rsa, NULL); publicKeyDer = Blob(ptr_lib::make_shared<vector<uint8_t> >(length), false); uint8_t* derPointer = const_cast<uint8_t*>(publicKeyDer.buf()); i2d_RSA_PUBKEY(rsa, &derPointer); // Encode the private key. length = i2d_RSAPrivateKey(rsa, NULL); vector<uint8_t> pkcs1PrivateKeyDer(length); derPointer = &pkcs1PrivateKeyDer[0]; i2d_RSAPrivateKey(rsa, &derPointer); privateKeyDer = encodePkcs8PrivateKey (pkcs1PrivateKeyDer, OID(RSA_ENCRYPTION_OID), ptr_lib::make_shared<DerNode::DerNull>()); } } BN_free(exponent); RSA_free(rsa); } else if (params.getKeyType() == KEY_TYPE_ECDSA) { const EcdsaKeyParams& ecdsaParams = static_cast<const EcdsaKeyParams&>(params); OID parametersOid; int curveId = -1; // Find the entry in EC_KEY_INFO. for (size_t i = 0 ; i < sizeof(EC_KEY_INFO) / sizeof(EC_KEY_INFO[0]); ++i) { if (EC_KEY_INFO[i].keySize == ecdsaParams.getKeySize()) { curveId = EC_KEY_INFO[i].curveId; parametersOid.setIntegerList (EC_KEY_INFO[i].oidIntegerList, EC_KEY_INFO[i].oidIntegerListLength); break; } } if (curveId == -1) throw SecurityException("Unsupported keySize for KEY_TYPE_ECDSA"); EC_KEY* ecKey = EC_KEY_new_by_curve_name(curveId); if (ecKey != NULL) { if (EC_KEY_generate_key(ecKey) == 1) { // Encode the public key. int length = i2d_EC_PUBKEY(ecKey, NULL); vector<uint8_t> opensslPublicKeyDer(length); uint8_t* derPointer = &opensslPublicKeyDer[0]; i2d_EC_PUBKEY(ecKey, &derPointer); // Convert the openssl style to ndn-cxx which has the simple AlgorithmIdentifier. // Find the bit string which is the second child. ptr_lib::shared_ptr<DerNode> parsedNode = DerNode::parse (&opensslPublicKeyDer[0], 0); const std::vector<ptr_lib::shared_ptr<DerNode> >& children = parsedNode->getChildren(); publicKeyDer = encodeSubjectPublicKeyInfo (OID(EC_ENCRYPTION_OID), ptr_lib::make_shared<DerNode::DerOid>(parametersOid), children[1]); // Encode the private key. EC_KEY_set_enc_flags(ecKey, EC_PKEY_NO_PARAMETERS | EC_PKEY_NO_PUBKEY); length = i2d_ECPrivateKey(ecKey, NULL); vector<uint8_t> pkcs1PrivateKeyDer(length); derPointer = &pkcs1PrivateKeyDer[0]; i2d_ECPrivateKey(ecKey, &derPointer); privateKeyDer = encodePkcs8PrivateKey (pkcs1PrivateKeyDer, OID(EC_ENCRYPTION_OID), ptr_lib::make_shared<DerNode::DerOid>(parametersOid)); } } EC_KEY_free(ecKey); } else throw SecurityException("Unsupported key type"); string keyUri = keyName.toUri(); string publicKeyFilePath = nameTransform(keyUri, ".pub"); string privateKeyFilePath = nameTransform(keyUri, ".pri"); ofstream publicKeyFile(publicKeyFilePath.c_str()); publicKeyFile << toBase64(publicKeyDer.buf(), publicKeyDer.size(), true); ofstream privateKeyFile(privateKeyFilePath.c_str()); privateKeyFile << toBase64(privateKeyDer.buf(), privateKeyDer.size(), true); ::chmod(publicKeyFilePath.c_str(), S_IRUSR | S_IRGRP | S_IROTH); ::chmod(privateKeyFilePath.c_str(), S_IRUSR); }
bool avjackif::async_register_new_user(std::string user_name, boost::asio::yield_context yield_context) { // 先发 client_hello if( m_shared_key.empty()) async_client_hello(yield_context); auto digest = EVP_sha1(); // 先生成 RSA 密钥 _rsa.reset(RSA_generate_key(2048, 65537, 0, 0), RSA_free); // 然后生成 CSR boost::shared_ptr<X509_REQ> csr(X509_REQ_new(), X509_REQ_free); boost::shared_ptr<EVP_PKEY> pkey(EVP_PKEY_new(), EVP_PKEY_free); EVP_PKEY_set1_RSA(pkey.get(), _rsa.get()); // 添加证书申请信息 auto subj =X509_REQ_get_subject_name(csr.get()); /* X509_NAME_add_entry_by_NID(subj, NID_countryName, "CN"); X509_NAME_add_entry_by_NID(subj, NID_stateOrProvinceName, "Shanghai"); X509_NAME_add_entry_by_NID(subj, NID_localityName, "Shanghai"); X509_NAME_add_entry_by_NID(subj, NID_organizationName, "avplayer"); X509_NAME_add_entry_by_NID(subj, NID_organizationalUnitName, "sales"); */ X509_NAME_add_entry_by_NID(subj, NID_commonName, user_name); // X509_NAME_add_entry_by_NID(subj, NID_pkcs9_emailAddress, "test-client"); X509_REQ_set_pubkey(csr.get(), pkey.get()); // 签出 CSR X509_REQ_sign(csr.get(), pkey.get(), digest); unsigned char * out = NULL; auto csr_out_len = i2d_X509_REQ(csr.get(), &out); std::string csrout((char*)out, csr_out_len); OPENSSL_free(out); out = NULL; auto rsa_key_out_len = i2d_RSA_PUBKEY(_rsa.get(), &out); std::string rsa_key((char*)out, rsa_key_out_len); OPENSSL_free(out); PEM_write_X509_REQ(stderr, csr.get()); // 然后发送 注册信息 proto::user_register user_register; user_register.set_user_name(user_name); user_register.set_rsa_pubkey(rsa_key); user_register.set_csr(csrout); boost::asio::async_write(*m_sock, boost::asio::buffer(av_router::encode(user_register)), yield_context); // 读取应答 std::unique_ptr<proto::user_register_result> user_register_result((proto::user_register_result*)async_read_protobuf_message(*m_sock, yield_context)); return user_register_result->result() == proto::user_register_result::REGISTER_SUCCEED; }
int main( void ){ // int i2d_RSAPublicKey(RSA *a, unsigned char **pp); // int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp); const char* keyStr = "-----BEGIN PUBLIC KEY-----\n" "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAws5ZlcsFQv8oh+f5YDE/\n" "Dqro+tyQxcRpw8Ykjo/Vxq/x7rFgCZch7IUWfImTXEiYbePVApgcCFS/yMBJpaG9\n" "mWYbYDmpQEMrYEAdo7dB0A6NS/DFvdlTmhUxe2YBqeP7U+s5pZ1nekhVD1vCkJro\n" "P8Z8pwOZ4kDo1pWDcguL8j0c0a5JeO24sBtBxak3lDOlTdIrc6ulJ/cNrhzIhbmu\n" "QUTwImsmOH/SYHHKhMctPAU26CRai8NmhIucNx+0LYhikaJXgfdyHD/a7RdSqMHy\n" "QWqRjvEyk7DJOEojSEF8OlES24qoyMTNRUIndrQc2u96oQToQh9sjg6S0g8TlWc0\n" "BwIDAQAB\n" "-----END PUBLIC KEY-----" ; EVP_PKEY* evpKey = readPublicKey( keyStr ); RSA* rsaKey = EVP_PKEY_get1_RSA( evpKey ); unsigned char keyBinaryBuffer[ 10240 ] = { 0 }; unsigned char* keyBinaryBufferPointer = keyBinaryBuffer; int keyLength = i2d_RSA_PUBKEY( rsaKey, (unsigned char**)&keyBinaryBufferPointer ); std::cout << "DER Format (" << keyLength << "):" << std::hex << std::setfill( '0' ) << std::endl; for( int i = 0; i < keyLength; ++i ){ if( i && (i % 10 == 0) ){ std::cout << std::endl; } std::cout << "0x" << std::setw( 2 ) << (int)keyBinaryBuffer[ i ] << ", "; } std::cout << std::endl; const unsigned char keyBinary[] = { 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc2, 0xce, 0x59, 0x95, 0xcb, 0x05, 0x42, 0xff, 0x28, 0x87, 0xe7, 0xf9, 0x60, 0x31, 0x3f, 0x0e, 0xaa, 0xe8, 0xfa, 0xdc, 0x90, 0xc5, 0xc4, 0x69, 0xc3, 0xc6, 0x24, 0x8e, 0x8f, 0xd5, 0xc6, 0xaf, 0xf1, 0xee, 0xb1, 0x60, 0x09, 0x97, 0x21, 0xec, 0x85, 0x16, 0x7c, 0x89, 0x93, 0x5c, 0x48, 0x98, 0x6d, 0xe3, 0xd5, 0x02, 0x98, 0x1c, 0x08, 0x54, 0xbf, 0xc8, 0xc0, 0x49, 0xa5, 0xa1, 0xbd, 0x99, 0x66, 0x1b, 0x60, 0x39, 0xa9, 0x40, 0x43, 0x2b, 0x60, 0x40, 0x1d, 0xa3, 0xb7, 0x41, 0xd0, 0x0e, 0x8d, 0x4b, 0xf0, 0xc5, 0xbd, 0xd9, 0x53, 0x9a, 0x15, 0x31, 0x7b, 0x66, 0x01, 0xa9, 0xe3, 0xfb, 0x53, 0xeb, 0x39, 0xa5, 0x9d, 0x67, 0x7a, 0x48, 0x55, 0x0f, 0x5b, 0xc2, 0x90, 0x9a, 0xe8, 0x3f, 0xc6, 0x7c, 0xa7, 0x03, 0x99, 0xe2, 0x40, 0xe8, 0xd6, 0x95, 0x83, 0x72, 0x0b, 0x8b, 0xf2, 0x3d, 0x1c, 0xd1, 0xae, 0x49, 0x78, 0xed, 0xb8, 0xb0, 0x1b, 0x41, 0xc5, 0xa9, 0x37, 0x94, 0x33, 0xa5, 0x4d, 0xd2, 0x2b, 0x73, 0xab, 0xa5, 0x27, 0xf7, 0x0d, 0xae, 0x1c, 0xc8, 0x85, 0xb9, 0xae, 0x41, 0x44, 0xf0, 0x22, 0x6b, 0x26, 0x38, 0x7f, 0xd2, 0x60, 0x71, 0xca, 0x84, 0xc7, 0x2d, 0x3c, 0x05, 0x36, 0xe8, 0x24, 0x5a, 0x8b, 0xc3, 0x66, 0x84, 0x8b, 0x9c, 0x37, 0x1f, 0xb4, 0x2d, 0x88, 0x62, 0x91, 0xa2, 0x57, 0x81, 0xf7, 0x72, 0x1c, 0x3f, 0xda, 0xed, 0x17, 0x52, 0xa8, 0xc1, 0xf2, 0x41, 0x6a, 0x91, 0x8e, 0xf1, 0x32, 0x93, 0xb0, 0xc9, 0x38, 0x4a, 0x23, 0x48, 0x41, 0x7c, 0x3a, 0x51, 0x12, 0xdb, 0x8a, 0xa8, 0xc8, 0xc4, 0xcd, 0x45, 0x42, 0x27, 0x76, 0xb4, 0x1c, 0xda, 0xef, 0x7a, 0xa1, 0x04, 0xe8, 0x42, 0x1f, 0x6c, 0x8e, 0x0e, 0x92, 0xd2, 0x0f, 0x13, 0x95, 0x67, 0x34, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01 }; const unsigned char* keyBinaryPointer = keyBinary; RSA* reloadedKey = nullptr; d2i_RSA_PUBKEY( &reloadedKey, &keyBinaryPointer, (long)sizeof( keyBinary ) ); EVP_PKEY* reloadedEVPKey = EVP_PKEY_new(); EVP_PKEY_assign_RSA( reloadedEVPKey, reloadedKey ); char keyStrBuffer[ 10240 ] = { 0 }; writePublicKey( reloadedEVPKey, keyStrBuffer, 10240 ); std::cout << "PEM Format:" << std::endl; std::cout << keyStrBuffer << std::endl; }