Mirrors/i2pd
2
0
Fork 0
mirror of https://github.com/PurpleI2P/i2pd.git synced 2025-01-22 21:37:17 +01:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

extract EcDSA key from family certificate

Browse source
This commit is contained in:
orignal 2016-02-19 16:13:46 -05:00
parent cb64072f7b
commit 7bfc3562af
2 changed files with 50 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
Family.cpp
View file

@ -1,7 +1,9 @@
#include <string.h>
#include "util.h" #include "util.h"
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include "Log.h" #include "Log.h"
#include "Crypto.h"
#include "Family.h" #include "Family.h"
namespace i2p namespace i2p
@ -24,12 +26,14 @@ namespace data
{ {
SSL * ssl = SSL_new (ctx); SSL * ssl = SSL_new (ctx);
X509 * cert = SSL_get_certificate (ssl); X509 * cert = SSL_get_certificate (ssl);
// verify
if (cert) if (cert)
{ {
std::shared_ptr<i2p::crypto::Verifier> verifier;
// extract issuer name // extract issuer name
char name[100]; char name[100];
X509_NAME_oneline (X509_get_issuer_name(cert), name, 100); X509_NAME_oneline (X509_get_issuer_name(cert), name, 100);
char * family = strstr (name, ".family");
if (family) family[0] = 0;
auto pkey = X509_get_pubkey (cert); auto pkey = X509_get_pubkey (cert);
int keyType = EVP_PKEY_type(pkey->type); int keyType = EVP_PKEY_type(pkey->type);
switch (keyType) switch (keyType)
@ -39,13 +43,37 @@ namespace data
break; break;
case EVP_PKEY_EC: case EVP_PKEY_EC:
{ {
//EC_KEY * ecKey = EVP_PKEY_get0_EC_KEY (pkey); EC_KEY * ecKey = EVP_PKEY_get1_EC_KEY (pkey);
if (ecKey)
{
auto group = EC_KEY_get0_group (ecKey);
if (group)
{
int curve = EC_GROUP_get_curve_name (group);
if (curve == NID_X9_62_prime256v1)
{
uint8_t signingKey[64];
BIGNUM * x = BN_new(), * y = BN_new();
EC_POINT_get_affine_coordinates_GFp (group,
EC_KEY_get0_public_key (ecKey), x, y, NULL);
i2p::crypto::bn2buf (x, signingKey, 32);
i2p::crypto::bn2buf (y, signingKey + 32, 32);
BN_free (x); BN_free (y);
verifier = std::make_shared<i2p::crypto::ECDSAP256Verifier>(signingKey);
}
else
LogPrint (eLogWarning, "Family: elliptic curve ", curve, " is not supported");
}
EC_KEY_free (ecKey);
}
break; break;
} }
default: default:
LogPrint (eLogWarning, "Family: Certificate key type ", keyType, " is not supported"); LogPrint (eLogWarning, "Family: Certificate key type ", keyType, " is not supported");
} }
EVP_PKEY_free (pkey); EVP_PKEY_free (pkey);
if (verifier)
m_SigningKeys[name] = verifier;
} }
SSL_free (ssl); SSL_free (ssl);
} }
@ -72,6 +100,23 @@ namespace data
if (numCertificates > 0) if (numCertificates > 0)
LogPrint (eLogInfo, "Family: ", numCertificates, " certificates loaded"); LogPrint (eLogInfo, "Family: ", numCertificates, " certificates loaded");
} }
bool Families::VerifyFamily (const char * family, const IdentHash& ident,
const char * signature, const char * key)
{
uint8_t buf[50], signatureBuf[64];
size_t len = strlen (family), signatureLen = strlen (signature);
memcpy (buf, family, len);
memcpy (buf + len, (const uint8_t *)ident, 32);
len += 32;
Base64ToByteStream (signature, signatureLen, signatureBuf, 64);
auto it = m_SigningKeys.find (family);
if (it != m_SigningKeys.end ())
return it->second->Verify (buf, len, signatureBuf);
// TODO: process key
return true;
}
} }
} }

3
Family.h
View file

@ -5,6 +5,7 @@
#include <string> #include <string>
#include <memory> #include <memory>
#include "Signature.h" #include "Signature.h"
#include "Identity.h"
namespace i2p namespace i2p
{ {
@ -17,6 +18,8 @@ namespace data
Families (); Families ();
~Families (); ~Families ();
void LoadCertificates (); void LoadCertificates ();
bool VerifyFamily (const char * family, const IdentHash& ident,
const char * signature, const char * key);
private: private: