mirror
/
u2f-zero
kopia lustrzana https://github.com/conorpp/u2f-zero
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

genkey

vtcsec_summit
Conor Patrick 2016-02-26 23:12:56 -05:00
rodzic 7725339659
commit c7c75d1e2c
3 zmienionych plików z 154 dodań i 128 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

126
tools/ecdsa-verify.c
Wyświetl plik

@ -1,126 +0,0 @@
#include <openssl/obj_mac.h>
#include <openssl/ecdsa.h>
#include <openssl/sha.h>
#include <openssl/bn.h>
#include <openssl/err.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <assert.h>
#include <unistd.h>
int verify(char * digest, char * pubxy, char * rs )
{
EC_KEY * key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
ECDSA_SIG sig;
BIGNUM * bnx = NULL, * bny = NULL;
char r[65], s[65], x[65], y[65];
memmove(x, pubxy, 64);
memmove(y, pubxy+64, 64);
memmove(r, rs, 64);
memmove(s, rs+64, 64);
memset(&sig, 0, sizeof(ECDSA_SIG));
r[64] = s[64] = x[64] = y[64] = 0;
if (!BN_hex2bn(&bnx, x))
{ return -1; }
if (!BN_hex2bn(&bny, y))
{ return -1; }
if (!BN_hex2bn(&sig.r, r))
{ return -1; }
if (!BN_hex2bn(&sig.s, s))
{ return -1; }
if (!EC_KEY_set_public_key_affine_coordinates(key,bnx,bny))
{ return -1; }
int ret = ECDSA_do_verify(digest, SHA256_DIGEST_LENGTH, &sig, key);
EC_KEY_free(key);
BN_free(bnx);
BN_free(bny);
BN_free(sig.r);
BN_free(sig.s);
return ret;
}
int main(int argc, char * argv[])
{
char buf[256], c;
char digest[SHA256_DIGEST_LENGTH];
int take_digest = 1;
SHA256_CTX sha256;
int n, ret;
char * pubkey, * sig;
if (argc != 3 && argc != 4)
{
fprintf(stderr, "usage: %s <public-key-hex> <signature-hex> [-d]\n"
" -d: don't take sha256sum of stdin input\n",argv[0]);
return 1;
}
ERR_load_crypto_strings();
pubkey = argv[1];
sig = argv[2];
while ( (c = getopt(argc, argv, "d") ) != -1)
{
switch (c)
{
case 'd':
take_digest = 0;
break;
}
}
if (take_digest)
{
SHA256_Init(&sha256);
while ((n = read(STDIN_FILENO, buf, sizeof(buf)))>0)
{
SHA256_Update(&sha256, buf, n);
}
SHA256_Final(digest, &sha256);
}
else
{
read(STDIN_FILENO, digest, sizeof(digest));
}
ret = verify(digest,
pubkey,
sig);
switch(ret)
{
case -1:
fprintf(stderr,"signature error: %s\n", ERR_error_string(ERR_get_error(),NULL) );
break;
case 0:
printf("signature incorrect\n");
break;
case 1:
printf("signature correct\n");
break;
}
ERR_free_strings();
return 0;
}

6
tools/Makefile → tools/gencert/Makefile
Wyświetl plik

@ -3,8 +3,10 @@ obj = $(src:.c=.o)
LDFLAGS = -lcrypto LDFLAGS = -lcrypto
verify: $(obj) name=gencert
$(name): $(obj)
$(CC) -O3 -Wall -Werror -o $@ $^ $(LDFLAGS) $(CC) -O3 -Wall -Werror -o $@ $^ $(LDFLAGS)
clean: clean:
rm -f $(obj) verify rm -f $(obj) $(name)

150
tools/gencert/gencert.c 100644
Wyświetl plik

@ -0,0 +1,150 @@
#include <openssl/obj_mac.h>
#include <openssl/ecdsa.h>
#include <openssl/x509.h>
#include <openssl/sha.h>
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <assert.h>
#include <unistd.h>
#include <sys/stat.h>
#include <fcntl.h>
int generate_cert(EVP_PKEY * signer, EVP_PKEY ** outpriv, X509 ** outcert)
{
int ret;
EC_KEY * key;
EVP_PKEY * pkey;
X509 * x509;
X509_NAME * name;
key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
pkey = EVP_PKEY_new();
x509 = X509_new();
if (key == NULL || pkey == NULL || x509 == NULL)
{ return 0; }
if (!EC_KEY_generate_key(key))
{ return 0; }
if (!EVP_PKEY_assign_EC_KEY(pkey, key))
{ return 0; }
if (!ASN1_INTEGER_set(X509_get_serialNumber(x509), 1))
{ return 0; }
if (!X509_gmtime_adj(X509_get_notBefore(x509), 0))
{ return 0; }
if (!X509_gmtime_adj(X509_get_notAfter(x509), 189216000L)) // 6 yrs
{ return 0; }
if (!X509_set_pubkey(x509, pkey))
{ return 0; }
name = X509_get_subject_name(x509);
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC,
(unsigned char *)"VA", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC,
(unsigned char *)"ConorCo LLC", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
(unsigned char *)"u2fzero.com", -1, -1, 0);
if (!X509_set_issuer_name(x509, name))
{ return 0; }
if (!X509_sign(x509, pkey, EVP_sha256()))
{ return 0; }
*outpriv = pkey;
*outcert = x509;
return 1;
}
static void openssl_die()
{
fprintf(stderr,"signature error: %s\n",
ERR_error_string(ERR_get_error(),NULL) );
exit(2);
}
int main(int argc, char * argv[])
{
if (argc != 4)
{
fprintf(stderr, "usage: %s <in-privkey> <outcert> <outprivkey>\n", argv[0]);
return 1;
}
X509 * gencert = NULL;
EVP_PKEY * privkey = NULL, * genprivkey = NULL;
FILE* f = fopen(argv[1], "r");
if (f == NULL)
{
perror("fopen");
return 2;
}
ERR_load_crypto_strings();
PEM_read_PrivateKey(f, &privkey, NULL, NULL);
if (!generate_cert(privkey, &genprivkey, &gencert))
{ openssl_die(); }
FILE * fcert;
fcert = fopen(argv[2], "wb");
if (fcert == NULL)
{
perror("fopen");
return 2;
}
if (!PEM_write_X509(
fcert,
gencert
))
{ openssl_die(); }
FILE * fpriv;
fpriv = fopen(argv[3], "wb");
if (fpriv == NULL)
{
perror("fopen");
return 2;
}
if (!PEM_write_PrivateKey(
fpriv,
genprivkey,
NULL,
NULL,
0,
NULL,
NULL
))
{ openssl_die(); }
fclose(fcert);
fclose(fpriv);
X509_free(gencert);
EVP_PKEY_free(genprivkey);
EVP_PKEY_free(privkey);
ERR_free_strings();
fclose(f);
return 0;
}