teknomunk
/
apogee
1
0
Fork 0
Code Issues 17 Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a48a288782'
${ noResults }
apogee/src/model/crypto/keys.c

132 lines
2.8 KiB
C
Raw Normal View History Unescape

Start crypto implementation, remove debug printfs, partial application of s/reverse_index/uri_index/, fix memory leak in rie_reader, start writing outbox processing
1 year ago
#include "keys.h"
#include <openssl/pem.h>
#include <openssl/evp.h>
struct crypto_keys
{
EVP_PKEY* pubkey;
EVP_PKEY* privkey;
};
struct crypto_keys* crypto_keys_new()
{
struct crypto_keys* k;
k = malloc(sizeof(*k));
memset(k,0,sizeof(*k));
return k;
}
void crypto_keys_free( struct crypto_keys* keys )
{
if( !keys ) { return; }
if( keys->pubkey ) {
EVP_PKEY_free(keys->pubkey);
}
if( keys->privkey ) {
EVP_PKEY_free(keys->privkey);
}
free(keys);
}
bool crypto_keys_load_private( struct crypto_keys* keys, const char* filename )
{
if( keys->privkey ) {
EVP_PKEY_free( keys->privkey );
keys->privkey = NULL;
}
FILE* f = fopen(filename,"r");
keys->privkey = PEM_read_PrivateKey( f, NULL, NULL, NULL );
fclose(f);
return !!keys->privkey;
}
char* base64_strict_encode( void* v_binary, size_t len )
{
// RFC 4648 - https://www.rfc-editor.org/rfc/rfc4648.html
static const char* alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
enum { pad = '=' };
uint8_t* binary = v_binary;
const int groups = ( len + 2 ) / 3;
const int padding = len % 3;
char* result = malloc( groups * 4 + 1 );
result[groups*4] = '\0';
uint32_t word;
char* out = result;
for( int remain = len; remain > 0; remain -= 3, binary += 3, out += 4 ) {
word = 0;
switch( remain ) {
default:
word |= binary[2] << (8*0);
case 2:
word |= binary[1] << (8*1);
case 1:
word |= binary[0] << (8*2);
}
switch( remain ) {
default:
out[3] = alphabet[ ( word >> (6*0) ) % 64 ];
case 2:
out[2] = alphabet[ ( word >> (6*1) ) % 64 ];
case 1:
out[1] = alphabet[ ( word >> (6*2) ) % 64 ];
out[0] = alphabet[ ( word >> (6*3) ) % 64 ];
}
switch( remain ) {
case 1:
out[3] = '=';
out[2] = '=';
break;
case 2:
out[3] = '=';
break;
}
}
return result;
}
char* crypto_keys_sign( struct crypto_keys* keys, void* data, unsigned int size )
{
char* result = NULL;
char* sign_binary = NULL;
EVP_PKEY_CTX* ctx = NULL;
if( !keys->privkey ) { return NULL; }
// Setup for signature
// Code based on https://www.openssl.org/docs/man3.1/man3/EVP_PKEY_sign.html
ctx = EVP_PKEY_CTX_new(keys->privkey, NULL /* no engine */);
if( !ctx ) { goto failed; }
if( EVP_PKEY_sign_init(ctx) <= 0 ) { goto failed; }
if( EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0 ) { goto failed; }
if( EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0 ) { goto failed; }
size_t siglen;
if( EVP_PKEY_sign(ctx, NULL, &siglen, data, size ) <= 0 ) { goto failed; }
sign_binary = malloc(siglen);
if( EVP_PKEY_sign(ctx, sign_binary, &siglen, data, size) <= 0 ) { goto failed; }
result = base64_strict_encode( sign_binary, siglen );
cleanup:
free(sign_binary);
EVP_PKEY_CTX_free(ctx);
return result;
failed:
free(result); result = NULL;
goto cleanup;
}