#include "engine_sct.h" #include #include #include #include #define CHECK(X) \ if (!(res=X)) { \ printf("ERROR: %s\n", #X); \ for (unsigned int err(0); err=ERR_get_error();) { \ fprintf(stderr,"%s\n", ERR_error_string(err, NULL)); \ } \ return -1; \ } int main(int argc, char* argv[]) { ENGINE* e = NULL; enum_certs_s* certs_found = NULL; ENGINE_load_dynamic(); e = ENGINE_by_id("dynamic"); if (!e) { printf("ERROR: No Engine"); return -1; } int res(-1); // Parameters to set for the dynamic loader CHECK(ENGINE_ctrl_cmd_string(e, "SO_PATH", "./.libs/libengine_act.so", 0)); CHECK(ENGINE_ctrl_cmd_string(e, "ID", "act", 0)); CHECK(ENGINE_ctrl_cmd_string(e, "LIST_ADD", "1", 0)); // Now actually load the SecureToken engine. CHECK(ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0) || ENGINE_ctrl_cmd_string(e, "SO_PATH", "./src/.libs/libengine_act.so", 0) && ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)); // Following control commands go to the SecureToken engine rather than the dynamic loader CHECK(ENGINE_init(e)); CHECK(ENGINE_ctrl_cmd(e, "ENUM_CERTS", 0, &certs_found, NULL, 0)); printf("Found %d certificates.\n", certs_found->num_certs); enum_cert_s* selected_cert = NULL; for(int i=0;inum_certs;i++) { printf("Certificate %d:\n", i); printf(" Name: %s\n", certs_found->certificate[i].cert->name); if(certs_found->certificate[i].id == NULL) printf(" No key.\n"); else { printf(" Key access ID: %s\n", certs_found->certificate[i].id); if(!selected_cert) selected_cert = &certs_found->certificate[i]; } } /* EVP_PKEY* pk_pub = ENGINE_load_public_key(e, selected_cert->id, NULL, NULL); RSA* pubkey = EVP_PKEY_get1_RSA(pk_pub); const char* source = "Dies ist ein geheimer Testtext zum Verschlüsseln\n"; int srclen = strlen(source)+1; unsigned char cipherbuf[srclen*2048]; int ciphlen = RSA_public_encrypt(srclen, (const unsigned char *) source, cipherbuf, pubkey, RSA_PKCS1_PADDING); EVP_PKEY_free(pk_pub); RSA_free(pubkey); EVP_PKEY* pk_priv = ENGINE_load_private_key(e, selected_cert->id, NULL, NULL); RSA* privkey = EVP_PKEY_get1_RSA(pk_priv); char plainbuf[srclen*2]; int plainlen = RSA_private_decrypt(ciphlen, cipherbuf, (unsigned char *) plainbuf, privkey, RSA_PKCS1_PADDING); EVP_PKEY_free(pk_priv); RSA_free(privkey); if(srclen != plainlen || strcmp(source, plainbuf)) printf("Unterschied in Ver/Entschlüsselung"); else printf("%s",plainbuf); */ const char *source = "Dies ist ein Testtext zum Signieren.\n"; int srclen = strlen(source)+1; char signature[1000]; unsigned int siglen = 0; EVP_PKEY* pk_priv = ENGINE_load_private_key(e, selected_cert->id, NULL, NULL); RSA* privkey = EVP_PKEY_get1_RSA(pk_priv); CHECK(RSA_sign(NID_md5_sha1, (const unsigned char*)source, srclen, (unsigned char*)signature, &siglen, privkey)); printf("Signature-Len: %d\n", siglen); EVP_PKEY* pk_pub = ENGINE_load_public_key(e, selected_cert->id, NULL, NULL); RSA* pubkey = EVP_PKEY_get1_RSA(pk_pub); CHECK(RSA_verify(NID_md5_sha1,(const unsigned char*) source, srclen, (unsigned char*)signature, siglen, pubkey)); CHECK(ENGINE_finish(e)); ENGINE_cleanup(); return 0; }