web
/
surfer
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
A simple Qt based browser with no bullshit that supports PKCS#11 tokens (such as the SuisseID).
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
33 Commits
1 Branch
13 Tags
415 MiB
 
 
 
 
Tag: Branch: Tree: 4bdf7810b0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4bdf7810b0'
${ noResults }
surfer/openssl-act-engine/src/test_engine.cpp

123 lines
3.5 KiB
Raw Blame History

#include "engine_sct.h"
#include <cstring>
#include <openssl/rsa.h>
#include <openssl/engine.h>
#define CHECK(X) \
if (!(res=X)) { \
printf("ERROR: %s\n", #X); \
for (unsigned int err(0); err=ERR_get_error();) { \
fprintf(stderr,"%s\n", ERR_error_string(err, NULL)); \
} \
return -1; \
}
int main(int argc, char* argv[])
{
ENGINE* e = NULL;
enum_certs_s* certs_found = NULL;
ENGINE_load_dynamic();
e = ENGINE_by_id("dynamic");
if (!e) {
printf("ERROR: No Engine");
return -1;
}
int res(-1);
// Parameters to set for the dynamic loader
CHECK(ENGINE_ctrl_cmd_string(e, "SO_PATH", "./.libs/libengine_act.so", 0));
CHECK(ENGINE_ctrl_cmd_string(e, "ID", "act", 0));
CHECK(ENGINE_ctrl_cmd_string(e, "LIST_ADD", "1", 0));
// Now actually load the SecureToken engine.
CHECK(ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)
|| ENGINE_ctrl_cmd_string(e, "SO_PATH", "./src/.libs/libengine_act.so", 0)
&& ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0));
// Following control commands go to the SecureToken engine rather than the dynamic loader
CHECK(ENGINE_init(e));
CHECK(ENGINE_ctrl_cmd(e, "ENUM_CERTS", 0, &certs_found, NULL, 0));
printf("Found %d certificates.\n", certs_found->num_certs);
enum_cert_s* selected_cert = NULL;
for(int i=0;i<certs_found->num_certs;i++)
{
printf("Certificate %d:\n", i);
printf(" Name: %s\n", certs_found->certificate[i].cert->name);
if(certs_found->certificate[i].id == NULL)
printf(" No key.\n");
else
{
printf(" Key access ID: %s\n", certs_found->certificate[i].id);
if(!selected_cert) selected_cert = &certs_found->certificate[i];
}
}
/*
EVP_PKEY* pk_pub = ENGINE_load_public_key(e, selected_cert->id, NULL, NULL);
RSA* pubkey = EVP_PKEY_get1_RSA(pk_pub);
const char* source = "Dies ist ein geheimer Testtext zum Verschlüsseln\n";
int srclen = strlen(source)+1;
unsigned char cipherbuf[srclen*2048];
int ciphlen = RSA_public_encrypt(srclen, (const unsigned char *) source, cipherbuf, pubkey, RSA_PKCS1_PADDING);
EVP_PKEY_free(pk_pub);
RSA_free(pubkey);
EVP_PKEY* pk_priv = ENGINE_load_private_key(e, selected_cert->id, NULL, NULL);
RSA* privkey = EVP_PKEY_get1_RSA(pk_priv);
char plainbuf[srclen*2];
int plainlen = RSA_private_decrypt(ciphlen, cipherbuf, (unsigned char *) plainbuf, privkey, RSA_PKCS1_PADDING);
EVP_PKEY_free(pk_priv);
RSA_free(privkey);
if(srclen != plainlen || strcmp(source, plainbuf))
printf("Unterschied in Ver/Entschlüsselung");
else
printf("%s",plainbuf);
*/
const char *source = "Dies ist ein Testtext zum Signieren.\n";
int srclen = strlen(source)+1;
char signature[1000];
unsigned int siglen = 0;
EVP_PKEY* pk_priv = ENGINE_load_private_key(e, selected_cert->id, NULL, NULL);
RSA* privkey = EVP_PKEY_get1_RSA(pk_priv);
CHECK(RSA_sign(NID_md5_sha1, (const unsigned char*)source, srclen, (unsigned char*)signature, &siglen, privkey));
printf("Signature-Len: %d\n", siglen);
EVP_PKEY* pk_pub = ENGINE_load_public_key(e, selected_cert->id, NULL, NULL);
RSA* pubkey = EVP_PKEY_get1_RSA(pk_pub);
CHECK(RSA_verify(NID_md5_sha1,(const unsigned char*) source, srclen, (unsigned char*)signature, siglen, pubkey));
CHECK(ENGINE_finish(e));
ENGINE_cleanup();
return 0;
}