X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fopenssl%2Fecdsa.c;h=e2af6f9cddbdc581256a630bcd937be298452fbf;hb=70a1a5594af5d4e6a364186b42ba4e34c676009b;hp=a4f0f30d259b68355d94d9920d0416249df3c2ea;hpb=027228debee2ea6f31cd176e456c13d626380066;p=tinc

diff --git a/src/openssl/ecdsa.c b/src/openssl/ecdsa.c
index a4f0f30d..e2af6f9c 100644
--- a/src/openssl/ecdsa.c
+++ b/src/openssl/ecdsa.c
@@ -1,6 +1,6 @@
 /*
     ecdsa.c -- ECDSA key handling
-    Copyright (C) 2011 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2011-2012 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -26,24 +26,40 @@
 #include "ecdsa.h"
 #include "utils.h"
 
-// Set ECDSA keys
-
+// Get and set ECDSA keys
+//
 bool ecdsa_set_base64_public_key(ecdsa_t *ecdsa, const char *p) {
 	*ecdsa = EC_KEY_new_by_curve_name(NID_secp521r1);
+	if(!*ecdsa) {
+		logger(DEBUG_ALWAYS, LOG_DEBUG, "EC_KEY_new_by_curve_name failed: %s", ERR_error_string(ERR_get_error(), NULL));
+		return false;
+	}
 
 	int len = strlen(p);
 	unsigned char pubkey[len / 4 * 3 + 3];
 	const unsigned char *ppubkey = pubkey;
-	len = b64decode(p, pubkey, len);
+	len = b64decode(p, (char *)pubkey, len);
 
 	if(!o2i_ECPublicKey(ecdsa, &ppubkey, len)) {
-		logger(LOG_DEBUG, "o2i_ECPublicKey failed: %s", ERR_error_string(ERR_get_error(), NULL));
-		abort();
+		logger(DEBUG_ALWAYS, LOG_DEBUG, "o2i_ECPublicKey failed: %s", ERR_error_string(ERR_get_error(), NULL));
+		return false;
 	}
 
 	return true;
 }
 
+char *ecdsa_get_base64_public_key(ecdsa_t *ecdsa) {
+	unsigned char *pubkey = NULL;
+	int len = i2o_ECPublicKey(*ecdsa, &pubkey);
+
+	char *base64 = malloc(len * 4 / 3 + 5);
+	b64encode((char *)pubkey, base64, len);
+
+	free(pubkey);
+
+	return base64;
+}
+
 // Read PEM ECDSA keys
 
 bool ecdsa_read_pem_public_key(ecdsa_t *ecdsa, FILE *fp) {
@@ -52,7 +68,7 @@ bool ecdsa_read_pem_public_key(ecdsa_t *ecdsa, FILE *fp) {
 	if(*ecdsa)
 		return true;
 
-	logger(LOG_ERR, "Unable to read ECDSA public key: %s", ERR_error_string(ERR_get_error(), NULL));
+	logger(DEBUG_ALWAYS, LOG_ERR, "Unable to read ECDSA public key: %s", ERR_error_string(ERR_get_error(), NULL));
 	return false;
 }
 
@@ -61,8 +77,8 @@ bool ecdsa_read_pem_private_key(ecdsa_t *ecdsa, FILE *fp) {
 
 	if(*ecdsa)
 		return true;
-	
-	logger(LOG_ERR, "Unable to read ECDSA private key: %s", ERR_error_string(ERR_get_error(), NULL));
+
+	logger(DEBUG_ALWAYS, LOG_ERR, "Unable to read ECDSA private key: %s", ERR_error_string(ERR_get_error(), NULL));
 	return false;
 }
 
@@ -75,31 +91,27 @@ size_t ecdsa_size(ecdsa_t *ecdsa) {
 bool ecdsa_sign(ecdsa_t *ecdsa, const void *in, size_t len, void *sig) {
 	unsigned int siglen = ECDSA_size(*ecdsa);
 
-	char hash[SHA512_DIGEST_LENGTH];
+	unsigned char hash[SHA512_DIGEST_LENGTH];
 	SHA512(in, len, hash);
 
 	memset(sig, 0, siglen);
 
 	if(!ECDSA_sign(0, hash, sizeof hash, sig, &siglen, *ecdsa)) {
-		logger(LOG_DEBUG, "ECDSA_sign() failed: %s", ERR_error_string(ERR_get_error(), NULL));
+		logger(DEBUG_ALWAYS, LOG_DEBUG, "ECDSA_sign() failed: %s", ERR_error_string(ERR_get_error(), NULL));
 		return false;
 	}
 
-	if(siglen != ECDSA_size(*ecdsa)) {
-		logger(LOG_ERR, "Signature length %d != %d", siglen, ECDSA_size(*ecdsa));
-	}
-
 	return true;
 }
 
 bool ecdsa_verify(ecdsa_t *ecdsa, const void *in, size_t len, const void *sig) {
 	unsigned int siglen = ECDSA_size(*ecdsa);
 
-	char hash[SHA512_DIGEST_LENGTH];
+	unsigned char hash[SHA512_DIGEST_LENGTH];
 	SHA512(in, len, hash);
 
 	if(!ECDSA_verify(0, hash, sizeof hash, sig, siglen, *ecdsa)) {
-		logger(LOG_DEBUG, "ECDSA_verify() failed: %s", ERR_error_string(ERR_get_error(), NULL));
+		logger(DEBUG_ALWAYS, LOG_DEBUG, "ECDSA_verify() failed: %s", ERR_error_string(ERR_get_error(), NULL));
 		return false;
 	}