dimanche 20 janvier 2019

Load public key with openssl - invalid encoding

I start using openssl. I want to use a public key to check a signature. But for now, I can not read my public key with openssl.

Here is my source code:

#include <iostream>

#include <openssl/ec.h>
#include <openssl/evp.h>
#include <openssl/err.h>

bool verifyPublicKey(const std::string &sRawPublicKey);
void printAllError();


int main(int argc, char* argv[])
{
    if (argc < 2) {
        std::cerr << "Usage: " << argv[0] << " PUBLIC KEY" << std::endl;
        return EXIT_FAILURE;
    }

    std::string sPublicKey = argv[1];

    std::cout << "Key: " << sPublicKey << std::endl;

    bool bRes = verifyPublicKey(sPublicKey);

    if (!bRes)
    {
        std::cerr << "verifyPublicKey failled" << std::endl;
        return EXIT_FAILURE;
    }

    return EXIT_SUCCESS;
}

bool verifyPublicKey(const std::string &sRawPublicKey)
{
    bool bRes = false;

    EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
    EC_KEY_set_conv_form(eckey, POINT_CONVERSION_UNCOMPRESSED);

    unsigned char *p_RawPublicKey = new unsigned char[sRawPublicKey.length() + 1];
    std::copy(sRawPublicKey.begin(), sRawPublicKey.end(), p_RawPublicKey);
    const unsigned char *pubkey_raw_p = p_RawPublicKey;

    o2i_ECPublicKey(&eckey, &pubkey_raw_p, sRawPublicKey.size());

    if (!EC_KEY_check_key(eckey))
    {
        EC_KEY_free(eckey);
        bRes = false;
        printAllError();
    }
    else
    {
        EC_KEY_free(eckey);
        bRes = true;
    }

    return bRes;
}

void printAllError()
{
    while (ERR_peek_last_error() != 0)
    {
        std::cerr << ERR_error_string(ERR_get_error(), nullptr) << std::endl;
    }
}

I run it with the following public key:

3059301306072A8648CE3D020106082A8648CE3D03010703420004E297417036EB4C6404CC9C2AC4F28468DD0A92F2C9496D187D2BCA784DB49AB540B9FD9ACE0BA49C8532825954755EC10246A71AF2AEE9AEC34BE683CDDFD212

ASN.1 Decoder:

SEQUENCE {    
    SEQUENCE {
        OBJECTIDENTIFIER 1.2.840.10045.2.1 (ecPublicKey)
        OBJECTIDENTIFIER 1.2.840.10045.3.1.7 (P-256)    
    }
    BITSTRING 0x04E297417036EB4C6404CC9C2AC4F28468DD0A92F2C9496D187D2BCA784DB49AB540B9FD9ACE0BA49C8532825954755EC10246A71AF2AEE9AEC34BE683CDDFD212
    : 0 unused bit(s) 
}

With the ASN.1, I notice that the key I use is in the correct format: 0x04 || HEX(x) || HEX(y) with z = 0x04.

The output of the program is as follows:

Key: 3059301306072A8648CE3D020106082A8648CE3D03010703420004E297417036EB4C6404CC9C2AC4F28468DD0A92F2C9496D187D2BCA784DB49AB540B9FD9ACE0BA49C8532825954755EC10246A71AF2AEE9AEC34BE683CDDFD212

error:10067066:elliptic curve routines:ec_GFp_simple_oct2point:invalid encoding

error:10098010:elliptic curve routines:o2i_ECPublicKey:EC lib

error:1010206A:elliptic curve routines:ec_key_simple_check_key:point at infinity verifyPublicKey failed

I'm lost. Do you have explanations? Moreover, is it possible to go further by giving only x and y (without ASN.1 header).

Thank you

Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)