From b0d1dd5a949d1ea07ce54753c7b2d3186fc522e5 Mon Sep 17 00:00:00 2001
From: EndrII <EndrIIMail@gmail.com>
Date: Sun, 16 Jul 2023 11:56:11 +0200
Subject: [PATCH] fix generate keys (ecdsa)
---
src/lib/src/public/easyssl/ecdsassl.cpp | 51 ++++++++++++++++++++++++-
src/lib/src/public/easyssl/ecdsassl.h | 33 +++++++++++++++-
src/lib/src/public/easyssl/rsassl.cpp | 19 ++++++++-
3 files changed, 98 insertions(+), 5 deletions(-)
diff --git a/src/lib/src/public/easyssl/ecdsassl.cpp b/src/lib/src/public/easyssl/ecdsassl.cpp
index 618ed8d..8a59bfe 100644
--- a/src/lib/src/public/easyssl/ecdsassl.cpp
+++ b/src/lib/src/public/easyssl/ecdsassl.cpp
@@ -20,25 +20,39 @@
#include <easysslutils.h>
#include <QDebug>
#include <openssl/pem.h>
+#include <openssl/core_names.h>
namespace EasySSL {
-ECDSASSL::ECDSASSL() {}
+ECDSASSL::ECDSASSL(EllipticCurveStandart curveStandart) {
+ setCurve(curveStandart);
+}
EVP_PKEY * ECDSASSL::makeRawKeys() const {
EVP_PKEY *pkey = nullptr;
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr);
if (!pctx) {
- qCritical() << "Error reading public key";
+ EasySSLUtils::printlastOpenSSlError();
return nullptr;
}
EVP_PKEY_keygen_init(pctx);
+ OSSL_PARAM params[2];
+ params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
+ const_cast<char*>(getCStr(_curve)),
+ 0);
+ params[1] = OSSL_PARAM_construct_end();
+ EVP_PKEY_CTX_set_params(pctx, params);
+
EVP_PKEY_generate(pctx, &pkey);
EVP_PKEY_CTX_free(pctx);
+ if (!pkey) {
+ EasySSLUtils::printlastOpenSSlError();
+ return nullptr;
+ }
return pkey;
}
@@ -61,6 +75,7 @@ QByteArray ECDSASSL::signMessage(const QByteArray &inputData,
if (!ecPrivateKey) {
qCritical() << "Error reading private key";
+ EasySSLUtils::printlastOpenSSlError();
return {};
}
@@ -71,6 +86,8 @@ QByteArray ECDSASSL::signMessage(const QByteArray &inputData,
// Initialize the signing operation
if (EVP_DigestSignInit(mdctx, nullptr, EVP_sha256(), nullptr, ecPrivateKey) != 1) {
+ EasySSLUtils::printlastOpenSSlError();
+
EVP_MD_CTX_free(mdctx);
return {};
}
@@ -80,6 +97,8 @@ QByteArray ECDSASSL::signMessage(const QByteArray &inputData,
// Provide the message to be signed
if (EVP_DigestSignUpdate(mdctx, hash.data(), hash.size()) != 1) {
+ EasySSLUtils::printlastOpenSSlError();
+
EVP_MD_CTX_free(mdctx);
return {};
}
@@ -87,6 +106,8 @@ QByteArray ECDSASSL::signMessage(const QByteArray &inputData,
size_t signatureLength = 0;
// Determine the length of the signature
if (EVP_DigestSignFinal(mdctx, nullptr, &signatureLength) != 1) {
+ EasySSLUtils::printlastOpenSSlError();
+
EVP_MD_CTX_free(mdctx);
return {};
}
@@ -95,6 +116,8 @@ QByteArray ECDSASSL::signMessage(const QByteArray &inputData,
// Perform the final signing operation and obtain the signature
if (EVP_DigestSignFinal(mdctx, reinterpret_cast<unsigned char*>(signature.data()), &signatureLength) != 1) {
+ EasySSLUtils::printlastOpenSSlError();
+
EVP_MD_CTX_free(mdctx);
return {};
}
@@ -119,6 +142,8 @@ bool ECDSASSL::checkSign(const QByteArray &inputData,
// Initialize the verification operation
if (EVP_DigestVerifyInit(mdctx, NULL, EVP_sha256(), NULL, rsaPublickKey) != 1) {
+ EasySSLUtils::printlastOpenSSlError();
+
EVP_MD_CTX_free(mdctx);
return false;
}
@@ -128,6 +153,8 @@ bool ECDSASSL::checkSign(const QByteArray &inputData,
// Provide the message to be verified
if (EVP_DigestVerifyUpdate(mdctx, hash.data(), hash.size()) != 1) {
+ EasySSLUtils::printlastOpenSSlError();
+
EVP_MD_CTX_free(mdctx);
return false;
}
@@ -151,4 +178,24 @@ QByteArray ECDSASSL::encrypt(const QByteArray &, const QByteArray &) {
return {};
}
+ECDSASSL::EllipticCurveStandart ECDSASSL::curve() const {
+ return _curve;
+}
+
+void ECDSASSL::setCurve(EllipticCurveStandart newCurve) {
+ _curve = newCurve;
+}
+
+const char *ECDSASSL::getCStr(EllipticCurveStandart value) const {
+ switch (value) {
+ case P_256: return "P-256";
+ case P_384: return "P-384";
+ case P_521: return "P-521";
+ case X448: return "X448";
+ case X25519: return "X25519";
+
+ default: return nullptr;
+ }
+}
+
}
diff --git a/src/lib/src/public/easyssl/ecdsassl.h b/src/lib/src/public/easyssl/ecdsassl.h
index 8e16ab0..dbb580b 100644
--- a/src/lib/src/public/easyssl/ecdsassl.h
+++ b/src/lib/src/public/easyssl/ecdsassl.h
@@ -19,9 +19,24 @@ namespace EasySSL {
*/
class EASYSSL_EXPORT ECDSASSL: public EasySSL::ICrypto
{
+ /**
+ * @brief The EllipticCurveStandart enum List of supported Elliptic Curve Standarts
+ */
+ enum EllipticCurveStandart {
+ /// Private key (point on Elliptic Curve ) based on 256 bit prime number
+ P_256,
+ /// Private key (point on Elliptic Curve ) based on 384 bit prime number
+ P_384,
+ /// Private key (point on Elliptic Curve ) based on 521 bit prime number
+ P_521,
+ /// based on elliptic curve potentially offering 224 bits of security and designed for use with the elliptic-curve Diffie–Hellman (ECDH) key agreement scheme
+ X448,
+ /// base on an elliptic curve used in elliptic-curve cryptography (ECC) offering 128 bits of security (256-bit key size) and designed for use with the elliptic curve Diffie–Hellman (ECDH) key agreement scheme. It is one of the fastest curves in ECC, and is not covered by any known patents.
+ X25519
+ };
public:
- ECDSASSL();
+ ECDSASSL(EllipticCurveStandart curveStandart = EllipticCurveStandart::P_256);
EVP_PKEY * makeRawKeys() const override;
Features supportedFeatures() const override;
QSsl::KeyAlgorithm keyAlgorithm() const override;
@@ -41,6 +56,22 @@ public:
*/
QByteArray encrypt(const QByteArray &message, const QByteArray &key) override;
+ /**
+ * @brief curve This method return current curve method. using only for generate new pair keys.
+ * @return current cursve type.
+ * @see EllipticCurveStandart
+ */
+ EllipticCurveStandart curve() const;
+
+ /**
+ * @brief setCurve This method sets new curve standart value.
+ * @param newCurve this is new value of curve standart.
+ */
+ void setCurve(EllipticCurveStandart newCurve);
+
+private:
+ const char *getCStr(EllipticCurveStandart value) const;
+ EllipticCurveStandart _curve = EllipticCurveStandart::P_256;
};
}
diff --git a/src/lib/src/public/easyssl/rsassl.cpp b/src/lib/src/public/easyssl/rsassl.cpp
index 62a1a90..83e497f 100644
--- a/src/lib/src/public/easyssl/rsassl.cpp
+++ b/src/lib/src/public/easyssl/rsassl.cpp
@@ -54,6 +54,7 @@ QByteArray RSASSL::signMessage(const QByteArray &inputData, const QByteArray &ke
if (!rsaPrivateKey) {
qCritical() << "Error reading private key";
+ EasySSLUtils::printlastOpenSSlError();
return {};
}
@@ -64,6 +65,7 @@ QByteArray RSASSL::signMessage(const QByteArray &inputData, const QByteArray &ke
// Initialize the signing operation
if (EVP_DigestSignInit(mdctx, nullptr, EVP_sha256(), nullptr, rsaPrivateKey) != 1) {
+ EasySSLUtils::printlastOpenSSlError();
EVP_MD_CTX_free(mdctx);
return {};
}
@@ -73,6 +75,7 @@ QByteArray RSASSL::signMessage(const QByteArray &inputData, const QByteArray &ke
// Provide the message to be signed
if (EVP_DigestSignUpdate(mdctx, hash.data(), hash.size()) != 1) {
+ EasySSLUtils::printlastOpenSSlError();
EVP_MD_CTX_free(mdctx);
return {};
}
@@ -80,6 +83,7 @@ QByteArray RSASSL::signMessage(const QByteArray &inputData, const QByteArray &ke
size_t signatureLength = 0;
// Determine the length of the signature
if (EVP_DigestSignFinal(mdctx, nullptr, &signatureLength) != 1) {
+ EasySSLUtils::printlastOpenSSlError();
EVP_MD_CTX_free(mdctx);
return {};
}
@@ -88,6 +92,7 @@ QByteArray RSASSL::signMessage(const QByteArray &inputData, const QByteArray &ke
// Perform the final signing operation and obtain the signature
if (EVP_DigestSignFinal(mdctx, reinterpret_cast<unsigned char*>(signature.data()), &signatureLength) != 1) {
+ EasySSLUtils::printlastOpenSSlError();
EVP_MD_CTX_free(mdctx);
return {};
}
@@ -108,6 +113,7 @@ bool RSASSL::checkSign(const QByteArray &inputData, const QByteArray &signature,
// Initialize the verification operation
if (EVP_DigestVerifyInit(mdctx, NULL, EVP_sha256(), NULL, rsaPublickKey) != 1) {
+ EasySSLUtils::printlastOpenSSlError();
EVP_MD_CTX_free(mdctx);
return false;
}
@@ -117,6 +123,7 @@ bool RSASSL::checkSign(const QByteArray &inputData, const QByteArray &signature,
// Provide the message to be verified
if (EVP_DigestVerifyUpdate(mdctx, hash.data(), hash.size()) != 1) {
+ EasySSLUtils::printlastOpenSSlError();
EVP_MD_CTX_free(mdctx);
return false;
}
@@ -137,8 +144,9 @@ QByteArray RSASSL::decrypt(const QByteArray &message, const QByteArray &key) {
auto rsaPrivateKey = PEM_read_bio_PrivateKey(pkey, nullptr, nullptr, nullptr);
BIO_free(pkey);
- if (!rsaPrivateKey) {
+ if (!rsaPrivateKey) {
qCritical() << "Error reading private key";
+ EasySSLUtils::printlastOpenSSlError();
return {};
}
@@ -158,12 +166,15 @@ QByteArray RSASSL::decrypt(const QByteArray &message, const QByteArray &key) {
}
if (EVP_PKEY_decrypt_init(ctx) <= 0) {
+ EasySSLUtils::printlastOpenSSlError();
+
EVP_PKEY_CTX_free(ctx);
- EVP_PKEY_free(rsaPrivateKey);
+ EVP_PKEY_free(rsaPrivateKey);
return {};
}
if (EVP_PKEY_CTX_set_rsa_padding(ctx, getRawOpenSSLPandingValue(_padding)) <= 0) {
+ EasySSLUtils::printlastOpenSSlError();
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(rsaPrivateKey);
return {};
@@ -203,22 +214,26 @@ QByteArray RSASSL::encrypt(const QByteArray &message, const QByteArray &key) {
if (!rsaPublicKey) {
qCritical() << "Error reading public key";
+ EasySSLUtils::printlastOpenSSlError();
return {};
}
EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new(rsaPublicKey, nullptr);
if (ctx == nullptr) {
+ EasySSLUtils::printlastOpenSSlError();
EVP_PKEY_free(rsaPublicKey);
return {};
}
if (EVP_PKEY_encrypt_init(ctx) <= 0) {
+ EasySSLUtils::printlastOpenSSlError();
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(rsaPublicKey);
return {};
}
if (EVP_PKEY_CTX_set_rsa_padding(ctx, getRawOpenSSLPandingValue(_padding)) <= 0) {
+ EasySSLUtils::printlastOpenSSlError();
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(rsaPublicKey);
return {};