|
OpenSSL VPN Serveurs de messagerie |
OpenSSL/X509CheckPrivateKeyTest de la clef privée #include <stdio.h> #include <string.h> #include <openssl/bio.h> #include <openssl/asn1.h> #include <openssl/err.h> #include <openssl/bn.h> #include <openssl/evp.h> #include <openssl/x509.h> #include <openssl/x509v3.h> #include <openssl/objects.h> #include <openssl/pem.h> #include <openssl/rsa.h> BIO *bio_out; int main(int argc, char* argv[]) { BIO *bio_crt=NULL,*bio_key=NULL; char crtfile[]="D:\\dev\\openssl\\verify\\crt.pem"; char pvkfile[]="D:\\dev\\openssl\\verify\\crt_pvk.pem"; X509 *x=NULL; EVP_PKEY *pkey=NULL; int i=0; OpenSSL_add_all_digests(); OpenSSL_add_all_algorithms(); // !! IMPORTANT ERR_load_crypto_strings(); bio_out=BIO_new_fp(stdout,BIO_NOCLOSE); if ((bio_crt=BIO_new(BIO_s_file())) == NULL){ ERR_print_errors(bio_out); goto end; } if(BIO_read_filename(bio_crt,crtfile)<=0){ BIO_printf(bio_out,"%s@%i unable to load certificate\n",__FILE__,__LINE__); goto end; } x=PEM_read_bio_X509(bio_crt,NULL,0,NULL); if (x == NULL){ BIO_printf(bio_out,"%s@%i unable to open certificate\n",__FILE__,__LINE__); goto end; } //X509_print(bio_out,x); bio_key=BIO_new(BIO_s_file()); if (BIO_read_filename(bio_key,pvkfile) <= 0){ BIO_printf(bio_out,"%s@%i unable to load private key\n",__FILE__,__LINE__); goto end; } pkey=PEM_read_bio_PrivateKey(bio_key,NULL,0,"test"); if(pkey==NULL){ BIO_printf(bio_out,"%s@%i unable to open private key\n",__FILE__,__LINE__); ERR_print_errors(bio_out); goto end; } //int nid=OBJ_obj2nid(x->sig_alg->algorithm); //BIO_printf(bio_out,"algo:%s\n",OBJ_nid2ln(nid)); i=X509_check_private_key(x,pkey); BIO_printf(bio_out,"%s@%i i==%i\n",__FILE__,__LINE__,i); if (i < 0){ BIO_printf(bio_out,"Signature verification problems....\n"); } if (i == 0){ BIO_printf(bio_out,"Signature did not match the certificate\n"); ERR_print_errors(bio_out); } end: BIO_free_all(bio_out); BIO_free(bio_crt); BIO_free_all(bio_key); if (pkey != NULL) EVP_PKEY_free(pkey); return 0; } Test de la clef publique stockée dans un fichier #include <stdio.h> #include <string.h> #include <openssl/bio.h> #include <openssl/asn1.h> #include <openssl/err.h> #include <openssl/bn.h> #include <openssl/evp.h> #include <openssl/x509.h> #include <openssl/x509v3.h> #include <openssl/objects.h> #include <openssl/pem.h> #include <openssl/rsa.h> BIO *bio_out; int main(int argc, char* argv[]) { BIO *bio_crt=NULL,*bio_key=NULL; char crtfile[]="D:\\dev\\openssl\\verify\\Debug\\crt.pem"; char pubfile[]="D:\\dev\\openssl\\verify\\Debug\\crt_pub.pem"; X509 *x=NULL; EVP_PKEY *pkey=NULL; int i=0; OpenSSL_add_all_digests(); OpenSSL_add_all_algorithms(); // !! IMPORTANT ERR_load_crypto_strings(); bio_out=BIO_new_fp(stdout,BIO_NOCLOSE); if ((bio_crt=BIO_new(BIO_s_file())) == NULL){ ERR_print_errors(bio_out); goto end; } if(BIO_read_filename(bio_crt,crtfile)<=0){ BIO_printf(bio_out,"%s@%i unable to load certificate\n",__FILE__,__LINE__); goto end; } x=PEM_read_bio_X509(bio_crt,NULL,0,NULL); if (x == NULL){ BIO_printf(bio_out,"%s@%i unable to open certificate\n",__FILE__,__LINE__); goto end; } bio_key=BIO_new(BIO_s_file()); if (BIO_read_filename(bio_key,pubfile) <= 0){ BIO_printf(bio_out,"%s@%i unable to load public key\n",__FILE__,__LINE__); goto end; } pkey = PEM_read_bio_PUBKEY(bio_key, NULL, NULL, NULL); if(pkey==NULL){ BIO_printf(bio_out,"%s@%i unable to open public key\n",__FILE__,__LINE__); ERR_print_errors(bio_out); goto end; } i=X509_check_private_key(x,pkey); BIO_printf(bio_out,"%s@%i i==%i\n",__FILE__,__LINE__,i); if (i < 0){ BIO_printf(bio_out,"Signature verification problems....\n"); } if (i == 0){ BIO_printf(bio_out,"Signature did not match the certificate\n"); ERR_print_errors(bio_out); } end: BIO_free_all(bio_out); BIO_free(bio_crt); BIO_free_all(bio_key); if (pkey != NULL) EVP_PKEY_free(pkey); return 0; } |