Merge pull request #46 from jmichelp/fix-openssl

Better handling of OpenSSL generated keys.
2020-02-20 17:58:12 +01:00
parent dfc0663324 ed6f408063
commit 00222a4976
1 changed files with 21 additions and 6 deletions
--- a/build.rs
+++ b/build.rs
@@ -43,15 +43,30 @@ fn main() {
    pkey.check_key().unwrap();
    assert_eq!(pkey.group().curve_name(), Some(Nid::X9_62_PRIME256V1));
-    let mut priv_key = pkey.private_key().to_vec();
+    // Private keys generated by OpenSSL have variable size but we only handle
-    if priv_key.len() == 33 && priv_key[0] == 0 {
+    // constant size. Serialization is done in big endian so if the size is less
-        priv_key.remove(0);
+    // than 32 bytes, we need to prepend with null bytes.
-    }
+    // If the size is 33 bytes, this means the serialized BigInt is negative.
-    assert_eq!(priv_key.len(), 32);
+    // Any other size is invalid.
    let priv_key_hex = pkey.private_key().to_hex_str().unwrap();
    let priv_key_vec = pkey.private_key().to_vec();
    let key_len = priv_key_vec.len();
    assert!(
        key_len <= 33,
        "Invalid private key (too big): {} ({:#?})",
        priv_key_hex,
        priv_key_vec,
    );
    // Copy OpenSSL generated key to our vec, starting from the end
    let mut output_vec = [0u8; 32];
    let min_key_len = std::cmp::min(key_len, 32);
    output_vec[32 - min_key_len..].copy_from_slice(&priv_key_vec[key_len - min_key_len..]);
    // Create the raw private key out of the OpenSSL data
    let mut priv_key_bin_file = File::create(&priv_key_bin_path).unwrap();
-    priv_key_bin_file.write_all(&priv_key).unwrap();
+    priv_key_bin_file.write_all(&output_vec).unwrap();
    // Convert the PEM certificate to DER and extract the serial for AAGUID
    let input_pem_cert = include_bytes!("crypto_data/opensk_cert.pem");