Typically, having explained myself in a mail, and publicly made an idiot of
myself, here's how I verified that I was doing it right:
$ openssl enc -base64 -in ../certificates/tpubkey.der
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JKYee6bWxE138t/3vOU
....snip....
2wIDAQAB
Taking the base64 code example from "man (3) BIO_f_base64" and embedding it
into my program to dump the key:
BIO *bio, *b64;
b64 = BIO_new(BIO_f_base64());
bio = BIO_new_fp(stdout, BIO_NOCLOSE);
bio = BIO_push(b64, bio);
BIO_write(bio, public_key_buffer, public_key_len);
BIO_flush(bio);
BIO_free_all(bio);
The results were the same:
$ ./my-openssl-test
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JKYee6bWxE138t/3vOU
....snip....
2wIDAQAB
I was able to find out too, that there is the command `openssl errstr`
which takes the hex digits listed in my error string:
$ openssl errstr 0D0680A8
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
So it appears my certificate is being incorrectly interpreted as ASN1.
Which is the last issue I needed to resolve before I could continue.
Given the error message, it turns out that this is related to the following
(from "man (3) *d2i_RSAPublicKey")*:
*
*
*d2i_RSAPublicKey()* and *i2d_RSAPublicKey() *
decode and encode a PKCS#1 RSAPublicKey structure.
*d2i_RSA_PUBKEY()* and *i2d_RSA_PUBKEY()*
decode and encode anRSA public key using a SubjectPublicKeyInfo
> (certificate public key) structure.
That appears, at least that I was incorrectly loading the key. I'm still
not sure how I might have checked with the openssl CLI tool whether I
should have used "*d2i_RSA_PUBKEY*" or "*d2i_RSAPublicKey*".
Interestingly, my program now prints:
$ ./my-openssl-test
AADg9e+2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA
$ echo $?
0
I assume that the bytes at the given location have been modified, or
removed somehow. When I don't call ``, the base64 output matches the
"openssl enc -base64" output.
- Lee Hambley
---------- Forwarded message ----------
From: Lee Hambley <[email protected]>
Date: 11 April 2013 08:32
Subject: Problem loading der encoded RSA public key inlined with objcopy.
To: [email protected]
Hi List,
I've been battling the following code for a couple of hours armed with
my *Network
Security With OpenSSL* book to little avail.
#include <openssl/rsa.h>
#include <openssl/x509.h>
#include <stdio.h>
extern unsigned char _binary____certificates_der_start;
extern unsigned char _binary____certificates_der_size;
int main(int argc, char argv[]) {
RSA *public_key = NULL;
int public_key_len = (int)&_binary____certificates_der_size;
const unsigned char *public_key_buffer =
&_binary____certificates_der_start;
public_key = d2i_RSAPublicKey(NULL, &public_key_buffer, public_key_len);
if ( !public_key) {
fprintf(stdout, "%s\n", ERR_error_string(ERR_get_error(), NULL));
return 1;
}
printf("Exiting Cleanly\n");
return 0;
}
I'm fairly sure that what I'm doing to inline the object file, and load it
using the extern'ed addresses.
However I'm seeing:
error:0D0680A8:lib(13):func(104):reason(168)
I'm heading in the direction of trying to generate a symmetrical key based
on some random attributes (although this code won't have many sources of
entropy in situ) in order to encrypt something ready to be sent up to a web
server.
The "dir.o" is being built with: "objcopy --input binary --output
elf32-littlearm --binary-architecture arm ../certificates/pubkey.der der.o",
which I believe is correct, although naturally the ".o" file is quite
large, the `&_binary____certificates_der_size` reports the correct size (*
294* in my case).
I've poked around Google and the list archives and couldn't come up with
anything; but I also couldn't come up with results from many people who had
been doing what I am doing (ie. reading from an inlined object blob).
- Lee Hambley
