diff --git a/src/account/account.rs b/src/account/account.rs index 7620367..2d43166 100644 --- a/src/account/account.rs +++ b/src/account/account.rs @@ -1,6 +1,7 @@ #![allow(unused)] use std::io::{Cursor, Write}; use std::ops::{Deref, DerefMut}; +use std::sync::{LazyLock, OnceLock}; // Don't import until required. // use argon2::{Algorithm, Argon2, PasswordHash, PasswordHasher, PasswordVerifier}; // use argon2::password_hash::rand_core::OsRng; @@ -13,9 +14,12 @@ use base64::prelude::BASE64_STANDARD; use binrw::{BinRead, binread}; use bytemuck::bytes_of; use chrono::{NaiveDate, NaiveDateTime, Utc}; -use openssl::bn::BigNum; +use openssl::bn::{BigNum, BigNumContext}; +use openssl::ec::{EcGroup, EcKey, EcKeyRef, EcPoint}; use openssl::ecdsa::EcdsaSig; use openssl::error::ErrorStack; +use openssl::nid::Nid; +use openssl::pkey::Public; use rand::Rng; use rocket::http::Status; use rocket::request::{FromRequest, Outcome}; @@ -395,11 +399,6 @@ struct OuterCertificate { data: [u8; 0x100], } -const PUB_PEM: &[u8] = br#"-----BEGIN PUBLIC KEY----- -MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAP1WBBgs8XUJIQDDCK5IOZEbb5+h1TqV -rwgzSUcrAAFxMWm1kf/TDL9z2nZkuo0N+VtNEQREZDXA7aQv ------END PUBLIC KEY-----"#; - #[derive(thiserror::Error, Debug)] enum CertError { #[error("unable to decode base64: {0}")] @@ -423,8 +422,6 @@ impl Certificate { let cert = OuterCertificate::read(&mut Cursor::new(&data)).map_err(CertError::OuterBinError)?; - let key = openssl::ec::EcKey::public_key_from_pem(PUB_PEM).expect("invalid pem file"); - let sig_components = read_p1363(&cert.signature) .expect("unable to read signature despite fixed size signature"); @@ -438,7 +435,7 @@ impl Certificate { let hash = hasher.finish(); if !sig - .verify(&hash[..], &key) + .verify(&hash[..], &PUB_KEY) .map_err(CertError::CryptoVerifError)? { return Err(CertError::ValidationError); @@ -471,14 +468,16 @@ fn read_p1363(data: &[u8]) -> Option<(BigNum, BigNum)> { )) } -#[cfg(test)] -mod test { - use crate::account::account::Certificate; +static PUB_KEY: LazyLock> = LazyLock::new(|| { + let point = [ + 4, 0, 253, 86, 4, 24, 44, 241, 117, 9, 33, 0, 195, 8, 174, 72, 57, 145, 27, 111, 159, 161, + 213, 58, 149, 175, 8, 51, 73, 71, 43, 0, 1, 113, 49, 105, 181, 145, 255, 211, 12, 191, 115, + 218, 118, 100, 186, 141, 13, 249, 91, 77, 17, 4, 68, 100, 53, 192, 237, 164, 47, + ]; + let curve = EcGroup::from_curve_name(Nid::SECT233R1).expect("unable to get curve"); + let mut bignum = BigNumContext::new().expect("unable to create big num context"); + let point = + EcPoint::from_bytes(&curve, &point[..], &mut bignum).expect("unable to create point"); - #[test] - fn test() { - const CERT: &str = "AAEABQAsTGvAP1XNwh6JO+z47AkwVvqPYHRDO9X11BdhYwCIEipUJne32JSWMAYsFe1LqWT+0AkSnaDCkMWK1QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABSb290LUNBMDAwMDAwMDMtTVMwMDAwMDAxMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAk5HNDQ0Y2FiZmMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1/THZAcTyFksveCuIl5fOM7Fb6ebi6mUqcVJlQQDqvsgMAW12aEaECJWV+Y6wXOL+E7yP5WJ/9VAd4jlgrvZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; - - Certificate::new(CERT).unwrap(); - } -} + EcKey::from_public_key(&curve, &point).expect("unable to construct key") +});