From 998783eb9d9b4124c2cf884c2d2735ef9feba76c Mon Sep 17 00:00:00 2001
From: neilpang <github@byneil.com>
Date: Thu, 27 Oct 2016 00:06:03 +0800
Subject: [PATCH] Support ECC account key. fix
 https://github.com/Neilpang/acme.sh/issues/76

https://tools.ietf.org/html/rfc3278#section-8.2
http://bitcoin.stackexchange.com/questions/2376/ecdsa-r-s-encoding-as-a-signature
http://davidederosa.com/basic-blockchain-programming/elliptic-curve-digital-signatures/
---
 acme.sh | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/acme.sh b/acme.sh
index ce125793..23abbef7 100755
--- a/acme.sh
+++ b/acme.sh
@@ -419,13 +419,29 @@ _sign() {
     return 1
   fi
   
+  _sign_openssl="openssl   dgst -sign $keyfile "
   if [ "$alg" = "sha256" ] ; then
-    openssl   dgst   -sha256  -sign  "$keyfile" | _base64
+    _sign_openssl="$_sign_openssl -$alg"
   else
     _err "$alg is not supported yet"
     return 1
   fi
   
+  if grep "BEGIN RSA PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then
+    $_sign_openssl | _base64
+  elif grep "BEGIN EC PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then
+    _signedECText="$($_sign_openssl | openssl asn1parse -inform DER)"
+    _debug3 "_signedECText" "$_signedECText"
+    _ec_r="$(echo "$_signedECText" | _head_n 2 | _tail_n 1 | cut -d : -f 4 | tr -d "\r\n")"
+    _debug3 "_ec_r" "$_ec_r"
+    _ec_s="$(echo "$_signedECText" | _head_n 3 | _tail_n 1 | cut -d : -f 4 | tr -d "\r\n")"
+    _debug3 "_ec_s" "$_ec_s"
+    printf "%s" "$_ec_r$_ec_s" | _h2b | _base64
+  else
+    _err "Unknown key file format."
+    return 1
+  fi
+  
 }
 
 #keylength
@@ -695,9 +711,6 @@ createAccountKey() {
   fi
   
   length=$1
-  if _isEccKey "$length" ; then
-    length=2048
-  fi
   
   if [ -z "$length" ] || [ "$length" = "$NO_VALUE" ] ; then
     _debug "Use default length 2048"
@@ -852,7 +865,7 @@ _calcjwk() {
     _debug3 pubi "$pubi"
     
     pubj="$(openssl ec  -in $keyfile  -noout -text 2>/dev/null | grep -n "ASN1 OID:"  | cut -d : -f 1)"
-    pubj=$(_math $pubj + 1)
+    pubj=$(_math $pubj - 1)
     _debug3 pubj "$pubj"
     
     pubtext="$(openssl ec  -in $keyfile  -noout -text 2>/dev/null | sed  -n "$pubi,${pubj}p" | tr -d " \n\r")"
@@ -862,7 +875,7 @@ _calcjwk() {
     xlen=$(_math $xlen / 4)
     _debug3 xlen "$xlen"
 
-    xend=$(_math "$xend" + 1)
+    xend=$(_math "$xlen" + 1)
     x="$(printf $pubtext | cut -d : -f 2-$xend)"
     _debug3 x "$x"