mirror of
https://github.com/openssl/openssl.git
synced 2024-12-21 06:09:35 +08:00
e2e5e72d5a
Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17029)
236 lines
7.3 KiB
C
236 lines
7.3 KiB
C
/*-
|
|
* Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
/*
|
|
* An example that uses the EVP_MD*, EVP_DigestSign* and EVP_DigestVerify*
|
|
* methods to calculate and verify a signature of two static buffers.
|
|
*/
|
|
|
|
#include <string.h>
|
|
#include <stdio.h>
|
|
#include <openssl/err.h>
|
|
#include <openssl/evp.h>
|
|
#include <openssl/decoder.h>
|
|
#include "EVP_Signature_demo.h"
|
|
|
|
/*
|
|
* This demonstration will calculate and verify a signature of data using
|
|
* the soliloquy from Hamlet scene 1 act 3
|
|
*/
|
|
|
|
static const char *hamlet_1 =
|
|
"To be, or not to be, that is the question,\n"
|
|
"Whether tis nobler in the minde to suffer\n"
|
|
"The slings and arrowes of outragious fortune,\n"
|
|
"Or to take Armes again in a sea of troubles,\n"
|
|
;
|
|
static const char *hamlet_2 =
|
|
"And by opposing, end them, to die to sleep;\n"
|
|
"No more, and by a sleep, to say we end\n"
|
|
"The heart-ache, and the thousand natural shocks\n"
|
|
"That flesh is heir to? tis a consumation\n"
|
|
;
|
|
|
|
/*
|
|
* For demo_sign, load EC private key priv_key from priv_key_der[].
|
|
* For demo_verify, load EC public key pub_key from pub_key_der[].
|
|
*/
|
|
static EVP_PKEY *get_key(OSSL_LIB_CTX *libctx, const char *propq, int public)
|
|
{
|
|
OSSL_DECODER_CTX *dctx = NULL;
|
|
EVP_PKEY *pkey = NULL;
|
|
int selection;
|
|
const unsigned char *data;
|
|
size_t data_len;
|
|
|
|
if (public) {
|
|
selection = EVP_PKEY_PUBLIC_KEY;
|
|
data = pub_key_der;
|
|
data_len = sizeof(pub_key_der);
|
|
} else {
|
|
selection = EVP_PKEY_KEYPAIR;
|
|
data = priv_key_der;
|
|
data_len = sizeof(priv_key_der);
|
|
}
|
|
dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, "EC",
|
|
selection, libctx, propq);
|
|
(void)OSSL_DECODER_from_data(dctx, &data, &data_len);
|
|
OSSL_DECODER_CTX_free(dctx);
|
|
if (pkey == NULL)
|
|
fprintf(stderr, "Failed to load %s key.\n", public ? "public" : "private");
|
|
return pkey;
|
|
}
|
|
|
|
static int demo_sign(OSSL_LIB_CTX *libctx, const char *sig_name,
|
|
size_t *sig_out_len, unsigned char **sig_out_value)
|
|
{
|
|
int result = 0, public = 0;
|
|
size_t sig_len;
|
|
unsigned char *sig_value = NULL;
|
|
const char *propq = NULL;
|
|
EVP_MD_CTX *sign_context = NULL;
|
|
EVP_PKEY *priv_key = NULL;
|
|
|
|
/* Get private key */
|
|
priv_key = get_key(libctx, propq, public);
|
|
if (priv_key == NULL) {
|
|
fprintf(stderr, "Get private key failed.\n");
|
|
goto cleanup;
|
|
}
|
|
/*
|
|
* Make a message signature context to hold temporary state
|
|
* during signature creation
|
|
*/
|
|
sign_context = EVP_MD_CTX_new();
|
|
if (sign_context == NULL) {
|
|
fprintf(stderr, "EVP_MD_CTX_new failed.\n");
|
|
goto cleanup;
|
|
}
|
|
/*
|
|
* Initialize the sign context to use the fetched
|
|
* sign provider.
|
|
*/
|
|
if (!EVP_DigestSignInit_ex(sign_context, NULL, sig_name,
|
|
libctx, NULL, priv_key, NULL)) {
|
|
fprintf(stderr, "EVP_DigestSignInit_ex failed.\n");
|
|
goto cleanup;
|
|
}
|
|
/*
|
|
* EVP_DigestSignUpdate() can be called several times on the same context
|
|
* to include additional data.
|
|
*/
|
|
if (!EVP_DigestSignUpdate(sign_context, hamlet_1, strlen(hamlet_1))) {
|
|
fprintf(stderr, "EVP_DigestSignUpdate(hamlet_1) failed.\n");
|
|
goto cleanup;
|
|
}
|
|
if (!EVP_DigestSignUpdate(sign_context, hamlet_2, strlen(hamlet_2))) {
|
|
fprintf(stderr, "EVP_DigestSignUpdate(hamlet_2) failed.\n");
|
|
goto cleanup;
|
|
}
|
|
/* Call EVP_DigestSignFinal to get signature length sig_len */
|
|
if (!EVP_DigestSignFinal(sign_context, NULL, &sig_len)) {
|
|
fprintf(stderr, "EVP_DigestSignFinal failed.\n");
|
|
goto cleanup;
|
|
}
|
|
if (sig_len <= 0) {
|
|
fprintf(stderr, "EVP_DigestSignFinal returned invalid signature length.\n");
|
|
goto cleanup;
|
|
}
|
|
sig_value = OPENSSL_malloc(sig_len);
|
|
if (sig_value == NULL) {
|
|
fprintf(stderr, "No memory.\n");
|
|
goto cleanup;
|
|
}
|
|
if (!EVP_DigestSignFinal(sign_context, sig_value, &sig_len)) {
|
|
fprintf(stderr, "EVP_DigestSignFinal failed.\n");
|
|
goto cleanup;
|
|
}
|
|
*sig_out_len = sig_len;
|
|
*sig_out_value = sig_value;
|
|
fprintf(stdout, "Generating signature:\n");
|
|
BIO_dump_indent_fp(stdout, sig_value, sig_len, 2);
|
|
fprintf(stdout, "\n");
|
|
result = 1;
|
|
|
|
cleanup:
|
|
/* OpenSSL free functions will ignore NULL arguments */
|
|
if (!result)
|
|
OPENSSL_free(sig_value);
|
|
EVP_PKEY_free(priv_key);
|
|
EVP_MD_CTX_free(sign_context);
|
|
return result;
|
|
}
|
|
|
|
static int demo_verify(OSSL_LIB_CTX *libctx, const char *sig_name,
|
|
size_t sig_len, unsigned char *sig_value)
|
|
{
|
|
int result = 0, public = 1;
|
|
const char *propq = NULL;
|
|
EVP_MD_CTX *verify_context = NULL;
|
|
EVP_PKEY *pub_key = NULL;
|
|
|
|
/*
|
|
* Make a verify signature context to hold temporary state
|
|
* during signature verification
|
|
*/
|
|
verify_context = EVP_MD_CTX_new();
|
|
if (verify_context == NULL) {
|
|
fprintf(stderr, "EVP_MD_CTX_new failed.\n");
|
|
goto cleanup;
|
|
}
|
|
/* Get public key */
|
|
pub_key = get_key(libctx, propq, public);
|
|
if (pub_key == NULL) {
|
|
fprintf(stderr, "Get public key failed.\n");
|
|
goto cleanup;
|
|
}
|
|
/* Verify */
|
|
if (!EVP_DigestVerifyInit_ex(verify_context, NULL, sig_name,
|
|
libctx, NULL, pub_key, NULL)) {
|
|
fprintf(stderr, "EVP_DigestVerifyInit failed.\n");
|
|
goto cleanup;
|
|
}
|
|
/*
|
|
* EVP_DigestVerifyUpdate() can be called several times on the same context
|
|
* to include additional data.
|
|
*/
|
|
if (!EVP_DigestVerifyUpdate(verify_context, hamlet_1, strlen(hamlet_1))) {
|
|
fprintf(stderr, "EVP_DigestVerifyUpdate(hamlet_1) failed.\n");
|
|
goto cleanup;
|
|
}
|
|
if (!EVP_DigestVerifyUpdate(verify_context, hamlet_2, strlen(hamlet_2))) {
|
|
fprintf(stderr, "EVP_DigestVerifyUpdate(hamlet_2) failed.\n");
|
|
goto cleanup;
|
|
}
|
|
if (EVP_DigestVerifyFinal(verify_context, sig_value, sig_len) <= 0) {
|
|
fprintf(stderr, "EVP_DigestVerifyFinal failed.\n");
|
|
goto cleanup;
|
|
}
|
|
fprintf(stdout, "Signature verified.\n");
|
|
result = 1;
|
|
|
|
cleanup:
|
|
/* OpenSSL free functions will ignore NULL arguments */
|
|
EVP_PKEY_free(pub_key);
|
|
EVP_MD_CTX_free(verify_context);
|
|
return result;
|
|
}
|
|
|
|
int main(void)
|
|
{
|
|
OSSL_LIB_CTX *libctx = NULL;
|
|
const char *sig_name = "SHA3-512";
|
|
size_t sig_len = 0;
|
|
unsigned char *sig_value = NULL;
|
|
int result = 0;
|
|
|
|
libctx = OSSL_LIB_CTX_new();
|
|
if (libctx == NULL) {
|
|
fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n");
|
|
goto cleanup;
|
|
}
|
|
if (!demo_sign(libctx, sig_name, &sig_len, &sig_value)) {
|
|
fprintf(stderr, "demo_sign failed.\n");
|
|
goto cleanup;
|
|
}
|
|
if (!demo_verify(libctx, sig_name, sig_len, sig_value)) {
|
|
fprintf(stderr, "demo_verify failed.\n");
|
|
goto cleanup;
|
|
}
|
|
result = 1;
|
|
|
|
cleanup:
|
|
if (result != 1)
|
|
ERR_print_errors_fp(stderr);
|
|
/* OpenSSL free functions will ignore NULL arguments */
|
|
OSSL_LIB_CTX_free(libctx);
|
|
OPENSSL_free(sig_value);
|
|
return result == 0;
|
|
}
|