mirror of
https://github.com/openssl/openssl.git
synced 2024-12-21 06:09:35 +08:00
e9492d1cec
Two demos are provided: one using RSA-PSS directly in which a digest must be provided, and one using RSA-PSS with the EVP_DigestSign APIs which performs the hashing for you. Fixes #14113. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17800)
190 lines
5.3 KiB
C
190 lines
5.3 KiB
C
/*
|
|
* Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <openssl/core_names.h>
|
|
#include <openssl/evp.h>
|
|
#include <openssl/rsa.h>
|
|
#include <openssl/params.h>
|
|
#include <openssl/err.h>
|
|
#include <openssl/bio.h>
|
|
#include "rsa_pss.h"
|
|
|
|
/* The data to be signed. This will be hashed. */
|
|
static const char test_message[] =
|
|
"This is an example message to be signed.";
|
|
|
|
/* A property query used for selecting algorithm implementations. */
|
|
static const char *propq = NULL;
|
|
|
|
/*
|
|
* This function demonstrates RSA signing of an arbitrary-length message.
|
|
* Hashing is performed automatically. In this example, SHA-256 is used. If you
|
|
* have already hashed your message and simply want to sign the hash directly,
|
|
* see rsa_pss_direct.c.
|
|
*/
|
|
static int sign(OSSL_LIB_CTX *libctx, unsigned char **sig, size_t *sig_len)
|
|
{
|
|
int rv = 0;
|
|
EVP_PKEY *pkey = NULL;
|
|
EVP_MD_CTX *mctx = NULL;
|
|
OSSL_PARAM params[2], *p = params;
|
|
const unsigned char *ppriv_key = NULL;
|
|
|
|
*sig = NULL;
|
|
|
|
/* Load DER-encoded RSA private key. */
|
|
ppriv_key = rsa_priv_key;
|
|
pkey = d2i_PrivateKey_ex(EVP_PKEY_RSA, NULL, &ppriv_key,
|
|
sizeof(rsa_priv_key), libctx, propq);
|
|
if (pkey == NULL) {
|
|
fprintf(stderr, "Failed to load private key\n");
|
|
goto end;
|
|
}
|
|
|
|
/* Create MD context used for signing. */
|
|
mctx = EVP_MD_CTX_new();
|
|
if (mctx == NULL) {
|
|
fprintf(stderr, "Failed to create MD context\n");
|
|
goto end;
|
|
}
|
|
|
|
/* Initialize MD context for signing. */
|
|
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
|
|
OSSL_PKEY_RSA_PAD_MODE_PSS, 0);
|
|
*p = OSSL_PARAM_construct_end();
|
|
|
|
if (EVP_DigestSignInit_ex(mctx, NULL, "SHA256", libctx, propq,
|
|
pkey, params) == 0) {
|
|
fprintf(stderr, "Failed to initialize signing context\n");
|
|
goto end;
|
|
}
|
|
|
|
/*
|
|
* Feed data to be signed into the algorithm. This may
|
|
* be called multiple times.
|
|
*/
|
|
if (EVP_DigestSignUpdate(mctx, test_message, sizeof(test_message)) == 0) {
|
|
fprintf(stderr, "Failed to hash message into signing context\n");
|
|
goto end;
|
|
}
|
|
|
|
/* Determine signature length. */
|
|
if (EVP_DigestSignFinal(mctx, NULL, sig_len) == 0) {
|
|
fprintf(stderr, "Failed to get signature length\n");
|
|
goto end;
|
|
}
|
|
|
|
/* Allocate memory for signature. */
|
|
*sig = OPENSSL_malloc(*sig_len);
|
|
if (*sig == NULL) {
|
|
fprintf(stderr, "Failed to allocate memory for signature\n");
|
|
goto end;
|
|
}
|
|
|
|
/* Generate signature. */
|
|
if (EVP_DigestSignFinal(mctx, *sig, sig_len) == 0) {
|
|
fprintf(stderr, "Failed to sign\n");
|
|
goto end;
|
|
}
|
|
|
|
rv = 1;
|
|
end:
|
|
EVP_MD_CTX_free(mctx);
|
|
EVP_PKEY_free(pkey);
|
|
|
|
if (rv == 0)
|
|
OPENSSL_free(*sig);
|
|
|
|
return rv;
|
|
}
|
|
|
|
/*
|
|
* This function demonstrates verification of an RSA signature over an
|
|
* arbitrary-length message using the PSS signature scheme. Hashing is performed
|
|
* automatically.
|
|
*/
|
|
static int verify(OSSL_LIB_CTX *libctx, const unsigned char *sig, size_t sig_len)
|
|
{
|
|
int rv = 0;
|
|
EVP_PKEY *pkey = NULL;
|
|
EVP_MD_CTX *mctx = NULL;
|
|
OSSL_PARAM params[2], *p = params;
|
|
const unsigned char *ppub_key = NULL;
|
|
|
|
/* Load DER-encoded RSA public key. */
|
|
ppub_key = rsa_pub_key;
|
|
pkey = d2i_PublicKey(EVP_PKEY_RSA, NULL, &ppub_key, sizeof(rsa_pub_key));
|
|
if (pkey == NULL) {
|
|
fprintf(stderr, "Failed to load public key\n");
|
|
goto end;
|
|
}
|
|
|
|
/* Create MD context used for verification. */
|
|
mctx = EVP_MD_CTX_new();
|
|
if (mctx == NULL) {
|
|
fprintf(stderr, "Failed to create MD context\n");
|
|
goto end;
|
|
}
|
|
|
|
/* Initialize MD context for verification. */
|
|
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
|
|
OSSL_PKEY_RSA_PAD_MODE_PSS, 0);
|
|
*p = OSSL_PARAM_construct_end();
|
|
|
|
if (EVP_DigestVerifyInit_ex(mctx, NULL, "SHA256", libctx, propq,
|
|
pkey, params) == 0) {
|
|
fprintf(stderr, "Failed to initialize signing context\n");
|
|
goto end;
|
|
}
|
|
|
|
/*
|
|
* Feed data to be signed into the algorithm. This may
|
|
* be called multiple times.
|
|
*/
|
|
if (EVP_DigestVerifyUpdate(mctx, test_message, sizeof(test_message)) == 0) {
|
|
fprintf(stderr, "Failed to hash message into signing context\n");
|
|
goto end;
|
|
}
|
|
|
|
/* Verify signature. */
|
|
if (EVP_DigestVerifyFinal(mctx, sig, sig_len) == 0) {
|
|
fprintf(stderr, "Failed to verify signature; "
|
|
"signature may be invalid\n");
|
|
goto end;
|
|
}
|
|
|
|
rv = 1;
|
|
end:
|
|
EVP_MD_CTX_free(mctx);
|
|
EVP_PKEY_free(pkey);
|
|
return rv;
|
|
}
|
|
|
|
int main(int argc, char **argv)
|
|
{
|
|
int rv = 1;
|
|
OSSL_LIB_CTX *libctx = NULL;
|
|
unsigned char *sig = NULL;
|
|
size_t sig_len = 0;
|
|
|
|
if (sign(libctx, &sig, &sig_len) == 0)
|
|
goto end;
|
|
|
|
if (verify(libctx, sig, sig_len) == 0)
|
|
goto end;
|
|
|
|
rv = 0;
|
|
end:
|
|
OPENSSL_free(sig);
|
|
OSSL_LIB_CTX_free(libctx);
|
|
return rv;
|
|
}
|