2
0

rsa_pss_hash.c 5.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191
  1. /*
  2. * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <stdlib.h>
  11. #include <openssl/core_names.h>
  12. #include <openssl/evp.h>
  13. #include <openssl/rsa.h>
  14. #include <openssl/params.h>
  15. #include <openssl/err.h>
  16. #include <openssl/bio.h>
  17. #include "rsa_pss.h"
  18. /* The data to be signed. This will be hashed. */
  19. static const char test_message[] =
  20. "This is an example message to be signed.";
  21. /* A property query used for selecting algorithm implementations. */
  22. static const char *propq = NULL;
  23. /*
  24. * This function demonstrates RSA signing of an arbitrary-length message.
  25. * Hashing is performed automatically. In this example, SHA-256 is used. If you
  26. * have already hashed your message and simply want to sign the hash directly,
  27. * see rsa_pss_direct.c.
  28. */
  29. static int sign(OSSL_LIB_CTX *libctx, unsigned char **sig, size_t *sig_len)
  30. {
  31. int ret = 0;
  32. EVP_PKEY *pkey = NULL;
  33. EVP_MD_CTX *mctx = NULL;
  34. OSSL_PARAM params[2], *p = params;
  35. const unsigned char *ppriv_key = NULL;
  36. *sig = NULL;
  37. /* Load DER-encoded RSA private key. */
  38. ppriv_key = rsa_priv_key;
  39. pkey = d2i_PrivateKey_ex(EVP_PKEY_RSA, NULL, &ppriv_key,
  40. sizeof(rsa_priv_key), libctx, propq);
  41. if (pkey == NULL) {
  42. fprintf(stderr, "Failed to load private key\n");
  43. goto end;
  44. }
  45. /* Create MD context used for signing. */
  46. mctx = EVP_MD_CTX_new();
  47. if (mctx == NULL) {
  48. fprintf(stderr, "Failed to create MD context\n");
  49. goto end;
  50. }
  51. /* Initialize MD context for signing. */
  52. *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
  53. OSSL_PKEY_RSA_PAD_MODE_PSS, 0);
  54. *p = OSSL_PARAM_construct_end();
  55. if (EVP_DigestSignInit_ex(mctx, NULL, "SHA256", libctx, propq,
  56. pkey, params) == 0) {
  57. fprintf(stderr, "Failed to initialize signing context\n");
  58. goto end;
  59. }
  60. /*
  61. * Feed data to be signed into the algorithm. This may
  62. * be called multiple times.
  63. */
  64. if (EVP_DigestSignUpdate(mctx, test_message, sizeof(test_message)) == 0) {
  65. fprintf(stderr, "Failed to hash message into signing context\n");
  66. goto end;
  67. }
  68. /* Determine signature length. */
  69. if (EVP_DigestSignFinal(mctx, NULL, sig_len) == 0) {
  70. fprintf(stderr, "Failed to get signature length\n");
  71. goto end;
  72. }
  73. /* Allocate memory for signature. */
  74. *sig = OPENSSL_malloc(*sig_len);
  75. if (*sig == NULL) {
  76. fprintf(stderr, "Failed to allocate memory for signature\n");
  77. goto end;
  78. }
  79. /* Generate signature. */
  80. if (EVP_DigestSignFinal(mctx, *sig, sig_len) == 0) {
  81. fprintf(stderr, "Failed to sign\n");
  82. goto end;
  83. }
  84. ret = 1;
  85. end:
  86. EVP_MD_CTX_free(mctx);
  87. EVP_PKEY_free(pkey);
  88. if (ret == 0)
  89. OPENSSL_free(*sig);
  90. return ret;
  91. }
  92. /*
  93. * This function demonstrates verification of an RSA signature over an
  94. * arbitrary-length message using the PSS signature scheme. Hashing is performed
  95. * automatically.
  96. */
  97. static int verify(OSSL_LIB_CTX *libctx, const unsigned char *sig, size_t sig_len)
  98. {
  99. int ret = 0;
  100. EVP_PKEY *pkey = NULL;
  101. EVP_MD_CTX *mctx = NULL;
  102. OSSL_PARAM params[2], *p = params;
  103. const unsigned char *ppub_key = NULL;
  104. /* Load DER-encoded RSA public key. */
  105. ppub_key = rsa_pub_key;
  106. pkey = d2i_PublicKey(EVP_PKEY_RSA, NULL, &ppub_key, sizeof(rsa_pub_key));
  107. if (pkey == NULL) {
  108. fprintf(stderr, "Failed to load public key\n");
  109. goto end;
  110. }
  111. /* Create MD context used for verification. */
  112. mctx = EVP_MD_CTX_new();
  113. if (mctx == NULL) {
  114. fprintf(stderr, "Failed to create MD context\n");
  115. goto end;
  116. }
  117. /* Initialize MD context for verification. */
  118. *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
  119. OSSL_PKEY_RSA_PAD_MODE_PSS, 0);
  120. *p = OSSL_PARAM_construct_end();
  121. if (EVP_DigestVerifyInit_ex(mctx, NULL, "SHA256", libctx, propq,
  122. pkey, params) == 0) {
  123. fprintf(stderr, "Failed to initialize signing context\n");
  124. goto end;
  125. }
  126. /*
  127. * Feed data to be signed into the algorithm. This may
  128. * be called multiple times.
  129. */
  130. if (EVP_DigestVerifyUpdate(mctx, test_message, sizeof(test_message)) == 0) {
  131. fprintf(stderr, "Failed to hash message into signing context\n");
  132. goto end;
  133. }
  134. /* Verify signature. */
  135. if (EVP_DigestVerifyFinal(mctx, sig, sig_len) == 0) {
  136. fprintf(stderr, "Failed to verify signature; "
  137. "signature may be invalid\n");
  138. goto end;
  139. }
  140. ret = 1;
  141. end:
  142. EVP_MD_CTX_free(mctx);
  143. EVP_PKEY_free(pkey);
  144. return ret;
  145. }
  146. int main(int argc, char **argv)
  147. {
  148. int ret = EXIT_FAILURE;
  149. OSSL_LIB_CTX *libctx = NULL;
  150. unsigned char *sig = NULL;
  151. size_t sig_len = 0;
  152. if (sign(libctx, &sig, &sig_len) == 0)
  153. goto end;
  154. if (verify(libctx, sig, sig_len) == 0)
  155. goto end;
  156. printf("Success\n");
  157. ret = EXIT_SUCCESS;
  158. end:
  159. OPENSSL_free(sig);
  160. OSSL_LIB_CTX_free(libctx);
  161. return ret;
  162. }