rsa_pss_direct.c 5.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204
  1. /*
  2. * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <stdlib.h>
  11. #include <openssl/core_names.h>
  12. #include <openssl/evp.h>
  13. #include <openssl/rsa.h>
  14. #include <openssl/params.h>
  15. #include <openssl/err.h>
  16. #include <openssl/bio.h>
  17. #include "rsa_pss.h"
  18. /*
  19. * The digest to be signed. This should be the output of a hash function.
  20. * Here we sign an all-zeroes digest for demonstration purposes.
  21. */
  22. static const unsigned char test_digest[32] = {0};
  23. /* A property query used for selecting algorithm implementations. */
  24. static const char *propq = NULL;
  25. /*
  26. * This function demonstrates RSA signing of a SHA-256 digest using the PSS
  27. * padding scheme. You must already have hashed the data you want to sign.
  28. * For a higher-level demonstration which does the hashing for you, see
  29. * rsa_pss_hash.c.
  30. *
  31. * For more information, see RFC 8017 section 9.1. The digest passed in
  32. * (test_digest above) corresponds to the 'mHash' value.
  33. */
  34. static int sign(OSSL_LIB_CTX *libctx, unsigned char **sig, size_t *sig_len)
  35. {
  36. int rv = 0;
  37. EVP_PKEY *pkey = NULL;
  38. EVP_PKEY_CTX *ctx = NULL;
  39. EVP_MD *md = NULL;
  40. const unsigned char *ppriv_key = NULL;
  41. *sig = NULL;
  42. /* Load DER-encoded RSA private key. */
  43. ppriv_key = rsa_priv_key;
  44. pkey = d2i_PrivateKey_ex(EVP_PKEY_RSA, NULL, &ppriv_key,
  45. sizeof(rsa_priv_key), libctx, propq);
  46. if (pkey == NULL) {
  47. fprintf(stderr, "Failed to load private key\n");
  48. goto end;
  49. }
  50. /* Fetch hash algorithm we want to use. */
  51. md = EVP_MD_fetch(libctx, "SHA256", propq);
  52. if (md == NULL) {
  53. fprintf(stderr, "Failed to fetch hash algorithm\n");
  54. goto end;
  55. }
  56. /* Create signing context. */
  57. ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
  58. if (ctx == NULL) {
  59. fprintf(stderr, "Failed to create signing context\n");
  60. goto end;
  61. }
  62. /* Initialize context for signing and set options. */
  63. if (EVP_PKEY_sign_init(ctx) == 0) {
  64. fprintf(stderr, "Failed to initialize signing context\n");
  65. goto end;
  66. }
  67. if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING) == 0) {
  68. fprintf(stderr, "Failed to configure padding\n");
  69. goto end;
  70. }
  71. if (EVP_PKEY_CTX_set_signature_md(ctx, md) == 0) {
  72. fprintf(stderr, "Failed to configure digest type\n");
  73. goto end;
  74. }
  75. /* Determine length of signature. */
  76. if (EVP_PKEY_sign(ctx, NULL, sig_len,
  77. test_digest, sizeof(test_digest)) == 0) {
  78. fprintf(stderr, "Failed to get signature length\n");
  79. goto end;
  80. }
  81. /* Allocate memory for signature. */
  82. *sig = OPENSSL_malloc(*sig_len);
  83. if (*sig == NULL) {
  84. fprintf(stderr, "Failed to allocate memory for signature\n");
  85. goto end;
  86. }
  87. /* Generate signature. */
  88. if (EVP_PKEY_sign(ctx, *sig, sig_len,
  89. test_digest, sizeof(test_digest)) != 1) {
  90. fprintf(stderr, "Failed to sign\n");
  91. goto end;
  92. }
  93. rv = 1;
  94. end:
  95. EVP_PKEY_CTX_free(ctx);
  96. EVP_PKEY_free(pkey);
  97. EVP_MD_free(md);
  98. if (rv == 0)
  99. OPENSSL_free(*sig);
  100. return rv;
  101. }
  102. /*
  103. * This function demonstrates verification of an RSA signature over a SHA-256
  104. * digest using the PSS signature scheme.
  105. */
  106. static int verify(OSSL_LIB_CTX *libctx, const unsigned char *sig, size_t sig_len)
  107. {
  108. int rv = 0;
  109. const unsigned char *ppub_key = NULL;
  110. EVP_PKEY *pkey = NULL;
  111. EVP_PKEY_CTX *ctx = NULL;
  112. EVP_MD *md = NULL;
  113. /* Load DER-encoded RSA public key. */
  114. ppub_key = rsa_pub_key;
  115. pkey = d2i_PublicKey(EVP_PKEY_RSA, NULL, &ppub_key, sizeof(rsa_pub_key));
  116. if (pkey == NULL) {
  117. fprintf(stderr, "Failed to load public key\n");
  118. goto end;
  119. }
  120. /* Fetch hash algorithm we want to use. */
  121. md = EVP_MD_fetch(libctx, "SHA256", propq);
  122. if (md == NULL) {
  123. fprintf(stderr, "Failed to fetch hash algorithm\n");
  124. goto end;
  125. }
  126. /* Create verification context. */
  127. ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
  128. if (ctx == NULL) {
  129. fprintf(stderr, "Failed to create verification context\n");
  130. goto end;
  131. }
  132. /* Initialize context for verification and set options. */
  133. if (EVP_PKEY_verify_init(ctx) == 0) {
  134. fprintf(stderr, "Failed to initialize verification context\n");
  135. goto end;
  136. }
  137. if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING) == 0) {
  138. fprintf(stderr, "Failed to configure padding\n");
  139. goto end;
  140. }
  141. if (EVP_PKEY_CTX_set_signature_md(ctx, md) == 0) {
  142. fprintf(stderr, "Failed to configure digest type\n");
  143. goto end;
  144. }
  145. /* Verify signature. */
  146. if (EVP_PKEY_verify(ctx, sig, sig_len,
  147. test_digest, sizeof(test_digest)) == 0) {
  148. fprintf(stderr, "Failed to verify signature; "
  149. "signature may be invalid\n");
  150. goto end;
  151. }
  152. rv = 1;
  153. end:
  154. EVP_PKEY_CTX_free(ctx);
  155. EVP_PKEY_free(pkey);
  156. EVP_MD_free(md);
  157. return rv;
  158. }
  159. int main(int argc, char **argv)
  160. {
  161. int rv = 1;
  162. OSSL_LIB_CTX *libctx = NULL;
  163. unsigned char *sig = NULL;
  164. size_t sig_len = 0;
  165. if (sign(libctx, &sig, &sig_len) == 0)
  166. goto end;
  167. if (verify(libctx, sig, sig_len) == 0)
  168. goto end;
  169. rv = 0;
  170. end:
  171. OPENSSL_free(sig);
  172. OSSL_LIB_CTX_free(libctx);
  173. return rv;
  174. }