Path: blob/main/crypto/openssl/demos/signature/rsa_pss_direct.c
110864 views
/*1* Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.2*3* Licensed under the Apache License 2.0 (the "License"). You may not use4* this file except in compliance with the License. You can obtain a copy5* in the file LICENSE in the source distribution or at6* https://www.openssl.org/source/license.html7*/89#include <stdio.h>10#include <stdlib.h>11#include <openssl/core_names.h>12#include <openssl/evp.h>13#include <openssl/rsa.h>14#include <openssl/params.h>15#include <openssl/err.h>16#include <openssl/bio.h>17#include "rsa_pss.h"1819/*20* The digest to be signed. This should be the output of a hash function.21* Here we sign an all-zeroes digest for demonstration purposes.22*/23static const unsigned char test_digest[32] = { 0 };2425/* A property query used for selecting algorithm implementations. */26static const char *propq = NULL;2728/*29* This function demonstrates RSA signing of a SHA-256 digest using the PSS30* padding scheme. You must already have hashed the data you want to sign.31* For a higher-level demonstration which does the hashing for you, see32* rsa_pss_hash.c.33*34* For more information, see RFC 8017 section 9.1. The digest passed in35* (test_digest above) corresponds to the 'mHash' value.36*/37static int sign(OSSL_LIB_CTX *libctx, unsigned char **sig, size_t *sig_len)38{39int ret = 0;40EVP_PKEY *pkey = NULL;41EVP_PKEY_CTX *ctx = NULL;42EVP_MD *md = NULL;43const unsigned char *ppriv_key = NULL;4445*sig = NULL;4647/* Load DER-encoded RSA private key. */48ppriv_key = rsa_priv_key;49pkey = d2i_PrivateKey_ex(EVP_PKEY_RSA, NULL, &ppriv_key,50sizeof(rsa_priv_key), libctx, propq);51if (pkey == NULL) {52fprintf(stderr, "Failed to load private key\n");53goto end;54}5556/* Fetch hash algorithm we want to use. */57md = EVP_MD_fetch(libctx, "SHA256", propq);58if (md == NULL) {59fprintf(stderr, "Failed to fetch hash algorithm\n");60goto end;61}6263/* Create signing context. */64ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);65if (ctx == NULL) {66fprintf(stderr, "Failed to create signing context\n");67goto end;68}6970/* Initialize context for signing and set options. */71if (EVP_PKEY_sign_init(ctx) == 0) {72fprintf(stderr, "Failed to initialize signing context\n");73goto end;74}7576if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING) == 0) {77fprintf(stderr, "Failed to configure padding\n");78goto end;79}8081if (EVP_PKEY_CTX_set_signature_md(ctx, md) == 0) {82fprintf(stderr, "Failed to configure digest type\n");83goto end;84}8586/* Determine length of signature. */87if (EVP_PKEY_sign(ctx, NULL, sig_len,88test_digest, sizeof(test_digest))89== 0) {90fprintf(stderr, "Failed to get signature length\n");91goto end;92}9394/* Allocate memory for signature. */95*sig = OPENSSL_malloc(*sig_len);96if (*sig == NULL) {97fprintf(stderr, "Failed to allocate memory for signature\n");98goto end;99}100101/* Generate signature. */102if (EVP_PKEY_sign(ctx, *sig, sig_len,103test_digest, sizeof(test_digest))104!= 1) {105fprintf(stderr, "Failed to sign\n");106goto end;107}108109ret = 1;110end:111EVP_PKEY_CTX_free(ctx);112EVP_PKEY_free(pkey);113EVP_MD_free(md);114115if (ret == 0)116OPENSSL_free(*sig);117118return ret;119}120121/*122* This function demonstrates verification of an RSA signature over a SHA-256123* digest using the PSS signature scheme.124*/125static int verify(OSSL_LIB_CTX *libctx, const unsigned char *sig, size_t sig_len)126{127int ret = 0;128const unsigned char *ppub_key = NULL;129EVP_PKEY *pkey = NULL;130EVP_PKEY_CTX *ctx = NULL;131EVP_MD *md = NULL;132133/* Load DER-encoded RSA public key. */134ppub_key = rsa_pub_key;135pkey = d2i_PublicKey(EVP_PKEY_RSA, NULL, &ppub_key, sizeof(rsa_pub_key));136if (pkey == NULL) {137fprintf(stderr, "Failed to load public key\n");138goto end;139}140141/* Fetch hash algorithm we want to use. */142md = EVP_MD_fetch(libctx, "SHA256", propq);143if (md == NULL) {144fprintf(stderr, "Failed to fetch hash algorithm\n");145goto end;146}147148/* Create verification context. */149ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);150if (ctx == NULL) {151fprintf(stderr, "Failed to create verification context\n");152goto end;153}154155/* Initialize context for verification and set options. */156if (EVP_PKEY_verify_init(ctx) == 0) {157fprintf(stderr, "Failed to initialize verification context\n");158goto end;159}160161if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING) == 0) {162fprintf(stderr, "Failed to configure padding\n");163goto end;164}165166if (EVP_PKEY_CTX_set_signature_md(ctx, md) == 0) {167fprintf(stderr, "Failed to configure digest type\n");168goto end;169}170171/* Verify signature. */172if (EVP_PKEY_verify(ctx, sig, sig_len,173test_digest, sizeof(test_digest))174== 0) {175fprintf(stderr, "Failed to verify signature; "176"signature may be invalid\n");177goto end;178}179180ret = 1;181end:182EVP_PKEY_CTX_free(ctx);183EVP_PKEY_free(pkey);184EVP_MD_free(md);185return ret;186}187188int main(int argc, char **argv)189{190int ret = EXIT_FAILURE;191OSSL_LIB_CTX *libctx = NULL;192unsigned char *sig = NULL;193size_t sig_len = 0;194195if (sign(libctx, &sig, &sig_len) == 0)196goto end;197198if (verify(libctx, sig, sig_len) == 0)199goto end;200201printf("Success\n");202203ret = EXIT_SUCCESS;204end:205OPENSSL_free(sig);206OSSL_LIB_CTX_free(libctx);207return ret;208}209210211