openssl3.2 - 官方demo学习 - signature - rsa_pss_direct.c

文章目录

    • [openssl3.2 - 官方demo学习 - signature - rsa_pss_direct.c](#openssl3.2 - 官方demo学习 - signature - rsa_pss_direct.c)
    • 概述
    • 笔记
    • END

openssl3.2 - 官方demo学习 - signature - rsa_pss_direct.c

概述

用RSA私钥签名

d2i_PrivateKey_ex()可以从内存载入私钥数据, 得到私钥EVP_PKEY*

从私钥产生ctx, 对ctx进行签名初始化, 设置ctx的padding填充模式

摘要算法选用SHA256, 对ctx设置摘要算法

尝试签名, 得到签名长度, 然后进行私钥签名, 得到私钥签名buffer.

用RSA公钥验签

d2i_PublicKey()可以从内存载入公钥数据, 得到公钥EVP_PKEY*

验签时使用的摘要算法要和签名时一样.

验签初始化, 对ctx进行验签初始化, 这是ctx的padding填充模式(要和签名时一样)

进行验签

笔记

c 复制代码
/*!
\file rsa_pss_direct.c
\note

openssl3.2 - 官方demo学习 - signature - rsa_pss_direct.c

用RSA私钥签名
d2i_PrivateKey_ex()可以从内存载入私钥数据, 得到私钥EVP_PKEY*
从私钥产生ctx, 对ctx进行签名初始化, 设置ctx的padding填充模式
摘要算法选用SHA256, 对ctx设置摘要算法
尝试签名, 得到签名长度, 然后进行私钥签名, 得到私钥签名buffer.


用RSA公钥验签
d2i_PublicKey()可以从内存载入公钥数据, 得到公钥EVP_PKEY*
验签时使用的摘要算法要和签名时一样.
验签初始化, 对ctx进行验签初始化, 这是ctx的padding填充模式(要和签名时一样)
进行验签

*/

/*
 * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <stdlib.h>
#include <openssl/core_names.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/params.h>
#include <openssl/err.h>
#include <openssl/bio.h>
#include "rsa_pss.h"

#include "my_openSSL_lib.h"

 /*
  * The digest to be signed. This should be the output of a hash function.
  * Here we sign an all-zeroes digest for demonstration purposes.
  */
static const unsigned char test_digest[32] = { 0 };

/* A property query used for selecting algorithm implementations. */
static const char* propq = NULL;

/*
 * This function demonstrates RSA signing of a SHA-256 digest using the PSS
 * padding scheme. You must already have hashed the data you want to sign.
 * For a higher-level demonstration which does the hashing for you, see
 * rsa_pss_hash.c.
 *
 * For more information, see RFC 8017 section 9.1. The digest passed in
 * (test_digest above) corresponds to the 'mHash' value.
 */
static int sign(OSSL_LIB_CTX* libctx, unsigned char** sig, size_t* sig_len)
{
	int ret = 0;
	EVP_PKEY* pkey = NULL;
	EVP_PKEY_CTX* ctx = NULL;
	EVP_MD* md = NULL;
	const unsigned char* ppriv_key = NULL;

	*sig = NULL;

	/* Load DER-encoded RSA private key. */
	ppriv_key = rsa_priv_key;
	pkey = d2i_PrivateKey_ex(EVP_PKEY_RSA, NULL, &ppriv_key,
		sizeof(rsa_priv_key), libctx, propq);
	if (pkey == NULL) {
		fprintf(stderr, "Failed to load private key\n");
		goto end;
	}

	/* Fetch hash algorithm we want to use. */
	md = EVP_MD_fetch(libctx, "SHA256", propq);
	if (md == NULL) {
		fprintf(stderr, "Failed to fetch hash algorithm\n");
		goto end;
	}

	/* Create signing context. */
	ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
	if (ctx == NULL) {
		fprintf(stderr, "Failed to create signing context\n");
		goto end;
	}

	/* Initialize context for signing and set options. */
	if (EVP_PKEY_sign_init(ctx) == 0) {
		fprintf(stderr, "Failed to initialize signing context\n");
		goto end;
	}

	if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING) == 0) {
		fprintf(stderr, "Failed to configure padding\n");
		goto end;
	}

	if (EVP_PKEY_CTX_set_signature_md(ctx, md) == 0) {
		fprintf(stderr, "Failed to configure digest type\n");
		goto end;
	}

	/* Determine length of signature. */
	if (EVP_PKEY_sign(ctx, NULL, sig_len,
		test_digest, sizeof(test_digest)) == 0) {
		fprintf(stderr, "Failed to get signature length\n");
		goto end;
	}

	/* Allocate memory for signature. */
	*sig = OPENSSL_malloc(*sig_len);
	if (*sig == NULL) {
		fprintf(stderr, "Failed to allocate memory for signature\n");
		goto end;
	}

	/* Generate signature. */
	if (EVP_PKEY_sign(ctx, *sig, sig_len,
		test_digest, sizeof(test_digest)) != 1) {
		fprintf(stderr, "Failed to sign\n");
		goto end;
	}

	ret = 1;
end:
	EVP_PKEY_CTX_free(ctx);
	EVP_PKEY_free(pkey);
	EVP_MD_free(md);

	if (ret == 0)
		OPENSSL_free(*sig);

	return ret;
}

/*
 * This function demonstrates verification of an RSA signature over a SHA-256
 * digest using the PSS signature scheme.
 */
static int verify(OSSL_LIB_CTX* libctx, const unsigned char* sig, size_t sig_len)
{
	int ret = 0;
	const unsigned char* ppub_key = NULL;
	EVP_PKEY* pkey = NULL;
	EVP_PKEY_CTX* ctx = NULL;
	EVP_MD* md = NULL;

	/* Load DER-encoded RSA public key. */
	ppub_key = rsa_pub_key;
	pkey = d2i_PublicKey(EVP_PKEY_RSA, NULL, &ppub_key, sizeof(rsa_pub_key));
	if (pkey == NULL) {
		fprintf(stderr, "Failed to load public key\n");
		goto end;
	}

	/* Fetch hash algorithm we want to use. */
	md = EVP_MD_fetch(libctx, "SHA256", propq);
	if (md == NULL) {
		fprintf(stderr, "Failed to fetch hash algorithm\n");
		goto end;
	}

	/* Create verification context. */
	ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
	if (ctx == NULL) {
		fprintf(stderr, "Failed to create verification context\n");
		goto end;
	}

	/* Initialize context for verification and set options. */
	if (EVP_PKEY_verify_init(ctx) == 0) {
		fprintf(stderr, "Failed to initialize verification context\n");
		goto end;
	}

	if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING) == 0) {
		fprintf(stderr, "Failed to configure padding\n");
		goto end;
	}

	if (EVP_PKEY_CTX_set_signature_md(ctx, md) == 0) {
		fprintf(stderr, "Failed to configure digest type\n");
		goto end;
	}

	/* Verify signature. */
	if (EVP_PKEY_verify(ctx, sig, sig_len,
		test_digest, sizeof(test_digest)) == 0) {
		fprintf(stderr, "Failed to verify signature; "
			"signature may be invalid\n");
		goto end;
	}

	ret = 1;
end:
	EVP_PKEY_CTX_free(ctx);
	EVP_PKEY_free(pkey);
	EVP_MD_free(md);
	return ret;
}

int main(int argc, char** argv)
{
	int ret = EXIT_FAILURE;
	OSSL_LIB_CTX* libctx = NULL;
	unsigned char* sig = NULL;
	size_t sig_len = 0;

	if (sign(libctx, &sig, &sig_len) == 0)
		goto end;

	if (verify(libctx, sig, sig_len) == 0)
		goto end;

	ret = EXIT_SUCCESS;
end:
	OPENSSL_free(sig);
	OSSL_LIB_CTX_free(libctx);
	return ret;
}

END

相关推荐
coder4_3 天前
OpenSSL 加密算法与证书管理全解析:从基础到私有 CA 实战
https·openssl·ssl/tls·加密算法·ca证书
王小义笔记10 天前
windows电脑如何执行openssl rand命令
windows·openssl
Humbunklung13 天前
VC++ 使用OpenSSL创建RSA密钥PEM文件
开发语言·c++·openssl
深耕AI1 个月前
Win64OpenSSL-3_5_2.exe【安装步骤】
openssl
看那山瞧那水1 个月前
DELPHI 利用OpenSSL实现加解密,证书(X.509)等功能
delphi·openssl
洋哥网络科技2 个月前
openssl升级
openssl
Lazy Dave2 个月前
gmssl私钥文件格式
网络安全·ssl·openssl
沉在嵌入式的鱼3 个月前
RK3588移植Openssl库
linux·rk3588·openssl
黑屋里的马3 个月前
ssl相关命令生成证书
服务器·网络·ssl·openssl·gmssl
fangeqin3 个月前
ubuntu源码安装python3.13遇到Could not build the ssl module!解决方法
linux·python·ubuntu·openssl