[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Thu Jun 3 05:21:27 UTC 2021
The branch master has been updated
via 691c9cd16b11e7350eb6d591664334fd5c951050 (commit)
from 74613e8c97be6c310152f7cc6d8162f3ccc723a4 (commit)
- Log -----------------------------------------------------------------
commit 691c9cd16b11e7350eb6d591664334fd5c951050
Author: yuechen-chen <yuechen.chen at oracle.com>
Date: Sun May 23 23:33:55 2021 -0700
Add an EVP demo for signatures using EC
Fixes #14115
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15429)
-----------------------------------------------------------------------
Summary of changes:
demos/README.txt | 3 +
demos/signature/EVP_Signature_demo.c | 235 +++++++++++++++++++++++++++++++++++
demos/signature/EVP_Signature_demo.h | 76 +++++++++++
demos/{pkey => signature}/Makefile | 8 +-
4 files changed, 318 insertions(+), 4 deletions(-)
create mode 100644 demos/signature/EVP_Signature_demo.c
create mode 100644 demos/signature/EVP_Signature_demo.h
copy demos/{pkey => signature}/Makefile (56%)
diff --git a/demos/README.txt b/demos/README.txt
index 383d0e5b80..7472821c3b 100644
--- a/demos/README.txt
+++ b/demos/README.txt
@@ -26,3 +26,6 @@ smime:
pkcs12:
pkread.c Print out a description of a PKCS12 file.
pkwrite.c Add a password to an existing PKCS12 file.
+
+signature:
+EVP_Signature_demo.c Compute and verify a signature from multiple buffers
diff --git a/demos/signature/EVP_Signature_demo.c b/demos/signature/EVP_Signature_demo.c
new file mode 100644
index 0000000000..d7f26f164b
--- /dev/null
+++ b/demos/signature/EVP_Signature_demo.c
@@ -0,0 +1,235 @@
+/*-
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * An example that uses the EVP_MD*, EVP_DigestSign* and EVP_DigestVerify*
+ * methods to calculate and verify a signature of two static buffers.
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/decoder.h>
+#include "EVP_Signature_demo.h"
+
+/*
+ * This demonstration will calculate and verify a signature of data using
+ * the soliloquy from Hamlet scene 1 act 3
+ */
+
+static const char *hamlet_1 =
+ "To be, or not to be, that is the question,\n"
+ "Whether tis nobler in the minde to suffer\n"
+ "The slings and arrowes of outragious fortune,\n"
+ "Or to take Armes again in a sea of troubles,\n"
+;
+static const char *hamlet_2 =
+ "And by opposing, end them, to die to sleep;\n"
+ "No more, and by a sleep, to say we end\n"
+ "The heart-ache, and the thousand natural shocks\n"
+ "That flesh is heir to? tis a consumation\n"
+;
+
+/*
+ * For demo_sign, load EC private key priv_key from priv_key_der[].
+ * For demo_verify, load EC public key pub_key from pub_key_der[].
+ */
+static EVP_PKEY *get_key(OSSL_LIB_CTX *libctx, const char *propq, int public)
+{
+ OSSL_DECODER_CTX *dctx = NULL;
+ EVP_PKEY *pkey = NULL;
+ int selection;
+ const unsigned char *data;
+ size_t data_len;
+
+ if (public) {
+ selection = EVP_PKEY_PUBLIC_KEY;
+ data = pub_key_der;
+ data_len = sizeof(pub_key_der);
+ } else {
+ selection = EVP_PKEY_KEYPAIR;
+ data = priv_key_der;
+ data_len = sizeof(priv_key_der);
+ }
+ dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, "EC",
+ selection, libctx, propq);
+ (void)OSSL_DECODER_from_data(dctx, &data, &data_len);
+ OSSL_DECODER_CTX_free(dctx);
+ if (pkey == NULL)
+ fprintf(stderr, "Failed to load %s key.\n", public ? "public" : "private");
+ return pkey;
+}
+
+static int demo_sign(OSSL_LIB_CTX *libctx, const char *sig_name,
+ size_t *sig_out_len, unsigned char **sig_out_value)
+{
+ int result = 0, public = 0;
+ size_t sig_len;
+ unsigned char *sig_value = NULL;
+ const char *propq = NULL;
+ EVP_MD_CTX *sign_context = NULL;
+ EVP_PKEY *priv_key = NULL;
+
+ /* Get private key */
+ priv_key = get_key(libctx, propq, public);
+ if (priv_key == NULL) {
+ fprintf(stderr, "Get private key failed.\n");
+ goto cleanup;
+ }
+ /*
+ * Make a message signature context to hold temporary state
+ * during signature creation
+ */
+ sign_context = EVP_MD_CTX_new();
+ if (sign_context == NULL) {
+ fprintf(stderr, "EVP_MD_CTX_new failed.\n");
+ goto cleanup;
+ }
+ /*
+ * Initialize the sign context to use the fetched
+ * sign provider.
+ */
+ if (!EVP_DigestSignInit_ex(sign_context, NULL, sig_name,
+ libctx, NULL, priv_key, NULL)) {
+ fprintf(stderr, "EVP_DigestSignInit_ex failed.\n");
+ goto cleanup;
+ }
+ /*
+ * EVP_DigestSignUpdate() can be called several times on the same context
+ * to include additional data.
+ */
+ if (!EVP_DigestSignUpdate(sign_context, hamlet_1, strlen(hamlet_1))) {
+ fprintf(stderr, "EVP_DigestSignUpdate(hamlet_1) failed.\n");
+ goto cleanup;
+ }
+ if (!EVP_DigestSignUpdate(sign_context, hamlet_2, strlen(hamlet_2))) {
+ fprintf(stderr, "EVP_DigestSignUpdate(hamlet_2) failed.\n");
+ goto cleanup;
+ }
+ /* Call EVP_DigestSignFinal to get signature length sig_len */
+ if (!EVP_DigestSignFinal(sign_context, NULL, &sig_len)) {
+ fprintf(stderr, "EVP_DigestSignFinal failed.\n");
+ goto cleanup;
+ }
+ if (sig_len <= 0) {
+ fprintf(stderr, "EVP_DigestSignFinal returned invalid signature length.\n");
+ goto cleanup;
+ }
+ sig_value = OPENSSL_malloc(sig_len);
+ if (sig_value == NULL) {
+ fprintf(stderr, "No memory.\n");
+ goto cleanup;
+ }
+ if (!EVP_DigestSignFinal(sign_context, sig_value, &sig_len)) {
+ fprintf(stderr, "EVP_DigestSignFinal failed.\n");
+ goto cleanup;
+ }
+ *sig_out_len = sig_len;
+ *sig_out_value = sig_value;
+ fprintf(stdout, "Generating signature:\n");
+ BIO_dump_indent_fp(stdout, sig_value, sig_len, 2);
+ fprintf(stdout, "\n");
+ result = 1;
+
+cleanup:
+ /* OpenSSL free functions will ignore NULL arguments */
+ if (!result)
+ OPENSSL_free(sig_value);
+ EVP_PKEY_free(priv_key);
+ EVP_MD_CTX_free(sign_context);
+ return result;
+}
+
+static int demo_verify(OSSL_LIB_CTX *libctx, const char *sig_name,
+ size_t sig_len, unsigned char *sig_value)
+{
+ int result = 0, public = 1;
+ const char *propq = NULL;
+ EVP_MD_CTX *verify_context = NULL;
+ EVP_PKEY *pub_key = NULL;
+
+ /*
+ * Make a verify signature context to hold temporary state
+ * during signature verification
+ */
+ verify_context = EVP_MD_CTX_new();
+ if (verify_context == NULL) {
+ fprintf(stderr, "EVP_MD_CTX_new failed.\n");
+ goto cleanup;
+ }
+ /* Get public key */
+ pub_key = get_key(libctx, propq, public);
+ if (pub_key == NULL) {
+ fprintf(stderr, "Get public key failed.\n");
+ goto cleanup;
+ }
+ /* Verify */
+ if (!EVP_DigestVerifyInit_ex(verify_context, NULL, sig_name,
+ libctx, NULL, pub_key, NULL)) {
+ fprintf(stderr, "EVP_DigestVerifyInit failed.\n");
+ goto cleanup;
+ }
+ /*
+ * EVP_DigestVerifyUpdate() can be called several times on the same context
+ * to include additional data.
+ */
+ if (!EVP_DigestVerifyUpdate(verify_context, hamlet_1, strlen(hamlet_1))) {
+ fprintf(stderr, "EVP_DigestVerifyUpdate(hamlet_1) failed.\n");
+ goto cleanup;
+ }
+ if (!EVP_DigestVerifyUpdate(verify_context, hamlet_2, strlen(hamlet_2))) {
+ fprintf(stderr, "EVP_DigestVerifyUpdate(hamlet_2) failed.\n");
+ goto cleanup;
+ }
+ if (!EVP_DigestVerifyFinal(verify_context, sig_value, sig_len)) {
+ fprintf(stderr, "EVP_DigestVerifyFinal failed.\n");
+ goto cleanup;
+ }
+ fprintf(stdout, "Signature verified.\n");
+ result = 1;
+
+cleanup:
+ /* OpenSSL free functions will ignore NULL arguments */
+ EVP_PKEY_free(pub_key);
+ EVP_MD_CTX_free(verify_context);
+ return result;
+}
+
+int main(void)
+{
+ OSSL_LIB_CTX *libctx = NULL;
+ const char *sig_name = "SHA3-512";
+ size_t sig_len = 0;
+ unsigned char *sig_value = NULL;
+ int result = 0;
+
+ libctx = OSSL_LIB_CTX_new();
+ if (libctx == NULL) {
+ fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n");
+ goto cleanup;
+ }
+ if (!demo_sign(libctx, sig_name, &sig_len, &sig_value)) {
+ fprintf(stderr, "demo_sign failed.\n");
+ goto cleanup;
+ }
+ if (!demo_verify(libctx, sig_name, sig_len, sig_value)) {
+ fprintf(stderr, "demo_verify failed.\n");
+ goto cleanup;
+ }
+ result = 1;
+
+cleanup:
+ if (result != 1)
+ ERR_print_errors_fp(stderr);
+ /* OpenSSL free functions will ignore NULL arguments */
+ OSSL_LIB_CTX_free(libctx);
+ OPENSSL_free(sig_value);
+ return result == 0;
+}
diff --git a/demos/signature/EVP_Signature_demo.h b/demos/signature/EVP_Signature_demo.h
new file mode 100644
index 0000000000..aef3e60783
--- /dev/null
+++ b/demos/signature/EVP_Signature_demo.h
@@ -0,0 +1,76 @@
+/*-
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Signers private EC key */
+static const unsigned char priv_key_der[] = {
+0x30, 0x82, 0x01, 0x68, 0x02, 0x01, 0x01, 0x04, 0x20, 0x51, 0x77, 0xae,
+0xf4, 0x18, 0xf4, 0x6b, 0xc4, 0xe5, 0xbb, 0xe9, 0xe6, 0x9e, 0x6d, 0xb0,
+0xea, 0x12, 0xf9, 0xf3, 0xdb, 0x9d, 0x56, 0x59, 0xf7, 0x5a, 0x17, 0xd7,
+0xd1, 0xe4, 0xd7, 0x47, 0x28, 0xa0, 0x81, 0xfa, 0x30, 0x81, 0xf7, 0x02,
+0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01,
+0x01, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0x30, 0x5b, 0x04, 0x20, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc,
+0x04, 0x20, 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, 0xb3, 0xeb,
+0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc, 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53,
+0xb0, 0xf6, 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b, 0x03, 0x15,
+0x00, 0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93, 0x6a, 0x66, 0x78,
+0xe1, 0x13, 0x9d, 0x26, 0xb7, 0x81, 0x9f, 0x7e, 0x90, 0x04, 0x41, 0x04,
+0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5,
+0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0,
+0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, 0x4f, 0xe3, 0x42, 0xe2,
+0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16,
+0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68,
+0x37, 0xbf, 0x51, 0xf5, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00,
+0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbc,
+0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc,
+0x63, 0x25, 0x51, 0x02, 0x01, 0x01, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04,
+0x4f, 0xe7, 0x7b, 0xb6, 0xbb, 0x54, 0x42, 0x39, 0xed, 0x5d, 0xe5, 0x40,
+0xc8, 0xd8, 0x71, 0xca, 0x6d, 0x83, 0x71, 0xd1, 0x88, 0x2a, 0x65, 0x00,
+0x6c, 0xc6, 0x2f, 0x01, 0x31, 0x49, 0xbe, 0x76, 0x7a, 0x67, 0x6a, 0x28,
+0x33, 0xc7, 0x5b, 0xb9, 0x24, 0x45, 0x24, 0x6e, 0xf0, 0x6d, 0x2f, 0x34,
+0x06, 0x53, 0x73, 0x6a, 0xff, 0x90, 0x90, 0xc1, 0x6d, 0x9b, 0x94, 0x0d,
+0x0e, 0x1f, 0x95, 0x65,
+};
+
+/* The matching public key used for verifying */
+static const unsigned char pub_key_der[] = {
+0x30, 0x82, 0x01, 0x4b, 0x30, 0x82, 0x01, 0x03, 0x06, 0x07, 0x2a, 0x86,
+0x48, 0xce, 0x3d, 0x02, 0x01, 0x30, 0x81, 0xf7, 0x02, 0x01, 0x01, 0x30,
+0x2c, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21,
+0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x30, 0x5b, 0x04,
+0x20, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, 0x04, 0x20, 0x5a,
+0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, 0xb3, 0xeb, 0xbd, 0x55, 0x76,
+0x98, 0x86, 0xbc, 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6, 0x3b,
+0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b, 0x03, 0x15, 0x00, 0xc4, 0x9d,
+0x36, 0x08, 0x86, 0xe7, 0x04, 0x93, 0x6a, 0x66, 0x78, 0xe1, 0x13, 0x9d,
+0x26, 0xb7, 0x81, 0x9f, 0x7e, 0x90, 0x04, 0x41, 0x04, 0x6b, 0x17, 0xd1,
+0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40,
+0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39,
+0x45, 0xd8, 0x98, 0xc2, 0x96, 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f,
+0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33,
+0x57, 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51,
+0xf5, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbc, 0xe6, 0xfa, 0xad,
+0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51,
+0x02, 0x01, 0x01, 0x03, 0x42, 0x00, 0x04, 0x4f, 0xe7, 0x7b, 0xb6, 0xbb,
+0x54, 0x42, 0x39, 0xed, 0x5d, 0xe5, 0x40, 0xc8, 0xd8, 0x71, 0xca, 0x6d,
+0x83, 0x71, 0xd1, 0x88, 0x2a, 0x65, 0x00, 0x6c, 0xc6, 0x2f, 0x01, 0x31,
+0x49, 0xbe, 0x76, 0x7a, 0x67, 0x6a, 0x28, 0x33, 0xc7, 0x5b, 0xb9, 0x24,
+0x45, 0x24, 0x6e, 0xf0, 0x6d, 0x2f, 0x34, 0x06, 0x53, 0x73, 0x6a, 0xff,
+0x90, 0x90, 0xc1, 0x6d, 0x9b, 0x94, 0x0d, 0x0e, 0x1f, 0x95, 0x65,
+};
+
diff --git a/demos/pkey/Makefile b/demos/signature/Makefile
similarity index 56%
copy from demos/pkey/Makefile
copy to demos/signature/Makefile
index 35cdca229a..b4071c2edc 100644
--- a/demos/pkey/Makefile
+++ b/demos/signature/Makefile
@@ -1,20 +1,20 @@
#
# To run the demos when linked with a shared library (default):
#
-# LD_LIBRARY_PATH=../.. ./EVP_PKEY_EC_keygen
+# LD_LIBRARY_PATH=../.. ./EVP_Signature_demo
CFLAGS = -I../../include -g
LDFLAGS = -L../..
LDLIBS = -lcrypto
-all: EVP_PKEY_EC_keygen
+all: EVP_Signature_demo
%.o: %.c
$(CC) $(CFLAGS) -c $<
-EVP_PKEY_EC_keygen: EVP_PKEY_EC_keygen.o
+EVP_Signature_demo: EVP_Signature_demo.o
test: ;
clean:
- $(RM) *.o EVP_PKEY_EC_keygen
+ $(RM) *.o EVP_Signature_demo
More information about the openssl-commits
mailing list