[openssl-dev] Padding for RSA signatures
Gelareh Taban
gadphly at gmail.com
Tue Dec 19 21:13:47 UTC 2017
Hi,
I am playing around with RSA signatures with different padding and have
some questions.
I have my sample code below for reference. It's in Swift (but it should
still be close enough to C to be readable). Also in Swift, some of the
complex macros in OpenSSL have to be broken down to be compilable hence my
usage of EVP_DigestUpdate instead of EVP_DigestVerifyUpdate .
I am trying to define different padding options and so am defining and
using a EVP_PKEY_CTX . However I am not sure if this padding is getting
used in the signature since my Verify outputs OK regardless of which
option my Sign uses. Which leads to:
1 - Do I need to use the same EVP_PKEY_CTX with the same options when doing
verify? Right now even when I don't use any EVP_PKEY_CTX in Verify, I still
verify OK.
2 - Do I need to set the hash function I am using in both EVP_PKEY_CTX as
well as EVP_MD_CTX ? Or the latter is what defines this?
3 - In general, is there a way of making the Signature/Encryptions in
OpenSSL be deterministic for debugging/testing purposes?
Thanks in advance for any insight in the above.
Gelareh
let md_ctx = EVP_MD_CTX_create()
let md_ctx_verify = EVP_MD_CTX_create()
// OPTIONS
// To define padding option used in signature
let pkey_ctx = EVP_PKEY_CTX_new(rsaKeypair, nil)
// EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PADDING)
// complex macro needs to be replaced
EVP_PKEY_CTX_ctrl(pkey_ctx, EVP_PKEY_RSA, -1,
EVP_PKEY_CTRL_RSA_PADDING, RSA_X931_PADDING, nil)
// EVP_PKEY_CTX_set_signature_md() When should this be set?
// SIGN
var rc = EVP_DigestSignInit(md_ctx, &pkey_ctx, EVP_sha256(), nil,
myRSA.rsaKeypair)
print("rc = \(rc)")
// EVP_DigestSignUpdate(md_ctx, message, message.count)
// Complex macro needs to be replaced
rc = EVP_DigestUpdate(md_ctx, message, message.count)
print("rc = \(rc)")
// allocate memory for signature
var sig_len: Int = Int(EVP_PKEY_size(rsaKeypair))
let sig = UnsafeMutablePointer<UInt8>.allocate(capacity: sig_len)
rc = EVP_DigestSignFinal(md_ctx, sig, &sig_len)
// VERIFY
rc = EVP_DigestVerifyInit(md_ctx_verify, nil, EVP_sha256(), nil,
rsaKeypair)
// rc = EVP_DigestVerifyUpdate(md_ctx_verify, message,
message.count)
rc = EVP_DigestUpdate(md_ctx_verify, message, message.count)
rc = EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)
print("signature verified = \(rc == 1 ? "OK" : "FAIL")")
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20171219/9d7c0ced/attachment-0001.html>
More information about the openssl-dev
mailing list