文章目录
- openssl3.2 - 官方demo学习 - signature - EVP_EC_Signature_demo.c
- 概述
- 笔记
- END
openssl3.2 - 官方demo学习 - signature - EVP_EC_Signature_demo.c
概述
EC的签名/验签实现, 摘要算法为 SHA3-512
签名验签时的update铭文可以进行多次.
openssl的API封装的真好, 只要是一类流程(e.g. 签名/验签), 采用不同算法时, 差别不大.
以前看资料, 那个老师说, 最好不要用名字来取算法指针, 容易写错. 而且调用的API比较麻烦.
已经单步调试了几十个官方demo, 官方全部采用名称字符串来取东西.
说明, 用名字取东西, 才可以让同一类操作的维护性最好.
看了一眼openSSL的底层用名字取东西的实现, 人家是做了一个Map, Map的成员是一个结构指针, 里面有名字和任务指针.
没仔细看, Map的Key应该是个hash值, 效率肯定刚刚的.
至于名称字符串容易写错, 自己准备一个用名字取东西的API的名字有效值的文档就可以搞定这个问题.
笔记
/*!
\file EVP_EC_Signature_demo.c
\note openssl3.2 - 官方demo学习 - signature - EVP_EC_Signature_demo.cEC的签名/验签实现, 摘要算法为 SHA3-512
签名验签时的update铭文可以进行多次.openssl的API封装的真好, 只要是一类流程(e.g. 签名/验签), 采用不同算法时, 差别不大.以前看资料, 那个老师说, 最好不要用名字来取算法指针, 容易写错. 而且调用的API比较麻烦.已经单步调试了几十个官方demo, 官方全部采用名称字符串来取东西.
说明, 用名字取东西, 才可以让同一类操作的维护性最好.看了一眼openSSL的底层用名字取东西的实现, 人家是做了一个Map, Map的成员是一个结构指针, 里面有名字和任务指针.
没仔细看, Map的Key应该是个hash值, 效率肯定刚刚的.至于名称字符串容易写错, 自己准备一个用名字取东西的API的名字有效值的文档就可以搞定这个问题.
*//*-* Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.** Licensed under the Apache License 2.0 (the "License"). You may not use* this file except in compliance with the License. You can obtain a copy* in the file LICENSE in the source distribution or at* https://www.openssl.org/source/license.html*//** An example that uses the EVP_MD*, EVP_DigestSign* and EVP_DigestVerify** methods to calculate and verify a signature of two static buffers.*/#include <string.h>
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/decoder.h>
#include "EVP_EC_Signature_demo.h" /*!< 头文件中只有私钥/公钥的数组定义 数组数据是EC的DER格式的私钥/公钥 */ #include "my_openSSL_lib.h"/** This demonstration will calculate and verify a signature of data using* the soliloquy from Hamlet scene 1 act 3*/static const char *hamlet_1 ="To be, or not to be, that is the question,\n""Whether tis nobler in the minde to suffer\n""The slings and arrowes of outragious fortune,\n""Or to take Armes again in a sea of troubles,\n"
;
static const char *hamlet_2 ="And by opposing, end them, to die to sleep;\n""No more, and by a sleep, to say we end\n""The heart-ache, and the thousand natural shocks\n""That flesh is heir to? tis a consumation\n"
;/** For demo_sign, load EC private key priv_key from priv_key_der[].* For demo_verify, load EC public key pub_key from pub_key_der[].*/
static EVP_PKEY *get_key(OSSL_LIB_CTX *libctx, const char *propq, int public)
{OSSL_DECODER_CTX *dctx = NULL;EVP_PKEY *pkey = NULL;int selection;const unsigned char *data;size_t data_len;if (public) {selection = EVP_PKEY_PUBLIC_KEY;data = pub_key_der;data_len = sizeof(pub_key_der);} else {selection = EVP_PKEY_KEYPAIR;data = priv_key_der;data_len = sizeof(priv_key_der);}dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, "EC",selection, libctx, propq);(void)OSSL_DECODER_from_data(dctx, &data, &data_len);OSSL_DECODER_CTX_free(dctx);if (pkey == NULL)fprintf(stderr, "Failed to load %s key.\n", public ? "public" : "private");return pkey;
}static int demo_sign(OSSL_LIB_CTX *libctx, const char *sig_name,size_t *sig_out_len, unsigned char **sig_out_value)
{int ret = 0, public = 0;size_t sig_len;unsigned char *sig_value = NULL;const char *propq = NULL;EVP_MD_CTX *sign_context = NULL;EVP_PKEY *priv_key = NULL;/* Get private key */priv_key = get_key(libctx, propq, public);if (priv_key == NULL) {fprintf(stderr, "Get private key failed.\n");goto cleanup;}/** Make a message signature context to hold temporary state* during signature creation*/sign_context = EVP_MD_CTX_new();if (sign_context == NULL) {fprintf(stderr, "EVP_MD_CTX_new failed.\n");goto cleanup;}/** Initialize the sign context to use the fetched* sign provider.*/if (!EVP_DigestSignInit_ex(sign_context, NULL, sig_name,libctx, NULL, priv_key, NULL)) {fprintf(stderr, "EVP_DigestSignInit_ex failed.\n");goto cleanup;}/** EVP_DigestSignUpdate() can be called several times on the same context* to include additional data.*/if (!EVP_DigestSignUpdate(sign_context, hamlet_1, strlen(hamlet_1))) {fprintf(stderr, "EVP_DigestSignUpdate(hamlet_1) failed.\n");goto cleanup;}if (!EVP_DigestSignUpdate(sign_context, hamlet_2, strlen(hamlet_2))) {fprintf(stderr, "EVP_DigestSignUpdate(hamlet_2) failed.\n");goto cleanup;}/* Call EVP_DigestSignFinal to get signature length sig_len */if (!EVP_DigestSignFinal(sign_context, NULL, &sig_len)) {fprintf(stderr, "EVP_DigestSignFinal failed.\n");goto cleanup;}if (sig_len <= 0) {fprintf(stderr, "EVP_DigestSignFinal returned invalid signature length.\n");goto cleanup;}sig_value = OPENSSL_malloc(sig_len);if (sig_value == NULL) {fprintf(stderr, "No memory.\n");goto cleanup;}if (!EVP_DigestSignFinal(sign_context, sig_value, &sig_len)) {fprintf(stderr, "EVP_DigestSignFinal failed.\n");goto cleanup;}*sig_out_len = sig_len;*sig_out_value = sig_value;fprintf(stdout, "Generating signature:\n");BIO_dump_indent_fp(stdout, sig_value, (int)sig_len, 2);fprintf(stdout, "\n");ret = 1;cleanup:/* OpenSSL free functions will ignore NULL arguments */if (!ret)OPENSSL_free(sig_value);EVP_PKEY_free(priv_key);EVP_MD_CTX_free(sign_context);return ret;
}static int demo_verify(OSSL_LIB_CTX *libctx, const char *sig_name,size_t sig_len, unsigned char *sig_value)
{int ret = 0, public = 1;const char *propq = NULL;EVP_MD_CTX *verify_context = NULL;EVP_PKEY *pub_key = NULL;/** Make a verify signature context to hold temporary state* during signature verification*/verify_context = EVP_MD_CTX_new();if (verify_context == NULL) {fprintf(stderr, "EVP_MD_CTX_new failed.\n");goto cleanup;}/* Get public key */pub_key = get_key(libctx, propq, public);if (pub_key == NULL) {fprintf(stderr, "Get public key failed.\n");goto cleanup;}/* Verify */if (!EVP_DigestVerifyInit_ex(verify_context, NULL, sig_name,libctx, NULL, pub_key, NULL)) {fprintf(stderr, "EVP_DigestVerifyInit failed.\n");goto cleanup;}/** EVP_DigestVerifyUpdate() can be called several times on the same context* to include additional data.*/if (!EVP_DigestVerifyUpdate(verify_context, hamlet_1, strlen(hamlet_1))) {fprintf(stderr, "EVP_DigestVerifyUpdate(hamlet_1) failed.\n");goto cleanup;}if (!EVP_DigestVerifyUpdate(verify_context, hamlet_2, strlen(hamlet_2))) {fprintf(stderr, "EVP_DigestVerifyUpdate(hamlet_2) failed.\n");goto cleanup;}if (EVP_DigestVerifyFinal(verify_context, sig_value, sig_len) <= 0) {fprintf(stderr, "EVP_DigestVerifyFinal failed.\n");goto cleanup;}fprintf(stdout, "Signature verified.\n");ret = 1;cleanup:/* OpenSSL free functions will ignore NULL arguments */EVP_PKEY_free(pub_key);EVP_MD_CTX_free(verify_context);return ret;
}int main(void)
{OSSL_LIB_CTX *libctx = NULL;const char *sig_name = "SHA3-512";size_t sig_len = 0;unsigned char *sig_value = NULL;int ret = EXIT_FAILURE;libctx = OSSL_LIB_CTX_new();if (libctx == NULL) {fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n");goto cleanup;}if (!demo_sign(libctx, sig_name, &sig_len, &sig_value)) {fprintf(stderr, "demo_sign failed.\n");goto cleanup;}if (!demo_verify(libctx, sig_name, sig_len, sig_value)) {fprintf(stderr, "demo_verify failed.\n");goto cleanup;}ret = EXIT_SUCCESS;cleanup:if (ret != EXIT_SUCCESS)ERR_print_errors_fp(stderr);/* OpenSSL free functions will ignore NULL arguments */OSSL_LIB_CTX_free(libctx);OPENSSL_free(sig_value);return ret;
}
)
)
