WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fixes for RSA PSS example based on feedback and testing.

pull/108/head
David Garske 2019-02-14 10:23:15 -08:00
parent 6130262b75
commit 7a1bffd8f9
3 changed files with 68 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
crypto/rsa-pss/Makefile
View File

@ -1,11 +1,36 @@
CC=gcc # Examples Makefile
CFLAGS=-Wall CC = gcc
LIBS= -lwolfssl LIB_PATH = /usr/local
CFLAGS = -Wall -I$(LIB_PATH)/include
LIBS = -L$(LIB_PATH)/lib -lm
rsa-pss: rsa-pss.o # option variables
$(CC) -o $@ $^ $(CFLAGS) $(LIBS) DYN_LIB = -lwolfssl
STATIC_LIB = $(LIB_PATH)/lib/libwolfssl.a
DEBUG_FLAGS = -g -DDEBUG
DEBUG_INC_PATHS = -MD
OPTIMIZE = -Os
.PHONY: clean # Options
#CFLAGS+=$(DEBUG_FLAGS)
CFLAGS+=$(OPTIMIZE)
#LIBS+=$(STATIC_LIB) -ldl -lm
LIBS+=$(DYN_LIB)
# build targets
SRC=$(wildcard *.c)
TARGETS=$(patsubst %.c, %, $(SRC))
.PHONY: clean all
all: $(TARGETS)
debug: CFLAGS+=$(DEBUG_FLAGS)
debug: all
# build template
%: %.c
$(CC) -o $@ $< $(CFLAGS) $(LIBS)
clean: clean:
rm -f *.o rsa-pss rm -f $(TARGETS)

2
crypto/rsa-pss/README.md
View File

@ -5,7 +5,7 @@
### Build wolfSSL ### Build wolfSSL
``` ```
./configure --enable-rsapss --enable-keygen --enable-certgen --enable-certext ./configure --enable-rsapss --enable-keygen
make make
sudo make install sudo make install
``` ```

41
crypto/rsa-pss/rsa-pss.c
View File

@ -33,6 +33,7 @@
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/ssl.h> #include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/rsa.h> #include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
static const char* kRsaSignOpt = "-s"; static const char* kRsaSignOpt = "-s";
static const char* kRsaPubKey = "./rsa-public.der"; static const char* kRsaPubKey = "./rsa-public.der";
@ -41,8 +42,11 @@ static const char* kRsaPubKey = "./rsa-public.der";
int main(int argc, char** argv) int main(int argc, char** argv)
{ {
/* These examples require RSA and Key Gen */
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
RsaKey* pRsaKey = NULL; RsaKey* pRsaKey = NULL;
WC_RNG rng; WC_RNG rng;
/* PSS requires message to be same as hash digest (SHA256=32) */
const char* szMessage = "This is the string to be signed"; const char* szMessage = "This is the string to be signed";
unsigned char pSignature[RSA_KEY_SIZE/8]; unsigned char pSignature[RSA_KEY_SIZE/8];
unsigned char pDecrypted[RSA_KEY_SIZE/8]; unsigned char pDecrypted[RSA_KEY_SIZE/8];
@ -52,6 +56,13 @@ int main(int argc, char** argv)
unsigned char derBuf[MAX_DER_SIZE]; unsigned char derBuf[MAX_DER_SIZE];
FILE* f; FILE* f;
if (argc <= 2) {
printf("Usage:\n");
printf("\trsa-pss -s sign.txt\n");
printf("\trsa-pss -v sign.txt\n");
return 0;
}
wolfSSL_Debugging_ON(); wolfSSL_Debugging_ON();
wolfSSL_Init(); wolfSSL_Init();
@ -83,8 +94,9 @@ int main(int argc, char** argv)
if (memcmp(argv[1], kRsaSignOpt, 2) == 0) { if (memcmp(argv[1], kRsaSignOpt, 2) == 0) {
printf("generating RSA key to make a PSS signature\n"); printf("generating RSA key to make a PSS signature\n");
/* Generate an RSA key pair */ /* Generate an RSA key pair */
if (wc_MakeRsaKey(pRsaKey, RSA_KEY_SIZE, 0x010001, &rng) != 0) { if (wc_MakeRsaKey(pRsaKey, RSA_KEY_SIZE, WC_RSA_EXPONENT, &rng) != 0) {
printf("failed to create rsa key\n"); printf("failed to create rsa key\n");
} }
@ -142,7 +154,7 @@ int main(int argc, char** argv)
} }
/* perform digital signature */ /* perform digital signature */
ret = wc_RsaPSS_Sign((byte*)szMessage, sizeof(szMessage), ret = wc_RsaPSS_Sign((byte*)szMessage, XSTRLEN(szMessage)+1,
pSignature, sizeof(pSignature), pSignature, sizeof(pSignature),
WC_HASH_TYPE_SHA256, WC_MGF1SHA256, pRsaKey, &rng); WC_HASH_TYPE_SHA256, WC_MGF1SHA256, pRsaKey, &rng);
if (ret <= 0) { if (ret <= 0) {
@ -166,8 +178,9 @@ int main(int argc, char** argv)
fseek(f, 0, SEEK_END); fseek(f, 0, SEEK_END);
sz = ftell(f); sz = ftell(f);
if (sz > sizeof(pSignature)) { if (sz > sizeof(pSignature)) {
printf("file is too big (%d bytes)\n", sz);
fclose(f); fclose(f);
return BUFFER_E; goto prog_end;
} }
fseek(f, 0, SEEK_SET); fseek(f, 0, SEEK_SET);
fread(pSignature, 1, sz, f); fread(pSignature, 1, sz, f);
@ -177,14 +190,23 @@ int main(int argc, char** argv)
Start by a RAW decrypt of the signature Start by a RAW decrypt of the signature
*/ */
pt = pDecrypted; pt = pDecrypted;
ret = wc_RsaPSS_VerifyInline(pSignature, sizeof(pSignature), &pt, ret = wc_RsaPSS_VerifyInline(pSignature, sz, &pt,
WC_HASH_TYPE_SHA256, WC_MGF1SHA256, pRsaKey); WC_HASH_TYPE_SHA256, WC_MGF1SHA256, pRsaKey);
if (ret <= 0) { if (ret <= 0) {
printf("RSA_public_decrypt failed with error %d\n", ret); printf("RSA_public_decrypt failed with error %d\n", ret);
goto prog_end; goto prog_end;
} }
else { else {
printf("RSA PSS verify success\n"); sz = ret;
ret = wc_RsaPSS_CheckPadding((byte*)szMessage, XSTRLEN(szMessage)+1,
pt, sz, WC_HASH_TYPE_SHA256);
if (ret == 0) {
printf("RSA PSS verify success\n");
}
else {
printf("RSA PSS Padding check failed! %d\n", ret);
goto prog_end;
}
} }
} }
@ -198,5 +220,12 @@ prog_end:
wolfSSL_Cleanup(); wolfSSL_Cleanup();
return 0; return 0;
} #else
(void)kRsaSignOpt;
(void)kRsaPubKey;
printf("wolfSSL missing build features.\n");
printf("Please build using `./configure --enable-rsapss --enable-keygen`\n");
return -1;
#endif
}