Merge pull request #456 from ColtonWilley/pkcs11_rsa_pss

Add RSA PSS signing to PKCS11 examples
2024-09-06 08:48:04 +10:00 · 2024-09-06 08:48:04 +10:00 · 7e268ba0c7
parent d56158eef6 3f13cc3cc7
commit 7e268ba0c7
2 changed files with 94 additions and 13 deletions
--- a/pkcs11/pkcs11_rsa.c
+++ b/pkcs11/pkcs11_rsa.c
@ -187,6 +187,7 @@ static const unsigned char client_keypub_der_2048[] =
        0x03, 0x01, 0x00, 0x01
 };
 static const int sizeof_client_keypub_der_2048 = sizeof(client_keypub_der_2048);
+WC_RNG rng;

 static int decode_private_key(RsaKey* key, int devId)
 {
@ -231,20 +232,21 @@ static int decode_public_key(RsaKey* key, int devId)
 static int rsa_sign_verify(int devId)
 {
    int    ret = 0;
-    byte   hash[32], sig[2048/8];
-    word32 hashSz, sigSz;
+    byte   hash[32], pt[32], sig[2048/8];
+    word32 hashSz, ptSz, sigSz;
    RsaKey priv;
    RsaKey pub;

    memset(hash, 9, sizeof(hash));
    hashSz = sizeof(hash);
    sigSz = sizeof(sig);
+    ptSz = sizeof(pt);

    ret = decode_private_key(&priv, devId);
    if (ret == 0) {
        fprintf(stderr, "Signing\n");
        sigSz = ret = wc_RsaSSL_Sign(hash, hashSz, sig, (int)sigSz, &priv,
-                                     NULL);
+                                     &rng);
        if (ret < 0)
            fprintf(stderr, "Failed to sign: %d\n", ret);
        else
@ -257,7 +259,55 @@ static int rsa_sign_verify(int devId)
        ret = decode_public_key(&pub, devId);
        if (ret == 0) {
            fprintf(stderr, "Verifying\n");
-            ret = wc_RsaSSL_Verify(sig, sigSz, hash, (int)hashSz, &pub);
+            ret = wc_RsaSSL_Verify(sig, sigSz, pt, (int)ptSz, &pub);
+            if (ret < 0)
+                fprintf(stderr, "Failed to verify: %d\n", ret);
+
+            if (XMEMCMP(hash, pt, ret) != 0) {
+                fprintf(stderr, "Failed to verify\n");
+            }
+
+            wc_FreeRsaKey(&pub);
+            ret = 0;
+        }
+    }
+
+    return ret;
+}
+
+#ifdef WC_RSA_PSS
+static int rsa_sign_verify_pss(int devId)
+{
+    int    ret = 0;
+    byte   hash[32], pt[2048/8], sig[2048/8];
+    word32 hashSz, ptSz, sigSz;
+    RsaKey priv;
+    RsaKey pub;
+
+    memset(hash, 9, sizeof(hash));
+    hashSz = sizeof(hash);
+    sigSz = sizeof(sig);
+    ptSz = sizeof(pt);
+
+    ret = decode_private_key(&priv, devId);
+    if (ret == 0) {
+        fprintf(stderr, "PSS Signing\n");
+        sigSz = ret = wc_RsaPSS_Sign(hash, hashSz, sig, (int)sigSz,
+                    WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &priv, &rng);
+        if (ret < 0)
+            fprintf(stderr, "Failed to sign: %d\n", ret);
+        else
+            ret = 0;
+
+        wc_FreeRsaKey(&priv);
+    }
+
+    if (ret == 0) {
+        ret = decode_public_key(&pub, devId);
+        if (ret == 0) {
+            fprintf(stderr, "PSS Verifying\n");
+            ret = wc_RsaPSS_VerifyCheck(sig, sigSz, pt, ptSz, hash, hashSz,
+                                    WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &pub);
            if (ret < 0)
                fprintf(stderr, "Failed to verify: %d\n", ret);
            else
@ -269,7 +319,8 @@ static int rsa_sign_verify(int devId)

    return ret;
 }
-#endif
+#endif /* ifdef WC_RSA_PSS */
+#endif /* ifndef NO_RSA */

 int main(int argc, char* argv[])
 {
@ -319,11 +370,24 @@ int main(int argc, char* argv[])
                fprintf(stderr, "Failed to register PKCS#11 token\n");
                ret = 2;
            }
+            if (ret == 0) {
+                ret = wc_InitRng(&rng);
+                if (ret != 0) {
+                    fprintf(stderr, "Failed to initialize RNG: %d\n", ret);
+                }
+            }
            if (ret == 0) {
            #ifndef NO_RSA
                ret = rsa_sign_verify(devId);
                if (ret != 0)
                    ret = 1;
+            #ifdef WC_RSA_PSS
+                if (ret == 0) {
+                    ret = rsa_sign_verify_pss(devId);
+                    if (ret != 0)
+                        ret = 1;
+                }
+            #endif
            #endif
            }
            wc_Pkcs11Token_Final(&token);
@ -331,6 +395,7 @@ int main(int argc, char* argv[])
        wc_Pkcs11_Finalize(&dev);
    }

+    wc_FreeRng(&rng);
    wolfCrypt_Cleanup();

    if (ret == 0)
--- a/pkcs11/pkcs11_test.c
+++ b/pkcs11/pkcs11_test.c
@ -429,6 +429,10 @@ int rsaenc_test(RsaKey* key)
    outSz = sizeof(out);
    decSz = sizeof(dec);

+#ifdef WC_RSA_BLINDING
+    ret = wc_RsaSetRNG(key, &rng);
+#endif
+
    if (ret == 0) {
        outSz = ret = wc_RsaPublicEncrypt_ex(plain, plainSz, out, (int)outSz,
            key, &rng, WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL,
@ -460,27 +464,39 @@ int rsaenc_test(RsaKey* key)
 int rsasig_test(RsaKey* key)
 {
    int    ret = 0;
-    byte   plain[128], out[2048/8];
-    word32 plainSz, outSz;
+    byte   plain[128], sig[2048/8], pt[2048/8];
+    word32 plainSz, sigSz, ptSz;

    memset(plain, 9, sizeof(plain));
    plainSz = sizeof(plain);
-    outSz = sizeof(out);
+    sigSz = sizeof(sig);
+    ptSz = sizeof(pt);

    if (ret == 0) {
-        outSz = ret = wc_RsaSSL_Sign(plain, plainSz, out, (int)outSz, key,
-            NULL);
+        sigSz = ret = wc_RsaSSL_Sign(plain, plainSz, sig, (int)sigSz, key,
+            &rng);
        if (ret < 0)
            fprintf(stderr, "Failed to sign: %d\n", ret);
        else
            ret = 0;
    }
    if (ret == 0) {
-        ret = wc_RsaSSL_Verify(out, outSz, plain, (int)plainSz, key);
+        ret = wc_RsaSSL_Verify(sig, sigSz, pt, (int)ptSz, key);
        if (ret < 0)
            fprintf(stderr, "Failed to verify: %d\n", ret);
-        else
-            ret = 0;
+
+        if (ret != plainSz) {
+            fprintf(stderr, "Failed to verify: %d\n", ret);
+            ret = -1;
+        }
+        if (ret > 0) {
+            if (XMEMCMP(plain, pt, ret) != 0) {
+                ret = -1;
+            }
+            else {
+                ret = 0;
+            }
+        }
    }

    return ret;