赞
踩
## 最近在做Openssl相关工作,对于openssl进行了一些研究,分享下目前主流的算法RSA2048中的PSS填充模式的验签(SHA256) ##参考引用:https://blog.csdn.net/m0_61283489/article/details/124705120 ## https://www.openssl.org/docs/man1.1.1/man3/ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <stdint.h> #include <openssl/rsa.h> #include <openssl/pem.h> #include <openssl/bn.h> #include <openssl/bio.h> #include <openssl/evp.h> //RSA 2048-PSS 验签 int rsa_test() { uint8_t buf[256]={0x3b,0xcd,0xa5,0x1c,0x36,0xe4,0x37,0xf5,0x56,0x59,0x0f,0xb8,0xcc,0x3b,0x09,0x31,0x61,0xdb,0xcf,0x83,0x96,0xfd,0x22,0xd0,0x4f,0x14,0xbb,0x82,0xc0,0x87,0xfa,0x46,0x61,0x3b,0x47,0x94,0xeb,0xaa,0x7b,0x91,0xdc,0x08,0x18,0x54,0xe2,0x66,0x25,0x2d,0x73,0xe8,0x14,0xb8,0xc9,0xca,0x5a,0x47,0xfc,0xbb,0xc4,0xfb,0xad,0x16,0x9b,0xb3,0x2f,0x15,0x66,0xae,0x38,0xd7,0xe7,0x91,0x2d,0x89,0x75,0x33,0xba,0x13,0x8c,0xb4,0x96,0x6e,0xe8,0x4b,0xa9,0x1c,0xfe,0x28,0xb2,0x59,0xec,0x3e,0x5b,0x60,0xc8,0x44,0x74,0xef,0x85,0xd5,0xfe,0xdb,0xb5,0x96,0xe6,0x62,0x1f,0x92,0x3d,0x75,0x49,0xc7,0xa7,0x93,0xb4,0x70,0xd1,0x13,0x47,0x7a,0xdf,0x03,0x1b,0x62,0x69,0x5d,0xcb,0x51,0x7e,0x8b,0x7c,0x2a,0xfc,0x2e,0xc6,0xaf,0x13,0x42,0xc6,0x1b,0x51,0x86,0x3b,0x17,0x26,0x3c,0x23,0x6c,0xd2,0x5b,0xc7,0x69,0xf8,0x43,0xfa,0x40,0x36,0x10,0x2e,0x13,0xdc,0x8a,0x74,0x26,0x4a,0xef,0x9e,0x46,0xbd,0x06,0x30,0x56,0x7e,0xa0,0x0c,0xd7,0x4e,0xff,0x7e,0xdd,0xf7,0x49,0x66,0x13,0x4a,0x3f,0x71,0xab,0x27,0x00,0xda,0x49,0x5b,0x3f,0x81,0xaa,0xda,0x67,0x9f,0x35,0x3e,0x24,0x1d,0x81,0x50,0x12,0x99,0x58,0xef,0xcf,0x80,0x03,0x5c,0xf9,0x16,0x94,0x93,0x0d,0xa9,0x3f,0xbd,0x1a,0x5d,0xad,0x9b,0x76,0xf0,0x29,0x0d,0x19,0xd7,0x7b,0x55,0xca,0xe5,0x16,0xb3,0x6c,0x57,0xa6,0x33,0x0d,0xa8,0x3d,0x1c,0xe0,0x8d,0x38,0xa0,0x4f,0xff,0x00,0x9e,0xd6,0x69,0xd6}; const char pubKey[262]={0x01,0x00,0xaa,0xba,0xca,0xda,0xea,0xfa,0x01,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x20,0x23,0x23,0x2,0xcb,0x2c,0x7d,0x3e,0xb0,0xb6,0xbf,0xd3,0x11,0x06,0x92,0xc7,0xf9,0x34,0x6a,0xd7,0x93,0x41,0xd9,0x1d,0xdc,0x13,0xab,0x61,0x00,0xf0,0xda,0xd0,0x3f,0x64,0xc7,0x84,0x72,0x23,0x09,0x88,0x8a,0x44,0xb4,0x18,0xb8,0xb9,0xd7,0x21,0xcc,0x28,0xe2,0x92,0xbf,0x2f,0x10,0x61,0x4e,0xc9,0x20,0xec,0x38,0xfc,0x1c,0x89,0xc1,0x3a,0x9d,0xd2,0x22,0x74,0xe3,0xe0,0xa7,0x05,0x5f,0x2e,0xe0,0x84,0x02,0x56,0xe8,0x06,0xf2,0xa7,0xee,0xb2,0xba,0x2e,0xbf,0x86,0x97,0xca,0x9f,0x84,0x8e,0xcb,0xc1,0x44,0x90,0x8c,0x8e,0xbe,0xb6,0x0d,0xcd,0xc9,0x1c,0xc0,0xc5,0xf1,0x5c,0x69,0xc6,0xa2,0x28,0xd5,0xa8,0xdf,0x73,0x3b,0x2a,0xe5,0x74,0x15,0xd4,0xf6,0x01,0x76,0x2d,0x23,0x82,0xd1,0x0f,0x3f,0x1c,0x81,0x76,0xb6,0x41,0x38,0xc9,0x4e,0xb7,0xd0,0xce,0x1a,0x3b,0x90,0xf9,0x49,0xfd,0x81,0xef,0x76,0x84,0xad,0x05,0xa3,0x97,0x6b,0x02,0xb3,0xcc,0x2d,0x3a,0x8b,0x0f,0x92,0xf9,0x5b,0x57,0x3e,0x40,0x29,0x46,0xa5,0xef,0x6c,0x55,0x7c,0xf7,0x53,0x1f,0xf2,0x59,0xaa,0x08,0x20,0xc2,0x83,0xf5,0xc6,0x2e,0xb1,0x59,0xe4,0xda,0xeb,0x10,0xa0,0xf1,0xe1,0x63,0x26,0x7c,0x88,0x30,0xf1,0x15,0xdb,0xc7,0x29,0x35,0xa8,0x73,0xf4,0x30,0xf8,0xf4,0xb9,0xdb,0xc4,0xa1,0x26,0x2d,0x0f,0x30,0x77,0x87,0xa9,0xa2,0xf0,0x07,0xb7,0x71,0xaf,0x6e,0x0c,0xa1,0xa5,0x00,0x01,0x00,0x01}; uint8_t npubkey[256]; uint8_t epubkey[4]; unsigned char msg[] = "\x36\x32\x32\x31\x33\x32\x35\x31\x39\x30\x31\x31\x34\x32\x35\x38\x39\x30\x31\x32\x31\x34"; unsigned int msglen = sizeof(msg) - 1; unsigned char sig[256]; unsigned int signLen = 256; int rv = 0; int ret=0; BIGNUM *check = NULL;; BIGNUM* n; BIGNUM* e; EVP_MD_CTX *mdctx = NULL; EVP_PKEY *pkey = NULL; RSA *rsa= RSA_new(); if(rsa == NULL){ return -1; } pkey = EVP_PKEY_new(); if(pkey == NULL) { printf("EVP_PKEY_new is failed.\n"); rv = -2; goto end; } memmove(npubkey, pubKey+2, 256); //一般为65537 memmove(epubkey, pubKey+258, 4); n = BN_new(); e = BN_new(); n=BN_bin2bn(npubkey,256,NULL); e=BN_bin2bn(epubkey,4,NULL); if (n == NULL || e == NULL) { return -1; } if(RSA_set0_key(rsa, n, e, NULL)==0){ return -1; } if (EVP_PKEY_set1_RSA(pkey, rsa) != 1) { printf("EVP_PKEY_set1_RSA is failed.\n"); rv = -3; goto end; } // 消息完整验签计算 mdctx = EVP_MD_CTX_create(); if (mdctx == NULL) { printf("EVP_MD_CTX_create is failed.\n"); rv = -4; goto end; } EVP_PKEY_CTX *ectx; if (EVP_DigestVerifyInit(mdctx, &ectx, EVP_sha256(), NULL,pkey)<=0) { printf("EVP_DigestVerifyInit is failed.\n"); rv = -4; goto end; } // 设置签名填充方式为pss填充 if (!EVP_PKEY_CTX_set_rsa_padding(ectx, RSA_PKCS1_PSS_PADDING)) { printf("EVP_PKEY_CTX_set_rsa_padding is failed.\n"); rv = -4; goto end; } if (!EVP_PKEY_CTX_set_rsa_mgf1_md(ectx, EVP_sha256())) { printf("EVP_PKEY_CTX_set_rsa_padding is failed.\n"); rv = -4; goto end; } if (EVP_DigestVerifyUpdate(mdctx, msg, msglen)<=0) { printf("EVP_DigestVerifyUpdate is failed.\n"); rv = -4; goto end; } ret= EVP_DigestVerifyFinal(mdctx, buf, 256); if(ret != 1) { printf("EVP_DigestVerifyFinal is failed. ret=[%d]\n",ret); ERR_print_errors_fp(stderr); rv = -4; goto end; }else{ BN_free(n); BN_free(e); RSA_free(rsa); EVP_PKEY_free(pkey); } end: if(e != NULL){ BN_free(e); } if(n != NULL){ BN_free(n); } if (rsa != NULL){ RSA_free(rsa); } if (pkey != NULL){ EVP_PKEY_free(pkey); } if(ectx != NULL){ EVP_PKEY_CTX_free(ectx); } return rv; } int main(int argc,char *argv[]) { int ret; ret = rsa_test(); if (ret < 0) { printf("rsa_sign_test is failed.\n"); } else { printf("rsa_sign_test successed.\n"); } return 0; }
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。