openssl3.2 - 官方demo学习 - signature - EVP_EC_Signature_demo.c
概述
EC的签名/验签实现, 摘要算法为 SHA3-512
签名验签时的update铭文可以进行多次.
openssl的API封装的真好, 只要是一类流程(e.g. 签名/验签), 采用不同算法时, 差别不大.
以前看资料, 那个老师说, 最好不要用名字来取算法指针, 容易写错. 而且调用的API比较麻烦.
已经单步调试了几十个官方demo, 官方全部采用名称字符串来取东西.
说明, 用名字取东西, 才可以让同一类操作的维护性最好.
看了一眼openSSL的底层用名字取东西的实现, 人家是做了一个Map, Map的成员是一个结构指针, 里面有名字和任务指针.
没仔细看, Map的Key应该是个hash值, 效率肯定刚刚的.文章来源:https://www.toymoban.com/news/detail-797598.html
至于名称字符串容易写错, 自己准备一个用名字取东西的API的名字有效值的文档就可以搞定这个问题.文章来源地址https://www.toymoban.com/news/detail-797598.html
笔记
/*!
\file EVP_EC_Signature_demo.c
\note openssl3.2 - 官方demo学习 - signature - EVP_EC_Signature_demo.c
EC的签名/验签实现, 摘要算法为 SHA3-512
签名验签时的update铭文可以进行多次.
openssl的API封装的真好, 只要是一类流程(e.g. 签名/验签), 采用不同算法时, 差别不大.
以前看资料, 那个老师说, 最好不要用名字来取算法指针, 容易写错. 而且调用的API比较麻烦.
已经单步调试了几十个官方demo, 官方全部采用名称字符串来取东西.
说明, 用名字取东西, 才可以让同一类操作的维护性最好.
看了一眼openSSL的底层用名字取东西的实现, 人家是做了一个Map, Map的成员是一个结构指针, 里面有名字和任务指针.
没仔细看, Map的Key应该是个hash值, 效率肯定刚刚的.
至于名称字符串容易写错, 自己准备一个用名字取东西的API的名字有效值的文档就可以搞定这个问题.
*/
/*-
* Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* An example that uses the EVP_MD*, EVP_DigestSign* and EVP_DigestVerify*
* methods to calculate and verify a signature of two static buffers.
*/
#include <string.h>
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/decoder.h>
#include "EVP_EC_Signature_demo.h" /*!< 头文件中只有私钥/公钥的数组定义 数组数据是EC的DER格式的私钥/公钥 */
#include "my_openSSL_lib.h"
/*
* This demonstration will calculate and verify a signature of data using
* the soliloquy from Hamlet scene 1 act 3
*/
static const char *hamlet_1 =
"To be, or not to be, that is the question,\n"
"Whether tis nobler in the minde to suffer\n"
"The slings and arrowes of outragious fortune,\n"
"Or to take Armes again in a sea of troubles,\n"
;
static const char *hamlet_2 =
"And by opposing, end them, to die to sleep;\n"
"No more, and by a sleep, to say we end\n"
"The heart-ache, and the thousand natural shocks\n"
"That flesh is heir to? tis a consumation\n"
;
/*
* For demo_sign, load EC private key priv_key from priv_key_der[].
* For demo_verify, load EC public key pub_key from pub_key_der[].
*/
static EVP_PKEY *get_key(OSSL_LIB_CTX *libctx, const char *propq, int public)
{
OSSL_DECODER_CTX *dctx = NULL;
EVP_PKEY *pkey = NULL;
int selection;
const unsigned char *data;
size_t data_len;
if (public) {
selection = EVP_PKEY_PUBLIC_KEY;
data = pub_key_der;
data_len = sizeof(pub_key_der);
} else {
selection = EVP_PKEY_KEYPAIR;
data = priv_key_der;
data_len = sizeof(priv_key_der);
}
dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, "EC",
selection, libctx, propq);
(void)OSSL_DECODER_from_data(dctx, &data, &data_len);
OSSL_DECODER_CTX_free(dctx);
if (pkey == NULL)
fprintf(stderr, "Failed to load %s key.\n", public ? "public" : "private");
return pkey;
}
static int demo_sign(OSSL_LIB_CTX *libctx, const char *sig_name,
size_t *sig_out_len, unsigned char **sig_out_value)
{
int ret = 0, public = 0;
size_t sig_len;
unsigned char *sig_value = NULL;
const char *propq = NULL;
EVP_MD_CTX *sign_context = NULL;
EVP_PKEY *priv_key = NULL;
/* Get private key */
priv_key = get_key(libctx, propq, public);
if (priv_key == NULL) {
fprintf(stderr, "Get private key failed.\n");
goto cleanup;
}
/*
* Make a message signature context to hold temporary state
* during signature creation
*/
sign_context = EVP_MD_CTX_new();
if (sign_context == NULL) {
fprintf(stderr, "EVP_MD_CTX_new failed.\n");
goto cleanup;
}
/*
* Initialize the sign context to use the fetched
* sign provider.
*/
if (!EVP_DigestSignInit_ex(sign_context, NULL, sig_name,
libctx, NULL, priv_key, NULL)) {
fprintf(stderr, "EVP_DigestSignInit_ex failed.\n");
goto cleanup;
}
/*
* EVP_DigestSignUpdate() can be called several times on the same context
* to include additional data.
*/
if (!EVP_DigestSignUpdate(sign_context, hamlet_1, strlen(hamlet_1))) {
fprintf(stderr, "EVP_DigestSignUpdate(hamlet_1) failed.\n");
goto cleanup;
}
if (!EVP_DigestSignUpdate(sign_context, hamlet_2, strlen(hamlet_2))) {
fprintf(stderr, "EVP_DigestSignUpdate(hamlet_2) failed.\n");
goto cleanup;
}
/* Call EVP_DigestSignFinal to get signature length sig_len */
if (!EVP_DigestSignFinal(sign_context, NULL, &sig_len)) {
fprintf(stderr, "EVP_DigestSignFinal failed.\n");
goto cleanup;
}
if (sig_len <= 0) {
fprintf(stderr, "EVP_DigestSignFinal returned invalid signature length.\n");
goto cleanup;
}
sig_value = OPENSSL_malloc(sig_len);
if (sig_value == NULL) {
fprintf(stderr, "No memory.\n");
goto cleanup;
}
if (!EVP_DigestSignFinal(sign_context, sig_value, &sig_len)) {
fprintf(stderr, "EVP_DigestSignFinal failed.\n");
goto cleanup;
}
*sig_out_len = sig_len;
*sig_out_value = sig_value;
fprintf(stdout, "Generating signature:\n");
BIO_dump_indent_fp(stdout, sig_value, (int)sig_len, 2);
fprintf(stdout, "\n");
ret = 1;
cleanup:
/* OpenSSL free functions will ignore NULL arguments */
if (!ret)
OPENSSL_free(sig_value);
EVP_PKEY_free(priv_key);
EVP_MD_CTX_free(sign_context);
return ret;
}
static int demo_verify(OSSL_LIB_CTX *libctx, const char *sig_name,
size_t sig_len, unsigned char *sig_value)
{
int ret = 0, public = 1;
const char *propq = NULL;
EVP_MD_CTX *verify_context = NULL;
EVP_PKEY *pub_key = NULL;
/*
* Make a verify signature context to hold temporary state
* during signature verification
*/
verify_context = EVP_MD_CTX_new();
if (verify_context == NULL) {
fprintf(stderr, "EVP_MD_CTX_new failed.\n");
goto cleanup;
}
/* Get public key */
pub_key = get_key(libctx, propq, public);
if (pub_key == NULL) {
fprintf(stderr, "Get public key failed.\n");
goto cleanup;
}
/* Verify */
if (!EVP_DigestVerifyInit_ex(verify_context, NULL, sig_name,
libctx, NULL, pub_key, NULL)) {
fprintf(stderr, "EVP_DigestVerifyInit failed.\n");
goto cleanup;
}
/*
* EVP_DigestVerifyUpdate() can be called several times on the same context
* to include additional data.
*/
if (!EVP_DigestVerifyUpdate(verify_context, hamlet_1, strlen(hamlet_1))) {
fprintf(stderr, "EVP_DigestVerifyUpdate(hamlet_1) failed.\n");
goto cleanup;
}
if (!EVP_DigestVerifyUpdate(verify_context, hamlet_2, strlen(hamlet_2))) {
fprintf(stderr, "EVP_DigestVerifyUpdate(hamlet_2) failed.\n");
goto cleanup;
}
if (EVP_DigestVerifyFinal(verify_context, sig_value, sig_len) <= 0) {
fprintf(stderr, "EVP_DigestVerifyFinal failed.\n");
goto cleanup;
}
fprintf(stdout, "Signature verified.\n");
ret = 1;
cleanup:
/* OpenSSL free functions will ignore NULL arguments */
EVP_PKEY_free(pub_key);
EVP_MD_CTX_free(verify_context);
return ret;
}
int main(void)
{
OSSL_LIB_CTX *libctx = NULL;
const char *sig_name = "SHA3-512";
size_t sig_len = 0;
unsigned char *sig_value = NULL;
int ret = EXIT_FAILURE;
libctx = OSSL_LIB_CTX_new();
if (libctx == NULL) {
fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n");
goto cleanup;
}
if (!demo_sign(libctx, sig_name, &sig_len, &sig_value)) {
fprintf(stderr, "demo_sign failed.\n");
goto cleanup;
}
if (!demo_verify(libctx, sig_name, sig_len, sig_value)) {
fprintf(stderr, "demo_verify failed.\n");
goto cleanup;
}
ret = EXIT_SUCCESS;
cleanup:
if (ret != EXIT_SUCCESS)
ERR_print_errors_fp(stderr);
/* OpenSSL free functions will ignore NULL arguments */
OSSL_LIB_CTX_free(libctx);
OPENSSL_free(sig_value);
return ret;
}
END
到了这里,关于openssl3.2 - 官方demo学习 - signature - EVP_EC_Signature_demo.c的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!
