Padding for RSA signatures

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Padding for RSA signatures

Gelareh Taban

I am playing around with RSA signatures with different padding and have some questions.

I have my sample code below for reference. It's in Swift (but it should still be close enough to C to be readable). Also in Swift, some of the complex macros in OpenSSL have to be broken down to be compilable hence my usage of EVP_DigestUpdate instead of EVP_DigestVerifyUpdate .

I am trying to define different padding options and so am defining and using a EVP_PKEY_CTX . However I am not sure if this padding is getting used in the signature since  my Verify outputs OK regardless of which option my Sign uses. Which leads to:

1 - Do I need to use the same EVP_PKEY_CTX with the same options when doing verify? Right now even when I don't use any EVP_PKEY_CTX in Verify, I still verify OK.

2 - Do I need to set the hash function I am using in both EVP_PKEY_CTX  as well as EVP_MD_CTX ? Or the latter is what defines this?

3 - In general, is there a way of making the Signature/Encryptions in OpenSSL be deterministic for debugging/testing purposes? 

Thanks in advance for any insight in the above.

        let md_ctx = EVP_MD_CTX_create()

        let md_ctx_verify = EVP_MD_CTX_create()


        // OPTIONS

        // To define padding option used in signature

        let pkey_ctx = EVP_PKEY_CTX_new(rsaKeypair, nil)


        // EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PADDING)

        // complex macro needs to be replaced


        // EVP_PKEY_CTX_set_signature_md() When should this be set?


        //  SIGN

        var rc = EVP_DigestSignInit(md_ctx, &pkey_ctx, EVP_sha256(), nil, myRSA.rsaKeypair)

        print("rc = \(rc)")

        // EVP_DigestSignUpdate(md_ctx, message, message.count)

        // Complex macro needs to be replaced

        rc = EVP_DigestUpdate(md_ctx, message, message.count)

        print("rc = \(rc)")


        // allocate memory for signature

        var sig_len: IntInt(EVP_PKEY_size(rsaKeypair))

        let sig = UnsafeMutablePointer<UInt8>.allocate(capacity: sig_len)

        rc = EVP_DigestSignFinal(md_ctx, sig, &sig_len)



        // VERIFY

        rc = EVP_DigestVerifyInit(md_ctx_verify, nil, EVP_sha256(), nil, rsaKeypair)

        //        rc = EVP_DigestVerifyUpdate(md_ctx_verify, message, message.count)

        rc = EVP_DigestUpdate(md_ctx_verify, message, message.count)


        rc = EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)

        print("signature verified = \(rc == 1 ? "OK" : "FAIL")")


openssl-dev mailing list
To unsubscribe: