Hello Stephen,
thank you for your answer.
Two signs (generated with RSA_sign and openssl tool) are different, so I
guess the problem is private key. Private key is generated with openssl
utility and I fill RSA object with PEM_read_RSAPrivateKey function. Is this
OK?
For example:
Digest to sign: 5E 91 72 1F AA 54 76 67 0A 2D 19 D1 BE D9 B0 26 1A 71 31 51
The signature with openssl rsautl is: 49 48 71 BE 27 B8 79 12 FA 64 2B 66 4A
79 02 E1 E0 98 40 C9 FA 89 CD 05 E2 BB B5 D6 4A BC 18 5F 4C DE A9 72 2C 0A
C3 D7 FB 59 65 1E 71 B6 46 C2 50 38 4D D8 36 F3 EF 18 08 96 A3 CD 77 55 09
30 05 66 96 73 D2 1F 49 CB 1F 2E A2 21 2A 2E 04 9B E9 E9 7F E5 B0 74 96 28
02 E0 61 AA B5 E4 8E 71 E7 DF 71 6D 4F D5 78 E8 5E 6F 86 41 1F 0E 5D 7B 81
E7 2D AB B8 FE 9B FA 2E D0 0C ED 8E AB 21 B6 13 CE 2B 7C F1 CC 78 34 B7 62
7A 81 AB 0A 3A DF E4 48 A7 8D 16 64 E5 38 C4 48 28 4E 05 99 CE 48 8A 39 B9
AC AC A2 A7 FA 78 52 4E EC CE 76 D7 7D CB 7D 66 14 44 DC 0F EB 6F 67 D9 35
48 00 85 53 99 3C 3A B4 A5 41 D7 0A 14 D7 7C 30 5E 0F 45 D4 B1 9B 71 4F B1
76 03 38 96 EF FA 37 3D 8C 8D A3 28 9D 91 C0 E6 5E 32 75 9F B4 87 1F DC BF
67 58 9A 94 1C 41 15 3C C3 8A 07 31 7D 6C C4 87 F7 AB 75 D2 35 DD 07 96 AE
82 37 5D ED FA 65 2E 86 30 AA 63 85 57 C7 F8 37 32 51 31 CE 14 E2 7B 91 39
2C 75 71 9B C3 90 8B 4E EE 76 48 4E 48 27 CD D1 B2 72 F3 E6 5E 52 42 34 54
5A 54 C6 9D 26 DE A0 30 DE CE D2 A4 CD EE AA EF BA 46 0E 08 C5 AC 83 7E 72
50 0E 40 BA 3E DE 9E 43 14 61 A9 8D 23 14 25 B1 18 6C 7B 69 E5 1C CA 62 60
04 1C 80 3A 7A 53 48 64 EF C7 AF F4 F8 A4 CF 3D 03 7B E7 1A 4C A7 84 51 D4
77 7D 91 8F F9 FF 54 9E 4D 37 7B C1 19 04 28 34 6C A4 30 0F 9F C7 D0 A5 23
1E 45 72 A4 BF 2D 87 36 79 CF 77 95 60 7A 65 47 B8 8F C2 56 5A 35 FF 82 90
5F A4 3C A8 E0 1E 09 8B 08 B6 44 93 47 E8 3D 23 E2 4A B1 93 D9 78 FB A1 05
1E 9F 3A 3C 56 32 E4 E8 ED 04 6C 96 26 81 02 1B 7E 14 10 69 0F F5 4C 27 CD
05 AB 9C 71 28 C9 D2 31 FA 31 DB BB B8 65 27 BF 37 A7 A8 00 7B 4C 6D 24
And if I use this program:
#include <stdio.h>
#include <stdlib.h>
#include <openssl/evp.h>
#include <openssl/asn1.h>
#include <openssl/x509_vfy.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <string>
#include <iostream>
#include <stdint.h>
#include "string.h"
using namespace std;
void printHex(uint8_t *out, size_t len)
{
uint8_t n;
for(int i = 0; i < len; i++) {
memcpy( &n, &out[i], 1);
printf("%02x ", n);
}
}
int get_passhphrase(char *buf, int size, int rwflag, void *u)
{
char tmp[] = "mypass";
int len = strlen(tmp);
memcpy(buf, tmp, len);
return len;
}
int main(int argc, char *argv[])
{
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
// Read the node certificate
FILE *f = fopen("/home/netcelli/certificates/node1/ca-node1-cert.pem", "r");
if(f == NULL) {
cout << "Error loading certificate " << endl;
return 1;
}
// Convert PEM format ceritificate into X509 structure
X509 *certificate;
if (!(certificate = PEM_read_X509(f, NULL, NULL, NULL))) {
cout << "Error reading client certificate in file " <<
ERR_error_string(ERR_get_error(), NULL) << endl;
fclose(f);
return 1;
}
fclose(f);
// Get the PUBLIC KEY
EVP_PKEY *pubKey = X509_get_pubkey(certificate);
unsigned char *encodedPubKey = NULL;
// Convert it to DER format
int pubKeyLen = i2d_PUBKEY(pubKey, &encodedPubKey);
if (pubKeyLen < 0) {
cout << "Error converting public key to DER format" << endl;
return 1;
}
RSA *rsaPubKey = RSA_new();
if(d2i_RSA_PUBKEY(&rsaPubKey,(const unsigned char **) &encodedPubKey,
pubKeyLen) == NULL) {
cout << "Error filling RSA object : " << ERR_error_string(ERR_peek_error(),
NULL) << endl;
}
EVP_PKEY_free(pubKey);
f = fopen("/home/netcelli/msgToSign.bin", "r");
if(f == NULL) {
cout << "Error loading plain-text message" << endl;
return 1;
}
fseek(f, 0, SEEK_END);
int length= ftell (f);
rewind(f);
unsigned char *message = (unsigned char *) malloc(length);
fread (message,1,length,f);
fclose(f);
/** START MESSAGE SIGN **/
uint8_t * digest = (uint8_t *) malloc(SHA_DIGEST_LENGTH);
SHA1(message, 4, digest);
RSA *rsaPrivKey = RSA_new();
f = fopen("/home/netcelli/certificates/node1/private/ca-node1-key.pem",
"r");
if(f == NULL) {
cout << "Cannot open private key file " << endl;
exit(1);
}
ERR_clear_error();
PEM_read_RSAPrivateKey(f, &rsaPrivKey, get_passhphrase, NULL);
unsigned char *encodedPrivKey = NULL;
// Convert it to DER format
int privKeyLen = i2d_RSAPrivateKey(rsaPrivKey, &encodedPrivKey);
if (privKeyLen < 0) {
cout << "Error converting private key to DER format" << endl;
return 1;
}
int err = ERR_get_error();
if(err) {
cout << "Unable to decrypt private key file (maybe invalid passphrase?) : "
<< ERR_error_string(err, NULL) << endl;
}
unsigned int outLen = RSA_size(rsaPrivKey);
uint8_t *out = (uint8_t *) malloc(outLen);
if(!RSA_sign(NID_sha1, digest, SHA_DIGEST_LENGTH, out, &outLen, rsaPrivKey))
{
cout << "Error generating RSA sign: " << ERR_error_string(ERR_get_error(),
NULL) << endl;
exit(1);
}
free(digest);
RSA_free(rsaPrivKey);
cout << "Sign: "; printHex(out, outLen); cout << endl;
/** END MESSAGE SIGN **/
digest = (uint8_t *) malloc(SHA_DIGEST_LENGTH);
// Generate message digest
SHA1(message, 4, digest);
//Verify it
if(!RSA_verify(NID_sha1 ,digest, SHA_DIGEST_LENGTH, out, outLen, rsaPubKey))
{
cout << "Signature is NOT valid" << endl;
} else {
cout << "Signature is valid" << endl;
}
free(digest);
free(message);
return 0;
}
Signature is:42 db c8 00 99 6e 8c b0 f3 91 5c c4 6a a6 b9 96 1c 4f c6 c1 c3
cd ad e4 9f a2 6d f3 ad a1 10 4b 02 32 1d 7d c8 0e 5f 34 8f c6 38 e2 2d 19
18 ba 26 5f c0 6d 07 38 87 89 ca 4b 16 b1 a4 ef cc 90 d3 7d 45 9d 95 e8 a1
a5 54 19 8c ed 8c 6b 57 91 3f e9 b3 07 d6 91 69 d7 35 ff 82 98 a2 69 4f 4f
0b b3 f1 63 30 a0 b7 b9 f7 d0 34 a3 f6 27 0e 15 7d b1 e3 ce 3d 94 f0 da 2b
c1 9f f3 ca 08 2b 9e a1 8e c7 cd f8 d2 f1 76 32 c9 e2 d8 20 14 b0 f4 9d f5
2c 7c 8e b1 2a 49 f0 20 6d 7f 81 85 1d a0 2e 31 40 ed 66 43 6b 37 3a 78 8e
21 3e 16 66 3e 2d 40 9a 19 63 bf 39 3f a9 d7 87 98 f4 30 fc 93 93 f8 97 ca
60 71 96 b7 c8 64 e0 68 31 42 43 d4 14 8c 0f c9 7e 6c 24 b2 75 b1 91 ac fd
2b 04 88 bf c9 32 3f 4d ef 27 bd e6 17 24 f6 53 7e dd d2 4d 96 43 d8 19 8b
ee c0 4e 89 c9 9e 0c 08 e7 50 a6 cb 32 f7 e6 3e 2e 0e ee 12 8b ec c3 2a a9
37 85 29 2b 59 91 3c f6 89 31 d1 b1 b6 45 4c 80 85 fe 14 1c c8 59 57 0b 9e
bc 71 b7 7c 00 a7 1c 01 4c 3b f4 a1 f2 c4 7d da 56 48 83 ab 9d db fb 1b f4
04 05 25 79 28 e1 ae c7 7a ec 70 83 bf 93 f4 a4 61 d0 50 c6 7a 88 cc 74 94
71 a6 d8 d8 0e 3d 1c 95 92 3a df 55 00 04 d6 ea 95 70 cc d5 4f 83 a9 28 b9
d4 3e 27 3e 6c 59 f7 4d 33 ac 3e fe 2c 0d 29 d1 02 cf 25 c6 23 ec 6d 45 de
b3 41 d9 42 01 e4 45 90 54 71 34 ab 67 0d a7 49 8e 65 ae d1 a1 52 e3 7a 32
f6 4e 27 1e fb 6f 57 0d 12 83 23 04 0b 8f 08 88 c3 df 81 5a 81 da 35 e8 b7
84 31 fc f2 b1 85 75 2a d2 4b f6 99 3e 2b 33 37 22 87 a1 5b 43 a2 1e 2e 19
54 8b d5 d1 60 bf 69 7b 15 26 eb 63 a5 16 6e ba ca fe e9 b4 7e 02 38 82 36
9e 30 a4 4c 86 65 28 5b 88 bf a5 50 dd 98 75 76
Why two different signatures? I guess the code above is ok :(
Thank you
On Sun, Dec 20, 2009 at 5:12 PM, Dr. Stephen Henson <st...@openssl.org>wrote:
> On Sun, Dec 20, 2009, Davide Simoncelli wrote:
>
> > Hello,
> >
> > I'm trying to validate a sign of message digest, sent over a protected
> > channel. On one node digest has been generated by using
> RSA_sign(NID_sha1,
> > digest, SHA_DIGEST_LENGTH, out, &outLen, rsaPrivKey), where rsaPrivKey is
> > RSA private key extracted from PEM enceded file with
> PEM_read_RSAPrivateKey;
> > on the other node sign is verified with RSA_verify(NID_sha1 ,digest,
> > SHA_DIGEST_LENGTH, out, outLen, rsaPubKey), where rsaPubKey is RSA public
> > key extracted from certificate.
> >
> > RSA_verify always returns 0 and I get the following output:
> > Error checking RSA sign: error:0407006A:rsa
> > routines:RSA_padding_check_PKCS1_type_1:block type is not 01
> > Error checking RSA sign: error:04067072:rsa
> > routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
> >
> > Received signed digest message is OK and I guess it has PKCS padding
> (Does
> > RSA_sign care about it?). Any idea why does it fails?
> > I also noticed that if I generate sign by using openssl rsautl, sign is
> > different and has different size.
> >
> > I really appreciete your help ;)
> >
>
> Several possibilities, invalid public key used to verify (e.g. doesn't
> match
> private key used to sign) or signature corrupted (not passed as a
> binary string: strlen used for example).
>
> If the digest didn't match you'd get a different error.
>
> You get a different signature with rsautl because it isn't quite the same
> operation. If you use dgst -sign on the data itself (not the digest) you
> get
> the equivalent format.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
