Re: RSA OAEP with sha256

Thu, 16 Aug 2012 15:03:06 -0700 

On Thu, Aug 16, 2012, Martin Kaiser wrote:

> Dear all,
> 
> I'd like to encrypt some bytes using RSA OAEP with MGF1. Both OAEP and
> MGF1 should use sha256 instead of the default sha1.
> 
> Does openssl support this at all? I tried something along the lines of
> 
>    size_t outlen;
>    int ret;
>    EVP_PKEY_CTX *ctx;
>    unsigned char in[] = { .... some bytes ... };
> 
>    EVP_PKEY *key = NULL;
>    RSA *r = NULL;
> 
>    unsigned char n[] = { ... };   /* 128 bytes */
>    unsigned char e[] = { 0x01, 0x00, 0x01 };
> 
>    key = EVP_PKEY_new();
>    r = RSA_new();
>    assert(r);
>    EVP_PKEY_assign_RSA(key, r);
>    key->pkey.rsa->n = BN_bin2bn(n, sizeof(n), NULL);
>    key->pkey.rsa->e = BN_bin2bn(e, sizeof(e), NULL);
> 
>    ctx = EVP_PKEY_CTX_new(key, NULL);
>    assert(ctx);
> 
>    ret = EVP_PKEY_encrypt_init(ctx);
>    assert(ret>=0);
> 
>    ret = EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING);
>    assert(ret>=0);
> 
>    ret = EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_CRYPT,  
>             EVP_PKEY_CTRL_MD, 0, (void *)EVP_sha256);
>    assert(ret>=0);
> 
>    ret = EVP_PKEY_encrypt(ctx, out, &outlen, in, sizeof(in));
>    assert(ret>=0);
>    assert(outlen==128);
> 
> 
> This doesn't fail on any asserts. I tried
> 
> ret = EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256());
> 
> instead of EVP_PKEY_CTX_ctrl().
> This would not work because of a EVP_PKEY_OP_TYPE_... mismatch.
> 
> Unfortunately, the output does not seem to be correct, I can't produce
> valid messages that are recognized by a receiving side that's known to
> work with oeap sha256.
> 
> Does anyone see what I'm doing wrong here? Or does anyone have test
> vectors so that I can verify my code? I know there's test vectors from
> rsasecurity but they're only for oaep sha1.
> 

You aren't doing anything wrong, it's just that OpenSSL currently is hard
coded with sha1 for OAEP. This will be addressed at some point.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to