1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
|
=pod
=head1 NAME
ASN1_item_sign, ASN1_item_sign_ex, ASN1_item_sign_ctx,
ASN1_item_verify, ASN1_item_verify_ex, ASN1_item_verify_ctx -
ASN1 sign and verify
=head1 SYNOPSIS
#include <openssl/x509.h>
int ASN1_item_sign_ex(const ASN1_ITEM *it, X509_ALGOR *algor1,
X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
const void *data, const ASN1_OCTET_STRING *id,
EVP_PKEY *pkey, const EVP_MD *md, OSSL_LIB_CTX *libctx,
const char *propq);
int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
ASN1_BIT_STRING *signature, const void *data,
EVP_PKEY *pkey, const EVP_MD *md);
int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
const void *data, EVP_MD_CTX *ctx);
int ASN1_item_verify_ex(const ASN1_ITEM *it, const X509_ALGOR *alg,
const ASN1_BIT_STRING *signature, const void *data,
const ASN1_OCTET_STRING *id, EVP_PKEY *pkey,
OSSL_LIB_CTX *libctx, const char *propq);
int ASN1_item_verify(const ASN1_ITEM *it, const X509_ALGOR *alg,
const ASN1_BIT_STRING *signature, const void *data,
EVP_PKEY *pkey);
int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
const ASN1_BIT_STRING *signature, const void *data,
EVP_MD_CTX *ctx);
=head1 DESCRIPTION
ASN1_item_sign_ex() is used to sign arbitrary ASN1 data using a data object
I<data>, the ASN.1 structure I<it>, private key I<pkey> and message digest I<md>.
The data that is signed is formed by taking the data object in I<data> and
converting it to der format using the ASN.1 structure I<it>.
The I<data> that will be signed, and a structure containing the signature may
both have a copy of the B<X509_ALGOR>. The ASN1_item_sign_ex() function will
write the correct B<X509_ALGOR> to the structs based on the algorithms and
parameters that have been set up. If one of I<algor1> or I<algor2> points to the
B<X509_ALGOR> of the I<data> to be signed, then that B<X509_ALGOR> will first be
written before the signature is generated.
Examples of valid values that can be used by the ASN.1 structure I<it> are
ASN1_ITEM_rptr(X509_CINF), ASN1_ITEM_rptr(X509_REQ_INFO) and
ASN1_ITEM_rptr(X509_CRL_INFO).
The B<OSSL_LIB_CTX> specified in I<libctx> and the property query string
specified in I<props> are used when searching for algorithms in providers.
The generated signature is set into I<signature>.
The optional parameter I<id> can be NULL, but can be set for special key types.
See EVP_PKEY_CTX_set1_id() for further info. The output parameters <algor1> and
I<algor2> are ignored if they are NULL.
ASN1_item_sign() is similar to ASN1_item_sign_ex() but uses default values of
NULL for the I<id>, I<libctx> and I<propq>.
ASN1_item_sign_ctx() is similiar to ASN1_item_sign() but uses the parameters
contained in digest context I<ctx>.
ASN1_item_verify_ex() is used to verify the signature I<signature> of internal
data I<data> using the public key I<pkey> and algorithm identifier I<alg>.
The data that is verified is formed by taking the data object in I<data> and
converting it to der format using the ASN.1 structure I<it>.
The B<OSSL_LIB_CTX> specified in I<libctx> and the property query string
specified in I<props> are used when searching for algorithms in providers.
The optional parameter I<id> can be NULL, but can be set for special key types.
See EVP_PKEY_CTX_set1_id() for further info.
ASN1_item_verify() is similar to ASN1_item_verify_ex() but uses default values of
NULL for the I<id>, I<libctx> and I<propq>.
ASN1_item_verify_ctx() is similiar to ASN1_item_verify() but uses the parameters
contained in digest context I<ctx>.
=head1 RETURN VALUES
All sign functions return the size of the signature in bytes for success and
zero for failure.
All verify functions return 1 if the signature is valid and 0 if the signature
check fails. If the signature could not be checked at all because it was
ill-formed or some other error occurred then -1 is returned.
=head1 EXAMPLES
In the following example a 'MyObject' object is signed using the key contained
in an EVP_MD_CTX. The signature is written to MyObject.signature. The object is
then output in DER format and then loaded back in and verified.
#include <openssl/x509.h>
#include <openssl/asn1t.h>
/* An object used to store the ASN1 data fields that will be signed */
typedef struct MySignInfoObject_st
{
ASN1_INTEGER *version;
X509_ALGOR sig_alg;
} MySignInfoObject;
DECLARE_ASN1_FUNCTIONS(MySignInfoObject)
/*
* A higher level object containing the ASN1 fields, signature alg and
* output signature.
*/
typedef struct MyObject_st
{
MySignInfoObject info;
X509_ALGOR sig_alg;
ASN1_BIT_STRING *signature;
} MyObject;
DECLARE_ASN1_FUNCTIONS(MyObject)
/* The ASN1 definition of MySignInfoObject */
ASN1_SEQUENCE_cb(MySignInfoObject, NULL) = {
ASN1_SIMPLE(MySignInfoObject, version, ASN1_INTEGER)
ASN1_EMBED(MySignInfoObject, sig_alg, X509_ALGOR),
} ASN1_SEQUENCE_END_cb(MySignInfoObject, MySignInfoObject)
/* new, free, d2i & i2d functions for MySignInfoObject */
IMPLEMENT_ASN1_FUNCTIONS(MySignInfoObject)
/* The ASN1 definition of MyObject */
ASN1_SEQUENCE_cb(MyObject, NULL) = {
ASN1_EMBED(MyObject, info, MySignInfoObject),
ASN1_EMBED(MyObject, sig_alg, X509_ALGOR),
ASN1_SIMPLE(MyObject, signature, ASN1_BIT_STRING)
} ASN1_SEQUENCE_END_cb(MyObject, MyObject)
/* new, free, d2i & i2d functions for MyObject */
IMPLEMENT_ASN1_FUNCTIONS(MyObject)
int test_asn1_item_sign_verify(const char *mdname, EVP_PKEY *pkey, long version)
{
int ret = 0;
unsigned char *obj_der = NULL;
const unsigned char *p = NULL;
MyObject *obj = NULL, *loaded_obj = NULL;
const ASN1_ITEM *it = ASN1_ITEM_rptr(MySignInfoObject);
EVP_MD_CTX *sctx = NULL, *vctx = NULL;
int len;
/* Create MyObject and set its version */
obj = MyObject_new();
if (obj == NULL)
goto err;
if (!ASN1_INTEGER_set(obj->info.version, version))
goto err;
/* Set the key and digest used for signing */
sctx = EVP_MD_CTX_new();
if (sctx == NULL
|| !EVP_DigestSignInit_ex(sctx, NULL, mdname, NULL, NULL, pkey))
goto err;
/*
* it contains the mapping between ASN.1 data and an object MySignInfoObject
* obj->info is the 'MySignInfoObject' object that will be
* converted into DER data and then signed.
* obj->signature will contain the output signature.
* obj->sig_alg is filled with the private key's signing algorithm id.
* obj->info.sig_alg is another copy of the signing algorithm id that sits
* within MyObject.
*/
len = ASN1_item_sign_ctx(it, &obj->sig_alg, &obj->info.sig_alg,
obj->signature, &obj->info, sctx);
if (len <= 0
|| X509_ALGOR_cmp(&obj->sig_alg, &obj->info.sig_alg) != 0)
goto err;
/* Output MyObject in der form */
len = i2d_MyObject(obj, &obj_der);
if (len <= 0)
goto err;
/* Set the key and digest used for verifying */
vctx = EVP_MD_CTX_new();
if (vctx == NULL
|| !EVP_DigestVerifyInit_ex(vctx, NULL, mdname, NULL, NULL, pkey))
goto err;
/* Load the der data back into an object */
p = obj_der;
loaded_obj = d2i_MyObject(NULL, &p, len);
if (loaded_obj == NULL)
goto err;
/* Verify the loaded object */
ret = ASN1_item_verify_ctx(it, &loaded_obj->sig_alg, loaded_obj->signature,
&loaded_obj->info, vctx);
err:
OPENSSL_free(obj_der);
MyObject_free(loaded_obj);
MyObject_free(obj);
EVP_MD_CTX_free(sctx);
EVP_MD_CTX_free(vctx);
return ret;
}
=head1 SEE ALSO
L<X509_sign(3)>,
L<X509_verify(3)>
=head1 HISTORY
ASN1_item_sign_ex() and ASN1_item_verify_ex() were added in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut
|
