rsaデジタル署名実装
3731 ワード
Opensslライブラリを使用してパッケージングを行います.コードは次のとおりです.
static int base64_decode(char *str,int str_len,char *decode,int decode_buffer_len)
{
int len=0;
BIO *b64,*bmem;
b64=BIO_new(BIO_f_base64());
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); //
bmem=BIO_new_mem_buf(str,str_len);
bmem=BIO_push(b64,bmem);
len=BIO_read(bmem,decode,str_len);
decode[len]=0;
BIO_free_all(bmem);
return len;
}
static int base64_encode(char *str,int str_len,char *encode,int encode_len)
{
BIO *bmem,*b64;
BUF_MEM *bptr;
b64 = BIO_new(BIO_f_base64());
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); //
bmem = BIO_new(BIO_s_mem());
b64 = BIO_push(b64,bmem);
BIO_write(b64,str,str_len); //encode
BIO_flush(b64);
BIO_get_mem_ptr(b64,&bptr);
if(bptr->length>encode_len)
{
return -1;
}
encode_len=bptr->length;
memcpy(encode,bptr->data,bptr->length);
BIO_free_all(b64);
return encode_len;
}
/*
:rsa
:1st -- 2st -- 3st -- 4st --
: 0
:
:2016/1/29 9:57
*/
int rsa_sign(const char* src,const char* priKeyFile,char* dest,int dLen)
{
if((src == NULL) || (priKeyFile == NULL) || (dest == NULL))
return -1;
int err;
unsigned int sig_len;
unsigned char sig_buf[4096];
EVP_MD_CTX md_ctx;
EVP_PKEY *pkey;
FILE *fp;
/* SSL_load_error_strings(); */
ERR_load_crypto_strings();
/* Read private key */
fp = fopen(priKeyFile, "r");
if (fp == NULL)
return -2;
pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
fclose(fp);
if (pkey == NULL)
{
ERR_print_errors_fp(stderr);
return -3;
}
/* Do the signature */
EVP_SignInit(&md_ctx, EVP_sha1());
EVP_SignUpdate(&md_ctx, src, strlen(src));
sig_len = sizeof(sig_buf);
err = EVP_SignFinal(&md_ctx, sig_buf, &sig_len, pkey);
if (err != 1)
{
ERR_print_errors_fp(stderr);
return -4;
}
EVP_PKEY_free(pkey);
// int i = 0;
// fprintf(stderr, "sig_len = %d
",sig_len);
// for(i = 0;i < sig_len;i++)
// fprintf(stderr, "%02x ",sig_buf[i]);
// fprintf(stderr, "
");
if(base64_encode((char*)sig_buf,sig_len,dest,dLen) < 0)
return -5;
return 0;
}
/*
:rsa
:1st -- 2st -- 3st --
: true false
:
:2016/2/2 17:02
*/
bool rsa_verify(const char* data,const char* sign,const char* pubKeyFile)
{
if((data == NULL) || (sign == NULL) || (pubKeyFile == NULL))
return false;
int err;
unsigned int sig_len;
unsigned char sig_buf[4096];
EVP_MD_CTX md_ctx;
EVP_PKEY *pkey;
FILE *fp;
sig_len = base64_decode((char*)sign,strlen(sign),(char*)sig_buf,sizeof(sig_buf));
/* SSL_load_error_strings(); */
ERR_load_crypto_strings();
/* Read public key */
fp = fopen(pubKeyFile, "r");
if (fp == NULL)
{
return false;
}
pkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL);
fclose(fp);
if (pkey == NULL)
{
ERR_print_errors_fp(stderr);
return false;
}
/* Verify the signature */
EVP_VerifyInit(&md_ctx, EVP_sha1());
EVP_VerifyUpdate(&md_ctx, data,strlen(data));
err = EVP_VerifyFinal(&md_ctx, sig_buf, sig_len, pkey);
EVP_PKEY_free(pkey);
fprintf(stderr,"err = %d
",err);
if (err != 1)
{
ERR_print_errors_fp(stderr);
return false;
}
printf("Signature Verified Ok.
");
return true;
}