Class: OpenSSL::PKey::RSA
- Includes:
- Marshal
- Defined in:
- ossl_pkey_rsa.c,
lib/openssl/pkey.rb,
ossl_pkey_rsa.c
Overview
RSA is an asymmetric public key algorithm that has been formalized in RFC 3447. It is in widespread use in public key infrastructures (PKI) where certificates (cf. OpenSSL::X509::Certificate) often are issued on the basis of a public/private RSA key pair. RSA is used in a wide field of applications such as secure (symmetric) key exchange, e.g. when establishing a secure TLS/SSL connection. It is also used in various digital signature schemes.
Class Method Summary collapse
-
.generate(*args) ⇒ Object
Generates an RSA keypair.
Instance Method Summary collapse
-
#export(*args) ⇒ Object
(also: #to_pem, #to_s)
Outputs this keypair in PEM encoding.
-
#initialize(*args) ⇒ Object
constructor
Generates or loads an RSA keypair.
- #initialize_copy(other) ⇒ Object
-
#params ⇒ Hash
THIS METHOD IS INSECURE, PRIVATE INFORMATION CAN LEAK OUT!!!.
-
#private? ⇒ Boolean
Does this keypair contain a private key?.
-
#private_decrypt(*args) ⇒ Object
Decrypt string, which has been encrypted with the public key, with the private key.
-
#private_encrypt(*args) ⇒ Object
Encrypt string with the private key.
-
#public? ⇒ true
The return value is always
true
since every private key is also a public key. -
#public_decrypt(*args) ⇒ Object
Decrypt string, which has been encrypted with the private key, with the public key.
-
#public_encrypt(*args) ⇒ Object
Encrypt string with the public key.
-
#public_key ⇒ Object
Makes new RSA instance containing the public key from the private key.
-
#set_crt_params(dmp1, dmq1, iqmp) ⇒ self
Sets dmp1, dmq1, iqmp for the RSA instance.
-
#set_factors(p, q) ⇒ self
Sets p, q for the RSA instance.
-
#set_key(n, e, d) ⇒ self
Sets n, e, d for the RSA instance.
-
#sign_pss(digest, data, salt_length: , mgf1_hash: ) ⇒ String
Signs data using the Probabilistic Signature Scheme (RSA-PSS) and returns the calculated signature.
-
#to_der ⇒ DER-format String
Outputs this keypair in DER encoding.
-
#to_text ⇒ String
THIS METHOD IS INSECURE, PRIVATE INFORMATION CAN LEAK OUT!!!.
-
#verify_pss(digest, signature, data, salt_length: , mgf1_hash: ) ⇒ Object
Verifies data using the Probabilistic Signature Scheme (RSA-PSS).
Methods included from Marshal
Methods inherited from PKey
#inspect, #oid, #private_to_der, #private_to_pem, #public_to_der, #public_to_pem, #sign, #verify
Constructor Details
#new(key_size) ⇒ Object #new(encoded_key) ⇒ Object #new(encoded_key, pass_phrase) ⇒ Object
Generates or loads an RSA keypair. If an integer key_size is given it represents the desired key size. Keys less than 1024 bits should be considered insecure.
A key can instead be loaded from an encoded_key which must be PEM or DER encoded. A pass_phrase can be used to decrypt the key. If none is given OpenSSL will prompt for the pass phrase.
Examples
OpenSSL::PKey::RSA.new 2048
OpenSSL::PKey::RSA.new File.read 'rsa.pem'
OpenSSL::PKey::RSA.new File.read('rsa.pem'), 'my pass phrase'
220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 |
# File 'ossl_pkey_rsa.c', line 220
static VALUE
ossl_rsa_initialize(int argc, VALUE *argv, VALUE self)
{
EVP_PKEY *pkey;
RSA *rsa;
BIO *in;
VALUE arg, pass;
GetPKey(self, pkey);
if(rb_scan_args(argc, argv, "02", &arg, &pass) == 0) {
rsa = RSA_new();
}
else if (RB_INTEGER_TYPE_P(arg)) {
rsa = rsa_generate(NUM2INT(arg), NIL_P(pass) ? RSA_F4 : NUM2ULONG(pass));
if (!rsa) ossl_raise(eRSAError, NULL);
}
else {
pass = ossl_pem_passwd_value(pass);
arg = ossl_to_der_if_possible(arg);
in = ossl_obj2bio(&arg);
rsa = PEM_read_bio_RSAPrivateKey(in, NULL, ossl_pem_passwd_cb, (void *)pass);
if (!rsa) {
OSSL_BIO_reset(in);
rsa = PEM_read_bio_RSA_PUBKEY(in, NULL, NULL, NULL);
}
if (!rsa) {
OSSL_BIO_reset(in);
rsa = d2i_RSAPrivateKey_bio(in, NULL);
}
if (!rsa) {
OSSL_BIO_reset(in);
rsa = d2i_RSA_PUBKEY_bio(in, NULL);
}
if (!rsa) {
OSSL_BIO_reset(in);
rsa = PEM_read_bio_RSAPublicKey(in, NULL, NULL, NULL);
}
if (!rsa) {
OSSL_BIO_reset(in);
rsa = d2i_RSAPublicKey_bio(in, NULL);
}
BIO_free(in);
if (!rsa) {
ossl_raise(eRSAError, "Neither PUB key nor PRIV key");
}
}
if (!EVP_PKEY_assign_RSA(pkey, rsa)) {
RSA_free(rsa);
ossl_raise(eRSAError, NULL);
}
return self;
}
|
Class Method Details
.generate(size) ⇒ Object .generate(size, exponent) ⇒ Object
Generates an RSA keypair. size is an integer representing the desired key size. Keys smaller than 1024 should be considered insecure. exponent is an odd number normally 3, 17, or 65537.
179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 |
# File 'ossl_pkey_rsa.c', line 179
static VALUE
ossl_rsa_s_generate(int argc, VALUE *argv, VALUE klass)
{
/* why does this method exist? why can't initialize take an optional exponent? */
RSA *rsa;
VALUE size, exp;
VALUE obj;
rb_scan_args(argc, argv, "11", &size, &exp);
rsa = rsa_generate(NUM2INT(size), NIL_P(exp) ? RSA_F4 : NUM2ULONG(exp)); /* err handled by rsa_instance */
obj = rsa_instance(klass, rsa);
if (obj == Qfalse) {
RSA_free(rsa);
ossl_raise(eRSAError, NULL);
}
return obj;
}
|
Instance Method Details
#export([cipher, pass_phrase]) ⇒ PEM-format String #to_pem([cipher, pass_phrase]) ⇒ PEM-format String #to_s([cipher, pass_phrase]) ⇒ PEM-format String Also known as: to_pem, to_s
Outputs this keypair in PEM encoding. If cipher and pass_phrase are given they will be used to encrypt the key. cipher must be an OpenSSL::Cipher instance.
340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 |
# File 'ossl_pkey_rsa.c', line 340
static VALUE
ossl_rsa_export(int argc, VALUE *argv, VALUE self)
{
RSA *rsa;
const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
BIO *out;
const EVP_CIPHER *ciph = NULL;
VALUE cipher, pass, str;
GetRSA(self, rsa);
rb_scan_args(argc, argv, "02", &cipher, &pass);
if (!NIL_P(cipher)) {
ciph = ossl_evp_get_cipherbyname(cipher);
pass = ossl_pem_passwd_value(pass);
}
if (!(out = BIO_new(BIO_s_mem()))) {
ossl_raise(eRSAError, NULL);
}
RSA_get0_key(rsa, &n, &e, &d);
RSA_get0_factors(rsa, &p, &q);
RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
if (n && e && d && p && q && dmp1 && dmq1 && iqmp) {
if (!PEM_write_bio_RSAPrivateKey(out, rsa, ciph, NULL, 0,
ossl_pem_passwd_cb, (void *)pass)) {
BIO_free(out);
ossl_raise(eRSAError, NULL);
}
} else {
if (!PEM_write_bio_RSA_PUBKEY(out, rsa)) {
BIO_free(out);
ossl_raise(eRSAError, NULL);
}
}
str = ossl_membio2str(out);
return str;
}
|
#initialize_copy(other) ⇒ Object
274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 |
# File 'ossl_pkey_rsa.c', line 274
static VALUE
ossl_rsa_initialize_copy(VALUE self, VALUE other)
{
EVP_PKEY *pkey;
RSA *rsa, *rsa_new;
GetPKey(self, pkey);
if (EVP_PKEY_base_id(pkey) != EVP_PKEY_NONE)
ossl_raise(eRSAError, "RSA already initialized");
GetRSA(other, rsa);
rsa_new = ASN1_dup((i2d_of_void *)i2d_RSAPrivateKey, (d2i_of_void *)d2i_RSAPrivateKey, (char *)rsa);
if (!rsa_new)
ossl_raise(eRSAError, "ASN1_dup");
EVP_PKEY_assign_RSA(pkey, rsa_new);
return self;
}
|
#params ⇒ Hash
THIS METHOD IS INSECURE, PRIVATE INFORMATION CAN LEAK OUT!!!
Stores all parameters of key to the hash. The hash has keys ‘n’, ‘e’, ‘d’, ‘p’, ‘q’, ‘dmp1’, ‘dmq1’, ‘iqmp’.
Don’t use :-)) (It’s up to you)
748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 |
# File 'ossl_pkey_rsa.c', line 748
static VALUE
ossl_rsa_get_params(VALUE self)
{
RSA *rsa;
VALUE hash;
const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
GetRSA(self, rsa);
RSA_get0_key(rsa, &n, &e, &d);
RSA_get0_factors(rsa, &p, &q);
RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
hash = rb_hash_new();
rb_hash_aset(hash, rb_str_new2("n"), ossl_bn_new(n));
rb_hash_aset(hash, rb_str_new2("e"), ossl_bn_new(e));
rb_hash_aset(hash, rb_str_new2("d"), ossl_bn_new(d));
rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(p));
rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(q));
rb_hash_aset(hash, rb_str_new2("dmp1"), ossl_bn_new(dmp1));
rb_hash_aset(hash, rb_str_new2("dmq1"), ossl_bn_new(dmq1));
rb_hash_aset(hash, rb_str_new2("iqmp"), ossl_bn_new(iqmp));
return hash;
}
|
#private? ⇒ Boolean
Does this keypair contain a private key?
320 321 322 323 324 325 326 327 328 |
# File 'ossl_pkey_rsa.c', line 320
static VALUE
ossl_rsa_is_private(VALUE self)
{
RSA *rsa;
GetRSA(self, rsa);
return RSA_PRIVATE(self, rsa) ? Qtrue : Qfalse;
}
|
#private_decrypt(string) ⇒ String #private_decrypt(string, padding) ⇒ String
Decrypt string, which has been encrypted with the public key, with the private key. padding defaults to PKCS1_PADDING.
521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 |
# File 'ossl_pkey_rsa.c', line 521
static VALUE
ossl_rsa_private_decrypt(int argc, VALUE *argv, VALUE self)
{
RSA *rsa;
const BIGNUM *rsa_n;
int buf_len, pad;
VALUE str, buffer, padding;
GetRSA(self, rsa);
RSA_get0_key(rsa, &rsa_n, NULL, NULL);
if (!rsa_n)
ossl_raise(eRSAError, "incomplete RSA");
if (!RSA_PRIVATE(self, rsa))
ossl_raise(eRSAError, "private key needed.");
rb_scan_args(argc, argv, "11", &buffer, &padding);
pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
StringValue(buffer);
str = rb_str_new(0, RSA_size(rsa));
buf_len = RSA_private_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
(unsigned char *)RSTRING_PTR(str), rsa, pad);
if (buf_len < 0) ossl_raise(eRSAError, NULL);
rb_str_set_len(str, buf_len);
return str;
}
|
#private_encrypt(string) ⇒ String #private_encrypt(string, padding) ⇒ String
Encrypt string with the private key. padding defaults to PKCS1_PADDING. The encrypted string output can be decrypted using #public_decrypt.
487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 |
# File 'ossl_pkey_rsa.c', line 487
static VALUE
ossl_rsa_private_encrypt(int argc, VALUE *argv, VALUE self)
{
RSA *rsa;
const BIGNUM *rsa_n;
int buf_len, pad;
VALUE str, buffer, padding;
GetRSA(self, rsa);
RSA_get0_key(rsa, &rsa_n, NULL, NULL);
if (!rsa_n)
ossl_raise(eRSAError, "incomplete RSA");
if (!RSA_PRIVATE(self, rsa))
ossl_raise(eRSAError, "private key needed.");
rb_scan_args(argc, argv, "11", &buffer, &padding);
pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
StringValue(buffer);
str = rb_str_new(0, RSA_size(rsa));
buf_len = RSA_private_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
(unsigned char *)RSTRING_PTR(str), rsa, pad);
if (buf_len < 0) ossl_raise(eRSAError, NULL);
rb_str_set_len(str, buf_len);
return str;
}
|
#public? ⇒ true
The return value is always true
since every private key is also a public key.
301 302 303 304 305 306 307 308 309 310 311 312 |
# File 'ossl_pkey_rsa.c', line 301
static VALUE
ossl_rsa_is_public(VALUE self)
{
RSA *rsa;
GetRSA(self, rsa);
/*
* This method should check for n and e. BUG.
*/
(void)rsa;
return Qtrue;
}
|
#public_decrypt(string) ⇒ String #public_decrypt(string, padding) ⇒ String
Decrypt string, which has been encrypted with the private key, with the public key. padding defaults to PKCS1_PADDING.
455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 |
# File 'ossl_pkey_rsa.c', line 455
static VALUE
ossl_rsa_public_decrypt(int argc, VALUE *argv, VALUE self)
{
RSA *rsa;
const BIGNUM *rsa_n;
int buf_len, pad;
VALUE str, buffer, padding;
GetRSA(self, rsa);
RSA_get0_key(rsa, &rsa_n, NULL, NULL);
if (!rsa_n)
ossl_raise(eRSAError, "incomplete RSA");
rb_scan_args(argc, argv, "11", &buffer, &padding);
pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
StringValue(buffer);
str = rb_str_new(0, RSA_size(rsa));
buf_len = RSA_public_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
(unsigned char *)RSTRING_PTR(str), rsa, pad);
if (buf_len < 0) ossl_raise(eRSAError, NULL);
rb_str_set_len(str, buf_len);
return str;
}
|
#public_encrypt(string) ⇒ String #public_encrypt(string, padding) ⇒ String
Encrypt string with the public key. padding defaults to PKCS1_PADDING. The encrypted string output can be decrypted using #private_decrypt.
423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 |
# File 'ossl_pkey_rsa.c', line 423
static VALUE
ossl_rsa_public_encrypt(int argc, VALUE *argv, VALUE self)
{
RSA *rsa;
const BIGNUM *rsa_n;
int buf_len, pad;
VALUE str, buffer, padding;
GetRSA(self, rsa);
RSA_get0_key(rsa, &rsa_n, NULL, NULL);
if (!rsa_n)
ossl_raise(eRSAError, "incomplete RSA");
rb_scan_args(argc, argv, "11", &buffer, &padding);
pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
StringValue(buffer);
str = rb_str_new(0, RSA_size(rsa));
buf_len = RSA_public_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
(unsigned char *)RSTRING_PTR(str), rsa, pad);
if (buf_len < 0) ossl_raise(eRSAError, NULL);
rb_str_set_len(str, buf_len);
return str;
}
|
#public_key ⇒ Object
Makes new RSA instance containing the public key from the private key.
809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 |
# File 'ossl_pkey_rsa.c', line 809
static VALUE
ossl_rsa_to_public_key(VALUE self)
{
EVP_PKEY *pkey;
RSA *rsa;
VALUE obj;
GetPKeyRSA(self, pkey);
/* err check performed by rsa_instance */
rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(pkey));
obj = rsa_instance(rb_obj_class(self), rsa);
if (obj == Qfalse) {
RSA_free(rsa);
ossl_raise(eRSAError, NULL);
}
return obj;
}
|
#set_crt_params(dmp1, dmq1, iqmp) ⇒ self
Sets dmp1, dmq1, iqmp for the RSA instance. They are calculated by d mod (p - 1)
, d mod (q - 1)
and q^(-1) mod p
respectively.
#set_factors(p, q) ⇒ self
Sets p, q for the RSA instance.
#set_key(n, e, d) ⇒ self
Sets n, e, d for the RSA instance.
#sign_pss(digest, data, salt_length: , mgf1_hash: ) ⇒ String
Signs data using the Probabilistic Signature Scheme (RSA-PSS) and returns the calculated signature.
RSAError will be raised if an error occurs.
See #verify_pss for the verification operation.
Parameters
- digest
-
A String containing the message digest algorithm name.
- data
-
A String. The data to be signed.
- salt_length
-
The length in octets of the salt. Two special values are reserved:
:digest
means the digest length, and:max
means the maximum possible length for the combination of the private key and the selected message digest algorithm. - mgf1_hash
-
The hash algorithm used in MGF1 (the currently supported mask generation function (MGF)).
Example
data = "Sign me!"
pkey = OpenSSL::PKey::RSA.new(2048)
signature = pkey.sign_pss("SHA256", data, salt_length: :max, mgf1_hash: "SHA256")
pub_key = pkey.public_key
puts pub_key.verify_pss("SHA256", signature, data,
salt_length: :auto, mgf1_hash: "SHA256") # => true
580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 |
# File 'ossl_pkey_rsa.c', line 580
static VALUE
ossl_rsa_sign_pss(int argc, VALUE *argv, VALUE self)
{
VALUE digest, data, options, kwargs[2], signature;
static ID kwargs_ids[2];
EVP_PKEY *pkey;
EVP_PKEY_CTX *pkey_ctx;
const EVP_MD *md, *mgf1md;
EVP_MD_CTX *md_ctx;
size_t buf_len;
int salt_len;
if (!kwargs_ids[0]) {
kwargs_ids[0] = rb_intern_const("salt_length");
kwargs_ids[1] = rb_intern_const("mgf1_hash");
}
rb_scan_args(argc, argv, "2:", &digest, &data, &options);
rb_get_kwargs(options, kwargs_ids, 2, 0, kwargs);
if (kwargs[0] == ID2SYM(rb_intern("max")))
salt_len = -2; /* RSA_PSS_SALTLEN_MAX_SIGN */
else if (kwargs[0] == ID2SYM(rb_intern("digest")))
salt_len = -1; /* RSA_PSS_SALTLEN_DIGEST */
else
salt_len = NUM2INT(kwargs[0]);
mgf1md = ossl_evp_get_digestbyname(kwargs[1]);
pkey = GetPrivPKeyPtr(self);
buf_len = EVP_PKEY_size(pkey);
md = ossl_evp_get_digestbyname(digest);
StringValue(data);
signature = rb_str_new(NULL, (long)buf_len);
md_ctx = EVP_MD_CTX_new();
if (!md_ctx)
goto err;
if (EVP_DigestSignInit(md_ctx, &pkey_ctx, md, NULL, pkey) != 1)
goto err;
if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) != 1)
goto err;
if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len) != 1)
goto err;
if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, mgf1md) != 1)
goto err;
if (EVP_DigestSignUpdate(md_ctx, RSTRING_PTR(data), RSTRING_LEN(data)) != 1)
goto err;
if (EVP_DigestSignFinal(md_ctx, (unsigned char *)RSTRING_PTR(signature), &buf_len) != 1)
goto err;
rb_str_set_len(signature, (long)buf_len);
EVP_MD_CTX_free(md_ctx);
return signature;
err:
EVP_MD_CTX_free(md_ctx);
ossl_raise(eRSAError, NULL);
}
|
#to_der ⇒ DER-format String
Outputs this keypair in DER encoding.
386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 |
# File 'ossl_pkey_rsa.c', line 386
static VALUE
ossl_rsa_to_der(VALUE self)
{
RSA *rsa;
const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
int (*i2d_func)(const RSA *, unsigned char **);
unsigned char *ptr;
long len;
VALUE str;
GetRSA(self, rsa);
RSA_get0_key(rsa, &n, &e, &d);
RSA_get0_factors(rsa, &p, &q);
RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
if (n && e && d && p && q && dmp1 && dmq1 && iqmp)
i2d_func = i2d_RSAPrivateKey;
else
i2d_func = (int (*)(const RSA *, unsigned char **))i2d_RSA_PUBKEY;
if((len = i2d_func(rsa, NULL)) <= 0)
ossl_raise(eRSAError, NULL);
str = rb_str_new(0, len);
ptr = (unsigned char *)RSTRING_PTR(str);
if(i2d_func(rsa, &ptr) < 0)
ossl_raise(eRSAError, NULL);
ossl_str_adjust(str, ptr);
return str;
}
|
#to_text ⇒ String
THIS METHOD IS INSECURE, PRIVATE INFORMATION CAN LEAK OUT!!!
Dumps all parameters of a keypair to a String
Don’t use :-)) (It’s up to you)
783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 |
# File 'ossl_pkey_rsa.c', line 783
static VALUE
ossl_rsa_to_text(VALUE self)
{
RSA *rsa;
BIO *out;
VALUE str;
GetRSA(self, rsa);
if (!(out = BIO_new(BIO_s_mem()))) {
ossl_raise(eRSAError, NULL);
}
if (!RSA_print(out, rsa, 0)) { /* offset = 0 */
BIO_free(out);
ossl_raise(eRSAError, NULL);
}
str = ossl_membio2str(out);
return str;
}
|
#verify_pss(digest, signature, data, salt_length: , mgf1_hash: ) ⇒ Object
Verifies data using the Probabilistic Signature Scheme (RSA-PSS).
The return value is true
if the signature is valid, false
otherwise. RSAError will be raised if an error occurs.
See #sign_pss for the signing operation and an example code.
Parameters
- digest
-
A String containing the message digest algorithm name.
- data
-
A String. The data to be signed.
- salt_length
-
The length in octets of the salt. Two special values are reserved:
:digest
means the digest length, and:auto
means automatically determining the length based on the signature. - mgf1_hash
-
The hash algorithm used in MGF1.
667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 |
# File 'ossl_pkey_rsa.c', line 667
static VALUE
ossl_rsa_verify_pss(int argc, VALUE *argv, VALUE self)
{
VALUE digest, signature, data, options, kwargs[2];
static ID kwargs_ids[2];
EVP_PKEY *pkey;
EVP_PKEY_CTX *pkey_ctx;
const EVP_MD *md, *mgf1md;
EVP_MD_CTX *md_ctx;
int result, salt_len;
if (!kwargs_ids[0]) {
kwargs_ids[0] = rb_intern_const("salt_length");
kwargs_ids[1] = rb_intern_const("mgf1_hash");
}
rb_scan_args(argc, argv, "3:", &digest, &signature, &data, &options);
rb_get_kwargs(options, kwargs_ids, 2, 0, kwargs);
if (kwargs[0] == ID2SYM(rb_intern("auto")))
salt_len = -2; /* RSA_PSS_SALTLEN_AUTO */
else if (kwargs[0] == ID2SYM(rb_intern("digest")))
salt_len = -1; /* RSA_PSS_SALTLEN_DIGEST */
else
salt_len = NUM2INT(kwargs[0]);
mgf1md = ossl_evp_get_digestbyname(kwargs[1]);
GetPKey(self, pkey);
md = ossl_evp_get_digestbyname(digest);
StringValue(signature);
StringValue(data);
md_ctx = EVP_MD_CTX_new();
if (!md_ctx)
goto err;
if (EVP_DigestVerifyInit(md_ctx, &pkey_ctx, md, NULL, pkey) != 1)
goto err;
if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) != 1)
goto err;
if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len) != 1)
goto err;
if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, mgf1md) != 1)
goto err;
if (EVP_DigestVerifyUpdate(md_ctx, RSTRING_PTR(data), RSTRING_LEN(data)) != 1)
goto err;
result = EVP_DigestVerifyFinal(md_ctx,
(unsigned char *)RSTRING_PTR(signature),
RSTRING_LEN(signature));
switch (result) {
case 0:
ossl_clear_error();
EVP_MD_CTX_free(md_ctx);
return Qfalse;
case 1:
EVP_MD_CTX_free(md_ctx);
return Qtrue;
default:
goto err;
}
err:
EVP_MD_CTX_free(md_ctx);
ossl_raise(eRSAError, NULL);
}
|