Wire Sysio Wire Sysion 1.0.0
Loading...
Searching...
No Matches
generate_rsa.c
Go to the documentation of this file.
1/*
2 * Copyright 2015-2018 Yubico AB
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifdef NDEBUG
18#undef NDEBUG
19#endif
20#include <assert.h>
21#include <stdbool.h>
22#include <stdio.h>
23#include <stdint.h>
24#include <stdlib.h>
25
26#include <openssl/evp.h>
27#include <openssl/rsa.h>
28
29#include "util.h"
30#include "openssl-compat.h"
31
32#include <yubihsm.h>
33
34#ifndef DEFAULT_CONNECTOR_URL
35#define DEFAULT_CONNECTOR_URL "http://127.0.0.1:12345"
36#endif
37
38const char *key_label = "label";
39const uint8_t password[] = "password";
40const uint8_t data[] = "sudo make me a sandwich";
41
42int main(void) {
43 yh_connector *connector = NULL;
44 yh_session *session = NULL;
45 yh_rc yrc = YHR_GENERIC_ERROR;
46
47 uint16_t authkey = 1;
48
49 const char *connector_url;
50
51 connector_url = getenv("DEFAULT_CONNECTOR_URL");
52 if (connector_url == NULL) {
53 connector_url = DEFAULT_CONNECTOR_URL;
54 }
55
56 yrc = yh_init();
57 assert(yrc == YHR_SUCCESS);
58
59 yrc = yh_init_connector(connector_url, &connector);
60 assert(yrc == YHR_SUCCESS);
61
62 yrc = yh_connect(connector, 0);
63 assert(yrc == YHR_SUCCESS);
64
65 yrc = yh_create_session_derived(connector, authkey, password,
66 sizeof(password), false, &session);
67 assert(yrc == YHR_SUCCESS);
68
69 yrc = yh_authenticate_session(session);
70 assert(yrc == YHR_SUCCESS);
71
72 uint8_t session_id;
73 yrc = yh_get_session_id(session, &session_id);
74 assert(yrc == YHR_SUCCESS);
75
76 printf("Successfully established session %02d\n", session_id);
77
78 yh_capabilities capabilities = {{0}};
79 yrc = yh_string_to_capabilities("sign-pkcs", &capabilities);
80 assert(yrc == YHR_SUCCESS);
81
82 uint16_t domain_five = 0;
83 yrc = yh_string_to_domains("5", &domain_five);
84 assert(yrc == YHR_SUCCESS);
85
86 uint16_t key_id = 0; // ID 0 lets the device generate an ID
87 yrc = yh_util_generate_rsa_key(session, &key_id, key_label, domain_five,
88 &capabilities, YH_ALGO_RSA_2048);
89 assert(yrc == YHR_SUCCESS);
90
91 printf("Generated key with ID %04x\n", key_id);
92
93 printf("Data to sign (%zu bytes) is: %s\n", sizeof(data) - 1, data);
94
95 EVP_MD_CTX *mdctx = NULL;
96 uint8_t hashed_data[32];
97 unsigned int hashed_data_len;
98
99 mdctx = EVP_MD_CTX_create();
100 assert(mdctx != NULL);
101 EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
102 EVP_DigestUpdate(mdctx, data, sizeof(data) - 1);
103 EVP_DigestFinal_ex(mdctx, hashed_data, &hashed_data_len);
104 EVP_MD_CTX_destroy(mdctx);
105
106 printf("Hash of data (%d bytes) is:", EVP_MD_size(EVP_sha256()));
107 for (unsigned int i = 0; i < hashed_data_len; i++) {
108 printf(" %02x", hashed_data[i]);
109 }
110 printf("\n");
111
112 uint8_t signature[512];
113 size_t signature_len = sizeof(signature);
114 yrc = yh_util_sign_pkcs1v1_5(session, key_id, true, hashed_data,
115 hashed_data_len, signature, &signature_len);
116 assert(yrc == YHR_SUCCESS);
117
118 printf("Signature (%zu bytes) is:", signature_len);
119 for (unsigned int i = 0; i < signature_len; i++) {
120 printf(" %02x", signature[i]);
121 }
122 printf("\n");
123
124 uint8_t public_key[512];
125 size_t public_key_len = sizeof(public_key);
126 yrc =
127 yh_util_get_public_key(session, key_id, public_key, &public_key_len, NULL);
128 assert(yrc == YHR_SUCCESS);
129
130 printf("Public key (%zu bytes) is:", public_key_len);
131 for (unsigned int i = 0; i < public_key_len; i++) {
132 printf(" %02x", public_key[i]);
133 }
134 printf("\n");
135
136 BIGNUM *n = BN_bin2bn(public_key, public_key_len, NULL);
137 assert(n != NULL);
138
139 BIGNUM *e = BN_bin2bn((const unsigned char *) "\x01\x00\x01", 3, NULL);
140 assert(e != NULL);
141
142 RSA *rsa = RSA_new();
143 assert(RSA_set0_key(rsa, n, e, NULL) != 0);
144
145 if (RSA_verify(EVP_MD_type(EVP_sha256()), hashed_data, hashed_data_len,
146 signature, signature_len, rsa) == 1) {
147 printf("Signature successfully verified\n");
148 } else {
149 printf("Unable to verify signature\n");
150 }
151
152 RSA_free(rsa);
153 rsa = NULL;
154
155 yrc = yh_util_close_session(session);
156 assert(yrc == YHR_SUCCESS);
157
158 yrc = yh_destroy_session(&session);
159 assert(yrc == YHR_SUCCESS);
160
161 yh_disconnect(connector);
162 assert(yrc == YHR_SUCCESS);
163
164 yrc = yh_exit();
165 assert(yrc == YHR_SUCCESS);
166
167 return 0;
168}
session
CK_SESSION_HANDLE session
Definition ecdh_derive_test.c:45
DEFAULT_CONNECTOR_URL
#define DEFAULT_CONNECTOR_URL
Definition generate_rsa.c:35
main
int main(void)
Definition generate_rsa.c:42
key_label
const char * key_label
Definition generate_rsa.c:38
BIGNUM
bignum_st BIGNUM
Definition bigint.hpp:7
RSA_set0_key
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
Definition openssl-compat.c:13
uint16_t
unsigned short uint16_t
Definition stdint.h:125
uint8_t
unsigned char uint8_t
Definition stdint.h:124
yh_capabilities
Capabilities representation.
Definition yubihsm.h:162
yh_connector
Definition internal.h:37
yh_session
Definition internal.h:25
yh_destroy_session
yh_rc yh_destroy_session(yh_session **session)
Definition yubihsm.c:890
yh_exit
yh_rc yh_exit(void)
Definition yubihsm.c:3910
yh_create_session_derived
yh_rc yh_create_session_derived(yh_connector *connector, uint16_t authkey_id, const uint8_t *password, size_t password_len, bool recreate, yh_session **session)
Definition yubihsm.c:593
yh_init
yh_rc yh_init(void)
Definition yubihsm.c:3857
yh_util_close_session
yh_rc yh_util_close_session(yh_session *session)
Definition yubihsm.c:1257
yh_authenticate_session
yh_rc yh_authenticate_session(yh_session *session)
Definition yubihsm.c:2927
yh_string_to_domains
yh_rc yh_string_to_domains(const char *domains, uint16_t *result)
Definition yubihsm.c:4535
yh_init_connector
yh_rc yh_init_connector(const char *url, yh_connector **connector)
Definition yubihsm.c:4024
yh_util_sign_pkcs1v1_5
yh_rc yh_util_sign_pkcs1v1_5(yh_session *session, uint16_t key_id, bool hashed, const uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len)
Definition yubihsm.c:1287
yh_connect
yh_rc yh_connect(yh_connector *connector, int timeout)
Definition yubihsm.c:4079
yh_util_get_public_key
yh_rc yh_util_get_public_key(yh_session *session, uint16_t id, uint8_t *data, size_t *data_len, yh_algorithm *algorithm)
Definition yubihsm.c:1216
yh_string_to_capabilities
yh_rc yh_string_to_capabilities(const char *capability, yh_capabilities *result)
Definition yubihsm.c:4115
yh_disconnect
yh_rc yh_disconnect(yh_connector *connector)
Definition yubihsm.c:4097
yh_util_generate_rsa_key
yh_rc yh_util_generate_rsa_key(yh_session *session, uint16_t *key_id, const char *label, uint16_t domains, const yh_capabilities *capabilities, yh_algorithm algorithm)
Definition yubihsm.c:1900
yh_get_session_id
yh_rc yh_get_session_id(yh_session *session, uint8_t *sid)
Definition yubihsm.c:2915
YH_ALGO_RSA_2048
@ YH_ALGO_RSA_2048
rsa2048
Definition yubihsm.h:408
yh_rc
yh_rc
Definition yubihsm.h:170
YHR_GENERIC_ERROR
@ YHR_GENERIC_ERROR
Return value when encountering an unknown error.
Definition yubihsm.h:228
YHR_SUCCESS
@ YHR_SUCCESS
Returned value when function was successful.
Definition yubihsm.h:172
capabilities
yh_capabilities capabilities
Definition yubihsm_pkcs11.c:1305
mdctx
EVP_MD_CTX * mdctx
Definition yubihsm_pkcs11.c:2628
yrc
yh_rc yrc
Definition yubihsm_pkcs11.c:606
key_id
uint16_t key_id
Definition yubihsm_pkcs11.c:1104