Dear all,
I'd like to encrypt some bytes using RSA OAEP with MGF1. Both OAEP and
MGF1 should use sha256 instead of the default sha1.
Does openssl support this at all? I tried something along the lines of
size_t outlen;
int ret;
EVP_PKEY_CTX *ctx;
unsigned char in[] = { .... some bytes ... };
EVP_PKEY *key = NULL;
RSA *r = NULL;
unsigned char n[] = { ... }; /* 128 bytes */
unsigned char e[] = { 0x01, 0x00, 0x01 };
key = EVP_PKEY_new();
r = RSA_new();
assert(r);
EVP_PKEY_assign_RSA(key, r);
key->pkey.rsa->n = BN_bin2bn(n, sizeof(n), NULL);
key->pkey.rsa->e = BN_bin2bn(e, sizeof(e), NULL);
ctx = EVP_PKEY_CTX_new(key, NULL);
assert(ctx);
ret = EVP_PKEY_encrypt_init(ctx);
assert(ret>=0);
ret = EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING);
assert(ret>=0);
ret = EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_CRYPT,
EVP_PKEY_CTRL_MD, 0, (void *)EVP_sha256);
assert(ret>=0);
ret = EVP_PKEY_encrypt(ctx, out, &outlen, in, sizeof(in));
assert(ret>=0);
assert(outlen==128);
This doesn't fail on any asserts. I tried
ret = EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256());
instead of EVP_PKEY_CTX_ctrl().
This would not work because of a EVP_PKEY_OP_TYPE_... mismatch.
Unfortunately, the output does not seem to be correct, I can't produce
valid messages that are recognized by a receiving side that's known to
work with oeap sha256.
Does anyone see what I'm doing wrong here? Or does anyone have test
vectors so that I can verify my code? I know there's test vectors from
rsasecurity but they're only for oaep sha1.
Thanks in advance for your help,
Martin
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
