New to embedded programming.
I am trying to replicate this authentication function using mbedtls which is called npnt_check_authenticity where authentication of an artifact takes place using a signature value. Using esp32 to perform this operation.
The function has been written in mind using two libraries
- wolfssl
- openssl
But both make use of openssl as can be seen here
#ifdef RFM_USE_WOLFSSL
#include <wolfssl/openssl/bio.h>
#include <wolfssl/openssl/err.h>
#include <wolfssl/openssl/ec.h>
#include <wolfssl/openssl/pem.h>
#else
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/ec.h>
#include <openssl/pem.h>
according to Mbed Tls
Mbed TLS is a direct replacement for OpenSSL when you look at the
standards. If you look at our Features you will see similar items as
on the OpenSSL feature list. The major difference is the way we make
the code
My understanding of both wolfssl & openssl, they performing same operation
wolfssl code
WOLFSSL
wc_PemToDer - Convert PemToDer
wc_InitRsaKey - Initialize RSA key
wc_RsaPublicKeyDecode - Rsa PublicKey Decode
wc_RsaSSL_VerifyInline - Verify the signature by decrypting the value
Check the decrypted result matches the encoded digest
openssl code
openssl
PEM_read_PUBKEY - Read public key
EVP_PKEY_CTX_new - Pointer to public key
EVP_PKEY_verify_init - Initialize public key verify
EVP_PKEY_CTX_set_rsa_padding - set rsa padding
EVP_PKEY_CTX_set_signature_md - set signature_md
EVP_PKEY_verify - Verify signature,signature length with public key, raw data and raw data length
I found a mbedtls/programs/pkey/rsa_verify.c code,I don’t exactly know how to used these parameters npnt_s *handle, uint8_t* raw_data, uint16_t raw_data_len, uint8_t* signature, uint16_t signature_len
I have altered the example of rsa_verfiy.c, please check and guide for proper implementation
#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_printf printf
#define mbedtls_snprintf snprintf
#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
!defined(MBEDTLS_FS_IO)
int main( void )
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_MD_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n");
mbedtls_exit( 0 );
}
#else
#include "mbedtls/rsa.h"
#include "mbedtls/md.h"
#include <stdio.h>
#include <string.h>
mbedtls_rsa_context rsa;
mbedtls_rsa_init( &rsa );
unsigned char hash[32];
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
// variables: uint8_t* raw_data, uint16_t raw_data_len,
// uint8_t* signature, uint16_t signature_len
/*
* Compute the SHA-256 hash of the input and
* verify the signature
*/
////[int mbedtls_md](https://tls.mbed.org/api/md_8h.html#a36c5d8bda1905e0434708f0ef5912dda?#a36c5d8bda1905e0434708f0ef5912dda)
//This function calculates the message-digest of a buffer, with respect
//to a configurable message-digest algorithm in a single call
//( const mbedtls_md_info_t * md_info,
// const unsigned char * input,
// size_t ilen,
// unsigned char * output
// )
//md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 )
//input = raw_data
//ilen = raw_data_len
//output = hash
if( ( ret = mbedtls_md(
mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
raw_data,raw_data_len, hash ) ) != 0 )
{
mbedtls_printf( " failed\n ! Could not read Signature\n\n",);
goto exit;
}
//[int mbedtls_rsa_pkcs1_verify](https://tls.mbed.org/api/rsa_8h.html#a0aed18dcd3095b0ec29ed45a698a1935)
//int mbedtls_rsa_pkcs1_verify ( mbedtls_rsa_context * ctx,
int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char * hash,
const unsigned char * sig
)
//mode = MBEDTLS_RSA_PUBLIC
//mbedtls_md_type_t = MBEDTLS_MD_SHA256
//hashlen = 32
//hash = hash
//sig = buf
//Generic wrapper to perform a PKCS#1 verification using the mode from the context.
if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA256,
(int) sizeof( hash ), hash, 256 ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", (unsigned int) -ret );
goto exit;
}
mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
exit_code = MBEDTLS_EXIT_SUCCESS;