Hi all,
I have problem when I do RSA SHA256 sign with RSA private key.
I trying compare signed results with online resource RSA Signature generation and verification tool with RSASSA-PSS,SHA1WithRSA,SHA1withRSAandMGF1, sha384WithRSA, SHA224WithRSA/PSS, RSAPSS .
My tests I did on stm32f4-discovery board.
I need sign this string:
c491f829462acf230dded26e241dde45867c92bc3bb3192bad4577f377715c18
I got next result:
mbedTLS generated for me next signature:
PKCS1_5_SIGN from SHA256_STR
07d17955cb29bcc2173ad1819429e7ed5760bbfca59ea7602db43ca1e162f26ce80dafcae9f1c5a6496e908f8ac276c13e5511ca83d78b81383260ac991e9136867ad05cdcf3e7796c80a915eb482043b7d4968e14992e43976043686e18a16e45d0213d7d94c96b796d69e39e662de10d9e0624f10883a33fe1b7cceb345537141384fc2bcaf0c755536780d24aedf6a030c2bb9b63c4107ac9a9724b34003d8371c27681185a2a6aa61016d54204ab8b9f9ff9e382136551fddca7efa888b38faf60eb7e0bc7a6c609904d4e94f72c17e1e27304e82ffc3e2b6a0ada90cf13cbc0a4dc54189407c77be57975835da58be90fb2d3a462bb4f3a14d3a1cc4271
I tried also convert this to Base64:
MDdkMTc5NTVjYjI5YmNjMjE3M2FkMTgxOTQyOWU3ZWQ1NzYwYmJmY2E1OWVhNzYwMmRiNDNjYTFlMTYyZjI2Y2U4MGRhZmNhZTlmMWM1YTY0OTZlOTA4ZjhhYzI3NmMxM2U1NTExY2E4M2Q3OGI4MTM4MzI2MGFjOTkxZTkxMzY4NjdhZDA1Y2RjZjNlNzc5NmM4MGE5MTVlYjQ4MjA0M2I3ZDQ5NjhlMTQ5OTJlNDM5NzYwNDM2ODZlMThhMTZlNDVkMDIxM2Q3ZDk0Yzk2Yjc5NmQ2OWUzOWU2NjJkZTEwZDllMDYyNGYxMDg4M2EzM2ZlMWI3Y2NlYjM0NTUzNzE0MTM4NGZjMmJjYWYwYzc1NTUzNjc4MGQyNGFlZGY2YTAzMGMyYmI5YjYzYzQxMDdhYzlhOTcyNGIzNDAwM2Q4MzcxYzI3NjgxMTg1YTJhNmFhNjEwMTZkNTQyMDRhYjhiOWY5ZmY5ZTM4MjEzNjU1MWZkZGNhN2VmYTg4OGIzOGZhZjYwZWI3ZTBiYzdhNmM2MDk5MDRkNGU5NGY3MmMxN2UxZTI3MzA0ZTgyZmZjM2UyYjZhMGFkYTkwY2YxM2NiYzBhNGRjNTQxODk0MDdjNzdiZTU3OTc1ODM1ZGE1OGJlOTBmYjJkM2E0NjJiYjRmM2ExNGQzYTFjYzQyNzE=
But online generator got next result:
PrfnVeYtO/G5F0I0mCrKUjMLUhIICVXKBX9OVJNhRnZxRM2MHoW4hZn9oenhdDPSmsUdbG3q2/Re+FyWk/NvGrQ6bkQKZ1SdgphNW37An+fBOFYbD44KsFPuKtY47ASRggAqUtmYfrDab2dQrP7jCU5dl4WjITvSI+4BmnNyn2QnmMg/yF5yyzTD4e08SqYXZleIgcKuVnITBjmMrKJZM/R8eH2X85snXXJWDZsiGsoR8hMkxc5MDULwHAGu27OES2cqRAyheKdNPh/DM+/Irn5SDuodfV6RB8ZaNfpDPTiICPedRd28Ue25MRz5TdYH6f1jOQFGcJBpm6zIXUuqxQ==
//--------------------------------------------------------------------------------------------------------------------------------------
//--------------------------------------------------------------------------------------------------------------------------------------
//--------------------------------------------------------------------------------------------------------------------------------------
Generated keys:
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAgen25AONynFZnuGUjvzASwf8l5Nqv/8xeK6i59ueSxAk7C3A
LJXP7+vKE2AIUBpvR2yugp1Rky+wgn4UXfKST9UftxxjzWCIe8v4JHr8np5BKUpp
1HS8RCElnXxvLYp8f6C1ts8DvXFDKQZ7NFK07EnSN+omfeV5XmEu1wqymbKbZq2z
81OFQvdrjOn9f5CHBMrUS2WInk50oDbrOszIJ4KRRk+DimRmLGWTO0dFKtzehyUM
Qh4kgogFh5iu0zd/3EwlXqYx2AMaMTW1TvDcJoa2KSelS55C/Kw9qmxV4OdJarhM
+gpScs25tb2824SWWXWrEuBHiaiRrAo6acPZvwIDAQABAoIBAEJ04dQwMTdPFq5c
7PbcOq3nLwKG6cO/kpoOk80Rnn79ijW7DaSBGna74opYxMfdTfF2miq8uT8W1S9b
uaV5cfkep/OutSsZZ5gUdiKLO3EUuXaa11pUQP6FCk3umpzsS9Wp62rRqTMenmF9
LEdOy7hX5w6tW/VpDtYF1sUwdr6CTvr45fSY5vxurL5iQjAyHb82w3ZJIdBm2Cm4
3KIQ55NQ3JE21Jbj66KuGyP5r28DkjiRoT7uE2MJhvA4BnlL9mutzyCa25AVg3b0
qTckzJYj0fiXyRiCESs0ddrl+oK6+pkjPxyEoaCwyakT7Lkw+DPDDRQ2f3C/IzCl
dM3Z0CkCgYEA2KncAO/KbxQ98QSpWjV1WHhD4mw+gcGZFkJ3HtJ8JG/4TP4aOM4I
rRUyzXuZhgETCjlodhKrPB3r8zzN2YmbEO46MVRB9dQRKSiiP9Xx3zluA8VfdYS5
1tkSuYZrEVHTgz0vG1iZ+xuUizW3mKR6R0lB9lODm+qNLE/DRdFFdCUCgYEAmYAi
018tZUhBK7BrFxRoJ3HhgudTf6dGEXlccz+/eupmmXRXfORKiaxswTJvavZb+YVZ
+b+CSNIar4lY82jS9v4aquQsSog1kfnQghTRavho+Wb7vYIY9Bzl5FRrRsxqC1Bt
KO1huX4aacPMJ40UFnGXPHBY0Rrv5revE+iw3xMCgYAxtI43XMupPhCTyYj8nAUG
vdh9Cm4woHR5adggJxO53EIvj5/+Zi4RXyqff3qSBo8Sqmbvp4rHKOonjEyBWpNL
iAuro3PabMNfGOZYFMH/fxJhJReoQ0HLK1OjYlYPzCDlG9VBxcrVk9c5NKKhDyLK
VeEfHLu1ulKW1tmqm77+TQKBgEKcsIA5lWGWcXGcJVzmpiw35zz/VeTXmjiLCeuZ
hma4wb1mF3FDQHVuNePBF0i7kD4/+EPBL7CaPKpgWBGJM8OrkbcHPZE6esTWO/23
OwnIswVIA4bBpkKJJ9pmKAeZPYubY0OXgAkXCC9NoJKpTkZPFOpNdr2HiwP8QiXJ
nLexAoGBAIZPDgI73XIAawGx1Zwz/+AFhM7D6tHvXdokTjSwoRH/w/dyJtBQHP3H
lr8ChE8F3n50ntrAaHoGPYhMCBNfgPDbqUNMCGsDaMBOFtMMy1c3ex/zLC7hVnZb
zaPk8Do05waaYCr+9aa1Xy2uSwIEQChsEA0AGOb3k8FR3uUJ74Xw
-----END RSA PRIVATE KEY----------BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgen25AONynFZnuGUjvzA
Swf8l5Nqv/8xeK6i59ueSxAk7C3ALJXP7+vKE2AIUBpvR2yugp1Rky+wgn4UXfKS
T9UftxxjzWCIe8v4JHr8np5BKUpp1HS8RCElnXxvLYp8f6C1ts8DvXFDKQZ7NFK0
7EnSN+omfeV5XmEu1wqymbKbZq2z81OFQvdrjOn9f5CHBMrUS2WInk50oDbrOszI
J4KRRk+DimRmLGWTO0dFKtzehyUMQh4kgogFh5iu0zd/3EwlXqYx2AMaMTW1TvDc
Joa2KSelS55C/Kw9qmxV4OdJarhM+gpScs25tb2824SWWXWrEuBHiaiRrAo6acPZ
vwIDAQAB
-----END PUBLIC KEY-----BASE64 Public Key
LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFnZW4yNUFPTnluRlpudUdVanZ6QQpTd2Y4bDVOcXYvOHhlSzZpNTl1ZVN4QWs3QzNBTEpYUDcrdktFMkFJVUJwdlIyeXVncDFSa3krd2duNFVYZktTClQ5VWZ0eHhqeldDSWU4djRKSHI4bnA1QktVcHAxSFM4UkNFbG5YeHZMWXA4ZjZDMXRzOER2WEZES1FaN05GSzAKN0VuU04rb21mZVY1WG1FdTF3cXltYktiWnEyejgxT0ZRdmRyak9uOWY1Q0hCTXJVUzJXSW5rNTBvRGJyT3N6SQpKNEtSUmsrRGltUm1MR1dUTzBkRkt0emVoeVVNUWg0a2dvZ0ZoNWl1MHpkLzNFd2xYcVl4MkFNYU1UVzFUdkRjCkpvYTJLU2VsUzU1Qy9LdzlxbXhWNE9kSmFyaE0rZ3BTY3MyNXRiMjgyNFNXV1hXckV1QkhpYWlSckFvNmFjUFoKdndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tSHA256 from Public key in Base64
c491f829462acf230dded26e241dde45867c92bc3bb3192bad4577f377715c18PKCS1_5_SIGN from SHA256_STR
07d17955cb29bcc2173ad1819429e7ed5760bbfca59ea7602db43ca1e162f26ce80dafcae9f1c5a6496e908f8ac276c13e5511ca83d78b81383260ac991e9136867ad05cdcf3e7796c80a915eb482043b7d4968e14992e43976043686e18a16e45d0213d7d94c96b796d69e39e662de10d9e0624f10883a33fe1b7cceb345537141384fc2bcaf0c755536780d24aedf6a030c2bb9b63c4107ac9a9724b34003d8371c27681185a2a6aa61016d54204ab8b9f9ff9e382136551fddca7efa888b38faf60eb7e0bc7a6c609904d4e94f72c17e1e27304e82ffc3e2b6a0ada90cf13cbc0a4dc54189407c77be57975835da58be90fb2d3a462bb4f3a14d3a1cc4271PKCS1_5_SIGN from SHA256_STR encoded to base64
MDdkMTc5NTVjYjI5YmNjMjE3M2FkMTgxOTQyOWU3ZWQ1NzYwYmJmY2E1OWVhNzYwMmRiNDNjYTFlMTYyZjI2Y2U4MGRhZmNhZTlmMWM1YTY0OTZlOTA4ZjhhYzI3NmMxM2U1NTExY2E4M2Q3OGI4MTM4MzI2MGFjOTkxZTkxMzY4NjdhZDA1Y2RjZjNlNzc5NmM4MGE5MTVlYjQ4MjA0M2I3ZDQ5NjhlMTQ5OTJlNDM5NzYwNDM2ODZlMThhMTZlNDVkMDIxM2Q3ZDk0Yzk2Yjc5NmQ2OWUzOWU2NjJkZTEwZDllMDYyNGYxMDg4M2EzM2ZlMWI3Y2NlYjM0NTUzNzE0MTM4NGZjMmJjYWYwYzc1NTUzNjc4MGQyNGFlZGY2YTAzMGMyYmI5YjYzYzQxMDdhYzlhOTcyNGIzNDAwM2Q4MzcxYzI3NjgxMTg1YTJhNmFhNjEwMTZkNTQyMDRhYjhiOWY5ZmY5ZTM4MjEzNjU1MWZkZGNhN2VmYTg4OGIzOGZhZjYwZWI3ZTBiYzdhNmM2MDk5MDRkNGU5NGY3MmMxN2UxZTI3MzA0ZTgyZmZjM2UyYjZhMGFkYTkwY2YxM2NiYzBhNGRjNTQxODk0MDdjNzdiZTU3OTc1ODM1ZGE1OGJlOTBmYjJkM2E0NjJiYjRmM2ExNGQzYTFjYzQyNzE=
My code for mbedTLS is below:
void SSL_Server(void const *argument)
{int len;
UNUSED(argument);
int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_rsa_context rsa;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
mbedtls_pk_context key;const char *pers = "rsa_genkey"; mbedtls_pk_init( &key ); mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); mbedtls_printf( "\n . Seeding the random number generator..." ); mbedtls_entropy_init( &entropy ); if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); goto exit; } mbedtls_printf( " ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE ); if( ( ret = mbedtls_pk_setup( &key, mbedtls_pk_info_from_type( (mbedtls_pk_type_t) MBEDTLS_PK_RSA ) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_setup returned -0x%04x", -ret ); goto exit; } if( ( ret = mbedtls_rsa_gen_key( mbedtls_pk_rsa( key ), mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE, 65537 )) != 0 ) { if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned -0x%04x", -ret ); goto exit; } } memset(private_key, 0, 16000); memset(public_key, 0, 16000); memset(sha256_buf, 0, 32); memset(pkcs15_sign, 0, KEY_SIZE/2); if( ( ret = mbedtls_pk_write_key_pem( &key, private_key, 16000 ) ) != 0 ) { len = strlen( (char *) private_key ); mbedtls_printf( " failed\n ! mbedtls_pk_write_key_pem returned -0x%04x", -ret ); } len = strlen( (char *) private_key ); if( ( ret = mbedtls_pk_write_pubkey_pem( &key, public_key, 16000 ) ) != 0 ) { len = strlen( (char *) public_key ); mbedtls_printf( " failed\n ! mbedtls_pk_write_pubkey_pem returned -0x%04x", -ret ); } len = strlen( (char *) public_key ); if( (ret = mbedtls_base64_encode(public_key_base64, (1024 * 4), &public_key_base64_len, public_key, strlen(public_key)) ) != 0) { mbedtls_printf( " failed\n ! base64_encode returned -0x%04x", -ret ); } mbedtls_sha256_context ctx2; mbedtls_sha256_init(&ctx2); mbedtls_sha256_starts(&ctx2, 0); /* SHA-256, not 224 */ /* Simulating multiple fragments */ mbedtls_sha256_update(&ctx2, public_key_base64, (public_key_base64_len-4)); mbedtls_sha256_finish(&ctx2, sha256_buf); hex_to_char( sha256_buf, 32, sha256_buf_str); if( ( ret = mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_pk_rsa( key ), NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256, 32, sha256_buf, pkcs15_sign ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", -ret ); goto exit; } hex_to_char( pkcs15_sign, 256, pkcs15_sign_str); mbedtls_printf( " ok\n\n" ); exit_code = MBEDTLS_EXIT_SUCCESS;
}
Could you explain to me why results are different?
Thanks in advance.