Arm Mbed OS support forum

Verify signature using RSA public key

Hi,

I am very new to cryptography and am working on an application which signs a file and at an embedded device end, i have to verify that file, but am having hard time doing it using mbedTLS. Below is the code:

int main(int argc, char **argv)
{
	int ret = 0;
	char privateKey[] = "-----BEGIN RSA PRIVATE KEY-----\n"
                        "MIIEowIBAAKCAQEAjFFQtxIIZ2nn/lfoub9EFLHWORT21T9+jY1YIxzBlsh3EjLZ\n"
			"s7SGvbUd4LlIjW4s/BhI0rTxXpgVcROyHbk1dVmWkuBBZxTHT2rtX07kas38ZeJk\n"
			"2FaKL9Y4+moc6Q+dwwBU/WChDrihIC2F0FjZEvzlAo06XB+kCkoAS7v0h76w+Zhq\n"
			"Z1Ww6mgmAg8+l2vtMuuyvCbQLJuKtV75l8p3Nvf4AI08MdMm3LETF4uVErJLu3dG\n"
			"LvXzn56uNSE+4RLYnb75loUosyEdjKAdZzJ54603AO1OohvoXuiY6kavV/CQPWVx\n"
			"WKntnkPg6/G6R1w/8bSP/UIYjk9dvVpZOHa6fQIDAQABAoIBAFhnWt0cZWMSHHHo\n"
			"XN26HWCUco1gIetUp5zzMlZc5bLj9fDnTLWlxUZ8d6h/07AXfAwQGMF38qJQWyH0\n"
			"8ME9UOrwWKeM1mfldXUZvxfPEqYfxSdDrZmHXGSrKRbMCA7mIdUbvnAskww9UnZ9\n"
			"d9M+RvVpk7c510z3OlipKuqMLpHepJn1fI8pdh44gFDhcI6uYMNSIu+/cY5zQydQ\n"
			"HCIgoWBxwW+pC1qpUa9MwsTEFTD8ttrYkVsp8C9Y2adyuxtEQekdmbjvmve0pI4y\n"
			"Iz4rmAgp/FA5PigRD9jnLL+8drHf7k4COSdP6S83fEFFDIFpVLzamSz5xoGlKNha\n"
			"vvRPfcECgYEA6RmFczmpuBwnxnNFMCVkle5/dnkxKq1LbGwr163LyHkS70kganje\n"
			"/obsYGVENpYeQF8tzMh24/9uWSxGignIJKP2OFJARumWX230KGQ92jgvwEsN+UB3\n"
			"ga/gbwMvnAbmnTQWDKhpfps1MFKkfCb9XWv4fYIILZALaoxF34aab9kCgYEAmhpR\n"
			"GWYODHlkzSqC3vb23VbIIYPoric64SAGCWj0Z+45JQeQXTAtLvcabo+QzX+BW8DH\n"
			"7d0euo2YOfNv3R3T1z7X5xVpzDP2RlE4/KK87wHYIVjMzi/8EgDwyqoPzmtlyIqm\n"
			"+vsEhpPZYpXL/EdxwcKcYJrHUcf+BdUDBTOjHUUCgYBeUJI7dghi0xmQ5VEIUwjo\n"
			"1VBDinPHVcjfvMDcipiaq8pqgUcZbYCkscjwk+jOwVzKJPiuFCpuxApNEGoWLjEK\n"
			"CkF0tmsFhjvurtmMgkq4geVoQ7YKtPflxFjl8f8QfYZP8yQ8yOOuc3RI8hdVmJ0J\n"
			"cMdhWPygGtlTqiAXeioAuQKBgDKsIKrHYis756eHKQ2EC9zwYlKS+3n4sGXCj/mc\n"
			"J3HdZbEFcbUS2GivHGPqlWTdXn37QEK5CRey47F6mPgOjNAke/4ijm11ULACmUiJ\n"
			"grLc2mLsvju2j56j7InXrebkbc2pugqha/WMvFishSzpmUBra9xgSNZdeuwUBTA6\n"
			"sJI5AoGBAOci192K7xOzn3ltMTPLqE6TpDM40TwhTZ2X3+m2OjTZtKEcRYIVTiUa\n"
			"x8Vv6r92afGFLNkcZ0gEe3VU5jHfgi0dVsQPeJWUqiqN1quHWk+3y0PAlAgw2wIL\n"
			"WKx0uF/rHj16tRsOoJ2c99Q3wgtJC8gj9kJQH6vZoqxvF3YAF+mm\n"
			"-----END RSA PRIVATE KEY-----\n";


char pubKey [] = "-----BEGIN PUBLIC KEY-----\n"
			   "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjFFQtxIIZ2nn/lfoub9E\n"
			   "FLHWORT21T9+jY1YIxzBlsh3EjLZs7SGvbUd4LlIjW4s/BhI0rTxXpgVcROyHbk1\n"
			   "dVmWkuBBZxTHT2rtX07kas38ZeJk2FaKL9Y4+moc6Q+dwwBU/WChDrihIC2F0FjZ\n"
			   "EvzlAo06XB+kCkoAS7v0h76w+ZhqZ1Ww6mgmAg8+l2vtMuuyvCbQLJuKtV75l8p3\n"
			   "Nvf4AI08MdMm3LETF4uVErJLu3dGLvXzn56uNSE+4RLYnb75loUosyEdjKAdZzJ5\n"
			   "4603AO1OohvoXuiY6kavV/CQPWVxWKntnkPg6/G6R1w/8bSP/UIYjk9dvVpZOHa6\n"
			   "fQIDAQAB\n"
			   "-----END PUBLIC KEY-----\n";
 char testString[] = "Testing";
	   char eHash[]="MDUr0X1J7pZEzminqKaCnpV77tAU/w3gnTwVzip1Z0dG77Mb6z2tnFb1aYPMyp3za2+XONJJCDY4H+pqW0uqM8j5DrhHhHwCf0l4NXi3Wy7fBsUr57fywFmgRBEfZiMVejHuq4/ns5NpC9CYa99u/YQYwjgf69KjXUoctAH5P35KFx7MS3TZukGPo/T/Ew5BGa2oBJhy+ttP7tCMUxOHfByWt0+Agkg0Zt1/xO++T2kN8vHny7Zk6Vm2xjH5UM3we1XVBvmIaMGXptultHVF6aLUQKCVcKSa26CneDFnImg3Mclz1gfOSNmC+ZuHsFIWWzpromxFFvErI9dash7Hhg==";

   mbedtls_pk_context pk;
   mbedtls_pk_init( &pk );

   ret = mbedtls_pk_parse_public_key( &pk,         // key to be initialized (pk_context must be empty)
		   	   	   	   	   	   	   	   	   pubKey, sizeof(pubKey));  // path to filename to read the public key from
   if( ret != 0 )
   {
       mbedtls_printf( " failed\n  ! Could not read key from '%s'\n", pubKey );
       mbedtls_printf( "  ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret );
       return -1;
   }
   // Set padding for an already initialized RSA context
   mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ),  // RSA context to be set
		   	   	   	   	   	MBEDTLS_RSA_PKCS_V15,           // Padding scheme (MBEDTLS_RSA_PKCS_V21 or MBEDTLS_RSA_PKCS_V15)
                            MBEDTLS_MD_SHA512 );   // MBEDTLS_RSA_PKCS_V21 hash identifier (ignored for PKCS_V15)

   // Verify the RSA signature of the hash (includes padding if relevant)
   ret = mbedtls_pk_verify( &pk,               // PK context to use
                            MBEDTLS_MD_SHA512, // Hash algorithm used
							eHash,              // Hash of the message to verify signature for
                            sizeof(eHash),      // hash length (0 -> use length associated with the Hash algorithm)
							testString,               // Signature to verify
                            sizeof(testString) );  // Signature length
   if( ret != 0 )
   {
       mbedtls_printf( " failed\n  ! mbedtls_pk_verify returned %d\n\n", ret );
       return -1;
   }
   return 0;
}

I am getting “! mbedtls_pk_verify returned -17280” as output.
The eHash is a hash generated using 2048 bit RSA private key given by ‘privateKey’ on ‘testString’. Quick help is appreciated. Thanks