| 1 | =pod
|
|---|
| 2 |
|
|---|
| 3 | =head1 NAME
|
|---|
| 4 |
|
|---|
| 5 | EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover_init_ex,
|
|---|
| 6 | EVP_PKEY_verify_recover
|
|---|
| 7 | - recover signature using a public key algorithm
|
|---|
| 8 |
|
|---|
| 9 | =head1 SYNOPSIS
|
|---|
| 10 |
|
|---|
| 11 | #include <openssl/evp.h>
|
|---|
| 12 |
|
|---|
| 13 | int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
|
|---|
| 14 | int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx,
|
|---|
| 15 | const OSSL_PARAM params[]);
|
|---|
| 16 | int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
|
|---|
| 17 | unsigned char *rout, size_t *routlen,
|
|---|
| 18 | const unsigned char *sig, size_t siglen);
|
|---|
| 19 |
|
|---|
| 20 | =head1 DESCRIPTION
|
|---|
| 21 |
|
|---|
| 22 | EVP_PKEY_verify_recover_init() initializes a public key algorithm context
|
|---|
| 23 | I<ctx> for signing using the algorithm given when the context was created
|
|---|
| 24 | using L<EVP_PKEY_CTX_new(3)> or variants thereof. The algorithm is used to
|
|---|
| 25 | fetch a B<EVP_SIGNATURE> method implicitly, see L<provider(7)/Implicit fetch>
|
|---|
| 26 | for more information about implicit fetches.
|
|---|
| 27 |
|
|---|
| 28 | EVP_PKEY_verify_recover_init_ex() is the same as
|
|---|
| 29 | EVP_PKEY_verify_recover_init() but additionally sets the passed parameters
|
|---|
| 30 | I<params> on the context before returning.
|
|---|
| 31 |
|
|---|
| 32 | The EVP_PKEY_verify_recover() function recovers signed data
|
|---|
| 33 | using I<ctx>. The signature is specified using the I<sig> and
|
|---|
| 34 | I<siglen> parameters. If I<rout> is NULL then the maximum size of the output
|
|---|
| 35 | buffer is written to the I<routlen> parameter. If I<rout> is not NULL then
|
|---|
| 36 | before the call the I<routlen> parameter should contain the length of the
|
|---|
| 37 | I<rout> buffer, if the call is successful recovered data is written to
|
|---|
| 38 | I<rout> and the amount of data written to I<routlen>.
|
|---|
| 39 |
|
|---|
| 40 | =head1 NOTES
|
|---|
| 41 |
|
|---|
| 42 | Normally an application is only interested in whether a signature verification
|
|---|
| 43 | operation is successful in those cases the EVP_verify() function should be
|
|---|
| 44 | used.
|
|---|
| 45 |
|
|---|
| 46 | Sometimes however it is useful to obtain the data originally signed using a
|
|---|
| 47 | signing operation. Only certain public key algorithms can recover a signature
|
|---|
| 48 | in this way (for example RSA in PKCS padding mode).
|
|---|
| 49 |
|
|---|
| 50 | After the call to EVP_PKEY_verify_recover_init() algorithm specific control
|
|---|
| 51 | operations can be performed to set any appropriate parameters for the
|
|---|
| 52 | operation.
|
|---|
| 53 |
|
|---|
| 54 | The function EVP_PKEY_verify_recover() can be called more than once on the same
|
|---|
| 55 | context if several operations are performed using the same parameters.
|
|---|
| 56 |
|
|---|
| 57 | =head1 RETURN VALUES
|
|---|
| 58 |
|
|---|
| 59 | EVP_PKEY_verify_recover_init() and EVP_PKEY_verify_recover() return 1 for success
|
|---|
| 60 | and 0 or a negative value for failure. In particular a return value of -2
|
|---|
| 61 | indicates the operation is not supported by the public key algorithm.
|
|---|
| 62 |
|
|---|
| 63 | =head1 EXAMPLES
|
|---|
| 64 |
|
|---|
| 65 | Recover digest originally signed using PKCS#1 and SHA256 digest:
|
|---|
| 66 |
|
|---|
| 67 | #include <openssl/evp.h>
|
|---|
| 68 | #include <openssl/rsa.h>
|
|---|
| 69 |
|
|---|
| 70 | EVP_PKEY_CTX *ctx;
|
|---|
| 71 | unsigned char *rout, *sig;
|
|---|
| 72 | size_t routlen, siglen;
|
|---|
| 73 | EVP_PKEY *verify_key;
|
|---|
| 74 |
|
|---|
| 75 | /*
|
|---|
| 76 | * NB: assumes verify_key, sig and siglen are already set up
|
|---|
| 77 | * and that verify_key is an RSA public key
|
|---|
| 78 | */
|
|---|
| 79 | ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */);
|
|---|
| 80 | if (!ctx)
|
|---|
| 81 | /* Error occurred */
|
|---|
| 82 | if (EVP_PKEY_verify_recover_init(ctx) <= 0)
|
|---|
| 83 | /* Error */
|
|---|
| 84 | if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
|
|---|
| 85 | /* Error */
|
|---|
| 86 | if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
|
|---|
| 87 | /* Error */
|
|---|
| 88 |
|
|---|
| 89 | /* Determine buffer length */
|
|---|
| 90 | if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0)
|
|---|
| 91 | /* Error */
|
|---|
| 92 |
|
|---|
| 93 | rout = OPENSSL_malloc(routlen);
|
|---|
| 94 |
|
|---|
| 95 | if (!rout)
|
|---|
| 96 | /* malloc failure */
|
|---|
| 97 |
|
|---|
| 98 | if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0)
|
|---|
| 99 | /* Error */
|
|---|
| 100 |
|
|---|
| 101 | /* Recovered data is routlen bytes written to buffer rout */
|
|---|
| 102 |
|
|---|
| 103 | =head1 SEE ALSO
|
|---|
| 104 |
|
|---|
| 105 | L<EVP_PKEY_CTX_new(3)>,
|
|---|
| 106 | L<EVP_PKEY_encrypt(3)>,
|
|---|
| 107 | L<EVP_PKEY_decrypt(3)>,
|
|---|
| 108 | L<EVP_PKEY_sign(3)>,
|
|---|
| 109 | L<EVP_PKEY_verify(3)>,
|
|---|
| 110 | L<EVP_PKEY_derive(3)>
|
|---|
| 111 |
|
|---|
| 112 | =head1 HISTORY
|
|---|
| 113 |
|
|---|
| 114 | The EVP_PKEY_verify_recover_init() and EVP_PKEY_verify_recover()
|
|---|
| 115 | functions were added in OpenSSL 1.0.0.
|
|---|
| 116 |
|
|---|
| 117 | The EVP_PKEY_verify_recover_init_ex() function was added in OpenSSL 3.0.
|
|---|
| 118 |
|
|---|
| 119 | =head1 COPYRIGHT
|
|---|
| 120 |
|
|---|
| 121 | Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|---|
| 122 |
|
|---|
| 123 | Licensed under the Apache License 2.0 (the "License"). You may not use
|
|---|
| 124 | this file except in compliance with the License. You can obtain a copy
|
|---|
| 125 | in the file LICENSE in the source distribution or at
|
|---|
| 126 | L<https://www.openssl.org/source/license.html>.
|
|---|
| 127 |
|
|---|
| 128 | =cut
|
|---|
