Add an EVP demo for signatures using EC

Fixes #14115

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15429)

4 files changed, 334 insertions, 0 deletions

diff --git a/demos/README.txt b/demos/README.txt
index 383d0e5b80..7472821c3b 100644
--- a/demos/README.txt
+++ b/demos/README.txt
@@ -26,3 +26,6 @@ smime:
 pkcs12:
 pkread.c               Print out a description of a PKCS12 file.
 pkwrite.c              Add a password to an existing PKCS12 file.
+
+signature:
+EVP_Signature_demo.c   Compute and verify a signature from multiple buffers
diff --git a/demos/signature/EVP_Signature_demo.c b/demos/signature/EVP_Signature_demo.c
new file mode 100644
index 0000000000..d7f26f164b
--- /dev/null
+++ b/demos/signature/EVP_Signature_demo.c
@@ -0,0 +1,235 @@
+/*-
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * An example that uses the EVP_MD*, EVP_DigestSign* and EVP_DigestVerify*
+ * methods to calculate and verify a signature of two static buffers.
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/decoder.h>
+#include "EVP_Signature_demo.h"
+
+/*
+ * This demonstration will calculate and verify a signature of data using
+ * the soliloquy from Hamlet scene 1 act 3
+ */
+
+static const char *hamlet_1 =
+    "To be, or not to be, that is the question,\n"
+    "Whether tis nobler in the minde to suffer\n"
+    "The slings and arrowes of outragious fortune,\n"
+    "Or to take Armes again in a sea of troubles,\n"
+;
+static const char *hamlet_2 =
+    "And by opposing, end them, to die to sleep;\n"
+    "No more, and by a sleep, to say we end\n"
+    "The heart-ache, and the thousand natural shocks\n"
+    "That flesh is heir to? tis a consumation\n"
+;
+
+/*
+ * For demo_sign, load EC private key priv_key from priv_key_der[].
+ * For demo_verify, load EC public key pub_key from pub_key_der[].
+ */
+static EVP_PKEY *get_key(OSSL_LIB_CTX *libctx, const char *propq, int public)
+{
+    OSSL_DECODER_CTX *dctx = NULL;
+    EVP_PKEY  *pkey = NULL;
+    int selection;
+    const unsigned char *data;
+    size_t data_len;
+
+    if (public) {
+        selection = EVP_PKEY_PUBLIC_KEY;
+        data =  pub_key_der;
+        data_len = sizeof(pub_key_der);
+    } else {
+        selection =  EVP_PKEY_KEYPAIR;
+        data = priv_key_der;
+        data_len = sizeof(priv_key_der);
+    }
+    dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, "EC",
+                                         selection, libctx, propq);
+    (void)OSSL_DECODER_from_data(dctx, &data, &data_len);
+    OSSL_DECODER_CTX_free(dctx);
+    if (pkey == NULL)
+        fprintf(stderr, "Failed to load %s key.\n", public ? "public" : "private");
+    return pkey;
+}
+
+static int demo_sign(OSSL_LIB_CTX *libctx,  const char *sig_name,
+                     size_t *sig_out_len, unsigned char **sig_out_value)
+{
+    int result = 0, public = 0;
+    size_t sig_len;
+    unsigned char *sig_value = NULL;
+    const char *propq = NULL;
+    EVP_MD_CTX *sign_context = NULL;
+    EVP_PKEY *priv_key = NULL;
+
+    /* Get private key */
+    priv_key = get_key(libctx, propq, public);
+    if (priv_key == NULL) {
+        fprintf(stderr, "Get private key failed.\n");
+        goto cleanup;
+    }
+    /*
+     * Make a message signature context to hold temporary state
+     * during signature creation
+     */
+    sign_context = EVP_MD_CTX_new();
+    if (sign_context == NULL) {
+        fprintf(stderr, "EVP_MD_CTX_new failed.\n");
+        goto cleanup;
+    }
+    /*
+     * Initialize the sign context to use the fetched
+     * sign provider.
+     */
+    if (!EVP_DigestSignInit_ex(sign_context, NULL, sig_name,
+                              libctx, NULL, priv_key, NULL)) {
+        fprintf(stderr, "EVP_DigestSignInit_ex failed.\n");
+        goto cleanup;
+    }
+    /*
+     * EVP_DigestSignUpdate() can be called several times on the same context
+     * to include additional data.
+     */
+    if (!EVP_DigestSignUpdate(sign_context, hamlet_1, strlen(hamlet_1))) {
+        fprintf(stderr, "EVP_DigestSignUpdate(hamlet_1) failed.\n");
+        goto cleanup;
+    }
+    if (!EVP_DigestSignUpdate(sign_context, hamlet_2, strlen(hamlet_2))) {
+        fprintf(stderr, "EVP_DigestSignUpdate(hamlet_2) failed.\n");
+        goto cleanup;
+    }
+    /* Call EVP_DigestSignFinal to get signature length sig_len */
+    if (!EVP_DigestSignFinal(sign_context, NULL, &sig_len)) {
+        fprintf(stderr, "EVP_DigestSignFinal failed.\n");
+        goto cleanup;
+    }
+    if (sig_len <= 0) {
+        fprintf(stderr, "EVP_DigestSignFinal returned invalid signature length.\n");
+        goto cleanup;
+    }
+    sig_value = OPENSSL_malloc(sig_len);
+    if (sig_value == NULL) {
+        fprintf(stderr, "No memory.\n");
+        goto cleanup;
+    }
+    if (!EVP_DigestSignFinal(sign_context, sig_value, &sig_len)) {
+        fprintf(stderr, "EVP_DigestSignFinal failed.\n");
+        goto cleanup;
+    }
+    *sig_out_len = sig_len;
+    *sig_out_value = sig_value;
+    fprintf(stdout, "Generating signature:\n");
+    BIO_dump_indent_fp(stdout, sig_value, sig_len, 2);
+    fprintf(stdout, "\n");
+    result = 1;
+
+cleanup:
+    /* OpenSSL free functions will ignore NULL arguments */
+    if (!result)
+        OPENSSL_free(sig_value);
+    EVP_PKEY_free(priv_key);
+    EVP_MD_CTX_free(sign_context);
+    return result;
+}
+
+static int demo_verify(OSSL_LIB_CTX *libctx, const char *sig_name,
+                       size_t sig_len, unsigned char *sig_value)
+{
+    int result = 0, public = 1;
+    const char *propq = NULL;
+    EVP_MD_CTX *verify_context = NULL;
+    EVP_PKEY *pub_key = NULL;
+
+    /*
+     * Make a verify signature context to hold temporary state
+     * during signature verification
+     */
+    verify_context = EVP_MD_CTX_new();
+    if (verify_context == NULL) {
+        fprintf(stderr, "EVP_MD_CTX_new failed.\n");
+        goto cleanup;
+    }
+    /* Get public key */
+    pub_key = get_key(libctx, propq, public);
+    if (pub_key == NULL) {
+        fprintf(stderr, "Get public key failed.\n");
+        goto cleanup;
+    }
+    /* Verify */
+    if (!EVP_DigestVerifyInit_ex(verify_context, NULL, sig_name,
+                                libctx, NULL, pub_key, NULL)) {
+        fprintf(stderr, "EVP_DigestVerifyInit failed.\n");
+        goto cleanup;
+    }
+    /*
+     * EVP_DigestVerifyUpdate() can be called several times on the same context
+     * to include additional data.
+     */
+    if (!EVP_DigestVerifyUpdate(verify_context, hamlet_1, strlen(hamlet_1))) {
+        fprintf(stderr, "EVP_DigestVerifyUpdate(hamlet_1) failed.\n");
+        goto cleanup;
+    }
+    if (!EVP_DigestVerifyUpdate(verify_context, hamlet_2, strlen(hamlet_2))) {
+        fprintf(stderr, "EVP_DigestVerifyUpdate(hamlet_2) failed.\n");
+        goto cleanup;
+    }
+    if (!EVP_DigestVerifyFinal(verify_context, sig_value, sig_len)) {
+        fprintf(stderr, "EVP_DigestVerifyFinal failed.\n");
+        goto cleanup;
+    }
+    fprintf(stdout, "Signature verified.\n");
+    result = 1;
+
+cleanup:
+    /* OpenSSL free functions will ignore NULL arguments */
+    EVP_PKEY_free(pub_key);
+    EVP_MD_CTX_free(verify_context);
+    return result;
+}
+
+int main(void)
+{
+    OSSL_LIB_CTX *libctx = NULL;
+    const char *sig_name = "SHA3-512";
+    size_t sig_len = 0;
+    unsigned char *sig_value = NULL;
+    int result = 0;
+
+    libctx = OSSL_LIB_CTX_new();
+    if (libctx == NULL) {
+        fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n");
+        goto cleanup;
+    }
+    if (!demo_sign(libctx, sig_name, &sig_len, &sig_value)) {
+        fprintf(stderr, "demo_sign failed.\n");
+        goto cleanup;
+    }
+    if (!demo_verify(libctx, sig_name, sig_len, sig_value)) {
+        fprintf(stderr, "demo_verify failed.\n");
+        goto cleanup;
+    }
+    result = 1;
+
+cleanup:
+    if (result != 1)
+        ERR_print_errors_fp(stderr);
+    /* OpenSSL free functions will ignore NULL arguments */
+    OSSL_LIB_CTX_free(libctx);
+    OPENSSL_free(sig_value);
+    return result == 0;
+}
diff --git a/demos/signature/EVP_Signature_demo.h b/demos/signature/EVP_Signature_demo.h
new file mode 100644
index 0000000000..aef3e60783
--- /dev/null
+++ b/demos/signature/EVP_Signature_demo.h
@@ -0,0 +1,76 @@
+/*-
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Signers private EC key */
+static const unsigned char priv_key_der[] = {
+0x30, 0x82, 0x01, 0x68, 0x02, 0x01, 0x01, 0x04, 0x20, 0x51, 0x77, 0xae,
+0xf4, 0x18, 0xf4, 0x6b, 0xc4, 0xe5, 0xbb, 0xe9, 0xe6, 0x9e, 0x6d, 0xb0,
+0xea, 0x12, 0xf9, 0xf3, 0xdb, 0x9d, 0x56, 0x59, 0xf7, 0x5a, 0x17, 0xd7,
+0xd1, 0xe4, 0xd7, 0x47, 0x28, 0xa0, 0x81, 0xfa, 0x30, 0x81, 0xf7, 0x02,
+0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01,
+0x01, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0x30, 0x5b, 0x04, 0x20, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc,
+0x04, 0x20, 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, 0xb3, 0xeb,
+0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc, 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53,
+0xb0, 0xf6, 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b, 0x03, 0x15,
+0x00, 0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93, 0x6a, 0x66, 0x78,
+0xe1, 0x13, 0x9d, 0x26, 0xb7, 0x81, 0x9f, 0x7e, 0x90, 0x04, 0x41, 0x04,
+0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5,
+0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0,
+0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, 0x4f, 0xe3, 0x42, 0xe2,
+0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16,
+0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68,
+0x37, 0xbf, 0x51, 0xf5, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00,
+0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbc,
+0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc,
+0x63, 0x25, 0x51, 0x02, 0x01, 0x01, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04,
+0x4f, 0xe7, 0x7b, 0xb6, 0xbb, 0x54, 0x42, 0x39, 0xed, 0x5d, 0xe5, 0x40,
+0xc8, 0xd8, 0x71, 0xca, 0x6d, 0x83, 0x71, 0xd1, 0x88, 0x2a, 0x65, 0x00,
+0x6c, 0xc6, 0x2f, 0x01, 0x31, 0x49, 0xbe, 0x76, 0x7a, 0x67, 0x6a, 0x28,
+0x33, 0xc7, 0x5b, 0xb9, 0x24, 0x45, 0x24, 0x6e, 0xf0, 0x6d, 0x2f, 0x34,
+0x06, 0x53, 0x73, 0x6a, 0xff, 0x90, 0x90, 0xc1, 0x6d, 0x9b, 0x94, 0x0d,
+0x0e, 0x1f, 0x95, 0x65,
+};
+
+/* The matching public key used for verifying */
+static const unsigned char pub_key_der[] = {
+0x30, 0x82, 0x01, 0x4b, 0x30, 0x82, 0x01, 0x03, 0x06, 0x07, 0x2a, 0x86,
+0x48, 0xce, 0x3d, 0x02, 0x01, 0x30, 0x81, 0xf7, 0x02, 0x01, 0x01, 0x30,
+0x2c, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21,
+0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x30, 0x5b, 0x04,
+0x20, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, 0x04, 0x20, 0x5a,
+0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, 0xb3, 0xeb, 0xbd, 0x55, 0x76,
+0x98, 0x86, 0xbc, 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6, 0x3b,
+0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b, 0x03, 0x15, 0x00, 0xc4, 0x9d,
+0x36, 0x08, 0x86, 0xe7, 0x04, 0x93, 0x6a, 0x66, 0x78, 0xe1, 0x13, 0x9d,
+0x26, 0xb7, 0x81, 0x9f, 0x7e, 0x90, 0x04, 0x41, 0x04, 0x6b, 0x17, 0xd1,
+0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40,
+0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39,
+0x45, 0xd8, 0x98, 0xc2, 0x96, 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f,
+0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33,
+0x57, 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51,
+0xf5, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbc, 0xe6, 0xfa, 0xad,
+0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51,
+0x02, 0x01, 0x01, 0x03, 0x42, 0x00, 0x04, 0x4f, 0xe7, 0x7b, 0xb6, 0xbb,
+0x54, 0x42, 0x39, 0xed, 0x5d, 0xe5, 0x40, 0xc8, 0xd8, 0x71, 0xca, 0x6d,
+0x83, 0x71, 0xd1, 0x88, 0x2a, 0x65, 0x00, 0x6c, 0xc6, 0x2f, 0x01, 0x31,
+0x49, 0xbe, 0x76, 0x7a, 0x67, 0x6a, 0x28, 0x33, 0xc7, 0x5b, 0xb9, 0x24,
+0x45, 0x24, 0x6e, 0xf0, 0x6d, 0x2f, 0x34, 0x06, 0x53, 0x73, 0x6a, 0xff,
+0x90, 0x90, 0xc1, 0x6d, 0x9b, 0x94, 0x0d, 0x0e, 0x1f, 0x95, 0x65,
+};
+
diff --git a/demos/signature/Makefile b/demos/signature/Makefile
new file mode 100644
index 0000000000..b4071c2edc
--- /dev/null
+++ b/demos/signature/Makefile
@@ -0,0 +1,20 @@
+#
+# To run the demos when linked with a shared library (default):
+#
+#    LD_LIBRARY_PATH=../.. ./EVP_Signature_demo
+
+CFLAGS = -I../../include -g
+LDFLAGS = -L../..
+LDLIBS = -lcrypto
+
+all: EVP_Signature_demo
+
+%.o: %.c
+	$(CC) $(CFLAGS) -c $<
+
+EVP_Signature_demo: EVP_Signature_demo.o
+
+test: ;
+
+clean:
+	$(RM) *.o EVP_Signature_demo