Hello everyone,
I'm working on a Delphi project that requires signing a request signature with RSASSA-PSS algorithm. In my implementation, I initialize the signing context with EVP_DigestSignInit using SHA-256. However, when I attempt to set the salt length with EVP_PKEY_CTX_set_rsa_pss_saltlen(PSSCtx, 32), it consistently returns an error.
I'm using the OverByteIcsLIBEAY.pas functions.
Params I need to use for the signature:
Hash algorithm: SHA-256
Mask generation function: MGF1
Mask generation algorithm: SHA-256
Salt length: 32 bytes (= 256 bits, same as the hash length)
Trailer field: 1
Has anyone here encountered similar issues with RSASSA-PSS in OpenSSL, particularly with setting the salt length? Any advice on handling this setup in Delphi would be greatly appreciated!
Thanks in advance!
function TIsabelData.SignData(const AData: TBytes; APrivateKey: PEVP_PKEY): string;
var
SignCtx: PEVP_MD_CTX;
PSSCtx: PEVP_PKEY_CTX;
Sig: TBytes;
SigLen: Cardinal;
ErrCode: Cardinal;
begin
if EVP_PKEY_base_id(APrivateKey) <> EVP_PKEY_RSA then
raise Exception.Create('The provided key is not an RSA key');
SignCtx := EVP_MD_CTX_create;
PSSCtx := nil;
try
if EVP_DigestSignInit(SignCtx, @PSSCtx, EVP_sha256, nil, APrivateKey) <> 1 then
raise Exception.Create('Error initializing digest sign');
if EVP_PKEY_CTX_set_rsa_padding(PSSCtx, RSA_PKCS1_PSS_PADDING) <= 0 then
raise Exception.Create('Error setting RSA PSS padding');
if EVP_PKEY_CTX_set_rsa_pss_saltlen(PSSCtx, 32) <= 0 then
begin
ErrCode := ERR_get_error;
raise Exception.Create('Error setting RSA PSS salt length: ' + string(ERR_reason_error_string(ErrCode)));
end;
if EVP_PKEY_CTX_set_rsa_mgf1_md(PSSCtx, EVP_sha256) <= 0 then
raise Exception.Create('Error setting MGF1 to SHA256');
if EVP_DigestSignUpdate(SignCtx, @AData[0], Length(AData)) <> 1 then
raise Exception.Create('Error updating digest sign');
SigLen := 0;
if EVP_DigestSignFinal(SignCtx, nil, @SigLen) <> 1 then
raise Exception.Create('Error finalizing digest sign');
SetLength(Sig, SigLen);
if EVP_DigestSignFinal(SignCtx, @Sig[0], @SigLen) <> 1 then
raise Exception.Create('Error finalizing digest sign');
Result := TNetEncoding.Base64.EncodeBytesToString(Sig);
finally
EVP_MD_CTX_free(SignCtx);
EVP_PKEY_CTX_free(PSSCtx);
end;
end;