delta/gnutls.git/lib/algorithms, branch tmp-remove-debugging-code gitlab.com: gnutls/gnutls.git sign APIs: introduce RSA-RAW signing algorithm 2017-08-17T08:43:29+00:00 Nikos Mavrogiannopoulos nmav@redhat.com 2017-08-17T07:59:53+00:00 01c95e4df8d3132642ab3b2f57d8ba97509976ad This ensures that there is a signing algorithm for all the operations we support. Previously, we required GNUTLS_SIGN_UNKNOWN to be acceptable by signing functions to accomodate for raw RSA operations. Now we make that explicit and in the process clean-up the API. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> 
This ensures that there is a signing algorithm for all the operations
we support. Previously, we required GNUTLS_SIGN_UNKNOWN to be acceptable
by signing functions to accomodate for raw RSA operations. Now we make
that explicit and in the process clean-up the API.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
publickey: fixed incorrect assignment 2017-08-08T19:17:56+00:00 Nikos Mavrogiannopoulos nmav@redhat.com 2017-08-08T13:03:53+00:00 6188f67af5b231ac7e61e938063b4070ecf1ae62 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
mac: simplified iteration functions 2017-08-08T19:17:56+00:00 Nikos Mavrogiannopoulos nmav@redhat.com 2017-08-08T13:03:11+00:00 e916bd0486ba616077ee7dbdf8da9ff2b8273777 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
sign/digest: separate "brokenness" of signatures and hash algorithms 2017-08-04T14:53:53+00:00 Nikos Mavrogiannopoulos nmav@redhat.com 2017-07-28T12:00:27+00:00 76ffecfc2fb98042f7d90db7d729cce9ebfa9db2 That is, allow digital signatures to be marked as broken irrespective of their used hash, and restrict hash brokenness to preimage resistance. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> 
That is, allow digital signatures to be marked as broken irrespective
of their used hash, and restrict hash brokenness to preimage resistance.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
sign: use C99 syntax for signature algorithm's table 2017-08-04T14:53:53+00:00 Nikos Mavrogiannopoulos nmav@redhat.com 2017-07-28T11:40:21+00:00 2931d8709c6283462c53d2b67e1480109536e772 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
gnutls_pk_get_oid: return early on unknown algorithm 2017-08-04T10:05:55+00:00 Nikos Mavrogiannopoulos nmav@redhat.com 2017-08-04T08:05:29+00:00 0416d1f94f36b703de46fa00e465b2bac24063ea Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
*set_spki(): return error on incompatible algorithms 2017-08-03T09:57:52+00:00 Nikos Mavrogiannopoulos nmav@redhat.com 2017-07-25T12:01:48+00:00 86da29a32b34bd2f84f914f5749c260d9ff11add In addition update the public key algorithm field in the respective structure. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> 
In addition update the public key algorithm field in the
respective structure.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
gnutls_x509_privkey_generate2: do not hardcode the RSA-PSS hash to SHA256 2017-08-03T09:57:52+00:00 Nikos Mavrogiannopoulos nmav@redhat.com 2017-07-25T14:33:26+00:00 e8b944e870a7247e0a8e541405b9e32b310ea8eb Instead use _gnutls_pk_bits_to_sha_hash() to set an appropriate hash for the number of bits of the key. This matches better the "intention" of RSA-PSS or tying the security parameter with the salt and hash. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> 
Instead use _gnutls_pk_bits_to_sha_hash() to set an appropriate hash
for the number of bits of the key. This matches better the "intention"
of RSA-PSS or tying the security parameter with the salt and hash.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Clarified the purpose of the spki params related functions 2017-08-03T09:57:52+00:00 Nikos Mavrogiannopoulos nmav@redhat.com 2017-07-24T08:12:54+00:00 67fac0f4ccb43c983c110060639de95168ca04a1 _gnutls_privkey_get_sign_params was renamed to _gnutls_privkey_get_spki_params, _gnutls_privkey_update_sign_params to _gnutls_privkey_update_spki_params, and the dig entry of gnutls_x509_spki_st was renamed to rsa_pss_dig. The reason is that there could be a confusion on the purpose of the 'dig' entry, as it could be assumed to be the signature's hash algorithm in the general case. That could not be because the SPKI parameters do not contain it for any other algorithm than RSA-PSS. As such, make a logical separation from SPKI reading functions with the signature reading functions and try to use the gnutls_sign_entry_st when signature information is required. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> 
_gnutls_privkey_get_sign_params was renamed to _gnutls_privkey_get_spki_params,
_gnutls_privkey_update_sign_params to _gnutls_privkey_update_spki_params,
and the dig entry of gnutls_x509_spki_st was renamed to rsa_pss_dig.

The reason is that there could be a confusion on the purpose of
the 'dig' entry, as it could be assumed to be the signature's hash
algorithm in the general case. That could not be because the SPKI
parameters do not contain it for any other algorithm than RSA-PSS.
As such, make a logical separation from SPKI reading functions
with the signature reading functions and try to use the
gnutls_sign_entry_st when signature information is required.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Pass the signature algorithm lower in the verification stack 2017-08-03T09:57:52+00:00 Nikos Mavrogiannopoulos nmav@gnutls.org 2017-07-21T21:56:20+00:00 7ee95dc1c31133f6dde92f4b104359061bfeb700 This will allow enhancing the back-ends (PKCS#11 and ext) for signing with the new signature algorithms like RSA-PSS and Ed25519. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> 
This will allow enhancing the back-ends (PKCS#11 and ext) for
signing with the new signature algorithms like RSA-PSS and Ed25519.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>