diff options
author | Daiki Ueno <dueno@redhat.com> | 2017-03-16 11:38:58 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-29 08:23:49 +0200 |
commit | 9e5452193c3510102801fd86b6e65d37b5dc1012 (patch) | |
tree | 1c401b3900c8a6f3ffac58ad839266e8c228f941 /tests/privkey-verify-broken.c | |
parent | 03c811b7f9a280182b486473567a0b93fe1dc291 (diff) | |
download | gnutls-9e5452193c3510102801fd86b6e65d37b5dc1012.tar.gz |
x509: implement RSA-PSS signature scheme
This patch enables RSA-PSS signature scheme in the X.509 functions and
certtool.
When creating RSA-PSS signature, there are 3 different scenarios:
a. both a private key and a certificate are RSA-PSS
b. the private key is RSA, while the certificate is RSA-PSS
c. both the private key and the certificate are RSA
For (a) and (b), the RSA-PSS parameters are read from the certificate.
Any conflicts in parameters between the private key and the certificate
are reported as an error.
For (c), the sign functions, such as gnutls_x509_crt_privkey_sign() or
gnutls_privkey_sign_data(), shall be instructed to generate an RSA-PSS
signature. This can be done with the new flag
GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS.
Verification is similar to signing, except for the case (c), use the
flag GNUTLS_VERIFY_USE_RSA_PSS instead of
GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS.
From the command line, certtool has a couple of new options: --rsa-pss
and --rsa-pss-sign. The --rsa-pss option indicates that the generated
private key or certificate is restricted to RSA-PSS, while the
--rsa-pss-sign option indicates that the generated certificate is signed
with RSA-PSS.
For simplicity, there is no means of choosing arbitrary salt length.
When it is not given by a private key or a certificate, it is
automatically calculated from the underlying hash algorithm and the
RSA modulus bits.
[minor naming changes by nmav]
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'tests/privkey-verify-broken.c')
-rw-r--r-- | tests/privkey-verify-broken.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/tests/privkey-verify-broken.c b/tests/privkey-verify-broken.c index 7b41e6ffba..7d7c84c7a0 100644 --- a/tests/privkey-verify-broken.c +++ b/tests/privkey-verify-broken.c @@ -45,12 +45,13 @@ const gnutls_datum_t raw_data = { 11 }; -static int sign_verify_data(gnutls_x509_privkey_t pkey, unsigned algo, unsigned vflags) +static int sign_verify_data2(gnutls_x509_privkey_t pkey, unsigned algo, unsigned sflags, unsigned vflags) { int ret; gnutls_privkey_t privkey; gnutls_pubkey_t pubkey; gnutls_datum_t signature; + gnutls_pk_algorithm_t pk; /* sign arbitrary data */ assert(gnutls_privkey_init(&privkey) >= 0); @@ -59,7 +60,7 @@ static int sign_verify_data(gnutls_x509_privkey_t pkey, unsigned algo, unsigned if (ret < 0) fail("gnutls_pubkey_import_x509\n"); - ret = gnutls_privkey_sign_data(privkey, algo, 0, + ret = gnutls_privkey_sign_data(privkey, algo, sflags, &raw_data, &signature); if (ret < 0) { ret = -1; @@ -73,7 +74,12 @@ static int sign_verify_data(gnutls_x509_privkey_t pkey, unsigned algo, unsigned if (ret < 0) fail("gnutls_pubkey_import_privkey\n"); - ret = gnutls_pubkey_verify_data2(pubkey, gnutls_pk_to_sign(gnutls_pubkey_get_pk_algorithm(pubkey, NULL),algo), + if (sflags & GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS) + pk = GNUTLS_PK_RSA_PSS; + else + pk = gnutls_pubkey_get_pk_algorithm(pubkey, NULL); + + ret = gnutls_pubkey_verify_data2(pubkey, gnutls_pk_to_sign(pk, algo), vflags, &raw_data, &signature); if (ret < 0) { ret = -1; @@ -89,6 +95,11 @@ static int sign_verify_data(gnutls_x509_privkey_t pkey, unsigned algo, unsigned return ret; } +static int sign_verify_data(gnutls_x509_privkey_t pkey, unsigned algo, unsigned vflags) +{ + return sign_verify_data2(pkey, algo, 0, vflags); +} + void doit(void) { gnutls_x509_privkey_t pkey; @@ -123,7 +134,7 @@ void doit(void) fail("failed verification with SHA1 and override flags2!\n"); if (sign_verify_data(pkey, GNUTLS_DIG_MD5, 0) >= 0) - fail("succeeded verification with SHA1!\n"); + fail("succeeded verification with MD5!\n"); if (!gnutls_fips140_mode_enabled()) { if (sign_verify_data(pkey, GNUTLS_DIG_MD5, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5) < 0) @@ -142,6 +153,9 @@ void doit(void) if (sign_verify_data(pkey, GNUTLS_DIG_SHA3_256, 0) < 0) fail("failed verification with SHA3-256!\n"); + if (sign_verify_data2(pkey, GNUTLS_DIG_SHA256, GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS, GNUTLS_VERIFY_USE_RSA_PSS) < 0) + fail("failed verification with SHA256 with PSS!\n"); + gnutls_x509_privkey_deinit(pkey); gnutls_global_deinit(); |