diff --git a/ChangeLog b/ChangeLog index 89d159ffd..8b7ec685b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,7 @@ Bugfix * Fixed version-major intolerance in server * Fixed CMake symlinking on out-of-source builds * Fixed dependency issues in test suite + * Programs rsa_sign_pss and rsa_verify_pss were not using PSS since 1.3.0 = PolarSSL 1.3.4 released on 2014-01-27 Features diff --git a/include/polarssl/rsa.h b/include/polarssl/rsa.h index 504dde24d..d8c8341c9 100644 --- a/include/polarssl/rsa.h +++ b/include/polarssl/rsa.h @@ -127,6 +127,21 @@ void rsa_init( rsa_context *ctx, int padding, int hash_id); +/** + * \brief Set padding for an already initialized RSA context + * + * Note: Set padding to RSA_PKCS_V21 for the RSAES-OAEP + * encryption scheme and the RSASSA-PSS signature scheme. + * + * \param ctx RSA context to be set + * \param padding RSA_PKCS_V15 or RSA_PKCS_V21 + * \param hash_id RSA_PKCS_V21 hash identifier + * + * \note The hash_id parameter is actually ignored + * when using RSA_PKCS_V15 padding. + */ +void rsa_set_padding( rsa_context *ctx, int padding, int hash_id); + /** * \brief Generate an RSA keypair * diff --git a/library/rsa.c b/library/rsa.c index 3a1ea355c..bf60c6f17 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -58,14 +58,22 @@ void rsa_init( rsa_context *ctx, { memset( ctx, 0, sizeof( rsa_context ) ); - ctx->padding = padding; - ctx->hash_id = hash_id; + rsa_set_padding( ctx, padding, hash_id ); #if defined(POLARSSL_THREADING_C) polarssl_mutex_init( &ctx->mutex ); #endif } +/* + * Set padding for an existing RSA context + */ +void rsa_set_padding( rsa_context *ctx, int padding, int hash_id ) +{ + ctx->padding = padding; + ctx->hash_id = hash_id; +} + #if defined(POLARSSL_GENPRIME) /* diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index fecfcc26e..7e8ac4aa4 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -101,7 +101,8 @@ int main( int argc, char *argv[] ) if( ( ret = pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) { ret = 1; - printf( " failed\n ! Could not open '%s'\n", argv[1] ); + printf( " failed\n ! Could not read key from '%s'\n", argv[1] ); + printf( " ! pk_parse_public_keyfile returned %d\n\n", ret ); goto exit; } @@ -112,6 +113,8 @@ int main( int argc, char *argv[] ) goto exit; } + rsa_set_padding( pk_rsa( pk ), RSA_PKCS_V21, POLARSSL_MD_SHA1 ); + /* * Compute the SHA-1 hash of the input file, * then calculate the RSA signature of the hash. diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 2ac5a5b8f..b41bcf8c7 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -81,7 +81,8 @@ int main( int argc, char *argv[] ) if( ( ret = pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 ) { - printf( " failed\n ! pk_parse_public_keyfile returned %d\n\n", ret ); + printf( " failed\n ! Could not read key from '%s'\n", argv[1] ); + printf( " ! pk_parse_public_keyfile returned %d\n\n", ret ); goto exit; } @@ -92,6 +93,8 @@ int main( int argc, char *argv[] ) goto exit; } + rsa_set_padding( pk_rsa( pk ), RSA_PKCS_V21, POLARSSL_MD_SHA1 ); + /* * Extract the RSA signature from the text file */