Fix RSASSA-PSS example programs

2024-11-22 11:15:43 +01:00 · 2014-03-10 21:55:35 +01:00 · 2014-03-10 21:55:35 +01:00 · 844a4c0aef
commit 844a4c0aef
parent 83cdffc437
5 changed files with 34 additions and 4 deletions
--- a/1
+++ b/1
@ -29,6 +29,7 @@ Bugfix
   * Fixed version-major intolerance in server
   * Fixed CMake symlinking on out-of-source builds
   * Fixed dependency issues in test suite
+   * Programs rsa_sign_pss and rsa_verify_pss were not using PSS since 1.3.0

 = PolarSSL 1.3.4 released on 2014-01-27
 Features
--- a/include/polarssl/rsa.h
+++ b/include/polarssl/rsa.h
@ -127,6 +127,21 @@ void rsa_init( rsa_context *ctx,
               int padding,
               int hash_id);

+/**
+ * \brief          Set padding for an already initialized RSA context
+ *
+ *                 Note: Set padding to RSA_PKCS_V21 for the RSAES-OAEP
+ *                 encryption scheme and the RSASSA-PSS signature scheme.
+ *
+ * \param ctx      RSA context to be set
+ * \param padding  RSA_PKCS_V15 or RSA_PKCS_V21
+ * \param hash_id  RSA_PKCS_V21 hash identifier
+ *
+ * \note           The hash_id parameter is actually ignored
+ *                 when using RSA_PKCS_V15 padding.
+ */
+void rsa_set_padding( rsa_context *ctx, int padding, int hash_id);
+
 /**
 * \brief          Generate an RSA keypair
 *
--- a/library/rsa.c
+++ b/library/rsa.c
@ -58,14 +58,22 @@ void rsa_init( rsa_context *ctx,
 {
    memset( ctx, 0, sizeof( rsa_context ) );

-    ctx->padding = padding;
-    ctx->hash_id = hash_id;
+    rsa_set_padding( ctx, padding, hash_id );

 #if defined(POLARSSL_THREADING_C)
    polarssl_mutex_init( &ctx->mutex );
 #endif
 }

+/*
+ * Set padding for an existing RSA context
+ */
+void rsa_set_padding( rsa_context *ctx, int padding, int hash_id )
+{
+    ctx->padding = padding;
+    ctx->hash_id = hash_id;
+}
+
 #if defined(POLARSSL_GENPRIME)

 /*
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@ -101,7 +101,8 @@ int main( int argc, char *argv[] )
    if( ( ret = pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
    {
        ret = 1;
-        printf( " failed\n  ! Could not open '%s'\n", argv[1] );
+        printf( " failed\n  ! Could not read key from '%s'\n", argv[1] );
+        printf( "  ! pk_parse_public_keyfile returned %d\n\n", ret );
        goto exit;
    }

@ -112,6 +113,8 @@ int main( int argc, char *argv[] )
        goto exit;
    }

+    rsa_set_padding( pk_rsa( pk ), RSA_PKCS_V21, POLARSSL_MD_SHA1 );
+
    /*
     * Compute the SHA-1 hash of the input file,
     * then calculate the RSA signature of the hash.
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@ -81,7 +81,8 @@ int main( int argc, char *argv[] )

    if( ( ret = pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
    {
-        printf( " failed\n  ! pk_parse_public_keyfile returned %d\n\n", ret );
+        printf( " failed\n  ! Could not read key from '%s'\n", argv[1] );
+        printf( "  ! pk_parse_public_keyfile returned %d\n\n", ret );
        goto exit;
    }

@ -92,6 +93,8 @@ int main( int argc, char *argv[] )
        goto exit;
    }

+    rsa_set_padding( pk_rsa( pk ), RSA_PKCS_V21, POLARSSL_MD_SHA1 );
+
    /*
     * Extract the RSA signature from the text file
     */