Move from SHA-1 to SHA-256 as default in programs
This commit is contained in:
parent
70dbfaa9ea
commit
6f60cd848b
@ -9,6 +9,8 @@ Features
|
|||||||
Bugfix
|
Bugfix
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
|
* Move from SHA-1 to SHA-256 in example programs using signatures
|
||||||
|
(suggested by Thorsten Mühlfelder).
|
||||||
|
|
||||||
= mbed TLS 1.3.10 released 2015-02-09
|
= mbed TLS 1.3.10 released 2015-02-09
|
||||||
Security
|
Security
|
||||||
|
@ -48,7 +48,7 @@
|
|||||||
|
|
||||||
#if !defined(POLARSSL_AES_C) || !defined(POLARSSL_DHM_C) || \
|
#if !defined(POLARSSL_AES_C) || !defined(POLARSSL_DHM_C) || \
|
||||||
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_NET_C) || \
|
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_NET_C) || \
|
||||||
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA1_C) || \
|
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA256_C) || \
|
||||||
!defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C)
|
!defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C)
|
||||||
int main( int argc, char *argv[] )
|
int main( int argc, char *argv[] )
|
||||||
{
|
{
|
||||||
@ -57,7 +57,7 @@ int main( int argc, char *argv[] )
|
|||||||
|
|
||||||
polarssl_printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_ENTROPY_C "
|
polarssl_printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_ENTROPY_C "
|
||||||
"and/or POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
|
"and/or POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
|
||||||
"POLARSSL_SHA1_C and/or POLARSSL_FS_IO and/or "
|
"POLARSSL_SHA256_C and/or POLARSSL_FS_IO and/or "
|
||||||
"POLARSSL_CTR_DRBG_C not defined.\n");
|
"POLARSSL_CTR_DRBG_C not defined.\n");
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
@ -193,7 +193,7 @@ int main( int argc, char *argv[] )
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* 5. Check that the server's RSA signature matches
|
* 5. Check that the server's RSA signature matches
|
||||||
* the SHA-1 hash of (P,G,Ys)
|
* the SHA-256 hash of (P,G,Ys)
|
||||||
*/
|
*/
|
||||||
polarssl_printf( "\n . Verifying the server's RSA signature" );
|
polarssl_printf( "\n . Verifying the server's RSA signature" );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
@ -210,7 +210,7 @@ int main( int argc, char *argv[] )
|
|||||||
sha1( buf, (int)( p - 2 - buf ), hash );
|
sha1( buf, (int)( p - 2 - buf ), hash );
|
||||||
|
|
||||||
if( ( ret = rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC,
|
if( ( ret = rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC,
|
||||||
POLARSSL_MD_SHA1, 0, hash, p ) ) != 0 )
|
POLARSSL_MD_SHA256, 0, hash, p ) ) != 0 )
|
||||||
{
|
{
|
||||||
polarssl_printf( " failed\n ! rsa_pkcs1_verify returned %d\n\n", ret );
|
polarssl_printf( " failed\n ! rsa_pkcs1_verify returned %d\n\n", ret );
|
||||||
goto exit;
|
goto exit;
|
||||||
@ -297,5 +297,5 @@ exit:
|
|||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_ENTROPY_C &&
|
#endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_ENTROPY_C &&
|
||||||
POLARSSL_NET_C && POLARSSL_RSA_C && POLARSSL_SHA1_C &&
|
POLARSSL_NET_C && POLARSSL_RSA_C && POLARSSL_SHA256_C &&
|
||||||
POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */
|
POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */
|
||||||
|
@ -48,7 +48,7 @@
|
|||||||
|
|
||||||
#if !defined(POLARSSL_AES_C) || !defined(POLARSSL_DHM_C) || \
|
#if !defined(POLARSSL_AES_C) || !defined(POLARSSL_DHM_C) || \
|
||||||
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_NET_C) || \
|
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_NET_C) || \
|
||||||
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA1_C) || \
|
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA256_C) || \
|
||||||
!defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C)
|
!defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C)
|
||||||
int main( int argc, char *argv[] )
|
int main( int argc, char *argv[] )
|
||||||
{
|
{
|
||||||
@ -57,7 +57,7 @@ int main( int argc, char *argv[] )
|
|||||||
|
|
||||||
polarssl_printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_ENTROPY_C "
|
polarssl_printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_ENTROPY_C "
|
||||||
"and/or POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
|
"and/or POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
|
||||||
"POLARSSL_SHA1_C and/or POLARSSL_FS_IO and/or "
|
"POLARSSL_SHA256_C and/or POLARSSL_FS_IO and/or "
|
||||||
"POLARSSL_CTR_DBRG_C not defined.\n");
|
"POLARSSL_CTR_DBRG_C not defined.\n");
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
@ -201,7 +201,7 @@ int main( int argc, char *argv[] )
|
|||||||
buf[n ] = (unsigned char)( rsa.len >> 8 );
|
buf[n ] = (unsigned char)( rsa.len >> 8 );
|
||||||
buf[n + 1] = (unsigned char)( rsa.len );
|
buf[n + 1] = (unsigned char)( rsa.len );
|
||||||
|
|
||||||
if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, POLARSSL_MD_SHA1,
|
if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, POLARSSL_MD_SHA256,
|
||||||
0, hash, buf + n + 2 ) ) != 0 )
|
0, hash, buf + n + 2 ) ) != 0 )
|
||||||
{
|
{
|
||||||
polarssl_printf( " failed\n ! rsa_pkcs1_sign returned %d\n\n", ret );
|
polarssl_printf( " failed\n ! rsa_pkcs1_sign returned %d\n\n", ret );
|
||||||
@ -298,5 +298,5 @@ exit:
|
|||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_ENTROPY_C &&
|
#endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_ENTROPY_C &&
|
||||||
POLARSSL_NET_C && POLARSSL_RSA_C && POLARSSL_SHA1_C &&
|
POLARSSL_NET_C && POLARSSL_RSA_C && POLARSSL_SHA256_C &&
|
||||||
POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */
|
POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */
|
||||||
|
@ -47,7 +47,7 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
|
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
|
||||||
!defined(POLARSSL_SHA1_C) || \
|
!defined(POLARSSL_SHA256_C) || \
|
||||||
!defined(POLARSSL_PK_PARSE_C) || !defined(POLARSSL_FS_IO) || \
|
!defined(POLARSSL_PK_PARSE_C) || !defined(POLARSSL_FS_IO) || \
|
||||||
!defined(POLARSSL_CTR_DRBG_C)
|
!defined(POLARSSL_CTR_DRBG_C)
|
||||||
int main( int argc, char *argv[] )
|
int main( int argc, char *argv[] )
|
||||||
@ -56,7 +56,7 @@ int main( int argc, char *argv[] )
|
|||||||
((void) argv);
|
((void) argv);
|
||||||
|
|
||||||
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
|
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
|
||||||
"POLARSSL_SHA1_C and/or "
|
"POLARSSL_SHA256_C and/or "
|
||||||
"POLARSSL_PK_PARSE_C and/or POLARSSL_FS_IO and/or "
|
"POLARSSL_PK_PARSE_C and/or POLARSSL_FS_IO and/or "
|
||||||
"POLARSSL_CTR_DRBG_C not defined.\n");
|
"POLARSSL_CTR_DRBG_C not defined.\n");
|
||||||
return( 0 );
|
return( 0 );
|
||||||
@ -111,10 +111,10 @@ int main( int argc, char *argv[] )
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Compute the SHA-1 hash of the input file,
|
* Compute the SHA-256 hash of the input file,
|
||||||
* then calculate the signature of the hash.
|
* then calculate the signature of the hash.
|
||||||
*/
|
*/
|
||||||
polarssl_printf( "\n . Generating the SHA-1 signature" );
|
polarssl_printf( "\n . Generating the SHA-256 signature" );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
|
|
||||||
if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
|
if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
|
||||||
@ -123,7 +123,7 @@ int main( int argc, char *argv[] )
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ( ret = pk_sign( &pk, POLARSSL_MD_SHA1, hash, 0, buf, &olen,
|
if( ( ret = pk_sign( &pk, POLARSSL_MD_SHA256, hash, 0, buf, &olen,
|
||||||
ctr_drbg_random, &ctr_drbg ) ) != 0 )
|
ctr_drbg_random, &ctr_drbg ) ) != 0 )
|
||||||
{
|
{
|
||||||
polarssl_printf( " failed\n ! pk_sign returned -0x%04x\n", -ret );
|
polarssl_printf( " failed\n ! pk_sign returned -0x%04x\n", -ret );
|
||||||
@ -170,5 +170,5 @@ exit:
|
|||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C &&
|
#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C &&
|
||||||
POLARSSL_SHA1_C && POLARSSL_PK_PARSE_C && POLARSSL_FS_IO &&
|
POLARSSL_SHA256_C && POLARSSL_PK_PARSE_C && POLARSSL_FS_IO &&
|
||||||
POLARSSL_CTR_DRBG_C */
|
POLARSSL_CTR_DRBG_C */
|
||||||
|
@ -45,7 +45,7 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if !defined(POLARSSL_BIGNUM_C) || \
|
#if !defined(POLARSSL_BIGNUM_C) || \
|
||||||
!defined(POLARSSL_SHA1_C) || !defined(POLARSSL_PK_PARSE_C) || \
|
!defined(POLARSSL_SHA256_C) || !defined(POLARSSL_PK_PARSE_C) || \
|
||||||
!defined(POLARSSL_FS_IO)
|
!defined(POLARSSL_FS_IO)
|
||||||
int main( int argc, char *argv[] )
|
int main( int argc, char *argv[] )
|
||||||
{
|
{
|
||||||
@ -53,7 +53,7 @@ int main( int argc, char *argv[] )
|
|||||||
((void) argv);
|
((void) argv);
|
||||||
|
|
||||||
polarssl_printf("POLARSSL_BIGNUM_C and/or "
|
polarssl_printf("POLARSSL_BIGNUM_C and/or "
|
||||||
"POLARSSL_SHA1_C and/or POLARSSL_PK_PARSE_C and/or "
|
"POLARSSL_SHA256_C and/or POLARSSL_PK_PARSE_C and/or "
|
||||||
"POLARSSL_FS_IO not defined.\n");
|
"POLARSSL_FS_IO not defined.\n");
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
@ -108,10 +108,10 @@ int main( int argc, char *argv[] )
|
|||||||
fclose( f );
|
fclose( f );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Compute the SHA-1 hash of the input file and compare
|
* Compute the SHA-256 hash of the input file and compare
|
||||||
* it with the hash decrypted from the signature.
|
* it with the hash decrypted from the signature.
|
||||||
*/
|
*/
|
||||||
polarssl_printf( "\n . Verifying the SHA-1 signature" );
|
polarssl_printf( "\n . Verifying the SHA-256 signature" );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
|
|
||||||
if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
|
if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
|
||||||
@ -120,14 +120,14 @@ int main( int argc, char *argv[] )
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ( ret = pk_verify( &pk, POLARSSL_MD_SHA1, hash, 0,
|
if( ( ret = pk_verify( &pk, POLARSSL_MD_SHA256, hash, 0,
|
||||||
buf, i ) ) != 0 )
|
buf, i ) ) != 0 )
|
||||||
{
|
{
|
||||||
polarssl_printf( " failed\n ! pk_verify returned -0x%04x\n", -ret );
|
polarssl_printf( " failed\n ! pk_verify returned -0x%04x\n", -ret );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
polarssl_printf( "\n . OK (the decrypted SHA-1 hash matches)\n\n" );
|
polarssl_printf( "\n . OK (the decrypted SHA-256 hash matches)\n\n" );
|
||||||
|
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
|
||||||
@ -146,5 +146,5 @@ exit:
|
|||||||
|
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_BIGNUM_C && POLARSSL_SHA1_C &&
|
#endif /* POLARSSL_BIGNUM_C && POLARSSL_SHA256_C &&
|
||||||
POLARSSL_PK_PARSE_C && POLARSSL_FS_IO */
|
POLARSSL_PK_PARSE_C && POLARSSL_FS_IO */
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* RSA/SHA-1 signature creation program
|
* RSA/SHA-256 signature creation program
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
|
* Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
|
||||||
*
|
*
|
||||||
@ -40,14 +40,14 @@
|
|||||||
#include "polarssl/sha1.h"
|
#include "polarssl/sha1.h"
|
||||||
|
|
||||||
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
|
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
|
||||||
!defined(POLARSSL_SHA1_C) || !defined(POLARSSL_FS_IO)
|
!defined(POLARSSL_SHA256_C) || !defined(POLARSSL_FS_IO)
|
||||||
int main( int argc, char *argv[] )
|
int main( int argc, char *argv[] )
|
||||||
{
|
{
|
||||||
((void) argc);
|
((void) argc);
|
||||||
((void) argv);
|
((void) argv);
|
||||||
|
|
||||||
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
|
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
|
||||||
"POLARSSL_SHA1_C and/or POLARSSL_FS_IO not defined.\n");
|
"POLARSSL_SHA256_C and/or POLARSSL_FS_IO not defined.\n");
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
@ -112,10 +112,10 @@ int main( int argc, char *argv[] )
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Compute the SHA-1 hash of the input file,
|
* Compute the SHA-256 hash of the input file,
|
||||||
* then calculate the RSA signature of the hash.
|
* then calculate the RSA signature of the hash.
|
||||||
*/
|
*/
|
||||||
polarssl_printf( "\n . Generating the RSA/SHA-1 signature" );
|
polarssl_printf( "\n . Generating the RSA/SHA-256 signature" );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
|
|
||||||
if( ( ret = sha1_file( argv[1], hash ) ) != 0 )
|
if( ( ret = sha1_file( argv[1], hash ) ) != 0 )
|
||||||
@ -124,7 +124,7 @@ int main( int argc, char *argv[] )
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, POLARSSL_MD_SHA1,
|
if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, POLARSSL_MD_SHA256,
|
||||||
20, hash, buf ) ) != 0 )
|
20, hash, buf ) ) != 0 )
|
||||||
{
|
{
|
||||||
polarssl_printf( " failed\n ! rsa_pkcs1_sign returned -0x%0x\n\n", -ret );
|
polarssl_printf( " failed\n ! rsa_pkcs1_sign returned -0x%0x\n\n", -ret );
|
||||||
@ -160,5 +160,5 @@ exit:
|
|||||||
|
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA1_C &&
|
#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA256_C &&
|
||||||
POLARSSL_FS_IO */
|
POLARSSL_FS_IO */
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* RSASSA-PSS/SHA-1 signature creation program
|
* RSASSA-PSS/SHA-256 signature creation program
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
|
* Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
|
||||||
*
|
*
|
||||||
@ -47,7 +47,7 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
|
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
|
||||||
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA1_C) || \
|
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA256_C) || \
|
||||||
!defined(POLARSSL_PK_PARSE_C) || !defined(POLARSSL_FS_IO) || \
|
!defined(POLARSSL_PK_PARSE_C) || !defined(POLARSSL_FS_IO) || \
|
||||||
!defined(POLARSSL_CTR_DRBG_C)
|
!defined(POLARSSL_CTR_DRBG_C)
|
||||||
int main( int argc, char *argv[] )
|
int main( int argc, char *argv[] )
|
||||||
@ -56,7 +56,7 @@ int main( int argc, char *argv[] )
|
|||||||
((void) argv);
|
((void) argv);
|
||||||
|
|
||||||
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
|
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
|
||||||
"POLARSSL_RSA_C and/or POLARSSL_SHA1_C and/or "
|
"POLARSSL_RSA_C and/or POLARSSL_SHA256_C and/or "
|
||||||
"POLARSSL_PK_PARSE_C and/or POLARSSL_FS_IO and/or "
|
"POLARSSL_PK_PARSE_C and/or POLARSSL_FS_IO and/or "
|
||||||
"POLARSSL_CTR_DRBG_C not defined.\n");
|
"POLARSSL_CTR_DRBG_C not defined.\n");
|
||||||
return( 0 );
|
return( 0 );
|
||||||
@ -118,13 +118,13 @@ int main( int argc, char *argv[] )
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
rsa_set_padding( pk_rsa( pk ), RSA_PKCS_V21, POLARSSL_MD_SHA1 );
|
rsa_set_padding( pk_rsa( pk ), RSA_PKCS_V21, POLARSSL_MD_SHA256 );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Compute the SHA-1 hash of the input file,
|
* Compute the SHA-256 hash of the input file,
|
||||||
* then calculate the RSA signature of the hash.
|
* then calculate the RSA signature of the hash.
|
||||||
*/
|
*/
|
||||||
polarssl_printf( "\n . Generating the RSA/SHA-1 signature" );
|
polarssl_printf( "\n . Generating the RSA/SHA-256 signature" );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
|
|
||||||
if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
|
if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
|
||||||
@ -133,7 +133,7 @@ int main( int argc, char *argv[] )
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ( ret = pk_sign( &pk, POLARSSL_MD_SHA1, hash, 0, buf, &olen,
|
if( ( ret = pk_sign( &pk, POLARSSL_MD_SHA256, hash, 0, buf, &olen,
|
||||||
ctr_drbg_random, &ctr_drbg ) ) != 0 )
|
ctr_drbg_random, &ctr_drbg ) ) != 0 )
|
||||||
{
|
{
|
||||||
polarssl_printf( " failed\n ! pk_sign returned %d\n\n", ret );
|
polarssl_printf( " failed\n ! pk_sign returned %d\n\n", ret );
|
||||||
@ -175,5 +175,5 @@ exit:
|
|||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_RSA_C &&
|
#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_RSA_C &&
|
||||||
POLARSSL_SHA1_C && POLARSSL_PK_PARSE_C && POLARSSL_FS_IO &&
|
POLARSSL_SHA256_C && POLARSSL_PK_PARSE_C && POLARSSL_FS_IO &&
|
||||||
POLARSSL_CTR_DRBG_C */
|
POLARSSL_CTR_DRBG_C */
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* RSA/SHA-1 signature verification program
|
* RSA/SHA-256 signature verification program
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
|
* Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
|
||||||
*
|
*
|
||||||
@ -39,14 +39,14 @@
|
|||||||
#include "polarssl/sha1.h"
|
#include "polarssl/sha1.h"
|
||||||
|
|
||||||
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
|
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
|
||||||
!defined(POLARSSL_SHA1_C) || !defined(POLARSSL_FS_IO)
|
!defined(POLARSSL_SHA256_C) || !defined(POLARSSL_FS_IO)
|
||||||
int main( int argc, char *argv[] )
|
int main( int argc, char *argv[] )
|
||||||
{
|
{
|
||||||
((void) argc);
|
((void) argc);
|
||||||
((void) argv);
|
((void) argv);
|
||||||
|
|
||||||
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
|
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
|
||||||
"POLARSSL_SHA1_C and/or POLARSSL_FS_IO not defined.\n");
|
"POLARSSL_SHA256_C and/or POLARSSL_FS_IO not defined.\n");
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
@ -122,10 +122,10 @@ int main( int argc, char *argv[] )
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Compute the SHA-1 hash of the input file and compare
|
* Compute the SHA-256 hash of the input file and compare
|
||||||
* it with the hash decrypted from the RSA signature.
|
* it with the hash decrypted from the RSA signature.
|
||||||
*/
|
*/
|
||||||
polarssl_printf( "\n . Verifying the RSA/SHA-1 signature" );
|
polarssl_printf( "\n . Verifying the RSA/SHA-256 signature" );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
|
|
||||||
if( ( ret = sha1_file( argv[1], hash ) ) != 0 )
|
if( ( ret = sha1_file( argv[1], hash ) ) != 0 )
|
||||||
@ -135,13 +135,13 @@ int main( int argc, char *argv[] )
|
|||||||
}
|
}
|
||||||
|
|
||||||
if( ( ret = rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC,
|
if( ( ret = rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC,
|
||||||
POLARSSL_MD_SHA1, 20, hash, buf ) ) != 0 )
|
POLARSSL_MD_SHA256, 20, hash, buf ) ) != 0 )
|
||||||
{
|
{
|
||||||
polarssl_printf( " failed\n ! rsa_pkcs1_verify returned -0x%0x\n\n", -ret );
|
polarssl_printf( " failed\n ! rsa_pkcs1_verify returned -0x%0x\n\n", -ret );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
polarssl_printf( "\n . OK (the decrypted SHA-1 hash matches)\n\n" );
|
polarssl_printf( "\n . OK (the decrypted SHA-256 hash matches)\n\n" );
|
||||||
|
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
|
||||||
@ -154,5 +154,5 @@ exit:
|
|||||||
|
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA1_C &&
|
#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA256_C &&
|
||||||
POLARSSL_FS_IO */
|
POLARSSL_FS_IO */
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* RSASSA-PSS/SHA-1 signature verification program
|
* RSASSA-PSS/SHA-256 signature verification program
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
|
* Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
|
||||||
*
|
*
|
||||||
@ -46,7 +46,7 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
|
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
|
||||||
!defined(POLARSSL_SHA1_C) || !defined(POLARSSL_PK_PARSE_C) || \
|
!defined(POLARSSL_SHA256_C) || !defined(POLARSSL_PK_PARSE_C) || \
|
||||||
!defined(POLARSSL_FS_IO)
|
!defined(POLARSSL_FS_IO)
|
||||||
int main( int argc, char *argv[] )
|
int main( int argc, char *argv[] )
|
||||||
{
|
{
|
||||||
@ -54,7 +54,7 @@ int main( int argc, char *argv[] )
|
|||||||
((void) argv);
|
((void) argv);
|
||||||
|
|
||||||
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
|
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
|
||||||
"POLARSSL_SHA1_C and/or POLARSSL_PK_PARSE_C and/or "
|
"POLARSSL_SHA256_C and/or POLARSSL_PK_PARSE_C and/or "
|
||||||
"POLARSSL_FS_IO not defined.\n");
|
"POLARSSL_FS_IO not defined.\n");
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
@ -99,7 +99,7 @@ int main( int argc, char *argv[] )
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
rsa_set_padding( pk_rsa( pk ), RSA_PKCS_V21, POLARSSL_MD_SHA1 );
|
rsa_set_padding( pk_rsa( pk ), RSA_PKCS_V21, POLARSSL_MD_SHA256 );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Extract the RSA signature from the text file
|
* Extract the RSA signature from the text file
|
||||||
@ -119,10 +119,10 @@ int main( int argc, char *argv[] )
|
|||||||
fclose( f );
|
fclose( f );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Compute the SHA-1 hash of the input file and compare
|
* Compute the SHA-256 hash of the input file and compare
|
||||||
* it with the hash decrypted from the RSA signature.
|
* it with the hash decrypted from the RSA signature.
|
||||||
*/
|
*/
|
||||||
polarssl_printf( "\n . Verifying the RSA/SHA-1 signature" );
|
polarssl_printf( "\n . Verifying the RSA/SHA-256 signature" );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
|
|
||||||
if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
|
if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
|
||||||
@ -131,14 +131,14 @@ int main( int argc, char *argv[] )
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ( ret = pk_verify( &pk, POLARSSL_MD_SHA1, hash, 0,
|
if( ( ret = pk_verify( &pk, POLARSSL_MD_SHA256, hash, 0,
|
||||||
buf, i ) ) != 0 )
|
buf, i ) ) != 0 )
|
||||||
{
|
{
|
||||||
polarssl_printf( " failed\n ! pk_verify returned %d\n\n", ret );
|
polarssl_printf( " failed\n ! pk_verify returned %d\n\n", ret );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
polarssl_printf( "\n . OK (the decrypted SHA-1 hash matches)\n\n" );
|
polarssl_printf( "\n . OK (the decrypted SHA-256 hash matches)\n\n" );
|
||||||
|
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
|
||||||
@ -152,5 +152,5 @@ exit:
|
|||||||
|
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA1_C &&
|
#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA256_C &&
|
||||||
POLARSSL_PK_PARSE_C && POLARSSL_FS_IO */
|
POLARSSL_PK_PARSE_C && POLARSSL_FS_IO */
|
||||||
|
@ -149,7 +149,7 @@ int main( int argc, char *argv[] )
|
|||||||
* Set to sane values
|
* Set to sane values
|
||||||
*/
|
*/
|
||||||
x509write_csr_init( &req );
|
x509write_csr_init( &req );
|
||||||
x509write_csr_set_md_alg( &req, POLARSSL_MD_SHA1 );
|
x509write_csr_set_md_alg( &req, POLARSSL_MD_SHA256 );
|
||||||
pk_init( &key );
|
pk_init( &key );
|
||||||
memset( buf, 0, sizeof( buf ) );
|
memset( buf, 0, sizeof( buf ) );
|
||||||
|
|
||||||
|
@ -209,7 +209,7 @@ int main( int argc, char *argv[] )
|
|||||||
* Set to sane values
|
* Set to sane values
|
||||||
*/
|
*/
|
||||||
x509write_crt_init( &crt );
|
x509write_crt_init( &crt );
|
||||||
x509write_crt_set_md_alg( &crt, POLARSSL_MD_SHA1 );
|
x509write_crt_set_md_alg( &crt, POLARSSL_MD_SHA256 );
|
||||||
pk_init( &loaded_issuer_key );
|
pk_init( &loaded_issuer_key );
|
||||||
pk_init( &loaded_subject_key );
|
pk_init( &loaded_subject_key );
|
||||||
mpi_init( &serial );
|
mpi_init( &serial );
|
||||||
|
Loading…
Reference in New Issue
Block a user