mbedtls

AuroraMiddleware/mbedtls

Fork 0

Commit Graph

Author	SHA1	Message	Date
Manuel Pégourié-Gonnard	e459be2ed1	Complete discussion of RSASSA-PSS Update to latest draft of PSA Crypto 1.1.0: back to strict verification by default, but ANY_SALT introduced. Commands used to observe default values of saltlen: openssl genpkey -algorithm rsa-pss -out o.key openssl req -x509 -new -key o.key -subj "/CN=CA" -sha256 -out o.crt certtool --generate-privkey --key-type rsa-pss --outfile g.key certtool --generate-self-signed --load-privkey g.key --outfile g.crt Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard	f5ee4b3da4	Add data about RSA-PSS test files Data gathered with: for c in server9.crt; do echo $c; openssl x509 -noout -text -in $c \| grep '^ Signature Algorithm: rsassaPss' -A3 \| sed '1d'; done for c in crl-rsa-pss-; do echo $c; openssl crl -noout -text -in $c \| grep '^ Signature Algorithm: rsassaPss' -A3 \| sed '1d'; done for c in server9.req.*; do echo $c; openssl req -noout -text -in $c \| grep '^ Signature Algorithm: rsassaPss' -A3 \| sed '1d'; done Unfortunately there is no record of how these files have been generated. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard	d9edd56bf8	Document PSA limitations that could be problems (WIP: the study of RSA-PSS is incomplete.) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:14 +01:00

Author

SHA1

Message

Date

Manuel Pégourié-Gonnard

e459be2ed1

Complete discussion of RSASSA-PSS

Update to latest draft of PSA Crypto 1.1.0: back to strict verification
by default, but ANY_SALT introduced.

Commands used to observe default values of saltlen:

    openssl genpkey -algorithm rsa-pss -out o.key
    openssl req -x509 -new -key o.key -subj "/CN=CA" -sha256 -out o.crt

    certtool --generate-privkey --key-type rsa-pss --outfile g.key
    certtool --generate-self-signed --load-privkey g.key --outfile g.crt

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

2022-01-18 09:13:14 +01:00

Manuel Pégourié-Gonnard

f5ee4b3da4

Add data about RSA-PSS test files

Data gathered with:

    for c in server9*.crt; do echo $c; openssl x509 -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done
    for c in crl-rsa-pss-*; do echo $c; openssl crl -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done
    for c in server9.req.*; do echo $c; openssl req -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done

Unfortunately there is no record of how these files have been generated.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

2022-01-18 09:13:14 +01:00

Manuel Pégourié-Gonnard

d9edd56bf8

Document PSA limitations that could be problems

(WIP: the study of RSA-PSS is incomplete.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

2022-01-18 09:13:14 +01:00

3 Commits