Fix RSASSA-PSS example programs
diff --git a/ChangeLog b/ChangeLog
index 89d159f..8b7ec68 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -29,6 +29,7 @@
* Fixed version-major intolerance in server
* Fixed CMake symlinking on out-of-source builds
* Fixed dependency issues in test suite
+ * Programs rsa_sign_pss and rsa_verify_pss were not using PSS since 1.3.0
= PolarSSL 1.3.4 released on 2014-01-27
Features
diff --git a/include/polarssl/rsa.h b/include/polarssl/rsa.h
index 504dde2..d8c8341 100644
--- a/include/polarssl/rsa.h
+++ b/include/polarssl/rsa.h
@@ -128,6 +128,21 @@
int hash_id);
/**
+ * \brief Set padding for an already initialized RSA context
+ *
+ * Note: Set padding to RSA_PKCS_V21 for the RSAES-OAEP
+ * encryption scheme and the RSASSA-PSS signature scheme.
+ *
+ * \param ctx RSA context to be set
+ * \param padding RSA_PKCS_V15 or RSA_PKCS_V21
+ * \param hash_id RSA_PKCS_V21 hash identifier
+ *
+ * \note The hash_id parameter is actually ignored
+ * when using RSA_PKCS_V15 padding.
+ */
+void rsa_set_padding( rsa_context *ctx, int padding, int hash_id);
+
+/**
* \brief Generate an RSA keypair
*
* \param ctx RSA context that will hold the key
diff --git a/library/rsa.c b/library/rsa.c
index 3a1ea35..bf60c6f 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -58,14 +58,22 @@
{
memset( ctx, 0, sizeof( rsa_context ) );
- ctx->padding = padding;
- ctx->hash_id = hash_id;
+ rsa_set_padding( ctx, padding, hash_id );
#if defined(POLARSSL_THREADING_C)
polarssl_mutex_init( &ctx->mutex );
#endif
}
+/*
+ * Set padding for an existing RSA context
+ */
+void rsa_set_padding( rsa_context *ctx, int padding, int hash_id )
+{
+ ctx->padding = padding;
+ ctx->hash_id = hash_id;
+}
+
#if defined(POLARSSL_GENPRIME)
/*
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index fecfcc2..7e8ac4a 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -101,7 +101,8 @@
if( ( ret = pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
{
ret = 1;
- printf( " failed\n ! Could not open '%s'\n", argv[1] );
+ printf( " failed\n ! Could not read key from '%s'\n", argv[1] );
+ printf( " ! pk_parse_public_keyfile returned %d\n\n", ret );
goto exit;
}
@@ -112,6 +113,8 @@
goto exit;
}
+ rsa_set_padding( pk_rsa( pk ), RSA_PKCS_V21, POLARSSL_MD_SHA1 );
+
/*
* Compute the SHA-1 hash of the input file,
* then calculate the RSA signature of the hash.
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index 2ac5a5b..b41bcf8 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -81,7 +81,8 @@
if( ( ret = pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
{
- printf( " failed\n ! pk_parse_public_keyfile returned %d\n\n", ret );
+ printf( " failed\n ! Could not read key from '%s'\n", argv[1] );
+ printf( " ! pk_parse_public_keyfile returned %d\n\n", ret );
goto exit;
}
@@ -92,6 +93,8 @@
goto exit;
}
+ rsa_set_padding( pk_rsa( pk ), RSA_PKCS_V21, POLARSSL_MD_SHA1 );
+
/*
* Extract the RSA signature from the text file
*/