commit 920e1cd5e21aa29aaaca4c823deb5be84f3c871b
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Jun 02 18:11:07 2014 +0200
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Jun 04 12:09:08 2014 +0200
tree d7b4df88fdc166ebae1f41bcdfbec3d3fb4338ce
parent e6d1d82b66d4c63fb1a616b4174dc427ffc562dd

Add basic PSS cert verification

Still todo:
- handle MGF-hash != sign-hash
- check effective salt len == announced salt len
- add support in the PK layer so that we don't have to bypass it here

tests/suites/test_suite_x509parse.data

diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 59bd2fb..3dff51e 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -570,6 +570,38 @@
 depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C:POLARSSL_X509_CHECK_KEY_USAGE:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP384R1_ENABLED
 x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-ds.crt":"data_files/crl-ec-sha256.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
 
+X509 Certificate verification #57 (Valid, RSASSA-PSS, SHA-1)
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C
+x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+
+X509 Certificate verification #58 (Valid, RSASSA-PSS, SHA-224)
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C
+x509_verify:"data_files/server9-sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+
+X509 Certificate verification #59 (Valid, RSASSA-PSS, SHA-256)
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C
+x509_verify:"data_files/server9-sha256.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+
+X509 Certificate verification #60 (Valid, RSASSA-PSS, SHA-384)
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C
+x509_verify:"data_files/server9-sha384.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+
+X509 Certificate verification #61 (Valid, RSASSA-PSS, SHA-512)
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C
+x509_verify:"data_files/server9-sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+
+X509 Certificate verification #57 (Valid, RSASSA-PSS, SHA-1, not top)
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C
+x509_verify:"data_files/server9-with-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+
+X509 Certificate verification #62 (RSASSA-PSS, SHA1, bad signature)
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C
+x509_verify:"data_files/server9-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
+
+X509 Certificate verification #63 (RSASSA-PSS, SHA1, no RSA CA)
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C
+x509_verify:"data_files/server9.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
+
 X509 Parse Selftest
 depends_on:POLARSSL_SHA1_C:POLARSSL_PEM_PARSE_C:POLARSSL_CERTS_C
 x509_selftest: