diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-30 10:36:59 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-31 10:33:47 +0200 |
| commit | 2f71bc636a1a7e294d1bd3bb4f33389fd2be6235 (patch) | |
| tree | 76b325fb7fffff4fb0ebdd8aa39e719d6a7cdffb | |
| parent | 18f58ec65e9cf19d5550f9a18fbd323de675319b (diff) | |
| download | gnutls-2f71bc636a1a7e294d1bd3bb4f33389fd2be6235.tar.gz | |
tests: do not utilize GNUTLS_VERIFY_USE_RSA_PSS
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | tests/privkey-verify-broken.c | 44 |
1 files changed, 21 insertions, 23 deletions
diff --git a/tests/privkey-verify-broken.c b/tests/privkey-verify-broken.c index 7d7c84c7a0..463a3f1496 100644 --- a/tests/privkey-verify-broken.c +++ b/tests/privkey-verify-broken.c @@ -45,22 +45,30 @@ const gnutls_datum_t raw_data = { 11 }; -static int sign_verify_data2(gnutls_x509_privkey_t pkey, unsigned algo, unsigned sflags, unsigned vflags) +static int sign_verify_data(gnutls_x509_privkey_t pkey, gnutls_sign_algorithm_t algo, unsigned vflags) { int ret; gnutls_privkey_t privkey; gnutls_pubkey_t pubkey; gnutls_datum_t signature; gnutls_pk_algorithm_t pk; + gnutls_digest_algorithm_t dig; + unsigned sflags = 0; /* sign arbitrary data */ assert(gnutls_privkey_init(&privkey) >= 0); + pk = gnutls_sign_get_pk_algorithm(algo); + dig = gnutls_sign_get_hash_algorithm(algo); + + if (pk == GNUTLS_PK_RSA_PSS) + sflags |= GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS; + ret = gnutls_privkey_import_x509(privkey, pkey, 0); if (ret < 0) fail("gnutls_pubkey_import_x509\n"); - ret = gnutls_privkey_sign_data(privkey, algo, sflags, + ret = gnutls_privkey_sign_data(privkey, dig, sflags, &raw_data, &signature); if (ret < 0) { ret = -1; @@ -74,12 +82,7 @@ static int sign_verify_data2(gnutls_x509_privkey_t pkey, unsigned algo, unsigned if (ret < 0) fail("gnutls_pubkey_import_privkey\n"); - if (sflags & GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS) - pk = GNUTLS_PK_RSA_PSS; - else - pk = gnutls_pubkey_get_pk_algorithm(pubkey, NULL); - - ret = gnutls_pubkey_verify_data2(pubkey, gnutls_pk_to_sign(pk, algo), + ret = gnutls_pubkey_verify_data2(pubkey, algo, vflags, &raw_data, &signature); if (ret < 0) { ret = -1; @@ -95,11 +98,6 @@ static int sign_verify_data2(gnutls_x509_privkey_t pkey, unsigned algo, unsigned return ret; } -static int sign_verify_data(gnutls_x509_privkey_t pkey, unsigned algo, unsigned vflags) -{ - return sign_verify_data2(pkey, algo, 0, vflags); -} - void doit(void) { gnutls_x509_privkey_t pkey; @@ -124,36 +122,36 @@ void doit(void) } #ifndef ALLOW_SHA1 - if (sign_verify_data(pkey, GNUTLS_DIG_SHA1, 0) >= 0) + if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_SHA1, 0) >= 0) fail("succeeded verification with SHA1!\n"); #endif - if (sign_verify_data(pkey, GNUTLS_DIG_SHA1, GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1) < 0) + if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_SHA1, GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1) < 0) fail("failed verification with SHA1 and override flags!\n"); - if (sign_verify_data(pkey, GNUTLS_DIG_SHA1, GNUTLS_VERIFY_ALLOW_BROKEN) < 0) + if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_SHA1, GNUTLS_VERIFY_ALLOW_BROKEN) < 0) fail("failed verification with SHA1 and override flags2!\n"); - if (sign_verify_data(pkey, GNUTLS_DIG_MD5, 0) >= 0) + if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_MD5, 0) >= 0) fail("succeeded verification with MD5!\n"); if (!gnutls_fips140_mode_enabled()) { - if (sign_verify_data(pkey, GNUTLS_DIG_MD5, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5) < 0) + if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_MD5, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5) < 0) fail("failed verification with MD5 and override flags!\n"); - if (sign_verify_data(pkey, GNUTLS_DIG_MD5, GNUTLS_VERIFY_ALLOW_BROKEN) < 0) + if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_MD5, GNUTLS_VERIFY_ALLOW_BROKEN) < 0) fail("failed verification with MD5 and override flags2!\n"); } - if (sign_verify_data(pkey, GNUTLS_DIG_SHA256, 0) < 0) + if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_SHA256, 0) < 0) fail("failed verification with SHA256!\n"); - if (sign_verify_data(pkey, GNUTLS_DIG_SHA512, 0) < 0) + if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_SHA512, 0) < 0) fail("failed verification with SHA512!\n"); - if (sign_verify_data(pkey, GNUTLS_DIG_SHA3_256, 0) < 0) + if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_SHA3_256, 0) < 0) fail("failed verification with SHA3-256!\n"); - if (sign_verify_data2(pkey, GNUTLS_DIG_SHA256, GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS, GNUTLS_VERIFY_USE_RSA_PSS) < 0) + if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_PSS_SHA256, 0) < 0) fail("failed verification with SHA256 with PSS!\n"); gnutls_x509_privkey_deinit(pkey); |