Skip to content

Commit

Permalink
duh
Browse files Browse the repository at this point in the history
  • Loading branch information
@DmitriyMusatkin
DmitriyMusatkin committed Oct 30, 2024
1 parent c7f549d commit 798f13e
Show file tree
Hide file tree
Showing 5 changed files with 14 additions and 10 deletions.
3 changes: 1 addition & 2 deletions source/rsa.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,8 +145,7 @@ int aws_rsa_key_pair_sign_message(
AWS_PRECONDITION(aws_byte_cursor_is_valid(&digest));

AWS_FATAL_ASSERT(
algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA256 ||
algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1 ||
algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA256 || algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1 ||
algorithm == AWS_CAL_RSA_SIGNATURE_PSS_SHA256);

if (digest.len > AWS_SHA256_LEN) {
Expand Down
9 changes: 6 additions & 3 deletions source/unix/openssl_rsa.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -238,10 +238,13 @@ static int s_set_signature_ctx_from_algo(EVP_PKEY_CTX *ctx, enum aws_rsa_signatu
return AWS_OP_ERR;
}
if (algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA256 &&
s_reinterpret_evp_error_as_crt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), "EVP_PKEY_CTX_set_signature_md")) {
s_reinterpret_evp_error_as_crt(
EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), "EVP_PKEY_CTX_set_signature_md")) {
return AWS_OP_ERR;
} else if (algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1 &&
s_reinterpret_evp_error_as_crt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha1()), "EVP_PKEY_CTX_set_signature_md")) {
} else if (
algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1 &&
s_reinterpret_evp_error_as_crt(
EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha1()), "EVP_PKEY_CTX_set_signature_md")) {

} else {
AWS_LOGF_ERROR(AWS_LS_CAL_RSA, "Unsupported RSA signing algorithm: %d", algorithm);
Expand Down
6 changes: 4 additions & 2 deletions source/windows/bcrypt_rsa.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,8 @@ static int s_rsa_sign(
}

ULONG length_written = 0;
bool is_pkcs1_padding = (algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA256 || algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1);
bool is_pkcs1_padding =
(algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA256 || algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1);
NTSTATUS status = BCryptSignHash(
key_pair_impl->key_handle,
&padding_info,
Expand Down Expand Up @@ -248,7 +249,8 @@ static int s_rsa_verify(
return aws_raise_error(AWS_ERROR_CAL_UNSUPPORTED_ALGORITHM);
}
/* okay, now we've got a windows compatible signature, let's verify it. */
bool is_pkcs1_padding = (algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA256 || algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1);
bool is_pkcs1_padding =
(algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA256 || algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1);
NTSTATUS status = BCryptVerifySignature(
key_pair_impl->key_handle,
&padding_info,
Expand Down
2 changes: 1 addition & 1 deletion tests/CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ add_test_case(rsa_encryption_roundtrip_oaep_sha256_from_user)
add_test_case(rsa_encryption_roundtrip_oaep_sha512_from_user)
add_test_case(rsa_signing_roundtrip_pkcs1_sha256_from_user)
add_test_case(rsa_signing_roundtrip_pss_sha256_from_user)
add_test_case(rsa_signing_roundtrip_pss_sha1_from_user)
add_test_case(rsa_signing_roundtrip_pkcs1_sha1_from_user)
add_test_case(rsa_getters)
add_test_case(rsa_private_pkcs1_der_parsing)
add_test_case(rsa_public_pkcs1_der_parsing)
Expand Down
4 changes: 2 additions & 2 deletions tests/rsa_test.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -821,8 +821,8 @@ static int s_rsa_signing_mismatch_pkcs1_sha1(struct aws_allocator *allocator, vo

struct aws_byte_buf signature_buf;
ASSERT_SUCCESS(aws_byte_buf_init(&signature_buf, allocator, aws_rsa_key_pair_signature_length(key_pair_private)));
ASSERT_SUCCESS(aws_rsa_key_pair_sign_message(
key_pair_private, AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1, hash_cur, &signature_buf));
ASSERT_SUCCESS(
aws_rsa_key_pair_sign_message(key_pair_private, AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1, hash_cur, &signature_buf));
struct aws_byte_cursor signature_cur = aws_byte_cursor_from_buf(&signature_buf);

hash[5] += 59; /* modify digest to force signature mismatch */
Expand Down

0 comments on commit 798f13e

Please sign in to comment.