RSA sign/verify and hash generation functions
Murray S. Kucherawy
msk at cloudmark.com
Fri Dec 17 00:17:44 CET 2010
> -----Original Message-----
> From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos
> Sent: Thursday, December 16, 2010 1:23 PM
> To: Murray S. Kucherawy
> Cc: help-gnutls at gnu.org
> Subject: Re: RSA sign/verify and hash generation functions
> > bits = 0;
> > gnutls_pubkey_init(&X)
> > gnutls_pubkey_import(X, &keydata, GNUTLS_X509_FMT_DER);
> > gnutls_pubkey_verify_hash(X, 0, &digest, &signature); <== works; returns 1
> > gnutls_pubkey_get_pk_algorithm(X, &bits);
> > assert(bits > 0); <== FAILS
> > It looks like key->bits is never set to anything by
> > gnutls_pubkey_import().
> It was not set when importing from a raw format. Should work now.
No improvement. The diff I see in your repository updated gnutls_pubkey_import_rsa_raw(), but not gnutls_pubkey_import(), and the latter doesn't appear to call the former.
Adding this at line 698...
key->bits = _gnutls_mpi_get_nbits(key->params);
...seems to do the trick, though I don't know if that's the right thing to do or not.
> >> gnutls_x509_privkey_init(A)
> >> gnutls_x509_privkey_import(A)
> >> gnutls_privkey_init(P)
> >> gnutls_privkey_import_x509(P,A)
> >> gnutls_pubkey_init(B)
> >> gnutls_pubkey_import_privkey(B,P)
> > Works for me. Let me know when you'd like me to grab a snapshot and
> > try it.
> Should work by now.
Trying to make sense of the "usage" parameter for that last function call. I imagine for this application (RSA verifying), I need to set it to GNUTLS_KEY_DIGITAL_SIGNATURE?
More information about the Gnutls-help