Add RSA-PSS to RSA2 Sig{Gen,Ver} drivers.
Change-Id: Iba3392fe77010688ecc2bb87f59d4aa7a25ce685
Reviewed-on: https://boringssl-review.googlesource.com/15827
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/fipsoracle/cavp_rsa2_siggen_test.cc b/fipsoracle/cavp_rsa2_siggen_test.cc
index fcd5871..1a0f773 100644
--- a/fipsoracle/cavp_rsa2_siggen_test.cc
+++ b/fipsoracle/cavp_rsa2_siggen_test.cc
@@ -74,14 +74,27 @@
const EVP_MD *md = EVP_get_digestbyname(hash.c_str());
uint8_t digest_buf[EVP_MAX_MD_SIZE];
std::vector<uint8_t> sig(RSA_size(ctx->key.get()));
- unsigned digest_len, sig_len;
+ unsigned digest_len;
+ size_t sig_len;
if (md == NULL ||
- !EVP_Digest(msg.data(), msg.size(), digest_buf, &digest_len, md, NULL) ||
- !RSA_sign(EVP_MD_type(md), digest_buf, digest_len, sig.data(), &sig_len,
- ctx->key.get())) {
+ !EVP_Digest(msg.data(), msg.size(), digest_buf, &digest_len, md, NULL)) {
return false;
}
+ if (ctx->is_pss) {
+ if (!RSA_sign_pss_mgf1(ctx->key.get(), &sig_len, sig.data(), sig.size(),
+ digest_buf, digest_len, md, md, -1)) {
+ return false;
+ }
+ } else {
+ unsigned sig_len_u;
+ if (!RSA_sign(EVP_MD_type(md), digest_buf, digest_len, sig.data(),
+ &sig_len_u, ctx->key.get())) {
+ return false;
+ }
+ sig_len = sig_len_u;
+ }
+
printf("%sS = %s\r\n\r\n", test.c_str(),
EncodeHex(sig.data(), sig_len).c_str());
return true;
diff --git a/fipsoracle/cavp_rsa2_sigver_test.cc b/fipsoracle/cavp_rsa2_sigver_test.cc
index 553663f..631c2de 100644
--- a/fipsoracle/cavp_rsa2_sigver_test.cc
+++ b/fipsoracle/cavp_rsa2_sigver_test.cc
@@ -73,8 +73,16 @@
return false;
}
- if (RSA_verify(EVP_MD_type(md), digest_buf, digest_len, sig.data(),
- sig.size(), key.get())) {
+ int ok;
+ if (ctx->is_pss) {
+ ok = RSA_verify_pss_mgf1(key.get(), digest_buf, digest_len, md, md, -1,
+ sig.data(), sig.size());
+ } else {
+ ok = RSA_verify(EVP_MD_type(md), digest_buf, digest_len, sig.data(),
+ sig.size(), key.get());
+ }
+
+ if (ok) {
printf("Result = P\r\n\r\n");
} else {
char buf[256];
diff --git a/fipsoracle/run_cavp.go b/fipsoracle/run_cavp.go
index cb322a0..00d319d 100644
--- a/fipsoracle/run_cavp.go
+++ b/fipsoracle/run_cavp.go
@@ -131,7 +131,7 @@
"cavp_rsa2_siggen_test",
[]test{
{"SigGen15_186-3", []string{"pkcs15"}, true},
- // {"SigGenPSS_186-3", []string{"pss"}, true},
+ {"SigGenPSS_186-3", []string{"pss"}, true},
},
}
@@ -140,7 +140,7 @@
"cavp_rsa2_sigver_test",
[]test{
{"SigVer15_186-3", []string{"pkcs15"}, true},
- // {"SigVerPSS_186-3", []string{"pss"}, true},
+ {"SigVerPSS_186-3", []string{"pss"}, true},
},
}
