From nmav at gnutls.org Wed Dec 1 11:20:28 2010 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 1 Dec 2010 11:20:28 +0100 Subject: RSA sign/verify and hash generation functions In-Reply-To: References: <4CF52F69.2020909@gnutls.org> Message-ID: On Tue, Nov 30, 2010 at 7:01 PM, Murray S. Kucherawy >> What key format? X.509 is a format for certificates. gnutls does support >> various key formats and most probably the one you might mean. > Sorry, you're right. ?I meant to say PEM format, i.e. the default output of openssl's "genrsa" function. ?For the signing operation in the application I'm looking to port, the key will either be in PEM or DER form. ?For verifying, it will be in PEM form with the "BEGIN" and "END" tags removed. If you remove the BEGIN and END tags then it is not PEM format any more. It is just a base64 of the DER data. With gnutls you can decode PEM or DER encoded keys, check the manual for more information. To handle your case you will have to base64 decode the key(gnutls has some helper functions for that) and then parse it as a DER key. regards, Nikos From fred at ludd.ltu.se Wed Dec 1 12:36:31 2010 From: fred at ludd.ltu.se (Fredrik Unger) Date: Wed, 01 Dec 2010 12:36:31 +0100 Subject: main: TLS init def ctx failed: -1 In-Reply-To: References: <4CED180F.3090207@ludd.ltu.se> <4CEFB1A8.4070105@ludd.ltu.se> Message-ID: <4CF6333F.1080903@ludd.ltu.se> On 11/26/2010 02:21 PM, Nikos Mavrogiannopoulos wrote: > This is a private openssl format. gnutls accepts keys if they are encrypted with > PKCS #8 or if they are unencrypted. I have 2 new issues. LDAP runs with an unencrypted key now, and I wanted to secure the key. 2 problems. First I converted the key : openssl pkcs8 -inform pem -in key.pem -topk8 -out key-8.pem -outform pem -v1 PBE-SHA1-3DES #1 Keyphrase lenght used for old key was 60 bytes, 50 bytes seems to be a limit of pkcs8 ? (eg. a openssl problem (silent failure for 50+ phrase => 0 byte key)) Once converted (using shorter passphrase) I get : gnutls-serv --debug 31 --x509cafile /etc/ssl/cacert.pem --x509certfile /etc/ldap/cert/cert.pem --x509keyfile key-8.pem Error reading '/etc/ldap/cert/cert.pem' or 'key-8.pem' Error: ASN1 parser: Error in TAG. #2 Error in TAG of converted key. (cert works with unencrypted key) What do I need to be able to reuse the key ? (also tried without -v1 PBE-SHA1-3DES -> The cipher type is unsupported with certtool) I tried with certtool : certtool --infile key-8.pem --key-info -d 11 Setting log level to 11 |<2>| ASSERT: x509_b64.c:452 |<2>| Could not find '-----BEGIN RSA PRIVATE KEY' |<2>| ASSERT: x509_b64.c:452 |<2>| Could not find '-----BEGIN DSA PRIVATE KEY' |<2>| ASSERT: privkey.c:373 |<2>| ASSERT: x509_b64.c:452 |<2>| Could not find '-----BEGIN PRIVATE KEY' |<2>| ASSERT: privkey_pkcs8.c:977 |<2>| ASSERT: privkey_pkcs8.c:1123 Enter password: |<2>| ASSERT: x509_b64.c:452 |<2>| Could not find '-----BEGIN PRIVATE KEY' |<9>| salt.size: 8 |<9>| iterationCount: 2048 |<2>| ASSERT: pkcs12_encr.c:88 |<2>| ASSERT: privkey_pkcs8.c:701 |<2>| ASSERT: privkey_pkcs8.c:799 |<2>| ASSERT: privkey_pkcs8.c:1123 certtool: import error: The request is invalid. I am thankful for any hints. From isumon20 at yahoo.com Wed Dec 1 14:30:08 2010 From: isumon20 at yahoo.com (Sumon Islam) Date: Wed, 1 Dec 2010 05:30:08 -0800 (PST) Subject: gnutls extension In-Reply-To: <4CF530B7.4020701@gnutls.org> References: <835829.49239.qm@web120411.mail.ne1.yahoo.com> <4CF530B7.4020701@gnutls.org> Message-ID: <713912.7963.qm@web120419.mail.ne1.yahoo.com> Hi, Now I am totally frustrated, I did all things as you suggested. But still it did not work. At first I change the files and then execute- #cd /home/sumon/gnutls/lib #autoreconf But no result. Then I deleted all gnutls related files from /usr/local/lib and /usr/local/include and did- #cd /home/sumon/gnutls/lib #./configure #make #make install But no result. Also I tried with the ./configure, make and make install from /home/sumon/gnutls directory (not inside /lib) without success. Then I downloaded the files from an older discussion (http://www.mail-archive.com/help-gnutls at gnu.org/msg01827.html) and did ./configure, make and make install after deleting all gnutls related file from usr/local/{lib | include} and compile her (Carolin) sample code (in the same thread). It compiles without any error and the server runs, but the client gives me the following error during run time - ./client: /usr/lib/libgnutls.so.26: version `GNUTLS_2_10' not found (required by ./client) I know that it worked for her machine, as she finished the discussion, but why it does not work for me. What am I missing? Please help. Best regards, Sumon ________________________________ From: Nikos Mavrogiannopoulos To: Sumon Islam Cc: help-gnutls at gnu.org Sent: Tue, November 30, 2010 6:13:27 PM Subject: Re: gnutls extension On 11/29/2010 11:11 PM, Sumon Islam wrote: > Hi, > I would like to extend the gnutls, I followed all steps (point 1 to 4) as the > link specified >(http://www.gnu.org/software/gnutls/devel/manual/gnutls.html#TLS-Extension-Handling). >. > I made simple ext_foobar.c and ext_foobar.h ( I avoided the API steps of point > > 5 at the first time for simplicity), attached below. You only need to do the configure stuff only if you plan to disable your extension... Do you really need it? Just avoid the ifdef and if parts. > I downloaded the client >(http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-example-with-anonymous-authentication.html#Simple-client-example-with-anonymous-authentication) >) > and server >(http://www.gnu.org/software/gnutls/manual/html_node/Echo-Server-with-anonymous-authentication.html#Echo-Server-with-anonymous-authentication) >) > and run the unmodified version. Do I need to change anything in the client >and > > server program to initiate the extension? No you shouldn't. For simple examples on extensions check ext_server_name and ext_max_record. regards, Nikos -------------- next part -------------- An HTML attachment was scrubbed... URL: From mike.hoy at canberra.com Wed Dec 1 17:51:44 2010 From: mike.hoy at canberra.com (HOY Mike) Date: Wed, 1 Dec 2010 11:51:44 -0500 Subject: (no subject) Message-ID: <0C4556B6BAE1734A840FDF7EEE66C1A506FA4AD1@AUSMERIMX01.adom.ad.corp> Hello, I am allocating credentials and setting the trusted file. This isn't done again. Once I have the credentials and trusted file I am making multiple connections to different servers by: 1. Init the session to CLIENT. 2. Set direct on priority 3. Set credentials. 4. Connect to server. 5. Set ptr 6. Then handshake. I leave the connection up for 2 seconds (this is during testing) then I do: 1. gnutls bye 2. Drop the connection 3. Deinit the session. >From here I repeat step 1-6 and 1-3 for the next server. For some reason, running this code I loose 4 pages of memory at random. Are there any known memory leaks with TLS or is my sequence for multiple connections wrong? Any ideas? Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Wed Dec 1 21:13:28 2010 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 01 Dec 2010 21:13:28 +0100 Subject: gnutls extension In-Reply-To: <713912.7963.qm@web120419.mail.ne1.yahoo.com> References: <835829.49239.qm@web120411.mail.ne1.yahoo.com> <4CF530B7.4020701@gnutls.org> <713912.7963.qm@web120419.mail.ne1.yahoo.com> Message-ID: <4CF6AC68.1080601@gnutls.org> On 12/01/2010 02:30 PM, Sumon Islam wrote: > Hi, > Now I am totally frustrated, I did all things as you suggested. But still it did > not work. At first I change the files and then execute- > #cd /home/sumon/gnutls/lib > #autoreconf > > But no result. Then I deleted all gnutls related files from /usr/local/lib and > /usr/local/include and did- > #cd /home/sumon/gnutls/lib > #./configure > #make > #make install > > But no result. Also I tried with the ./configure, make and make install from > /home/sumon/gnutls directory (not inside /lib) without success. Then I > downloaded the files from an older discussion > (http://www.mail-archive.com/help-gnutls at gnu.org/msg01827.html) and did > ./configure, make and make install after deleting all gnutls related file from > usr/local/{lib | include} and compile her (Carolin) sample code (in the same > thread). It compiles without any error and the server runs, but the client gives > me the following error during run time - > > ./client: /usr/lib/libgnutls.so.26: version `GNUTLS_2_10' not found (required by > ./client) This is some problem with your linker or so. You have probably more than one gnutls libraries around. Try running ldconfig or so. regards, Nikos From nmav at gnutls.org Wed Dec 1 21:21:13 2010 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 01 Dec 2010 21:21:13 +0100 Subject: main: TLS init def ctx failed: -1 In-Reply-To: <4CF6333F.1080903@ludd.ltu.se> References: <4CED180F.3090207@ludd.ltu.se> <4CEFB1A8.4070105@ludd.ltu.se> <4CF6333F.1080903@ludd.ltu.se> Message-ID: <4CF6AE39.6080707@gnutls.org> On 12/01/2010 12:36 PM, Fredrik Unger wrote: The default gnutls functions do operate assuming that keys are not encrypted. Programs that support encrypted keys should use the pkcs8 functions instead (or gnutls_certificate_set_x509_simple_pkcs12_file). I don't know what ldap uses, though. >> This is a private openssl format. gnutls accepts keys if they are >> encrypted with >> PKCS #8 or if they are unencrypted. [...] > certtool --infile key-8.pem --key-info -d 11 Try: certtool -8 --key-info --infile key-8.pem regards, Nikos From nmav at gnutls.org Wed Dec 1 21:22:10 2010 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 01 Dec 2010 21:22:10 +0100 Subject: (no subject) In-Reply-To: <0C4556B6BAE1734A840FDF7EEE66C1A506FA4AD1@AUSMERIMX01.adom.ad.corp> References: <0C4556B6BAE1734A840FDF7EEE66C1A506FA4AD1@AUSMERIMX01.adom.ad.corp> Message-ID: <4CF6AE72.4060400@gnutls.org> On 12/01/2010 05:51 PM, HOY Mike wrote: > Hello, > For some reason, running this code I loose 4 pages of memory at random. > Are there any known memory leaks with TLS or is my sequence for multiple > connections wrong? Which version of gnutls do you use? regards, Nikos From nmav at gnutls.org Wed Dec 1 22:53:37 2010 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 01 Dec 2010 22:53:37 +0100 Subject: gnutls 2.11.5 Message-ID: <4CF6C3E1.6010904@gnutls.org> Hello, The GnuTLS 2.11.x branch is NOT what you want for your stable system. It is intended for developers and experienced users. This is major update release that includes features such as PKCS #11 support for cryptographic objects, a PKCS #11 token manipulation tool (p11tool), support for local system thread locks, new message buffering layer, support for nettle library and more. Unless there are issues, this version contains the final version of the PKCS #11 support for 2.12.x. It has been mostly tested with opensc and Feitian smart cards, but I'd appreciate if you can test it with other tokens and pkcs11 modules you may have. Here are the compressed sources: ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.11.5.tar.bz2 ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.11.5.tar.bz2 Here is the OpenPGP signature: ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.11.5.tar.bz2.sig ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.11.5.tar.bz2.sig regards, Nikos * Version 2.11.5 (released 2010-12-01) ** libgnutls: Reverted default behavior for verification and introduced GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default V1 trusted CAs are allowed, unless the new flag is specified. ** libgnutls: Correctly add leading zero to PKCS #8 encoded DSA key. Reported by Jeffrey Walton. ** libgnutls: Added SIGN-ALL, CTYPE-ALL, COMP-ALL, and VERS-TLS-ALL as priority strings. Those allow to set all the supported algorithms at once. ** p11tool: Introduced. It allows manipulating pkcs 11 tokens. ** gnutls-cli: Print channel binding only in verbose mode. Before it printed it after the 'Compression:' output, thus breaking Emacs starttls.el string searches. ** API and ABI modifications: gnutls_pkcs11_token_init: New function gnutls_pkcs11_token_set_pin: New function From isumon20 at yahoo.com Fri Dec 3 10:18:59 2010 From: isumon20 at yahoo.com (Sumon Islam) Date: Fri, 3 Dec 2010 01:18:59 -0800 (PST) Subject: gnutls extension In-Reply-To: <4CF6AC68.1080601@gnutls.org> References: <835829.49239.qm@web120411.mail.ne1.yahoo.com> <4CF530B7.4020701@gnutls.org> <713912.7963.qm@web120419.mail.ne1.yahoo.com> <4CF6AC68.1080601@gnutls.org> Message-ID: <49675.81170.qm@web120413.mail.ne1.yahoo.com> Hi, I did ldconfig, but no improvement, so I reinstall a fresh linux and install only libgcrypt and Carolin's gnutls, but the same error happens at the client program. I don't know what is the problem here in my machine. Now I reinstall Linux again and extended with the FOOBAR extension as the gnutls website instructed. Also I put my client, server program and gnutls at the web folder below, so that you could check where the problem is. Here is the complete gnutls (including the client and server program), please check and tell me what am I doing wrong- http://www.dtic.upf.edu/~kferdous/gnutls-2.10.3_.tar.gz Best regards, Sumon ________________________________ From: Nikos Mavrogiannopoulos To: Sumon Islam Cc: help-gnutls at gnu.org Sent: Wed, December 1, 2010 9:13:28 PM Subject: Re: gnutls extension On 12/01/2010 02:30 PM, Sumon Islam wrote: > Hi, > Now I am totally frustrated, I did all things as you suggested. But still it >did > > not work. At first I change the files and then execute- > #cd /home/sumon/gnutls/lib > #autoreconf > > But no result. Then I deleted all gnutls related files from /usr/local/lib and > /usr/local/include and did- > #cd /home/sumon/gnutls/lib > #./configure > #make > #make install > > But no result. Also I tried with the ./configure, make and make install from > /home/sumon/gnutls directory (not inside /lib) without success. Then I > downloaded the files from an older discussion > (http://www.mail-archive.com/help-gnutls at gnu.org/msg01827.html) and did > ./configure, make and make install after deleting all gnutls related file from > usr/local/{lib | include} and compile her (Carolin) sample code (in the same > thread). It compiles without any error and the server runs, but the client >gives > > me the following error during run time - > > ./client: /usr/lib/libgnutls.so.26: version `GNUTLS_2_10' not found (required >by > > ./client) This is some problem with your linker or so. You have probably more than one gnutls libraries around. Try running ldconfig or so. regards, Nikos -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Sun Dec 5 16:54:45 2010 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 05 Dec 2010 16:54:45 +0100 Subject: gnutls extension In-Reply-To: <49675.81170.qm@web120413.mail.ne1.yahoo.com> References: <835829.49239.qm@web120411.mail.ne1.yahoo.com> <4CF530B7.4020701@gnutls.org> <713912.7963.qm@web120419.mail.ne1.yahoo.com> <4CF6AC68.1080601@gnutls.org> <49675.81170.qm@web120413.mail.ne1.yahoo.com> Message-ID: <4CFBB5C5.3030404@gnutls.org> On 12/03/2010 10:18 AM, Sumon Islam wrote: > Hi, > I did ldconfig, but no improvement, so I reinstall a fresh linux and install > only libgcrypt and Carolin's gnutls, but the same error happens at the client > program. I don't know what is the problem here in my machine. So your issue is actually linking with a modified gnutls version rather than the extension itself? regards, Nikos From isumon20 at yahoo.com Mon Dec 6 14:38:20 2010 From: isumon20 at yahoo.com (Sumon Islam) Date: Mon, 6 Dec 2010 05:38:20 -0800 (PST) Subject: gnutls extension In-Reply-To: <4CFBB5C5.3030404@gnutls.org> References: <835829.49239.qm@web120411.mail.ne1.yahoo.com> <4CF530B7.4020701@gnutls.org> <713912.7963.qm@web120419.mail.ne1.yahoo.com> <4CF6AC68.1080601@gnutls.org> <49675.81170.qm@web120413.mail.ne1.yahoo.com> <4CFBB5C5.3030404@gnutls.org> Message-ID: <977221.98953.qm@web120405.mail.ne1.yahoo.com> Hi, My original intention was to extend the gnutls, but it did not work, so I put my extension (created by the instructions of gnutls website) in the web folder (http://www.dtic.upf.edu/~kferdous/gnutls-2.10.3_.tar.gz) for experts to check. In the meantime, I tried to play with an already extended gnutls example (Carolin's), because my own extension never showed any outputs (even in debugging output), and when I got problems running her extended gnutls, you said me that I could have linker problem, so I installed fresh linux and only installed her gnutls to get rid of the problems. But I am getting the same error. If you have time to follow this thread from the beginning, you can find the steps I had followed. Thank you, Sumon ________________________________ From: Nikos Mavrogiannopoulos To: Sumon Islam Cc: help-gnutls at gnu.org Sent: Sun, December 5, 2010 4:54:45 PM Subject: Re: gnutls extension On 12/03/2010 10:18 AM, Sumon Islam wrote: > Hi, > I did ldconfig, but no improvement, so I reinstall a fresh linux and install > only libgcrypt and Carolin's gnutls, but the same error happens at the client > program. I don't know what is the problem here in my machine. So your issue is actually linking with a modified gnutls version rather than the extension itself? regards, Nikos -------------- next part -------------- An HTML attachment was scrubbed... URL: From simon at josefsson.org Mon Dec 6 15:26:38 2010 From: simon at josefsson.org (Simon Josefsson) Date: Mon, 06 Dec 2010 15:26:38 +0100 Subject: GnuTLS 2.10.4 released Message-ID: <87lj43asf5.fsf@latte.josefsson.org> We are proud to announce a new stable GnuTLS release: Version 2.10.4. GnuTLS is a modern C library that implements the standard network security protocol Transport Layer Security (TLS), for use by network applications. GnuTLS is developed for GNU/Linux, but works on many Unix-like systems and comes with a binary installer for Windows. The GnuTLS library is distributed under the terms of the GNU Lesser General Public License version 2.1 (or later). The "extra" GnuTLS library (which contains TLS/IA support, LZO compression and Libgcrypt FIPS-mode handler), the OpenSSL compatibility library, the self tests and the command line tools are all distributed under the GNU General Public License version 3.0 (or later). The manual is distributed under the GNU Free Documentation License version 1.3 (or later). The project page of the library is available at: http://www.gnu.org/software/gnutls/ What's New ========== ** gnutls-serv: Corrected a buffer overflow. Reported and patch by Tomas Mraz. ** libgnutls: Use ASN1_NULL when writing parameters for RSA signatures. This makes us comply with RFC3279. Reported by Michael Rommel. ** libgnutls: Reverted default behavior for verification and introduced GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default V1 trusted CAs are allowed, unless the new flag is specified. ** minitasn1: Updated to Libtasn1 2.9. ** API and ABI modifications: No changes since last version. Getting the Software ==================== GnuTLS may be downloaded from one of the mirror sites or direct from . The list of mirrors can be found at . Here are the BZIP2 compressed sources (7.0MB): ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.10.4.tar.bz2 http://ftp.gnu.org/gnu/gnutls/gnutls-2.10.4.tar.bz2 Here are OpenPGP detached signatures signed using key 0xB565716F: ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.10.4.tar.bz2.sig http://ftp.gnu.org/gnu/gnutls/gnutls-2.10.4.tar.bz2.sig Note, that we don't distribute gzip compressed tarballs. In order to check that the version of GnuTLS which you are going to install is an original and unmodified one, you should verify the OpenPGP signature. You can use the command gpg --verify gnutls-2.10.4.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. The signing key can be identified with the following information: pub 1280R/B565716F 2002-05-05 [expires: 2011-03-30] Key fingerprint = 0424 D4EE 81A0 E3D1 19C6 F835 EDA2 1E94 B565 716F uid Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2011-03-30] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Alternatively, after successfully verifying the OpenPGP signature of this announcement, you could verify that the files match the following checksum values. The values are for SHA-1 and SHA-224 respectively: f0dcd7b68748b48d7b945c52b6a9e64d643e4b58 gnutls-2.10.4.tar.bz2 7c57226444af5744a938f9c1ef12e6c8c5f5144f2368859613afe968 gnutls-2.10.4.tar.bz2 Documentation ============= The manual is available online at: http://www.gnu.org/software/gnutls/documentation.html In particular the following formats are available: HTML: http://www.gnu.org/software/gnutls/manual/html_node/index.html PDF: http://www.gnu.org/software/gnutls/manual/gnutls.pdf For developers there is a GnuTLS API reference manual formatted using the GTK-DOC tools: HTML: http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html PDF: http://www.gnu.org/software/gnutls/reference/gnutls.pdf Community ========= If you need help to use GnuTLS, or want to help others, you are invited to join our help-gnutls mailing list, see: http://lists.gnu.org/mailman/listinfo/help-gnutls If you wish to participate in the development of GnuTLS, you are invited to join our gnutls-dev mailing list, see: http://lists.gnu.org/mailman/listinfo/gnutls-devel Internationalization ==================== The GnuTLS library messages have been translated into Czech, Dutch, French, German, Italian, Malay, Polish, Simplified Chinese, Swedish, and Vietnamese. We welcome the addition of more translations. Support ======= Improving GnuTLS is costly, but you can help! We are looking for organizations that find GnuTLS useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or donate money or equipment. Commercial support contracts for GnuTLS are available, and they help finance continued maintenance. Simon Josefsson Datakonsult AB, a Stockholm based privately held company, is currently funding GnuTLS maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. The GnuTLS service directory is available at: http://www.gnu.org/software/gnutls/commercial.html Happy Hacking, Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 424 bytes Desc: not available URL: From msk at cloudmark.com Mon Dec 6 23:00:53 2010 From: msk at cloudmark.com (Murray S. Kucherawy) Date: Mon, 6 Dec 2010 14:00:53 -0800 Subject: RSA sign/verify and hash generation functions In-Reply-To: References: <4CF52F69.2020909@gnutls.org> Message-ID: > -----Original Message----- > From: n.mavrogiannopoulos at gmail.com > [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos > Mavrogiannopoulos > Sent: Wednesday, December 01, 2010 2:20 AM > To: Murray S. Kucherawy > Cc: help-gnutls at gnu.org > Subject: Re: RSA sign/verify and hash generation functions > > If you remove the BEGIN and END tags then it is not PEM format any > more. It is just a base64 of the DER data. With gnutls you can decode > PEM or DER encoded keys, check the manual for more information. To > handle your case you will have to base64 decode the key(gnutls has > some helper functions for that) and then parse it as a DER key. I'm working my way through the conversion. The hash stuff appears pretty straightforward, but I'm missing how to import an simple RSA key in either PEM or DER format. Since I already have a DER key decoded, let's focus on that. The functions I see in the info pages for 2.11.4 include: * gnutls_privkey_import_openpgp: Core functions. (line 3897) * gnutls_privkey_import_pkcs11: Core functions. (line 3914) * gnutls_privkey_import_x509: Core functions. (line 3931) I don't see the way to get a DER key imported just from that. The X509 function takes a parameter that can be DER, so maybe that's the one I'm looking for. Is that correct? For public keys it appears to be more comprehensive interface so far: * gnutls_pubkey_import: Core functions. (line 4583) * gnutls_pubkey_import_dsa_raw: Core functions. (line 4474) * gnutls_pubkey_import_openpgp: Core functions. (line 4497) * gnutls_pubkey_import_pkcs11: Core functions. (line 4531) * gnutls_pubkey_import_pkcs11_url: Core functions. (line 4514) * gnutls_pubkey_import_rsa_raw: Core functions. (line 4548) * gnutls_pubkey_import_x509: Core functions. (line 4566) * gnutls_pubkey_init: Core functions. (line 4601) I think I want the first one for what I'm doing, namely using DER-formatted RSA keys to verify signatures. With private keys, I need to do two things: encrypt some data, and extract a matching public key in DER format. I think the encryption piece is done with gnutls_pkcs11_privkey_sign_data(), but I don't see how to do the latter thing so far. Which function is used to do that? Also, can gnutls_hash_deinit() take a NULL second pointer if all I want to do is deallocate the hash object, as I've previously gotten the result out from gnutls_hash_output()? Thanks, -MSK From simon at josefsson.org Tue Dec 7 13:11:44 2010 From: simon at josefsson.org (Simon Josefsson) Date: Tue, 07 Dec 2010 13:11:44 +0100 Subject: GnuTLS 2.11.6 Message-ID: <87lj41vl33.fsf@latte.josefsson.org> Hello, The GnuTLS 2.11.x branch is NOT what you want for your stable system. It is intended for developers and experienced users. This is major update release that includes features such as PKCS #11 support for cryptographic objects, a PKCS #11 token manipulation tool (p11tool), support for local system thread locks, new message buffering layer, support for nettle library and more. Unless there are issues, this version contains the final version of the PKCS #11 support for 2.12.x. It has been mostly tested with OpenSC and Feitian smart cards, but I'd appreciate if you can test it with other tokens and PKCS11 modules you may have. Here are the compressed sources: ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.11.6.tar.bz2 ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.11.6.tar.bz2 Here is the OpenPGP signature: ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.11.6.tar.bz2.sig ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.11.6.tar.bz2.sig Happy hacking, Simon PS. Accidentally I overwrote the 2.11.5 release on the FTP servers when doing this release, I'll try to revert the old files. * Version 2.11.6 (released 2010-12-06) ** libgnutls: Record version of Client Hellos is now set by default to SSL 3.0. To restore the previous default behavior use %LATEST_RECORD_VERSION priority string. ** libgnutls: Use ASN1_NULL when writing parameters for RSA signatures. This makes us comply with RFC3279. Reported by Michael Rommel. ** gnutls-serv: Corrected a buffer overflow. Reported and patch by Tomas Mraz. ** API and ABI modifications: No changes since last version. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 424 bytes Desc: not available URL: From msk at cloudmark.com Wed Dec 8 00:30:21 2010 From: msk at cloudmark.com (Murray S. Kucherawy) Date: Tue, 7 Dec 2010 15:30:21 -0800 Subject: RSA sign/verify and hash generation functions In-Reply-To: References: <4CF52F69.2020909@gnutls.org> Message-ID: I got a fair bit further, but I'm stuck now with GnuTLS not generating the same signature as OpenSSL under the same circumstances. Anyone that can spot what I've missed, please do let me know. Here's what I'm doing: gnutls_datum_t rsa_out; /* output signature */ gnutls_datum_t dd; /* SHA256 digest; size = 20 */ gnutls_datum_t key; /* private key in PEM form */ gnutls_x509_privkey_t privkey; gnutls_privkey_t rsa_key; key.data = key.len = strlen(key.data); dd.data = (SHA256 of object to sign); dd.size = 20 (size of a SHA256 digest); assert(gnutls_privkey_init(&rsa_key) == GNUTLS_E_SUCCESS); assert(gnutls_x509_privkey_init(&privkey) == GNUTLS_E_SUCCESS); assert(gnutls_x509_privkey_import(privkey, &key, GNUTLS_X509_FMT_PEM) == GNUTLS_E_SUCCESS); assert(gnutls_privkey_import_x509(rsa_key, privkey, 0) == GNUTLS_E_SUCCESS); assert(gnutls_privkey_sign_hash(rsa_key, &dd, &rsa_out == GNUTLS_E_SUCCESS); At this point, comparing "rsa_out" in the GnuTLS case to the OpenSSL case reveals that rsa_out.size is the same, but the data in rsa_out.data is not. I haven't tried the public key verification code nor the public key extraction (In fact I haven't even found that yet). Thanks, -MSK From msk at cloudmark.com Wed Dec 8 21:17:37 2010 From: msk at cloudmark.com (Murray S. Kucherawy) Date: Wed, 8 Dec 2010 12:17:37 -0800 Subject: RSA sign/verify and hash generation functions In-Reply-To: References: <4CF52F69.2020909@gnutls.org> Message-ID: Here's something interesting I found while trying to figure this out. % openssl rsa -in key.pem -text Private-Key: (1024 bit) modulus: 00:b8:19:41:ab:f9:df:fa:48:53:73:54:b6:29:a6: 19:d1:77:44:0f:18:ac:f6:b9:69:d5:eb:94:40:c5: ad:4f:c3:7e:76:06:a8:b3:aa:22:8e:06:38:18:1b: 38:fc:a4:94:12:b3:cb:4e:be:ff:f6:93:a8:e9:23: cd:3d:46:71:12:a8:e1:60:17:48:2e:dd:42:5b:36: 7b:b7:f9:c7:7c:93:f9:22:42:3f:aa:e1:c2:8a:46: 90:13:f7:67:1c:c5:ce:ec:be:10:8d:80:dd:6c:04: 69:91:39:86:6e:ca:c1:b7:56:ed:c3:c9:cd:3b:f6: 04:8b:b6:74:ab:81:76:fe:81 publicExponent: 65537 (0x10001) privateExponent: 7a:69:48:d2:8a:66:d4:ab:ec:d9:3e:15:96:21:fc: fe:db:d7:e4:55:db:04:7f:0b:11:94:00:53:05:5e: 15:30:7f:51:09:62:79:7c:82:57:7f:69:23:16:4e: d1:26:b9:d2:a9:bc:60:d2:fd:ad:be:47:4d:26:62: 1d:01:4e:c3:20:0a:36:a4:b8:9b:fe:c9:0a:c6:ee: 1f:88:10:90:f8:0f:17:9e:b5:04:73:4b:f6:82:9f: 62:02:6a:f4:fe:24:10:57:c3:4c:1a:17:28:13:31: c1:6b:53:ec:02:95:f1:d6:2f:09:ad:ef:63:33:d0: ff:50:67:a9:07:70:db:31 Then reading that same key in with this sequence: gnutls_x509_privkey_init() gnutls_x509_privkey_import() gnutls_x509_privkey_export_rsa_raw() ...and then dumping the modulus and private exponent through code that uses the same format as OpenSSL: modulus: b8:19:41:ab:f9:df:fa:48:53:73:54:b6:29:a6:19: d1:77:44:0f:18:ac:f6:b9:69:d5:eb:94:40:c5:ad: 4f:c3:7e:76:06:a8:b3:aa:22:8e:06:38:18:1b:38: fc:a4:94:12:b3:cb:4e:be:ff:f6:93:a8:e9:23:cd: 3d:46:71:12:a8:e1:60:17:48:2e:dd:42:5b:36:7b: b7:f9:c7:7c:93:f9:22:42:3f:aa:e1:c2:8a:46:90: 13:f7:67:1c:c5:ce:ec:be:10:8d:80:dd:6c:04:69: 91:39:86:6e:ca:c1:b7:56:ed:c3:c9:cd:3b:f6:04: 8b:b6:74:ab:81:76:fe:81: privateExponent: 7a:69:48:d2:8a:66:d4:ab:ec:d9:3e:15:96:21:fc: fe:db:d7:e4:55:db:04:7f:0b:11:94:00:53:05:5e: 15:30:7f:51:09:62:79:7c:82:57:7f:69:23:16:4e: d1:26:b9:d2:a9:bc:60:d2:fd:ad:be:47:4d:26:62: 1d:01:4e:c3:20:0a:36:a4:b8:9b:fe:c9:0a:c6:ee: 1f:88:10:90:f8:0f:17:9e:b5:04:73:4b:f6:82:9f: 62:02:6a:f4:fe:24:10:57:c3:4c:1a:17:28:13:31: c1:6b:53:ec:02:95:f1:d6:2f:09:ad:ef:63:33:d0: ff:50:67:a9:07:70:db:31: Note that when using GnuTLS, the leading "00" octet in the modulus is missing. Is this expected? Could it explain the different signature I get from GnuTLS 2.11.6? -MSK From msk at cloudmark.com Wed Dec 8 21:22:29 2010 From: msk at cloudmark.com (Murray S. Kucherawy) Date: Wed, 8 Dec 2010 12:22:29 -0800 Subject: RSA sign/verify and hash generation functions References: <4CF52F69.2020909@gnutls.org> Message-ID: > -----Original Message----- > From: Murray S. Kucherawy > Sent: Wednesday, December 08, 2010 12:18 PM > To: Nikos Mavrogiannopoulos > Cc: help-gnutls at gnu.org > Subject: RE: RSA sign/verify and hash generation functions > > Here's something interesting I found while trying to figure this out. > [...] > > Note that when using GnuTLS, the leading "00" octet in the modulus is > missing. Is this expected? Could it explain the different signature I > get from GnuTLS 2.11.6? This appears also to be the case with the two primes in the private key. The coefficient and the private exponent seem to be correct. From nmav at gnutls.org Wed Dec 8 23:22:55 2010 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 08 Dec 2010 23:22:55 +0100 Subject: RSA sign/verify and hash generation functions In-Reply-To: References: <4CF52F69.2020909@gnutls.org> Message-ID: <4D00053F.3040004@gnutls.org> On 12/08/2010 09:17 PM, Murray S. Kucherawy wrote: > Here's something interesting I found while trying to figure this out. > % openssl rsa -in key.pem -text > Private-Key: (1024 bit) > modulus: > 00:b8:19:41:ab:f9:df:fa:48:53:73:54:b6:29:a6: [...] > ...and then dumping the modulus and private exponent through code that uses the same format as OpenSSL:> > modulus: > b8:19:41:ab:f9:df:fa:48:53:73:54:b6:29:a6:19: > Note that when using GnuTLS, the leading "00" octet in the modulus is missing. > Is this expected? Could it explain the different signature I get from GnuTLS 2.11.6? The export_raw() functions do not add the leading zero. Adding them would be better (and I'll modify them to do), but it doesn't explain the different signature. regards, Nikos From nmav at gnutls.org Wed Dec 8 23:25:25 2010 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 08 Dec 2010 23:25:25 +0100 Subject: RSA sign/verify and hash generation functions In-Reply-To: References: <4CF52F69.2020909@gnutls.org> Message-ID: <4D0005D5.5090509@gnutls.org> On 12/08/2010 12:30 AM, Murray S. Kucherawy wrote: > I got a fair bit further, but I'm stuck now with GnuTLS not generating the same signature as OpenSSL under the same circumstances. Anyone that can spot what I've missed, please do let me know. > > Here's what I'm doing: > > gnutls_datum_t rsa_out; /* output signature */ > gnutls_datum_t dd; /* SHA256 digest; size = 20 */ > gnutls_datum_t key; /* private key in PEM form */ > gnutls_x509_privkey_t privkey; > gnutls_privkey_t rsa_key; > > key.data = > key.len = strlen(key.data); > > dd.data = (SHA256 of object to sign); > dd.size = 20 (size of a SHA256 digest); Why 20? SHA-1 is 20 bytes. SHA256 is 32 bytes. > assert(gnutls_privkey_init(&rsa_key) == GNUTLS_E_SUCCESS); > assert(gnutls_x509_privkey_init(&privkey) == GNUTLS_E_SUCCESS); > assert(gnutls_x509_privkey_import(privkey, &key, GNUTLS_X509_FMT_PEM) == GNUTLS_E_SUCCESS); > assert(gnutls_privkey_import_x509(rsa_key, privkey, 0) == GNUTLS_E_SUCCESS); > assert(gnutls_privkey_sign_hash(rsa_key, &dd, &rsa_out == GNUTLS_E_SUCCESS); > At this point, comparing "rsa_out" in the GnuTLS case to the OpenSSL case reveals that rsa_out.size is the same, but the data in rsa_out.data is not. > I haven't tried the public key verification code nor the public key extraction (In fact I haven't even found that yet). Do you mean the gnutls_x509_crt_verify_hash()? Which signing method do you use with openssl? In gnutls we support only PKCS #1 1.5 signatures (that one required by TLS). regards, Nikos From nmav at gnutls.org Wed Dec 8 23:28:29 2010 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 08 Dec 2010 23:28:29 +0100 Subject: RSA sign/verify and hash generation functions In-Reply-To: References: <4CF52F69.2020909@gnutls.org> Message-ID: <4D00068D.6090005@gnutls.org> On 12/08/2010 12:30 AM, Murray S. Kucherawy wrote: > assert(gnutls_privkey_sign_hash(rsa_key, &dd, &rsa_out == GNUTLS_E_SUCCESS); Also check the documentation of the functions you are using :) The sign_hash is low-level and isn't intended to be used like that. Use gnutls_x509_privkey_sign_data() and gnutls_x509_privkey_verify_data(). regards, Nikos From msk at cloudmark.com Wed Dec 8 23:40:04 2010 From: msk at cloudmark.com (Murray S. Kucherawy) Date: Wed, 8 Dec 2010 14:40:04 -0800 Subject: RSA sign/verify and hash generation functions In-Reply-To: <4D00068D.6090005@gnutls.org> References: <4CF52F69.2020909@gnutls.org> <4D00068D.6090005@gnutls.org> Message-ID: > -----Original Message----- > From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos > Sent: Wednesday, December 08, 2010 2:28 PM > To: Murray S. Kucherawy > Cc: help-gnutls at gnu.org > Subject: Re: RSA sign/verify and hash generation functions > > On 12/08/2010 12:30 AM, Murray S. Kucherawy wrote: > > > assert(gnutls_privkey_sign_hash(rsa_key, &dd, &rsa_out == > GNUTLS_E_SUCCESS); > > Also check the documentation of the functions you are using :) I did. By the looks of things, the *_sign_hash() functions look like they sign a hash that's already been computed, which is the case for me, so that's what I used. > The sign_hash is low-level and isn't intended to be used like that. > Use gnutls_x509_privkey_sign_data() and > gnutls_x509_privkey_verify_data(). OK, I'll give those a try. From msk at cloudmark.com Wed Dec 8 23:50:27 2010 From: msk at cloudmark.com (Murray S. Kucherawy) Date: Wed, 8 Dec 2010 14:50:27 -0800 Subject: RSA sign/verify and hash generation functions In-Reply-To: <4D00068D.6090005@gnutls.org> References: <4CF52F69.2020909@gnutls.org> <4D00068D.6090005@gnutls.org> Message-ID: > -----Original Message----- > From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos > Sent: Wednesday, December 08, 2010 2:28 PM > To: Murray S. Kucherawy > Cc: help-gnutls at gnu.org > Subject: Re: RSA sign/verify and hash generation functions > > Also check the documentation of the functions you are using :) > The sign_hash is low-level and isn't intended to be used like that. > Use gnutls_x509_privkey_sign_data() and > gnutls_x509_privkey_verify_data(). This produces yet another different signature. I imagine I'm now hashing the hash and encrypting that. I can't conveniently switch to giving gnutls_x509_privkey_sign_data() the entire original data blob to be signed as at this point in the code I no longer have it, but I do have the output of the hash of it. From msk at cloudmark.com Wed Dec 8 23:56:08 2010 From: msk at cloudmark.com (Murray S. Kucherawy) Date: Wed, 8 Dec 2010 14:56:08 -0800 Subject: RSA sign/verify and hash generation functions In-Reply-To: <4D0005D5.5090509@gnutls.org> References: <4CF52F69.2020909@gnutls.org> <4D0005D5.5090509@gnutls.org> Message-ID: > -----Original Message----- > From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos > Sent: Wednesday, December 08, 2010 2:25 PM > To: Murray S. Kucherawy > Cc: help-gnutls at gnu.org > Subject: Re: RSA sign/verify and hash generation functions > > Which signing method do you use with openssl? In gnutls we support only > PKCS #1 1.5 signatures (that one required by TLS). Ah, maybe that's the problem. The RSA_sign() man page from OpenSSL says: RSA_sign() signs the message digest m of size m_len using the private key rsa as specified in PKCS #1 v2.0. It stores the signature in sigret and the signature size in siglen. sigret must point to RSA_size(rsa) bytes of memory. So maybe this is a dead end for me, at least for now. From nmav at gnutls.org Thu Dec 9 09:22:33 2010 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 09 Dec 2010 09:22:33 +0100 Subject: RSA sign/verify and hash generation functions In-Reply-To: References: <4CF52F69.2020909@gnutls.org> <4D00068D.6090005@gnutls.org> Message-ID: <4D0091C9.1060902@gnutls.org> On 12/08/2010 11:40 PM, Murray S. Kucherawy wrote: >> -----Original Message----- From: Nikos Mavrogiannopoulos >> [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos >> Mavrogiannopoulos Sent: Wednesday, December 08, 2010 2:28 PM To: >> Murray S. Kucherawy Cc: help-gnutls at gnu.org Subject: Re: RSA >> sign/verify and hash generation functions >> >> On 12/08/2010 12:30 AM, Murray S. Kucherawy wrote: >> >>> assert(gnutls_privkey_sign_hash(rsa_key, &dd, &rsa_out == >> GNUTLS_E_SUCCESS); >> >> Also check the documentation of the functions you are using :) > > I did. By the looks of things, the *_sign_hash() functions look like > they sign a hash that's already been computed, which is the case for > me, so that's what I used. The current sign_hash function is not what you want. They are tricky to use to generate correct signatures (for DSA they work ok, but for RSA require one more step to generate a PKCS #1 compliant signature - i.e. BER encode the hash as DigestInfo). I'll add a safer to use API for 2.12.x and deprecate those functions. The _sign_data() functions work as expected. regards, Nikos From msk at cloudmark.com Thu Dec 9 19:13:47 2010 From: msk at cloudmark.com (Murray S. Kucherawy) Date: Thu, 9 Dec 2010 10:13:47 -0800 Subject: RSA sign/verify and hash generation functions In-Reply-To: <4D0091C9.1060902@gnutls.org> References: <4CF52F69.2020909@gnutls.org> <4D00068D.6090005@gnutls.org> <4D0091C9.1060902@gnutls.org> Message-ID: > -----Original Message----- > From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos > Sent: Thursday, December 09, 2010 12:23 AM > To: Murray S. Kucherawy > Cc: help-gnutls at gnu.org > Subject: Re: RSA sign/verify and hash generation functions > > > I did. By the looks of things, the *_sign_hash() functions look like > > they sign a hash that's already been computed, which is the case for > > me, so that's what I used. > > The current sign_hash function is not what you want. They are tricky to > use to generate correct signatures (for DSA they work ok, but for RSA > require one more step to generate a PKCS #1 compliant signature - i.e. > BER encode the hash as DigestInfo). I'll add a safer to use API for > 2.12.x and deprecate those functions. OK. If you would like me to try those out once they're available, just point me at the tarball. From nmav at gnutls.org Thu Dec 9 23:00:32 2010 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 09 Dec 2010 23:00:32 +0100 Subject: RSA sign/verify and hash generation functions In-Reply-To: <4D0118ED.4070401@tana.it> References: <4CF52F69.2020909@gnutls.org> <4D0005D5.5090509@gnutls.org> <4D0118ED.4070401@tana.it> Message-ID: <4D015180.5020706@gnutls.org> On 12/09/2010 06:59 PM, Alessandro Vesely wrote: > On 08/Dec/10 23:56, Murray S. Kucherawy wrote: >>> -----Original Message----- >>> From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos >>> Sent: Wednesday, December 08, 2010 2:25 PM >>> To: Murray S. Kucherawy >>> Cc: help-gnutls at gnu.org >>> Subject: Re: RSA sign/verify and hash generation functions >>> >>> Which signing method do you use with openssl? In gnutls we support only >>> PKCS #1 1.5 signatures (that one required by TLS). >> >> Ah, maybe that's the problem. The RSA_sign() man page from OpenSSL says: >> >> RSA_sign() signs the message digest m of size m_len using the private >> key rsa as specified in PKCS #1 v2.0. > > I'd be surprised if PKCS#1 v2.0 introduced incompatibilities with the > previous version. At any rate, RFC 4871 says: " It uses RSA-OAEP and RSA-PSS which are not compatible with PKCS #1 1.5. regards, Nikos From vesely at tana.it Thu Dec 9 18:59:09 2010 From: vesely at tana.it (Alessandro Vesely) Date: Thu, 09 Dec 2010 18:59:09 +0100 Subject: RSA sign/verify and hash generation functions In-Reply-To: References: <4CF52F69.2020909@gnutls.org> <4D0005D5.5090509@gnutls.org> Message-ID: <4D0118ED.4070401@tana.it> On 08/Dec/10 23:56, Murray S. Kucherawy wrote: >> -----Original Message----- >> From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos >> Sent: Wednesday, December 08, 2010 2:25 PM >> To: Murray S. Kucherawy >> Cc: help-gnutls at gnu.org >> Subject: Re: RSA sign/verify and hash generation functions >> >> Which signing method do you use with openssl? In gnutls we support only >> PKCS #1 1.5 signatures (that one required by TLS). > > Ah, maybe that's the problem. The RSA_sign() man page from OpenSSL says: > > RSA_sign() signs the message digest m of size m_len using the private > key rsa as specified in PKCS #1 v2.0. I'd be surprised if PKCS#1 v2.0 introduced incompatibilities with the previous version. At any rate, RFC 4871 says: " 3.3.1. The rsa-sha1 Signing Algorithm The rsa-sha1 Signing Algorithm computes a message hash as described in Section 3.7 below using SHA-1 [FIPS.180-2.2002] as the hash-alg. That hash is then signed by the signer using the RSA algorithm (defined in PKCS#1 version 1.5 [RFC3447]) as the crypt-alg and the signer's private key. [...]" From vesely at tana.it Sat Dec 11 21:11:15 2010 From: vesely at tana.it (Alessandro Vesely) Date: Sat, 11 Dec 2010 21:11:15 +0100 Subject: RSA sign/verify and hash generation functions In-Reply-To: <4D015180.5020706@gnutls.org> References: <4CF52F69.2020909@gnutls.org> <4D0005D5.5090509@gnutls.org> <4D0118ED.4070401@tana.it> <4D015180.5020706@gnutls.org> Message-ID: <4D03DAE3.8090609@tana.it> On 09/Dec/10 23:00, Nikos Mavrogiannopoulos wrote: > On 12/09/2010 06:59 PM, Alessandro Vesely wrote: >> On 08/Dec/10 23:56, Murray S. Kucherawy wrote: >>> On Wednesday, December 08, 2010 2:25 PM Nikos Mavrogiannopoulos wrote >>>> Which signing method do you use with openssl? In gnutls we support only >>>> PKCS #1 1.5 signatures (that one required by TLS). >>> >>> Ah, maybe that's the problem. The RSA_sign() man page from OpenSSL says: >>> >>> RSA_sign() signs the message digest m of size m_len using the private >>> key rsa as specified in PKCS #1 v2.0. >> >> I'd be surprised if PKCS#1 v2.0 introduced incompatibilities with the >> previous version. At any rate, RFC 4871 says: [it uses PKCS#1 v1.5] > > It uses RSA-OAEP and RSA-PSS which are not compatible with PKCS #1 1.5. Yes, you're right. Naive users like me tend to confuse RSA-PSS with RSASP1... However, according to [1], RSA-PSS is actually specified only in PKCS#1 v2.1. Hence, that OpenSSL function should still be RSASSA-PKCS1-v1_5. [1] http://www.rsa.com/rsalabs/node.asp?id=2125 From nmav at gnutls.org Mon Dec 13 22:44:41 2010 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Mon, 13 Dec 2010 22:44:41 +0100 Subject: RSA sign/verify and hash generation functions In-Reply-To: References: <4CF52F69.2020909@gnutls.org> <4D00068D.6090005@gnutls.org> <4D0091C9.1060902@gnutls.org> Message-ID: <4D0693C9.5040109@gnutls.org> On 12/09/2010 07:13 PM, Murray S. Kucherawy wrote: >> -----Original Message----- >> From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos >> Sent: Thursday, December 09, 2010 12:23 AM >> To: Murray S. Kucherawy >> Cc: help-gnutls at gnu.org >> Subject: Re: RSA sign/verify and hash generation functions >> >>> I did. By the looks of things, the *_sign_hash() functions look like >>> they sign a hash that's already been computed, which is the case for >>> me, so that's what I used. >> >> The current sign_hash function is not what you want. They are tricky to >> use to generate correct signatures (for DSA they work ok, but for RSA >> require one more step to generate a PKCS #1 compliant signature - i.e. >> BER encode the hash as DigestInfo). I'll add a safer to use API for >> 2.12.x and deprecate those functions. > > OK. If you would like me to try those out once they're available, just point me at the tarball. Could you check: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=tree;h=refs/heads/master;hb=master You can get a tarball by clicking on snapshot. I've added sign_hash2() family of functions that should work as expected. For usage you can also check the test program x509sign-verify.c. regards, Nikos From msk at cloudmark.com Tue Dec 14 19:54:49 2010 From: msk at cloudmark.com (Murray S. Kucherawy) Date: Tue, 14 Dec 2010 10:54:49 -0800 Subject: RSA sign/verify and hash generation functions In-Reply-To: <4D0693C9.5040109@gnutls.org> References: <4CF52F69.2020909@gnutls.org> <4D00068D.6090005@gnutls.org> <4D0091C9.1060902@gnutls.org> <4D0693C9.5040109@gnutls.org> Message-ID: Looks like signing is now working, but I can't import a DER public key with this: gnutls_x509_crt_init(&pubkey); key.data = ; key.size = ; gnutls_x509_crt_import(pubkey, &key, GNUTLS_X509_FMT_DER); The import call is returning -73, GNUTLS_E_ASN1_TAG_ERROR. What I'm actually importing is an DER encoded RSA public key, namely a PEM one with the "---BEGIN PUBLIC KEY---" removed and then the base64 decoding done. It's a 1024 bit key, and post-decoding it's 162 bytes long. From nmav at gnutls.org Wed Dec 15 01:53:21 2010 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 15 Dec 2010 01:53:21 +0100 Subject: RSA sign/verify and hash generation functions In-Reply-To: References: <4CF52F69.2020909@gnutls.org> <4D00068D.6090005@gnutls.org> <4D0091C9.1060902@gnutls.org> <4D0693C9.5040109@gnutls.org> Message-ID: Did you try the interface in abstract.h for public keys? On Tue, Dec 14, 2010 at 7:54 PM, Murray S. Kucherawy wrote: > Looks like signing is now working, but I can't import a DER public key with this: > > ? ? ? ?gnutls_x509_crt_init(&pubkey); > ? ? ? ?key.data = ; > ? ? ? ?key.size = ; > ? ? ? ?gnutls_x509_crt_import(pubkey, &key, GNUTLS_X509_FMT_DER); > > The import call is returning -73, GNUTLS_E_ASN1_TAG_ERROR. > > What I'm actually importing is an DER encoded RSA public key, namely a PEM one with the "---BEGIN PUBLIC KEY---" removed and then the base64 decoding done. ?It's a 1024 bit key, and post-decoding it's 162 bytes long. > From msk at cloudmark.com Wed Dec 15 02:13:23 2010 From: msk at cloudmark.com (Murray S. Kucherawy) Date: Tue, 14 Dec 2010 17:13:23 -0800 Subject: RSA sign/verify and hash generation functions In-Reply-To: References: <4CF52F69.2020909@gnutls.org> <4D00068D.6090005@gnutls.org> <4D0091C9.1060902@gnutls.org> <4D0693C9.5040109@gnutls.org> Message-ID: > -----Original Message----- > From: n.mavrogiannopoulos at gmail.com [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos > Sent: Tuesday, December 14, 2010 4:53 PM > To: Murray S. Kucherawy > Cc: help-gnutls at gnu.org > Subject: Re: RSA sign/verify and hash generation functions > > Did you try the interface in abstract.h for public keys? I had that before. I was going by your test code as an example; I'll switch back and give it a go. From msk at cloudmark.com Wed Dec 15 18:47:20 2010 From: msk at cloudmark.com (Murray S. Kucherawy) Date: Wed, 15 Dec 2010 09:47:20 -0800 Subject: RSA sign/verify and hash generation functions In-Reply-To: References: <4CF52F69.2020909@gnutls.org> <4D00068D.6090005@gnutls.org> <4D0091C9.1060902@gnutls.org> <4D0693C9.5040109@gnutls.org> Message-ID: > -----Original Message----- > From: n.mavrogiannopoulos at gmail.com [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos > Mavrogiannopoulos > Sent: Tuesday, December 14, 2010 4:53 PM > To: Murray S. Kucherawy > Cc: help-gnutls at gnu.org > Subject: Re: RSA sign/verify and hash generation functions > > Did you try the interface in abstract.h for public keys? Yep, that's working. Great stuff! One thing I need that this public key interface doesn't appear to have is a way to get the key size from a public key. Could that be added, or if it's there someplace, can you point me to it? Also, I have a need to, given a private key already imported, output a public key in PEM format to a buffer. The code I have now is doing this: gnutls_x509_privkey_init(A) gnutls_x509_privkey_import(A) gnutls_x509_privkey_export_rsa_raw(A, m, e, otherstuff) gnutls_pubkey_init(B) gnutls_pubkey_import_rsa_raw(B, m, e) gnutls_pubkey_export(B, PEM, buf, &buflen) Should that give me what I want, or do you have another interface to suggest? -MSK From nmav at gnutls.org Thu Dec 16 17:11:51 2010 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 16 Dec 2010 17:11:51 +0100 Subject: RSA sign/verify and hash generation functions In-Reply-To: References: <4CF52F69.2020909@gnutls.org> <4D00068D.6090005@gnutls.org> <4D0091C9.1060902@gnutls.org> <4D0693C9.5040109@gnutls.org> Message-ID: <4D0A3A47.6060804@gnutls.org> On 12/15/2010 06:47 PM, Murray S. Kucherawy wrote: >> -----Original Message----- >> From: n.mavrogiannopoulos at gmail.com [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos >> Mavrogiannopoulos >> Sent: Tuesday, December 14, 2010 4:53 PM >> To: Murray S. Kucherawy >> Cc: help-gnutls at gnu.org >> Subject: Re: RSA sign/verify and hash generation functions >> >> Did you try the interface in abstract.h for public keys? > > Yep, that's working. Great stuff! > One thing I need that this public key interface doesn't appear to have is a way to get the key size from a public key. Could that be added, or if it's there someplace, can you point me to it? What do you mean by key size? The indicator returned by gnutls_pubkey_get_pk_algorithm()? > Also, I have a need to, given a private key already imported, output a public key in PEM format to a buffer. The code I have now is doing this: > gnutls_x509_privkey_init(A) > gnutls_x509_privkey_import(A) > gnutls_x509_privkey_export_rsa_raw(A, m, e, otherstuff) > gnutls_pubkey_init(B) > gnutls_pubkey_import_rsa_raw(B, m, e) > gnutls_pubkey_export(B, PEM, buf, &buflen) > Should that give me what I want, or do you have another interface to suggest? I've just added (not tested yet) gnutls_pubkey_import_privkey() that will import the public parameters from a gnutls_privkey_t structure. Thus it would still be quite some calls, but you don't need to export anything. How does it look? gnutls_x509_privkey_init(A) gnutls_x509_privkey_import(A) gnutls_privkey_init(P) gnutls_privkey_import_x509(P,A) gnutls_pubkey_init(B) gnutls_pubkey_import_privkey(B,P) regards, Nikos From msk at cloudmark.com Thu Dec 16 18:49:39 2010 From: msk at cloudmark.com (Murray S. Kucherawy) Date: Thu, 16 Dec 2010 09:49:39 -0800 Subject: RSA sign/verify and hash generation functions In-Reply-To: <4D0A3A47.6060804@gnutls.org> References: <4CF52F69.2020909@gnutls.org> <4D00068D.6090005@gnutls.org> <4D0091C9.1060902@gnutls.org> <4D0693C9.5040109@gnutls.org> <4D0A3A47.6060804@gnutls.org> Message-ID: > -----Original Message----- > From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] Of Behalf Of Nikos Mavrogiannopoulos > Sent: Thursday, December 16, 2010 8:12 AM > To: Murray S. Kucherawy > Cc: help-gnutls at gnu.org > Subject: Re: RSA sign/verify and hash generation functions > > > One thing I need that this public key interface doesn't appear to > > have is a way to get the key size from a public key. Could that be > > added, or if it's there someplace, can you point me to it? > > What do you mean by key size? The indicator returned by > gnutls_pubkey_get_pk_algorithm()? It's telling me the key is zero bits long. My call sequence is: bits = 0; gnutls_pubkey_init(&X) gnutls_pubkey_import(X, &keydata, GNUTLS_X509_FMT_DER); gnutls_pubkey_verify_hash(X, 0, &digest, &signature); <== works; returns 1 gnutls_pubkey_get_pk_algorithm(X, &bits); assert(bits > 0); <== FAILS It looks like key->bits is never set to anything by gnutls_pubkey_import(). > I've just added (not tested yet) gnutls_pubkey_import_privkey() that > will import the public parameters from a gnutls_privkey_t structure. > > Thus it would still be quite some calls, but you don't need to export > anything. How does it look? > > gnutls_x509_privkey_init(A) > gnutls_x509_privkey_import(A) > gnutls_privkey_init(P) > gnutls_privkey_import_x509(P,A) > gnutls_pubkey_init(B) > gnutls_pubkey_import_privkey(B,P) Works for me. Let me know when you'd like me to grab a snapshot and try it. -MSK From nmav at gnutls.org Thu Dec 16 22:23:29 2010 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 16 Dec 2010 22:23:29 +0100 Subject: RSA sign/verify and hash generation functions In-Reply-To: References: <4CF52F69.2020909@gnutls.org> <4D00068D.6090005@gnutls.org> <4D0091C9.1060902@gnutls.org> <4D0693C9.5040109@gnutls.org> <4D0A3A47.6060804@gnutls.org> Message-ID: <4D0A8351.9040704@gnutls.org> On 12/16/2010 06:49 PM, Murray S. Kucherawy wrote: >> What do you mean by key size? The indicator returned by >> gnutls_pubkey_get_pk_algorithm()? > > It's telling me the key is zero bits long. My call sequence is: > > bits = 0; > gnutls_pubkey_init(&X) > gnutls_pubkey_import(X, &keydata, GNUTLS_X509_FMT_DER); > gnutls_pubkey_verify_hash(X, 0, &digest, &signature); <== works; returns 1 > gnutls_pubkey_get_pk_algorithm(X, &bits); > assert(bits > 0); <== FAILS > > It looks like key->bits is never set to anything by gnutls_pubkey_import(). It was not set when importing from a raw format. Should work now. >> I've just added (not tested yet) gnutls_pubkey_import_privkey() that >> will import the public parameters from a gnutls_privkey_t structure. >> >> Thus it would still be quite some calls, but you don't need to export >> anything. How does it look? >> >> gnutls_x509_privkey_init(A) >> gnutls_x509_privkey_import(A) >> gnutls_privkey_init(P) >> gnutls_privkey_import_x509(P,A) >> gnutls_pubkey_init(B) >> gnutls_pubkey_import_privkey(B,P) > > Works for me. Let me know when you'd like me to grab a snapshot and try it. Should work by now. regards, Nikos From msk at cloudmark.com Fri Dec 17 00:17:44 2010 From: msk at cloudmark.com (Murray S. Kucherawy) Date: Thu, 16 Dec 2010 15:17:44 -0800 Subject: RSA sign/verify and hash generation functions In-Reply-To: <4D0A8351.9040704@gnutls.org> References: <4CF52F69.2020909@gnutls.org> <4D00068D.6090005@gnutls.org> <4D0091C9.1060902@gnutls.org> <4D0693C9.5040109@gnutls.org> <4D0A3A47.6060804@gnutls.org> <4D0A8351.9040704@gnutls.org> Message-ID: > -----Original Message----- > From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos > Sent: Thursday, December 16, 2010 1:23 PM > To: Murray S. Kucherawy > Cc: help-gnutls at gnu.org > Subject: Re: RSA sign/verify and hash generation functions > > > bits = 0; > > gnutls_pubkey_init(&X) > > gnutls_pubkey_import(X, &keydata, GNUTLS_X509_FMT_DER); > > gnutls_pubkey_verify_hash(X, 0, &digest, &signature); <== works; returns 1 > > gnutls_pubkey_get_pk_algorithm(X, &bits); > > assert(bits > 0); <== FAILS > > > > It looks like key->bits is never set to anything by > > gnutls_pubkey_import(). > > It was not set when importing from a raw format. Should work now. No improvement. The diff I see in your repository updated gnutls_pubkey_import_rsa_raw(), but not gnutls_pubkey_import(), and the latter doesn't appear to call the former. Adding this at line 698... key->bits = _gnutls_mpi_get_nbits(key->params[0]); ...seems to do the trick, though I don't know if that's the right thing to do or not. > >> gnutls_x509_privkey_init(A) > >> gnutls_x509_privkey_import(A) > >> gnutls_privkey_init(P) > >> gnutls_privkey_import_x509(P,A) > >> gnutls_pubkey_init(B) > >> gnutls_pubkey_import_privkey(B,P) > > > > Works for me. Let me know when you'd like me to grab a snapshot and > > try it. > > Should work by now. Trying to make sense of the "usage" parameter for that last function call. I imagine for this application (RSA verifying), I need to set it to GNUTLS_KEY_DIGITAL_SIGNATURE? From nmav at gnutls.org Sun Dec 19 05:08:10 2010 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 19 Dec 2010 05:08:10 +0100 Subject: RSA sign/verify and hash generation functions In-Reply-To: References: <4D00068D.6090005@gnutls.org> <4D0091C9.1060902@gnutls.org> <4D0693C9.5040109@gnutls.org> <4D0A3A47.6060804@gnutls.org> <4D0A8351.9040704@gnutls.org> Message-ID: <4D0D852A.2090004@gnutls.org> On 12/17/2010 12:17 AM, Murray S. Kucherawy wrote: >> -----Original Message----- >> From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos >> Sent: Thursday, December 16, 2010 1:23 PM >> To: Murray S. Kucherawy >> Cc: help-gnutls at gnu.org >> Subject: Re: RSA sign/verify and hash generation functions >> >>> bits = 0; >>> gnutls_pubkey_init(&X) >>> gnutls_pubkey_import(X, &keydata, GNUTLS_X509_FMT_DER); >>> gnutls_pubkey_verify_hash(X, 0, &digest, &signature); <== works; returns 1 >>> gnutls_pubkey_get_pk_algorithm(X, &bits); >>> assert(bits > 0); <== FAILS >>> >>> It looks like key->bits is never set to anything by >>> gnutls_pubkey_import(). >> It was not set when importing from a raw format. Should work now. > No improvement. The diff I see in your repository updated gnutls_pubkey_import_rsa_raw(), but not gnutls_pubkey_import(), and the latter doesn't appear to call the former. I missed that one, should be ok now. >>>> gnutls_x509_privkey_init(A) >>>> gnutls_x509_privkey_import(A) >>>> gnutls_privkey_init(P) >>>> gnutls_privkey_import_x509(P,A) >>>> gnutls_pubkey_init(B) >>>> gnutls_pubkey_import_privkey(B,P) >>> Works for me. Let me know when you'd like me to grab a snapshot and >>> try it. >> Should work by now. > Trying to make sense of the "usage" parameter for that last function call. I imagine for this application (RSA verifying), I need to set it to GNUTLS_KEY_DIGITAL_SIGNATURE? It's only useful if you export the public key to a certificate or certificate request. The digital signature is usage is ok. regards, Nikos From msk at cloudmark.com Mon Dec 20 20:27:21 2010 From: msk at cloudmark.com (Murray S. Kucherawy) Date: Mon, 20 Dec 2010 11:27:21 -0800 Subject: RSA sign/verify and hash generation functions In-Reply-To: <4D0D852A.2090004@gnutls.org> References: <4D00068D.6090005@gnutls.org> <4D0091C9.1060902@gnutls.org> <4D0693C9.5040109@gnutls.org> <4D0A3A47.6060804@gnutls.org> <4D0A8351.9040704@gnutls.org> <4D0D852A.2090004@gnutls.org> Message-ID: > -----Original Message----- > From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos > Sent: Saturday, December 18, 2010 8:08 PM > To: Murray S. Kucherawy > Cc: help-gnutls at gnu.org > Subject: Re: RSA sign/verify and hash generation functions > > I missed that one, should be ok now. > [...] A build from a master snapshot now works out-of-the box. Great stuff, thank you! -MSK