1) altough always used constant MBEDTLS_MD_SHA256 parameters are signed with sha1 and then we have MBEDTLS_ERR_RSA_VERIFY_FAILED in library\rsa.c on line 1435
2) in dh_server.c when receiving client's public value length of buffer must be dhm.len
Nice cryptolibrary, totally ready to work in kernel mode I think
patch:
2) in dh_server.c when receiving client's public value length of buffer must be dhm.len
Nice cryptolibrary, totally ready to work in kernel mode I think
patch:
diff -up D:\work\src\crypto\mbedtls-2.3.0\programs\pkey/dh_client.c D:\work\src\mbedtls-2.3.0\programs\pkey/dh_client.c
*** D:\work\src\crypto\mbedtls-2.3.0\programs\pkey/dh_client.c Mon Jun 27 21:50:36 2016
--- D:\work\src\mbedtls-2.3.0\programs\pkey/dh_client.c Wed Aug 31 17:58:33 2016
***************
*** 41,47 ****
#include "mbedtls/aes.h"
#include "mbedtls/dhm.h"
#include "mbedtls/rsa.h"
! #include "mbedtls/sha1.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
--- 41,47 ----
#include "mbedtls/aes.h"
#include "mbedtls/dhm.h"
#include "mbedtls/rsa.h"
! #include "mbedtls/sha256.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
*************** int main( void )
*** 210,216 ****
goto exit;
}
! mbedtls_sha1( buf, (int)( p - 2 - buf ), hash );
if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 )
--- 210,216 ----
goto exit;
}
! mbedtls_sha256( buf, (int)( p - 2 - buf ), hash, 0 );
if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 )
diff -up D:\work\src\crypto\mbedtls-2.3.0\programs\pkey/dh_server.c D:\work\src\mbedtls-2.3.0\programs\pkey/dh_server.c
*** D:\work\src\crypto\mbedtls-2.3.0\programs\pkey/dh_server.c Mon Jun 27 21:50:36 2016
--- D:\work\src\mbedtls-2.3.0\programs\pkey/dh_server.c Wed Aug 31 18:12:33 2016
***************
*** 41,47 ****
#include "mbedtls/aes.h"
#include "mbedtls/dhm.h"
#include "mbedtls/rsa.h"
! #include "mbedtls/sha1.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
--- 41,47 ----
#include "mbedtls/aes.h"
#include "mbedtls/dhm.h"
#include "mbedtls/rsa.h"
! #include "mbedtls/sha256.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
*************** int main( void )
*** 201,207 ****
/*
* 5. Sign the parameters and send them
*/
! mbedtls_sha1( buf, n, hash );
buf[n ] = (unsigned char)( rsa.len >> 8 );
buf[n + 1] = (unsigned char)( rsa.len );
--- 201,207 ----
/*
* 5. Sign the parameters and send them
*/
! mbedtls_sha256( buf, n, hash, 0 );
buf[n ] = (unsigned char)( rsa.len >> 8 );
buf[n + 1] = (unsigned char)( rsa.len );
*************** int main( void )
*** 232,238 ****
memset( buf, 0, sizeof( buf ) );
! if( ( ret = mbedtls_net_recv( &client_fd, buf, n ) ) != (int) n )
{
mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
goto exit;
--- 232,238 ----
memset( buf, 0, sizeof( buf ) );
! if( ( ret = mbedtls_net_recv( &client_fd, buf, dhm.len ) ) != (int)dhm.len )
{
mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
goto exit;