x509-validation 1.6.10 → 1.6.11
raw patch · 4 files changed
+46/−4 lines, 4 filesdep ~cryptonitedep ~x509
Dependency ranges changed: cryptonite, x509
Files
- Data/X509/Validation/Signature.hs +18/−0
- Tests/Certificate.hs +21/−0
- Tests/Tests.hs +2/−0
- x509-validation.cabal +5/−4
Data/X509/Validation/Signature.hs view
@@ -14,11 +14,14 @@ , SignatureFailure(..) ) where +import Crypto.Error (CryptoFailable(..)) import qualified Crypto.PubKey.RSA.PKCS15 as RSA import qualified Crypto.PubKey.RSA.PSS as PSS import qualified Crypto.PubKey.DSA as DSA import qualified Crypto.PubKey.ECC.Types as ECC import qualified Crypto.PubKey.ECC.ECDSA as ECDSA+import qualified Crypto.PubKey.Ed25519 as Ed25519+import qualified Crypto.PubKey.Ed448 as Ed448 import Crypto.Hash import Data.ByteString (ByteString)@@ -120,6 +123,21 @@ rsaVerify HashSHA256 = RSA.verify (Just SHA256) rsaVerify HashSHA384 = RSA.verify (Just SHA384) rsaVerify HashSHA512 = RSA.verify (Just SHA512)++verifySignature (SignatureALG_IntrinsicHash pubkeyALG) pubkey cdata signature+ | pubkeyToAlg pubkey == pubkeyALG = doVerify pubkey+ | otherwise = SignatureFailed SignaturePubkeyMismatch+ where+ doVerify (PubKeyEd25519 key) = eddsa Ed25519.verify Ed25519.signature key+ doVerify (PubKeyEd448 key) = eddsa Ed448.verify Ed448.signature key+ doVerify _ = SignatureFailed SignatureUnimplemented++ eddsa verify toSig key =+ case toSig signature of+ CryptoPassed sig+ | verify key cdata sig -> SignaturePass+ | otherwise -> SignatureFailed SignatureInvalid+ CryptoFailed _ -> SignatureFailed SignatureInvalid verifyECDSA :: HashALG -> PubKeyEC -> Maybe (ByteString -> ByteString -> Bool) verifyECDSA hashALG key =
Tests/Certificate.hs view
@@ -35,6 +35,8 @@ import qualified Crypto.PubKey.ECC.ECDSA as ECDSA import qualified Crypto.PubKey.ECC.Generate as ECC import qualified Crypto.PubKey.ECC.Types as ECC+import qualified Crypto.PubKey.Ed25519 as Ed25519+import qualified Crypto.PubKey.Ed448 as Ed448 import qualified Crypto.PubKey.RSA as RSA import qualified Crypto.PubKey.RSA.PKCS15 as RSA import qualified Crypto.PubKey.RSA.PSS as PSS@@ -44,6 +46,7 @@ import Data.ASN1.BinaryEncoding (DER(..)) import Data.ASN1.Encoding import Data.ASN1.Types+import Data.ByteArray (convert) import Data.Maybe (catMaybes) import Data.String (fromString) import Data.X509@@ -97,6 +100,10 @@ -> GHash hash -> Alg ECDSA.PublicKey ECDSA.PrivateKey + AlgEd25519 :: Alg Ed25519.PublicKey Ed25519.SecretKey++ AlgEd448 :: Alg Ed448.PublicKey Ed448.SecretKey+ -- | Types of public and private keys used by a signature algorithm. type Keys pub priv = (Alg pub priv, pub, priv) @@ -112,6 +119,12 @@ let curve = ECC.getCurveByName name (pub, priv) <- ECC.generate curve return (alg, pub, priv)+generateKeys alg@AlgEd25519 = do+ secret <- Ed25519.generateSecretKey+ return (alg, Ed25519.toPublic secret, secret)+generateKeys alg@AlgEd448 = do+ secret <- Ed448.generateSecretKey+ return (alg, Ed448.toPublic secret, secret) generateRSAKeys :: Alg RSA.PublicKey RSA.PrivateKey -> Int@@ -133,12 +146,16 @@ bs = B.cons 4 (i2ospOf_ bytes x `B.append` i2ospOf_ bytes y) bits = ECC.curveSizeBits (ECC.getCurveByName name) bytes = (bits + 7) `div` 8+getPubKey AlgEd25519 key = PubKeyEd25519 key+getPubKey AlgEd448 key = PubKeyEd448 key getSignatureALG :: Alg pub priv -> SignatureALG getSignatureALG (AlgRSA _ hash) = SignatureALG (getHashALG hash) PubKeyALG_RSA getSignatureALG (AlgRSAPSS _ _ hash) = SignatureALG (getHashALG hash) PubKeyALG_RSAPSS getSignatureALG (AlgDSA _ hash) = SignatureALG (getHashALG hash) PubKeyALG_DSA getSignatureALG (AlgEC _ hash) = SignatureALG (getHashALG hash) PubKeyALG_EC+getSignatureALG AlgEd25519 = SignatureALG_IntrinsicHash PubKeyALG_Ed25519+getSignatureALG AlgEd448 = SignatureALG_IntrinsicHash PubKeyALG_Ed448 doSign :: Alg pub priv -> priv -> B.ByteString -> IO B.ByteString doSign (AlgRSA _ hash) key msg = do@@ -167,6 +184,10 @@ , IntVal (ECDSA.sign_s sig) , End Sequence ]+doSign AlgEd25519 key msg =+ return $ convert $ Ed25519.sign key (Ed25519.toPublic key) msg+doSign AlgEd448 key msg =+ return $ convert $ Ed448.sign key (Ed448.toPublic key) msg -- Certificate utilities --
Tests/Tests.hs view
@@ -583,6 +583,8 @@ , treeWithAlg "RSAPSS" (AlgRSAPSS 2048 pssParams hashSHA224) , treeWithAlg "DSA" (AlgDSA dsaParams hashSHA1) , treeWithAlg "ECDSA" (AlgEC curveName hashSHA512)+ , treeWithAlg "Ed25519" AlgEd25519+ , treeWithAlg "Ed448" AlgEd448 ] where pssParams = PSS.defaultPSSParams SHA224
x509-validation.cabal view
@@ -1,6 +1,6 @@ Name: x509-validation-version: 1.6.10-Description: X.509 Certificate and CRL validation+version: 1.6.11+Description: X.509 Certificate and CRL validation. please see README License: BSD3 License-file: LICENSE Copyright: Vincent Hanquez <vincent@snarc.org>@@ -25,9 +25,9 @@ , pem >= 0.1 , asn1-types >= 0.3 && < 0.4 , asn1-encoding >= 0.9 && < 0.10- , x509 >= 1.6.5+ , x509 >= 1.7.5 , x509-store >= 1.6- , cryptonite >= 0.8+ , cryptonite >= 0.24 Exposed-modules: Data.X509.Validation Other-modules: Data.X509.Validation.Signature Data.X509.Validation.Fingerprint@@ -43,6 +43,7 @@ Other-modules: Certificate Build-Depends: base >= 3 && < 5 , bytestring+ , memory , data-default-class , tasty , tasty-hunit