packages feed

x509-validation 1.6.10 → 1.6.11

raw patch · 4 files changed

+46/−4 lines, 4 filesdep ~cryptonitedep ~x509

Dependency ranges changed: cryptonite, x509

Files

Data/X509/Validation/Signature.hs view
@@ -14,11 +14,14 @@     , SignatureFailure(..)     ) where +import Crypto.Error (CryptoFailable(..)) import qualified Crypto.PubKey.RSA.PKCS15 as RSA import qualified Crypto.PubKey.RSA.PSS as PSS import qualified Crypto.PubKey.DSA as DSA import qualified Crypto.PubKey.ECC.Types as ECC import qualified Crypto.PubKey.ECC.ECDSA as ECDSA+import qualified Crypto.PubKey.Ed25519 as Ed25519+import qualified Crypto.PubKey.Ed448 as Ed448 import Crypto.Hash  import Data.ByteString (ByteString)@@ -120,6 +123,21 @@         rsaVerify HashSHA256 = RSA.verify (Just SHA256)         rsaVerify HashSHA384 = RSA.verify (Just SHA384)         rsaVerify HashSHA512 = RSA.verify (Just SHA512)++verifySignature (SignatureALG_IntrinsicHash pubkeyALG) pubkey cdata signature+    | pubkeyToAlg pubkey == pubkeyALG = doVerify pubkey+    | otherwise = SignatureFailed SignaturePubkeyMismatch+  where+    doVerify (PubKeyEd25519 key) = eddsa Ed25519.verify Ed25519.signature key+    doVerify (PubKeyEd448 key)   = eddsa Ed448.verify Ed448.signature key+    doVerify _                   = SignatureFailed SignatureUnimplemented++    eddsa verify toSig key =+        case toSig signature of+            CryptoPassed sig+                | verify key cdata sig -> SignaturePass+                | otherwise            -> SignatureFailed SignatureInvalid+            CryptoFailed _             -> SignatureFailed SignatureInvalid  verifyECDSA :: HashALG -> PubKeyEC -> Maybe (ByteString -> ByteString -> Bool) verifyECDSA hashALG key =
Tests/Certificate.hs view
@@ -35,6 +35,8 @@ import qualified Crypto.PubKey.ECC.ECDSA  as ECDSA import qualified Crypto.PubKey.ECC.Generate as ECC import qualified Crypto.PubKey.ECC.Types  as ECC+import qualified Crypto.PubKey.Ed25519    as Ed25519+import qualified Crypto.PubKey.Ed448      as Ed448 import qualified Crypto.PubKey.RSA        as RSA import qualified Crypto.PubKey.RSA.PKCS15 as RSA import qualified Crypto.PubKey.RSA.PSS    as PSS@@ -44,6 +46,7 @@ import Data.ASN1.BinaryEncoding (DER(..)) import Data.ASN1.Encoding import Data.ASN1.Types+import Data.ByteArray (convert) import Data.Maybe (catMaybes) import Data.String (fromString) import Data.X509@@ -97,6 +100,10 @@               -> GHash hash               -> Alg ECDSA.PublicKey ECDSA.PrivateKey +    AlgEd25519 :: Alg Ed25519.PublicKey Ed25519.SecretKey++    AlgEd448   :: Alg Ed448.PublicKey Ed448.SecretKey+ -- | Types of public and private keys used by a signature algorithm. type Keys pub priv = (Alg pub priv, pub, priv) @@ -112,6 +119,12 @@     let curve = ECC.getCurveByName name     (pub, priv) <- ECC.generate curve     return (alg, pub, priv)+generateKeys alg@AlgEd25519           = do+    secret <- Ed25519.generateSecretKey+    return (alg, Ed25519.toPublic secret, secret)+generateKeys alg@AlgEd448             = do+    secret <- Ed448.generateSecretKey+    return (alg, Ed448.toPublic secret, secret)  generateRSAKeys :: Alg RSA.PublicKey RSA.PrivateKey                 -> Int@@ -133,12 +146,16 @@     bs    = B.cons 4 (i2ospOf_ bytes x `B.append` i2ospOf_ bytes y)     bits  = ECC.curveSizeBits (ECC.getCurveByName name)     bytes = (bits + 7) `div` 8+getPubKey  AlgEd25519        key = PubKeyEd25519   key+getPubKey  AlgEd448          key = PubKeyEd448     key  getSignatureALG :: Alg pub priv -> SignatureALG getSignatureALG (AlgRSA    _   hash) = SignatureALG (getHashALG hash) PubKeyALG_RSA getSignatureALG (AlgRSAPSS _ _ hash) = SignatureALG (getHashALG hash) PubKeyALG_RSAPSS getSignatureALG (AlgDSA    _   hash) = SignatureALG (getHashALG hash) PubKeyALG_DSA getSignatureALG (AlgEC     _   hash) = SignatureALG (getHashALG hash) PubKeyALG_EC+getSignatureALG  AlgEd25519          = SignatureALG_IntrinsicHash PubKeyALG_Ed25519+getSignatureALG  AlgEd448            = SignatureALG_IntrinsicHash PubKeyALG_Ed448  doSign :: Alg pub priv -> priv -> B.ByteString -> IO B.ByteString doSign (AlgRSA _ hash)        key msg = do@@ -167,6 +184,10 @@                  , IntVal (ECDSA.sign_s sig)                  , End Sequence                  ]+doSign  AlgEd25519            key msg =+    return $ convert $ Ed25519.sign key (Ed25519.toPublic key) msg+doSign  AlgEd448              key msg =+    return $ convert $ Ed448.sign key (Ed448.toPublic key) msg   -- Certificate utilities --
Tests/Tests.hs view
@@ -583,6 +583,8 @@     , treeWithAlg "RSAPSS" (AlgRSAPSS 2048 pssParams hashSHA224)     , treeWithAlg "DSA"    (AlgDSA    dsaParams      hashSHA1)     , treeWithAlg "ECDSA"  (AlgEC     curveName      hashSHA512)+    , treeWithAlg "Ed25519" AlgEd25519+    , treeWithAlg "Ed448"   AlgEd448     ]   where     pssParams = PSS.defaultPSSParams SHA224
x509-validation.cabal view
@@ -1,6 +1,6 @@ Name:                x509-validation-version:             1.6.10-Description:         X.509 Certificate and CRL validation+version:             1.6.11+Description:         X.509 Certificate and CRL validation. please see README License:             BSD3 License-file:        LICENSE Copyright:           Vincent Hanquez <vincent@snarc.org>@@ -25,9 +25,9 @@                    , pem >= 0.1                    , asn1-types >= 0.3 && < 0.4                    , asn1-encoding >= 0.9 && < 0.10-                   , x509 >= 1.6.5+                   , x509 >= 1.7.5                    , x509-store >= 1.6-                   , cryptonite >= 0.8+                   , cryptonite >= 0.24   Exposed-modules:   Data.X509.Validation   Other-modules:     Data.X509.Validation.Signature                      Data.X509.Validation.Fingerprint@@ -43,6 +43,7 @@   Other-modules:     Certificate   Build-Depends:     base >= 3 && < 5                    , bytestring+                   , memory                    , data-default-class                    , tasty                    , tasty-hunit