Skip to content

Commit

Permalink
Implement RSA-PSS sign/verification as mentionned in benmcollins#72
Browse files Browse the repository at this point in the history
  • Loading branch information
@babelouest
babelouest committed Jul 25, 2019
1 parent c83f8ea commit 8bc8c12
Show file tree
Hide file tree
Showing 3 changed files with 51 additions and 0 deletions.
3 changes: 3 additions & 0 deletions include/jwt.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,9 @@ typedef enum jwt_alg {
JWT_ALG_ES256,
JWT_ALG_ES384,
JWT_ALG_ES512,
JWT_ALG_PS256,
JWT_ALG_PS384,
JWT_ALG_PS512,
JWT_ALG_TERM
} jwt_alg_t;

Expand Down
22 changes: 22 additions & 0 deletions libjwt/jwt-gnutls.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,18 @@ int jwt_sign_sha_pem(jwt_t *jwt, char **out, unsigned int *len, const char *str)
alg = GNUTLS_DIG_SHA512;
pk_alg = GNUTLS_PK_EC;
break;
case JWT_ALG_PS256:
alg = GNUTLS_DIG_SHA256;
pk_alg = GNUTLS_PK_RSA_PSS;
break;
case JWT_ALG_PS384:
alg = GNUTLS_DIG_SHA384;
pk_alg = GNUTLS_PK_RSA_PSS;
break;
case JWT_ALG_PS512:
alg = GNUTLS_DIG_SHA512;
pk_alg = GNUTLS_PK_RSA_PSS;
break;
default:
return EINVAL;
}
Expand Down Expand Up @@ -279,18 +291,28 @@ int jwt_verify_sha_pem(jwt_t *jwt, const char *head, const char *sig_b64)
case JWT_ALG_ES256:
alg = GNUTLS_SIGN_ECDSA_SHA256;
break;
case JWT_ALG_PS256:
alg = GNUTLS_SIGN_RSA_PSS_SHA256;
break;
case JWT_ALG_RS384:
alg = GNUTLS_DIG_SHA384;
break;
case JWT_ALG_ES384:
alg = GNUTLS_SIGN_ECDSA_SHA384;
break;
case JWT_ALG_PS384:
alg = GNUTLS_SIGN_RSA_PSS_SHA384;
break;
case JWT_ALG_RS512:
alg = GNUTLS_DIG_SHA512;
break;
case JWT_ALG_ES512:
alg = GNUTLS_SIGN_ECDSA_SHA512;
break;
case JWT_ALG_PS512:
alg = GNUTLS_SIGN_RSA_PSS_SHA512;
break;

default:
return EINVAL;
}
Expand Down
26 changes: 26 additions & 0 deletions libjwt/jwt-openssl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -195,6 +195,19 @@ int jwt_sign_sha_pem(jwt_t *jwt, char **out, unsigned int *len,
type = EVP_PKEY_EC;
break;

/* RSA-PSS */
case JWT_ALG_PS256:
alg = EVP_sha256();
type = EVP_PKEY_RSA_PSS;
break;
case JWT_ALG_PS384:
alg = EVP_sha384();
type = EVP_PKEY_RSA_PSS;
break;
case JWT_ALG_PS512:
alg = EVP_sha512();
type = EVP_PKEY_RSA_PSS;
break;
default:
return EINVAL;
}
Expand Down Expand Up @@ -350,6 +363,19 @@ int jwt_verify_sha_pem(jwt_t *jwt, const char *head, const char *sig_b64)
type = EVP_PKEY_EC;
break;

/* RSA-PSS */
case JWT_ALG_PS256:
alg = EVP_sha256();
type = EVP_PKEY_RSA_PSS;
break;
case JWT_ALG_PS384:
alg = EVP_sha384();
type = EVP_PKEY_RSA_PSS;
break;
case JWT_ALG_PS512:
alg = EVP_sha512();
type = EVP_PKEY_RSA_PSS;
break;
default:
return EINVAL;
}
Expand Down

0 comments on commit 8bc8c12

Please sign in to comment.