I am sorry, but this still causes me some troubles.
As far as I understand it, the hash in PKCS#1 is:
bytes 00 - 14: algorithm identifier + some more bytes
bytes 15 - 20: the hash
So I thought it might be sufficient do define a new gnutls_datum_t vdata
with
vdata.data = &raw_data->data[15]
vdata.size = raw_data->size-15
Did not work :) The TPM was happy, but the TLS handshake ended with
"Public key signature verification has failed."
Next try:
r=asn1_der_decoding(&dinfo,raw_data->data,raw_data->size,NULL);
if (r!=ASN1_SUCCESS) printf("ERROR: asn1_der_decoding: %s\n",asn2err(r));
r=asn1_read_value(dinfo,"digest",&vdata.data,&vdata.size);
if (r!=ASN1_SUCCESS) printf("ERROR: asn1_read_value: %s\n",asn2err(r));
However, this (=both functions) ends with
GNUTLS_E_ASN1_ELEMENT_NOT_FOUND. When I check decode_ber_digest_info in
the GnuTLS code I see that you initialize it first, probably with the
GnuTLS ASN.1 type. So this is probably the reason for this error,
however I see no easy way to initialize it in my code. Is there any
function that does that already?
On 06/10/2012 05:25 PM, Nikos Mavrogiannopoulos wrote:
On 06/10/2012 05:08 PM, Carolin Latze wrote:
shy question: what type of hashes will be delivered with RSA-SHA1? I get
a hash of 35 bytes length, which is a bit too long for a standard SHA1.
And it is too short for the old SHA1+MD5 hash that used to used in TLS.
It should be the PKCS #1 encoding applied after hashing. It includes an
algorithm identifier.
_______________________________________________
Help-gnutls mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/help-gnutls
