mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 12:25:45 +01:00
Start parsing RSASSA-PSS parameters
This commit is contained in:
parent
b1d4eb16e4
commit
d9fd87be33
@ -256,6 +256,8 @@ int x509_get_alg_null( unsigned char **p, const unsigned char *end,
|
|||||||
x509_buf *alg );
|
x509_buf *alg );
|
||||||
int x509_get_alg( unsigned char **p, const unsigned char *end,
|
int x509_get_alg( unsigned char **p, const unsigned char *end,
|
||||||
x509_buf *alg, x509_buf *params );
|
x509_buf *alg, x509_buf *params );
|
||||||
|
int x509_get_rsassa_pss_params( const x509_buf *params, md_type_t *md_alg,
|
||||||
|
int *salt_len, int *trailer_field );
|
||||||
int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig );
|
int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig );
|
||||||
int x509_get_sig_alg( const x509_buf *sig_oid, md_type_t *md_alg,
|
int x509_get_sig_alg( const x509_buf *sig_oid, md_type_t *md_alg,
|
||||||
pk_type_t *pk_alg );
|
pk_type_t *pk_alg );
|
||||||
|
@ -132,6 +132,92 @@ int x509_get_alg( unsigned char **p, const unsigned char *end,
|
|||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* RSASSA-PSS-params ::= SEQUENCE {
|
||||||
|
* hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier,
|
||||||
|
* maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1Identifier,
|
||||||
|
* saltLength [2] INTEGER DEFAULT 20,
|
||||||
|
* trailerField [3] INTEGER DEFAULT 1 }
|
||||||
|
* -- Note that the tags in this Sequence are explicit.
|
||||||
|
*/
|
||||||
|
int x509_get_rsassa_pss_params( const x509_buf *params,
|
||||||
|
md_type_t *md_alg,
|
||||||
|
int *salt_len,
|
||||||
|
int *trailer_field )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
unsigned char *p;
|
||||||
|
const unsigned char *end;
|
||||||
|
size_t len;
|
||||||
|
x509_buf alg_id;
|
||||||
|
|
||||||
|
/* First set everything to defaults */
|
||||||
|
*md_alg = POLARSSL_MD_SHA1;
|
||||||
|
*salt_len = 20;
|
||||||
|
*trailer_field = 1;
|
||||||
|
|
||||||
|
/* Make sure params is a SEQUENCE and setup bounds */
|
||||||
|
if( params->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
|
||||||
|
return( POLARSSL_ERR_X509_INVALID_ALG +
|
||||||
|
POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
|
||||||
|
|
||||||
|
p = (unsigned char *) params->p;
|
||||||
|
end = p + params->len;
|
||||||
|
|
||||||
|
if( p == end )
|
||||||
|
return( 0 );
|
||||||
|
|
||||||
|
if( ( ret = asn1_get_tag( &p, end, &len,
|
||||||
|
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) == 0 )
|
||||||
|
{
|
||||||
|
/* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
|
||||||
|
// TODO: WIP
|
||||||
|
}
|
||||||
|
else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
|
||||||
|
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
|
||||||
|
|
||||||
|
if( ( ret = asn1_get_tag( &p, end, &len,
|
||||||
|
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) ) == 0 )
|
||||||
|
{
|
||||||
|
/* MaskGenAlgorithm ::= AlgorithmIdentifier */
|
||||||
|
// TODO: WIP
|
||||||
|
}
|
||||||
|
else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
|
||||||
|
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
|
||||||
|
|
||||||
|
if( p == end )
|
||||||
|
return( 0 );
|
||||||
|
|
||||||
|
if( ( ret = asn1_get_tag( &p, end, &len,
|
||||||
|
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 2 ) ) == 0 )
|
||||||
|
{
|
||||||
|
/* salt_len */
|
||||||
|
if( ( ret = asn1_get_int( &p, p + len, salt_len ) ) != 0 )
|
||||||
|
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
|
||||||
|
}
|
||||||
|
else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
|
||||||
|
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
|
||||||
|
|
||||||
|
if( p == end )
|
||||||
|
return( 0 );
|
||||||
|
|
||||||
|
if( ( ret = asn1_get_tag( &p, end, &len,
|
||||||
|
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 3 ) ) == 0 )
|
||||||
|
{
|
||||||
|
/* trailer_field */
|
||||||
|
if( ( ret = asn1_get_int( &p, p + len, trailer_field ) ) != 0 )
|
||||||
|
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
|
||||||
|
}
|
||||||
|
else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
|
||||||
|
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
|
||||||
|
|
||||||
|
if( p != end )
|
||||||
|
return( POLARSSL_ERR_X509_INVALID_ALG +
|
||||||
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* AttributeTypeAndValue ::= SEQUENCE {
|
* AttributeTypeAndValue ::= SEQUENCE {
|
||||||
* type AttributeType,
|
* type AttributeType,
|
||||||
|
@ -617,6 +617,22 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
|
|||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if( crt->sig_pk == POLARSSL_PK_RSASSA_PSS )
|
||||||
|
{
|
||||||
|
int salt_len, trailer_field;
|
||||||
|
|
||||||
|
if( ( ret = x509_get_rsassa_pss_params( &crt->sig_params,
|
||||||
|
&crt->sig_md, &salt_len, &trailer_field ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/* Make sure parameters were absent or NULL */
|
||||||
|
if( ( crt->sig_params.tag != ASN1_NULL && crt->sig_params.tag != 0 ) ||
|
||||||
|
crt->sig_params.len != 0 )
|
||||||
|
return( POLARSSL_ERR_X509_INVALID_ALG );
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* issuer Name
|
* issuer Name
|
||||||
*/
|
*/
|
||||||
@ -1166,6 +1182,21 @@ int x509_crt_info( char *buf, size_t size, const char *prefix,
|
|||||||
ret = snprintf( p, n, "%s", desc );
|
ret = snprintf( p, n, "%s", desc );
|
||||||
SAFE_SNPRINTF();
|
SAFE_SNPRINTF();
|
||||||
|
|
||||||
|
if( crt->sig_pk == POLARSSL_PK_RSASSA_PSS )
|
||||||
|
{
|
||||||
|
md_type_t md_alg;
|
||||||
|
int salt_len, trailer_field;
|
||||||
|
|
||||||
|
if( ( ret = x509_get_rsassa_pss_params( &crt->sig_params,
|
||||||
|
&md_alg, &salt_len, &trailer_field ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
// TODO: SHA1 harcoded twice (WIP)
|
||||||
|
ret = snprintf( p, n, " (SHA1, MGF1-SHA1, %d, %d)",
|
||||||
|
salt_len, trailer_field );
|
||||||
|
SAFE_SNPRINTF();
|
||||||
|
}
|
||||||
|
|
||||||
if( ( ret = x509_key_size_helper( key_size_str, BEFORE_COLON,
|
if( ( ret = x509_key_size_helper( key_size_str, BEFORE_COLON,
|
||||||
pk_get_name( &crt->pk ) ) ) != 0 )
|
pk_get_name( &crt->pk ) ) ) != 0 )
|
||||||
{
|
{
|
||||||
|
@ -44,7 +44,7 @@ x509_cert_info:"data_files/cert_sha512.crt":"cert. version \: 3\nserial number \
|
|||||||
|
|
||||||
X509 Certificate information RSA-PSS, SHA1 Digest
|
X509 Certificate information RSA-PSS, SHA1 Digest
|
||||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
|
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
|
||||||
x509_cert_info:"data_files/server9.crt":"cert. version \: 3\nserial number \: 16\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:38\:16\nexpires on \: 2024-01-18 13\:38\:16\nsigned using \: RSASSA-PSS\nRSA key size \: 1024 bits\n"
|
x509_cert_info:"data_files/server9.crt":"cert. version \: 3\nserial number \: 16\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:38\:16\nexpires on \: 2024-01-18 13\:38\:16\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 234, 1)\nRSA key size \: 1024 bits\n"
|
||||||
|
|
||||||
X509 Certificate information EC, SHA1 Digest
|
X509 Certificate information EC, SHA1 Digest
|
||||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
|
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
|
||||||
|
Loading…
Reference in New Issue
Block a user