commit 39868ee3011bd60d7ecd2ee8f383b3b167680801
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Jan 24 18:47:17 2014 +0100
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Jun 02 16:10:30 2014 +0200
tree 3469d5eaf3c7cdf06993745834ed118f86037f17
parent 2a8d7fd76eeee43b7bb9694997a6623d6ff846b9

Parse CSRs signed with RSASSA-PSS

library/x509_csr.c

diff --git a/library/x509_csr.c b/library/x509_csr.c
index 16e212b..3118c0a 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -93,6 +93,7 @@
     int ret;
     size_t len;
     unsigned char *p, *end;
+    x509_buf sig_params;
 #if defined(POLARSSL_PEM_PARSE_C)
     size_t use_len;
     pem_context pem;
@@ -247,7 +248,7 @@
      *  signatureAlgorithm   AlgorithmIdentifier,
      *  signature            BIT STRING
      */
-    if( ( ret = x509_get_alg_null( &p, end, &csr->sig_oid ) ) != 0 )
+    if( ( ret = x509_get_alg( &p, end, &csr->sig_oid, &sig_params ) ) != 0 )
     {
         x509_csr_free( csr );
         return( ret );
@@ -260,6 +261,29 @@
         return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG );
     }
 
+#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
+    if( csr->sig_pk == POLARSSL_PK_RSASSA_PSS )
+    {
+        int salt_len, trailer_field;
+        md_type_t mgf_md;
+
+        /* Make sure params are valid */
+        ret = x509_get_rsassa_pss_params( &sig_params,
+                &csr->sig_md, &mgf_md, &salt_len, &trailer_field );
+        if( ret != 0 )
+            return( ret );
+
+        memcpy( &csr->sig_params, &sig_params, sizeof( x509_buf ) );
+    }
+    else
+#endif
+    {
+        /* Make sure parameters are absent or NULL */
+        if( ( sig_params.tag != ASN1_NULL && sig_params.tag != 0 ) ||
+              sig_params.len != 0 )
+        return( POLARSSL_ERR_X509_INVALID_ALG );
+    }
+
     if( ( ret = x509_get_sig( &p, end, &csr->sig ) ) != 0 )
     {
         x509_csr_free( csr );
@@ -386,6 +410,28 @@
         ret = snprintf( p, n, "%s", desc );
     SAFE_SNPRINTF();
 
+#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
+    if( csr->sig_pk == POLARSSL_PK_RSASSA_PSS )
+    {
+        md_type_t md_alg, mgf_md;
+        const md_info_t *md_info, *mgf_md_info;
+        int salt_len, trailer_field;
+
+        if( ( ret = x509_get_rsassa_pss_params( &csr->sig_params,
+                        &md_alg, &mgf_md, &salt_len, &trailer_field ) ) != 0 )
+            return( ret );
+
+        md_info = md_info_from_type( md_alg );
+        mgf_md_info = md_info_from_type( mgf_md );
+
+        ret = snprintf( p, n, " (%s, MGF1-%s, 0x%02X, %d)",
+                              md_info ? md_info->name : "???",
+                              mgf_md_info ? mgf_md_info->name : "???",
+                              salt_len, trailer_field );
+        SAFE_SNPRINTF();
+    }
+#endif /* POLARSSL_RSASSA_PSS_CERTIFICATES */
+
     if( ( ret = x509_key_size_helper( key_size_str, BEFORE_COLON,
                                       pk_get_name( &csr->pk ) ) ) != 0 )
     {