Basic parsing of certs signed with RSASSA-PSS
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index ad088a9..58e8cff 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -221,6 +221,22 @@
//#define POLARSSL_SHA512_ALT
/**
+ * \def POLARSSL_RSASSA_PSS_CERTIFICATES
+ *
+ * Enable parsing and verification of X.509 certificates and CRLs signed with
+ * RSASSA-PSS.
+ *
+ * This is disabled by default since it breaks binary compatibility with the
+ * 1.3.x line. If you choose to enable it, you will need to rebuild your
+ * application against the new header files, relinking will not be enough.
+ *
+ * TODO: actually disable it when done working on this branch ,)
+ *
+ * Uncomment this macro to allow using RSASSA-PSS in certificates.
+ */
+#define POLARSSL_RSASSA_PSS_CERTIFICATES
+
+/**
* \def POLARSSL_AES_ROM_TABLES
*
* Store the AES tables in ROM.
diff --git a/include/polarssl/oid.h b/include/polarssl/oid.h
index 32b0340..863cfda 100644
--- a/include/polarssl/oid.h
+++ b/include/polarssl/oid.h
@@ -207,6 +207,9 @@
#define OID_PKCS9_EMAIL OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
+/* RFC 4055 */
+#define OID_RSASSA_PSS OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
+
/*
* Digest algorithms
*/
diff --git a/include/polarssl/pk.h b/include/polarssl/pk.h
index 7014e42..1309f70 100644
--- a/include/polarssl/pk.h
+++ b/include/polarssl/pk.h
@@ -99,6 +99,7 @@
POLARSSL_PK_ECKEY_DH,
POLARSSL_PK_ECDSA,
POLARSSL_PK_RSA_ALT,
+ POLARSSL_PK_RSASSA_PSS,
} pk_type_t;
/**
diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h
index 7592348..5a9ed7d 100644
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@@ -276,6 +276,8 @@
x509_name *cur );
int x509_get_alg_null( unsigned char **p, const unsigned char *end,
x509_buf *alg );
+int x509_get_alg( unsigned char **p, const unsigned char *end,
+ x509_buf *alg, x509_buf *params );
int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig );
int x509_get_sig_alg( const x509_buf *sig_oid, md_type_t *md_alg,
pk_type_t *pk_alg );
diff --git a/include/polarssl/x509_crt.h b/include/polarssl/x509_crt.h
index 0081d36..09cc982 100644
--- a/include/polarssl/x509_crt.h
+++ b/include/polarssl/x509_crt.h
@@ -93,6 +93,9 @@
x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
+#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
+ x509_buf sig_params; /**< Parameters for the signature algorithm */
+#endif
struct _x509_crt *next; /**< Next certificate in the CA-chain. */
}