Finish parsing RSASSA-PSS parameters
diff --git a/library/x509.c b/library/x509.c
index 45dcea0..acdb0bc 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -138,6 +138,62 @@
}
/*
+ * HashAlgorithm ::= AlgorithmIdentifier
+ *
+ * AlgorithmIdentifier ::= SEQUENCE {
+ * algorithm OBJECT IDENTIFIER,
+ * parameters ANY DEFINED BY algorithm OPTIONAL }
+ *
+ * For HashAlgorithm, parameters MUST be NULL or absent.
+ */
+static int x509_get_hash_alg( const x509_buf *alg, md_type_t *md_alg )
+{
+ int ret;
+ unsigned char *p;
+ const unsigned char *end;
+ x509_buf md_oid;
+ size_t len;
+
+ /* Make sure we got a SEQUENCE and setup bounds */
+ if( alg->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
+ return( POLARSSL_ERR_X509_INVALID_ALG +
+ POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
+
+ p = (unsigned char *) alg->p;
+ end = p + alg->len;
+
+ if( p >= end )
+ return( POLARSSL_ERR_X509_INVALID_ALG +
+ POLARSSL_ERR_ASN1_OUT_OF_DATA );
+
+ /* Parse md_oid */
+ md_oid.tag = *p;
+
+ if( ( ret = asn1_get_tag( &p, end, &md_oid.len, ASN1_OID ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_ALG + ret );
+
+ md_oid.p = p;
+ p += md_oid.len;
+
+ /* Get md_alg from md_oid */
+ if( ( ret = oid_get_md_alg( &md_oid, md_alg ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_ALG + ret );
+
+ /* Make sure params is absent of NULL */
+ if( p == end )
+ return( 0 );
+
+ if( ( ret = asn1_get_tag( &p, end, &len, ASN1_NULL ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_ALG + ret );
+
+ if( p != end )
+ return( POLARSSL_ERR_X509_INVALID_ALG +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+ return( 0 );
+}
+
+/*
* RSASSA-PSS-params ::= SEQUENCE {
* hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier,
* maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1Identifier,
@@ -146,18 +202,18 @@
* -- Note that the tags in this Sequence are explicit.
*/
int x509_get_rsassa_pss_params( const x509_buf *params,
- md_type_t *md_alg,
- int *salt_len,
- int *trailer_field )
+ md_type_t *md_alg, md_type_t *mgf_md,
+ int *salt_len, int *trailer_field )
{
int ret;
unsigned char *p;
const unsigned char *end;
size_t len;
- x509_buf alg_id;
+ x509_buf alg_id, alg_params;
/* First set everything to defaults */
*md_alg = POLARSSL_MD_SHA1;
+ *mgf_md = POLARSSL_MD_SHA1;
*salt_len = 20;
*trailer_field = 1;
@@ -175,8 +231,12 @@
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) == 0 )
{
- /* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
- // TODO: WIP
+ /* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
+ if( ( ret = x509_get_alg_null( &p, p + len, &alg_id ) ) != 0 )
+ return( ret );
+
+ if( ( ret = oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_ALG + ret );
}
else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
@@ -184,8 +244,18 @@
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) ) == 0 )
{
- /* MaskGenAlgorithm ::= AlgorithmIdentifier */
- // TODO: WIP
+ /* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */
+ if( ( ret = x509_get_alg( &p, p + len, &alg_id, &alg_params ) ) != 0 )
+ return( ret );
+
+ /* Only MFG1 is recognised for now */
+ if( ! OID_CMP( OID_MGF1, &alg_id ) )
+ return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE +
+ POLARSSL_ERR_OID_NOT_FOUND );
+
+ /* Parse HashAlgorithm */
+ if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
+ return( ret );
}
else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 6d206a3..85e4ef9 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -625,9 +625,12 @@
if( crt->sig_pk == POLARSSL_PK_RSASSA_PSS )
{
int salt_len, trailer_field;
+ md_type_t mgf_md;
- if( ( ret = x509_get_rsassa_pss_params( &crt->sig_params,
- &crt->sig_md, &salt_len, &trailer_field ) ) != 0 )
+ /* Make sure params are valid */
+ ret = x509_get_rsassa_pss_params( &crt->sig_params,
+ &crt->sig_md, &mgf_md, &salt_len, &trailer_field );
+ if( ret != 0 )
return( ret );
}
else
@@ -1318,15 +1321,20 @@
if( crt->sig_pk == POLARSSL_PK_RSASSA_PSS )
{
- md_type_t md_alg;
+ md_type_t md_alg, mgf_md;
+ const md_info_t *md_info, *mgf_md_info;
int salt_len, trailer_field;
if( ( ret = x509_get_rsassa_pss_params( &crt->sig_params,
- &md_alg, &salt_len, &trailer_field ) ) != 0 )
+ &md_alg, &mgf_md, &salt_len, &trailer_field ) ) != 0 )
return( ret );
- // TODO: SHA1 harcoded twice (WIP)
- ret = snprintf( p, n, " (SHA1, MGF1-SHA1, %d, %d)",
+ md_info = md_info_from_type( md_alg );
+ mgf_md_info = md_info_from_type( mgf_md );
+
+ ret = snprintf( p, n, " (%s, MGF1-%s, 0x%02X, %d)",
+ md_info ? md_info->name : "???",
+ mgf_md_info ? mgf_md_info->name : "???",
salt_len, trailer_field );
SAFE_SNPRINTF();
}