From ff04bbe363ae8e98ab78c9d1c3735e9ac220c4b9 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 6 Mar 2010 19:55:25 +0000 Subject: [PATCH] Add PSS algorithm printing. This is an initial step towards full PSS support. Uses ASN1 module in Martin Kaiser's PSS patch. --- CHANGES | 13 +++-- crypto/objects/obj_dat.h | 20 +++++-- crypto/objects/obj_mac.h | 10 ++++ crypto/objects/obj_mac.num | 2 + crypto/objects/obj_xref.h | 2 + crypto/objects/obj_xref.txt | 4 ++ crypto/objects/objects.txt | 3 + crypto/rsa/rsa.h | 10 ++++ crypto/rsa/rsa_ameth.c | 111 +++++++++++++++++++++++++++++++++++- crypto/rsa/rsa_asn1.c | 10 ++++ 10 files changed, 174 insertions(+), 11 deletions(-) diff --git a/CHANGES b/CHANGES index 11ccdce558..b9700972a6 100644 --- a/CHANGES +++ b/CHANGES @@ -4,12 +4,15 @@ Changes between 1.0.0 and 1.1.0 [xx XXX xxxx] - *) Add algorithm specific signature printing. An individual ASN1 method - can now print out signatures instead of the standard hex dump. + *) Add signature printing for PSS. Add PSS OIDs. + [Steve Henson, Martin Kaiser ] - More complex signatures (e.g. PSS) can print out more meaningful - information. Include DSA version that prints out the signature - parameters r, s. + *) Add algorithm specific signature printing. An individual ASN1 method + can now print out signatures instead of the standard hex dump. + + More complex signatures (e.g. PSS) can print out more meaningful + information. Include DSA version that prints out the signature + parameters r, s. [Steve Henson] *) Add -trusted_first option which attempts to find certificates in the diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 1baa03ec96..1477c787f8 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 911 -#define NUM_SN 904 -#define NUM_LN 904 -#define NUM_OBJ 854 +#define NUM_NID 913 +#define NUM_SN 906 +#define NUM_LN 906 +#define NUM_OBJ 856 -static const unsigned char lvalues[5953]={ +static const unsigned char lvalues[5971]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -922,6 +922,8 @@ static const unsigned char lvalues[5953]={ 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03,/* [5926] OBJ_id_camellia192_wrap */ 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04,/* [5937] OBJ_id_camellia256_wrap */ 0x55,0x1D,0x25,0x00, /* [5948] OBJ_anyExtendedKeyUsage */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,/* [5952] OBJ_mgf1 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,/* [5961] OBJ_rsassaPss */ }; static const ASN1_OBJECT nid_objs[NUM_NID]={ @@ -2391,6 +2393,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ 11,&(lvalues[5937]),0}, {"anyExtendedKeyUsage","Any Extended Key Usage", NID_anyExtendedKeyUsage,4,&(lvalues[5948]),0}, +{"MGF1","mgf1",NID_mgf1,9,&(lvalues[5952]),0}, +{"RSASSA-PSS","rsassaPss",NID_rsassaPss,9,&(lvalues[5961]),0}, }; static const unsigned int sn_objs[NUM_SN]={ @@ -2495,6 +2499,7 @@ static const unsigned int sn_objs[NUM_SN]={ 4, /* "MD5" */ 114, /* "MD5-SHA1" */ 95, /* "MDC2" */ +911, /* "MGF1" */ 388, /* "Mail" */ 393, /* "NULL" */ 404, /* "NULL" */ @@ -2551,6 +2556,7 @@ static const unsigned int sn_objs[NUM_SN]={ 668, /* "RSA-SHA256" */ 669, /* "RSA-SHA384" */ 670, /* "RSA-SHA512" */ +912, /* "RSASSA-PSS" */ 777, /* "SEED-CBC" */ 779, /* "SEED-CFB" */ 776, /* "SEED-ECB" */ @@ -3882,6 +3888,7 @@ static const unsigned int ln_objs[NUM_LN]={ 602, /* "merchant initiated auth" */ 514, /* "message extensions" */ 51, /* "messageDigest" */ +911, /* "mgf1" */ 506, /* "mime-mhs-bodies" */ 505, /* "mime-mhs-headings" */ 488, /* "mobileTelephoneNumber" */ @@ -3981,6 +3988,7 @@ static const unsigned int ln_objs[NUM_LN]={ 6, /* "rsaEncryption" */ 644, /* "rsaOAEPEncryptionSET" */ 377, /* "rsaSignature" */ +912, /* "rsassaPss" */ 124, /* "run length compression" */ 482, /* "sOARecord" */ 155, /* "safeContentsBag" */ @@ -4797,6 +4805,8 @@ static const unsigned int obj_objs[NUM_OBJ]={ 8, /* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */ 65, /* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */ 644, /* OBJ_rsaOAEPEncryptionSET 1 2 840 113549 1 1 6 */ +911, /* OBJ_mgf1 1 2 840 113549 1 1 8 */ +912, /* OBJ_rsassaPss 1 2 840 113549 1 1 10 */ 668, /* OBJ_sha256WithRSAEncryption 1 2 840 113549 1 1 11 */ 669, /* OBJ_sha384WithRSAEncryption 1 2 840 113549 1 1 12 */ 670, /* OBJ_sha512WithRSAEncryption 1 2 840 113549 1 1 13 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index 7776abe72d..9b88cf88d6 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -580,6 +580,16 @@ #define NID_sha1WithRSAEncryption 65 #define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L +#define SN_mgf1 "MGF1" +#define LN_mgf1 "mgf1" +#define NID_mgf1 911 +#define OBJ_mgf1 OBJ_pkcs1,8L + +#define SN_rsassaPss "RSASSA-PSS" +#define LN_rsassaPss "rsassaPss" +#define NID_rsassaPss 912 +#define OBJ_rsassaPss OBJ_pkcs1,10L + #define SN_sha256WithRSAEncryption "RSA-SHA256" #define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" #define NID_sha256WithRSAEncryption 668 diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index bc8bc89a9c..5ff1f49e82 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -908,3 +908,5 @@ id_camellia128_wrap 907 id_camellia192_wrap 908 id_camellia256_wrap 909 anyExtendedKeyUsage 910 +mgf1 911 +rsassaPss 912 diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h index d5b9b8e198..e23938c296 100644 --- a/crypto/objects/obj_xref.h +++ b/crypto/objects/obj_xref.h @@ -38,10 +38,12 @@ static const nid_triple sigoid_srt[] = {NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94, NID_id_GostR3410_94}, {NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, NID_id_GostR3410_94_cc}, {NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, NID_id_GostR3410_2001_cc}, + {NID_rsassaPss, NID_undef, NID_rsaEncryption}, }; static const nid_triple * const sigoid_srt_xref[] = { + &sigoid_srt[29], &sigoid_srt[17], &sigoid_srt[18], &sigoid_srt[0], diff --git a/crypto/objects/obj_xref.txt b/crypto/objects/obj_xref.txt index e45b3d34b9..cb917182ee 100644 --- a/crypto/objects/obj_xref.txt +++ b/crypto/objects/obj_xref.txt @@ -13,6 +13,10 @@ sha512WithRSAEncryption sha512 rsaEncryption sha224WithRSAEncryption sha224 rsaEncryption mdc2WithRSA mdc2 rsaEncryption ripemd160WithRSA ripemd160 rsaEncryption +# For PSS the digest algorithm can vary and depends on the included +# AlgorithmIdentifier. The digest "undef" indicates the public key +# method should handle this explicitly. +rsassaPss undef rsaEncryption # Alternative deprecated OIDs. By using the older "rsa" OID this # type will be recognized by not normally used. diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 87c97c6105..7d53d9a12c 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -166,6 +166,9 @@ pkcs1 3 : RSA-MD4 : md4WithRSAEncryption pkcs1 4 : RSA-MD5 : md5WithRSAEncryption pkcs1 5 : RSA-SHA1 : sha1WithRSAEncryption # According to PKCS #1 version 2.1 +pkcs1 8 : MGF1 : mgf1 +pkcs1 10 : RSASSA-PSS : rsassaPss + pkcs1 11 : RSA-SHA256 : sha256WithRSAEncryption pkcs1 12 : RSA-SHA384 : sha384WithRSAEncryption pkcs1 13 : RSA-SHA512 : sha512WithRSAEncryption diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index cf74343657..e3565155ed 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -300,6 +300,16 @@ const RSA_METHOD *RSA_null_method(void); DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey) DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey) +typedef struct rsassaPssParams_st + { + X509_ALGOR *hashAlgorithm; + X509_ALGOR *maskGenAlgorithm; + ASN1_INTEGER *saltLength; + ASN1_INTEGER *trailerField; + } RSASSA_PSS_PARAMS; + +DECLARE_ASN1_FUNCTIONS(RSASSA_PSS_PARAMS) + #ifndef OPENSSL_NO_FP_API int RSA_print_fp(FILE *fp, const RSA *r,int offset); #endif diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index a3d85b1f44..649291ef7e 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -265,6 +265,114 @@ static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, return do_rsa_print(bp, pkey->pkey.rsa, indent, 1); } +static int rsa_pss_param_print(BIO *bp, RSASSA_PSS_PARAMS *pss, int indent) + { + int rv = 0; + X509_ALGOR *maskHash = NULL; + if (!pss) + { + if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0) + return 0; + } + if (BIO_puts(bp, "\n") <= 0) + goto err; + if (!BIO_indent(bp, indent, 128)) + goto err; + if (BIO_puts(bp, "Hash Algorithm: ") <= 0) + goto err; + + if (pss->hashAlgorithm) + { + if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0) + goto err; + } + else if (BIO_puts(bp, "sha1 (default)") <= 0) + goto err; + + if (BIO_puts(bp, "\n") <= 0) + goto err; + + if (!BIO_indent(bp, indent, 128)) + goto err; + + if (BIO_puts(bp, "Mask Algorithm: ") <= 0) + goto err; + if (pss->maskGenAlgorithm) + { + ASN1_TYPE *param = pss->maskGenAlgorithm->parameter; + if (param->type == V_ASN1_SEQUENCE) + { + const unsigned char *p = param->value.sequence->data; + int plen = param->value.sequence->length; + maskHash = d2i_X509_ALGOR(NULL, &p, plen); + } + if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0) + goto err; + if (BIO_puts(bp, " with ") <= 0) + goto err; + if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0) + goto err; + } + else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0) + goto err; + BIO_puts(bp, "\n"); + + if (!BIO_indent(bp, indent, 128)) + goto err; + if (BIO_puts(bp, "Salt Length: ") <= 0) + goto err; + if (pss->saltLength) + { + if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0) + goto err; + } + else if (BIO_puts(bp, "20 (default)") <= 0) + goto err; + BIO_puts(bp, "\n"); + + if (!BIO_indent(bp, indent, 128)) + goto err; + if (BIO_puts(bp, "Trailer Field: ") <= 0) + goto err; + if (pss->trailerField) + { + if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0) + goto err; + } + else if (BIO_puts(bp, "0xbc (default)") <= 0) + goto err; + BIO_puts(bp, "\n"); + + rv = 1; + + err: + if (maskHash) + X509_ALGOR_free(maskHash); + RSASSA_PSS_PARAMS_free(pss); + return rv; + + } + +static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, + const ASN1_STRING *sig, + int indent, ASN1_PCTX *pctx) + { + if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) + { + RSASSA_PSS_PARAMS *pss = NULL; + ASN1_TYPE *param = sigalg->parameter; + if (param && param->type == V_ASN1_SEQUENCE) + { + const unsigned char *p = param->value.sequence->data; + int plen = param->value.sequence->length; + pss = d2i_RSASSA_PSS_PARAMS(NULL, &p, plen); + } + if (!rsa_pss_param_print(bp, pss, indent)) + return 0; + } + + return X509_signature_dump(bp, sig, indent); + } static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) { @@ -333,8 +441,9 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = int_rsa_size, rsa_bits, - 0,0,0,0,0,0,0, + 0,0,0,0,0,0, + rsa_sig_print, int_rsa_free, rsa_pkey_ctrl, old_rsa_priv_decode, diff --git a/crypto/rsa/rsa_asn1.c b/crypto/rsa/rsa_asn1.c index 4efca8cdc8..f00ec69262 100644 --- a/crypto/rsa/rsa_asn1.c +++ b/crypto/rsa/rsa_asn1.c @@ -60,6 +60,7 @@ #include "cryptlib.h" #include #include +#include #include /* Override the default free and new methods */ @@ -96,6 +97,15 @@ ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = { ASN1_SIMPLE(RSA, e, BIGNUM), } ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey) +ASN1_SEQUENCE(RSASSA_PSS_PARAMS) = { + ASN1_EXP_OPT(RSASSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0), + ASN1_EXP_OPT(RSASSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1), + ASN1_EXP_OPT(RSASSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2), + ASN1_EXP_OPT(RSASSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3) +} ASN1_SEQUENCE_END(RSASSA_PSS_PARAMS) + +IMPLEMENT_ASN1_FUNCTIONS(RSASSA_PSS_PARAMS) + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey) IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPublicKey, RSAPublicKey) -- GitLab