diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-03-06 19:55:25 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-03-06 19:55:25 +0000 |
commit | ff04bbe363ae8e98ab78c9d1c3735e9ac220c4b9 (patch) | |
tree | 9f009f545cd45da861fafb18e0b34622b39fa463 /crypto/rsa | |
parent | 148924c1f4947bdea46c52cc1f7c5f3fadc5ebca (diff) | |
download | openssl-ff04bbe363ae8e98ab78c9d1c3735e9ac220c4b9.tar.gz |
Add PSS algorithm printing. This is an initial step towards full PSS support.
Uses ASN1 module in Martin Kaiser's PSS patch.
Diffstat (limited to 'crypto/rsa')
-rw-r--r-- | crypto/rsa/rsa.h | 10 | ||||
-rw-r--r-- | crypto/rsa/rsa_ameth.c | 111 | ||||
-rw-r--r-- | crypto/rsa/rsa_asn1.c | 10 |
3 files changed, 130 insertions, 1 deletions
diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index cf74343657..e3565155ed 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -300,6 +300,16 @@ const RSA_METHOD *RSA_null_method(void); DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey) DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey) +typedef struct rsassaPssParams_st + { + X509_ALGOR *hashAlgorithm; + X509_ALGOR *maskGenAlgorithm; + ASN1_INTEGER *saltLength; + ASN1_INTEGER *trailerField; + } RSASSA_PSS_PARAMS; + +DECLARE_ASN1_FUNCTIONS(RSASSA_PSS_PARAMS) + #ifndef OPENSSL_NO_FP_API int RSA_print_fp(FILE *fp, const RSA *r,int offset); #endif diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index a3d85b1f44..649291ef7e 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -265,6 +265,114 @@ static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, return do_rsa_print(bp, pkey->pkey.rsa, indent, 1); } +static int rsa_pss_param_print(BIO *bp, RSASSA_PSS_PARAMS *pss, int indent) + { + int rv = 0; + X509_ALGOR *maskHash = NULL; + if (!pss) + { + if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0) + return 0; + } + if (BIO_puts(bp, "\n") <= 0) + goto err; + if (!BIO_indent(bp, indent, 128)) + goto err; + if (BIO_puts(bp, "Hash Algorithm: ") <= 0) + goto err; + + if (pss->hashAlgorithm) + { + if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0) + goto err; + } + else if (BIO_puts(bp, "sha1 (default)") <= 0) + goto err; + + if (BIO_puts(bp, "\n") <= 0) + goto err; + + if (!BIO_indent(bp, indent, 128)) + goto err; + + if (BIO_puts(bp, "Mask Algorithm: ") <= 0) + goto err; + if (pss->maskGenAlgorithm) + { + ASN1_TYPE *param = pss->maskGenAlgorithm->parameter; + if (param->type == V_ASN1_SEQUENCE) + { + const unsigned char *p = param->value.sequence->data; + int plen = param->value.sequence->length; + maskHash = d2i_X509_ALGOR(NULL, &p, plen); + } + if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0) + goto err; + if (BIO_puts(bp, " with ") <= 0) + goto err; + if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0) + goto err; + } + else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0) + goto err; + BIO_puts(bp, "\n"); + + if (!BIO_indent(bp, indent, 128)) + goto err; + if (BIO_puts(bp, "Salt Length: ") <= 0) + goto err; + if (pss->saltLength) + { + if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0) + goto err; + } + else if (BIO_puts(bp, "20 (default)") <= 0) + goto err; + BIO_puts(bp, "\n"); + + if (!BIO_indent(bp, indent, 128)) + goto err; + if (BIO_puts(bp, "Trailer Field: ") <= 0) + goto err; + if (pss->trailerField) + { + if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0) + goto err; + } + else if (BIO_puts(bp, "0xbc (default)") <= 0) + goto err; + BIO_puts(bp, "\n"); + + rv = 1; + + err: + if (maskHash) + X509_ALGOR_free(maskHash); + RSASSA_PSS_PARAMS_free(pss); + return rv; + + } + +static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, + const ASN1_STRING *sig, + int indent, ASN1_PCTX *pctx) + { + if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) + { + RSASSA_PSS_PARAMS *pss = NULL; + ASN1_TYPE *param = sigalg->parameter; + if (param && param->type == V_ASN1_SEQUENCE) + { + const unsigned char *p = param->value.sequence->data; + int plen = param->value.sequence->length; + pss = d2i_RSASSA_PSS_PARAMS(NULL, &p, plen); + } + if (!rsa_pss_param_print(bp, pss, indent)) + return 0; + } + + return X509_signature_dump(bp, sig, indent); + } static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) { @@ -333,8 +441,9 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = int_rsa_size, rsa_bits, - 0,0,0,0,0,0,0, + 0,0,0,0,0,0, + rsa_sig_print, int_rsa_free, rsa_pkey_ctrl, old_rsa_priv_decode, diff --git a/crypto/rsa/rsa_asn1.c b/crypto/rsa/rsa_asn1.c index 4efca8cdc8..f00ec69262 100644 --- a/crypto/rsa/rsa_asn1.c +++ b/crypto/rsa/rsa_asn1.c @@ -60,6 +60,7 @@ #include "cryptlib.h" #include <openssl/bn.h> #include <openssl/rsa.h> +#include <openssl/x509.h> #include <openssl/asn1t.h> /* Override the default free and new methods */ @@ -96,6 +97,15 @@ ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = { ASN1_SIMPLE(RSA, e, BIGNUM), } ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey) +ASN1_SEQUENCE(RSASSA_PSS_PARAMS) = { + ASN1_EXP_OPT(RSASSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0), + ASN1_EXP_OPT(RSASSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1), + ASN1_EXP_OPT(RSASSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2), + ASN1_EXP_OPT(RSASSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3) +} ASN1_SEQUENCE_END(RSASSA_PSS_PARAMS) + +IMPLEMENT_ASN1_FUNCTIONS(RSASSA_PSS_PARAMS) + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey) IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPublicKey, RSAPublicKey) |