Basic parsing of certs signed with RSASSA-PSS

2025-07-29 11:41:15 +03:00 · 2014-01-22 10:12:57 +01:00
parent 1ebc0c592c
commit 59a75d5b9d
11 changed files with 90 additions and 3 deletions
--- a/library/oid.c
+++ b/library/oid.c
@ -363,6 +363,10 @@ static const oid_sig_alg_t oid_sig_alg[] =
        { ADD_LEN( OID_ECDSA_SHA512 ),     "ecdsa-with-SHA512",    "ECDSA with SHA512" },
        POLARSSL_MD_SHA512,   POLARSSL_PK_ECDSA,
    },
+    {
+        { ADD_LEN( OID_RSASSA_PSS ),        "RSASSA-PSS",           "RSASSA-PSS" },
+        POLARSSL_MD_NONE,     POLARSSL_PK_RSASSA_PSS,
+    },
    {
        { NULL, 0, NULL, NULL },
        0, 0,
--- a/library/x509.c
+++ b/library/x509.c
@ -123,6 +123,20 @@ int x509_get_alg_null( unsigned char **p, const unsigned char *end,
    return( 0 );
 }

+/*
+ * Parse an algorithm identifier with (optional) paramaters
+ */
+int x509_get_alg( unsigned char **p, const unsigned char *end,
+                  x509_buf *alg, x509_buf *params )
+{
+    int ret;
+
+    if( ( ret = asn1_get_alg( p, end, alg, params ) ) != 0 )
+        return( POLARSSL_ERR_X509_INVALID_ALG + ret );
+
+    return( 0 );
+}
+
 /*
 *  AttributeTypeAndValue ::= SEQUENCE {
 *    type     AttributeType,
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -534,6 +534,9 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
    int ret;
    size_t len;
    unsigned char *p, *end, *crt_end;
+    x509_buf sig_params;
+
+    memset( &sig_params, 0, sizeof( x509_buf ) );

    /*
     * Check for valid input
@ -597,7 +600,8 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
     */
    if( ( ret = x509_get_version(  &p, end, &crt->version  ) ) != 0 ||
        ( ret = x509_get_serial(   &p, end, &crt->serial   ) ) != 0 ||
-        ( ret = x509_get_alg_null( &p, end, &crt->sig_oid1 ) ) != 0 )
+        ( ret = x509_get_alg(      &p, end, &crt->sig_oid1,
+                                            &crt->sig_params ) ) != 0 )
    {
        x509_crt_free( crt );
        return( ret );
@ -738,14 +742,16 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
     *  signatureAlgorithm   AlgorithmIdentifier,
     *  signatureValue       BIT STRING
     */
-    if( ( ret = x509_get_alg_null( &p, end, &crt->sig_oid2 ) ) != 0 )
+    if( ( ret = x509_get_alg( &p, end, &crt->sig_oid2, &sig_params ) ) != 0 )
    {
        x509_crt_free( crt );
        return( ret );
    }

    if( crt->sig_oid1.len != crt->sig_oid2.len ||
-        memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 )
+        memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 ||
+        crt->sig_params.len != sig_params.len ||
+        memcmp( crt->sig_params.p, sig_params.p, sig_params.len ) != 0 )
    {
        x509_crt_free( crt );
        return( POLARSSL_ERR_X509_SIG_MISMATCH );