-- -------------------------------------------------------------------
--- Taken from https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration
+-- From https://tools.ietf.org/html/rfc4055#section-2.1
+
+id-sha1 OBJECT IDENTIFIER ::= { iso(1)
+ identified-organization(3) oiw(14)
+ secsig(3) algorithms(2) 26 }
+
+-- -------------------------------------------------------------------
+-- From https://tools.ietf.org/html/rfc5480#appendix-A
+-- (OIDs for MD2 and MD5 are allowed only in EMSA-PKCS1-v1_5)
+
+id-md2 OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 }
+
+id-md5 OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 }
+
+-- -------------------------------------------------------------------
+-- From https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration
id-sha256 OBJECT IDENTIFIER ::= { hashAlgs 1 }
id-sha384 OBJECT IDENTIFIER ::= { hashAlgs 2 }
sha512-224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 15 }
sha512-256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 16 }
---
--- This OID really belongs in a module with the secsig OIDs.
---
-id-sha1 OBJECT IDENTIFIER ::= {
- iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2)
- 26
-}
-
---
--- OIDs for MD2 and MD5, allowed only in EMSA-PKCS1-v1_5.
---
-id-md2 OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2
-}
-
-id-md5 OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5
-}
-
--
-- When id-mgf1 is used in an AlgorithmIdentifier, the parameters
-- MUST be present and MUST be a HashAlgorithm, for example, sha1.
-$FIPSABLE=der_rsa.c der_dsa.c der_ec.c der_digests.c
+$FIPSABLE=\
+ der_rsa_gen.c der_rsa_key.c der_rsa_sig.c \
+ der_dsa_gen.c der_dsa_key.c der_dsa_sig.c \
+ der_ec_gen.c der_ec_key.c der_ec_sig.c \
+ der_digests_gen.c
SOURCE[../../libfips.a]=$FIPSABLE
SOURCE[../../libnonfips.a]=$FIPSABLE
-GENERATE[der_rsa.c]=der_rsa.c.in
-DEPEND[der_rsa.c]=oids_to_c.pm
+GENERATE[der_rsa_gen.c]=der_rsa_gen.c.in
+DEPEND[der_rsa_gen.c]=oids_to_c.pm
-DEPEND[der_rsa.o]=../include/prov/der_rsa.h ../include/prov/der_digests.h
+DEPEND[der_rsa_gen.o]=../include/prov/der_rsa.h ../include/prov/der_digests.h
GENERATE[../include/prov/der_rsa.h]=der_rsa.h.in
DEPEND[../include/prov/der_rsa.h]=oids_to_c.pm
-GENERATE[der_dsa.c]=der_dsa.c.in
-DEPEND[der_dsa.c]=oids_to_c.pm
+GENERATE[der_dsa_gen.c]=der_dsa_gen.c.in
+DEPEND[der_dsa_gen.c]=oids_to_c.pm
-DEPEND[der_dsa.o]=../include/prov/der_dsa.h
+DEPEND[der_dsa_gen.o]=../include/prov/der_dsa.h
GENERATE[../include/prov/der_dsa.h]=der_dsa.h.in
DEPEND[../include/prov/der_dsa.h]=oids_to_c.pm
-GENERATE[der_ec.c]=der_ec.c.in
-DEPEND[der_ec.c]=oids_to_c.pm
+GENERATE[der_ec_gen.c]=der_ec_gen.c.in
+DEPEND[der_ec_gen.c]=oids_to_c.pm
-DEPEND[der_ec.o]=../include/prov/der_ec.h
+DEPEND[der_ec_gen.o]=../include/prov/der_ec.h
GENERATE[../include/prov/der_ec.h]=der_ec.h.in
DEPEND[../include/prov/der_ec.h]=oids_to_c.pm
-GENERATE[der_digests.c]=der_digests.c.in
-DEPEND[der_digests.c]=oids_to_c.pm
+GENERATE[der_digests_gen.c]=der_digests_gen.c.in
+DEPEND[der_digests_gen.c]=oids_to_c.pm
-DEPEND[der_digests.o]=../include/prov/der_digests.h
+DEPEND[der_digests_gen.o]=../include/prov/der_digests.h
GENERATE[../include/prov/der_digests.h]=der_digests.h.in
DEPEND[../include/prov/der_digests.h]=oids_to_c.pm
+++ /dev/null
-/*
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include "prov/der_digests.h"
-
-/* Well known OIDs precompiled */
-{-
- $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1',
- 'providers/common/der/DIGESTS.asn1',
- { dir => $config{sourcedir},
- filter => \&oids_to_c::filter_to_C });
--}
--- /dev/null
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "prov/der_digests.h"
+
+/* Well known OIDs precompiled */
+{-
+ $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1',
+ 'providers/common/der/DIGESTS.asn1',
+ { dir => $config{sourcedir},
+ filter => \&oids_to_c::filter_to_C });
+-}
+++ /dev/null
-/*
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/bn.h>
-#include <openssl/obj_mac.h>
-#include "prov/der_dsa.h"
-
-/* Well known OIDs precompiled */
-{-
- $OUT = oids_to_c::process_leaves('providers/common/der/DSA.asn1',
- { dir => $config{sourcedir},
- filter => \&oids_to_c::filter_to_C });
--}
-
-int DER_w_algorithmIdentifier_DSA(WPACKET *pkt, int tag, DSA *dsa)
-{
- return DER_w_begin_sequence(pkt, tag)
- /* No parameters (yet?) */
- && DER_w_precompiled(pkt, -1, der_oid_id_dsa, sizeof(der_oid_id_dsa))
- && DER_w_end_sequence(pkt, tag);
-}
-
-#define MD_CASE(name) \
- case NID_##name: \
- precompiled = der_oid_id_dsa_with_##name; \
- precompiled_sz = sizeof(der_oid_id_dsa_with_##name); \
- break;
-
-int DER_w_algorithmIdentifier_DSA_with(WPACKET *pkt, int tag,
- DSA *dsa, int mdnid)
-{
- const unsigned char *precompiled = NULL;
- size_t precompiled_sz = 0;
-
- switch (mdnid) {
- MD_CASE(sha1);
- MD_CASE(sha224);
- MD_CASE(sha256);
- MD_CASE(sha384);
- MD_CASE(sha512);
- MD_CASE(sha3_224);
- MD_CASE(sha3_256);
- MD_CASE(sha3_384);
- MD_CASE(sha3_512);
- default:
- return 0;
- }
-
- return DER_w_begin_sequence(pkt, tag)
- /* No parameters (yet?) */
- && DER_w_precompiled(pkt, -1, precompiled, precompiled_sz)
- && DER_w_end_sequence(pkt, tag);
-}
filter => \&oids_to_c::filter_to_H });
-}
+/* Subject Public Key Info */
int DER_w_algorithmIdentifier_DSA(WPACKET *pkt, int tag, DSA *dsa);
-int DER_w_algorithmIdentifier_DSA_with(WPACKET *pkt, int tag,
- DSA *dsa, int mdnid);
+/* Signature */
+int DER_w_algorithmIdentifier_DSA_with_MD(WPACKET *pkt, int tag,
+ DSA *dsa, int mdnid);
--- /dev/null
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "prov/der_dsa.h"
+
+/* Well known OIDs precompiled */
+{-
+ $OUT = oids_to_c::process_leaves('providers/common/der/DSA.asn1',
+ { dir => $config{sourcedir},
+ filter => \&oids_to_c::filter_to_C });
+-}
--- /dev/null
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/obj_mac.h>
+#include "internal/packet.h"
+#include "prov/der_dsa.h"
+
+int DER_w_algorithmIdentifier_DSA(WPACKET *pkt, int tag, DSA *dsa)
+{
+ return DER_w_begin_sequence(pkt, tag)
+ /* No parameters (yet?) */
+ && DER_w_precompiled(pkt, -1, der_oid_id_dsa, sizeof(der_oid_id_dsa))
+ && DER_w_end_sequence(pkt, tag);
+}
--- /dev/null
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/obj_mac.h>
+#include "internal/packet.h"
+#include "prov/der_dsa.h"
+
+#define MD_CASE(name) \
+ case NID_##name: \
+ precompiled = der_oid_id_dsa_with_##name; \
+ precompiled_sz = sizeof(der_oid_id_dsa_with_##name); \
+ break;
+
+int DER_w_algorithmIdentifier_DSA_with_MD(WPACKET *pkt, int tag,
+ DSA *dsa, int mdnid)
+{
+ const unsigned char *precompiled = NULL;
+ size_t precompiled_sz = 0;
+
+ switch (mdnid) {
+ MD_CASE(sha1);
+ MD_CASE(sha224);
+ MD_CASE(sha256);
+ MD_CASE(sha384);
+ MD_CASE(sha512);
+ MD_CASE(sha3_224);
+ MD_CASE(sha3_256);
+ MD_CASE(sha3_384);
+ MD_CASE(sha3_512);
+ default:
+ return 0;
+ }
+
+ return DER_w_begin_sequence(pkt, tag)
+ /* No parameters (yet?) */
+ && DER_w_precompiled(pkt, -1, precompiled, precompiled_sz)
+ && DER_w_end_sequence(pkt, tag);
+}
+++ /dev/null
-/*
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/bn.h>
-#include <openssl/obj_mac.h>
-#include "prov/der_ec.h"
-
-/* Well known OIDs precompiled */
-{-
- $OUT = oids_to_c::process_leaves('providers/common/der/EC.asn1',
- { dir => $config{sourcedir},
- filter => \&oids_to_c::filter_to_C });
--}
-
-int DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec)
-{
- return DER_w_begin_sequence(pkt, cont)
- /* No parameters (yet?) */
- && DER_w_precompiled(pkt, -1, der_oid_id_ecPublicKey,
- sizeof(der_oid_id_ecPublicKey))
- && DER_w_end_sequence(pkt, cont);
-}
-
-/* Aliases so we can have a uniform MD_CASE */
-#define der_oid_id_ecdsa_with_sha1 der_oid_ecdsa_with_SHA1
-#define der_oid_id_ecdsa_with_sha224 der_oid_ecdsa_with_SHA224
-#define der_oid_id_ecdsa_with_sha256 der_oid_ecdsa_with_SHA256
-#define der_oid_id_ecdsa_with_sha384 der_oid_ecdsa_with_SHA384
-#define der_oid_id_ecdsa_with_sha512 der_oid_ecdsa_with_SHA512
-
-#define MD_CASE(name) \
- case NID_##name: \
- precompiled = der_oid_id_ecdsa_with_##name; \
- precompiled_sz = sizeof(der_oid_id_ecdsa_with_##name); \
- break;
-
-int DER_w_algorithmIdentifier_ECDSA_with(WPACKET *pkt, int cont,
- EC_KEY *ec, int mdnid)
-{
- const unsigned char *precompiled = NULL;
- size_t precompiled_sz = 0;
-
- switch (mdnid) {
- MD_CASE(sha1);
- MD_CASE(sha224);
- MD_CASE(sha256);
- MD_CASE(sha384);
- MD_CASE(sha512);
- MD_CASE(sha3_224);
- MD_CASE(sha3_256);
- MD_CASE(sha3_384);
- MD_CASE(sha3_512);
- default:
- return 0;
- }
-
- return DER_w_begin_sequence(pkt, cont)
- /* No parameters (yet?) */
- && DER_w_precompiled(pkt, -1, precompiled, precompiled_sz)
- && DER_w_end_sequence(pkt, cont);
-}
filter => \&oids_to_c::filter_to_H });
-}
+/* Subject Public Key Info */
int DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec);
-int DER_w_algorithmIdentifier_ECDSA_with(WPACKET *pkt, int cont,
- EC_KEY *ec, int mdnid);
+/* Signature */
+int DER_w_algorithmIdentifier_ECDSA_with_MD(WPACKET *pkt, int cont,
+ EC_KEY *ec, int mdnid);
--- /dev/null
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "prov/der_ec.h"
+
+/* Well known OIDs precompiled */
+{-
+ $OUT = oids_to_c::process_leaves('providers/common/der/EC.asn1',
+ { dir => $config{sourcedir},
+ filter => \&oids_to_c::filter_to_C });
+-}
--- /dev/null
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/obj_mac.h>
+#include "internal/packet.h"
+#include "prov/der_ec.h"
+
+int DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec)
+{
+ return DER_w_begin_sequence(pkt, cont)
+ /* No parameters (yet?) */
+ && DER_w_precompiled(pkt, -1, der_oid_id_ecPublicKey,
+ sizeof(der_oid_id_ecPublicKey))
+ && DER_w_end_sequence(pkt, cont);
+}
--- /dev/null
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/obj_mac.h>
+#include "internal/packet.h"
+#include "prov/der_ec.h"
+
+/* Aliases so we can have a uniform MD_CASE */
+#define der_oid_id_ecdsa_with_sha1 der_oid_ecdsa_with_SHA1
+#define der_oid_id_ecdsa_with_sha224 der_oid_ecdsa_with_SHA224
+#define der_oid_id_ecdsa_with_sha256 der_oid_ecdsa_with_SHA256
+#define der_oid_id_ecdsa_with_sha384 der_oid_ecdsa_with_SHA384
+#define der_oid_id_ecdsa_with_sha512 der_oid_ecdsa_with_SHA512
+
+#define MD_CASE(name) \
+ case NID_##name: \
+ precompiled = der_oid_id_ecdsa_with_##name; \
+ precompiled_sz = sizeof(der_oid_id_ecdsa_with_##name); \
+ break;
+
+int DER_w_algorithmIdentifier_ECDSA_with_MD(WPACKET *pkt, int cont,
+ EC_KEY *ec, int mdnid)
+{
+ const unsigned char *precompiled = NULL;
+ size_t precompiled_sz = 0;
+
+ switch (mdnid) {
+ MD_CASE(sha1);
+ MD_CASE(sha224);
+ MD_CASE(sha256);
+ MD_CASE(sha384);
+ MD_CASE(sha512);
+ MD_CASE(sha3_224);
+ MD_CASE(sha3_256);
+ MD_CASE(sha3_384);
+ MD_CASE(sha3_512);
+ default:
+ return 0;
+ }
+
+ return DER_w_begin_sequence(pkt, cont)
+ /* No parameters (yet?) */
+ && DER_w_precompiled(pkt, -1, precompiled, precompiled_sz)
+ && DER_w_end_sequence(pkt, cont);
+}
+++ /dev/null
-/*
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/bn.h>
-#include <openssl/obj_mac.h>
-#include "internal/cryptlib.h"
-#include "prov/der_rsa.h"
-#include "prov/der_digests.h"
-
-/* Well known OIDs precompiled */
-{-
- $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1',
- 'providers/common/der/DIGESTS.asn1',
- 'providers/common/der/RSA.asn1',
- { dir => $config{sourcedir},
- filter => \&oids_to_c::filter_to_C });
--}
-
-/* More complex pre-compiled sequences. TODO(3.0) refactor? */
-/*-
- * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1
- *
- * OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= {
- * { OID id-sha1 PARAMETERS NULL }|
- * { OID id-sha224 PARAMETERS NULL }|
- * { OID id-sha256 PARAMETERS NULL }|
- * { OID id-sha384 PARAMETERS NULL }|
- * { OID id-sha512 PARAMETERS NULL }|
- * { OID id-sha512-224 PARAMETERS NULL }|
- * { OID id-sha512-256 PARAMETERS NULL },
- * ... -- Allows for future expansion --
- * }
- */
-#define DER_V_NULL DER_P_NULL, 0
-#define DER_SZ_NULL 2
-
-/*
- * The names for the hash function AlgorithmIdentifiers are borrowed and
- * expanded from https://tools.ietf.org/html/rfc4055#section-2.1
- *
- * sha1Identifier AlgorithmIdentifier ::= { id-sha1, NULL }
- * sha224Identifier AlgorithmIdentifier ::= { id-sha224, NULL }
- * sha256Identifier AlgorithmIdentifier ::= { id-sha256, NULL }
- * sha384Identifier AlgorithmIdentifier ::= { id-sha384, NULL }
- * sha512Identifier AlgorithmIdentifier ::= { id-sha512, NULL }
- */
-/*
- * NOTE: Some of the arrays aren't used other than inside sizeof(), which
- * clang complains about (-Wno-unneeded-internal-declaration). To get
- * around that, we make them non-static, and declare them an extra time to
- * avoid compilers complaining about definitions without declarations.
- */
-#if 0 /* Currently unused */
-#define DER_AID_V_sha1Identifier \
- DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
- DER_OID_SZ_id_sha1 + DER_SZ_NULL, \
- DER_OID_V_id_sha1, \
- DER_V_NULL
-extern const unsigned char der_aid_sha1Identifier[];
-const unsigned char der_aid_sha1Identifier[] = {
- DER_AID_V_sha1Identifier
-};
-#define DER_AID_SZ_sha1Identifier sizeof(der_aid_sha1Identifier)
-#endif
-
-#define DER_AID_V_sha224Identifier \
- DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
- DER_OID_SZ_id_sha224 + DER_SZ_NULL, \
- DER_OID_V_id_sha224, \
- DER_V_NULL
-extern const unsigned char der_aid_sha224Identifier[];
-const unsigned char der_aid_sha224Identifier[] = {
- DER_AID_V_sha224Identifier
-};
-#define DER_AID_SZ_sha224Identifier sizeof(der_aid_sha224Identifier)
-
-#define DER_AID_V_sha256Identifier \
- DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
- DER_OID_SZ_id_sha256 + DER_SZ_NULL, \
- DER_OID_V_id_sha256, \
- DER_V_NULL
-extern const unsigned char der_aid_sha256Identifier[];
-const unsigned char der_aid_sha256Identifier[] = {
- DER_AID_V_sha256Identifier
-};
-#define DER_AID_SZ_sha256Identifier sizeof(der_aid_sha256Identifier)
-
-#define DER_AID_V_sha384Identifier \
- DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
- DER_OID_SZ_id_sha384 + DER_SZ_NULL, \
- DER_OID_V_id_sha384, \
- DER_V_NULL
-extern const unsigned char der_aid_sha384Identifier[];
-const unsigned char der_aid_sha384Identifier[] = {
- DER_AID_V_sha384Identifier
-};
-#define DER_AID_SZ_sha384Identifier sizeof(der_aid_sha384Identifier)
-
-#define DER_AID_V_sha512Identifier \
- DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
- DER_OID_SZ_id_sha512 + DER_SZ_NULL, \
- DER_OID_V_id_sha512, \
- DER_V_NULL
-extern const unsigned char der_aid_sha512Identifier[];
-const unsigned char der_aid_sha512Identifier[] = {
- DER_AID_V_sha512Identifier
-};
-#define DER_AID_SZ_sha512Identifier sizeof(der_aid_sha512Identifier)
-
-#define DER_AID_V_sha512_224Identifier \
- DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
- DER_OID_SZ_id_sha512_224 + DER_SZ_NULL, \
- DER_OID_V_id_sha512_224, \
- DER_V_NULL
-extern const unsigned char der_aid_sha512_224Identifier[];
-const unsigned char der_aid_sha512_224Identifier[] = {
- DER_AID_V_sha512_224Identifier
-};
-#define DER_AID_SZ_sha512_224Identifier sizeof(der_aid_sha512_224Identifier)
-
-#define DER_AID_V_sha512_256Identifier \
- DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
- DER_OID_SZ_id_sha512_256 + DER_SZ_NULL, \
- DER_OID_V_id_sha512_256, \
- DER_V_NULL
-extern const unsigned char der_aid_sha512_256Identifier[];
-const unsigned char der_aid_sha512_256Identifier[] = {
- DER_AID_V_sha512_256Identifier
-};
-#define DER_AID_SZ_sha512_256Identifier sizeof(der_aid_sha512_256Identifier)
-
-/*-
- * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1
- *
- * HashAlgorithm ::= AlgorithmIdentifier {
- * {OAEP-PSSDigestAlgorithms}
- * }
- *
- * ...
- *
- * PKCS1MGFAlgorithms ALGORITHM-IDENTIFIER ::= {
- * { OID id-mgf1 PARAMETERS HashAlgorithm },
- * ... -- Allows for future expansion --
- * }
- */
-
-/*
- * The names for the MGF1 AlgorithmIdentifiers are borrowed and expanded
- * from https://tools.ietf.org/html/rfc4055#section-2.1
- *
- * mgf1SHA1Identifier AlgorithmIdentifier ::=
- * { id-mgf1, sha1Identifier }
- * mgf1SHA224Identifier AlgorithmIdentifier ::=
- * { id-mgf1, sha224Identifier }
- * mgf1SHA256Identifier AlgorithmIdentifier ::=
- * { id-mgf1, sha256Identifier }
- * mgf1SHA384Identifier AlgorithmIdentifier ::=
- * { id-mgf1, sha384Identifier }
- * mgf1SHA512Identifier AlgorithmIdentifier ::=
- * { id-mgf1, sha512Identifier }
- */
-#if 0 /* Currently unused */
-#define DER_AID_V_mgf1SHA1Identifier \
- DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
- DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha1Identifier, \
- DER_OID_V_id_mgf1, \
- DER_AID_V_sha1Identifier
-static const unsigned char der_aid_mgf1SHA1Identifier[] = {
- DER_AID_V_mgf1SHA1Identifier
-};
-#define DER_AID_SZ_mgf1SHA1Identifier sizeof(der_aid_mgf1SHA1Identifier)
-#endif
-
-#define DER_AID_V_mgf1SHA224Identifier \
- DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
- DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha224Identifier, \
- DER_OID_V_id_mgf1, \
- DER_AID_V_sha224Identifier
-static const unsigned char der_aid_mgf1SHA224Identifier[] = {
- DER_AID_V_mgf1SHA224Identifier
-};
-#define DER_AID_SZ_mgf1SHA224Identifier sizeof(der_aid_mgf1SHA224Identifier)
-
-#define DER_AID_V_mgf1SHA256Identifier \
- DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
- DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha256Identifier, \
- DER_OID_V_id_mgf1, \
- DER_AID_V_sha256Identifier
-static const unsigned char der_aid_mgf1SHA256Identifier[] = {
- DER_AID_V_mgf1SHA256Identifier
-};
-#define DER_AID_SZ_mgf1SHA256Identifier sizeof(der_aid_mgf1SHA256Identifier)
-
-#define DER_AID_V_mgf1SHA384Identifier \
- DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
- DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha384Identifier, \
- DER_OID_V_id_mgf1, \
- DER_AID_V_sha384Identifier
-static const unsigned char der_aid_mgf1SHA384Identifier[] = {
- DER_AID_V_mgf1SHA384Identifier
-};
-#define DER_AID_SZ_mgf1SHA384Identifier sizeof(der_aid_mgf1SHA384Identifier)
-
-#define DER_AID_V_mgf1SHA512Identifier \
- DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
- DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512Identifier, \
- DER_OID_V_id_mgf1, \
- DER_AID_V_sha512Identifier
-static const unsigned char der_aid_mgf1SHA512Identifier[] = {
- DER_AID_V_mgf1SHA512Identifier
-};
-#define DER_AID_SZ_mgf1SHA512Identifier sizeof(der_aid_mgf1SHA512Identifier)
-
-#define DER_AID_V_mgf1SHA512_224Identifier \
- DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
- DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512_224Identifier, \
- DER_OID_V_id_mgf1, \
- DER_AID_V_sha512_224Identifier
-static const unsigned char der_aid_mgf1SHA512_224Identifier[] = {
- DER_AID_V_mgf1SHA512_224Identifier
-};
-#define DER_AID_SZ_mgf1SHA512_224Identifier sizeof(der_aid_mgf1SHA512_224Identifier)
-
-#define DER_AID_V_mgf1SHA512_256Identifier \
- DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
- DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512_256Identifier, \
- DER_OID_V_id_mgf1, \
- DER_AID_V_sha512_256Identifier
-static const unsigned char der_aid_mgf1SHA512_256Identifier[] = {
- DER_AID_V_mgf1SHA512_256Identifier
-};
-#define DER_AID_SZ_mgf1SHA512_256Identifier sizeof(der_aid_mgf1SHA512_256Identifier)
-
-
-#define MGF1_SHA_CASE(bits, var) \
- case NID_sha##bits: \
- var = der_aid_mgf1SHA##bits##Identifier; \
- var##_sz = sizeof(der_aid_mgf1SHA##bits##Identifier); \
- break;
-
-/*-
- * The name is borrowed from https://tools.ietf.org/html/rfc8017#appendix-A.2.1
- *
- * MaskGenAlgorithm ::= AlgorithmIdentifier { {PKCS1MGFAlgorithms} }
- */
-static int DER_w_MaskGenAlgorithm(WPACKET *pkt, int tag,
- const RSA_PSS_PARAMS_30 *pss)
-{
- if (pss != NULL && rsa_pss_params_30_maskgenalg(pss) == NID_mgf1) {
- int maskgenhashalg_nid = rsa_pss_params_30_maskgenhashalg(pss);
- const unsigned char *maskgenalg = NULL;
- size_t maskgenalg_sz = 0;
-
- switch (maskgenhashalg_nid) {
- case NID_sha1:
- break;
- MGF1_SHA_CASE(224, maskgenalg);
- MGF1_SHA_CASE(256, maskgenalg);
- MGF1_SHA_CASE(384, maskgenalg);
- MGF1_SHA_CASE(512, maskgenalg);
- MGF1_SHA_CASE(512_224, maskgenalg);
- MGF1_SHA_CASE(512_256, maskgenalg);
- default:
- return 0;
- }
-
- /* If there is none (or it was the default), we write nothing */
- if (maskgenalg == NULL)
- return 1;
-
- return DER_w_precompiled(pkt, tag, maskgenalg, maskgenalg_sz);
- }
- return 0;
-}
-
-#define OAEP_PSS_MD_CASE(name, var) \
- case NID_##name: \
- var = der_oid_id_##name; \
- var##_sz = sizeof(der_oid_id_##name); \
- break;
-
-int DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag, const RSA_PSS_PARAMS_30 *pss)
-{
- int hashalg_nid, default_hashalg_nid;
- int saltlen, default_saltlen;
- int trailerfield, default_trailerfield;
- const unsigned char *hashalg = NULL;
- size_t hashalg_sz = 0;
-
- /*
- * For an unrestricted key, this function should not have been called;
- * the caller must be in control, because unrestricted keys are permitted
- * in some situations (when encoding the public key in a SubjectKeyInfo,
- * for example) while not in others, and this function doesn't know the
- * intent. Therefore, we assert that here, the PSS parameters must show
- * that the key is restricted.
- */
- if (!ossl_assert(pss != NULL && !rsa_pss_params_30_is_unrestricted(pss)))
- return 0;
-
- hashalg_nid = rsa_pss_params_30_hashalg(pss);
- saltlen = rsa_pss_params_30_saltlen(pss);
- trailerfield = rsa_pss_params_30_trailerfield(pss);
-
- /* Getting default values */
- default_hashalg_nid = rsa_pss_params_30_hashalg(NULL);
- default_saltlen = rsa_pss_params_30_saltlen(NULL);
- default_trailerfield = rsa_pss_params_30_trailerfield(NULL);
-
- /*
- * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1:
- *
- * OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= {
- * { OID id-sha1 PARAMETERS NULL }|
- * { OID id-sha224 PARAMETERS NULL }|
- * { OID id-sha256 PARAMETERS NULL }|
- * { OID id-sha384 PARAMETERS NULL }|
- * { OID id-sha512 PARAMETERS NULL }|
- * { OID id-sha512-224 PARAMETERS NULL }|
- * { OID id-sha512-256 PARAMETERS NULL },
- * ... -- Allows for future expansion --
- * }
- */
- switch (hashalg_nid) {
- OAEP_PSS_MD_CASE(sha1, hashalg);
- OAEP_PSS_MD_CASE(sha224, hashalg);
- OAEP_PSS_MD_CASE(sha256, hashalg);
- OAEP_PSS_MD_CASE(sha384, hashalg);
- OAEP_PSS_MD_CASE(sha512, hashalg);
- OAEP_PSS_MD_CASE(sha512_224, hashalg);
- OAEP_PSS_MD_CASE(sha512_256, hashalg);
- default:
- return 0;
- }
-
- return DER_w_begin_sequence(pkt, tag)
- && (trailerfield == default_trailerfield
- || DER_w_ulong(pkt, 3, trailerfield))
- && (saltlen == default_saltlen || DER_w_ulong(pkt, 2, saltlen))
- && DER_w_MaskGenAlgorithm(pkt, 1, pss)
- && (hashalg_nid == default_hashalg_nid
- || DER_w_precompiled(pkt, 0, hashalg, hashalg_sz))
- && DER_w_end_sequence(pkt, tag);
-}
-
-/* Aliases so we can have a uniform RSA_CASE */
-#define der_oid_rsassaPss der_oid_id_RSASSA_PSS
-
-#define RSA_CASE(name, var) \
- var##_nid = NID_##name; \
- var##_oid = der_oid_##name; \
- var##_oid_sz = sizeof(der_oid_##name); \
- break;
-
-int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa)
-{
- int rsa_nid = NID_undef;
- const unsigned char *rsa_oid = NULL;
- size_t rsa_oid_sz = 0;
- RSA_PSS_PARAMS_30 *pss_params = rsa_get0_pss_params_30(rsa);
-
- switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) {
- case RSA_FLAG_TYPE_RSA:
- RSA_CASE(rsaEncryption, rsa);
- case RSA_FLAG_TYPE_RSASSAPSS:
- RSA_CASE(rsassaPss, rsa);
- }
-
- if (rsa_oid == NULL)
- return 0;
-
- return DER_w_begin_sequence(pkt, tag)
- && (rsa_nid != NID_rsassaPss
- || rsa_pss_params_30_is_unrestricted(pss_params)
- || DER_w_RSASSA_PSS_params(pkt, -1, pss_params))
- && DER_w_precompiled(pkt, -1, rsa_oid, rsa_oid_sz)
- && DER_w_end_sequence(pkt, tag);
-}
-
-/* Aliases so we can have a uniform MD_with_RSA_CASE */
-#define der_oid_sha3_224WithRSAEncryption \
- der_oid_id_rsassa_pkcs1_v1_5_with_sha3_224
-#define der_oid_sha3_256WithRSAEncryption \
- der_oid_id_rsassa_pkcs1_v1_5_with_sha3_256
-#define der_oid_sha3_384WithRSAEncryption \
- der_oid_id_rsassa_pkcs1_v1_5_with_sha3_384
-#define der_oid_sha3_512WithRSAEncryption \
- der_oid_id_rsassa_pkcs1_v1_5_with_sha3_512
-
-#define MD_with_RSA_CASE(name, var) \
- case NID_##name: \
- var = der_oid_##name##WithRSAEncryption; \
- var##_sz = sizeof(der_oid_##name##WithRSAEncryption); \
- break;
-
-int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag,
- RSA *rsa, int mdnid)
-{
- const unsigned char *precompiled = NULL;
- size_t precompiled_sz = 0;
-
- switch (mdnid) {
-#ifndef FIPS_MODULE
- MD_with_RSA_CASE(md2, precompiled);
- MD_with_RSA_CASE(md5, precompiled);
- MD_with_RSA_CASE(md4, precompiled);
- MD_with_RSA_CASE(ripemd160, precompiled);
-/* TODO(3.0) Decide what to do about mdc2 and md5_sha1 */
-#endif
- MD_with_RSA_CASE(sha1, precompiled);
- MD_with_RSA_CASE(sha224, precompiled);
- MD_with_RSA_CASE(sha256, precompiled);
- MD_with_RSA_CASE(sha384, precompiled);
- MD_with_RSA_CASE(sha512, precompiled);
- MD_with_RSA_CASE(sha512_224, precompiled);
- MD_with_RSA_CASE(sha512_256, precompiled);
- MD_with_RSA_CASE(sha3_224, precompiled);
- MD_with_RSA_CASE(sha3_256, precompiled);
- MD_with_RSA_CASE(sha3_384, precompiled);
- MD_with_RSA_CASE(sha3_512, precompiled);
- default:
- return 0;
- }
-
- return DER_w_begin_sequence(pkt, tag)
- /* No parameters (yet?) */
- && DER_w_precompiled(pkt, -1, precompiled, precompiled_sz)
- && DER_w_end_sequence(pkt, tag);
-}
/* Well known OIDs precompiled */
{-
$OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1',
- 'providers/common/der/DIGESTS.asn1',
'providers/common/der/RSA.asn1',
{ dir => $config{sourcedir},
filter => \&oids_to_c::filter_to_H });
-}
+/* PSS parameters */
int DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag,
const RSA_PSS_PARAMS_30 *pss);
+/* Subject Public Key Info */
int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa);
-int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag,
- RSA *rsa, int mdnid);
+/* Signature */
+int DER_w_algorithmIdentifier_MDWithRSAEncryption(WPACKET *pkt, int tag,
+ RSA *rsa, int mdnid);
--- /dev/null
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "prov/der_rsa.h"
+
+/* Well known OIDs precompiled */
+{-
+ $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1',
+ 'providers/common/der/RSA.asn1',
+ { dir => $config{sourcedir},
+ filter => \&oids_to_c::filter_to_C });
+-}
--- /dev/null
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/obj_mac.h>
+#include "internal/cryptlib.h"
+#include "prov/der_rsa.h"
+#include "prov/der_digests.h"
+
+/* More complex pre-compiled sequences. TODO(3.0) refactor? */
+/*-
+ * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1
+ *
+ * OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= {
+ * { OID id-sha1 PARAMETERS NULL }|
+ * { OID id-sha224 PARAMETERS NULL }|
+ * { OID id-sha256 PARAMETERS NULL }|
+ * { OID id-sha384 PARAMETERS NULL }|
+ * { OID id-sha512 PARAMETERS NULL }|
+ * { OID id-sha512-224 PARAMETERS NULL }|
+ * { OID id-sha512-256 PARAMETERS NULL },
+ * ... -- Allows for future expansion --
+ * }
+ */
+#define DER_V_NULL DER_P_NULL, 0
+#define DER_SZ_NULL 2
+
+/*
+ * The names for the hash function AlgorithmIdentifiers are borrowed and
+ * expanded from https://tools.ietf.org/html/rfc4055#section-2.1
+ *
+ * sha1Identifier AlgorithmIdentifier ::= { id-sha1, NULL }
+ * sha224Identifier AlgorithmIdentifier ::= { id-sha224, NULL }
+ * sha256Identifier AlgorithmIdentifier ::= { id-sha256, NULL }
+ * sha384Identifier AlgorithmIdentifier ::= { id-sha384, NULL }
+ * sha512Identifier AlgorithmIdentifier ::= { id-sha512, NULL }
+ */
+/*
+ * NOTE: Some of the arrays aren't used other than inside sizeof(), which
+ * clang complains about (-Wno-unneeded-internal-declaration). To get
+ * around that, we make them non-static, and declare them an extra time to
+ * avoid compilers complaining about definitions without declarations.
+ */
+#if 0 /* Currently unused */
+#define DER_AID_V_sha1Identifier \
+ DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
+ DER_OID_SZ_id_sha1 + DER_SZ_NULL, \
+ DER_OID_V_id_sha1, \
+ DER_V_NULL
+extern const unsigned char der_aid_sha1Identifier[];
+const unsigned char der_aid_sha1Identifier[] = {
+ DER_AID_V_sha1Identifier
+};
+#define DER_AID_SZ_sha1Identifier sizeof(der_aid_sha1Identifier)
+#endif
+
+#define DER_AID_V_sha224Identifier \
+ DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
+ DER_OID_SZ_id_sha224 + DER_SZ_NULL, \
+ DER_OID_V_id_sha224, \
+ DER_V_NULL
+extern const unsigned char der_aid_sha224Identifier[];
+const unsigned char der_aid_sha224Identifier[] = {
+ DER_AID_V_sha224Identifier
+};
+#define DER_AID_SZ_sha224Identifier sizeof(der_aid_sha224Identifier)
+
+#define DER_AID_V_sha256Identifier \
+ DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
+ DER_OID_SZ_id_sha256 + DER_SZ_NULL, \
+ DER_OID_V_id_sha256, \
+ DER_V_NULL
+extern const unsigned char der_aid_sha256Identifier[];
+const unsigned char der_aid_sha256Identifier[] = {
+ DER_AID_V_sha256Identifier
+};
+#define DER_AID_SZ_sha256Identifier sizeof(der_aid_sha256Identifier)
+
+#define DER_AID_V_sha384Identifier \
+ DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
+ DER_OID_SZ_id_sha384 + DER_SZ_NULL, \
+ DER_OID_V_id_sha384, \
+ DER_V_NULL
+extern const unsigned char der_aid_sha384Identifier[];
+const unsigned char der_aid_sha384Identifier[] = {
+ DER_AID_V_sha384Identifier
+};
+#define DER_AID_SZ_sha384Identifier sizeof(der_aid_sha384Identifier)
+
+#define DER_AID_V_sha512Identifier \
+ DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
+ DER_OID_SZ_id_sha512 + DER_SZ_NULL, \
+ DER_OID_V_id_sha512, \
+ DER_V_NULL
+extern const unsigned char der_aid_sha512Identifier[];
+const unsigned char der_aid_sha512Identifier[] = {
+ DER_AID_V_sha512Identifier
+};
+#define DER_AID_SZ_sha512Identifier sizeof(der_aid_sha512Identifier)
+
+#define DER_AID_V_sha512_224Identifier \
+ DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
+ DER_OID_SZ_id_sha512_224 + DER_SZ_NULL, \
+ DER_OID_V_id_sha512_224, \
+ DER_V_NULL
+extern const unsigned char der_aid_sha512_224Identifier[];
+const unsigned char der_aid_sha512_224Identifier[] = {
+ DER_AID_V_sha512_224Identifier
+};
+#define DER_AID_SZ_sha512_224Identifier sizeof(der_aid_sha512_224Identifier)
+
+#define DER_AID_V_sha512_256Identifier \
+ DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
+ DER_OID_SZ_id_sha512_256 + DER_SZ_NULL, \
+ DER_OID_V_id_sha512_256, \
+ DER_V_NULL
+extern const unsigned char der_aid_sha512_256Identifier[];
+const unsigned char der_aid_sha512_256Identifier[] = {
+ DER_AID_V_sha512_256Identifier
+};
+#define DER_AID_SZ_sha512_256Identifier sizeof(der_aid_sha512_256Identifier)
+
+/*-
+ * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1
+ *
+ * HashAlgorithm ::= AlgorithmIdentifier {
+ * {OAEP-PSSDigestAlgorithms}
+ * }
+ *
+ * ...
+ *
+ * PKCS1MGFAlgorithms ALGORITHM-IDENTIFIER ::= {
+ * { OID id-mgf1 PARAMETERS HashAlgorithm },
+ * ... -- Allows for future expansion --
+ * }
+ */
+
+/*
+ * The names for the MGF1 AlgorithmIdentifiers are borrowed and expanded
+ * from https://tools.ietf.org/html/rfc4055#section-2.1
+ *
+ * mgf1SHA1Identifier AlgorithmIdentifier ::=
+ * { id-mgf1, sha1Identifier }
+ * mgf1SHA224Identifier AlgorithmIdentifier ::=
+ * { id-mgf1, sha224Identifier }
+ * mgf1SHA256Identifier AlgorithmIdentifier ::=
+ * { id-mgf1, sha256Identifier }
+ * mgf1SHA384Identifier AlgorithmIdentifier ::=
+ * { id-mgf1, sha384Identifier }
+ * mgf1SHA512Identifier AlgorithmIdentifier ::=
+ * { id-mgf1, sha512Identifier }
+ */
+#if 0 /* Currently unused */
+#define DER_AID_V_mgf1SHA1Identifier \
+ DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
+ DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha1Identifier, \
+ DER_OID_V_id_mgf1, \
+ DER_AID_V_sha1Identifier
+static const unsigned char der_aid_mgf1SHA1Identifier[] = {
+ DER_AID_V_mgf1SHA1Identifier
+};
+#define DER_AID_SZ_mgf1SHA1Identifier sizeof(der_aid_mgf1SHA1Identifier)
+#endif
+
+#define DER_AID_V_mgf1SHA224Identifier \
+ DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
+ DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha224Identifier, \
+ DER_OID_V_id_mgf1, \
+ DER_AID_V_sha224Identifier
+static const unsigned char der_aid_mgf1SHA224Identifier[] = {
+ DER_AID_V_mgf1SHA224Identifier
+};
+#define DER_AID_SZ_mgf1SHA224Identifier sizeof(der_aid_mgf1SHA224Identifier)
+
+#define DER_AID_V_mgf1SHA256Identifier \
+ DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
+ DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha256Identifier, \
+ DER_OID_V_id_mgf1, \
+ DER_AID_V_sha256Identifier
+static const unsigned char der_aid_mgf1SHA256Identifier[] = {
+ DER_AID_V_mgf1SHA256Identifier
+};
+#define DER_AID_SZ_mgf1SHA256Identifier sizeof(der_aid_mgf1SHA256Identifier)
+
+#define DER_AID_V_mgf1SHA384Identifier \
+ DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
+ DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha384Identifier, \
+ DER_OID_V_id_mgf1, \
+ DER_AID_V_sha384Identifier
+static const unsigned char der_aid_mgf1SHA384Identifier[] = {
+ DER_AID_V_mgf1SHA384Identifier
+};
+#define DER_AID_SZ_mgf1SHA384Identifier sizeof(der_aid_mgf1SHA384Identifier)
+
+#define DER_AID_V_mgf1SHA512Identifier \
+ DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
+ DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512Identifier, \
+ DER_OID_V_id_mgf1, \
+ DER_AID_V_sha512Identifier
+static const unsigned char der_aid_mgf1SHA512Identifier[] = {
+ DER_AID_V_mgf1SHA512Identifier
+};
+#define DER_AID_SZ_mgf1SHA512Identifier sizeof(der_aid_mgf1SHA512Identifier)
+
+#define DER_AID_V_mgf1SHA512_224Identifier \
+ DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
+ DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512_224Identifier, \
+ DER_OID_V_id_mgf1, \
+ DER_AID_V_sha512_224Identifier
+static const unsigned char der_aid_mgf1SHA512_224Identifier[] = {
+ DER_AID_V_mgf1SHA512_224Identifier
+};
+#define DER_AID_SZ_mgf1SHA512_224Identifier sizeof(der_aid_mgf1SHA512_224Identifier)
+
+#define DER_AID_V_mgf1SHA512_256Identifier \
+ DER_P_SEQUENCE|DER_F_CONSTRUCTED, \
+ DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512_256Identifier, \
+ DER_OID_V_id_mgf1, \
+ DER_AID_V_sha512_256Identifier
+static const unsigned char der_aid_mgf1SHA512_256Identifier[] = {
+ DER_AID_V_mgf1SHA512_256Identifier
+};
+#define DER_AID_SZ_mgf1SHA512_256Identifier sizeof(der_aid_mgf1SHA512_256Identifier)
+
+
+#define MGF1_SHA_CASE(bits, var) \
+ case NID_sha##bits: \
+ var = der_aid_mgf1SHA##bits##Identifier; \
+ var##_sz = sizeof(der_aid_mgf1SHA##bits##Identifier); \
+ break;
+
+/*-
+ * The name is borrowed from https://tools.ietf.org/html/rfc8017#appendix-A.2.1
+ *
+ * MaskGenAlgorithm ::= AlgorithmIdentifier { {PKCS1MGFAlgorithms} }
+ */
+static int DER_w_MaskGenAlgorithm(WPACKET *pkt, int tag,
+ const RSA_PSS_PARAMS_30 *pss)
+{
+ if (pss != NULL && rsa_pss_params_30_maskgenalg(pss) == NID_mgf1) {
+ int maskgenhashalg_nid = rsa_pss_params_30_maskgenhashalg(pss);
+ const unsigned char *maskgenalg = NULL;
+ size_t maskgenalg_sz = 0;
+
+ switch (maskgenhashalg_nid) {
+ case NID_sha1:
+ break;
+ MGF1_SHA_CASE(224, maskgenalg);
+ MGF1_SHA_CASE(256, maskgenalg);
+ MGF1_SHA_CASE(384, maskgenalg);
+ MGF1_SHA_CASE(512, maskgenalg);
+ MGF1_SHA_CASE(512_224, maskgenalg);
+ MGF1_SHA_CASE(512_256, maskgenalg);
+ default:
+ return 0;
+ }
+
+ /* If there is none (or it was the default), we write nothing */
+ if (maskgenalg == NULL)
+ return 1;
+
+ return DER_w_precompiled(pkt, tag, maskgenalg, maskgenalg_sz);
+ }
+ return 0;
+}
+
+#define OAEP_PSS_MD_CASE(name, var) \
+ case NID_##name: \
+ var = der_oid_id_##name; \
+ var##_sz = sizeof(der_oid_id_##name); \
+ break;
+
+int DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag, const RSA_PSS_PARAMS_30 *pss)
+{
+ int hashalg_nid, default_hashalg_nid;
+ int saltlen, default_saltlen;
+ int trailerfield, default_trailerfield;
+ const unsigned char *hashalg = NULL;
+ size_t hashalg_sz = 0;
+
+ /*
+ * For an unrestricted key, this function should not have been called;
+ * the caller must be in control, because unrestricted keys are permitted
+ * in some situations (when encoding the public key in a SubjectKeyInfo,
+ * for example) while not in others, and this function doesn't know the
+ * intent. Therefore, we assert that here, the PSS parameters must show
+ * that the key is restricted.
+ */
+ if (!ossl_assert(pss != NULL && !rsa_pss_params_30_is_unrestricted(pss)))
+ return 0;
+
+ hashalg_nid = rsa_pss_params_30_hashalg(pss);
+ saltlen = rsa_pss_params_30_saltlen(pss);
+ trailerfield = rsa_pss_params_30_trailerfield(pss);
+
+ /* Getting default values */
+ default_hashalg_nid = rsa_pss_params_30_hashalg(NULL);
+ default_saltlen = rsa_pss_params_30_saltlen(NULL);
+ default_trailerfield = rsa_pss_params_30_trailerfield(NULL);
+
+ /*
+ * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1:
+ *
+ * OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= {
+ * { OID id-sha1 PARAMETERS NULL }|
+ * { OID id-sha224 PARAMETERS NULL }|
+ * { OID id-sha256 PARAMETERS NULL }|
+ * { OID id-sha384 PARAMETERS NULL }|
+ * { OID id-sha512 PARAMETERS NULL }|
+ * { OID id-sha512-224 PARAMETERS NULL }|
+ * { OID id-sha512-256 PARAMETERS NULL },
+ * ... -- Allows for future expansion --
+ * }
+ */
+ switch (hashalg_nid) {
+ OAEP_PSS_MD_CASE(sha1, hashalg);
+ OAEP_PSS_MD_CASE(sha224, hashalg);
+ OAEP_PSS_MD_CASE(sha256, hashalg);
+ OAEP_PSS_MD_CASE(sha384, hashalg);
+ OAEP_PSS_MD_CASE(sha512, hashalg);
+ OAEP_PSS_MD_CASE(sha512_224, hashalg);
+ OAEP_PSS_MD_CASE(sha512_256, hashalg);
+ default:
+ return 0;
+ }
+
+ return DER_w_begin_sequence(pkt, tag)
+ && (trailerfield == default_trailerfield
+ || DER_w_ulong(pkt, 3, trailerfield))
+ && (saltlen == default_saltlen || DER_w_ulong(pkt, 2, saltlen))
+ && DER_w_MaskGenAlgorithm(pkt, 1, pss)
+ && (hashalg_nid == default_hashalg_nid
+ || DER_w_precompiled(pkt, 0, hashalg, hashalg_sz))
+ && DER_w_end_sequence(pkt, tag);
+}
+
+/* Aliases so we can have a uniform RSA_CASE */
+#define der_oid_rsassaPss der_oid_id_RSASSA_PSS
+
+#define RSA_CASE(name, var) \
+ var##_nid = NID_##name; \
+ var##_oid = der_oid_##name; \
+ var##_oid_sz = sizeof(der_oid_##name); \
+ break;
+
+int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa)
+{
+ int rsa_nid = NID_undef;
+ const unsigned char *rsa_oid = NULL;
+ size_t rsa_oid_sz = 0;
+ RSA_PSS_PARAMS_30 *pss_params = rsa_get0_pss_params_30(rsa);
+
+ switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) {
+ case RSA_FLAG_TYPE_RSA:
+ RSA_CASE(rsaEncryption, rsa);
+ case RSA_FLAG_TYPE_RSASSAPSS:
+ RSA_CASE(rsassaPss, rsa);
+ }
+
+ if (rsa_oid == NULL)
+ return 0;
+
+ return DER_w_begin_sequence(pkt, tag)
+ && (rsa_nid != NID_rsassaPss
+ || rsa_pss_params_30_is_unrestricted(pss_params)
+ || DER_w_RSASSA_PSS_params(pkt, -1, pss_params))
+ && DER_w_precompiled(pkt, -1, rsa_oid, rsa_oid_sz)
+ && DER_w_end_sequence(pkt, tag);
+}
--- /dev/null
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/obj_mac.h>
+#include "internal/packet.h"
+#include "prov/der_rsa.h"
+#include "prov/der_digests.h"
+
+/* Aliases so we can have a uniform MD_with_RSA_CASE */
+#define der_oid_sha3_224WithRSAEncryption \
+ der_oid_id_rsassa_pkcs1_v1_5_with_sha3_224
+#define der_oid_sha3_256WithRSAEncryption \
+ der_oid_id_rsassa_pkcs1_v1_5_with_sha3_256
+#define der_oid_sha3_384WithRSAEncryption \
+ der_oid_id_rsassa_pkcs1_v1_5_with_sha3_384
+#define der_oid_sha3_512WithRSAEncryption \
+ der_oid_id_rsassa_pkcs1_v1_5_with_sha3_512
+
+#define MD_with_RSA_CASE(name, var) \
+ case NID_##name: \
+ var = der_oid_##name##WithRSAEncryption; \
+ var##_sz = sizeof(der_oid_##name##WithRSAEncryption); \
+ break;
+
+int DER_w_algorithmIdentifier_MDWithRSAEncryption(WPACKET *pkt, int tag,
+ RSA *rsa, int mdnid)
+{
+ const unsigned char *precompiled = NULL;
+ size_t precompiled_sz = 0;
+
+ switch (mdnid) {
+#ifndef FIPS_MODULE
+ MD_with_RSA_CASE(md2, precompiled);
+ MD_with_RSA_CASE(md5, precompiled);
+ MD_with_RSA_CASE(md4, precompiled);
+ MD_with_RSA_CASE(ripemd160, precompiled);
+/* TODO(3.0) Decide what to do about mdc2 and md5_sha1 */
+#endif
+ MD_with_RSA_CASE(sha1, precompiled);
+ MD_with_RSA_CASE(sha224, precompiled);
+ MD_with_RSA_CASE(sha256, precompiled);
+ MD_with_RSA_CASE(sha384, precompiled);
+ MD_with_RSA_CASE(sha512, precompiled);
+ MD_with_RSA_CASE(sha512_224, precompiled);
+ MD_with_RSA_CASE(sha512_256, precompiled);
+ MD_with_RSA_CASE(sha3_224, precompiled);
+ MD_with_RSA_CASE(sha3_256, precompiled);
+ MD_with_RSA_CASE(sha3_384, precompiled);
+ MD_with_RSA_CASE(sha3_512, precompiled);
+ default:
+ return 0;
+ }
+
+ return DER_w_begin_sequence(pkt, tag)
+ /* No parameters (yet?) */
+ && DER_w_precompiled(pkt, -1, precompiled, precompiled_sz)
+ && DER_w_end_sequence(pkt, tag);
+}
sub filter_to_H {
my ($name, $comment) = @{ shift() };
my @oid_nums = @_;
+ my $oid_size = scalar @oid_nums;
+ (my $C_comment = $comment) =~ s|^| * |msg;
+ $C_comment = "\n/*\n${C_comment}\n */" if $C_comment ne '';
(my $C_name = $name) =~ s|-|_|g;
my $C_bytes_size = 2 + scalar @_;
+ my $C_bytes = join(', ', map { sprintf("0x%02X", $_) } @oid_nums );
return <<"_____";
-extern const unsigned char der_oid_${C_name}[$C_bytes_size];
+$C_comment
+#define DER_OID_V_${C_name} DER_P_OBJECT, $oid_size, ${C_bytes}
+#define DER_OID_SZ_${C_name} ${C_bytes_size}
+extern const unsigned char der_oid_${C_name}[DER_OID_SZ_${C_name}];
_____
}
$C_comment = "\n/*\n${C_comment}\n */" if $C_comment ne '';
(my $C_name = $name) =~ s|-|_|g;
my $C_bytes_size = 2 + $oid_size;
- my $C_bytes = join(', ', map { sprintf("0x%02X", $_) } @oid_nums );
return <<"_____";
$C_comment
-#define DER_OID_V_${C_name} DER_P_OBJECT, $oid_size, ${C_bytes}
-#define DER_OID_SZ_${C_name} ${C_bytes_size}
const unsigned char der_oid_${C_name}[DER_OID_SZ_${C_name}] = {
DER_OID_V_${C_name}
};
*/
ctx->aid_len = 0;
if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf))
- && DER_w_algorithmIdentifier_DSA_with(&pkt, -1, ctx->dsa, md_nid)
+ && DER_w_algorithmIdentifier_DSA_with_MD(&pkt, -1, ctx->dsa,
+ md_nid)
&& WPACKET_finish(&pkt)) {
WPACKET_get_total_written(&pkt, &ctx->aid_len);
ctx->aid = WPACKET_get_curr(&pkt);
*/
ctx->aid_len = 0;
if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf))
- && DER_w_algorithmIdentifier_ECDSA_with(&pkt, -1, ctx->ec, md_nid)
+ && DER_w_algorithmIdentifier_ECDSA_with_MD(&pkt, -1, ctx->ec, md_nid)
&& WPACKET_finish(&pkt)) {
WPACKET_get_total_written(&pkt, &ctx->aid_len);
ctx->aid = WPACKET_get_curr(&pkt);
*/
ctx->aid_len = 0;
if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf))
- && DER_w_algorithmIdentifier_RSA_with(&pkt, -1, ctx->rsa, md_nid)
+ && DER_w_algorithmIdentifier_MDWithRSAEncryption(&pkt, -1, ctx->rsa,
+ md_nid)
&& WPACKET_finish(&pkt)) {
WPACKET_get_total_written(&pkt, &ctx->aid_len);
ctx->aid = WPACKET_get_curr(&pkt);