Treat RSASSA-PSS keys like rsaEncryption RSA keys

In theory we should treat any parameters and the identifier itself as restriction to only use the key to create signatures accordingly (e.g. only use RSA with PSS padding or even use specific hash algorithms). But that's currently tricky as we'd have to store and pass this information along with our private keys (i.e. use PKCS#8 to store them and change the builder calls to pass along the identifier and parameters). That would require quite some work.
2017-10-27 15:09:46 +02:00 · 2017-10-27 15:09:46 +02:00 · 364395d2de
parent fb63012e0c
commit 364395d2de
3 changed files with 20 additions and 1 deletions
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@ -1090,6 +1090,10 @@ static bool parse_certificate(private_openssl_x509_t *this)
 	}
 	switch (openssl_asn1_known_oid(oid))
 	{
+		case OID_RSASSA_PSS:
+			/* TODO: we should treat such keys special and use the params as
+			 * restrictions regarding the use of this key (or rather the
+			 * associated private key) */
 		case OID_RSA_ENCRYPTION:
 			this->pubkey = lib->creds->create(lib->creds,
 					CRED_PUBLIC_KEY, KEY_RSA, BUILD_BLOB_ASN1_DER,
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
@ -57,8 +57,13 @@ static public_key_t *parse_public_key(chunk_t blob)
 				int oid = asn1_parse_algorithmIdentifier(object,
 										parser->get_level(parser)+1, NULL);

-				if (oid == OID_RSA_ENCRYPTION || oid == OID_RSAES_OAEP)
+				if (oid == OID_RSA_ENCRYPTION || oid == OID_RSAES_OAEP ||
+					oid == OID_RSASSA_PSS)
 				{
+					/* TODO: we should parse parameters for PSS and pass them
+					 * (and the type), or the complete subjectPublicKeyInfo,
+					 * along so we can treat these as restrictions when
+					 * generating signatures with the associated private key */
 					type = KEY_RSA;
 				}
 				else if (oid == OID_EC_PUBLICKEY)
--- a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
+++ b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
@ -63,6 +63,16 @@ static private_key_t *parse_private_key(chunk_t blob)

 				switch (oid)
 				{
+					case OID_RSASSA_PSS:
+						/* TODO: parameters associated with such keys should be
+						 * treated as restrictions later when signing (the type
+						 * itself is already a restriction). However, the
+						 * builders currently don't expect any parameters for
+						 * RSA keys (we also only pass along the params, not the
+						 * exact type, so we'd have to guess that params
+						 * indicate RSA/PSS, but they are optional so that won't
+						 * work for keys without specific restrictions) */
+						params = chunk_empty;
 					case OID_RSA_ENCRYPTION:
 						type = KEY_RSA;
 						break;