Treat RSASSA-PSS keys like rsaEncryption RSA keys
authorTobias Brunner <tobias@strongswan.org>
Fri, 27 Oct 2017 13:09:46 +0000 (15:09 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 8 Nov 2017 15:48:10 +0000 (16:48 +0100)
In theory we should treat any parameters and the identifier itself as
restriction to only use the key to create signatures accordingly (e.g.
only use RSA with PSS padding or even use specific hash algorithms).
But that's currently tricky as we'd have to store and pass this information
along with our private keys (i.e. use PKCS#8 to store them and change the
builder calls to pass along the identifier and parameters). That would
require quite some work.

src/libstrongswan/plugins/openssl/openssl_x509.c
src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
src/libstrongswan/plugins/pkcs8/pkcs8_builder.c

index e4932c2..60c0877 100644 (file)
@@ -1090,6 +1090,10 @@ static bool parse_certificate(private_openssl_x509_t *this)
        }
        switch (openssl_asn1_known_oid(oid))
        {
+               case OID_RSASSA_PSS:
+                       /* TODO: we should treat such keys special and use the params as
+                        * restrictions regarding the use of this key (or rather the
+                        * associated private key) */
                case OID_RSA_ENCRYPTION:
                        this->pubkey = lib->creds->create(lib->creds,
                                        CRED_PUBLIC_KEY, KEY_RSA, BUILD_BLOB_ASN1_DER,
index f642947..967e501 100644 (file)
@@ -57,8 +57,13 @@ static public_key_t *parse_public_key(chunk_t blob)
                                int oid = asn1_parse_algorithmIdentifier(object,
                                                                                parser->get_level(parser)+1, NULL);
 
-                               if (oid == OID_RSA_ENCRYPTION || oid == OID_RSAES_OAEP)
+                               if (oid == OID_RSA_ENCRYPTION || oid == OID_RSAES_OAEP ||
+                                       oid == OID_RSASSA_PSS)
                                {
+                                       /* TODO: we should parse parameters for PSS and pass them
+                                        * (and the type), or the complete subjectPublicKeyInfo,
+                                        * along so we can treat these as restrictions when
+                                        * generating signatures with the associated private key */
                                        type = KEY_RSA;
                                }
                                else if (oid == OID_EC_PUBLICKEY)
index beb8866..9c1c03d 100644 (file)
@@ -63,6 +63,16 @@ static private_key_t *parse_private_key(chunk_t blob)
 
                                switch (oid)
                                {
+                                       case OID_RSASSA_PSS:
+                                               /* TODO: parameters associated with such keys should be
+                                                * treated as restrictions later when signing (the type
+                                                * itself is already a restriction). However, the
+                                                * builders currently don't expect any parameters for
+                                                * RSA keys (we also only pass along the params, not the
+                                                * exact type, so we'd have to guess that params
+                                                * indicate RSA/PSS, but they are optional so that won't
+                                                * work for keys without specific restrictions) */
+                                               params = chunk_empty;
                                        case OID_RSA_ENCRYPTION:
                                                type = KEY_RSA;
                                                break;