botan: Share code to generate RSA EMSA PSS signature identifier strings
authorTobias Brunner <tobias@strongswan.org>
Mon, 17 Sep 2018 10:57:25 +0000 (12:57 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 17 Sep 2018 16:51:40 +0000 (18:51 +0200)
src/libstrongswan/plugins/botan/botan_rsa_private_key.c
src/libstrongswan/plugins/botan/botan_rsa_public_key.c

index 558bb70..bb723ff 100644 (file)
@@ -61,14 +61,11 @@ struct private_botan_rsa_private_key_t {
 };
 
 /**
- * Build an EMSA PSS signature described in PKCS#1
+ * Get the Botan string identifier for an EMSA PSS signature
  */
-static bool build_emsa_pss_signature(private_botan_rsa_private_key_t *this,
-                                                                        rsa_pss_params_t *params, chunk_t data,
-                                                                        chunk_t *sig)
+bool botan_emsa_pss_identifier(rsa_pss_params_t *params, char *id, size_t len)
 {
        const char *hash;
-       char hash_and_padding[BUF_LEN];
 
        if (!params)
        {
@@ -90,13 +87,25 @@ static bool build_emsa_pss_signature(private_botan_rsa_private_key_t *this,
 
        if (params->salt_len > RSA_PSS_SALT_LEN_DEFAULT)
        {
-               snprintf(hash_and_padding, sizeof(hash_and_padding),
-                                "EMSA-PSS(%s,MGF1,%u)", hash, params->salt_len);
+               return snprintf(id, len, "EMSA-PSS(%s,MGF1,%zd)", hash,
+                                               params->salt_len) < len;
        }
-       else
+       return snprintf(id, len, "EMSA-PSS(%s,MGF1)", hash) < len;
+}
+
+/**
+ * Build an EMSA PSS signature described in PKCS#1
+ */
+static bool build_emsa_pss_signature(private_botan_rsa_private_key_t *this,
+                                                                        rsa_pss_params_t *params, chunk_t data,
+                                                                        chunk_t *sig)
+{
+       char hash_and_padding[BUF_LEN];
+
+       if (!botan_emsa_pss_identifier(params, hash_and_padding,
+                                                                  sizeof(hash_and_padding)))
        {
-               snprintf(hash_and_padding, sizeof(hash_and_padding),
-                                "EMSA-PSS(%s,MGF1)", hash);
+               return FALSE;
        }
        return botan_get_signature(this->key, hash_and_padding, data, sig);
 }
index 6adb1c4..c6e2e88 100644 (file)
@@ -64,6 +64,11 @@ struct private_botan_rsa_public_key_t {
 };
 
 /**
+ * Defined in botan_rsa_private_key.c
+ */
+bool botan_emsa_pss_identifier(rsa_pss_params_t *params, char *id, size_t len);
+
+/**
  * Verify RSA signature
  */
 static bool verify_rsa_signature(private_botan_rsa_public_key_t *this,
@@ -97,37 +102,13 @@ static bool verify_emsa_pss_signature(private_botan_rsa_public_key_t *this,
                                                                          rsa_pss_params_t *params, chunk_t data,
                                                                          chunk_t signature)
 {
-       const char *hash;
        char hash_and_padding[BUF_LEN];
 
-       if (!params)
-       {
-               return FALSE;
-       }
-
-       /* botan currently does not support passing the mgf1 hash */
-       if (params->hash != params->mgf1_hash)
-       {
-               DBG1(DBG_LIB, "passing mgf1 hash not supported via botan");
-               return FALSE;
-       }
-
-       hash = botan_get_hash(params->hash);
-       if (!hash)
+       if (!botan_emsa_pss_identifier(params, hash_and_padding,
+                                                                  sizeof(hash_and_padding)))
        {
                return FALSE;
        }
-
-       if (params->salt_len > RSA_PSS_SALT_LEN_DEFAULT)
-       {
-               snprintf(hash_and_padding, sizeof(hash_and_padding),
-                                "EMSA-PSS(%s,MGF1,%u)", hash, params->salt_len);
-       }
-       else
-       {
-               snprintf(hash_and_padding, sizeof(hash_and_padding),
-                                "EMSA-PSS(%s,MGF1)", hash);
-       }
        return verify_rsa_signature(this, hash_and_padding, data, signature);
 }