diff options
author | Anders Broman <anders.broman@ericsson.com> | 2011-11-10 20:52:44 +0000 |
---|---|---|
committer | Anders Broman <anders.broman@ericsson.com> | 2011-11-10 20:52:44 +0000 |
commit | 1f9b1347d6fd0e4f3e617e56da5c155a89e1fb92 (patch) | |
tree | 36b349a15a74275f068cc3aeec950a7d4cf3238f /asn1/pkcs1 | |
parent | 252f3f34b129b67a0491a2afd04c12749ac95940 (diff) |
From Martin Kaiser:
RSASSA-PSS support for X.509 certificates.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6541
svn path=/trunk/; revision=39785
Diffstat (limited to 'asn1/pkcs1')
-rw-r--r-- | asn1/pkcs1/PKIXAlgs-2009.asn | 63 | ||||
-rw-r--r-- | asn1/pkcs1/pkcs1.cnf | 2 |
2 files changed, 63 insertions, 2 deletions
diff --git a/asn1/pkcs1/PKIXAlgs-2009.asn b/asn1/pkcs1/PKIXAlgs-2009.asn index baaaadc14e..60a9d58e70 100644 --- a/asn1/pkcs1/PKIXAlgs-2009.asn +++ b/asn1/pkcs1/PKIXAlgs-2009.asn @@ -37,7 +37,8 @@ PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6) pk-rsa | pk-dsa | pk-dh | - pk-kea, + pk-kea | + pk-rsaSSA-PSS, ..., pk-ec | pk-ecDH | @@ -60,7 +61,9 @@ PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6) sa-ecdsaWithSHA224 | sa-ecdsaWithSHA256 | sa-ecdsaWithSHA384 | - sa-ecdsaWithSHA512 + sa-ecdsaWithSHA512, + ..., + sa-rsaSSA-PSS } -- @@ -201,6 +204,62 @@ Digest ::= OCTET STRING KEA-Params-Id ::= OCTET STRING + -- RSASSA-PSS (RFC 4055) + +-- pk-rsaSSA-PSS PUBLIC-KEY ::= { +-- IDENTIFIER id-RSASSA-PSS +-- KEY RSAPublicKey +-- PARAMS TYPE RSASSA-PSS-params ARE optional +-- CERT-KEY-USAGE { nonRepudiation, digitalSignature, keyCertSign, cRLSign } +-- } + + id-mgf1 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) + pkcs-1(1) 8 } + + id-RSASSA-PSS OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) + pkcs-1(1) 10 } + + HashAlgorithm ::= AlgorithmIdentifier{DIGEST-ALGORITHM, + {HashAlgorithms}} + + HashAlgorithms DIGEST-ALGORITHM ::= { + { IDENTIFIER id-sha1 PARAMS TYPE NULL ARE preferredPresent }, + ... + } + + -- sha1Identifier AlgorithmIdentifier ::= { + -- algorithmId id-sha1, + -- parameters NULL + -- } + + MaskGenAlgorithm ::= AlgorithmIdentifier{ALGORITHM, + {PKCS1MGFAlgorithms}} + + -- mgf1SHA1 MaskGenAlgorithm ::= { + -- algorithmId id-mgf1, + -- parameters HashAlgorithm : sha1Identifier + -- } + + PKCS1MGFAlgorithms ALGORITHM ::= { + { IDENTIFIER id-mgf1 PARAMS TYPE HashAlgorithm ARE required }, + ... + } + + -- AlgorithmIdentifier parameters for id-RSASSA-PSS. + -- Note that the tags in this Sequence are explicit. + -- Note: The hash algorithm in hashAlgorithm and in + -- maskGenAlgorithm should be the same. + + RSASSA-PSS-params ::= SEQUENCE { + hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier, + maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1, + saltLength [2] INTEGER DEFAULT 20, + trailerField [3] INTEGER DEFAULT 1 + } + + -- Elliptic Curve (EC) Signatures: Unrestricted Algorithms -- (Section 2.1.1 of RFC 5480) -- diff --git a/asn1/pkcs1/pkcs1.cnf b/asn1/pkcs1/pkcs1.cnf index 91adbdfb85..3930102383 100644 --- a/asn1/pkcs1/pkcs1.cnf +++ b/asn1/pkcs1/pkcs1.cnf @@ -24,6 +24,8 @@ KEA-Params-Id B "2.16.840.1.101.2.1.1.22" "id-keyExchangeAlgorithm" ECParameters B "1.2.840.10045.2.1" "id-ecPublicKey" ECParameters B "1.3.132.1.12" "id-ecDH" ECParameters B "1.2.840.10045.2.13" "id-ecMQV" +RSASSA-PSS-params B "1.2.840.113549.1.1.10" "id-RSASSA-PSS" +HashAlgorithm B "1.2.840.113549.1.1.8" "id-mgf1" #.NO_EMIT DSAPublicKey |