{PureEd25519, "Ed25519", oidSignatureEd25519, Ed25519, crypto.Hash(0) /* no pre-hashing */},
}
+// hashToPSSParameters contains the DER encoded RSA PSS parameters for the
+// SHA256, SHA384, and SHA512 hashes as defined in RFC 3447, Appendix A.2.3.
+// The parameters contain the following values:
+// * hashAlgorithm contains the associated hash identifier with NULL parameters
+// * maskGenAlgorithm always contains the default mgf1SHA1 identifier
+// * saltLength contains the length of the associated hash
+// * trailerField always contains the default trailerFieldBC value
+var hashToPSSParameters = map[crypto.Hash]asn1.RawValue{
+ crypto.SHA256: asn1.RawValue{FullBytes: []byte{48, 52, 160, 15, 48, 13, 6, 9, 96, 134, 72, 1, 101, 3, 4, 2, 1, 5, 0, 161, 28, 48, 26, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 8, 48, 13, 6, 9, 96, 134, 72, 1, 101, 3, 4, 2, 1, 5, 0, 162, 3, 2, 1, 32}},
+ crypto.SHA384: asn1.RawValue{FullBytes: []byte{48, 52, 160, 15, 48, 13, 6, 9, 96, 134, 72, 1, 101, 3, 4, 2, 2, 5, 0, 161, 28, 48, 26, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 8, 48, 13, 6, 9, 96, 134, 72, 1, 101, 3, 4, 2, 2, 5, 0, 162, 3, 2, 1, 48}},
+ crypto.SHA512: asn1.RawValue{FullBytes: []byte{48, 52, 160, 15, 48, 13, 6, 9, 96, 134, 72, 1, 101, 3, 4, 2, 3, 5, 0, 161, 28, 48, 26, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 8, 48, 13, 6, 9, 96, 134, 72, 1, 101, 3, 4, 2, 3, 5, 0, 162, 3, 2, 1, 64}},
+}
+
// pssParameters reflects the parameters in an AlgorithmIdentifier that
// specifies RSA PSS. See RFC 3447, Appendix A.2.3.
type pssParameters struct {
TrailerField int `asn1:"optional,explicit,tag:3,default:1"`
}
-// rsaPSSParameters returns an asn1.RawValue suitable for use as the Parameters
-// in an AlgorithmIdentifier that specifies RSA PSS.
-func rsaPSSParameters(hashFunc crypto.Hash) asn1.RawValue {
- var hashOID asn1.ObjectIdentifier
-
- switch hashFunc {
- case crypto.SHA256:
- hashOID = oidSHA256
- case crypto.SHA384:
- hashOID = oidSHA384
- case crypto.SHA512:
- hashOID = oidSHA512
- }
-
- params := pssParameters{
- Hash: pkix.AlgorithmIdentifier{
- Algorithm: hashOID,
- Parameters: asn1.NullRawValue,
- },
- MGF: pkix.AlgorithmIdentifier{
- Algorithm: oidMGF1,
- },
- SaltLength: hashFunc.Size(),
- TrailerField: 1,
- }
-
- mgf1Params := pkix.AlgorithmIdentifier{
- Algorithm: hashOID,
- Parameters: asn1.NullRawValue,
- }
-
- var err error
- params.MGF.Parameters.FullBytes, err = asn1.Marshal(mgf1Params)
- if err != nil {
- panic(err)
- }
-
- serialized, err := asn1.Marshal(params)
- if err != nil {
- panic(err)
- }
-
- return asn1.RawValue{FullBytes: serialized}
-}
-
func getSignatureAlgorithmFromAI(ai pkix.AlgorithmIdentifier) SignatureAlgorithm {
if ai.Algorithm.Equal(oidSignatureEd25519) {
// RFC 8410, Section 3
return
}
if requestedSigAlgo.isRSAPSS() {
- sigAlgo.Parameters = rsaPSSParameters(hashFunc)
+ sigAlgo.Parameters = hashToPSSParameters[hashFunc]
}
found = true
break
})
}
}
+
+func TestRSAPSAParameters(t *testing.T) {
+ generateParams := func(hashFunc crypto.Hash) []byte {
+ var hashOID asn1.ObjectIdentifier
+
+ switch hashFunc {
+ case crypto.SHA256:
+ hashOID = oidSHA256
+ case crypto.SHA384:
+ hashOID = oidSHA384
+ case crypto.SHA512:
+ hashOID = oidSHA512
+ }
+
+ params := pssParameters{
+ Hash: pkix.AlgorithmIdentifier{
+ Algorithm: hashOID,
+ Parameters: asn1.NullRawValue,
+ },
+ MGF: pkix.AlgorithmIdentifier{
+ Algorithm: oidMGF1,
+ },
+ SaltLength: hashFunc.Size(),
+ TrailerField: 1,
+ }
+
+ mgf1Params := pkix.AlgorithmIdentifier{
+ Algorithm: hashOID,
+ Parameters: asn1.NullRawValue,
+ }
+
+ var err error
+ params.MGF.Parameters.FullBytes, err = asn1.Marshal(mgf1Params)
+ if err != nil {
+ t.Fatalf("failed to marshal MGF parameters: %s", err)
+ }
+
+ serialized, err := asn1.Marshal(params)
+ if err != nil {
+ t.Fatalf("failed to marshal parameters: %s", err)
+ }
+
+ return serialized
+ }
+
+ for h, params := range hashToPSSParameters {
+ generated := generateParams(h)
+ if !bytes.Equal(params.FullBytes, generated) {
+ t.Errorf("hardcoded parameters for %s didn't match generated parameters: got (generated) %x, wanted (hardcoded) %x", h, generated, params.FullBytes)
+ }
+ }
+}