-
Notifications
You must be signed in to change notification settings - Fork 114
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expose PKCS_RSA_PSS_SHA256 for CSR generation #272
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -49,6 +49,10 @@ impl fmt::Debug for SignatureAlgorithm { | |
write!(f, "PKCS_RSA_SHA512") | ||
} else if self == &PKCS_RSA_PSS_SHA256 { | ||
write!(f, "PKCS_RSA_PSS_SHA256") | ||
} else if self == &PKCS_RSA_PSS_SHA384 { | ||
write!(f, "PKCS_RSA_PSS_SHA384") | ||
} else if self == &PKCS_RSA_PSS_SHA512 { | ||
write!(f, "PKCS_RSA_PSS_SHA512") | ||
} else if self == &PKCS_ECDSA_P256_SHA256 { | ||
write!(f, "PKCS_ECDSA_P256_SHA256") | ||
} else if self == &PKCS_ECDSA_P384_SHA384 { | ||
|
@@ -88,7 +92,9 @@ impl SignatureAlgorithm { | |
&PKCS_RSA_SHA256, | ||
&PKCS_RSA_SHA384, | ||
&PKCS_RSA_SHA512, | ||
//&PKCS_RSA_PSS_SHA256, | ||
&PKCS_RSA_PSS_SHA256, | ||
&PKCS_RSA_PSS_SHA384, | ||
&PKCS_RSA_PSS_SHA512, | ||
&PKCS_ECDSA_P256_SHA256, | ||
&PKCS_ECDSA_P384_SHA384, | ||
#[cfg(feature = "aws_lc_rs")] | ||
|
@@ -145,24 +151,66 @@ pub(crate) mod algo { | |
params: SignatureAlgorithmParams::Null, | ||
}; | ||
|
||
// TODO: not really sure whether the certs we generate actually work. | ||
// Both openssl and webpki reject them. It *might* be possible that openssl | ||
// accepts the certificate if the key is a proper RSA-PSS key, but ring doesn't | ||
// support those: https://github.com/briansmith/ring/issues/1353 | ||
// | ||
/// RSA signing with PKCS#1 2.1 RSASSA-PSS padding and SHA-256 hashing as per [RFC 4055](https://tools.ietf.org/html/rfc4055) | ||
pub(crate) static PKCS_RSA_PSS_SHA256: SignatureAlgorithm = SignatureAlgorithm { | ||
/// | ||
/// Note: `*ring*` does not support this signature algorithm, and so it can not be used with the `crypto` feature | ||
/// of `rcgen` when verifying signatures using the `ring` backend. | ||
pub static PKCS_RSA_PSS_SHA256: SignatureAlgorithm = SignatureAlgorithm { | ||
// We could also use RSA_ENCRYPTION here, but it's recommended | ||
// to use ID-RSASSA-PSS if possible. | ||
oids_sign_alg: &[&RSASSA_PSS], | ||
oids_sign_alg: &[&RSASSA_PSS_SHA256], | ||
#[cfg(feature = "crypto")] | ||
sign_alg: SignAlgo::Rsa(&signature::RSA_PSS_SHA256), | ||
oid_components: RSASSA_PSS, //&[1, 2, 840, 113549, 1, 1, 13], | ||
oid_components: RSASSA_PSS_SHA256, //&[1, 2, 840, 113549, 1, 1, 11], | ||
// rSASSA-PSS-SHA256-Params in RFC 4055 | ||
params: SignatureAlgorithmParams::RsaPss { | ||
// id-sha256 in https://datatracker.ietf.org/doc/html/rfc4055#section-2.1 | ||
hash_algorithm: &[2, 16, 840, 1, 101, 3, 4, 2, 1], | ||
salt_length: 20, | ||
// It's conventional to use a salt length equal to the size of the hash algorithm's digest | ||
// (32 bytes for the 256 bit digest produced by SHA256). | ||
salt_length: 32, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think it might merit a comment here that's its conventional to use a salt length equal to the size of the hash algorithm's digest (in this case, 32 bytes for the 256 bit digest produced by SHA256). I don't think this is a requirement with any backing in specification text so it seems overly aggressive for OpenSSL to be rejecting other salt lengths, but I also don't see any reason to avoid doing what seems to be most conventional. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done |
||
}, | ||
}; | ||
|
||
/// RSA signing with PKCS#1 2.1 RSASSA-PSS padding and SHA-384 hashing as per [RFC 4055](https://tools.ietf.org/html/rfc4055) | ||
/// | ||
/// Note: `*ring*` does not support this signature algorithm, and so it can not be used with the `crypto` feature | ||
/// of `rcgen` when verifying signatures using the `ring` backend. | ||
pub static PKCS_RSA_PSS_SHA384: SignatureAlgorithm = SignatureAlgorithm { | ||
// We could also use RSA_ENCRYPTION here, but it's recommended | ||
// to use ID-RSASSA-PSS if possible. | ||
oids_sign_alg: &[&RSASSA_PSS_SHA384], | ||
#[cfg(feature = "crypto")] | ||
sign_alg: SignAlgo::Rsa(&signature::RSA_PSS_SHA384), | ||
oid_components: RSASSA_PSS_SHA384, //&[1, 2, 840, 113549, 1, 1, 12], | ||
// rSASSA-PSS-SHA384-Params in RFC 4055 | ||
params: SignatureAlgorithmParams::RsaPss { | ||
// id-sha384 in https://datatracker.ietf.org/doc/html/rfc4055#section-2.1 | ||
hash_algorithm: &[2, 16, 840, 1, 101, 3, 4, 2, 2], | ||
// It's conventional to use a salt length equal to the size of the hash algorithm's digest | ||
// (48 bytes for the 384 bit digest produced by SHA384). | ||
salt_length: 48, | ||
}, | ||
}; | ||
|
||
/// RSA signing with PKCS#1 2.1 RSASSA-PSS padding and SHA-512 hashing as per [RFC 4055](https://tools.ietf.org/html/rfc4055) | ||
/// | ||
/// Note: `*ring*` does not support this signature algorithm, and so it can not be used with the `crypto` feature | ||
/// of `rcgen` when verifying signatures using the `ring` backend. | ||
pub static PKCS_RSA_PSS_SHA512: SignatureAlgorithm = SignatureAlgorithm { | ||
// We could also use RSA_ENCRYPTION here, but it's recommended | ||
// to use ID-RSASSA-PSS if possible. | ||
oids_sign_alg: &[&RSASSA_PSS_SHA512], | ||
#[cfg(feature = "crypto")] | ||
sign_alg: SignAlgo::Rsa(&signature::RSA_PSS_SHA512), | ||
oid_components: RSASSA_PSS_SHA512, //&[1, 2, 840, 113549, 1, 1, 13], | ||
// rSASSA-PSS-SHA512-Params in RFC 4055 | ||
params: SignatureAlgorithmParams::RsaPss { | ||
// id-sha512 in https://datatracker.ietf.org/doc/html/rfc4055#section-2.1 | ||
hash_algorithm: &[2, 16, 840, 1, 101, 3, 4, 2, 3], | ||
// It's conventional to use a salt length equal to the size of the hash algorithm's digest | ||
// (64 bytes for the 512 bit digest produced by SHA512). | ||
salt_length: 64, | ||
}, | ||
}; | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we add the
_SHA384
and_SHA512
variants as well for parity withPKCS_RSA_XXX
?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done